npm - @versini/auth-common - Versions diffs - 3.1.0 → 3.3.0 - Mend

@versini/auth-common 3.1.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -94,4 +94,43 @@ type GetToken = {
 };
 declare const getToken: ({ headers, body, clientId }: GetToken) => string;
-export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+type ScopesGrants = {
+    [key: string]: string[];
+} | string[];
+/**
+ * Checks if the given token grants the required scopes.
+ *
+ * This function verifies the provided token and extracts its payload.
+ * It then checks if the token contains the required scopes. The scopes can be provided
+ * either as an array of strings or as a map of string arrays. When the scopes are provided
+ * as a map, the function checks if the token contains at least one of the scopes in each
+ * of the map's values (OR operation).
+ *
+ *
+ * @async
+ * @function isGranted
+ * @param {string} token - The token to be verified and checked for scopes.
+ * @param {ScopesGrants} scopes - The required scopes. This can be an array of strings
+ *  															representing the scopes or a map where the keys are strings
+ * 																and the values are arrays of strings representing the scopes.
+ * @returns {Promise<boolean>} - A promise that resolves to a boolean indicating whether the
+ * 															token grants the required scopes.
+ *
+ * @example
+ * Example with an array of scopes (AND operation)
+ * const scopesArray = ["read", "write"];
+ * const res = isGranted(token, scopesArray);
+ * console.log(res); // true only if the token has both "read" and "write" scopes
+ *
+ * @example
+ * Example with a map of scopes (OR operation)
+ * const scopesMap = {
+ * 	"admin": ["read", "write"],
+ * 	"user": ["read"]
+ * };
+ * const res = isGranted(token, scopesMap);
+ * console.log(res); // true if the token has either "read" and "write" scopes or "read" scope
+ */
+declare const isGranted: (token: string, scopes: ScopesGrants) => Promise<boolean>;
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js CHANGED Viewed

@@ -1,28 +1,28 @@
 /*!
-  @versini/auth-common v3.1.0
+  @versini/auth-common v3.3.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "3.1.0",
-    buildTime: "07/21/2024 02:46 PM EDT",
+    version: "3.3.0",
+    buildTime: "07/21/2024 07:33 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const Ze = {
+const je = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
   PASSKEY: "passkey"
-}, je = {
+}, et = {
   CLIENT_ID: "X-Auth-ClientId"
 }, ne = {
   ACCESS_TOKEN: "access_token"
-}, U = {
+}, I = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
@@ -41,17 +41,17 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, et = {
+-----END PUBLIC KEY-----`, tt = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, tt = {
+}, rt = {
   AUTHENTICATE: "authenticate",
   CODE: "code",
   LOGOUT: "logout"
-}, K = crypto, q = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
+}, O = crypto, G = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
 function oe(...e) {
-  const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
+  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
@@ -142,7 +142,7 @@ function m(e, t = "algorithm.name") {
 function v(e, t) {
   return e.name === t;
 }
-function x(e) {
+function W(e) {
   return parseInt(e.name.slice(4), 10);
 }
 function de(e) {
@@ -175,7 +175,7 @@ function le(e, t, ...r) {
       if (!v(e.algorithm, "HMAC"))
         throw m("HMAC");
       const n = parseInt(t.slice(2), 10);
-      if (x(e.algorithm.hash) !== n)
+      if (W(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -185,7 +185,7 @@ function le(e, t, ...r) {
       if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw m("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
-      if (x(e.algorithm.hash) !== n)
+      if (W(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -195,7 +195,7 @@ function le(e, t, ...r) {
       if (!v(e.algorithm, "RSA-PSS"))
         throw m("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
-      if (x(e.algorithm.hash) !== n)
+      if (W(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -219,7 +219,7 @@ function le(e, t, ...r) {
   }
   ue(e, r);
 }
-function z(e, t, ...r) {
+function q(e, t, ...r) {
   var n;
   if (r.length > 2) {
     const a = r.pop();
@@ -227,11 +227,11 @@ function z(e, t, ...r) {
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const L = (e, ...t) => z("Key must be ", e, ...t);
-function G(e, t, ...r) {
-  return z(`Key for the ${e} algorithm must be `, t, ...r);
+const L = (e, ...t) => q("Key must be ", e, ...t);
+function z(e, t, ...r) {
+  return q(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const X = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], fe = (...e) => {
+const X = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], fe = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -242,10 +242,10 @@ const X = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
       r = new Set(a);
       continue;
     }
-    for (const i of a) {
-      if (r.has(i))
+    for (const o of a) {
+      if (r.has(o))
         return !1;
-      r.add(i);
+      r.add(o);
     }
   }
   return !0;
@@ -253,7 +253,7 @@ const X = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
 function he(e) {
   return typeof e == "object" && e !== null;
 }
-function P(e) {
+function K(e) {
   if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
@@ -350,25 +350,25 @@ const Se = async (e) => {
     e.ext ?? !1,
     e.key_ops ?? r
   ], a = { ...e };
-  return delete a.alg, delete a.use, K.subtle.importKey("jwk", a, ...n);
+  return delete a.alg, delete a.use, O.subtle.importKey("jwk", a, ...n);
 }, Q = (e) => b(e);
-let W, J;
+let J, D;
 const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const i = await Se({ ...r, alg: n });
-  return a ? a[n] = i : e.set(t, { [n]: i }), i;
+  const o = await Se({ ...r, alg: n });
+  return a ? a[n] = o : e.set(t, { [n]: o }), o;
 }, ye = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (D || (D = /* @__PURE__ */ new WeakMap()), j(D, e, r, t));
   }
   return e;
 }, Ee = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Q(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), j(W, e, r, t));
+    return r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
   }
   return e;
 }, we = { normalizePublicKey: ye, normalizePrivateKey: Ee }, E = (e, t, r = 0) => {
@@ -377,8 +377,8 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
   if (n === -1)
     return !1;
   const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || E(e, t, n + 1);
-}, M = (e) => {
+  return a.length !== t.length ? !1 : a.every((o, i) => o === t[i]) || E(e, t, n + 1);
+}, k = (e) => {
   switch (!0) {
     case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -398,74 +398,74 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
       throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
 }, ge = async (e, t, r, n, a) => {
-  let i, o;
+  let o, i;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      i = {
+      o = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
-      }, o = ["encrypt", "wrapKey"];
+      }, i = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-256" }, i = ["verify"];
       break;
     case "ES384":
-      i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-384" }, i = ["verify"];
       break;
     case "ES512":
-      i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-521" }, i = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const s = M(c);
-      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
+      const s = k(c);
+      o = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, i = [];
       break;
     }
     case "EdDSA":
-      i = { name: M(c) }, o = ["verify"];
+      o = { name: k(c) }, i = ["verify"];
       break;
     default:
       throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return K.subtle.importKey(t, c, i, !1, o);
+  return O.subtle.importKey(t, c, o, !1, i);
 }, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
 async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
   return Ae(e, t);
 }
-const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
+const P = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
   if (!(t instanceof Uint8Array)) {
     if (!X(t))
-      throw new TypeError(G(e, t, ...R, "Uint8Array"));
+      throw new TypeError(z(e, t, ...R, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${I(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${P(t)} instances for symmetric algorithms must be of type "secret"`);
   }
 }, Te = (e, t, r) => {
   if (!X(t))
-    throw new TypeError(G(e, t, ...R));
+    throw new TypeError(z(e, t, ...R));
   if (t.type === "secret")
-    throw new TypeError(`${I(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${P(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${I(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${P(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${I(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+    throw new TypeError(`${P(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 }, ve = (e, t, r) => {
   e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : Te(e, t, r);
 };
@@ -474,27 +474,27 @@ function _e(e, t, r, n, a) {
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((i) => typeof i != "string" || i.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let i;
-  r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
-  for (const o of n.crit) {
-    if (!i.has(o))
-      throw new w(`Extension Header Parameter "${o}" is not recognized`);
-    if (a[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" is missing`);
-    if (i.get(o) && n[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
+  let o;
+  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
+  for (const i of n.crit) {
+    if (!o.has(i))
+      throw new w(`Extension Header Parameter "${i}" is not recognized`);
+    if (a[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" is missing`);
+    if (o.get(i) && n[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
-const Ie = (e, t) => {
+const Pe = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Re(e, t) {
+function Ie(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -519,28 +519,28 @@ function Re(e, t) {
       throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function Pe(e, t, r) {
-  if (t = await we.normalizePublicKey(t, e), q(t))
+async function Re(e, t, r) {
+  if (t = await we.normalizePublicKey(t, e), G(t))
     return le(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
       throw new TypeError(L(t, ...R));
-    return K.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
+    return O.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
   throw new TypeError(L(t, ...R, "Uint8Array"));
 }
 const Ke = async (e, t, r, n) => {
-  const a = await Pe(e, t, "verify");
+  const a = await Re(e, t, "verify");
   pe(e, a);
-  const i = Re(e, a.algorithm);
+  const o = Ie(e, a.algorithm);
   try {
-    return await K.subtle.verify(i, a, r, n);
+    return await O.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
 };
 async function Oe(e, t, r) {
-  if (!P(e))
+  if (!K(e))
     throw new u("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new u('Flattened JWS must have either of the "protected" or "header" members');
@@ -550,13 +550,13 @@ async function Oe(e, t, r) {
     throw new u("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new u("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !P(e.header))
+  if (e.header !== void 0 && !K(e.header))
     throw new u("JWS Unprotected Header incorrect type");
   let n = {};
   if (e.protected)
     try {
-      const O = b(e.protected);
-      n = JSON.parse(C.decode(O));
+      const x = b(e.protected);
+      n = JSON.parse(C.decode(x));
     } catch {
       throw new u("JWS Protected Header is invalid");
     }
@@ -565,17 +565,17 @@ async function Oe(e, t, r) {
   const a = {
     ...n,
     ...e.header
-  }, i = _e(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
-  let o = !0;
-  if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
+  }, o = _e(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  let i = !0;
+  if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = a;
   if (typeof c != "string" || !c)
     throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = r && Ie("algorithms", r.algorithms);
+  const s = r && Pe("algorithms", r.algorithms);
   if (s && !s.has(c))
     throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
-  if (o) {
+  if (i) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
@@ -592,7 +592,7 @@ async function Oe(e, t, r) {
   if (!await Ke(c, t, f, g))
     throw new se();
   let y;
-  if (o)
+  if (i)
     try {
       y = b(e.payload);
     } catch {
@@ -605,13 +605,13 @@ async function Oe(e, t, r) {
 async function xe(e, t, r) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new u("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: a, 2: i, length: o } = e.split(".");
-  if (o !== 3)
+  const { 0: n, 1: a, 2: o, length: i } = e.split(".");
+  if (i !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await Oe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await Oe({ payload: a, protected: n, signature: o }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te * 24, Je = H * 7, De = H * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, k = (e) => {
+const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, Je = N * 7, De = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
   const t = He.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
@@ -642,7 +642,7 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
     case "day":
     case "days":
     case "d":
-      a = Math.round(r * H);
+      a = Math.round(r * N);
       break;
     case "week":
     case "weeks":
@@ -660,17 +660,17 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
     n = JSON.parse(C.decode(t));
   } catch {
   }
-  if (!P(n))
+  if (!K(n))
     throw new S("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
   if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
-  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
+  const { requiredClaims: o = [], issuer: i, subject: c, audience: s, maxTokenAge: p } = r, g = [...o];
+  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), i !== void 0 && g.push("iss");
   for (const l of new Set(g.reverse()))
     if (!(l in n))
       throw new h(`missing required "${l}" claim`, n, l, "missing");
-  if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
+  if (i && !(Array.isArray(i) ? i : [i]).includes(n.iss))
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
@@ -679,7 +679,7 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
   let f;
   switch (typeof r.clockTolerance) {
     case "string":
-      f = k(r.clockTolerance);
+      f = M(r.clockTolerance);
       break;
     case "number":
       f = r.clockTolerance;
@@ -690,7 +690,7 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: N } = r, y = We(N || /* @__PURE__ */ new Date());
+  const { currentDate: U } = r, y = We(U || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || p) && typeof n.iat != "number")
     throw new h('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -706,8 +706,8 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
       throw new $('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (p) {
-    const l = y - n.iat, O = typeof p == "number" ? p : k(p);
-    if (l - f > O)
+    const l = y - n.iat, x = typeof p == "number" ? p : M(p);
+    if (l - f > x)
       throw new $('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
     if (l < 0 - f)
       throw new h('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
@@ -715,15 +715,15 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
   return n;
 };
 async function $e(e, t, r) {
-  var o;
+  var i;
   const n = await xe(e, t, r);
-  if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
+  if ((i = n.protectedHeader.crit) != null && i.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
-  const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...i, key: n.key } : i;
+  const o = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...o, key: n.key } : o;
 }
 const Le = b;
-function Me(e) {
+function ke(e) {
   if (typeof e != "string")
     throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -745,50 +745,50 @@ function Me(e) {
   } catch {
     throw new S("Failed to parse the decoded payload as JSON");
   }
-  if (!P(a))
+  if (!K(a))
     throw new S("Invalid JWT Claims Set");
   return a;
 }
-const rt = async (e) => {
+const Me = async (e) => {
   try {
-    const t = U.ALG, n = await be(ae, t);
+    const t = I.ALG, n = await be(ae, t);
     return await $e(e, n, {
-      issuer: U.ISSUER
+      issuer: I.ISSUER
     });
   } catch {
     return;
   }
 }, nt = (e) => {
   try {
-    return Me(e);
+    return ke(e);
   } catch {
     return;
   }
 };
 var d = [];
-for (var D = 0; D < 256; ++D)
-  d.push((D + 256).toString(16).slice(1));
-function ke(e, t = 0) {
+for (var H = 0; H < 256; ++H)
+  d.push((H + 256).toString(16).slice(1));
+function Be(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var _, Be = new Uint8Array(16);
-function Fe() {
+var _, Fe = new Uint8Array(16);
+function Ve() {
   if (!_ && (_ = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !_))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return _(Be);
+  return _(Fe);
 }
-var Ve = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+var Ye = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
 const F = {
-  randomUUID: Ve
+  randomUUID: Ye
 };
 function V(e, t, r) {
   if (F.randomUUID && !t && !e)
     return F.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Fe)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, ke(n);
+  var n = e.random || (e.rng || Ve)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Be(n);
 }
-const Y = globalThis.crypto, Ye = (e) => `${V()}${V()}`.slice(0, e), qe = (e) => btoa(
+const Y = globalThis.crypto, Ge = (e) => `${V()}${V()}`.slice(0, e), qe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
 async function re(e) {
@@ -803,7 +803,7 @@ async function at(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = Ye(t), n = await re(r);
+  const r = Ge(t), n = await re(r);
   return {
     code_verifier: r,
     code_challenge: n
@@ -812,39 +812,49 @@ async function at(e) {
 async function ot(e, t) {
   return t === await re(e);
 }
-const ze = /^Bearer (.+)$/i, Ge = (e) => {
+const ze = /^Bearer (.+)$/i, Xe = (e) => {
   if (typeof (e == null ? void 0 : e.authorization) != "string")
     return;
   const t = e.authorization.match(ze);
   if (t)
     return t[1];
-}, Xe = (e, t) => {
+}, Qe = (e, t) => {
   const r = e == null ? void 0 : e.cookie;
   if (typeof r != "string")
     return;
   const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
   if (a)
     return a[1];
-}, Qe = (e) => {
+}, Ze = (e) => {
   const t = e == null ? void 0 : e[ne.ACCESS_TOKEN];
   if (typeof t == "string")
     return t;
 }, it = ({ headers: e, body: t, clientId: r }) => {
-  const n = Ge(e), a = Xe(e, r);
-  return Qe(t) || a || n || "";
+  const n = Xe(e), a = Qe(e, r);
+  return Ze(t) || a || n || "";
+}, ct = async (e, t) => {
+  var a;
+  const r = await Me(e);
+  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[I.SCOPES_KEY]))
+    return !1;
+  const n = r.payload[I.SCOPES_KEY];
+  return Array.isArray(t) ? t.every((o) => n.includes(o)) : Object.keys(t).some(
+    (o) => t[o].every((i) => n.includes(i))
+  );
 };
 export {
-  tt as API_TYPE,
-  Ze as AUTH_TYPES,
+  rt as API_TYPE,
+  je as AUTH_TYPES,
   ne as BODY,
-  je as HEADERS,
-  U as JWT,
+  et as HEADERS,
+  I as JWT,
   ae as JWT_PUBLIC_KEY,
-  et as TOKEN_EXPIRATION,
+  tt as TOKEN_EXPIRATION,
   nt as decodeToken,
   re as generateCodeChallenge,
   it as getToken,
+  ct as isGranted,
   at as pkceChallengePair,
-  rt as verifyAndExtractToken,
+  Me as verifyAndExtractToken,
   ot as verifyChallenge
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "3.1.0",
+	"version": "3.3.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "cb10c89f218f72ec549147c737cad75ad1e7e6bb"
+	"gitHead": "8df31ef170a75c2983d7ac821fe0371641139815"
 }