@versini/auth-common 3.2.0 → 3.3.1

package/dist/index.d.ts

@@ -24,6 +24,7 @@ declare const JWT: {
     EXPIRES_AT_KEY: string;
     CREATED_AT_KEY: string;
     SCOPES_KEY: string;
+    CLIENT_ID_KEY: string;
     ISSUER: string;
 };
 declare const JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7\nw5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5\ni1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle\naMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+\nl0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE\nsjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81\nawIDAQAB\n-----END PUBLIC KEY-----";
@@ -94,6 +95,43 @@ type GetToken = {
 };
 declare const getToken: ({ headers, body, clientId }: GetToken) => string;
 
-declare const isGranted: (token: string, scopes: string[]) => Promise<boolean>;
+type ScopesGrants = {
+    [key: string]: string[];
+} | string[];
+/**
+ * Checks if the given token grants the required scopes.
+ *
+ * This function verifies the provided token and extracts its payload.
+ * It then checks if the token contains the required scopes. The scopes can be provided
+ * either as an array of strings or as a map of string arrays. When the scopes are provided
+ * as a map, the function checks if the token contains at least one of the scopes in each
+ * of the map's values (OR operation).
+ *
+ *
+ * @async
+ * @function isGranted
+ * @param {string} token - The token to be verified and checked for scopes.
+ * @param {ScopesGrants} scopes - The required scopes. This can be an array of strings
+ *  															representing the scopes or a map where the keys are strings
+ * 																and the values are arrays of strings representing the scopes.
+ * @returns {Promise<boolean>} - A promise that resolves to a boolean indicating whether the
+ * 															token grants the required scopes.
+ *
+ * @example
+ * Example with an array of scopes (AND operation)
+ * const scopesArray = ["read", "write"];
+ * const res = isGranted(token, scopesArray);
+ * console.log(res); // true only if the token has both "read" and "write" scopes
+ *
+ * @example
+ * Example with a map of scopes (OR operation)
+ * const scopesMap = {
+ * 	"admin": ["read", "write"],
+ * 	"user": ["read"]
+ * };
+ * const res = isGranted(token, scopesMap);
+ * console.log(res); // true if the token has either "read" and "write" scopes or "read" scope
+ */
+declare const isGranted: (token: string, scopes: ScopesGrants) => Promise<boolean>;
 
-export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js

@@ -1,11 +1,11 @@
 /*!
-  @versini/auth-common v3.2.0
+  @versini/auth-common v3.3.1
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "3.2.0",
-    buildTime: "07/21/2024 03:41 PM EDT",
+    version: "3.3.1",
+    buildTime: "08/01/2024 10:23 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -22,7 +22,7 @@ const je = {
   CLIENT_ID: "X-Auth-ClientId"
 }, ne = {
   ACCESS_TOKEN: "access_token"
-}, I = {
+}, P = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
@@ -32,6 +32,7 @@ const je = {
   EXPIRES_AT_KEY: "exp",
   CREATED_AT_KEY: "iat",
   SCOPES_KEY: "scopes",
+  CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
 }, ae = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
@@ -51,7 +52,7 @@ awIDAQAB
   LOGOUT: "logout"
 }, O = crypto, G = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
 function oe(...e) {
-  const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
+  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
@@ -242,10 +243,10 @@ const X = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
       r = new Set(a);
       continue;
     }
-    for (const i of a) {
-      if (r.has(i))
+    for (const o of a) {
+      if (r.has(o))
         return !1;
-      r.add(i);
+      r.add(o);
     }
   }
   return !0;
@@ -352,23 +353,23 @@ const Se = async (e) => {
   ], a = { ...e };
   return delete a.alg, delete a.use, O.subtle.importKey("jwk", a, ...n);
 }, Q = (e) => b(e);
-let J, D;
+let D, J;
 const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const i = await Se({ ...r, alg: n });
-  return a ? a[n] = i : e.set(t, { [n]: i }), i;
+  const o = await Se({ ...r, alg: n });
+  return a ? a[n] = o : e.set(t, { [n]: o }), o;
 }, ye = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (D || (D = /* @__PURE__ */ new WeakMap()), j(D, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
   }
   return e;
 }, Ee = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
+    return r.k ? Q(r.k) : (D || (D = /* @__PURE__ */ new WeakMap()), j(D, e, r, t));
   }
   return e;
 }, we = { normalizePublicKey: ye, normalizePrivateKey: Ee }, E = (e, t, r = 0) => {
@@ -377,7 +378,7 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
   if (n === -1)
     return !1;
   const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || E(e, t, n + 1);
+  return a.length !== t.length ? !1 : a.every((o, i) => o === t[i]) || E(e, t, n + 1);
 }, k = (e) => {
   switch (!0) {
     case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
@@ -398,74 +399,74 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
       throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
 }, ge = async (e, t, r, n, a) => {
-  let i, o;
+  let o, i;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      i = {
+      o = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
-      }, o = ["encrypt", "wrapKey"];
+      }, i = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-256" }, i = ["verify"];
       break;
     case "ES384":
-      i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-384" }, i = ["verify"];
       break;
     case "ES512":
-      i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-521" }, i = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
       const s = k(c);
-      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
+      o = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, i = [];
       break;
     }
     case "EdDSA":
-      i = { name: k(c) }, o = ["verify"];
+      o = { name: k(c) }, i = ["verify"];
       break;
     default:
       throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return O.subtle.importKey(t, c, i, !1, o);
+  return O.subtle.importKey(t, c, o, !1, i);
 }, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
 async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
   return Ae(e, t);
 }
-const P = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
+const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
   if (!(t instanceof Uint8Array)) {
     if (!X(t))
       throw new TypeError(z(e, t, ...R, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${P(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${I(t)} instances for symmetric algorithms must be of type "secret"`);
   }
 }, Te = (e, t, r) => {
   if (!X(t))
     throw new TypeError(z(e, t, ...R));
   if (t.type === "secret")
-    throw new TypeError(`${P(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${P(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${P(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 }, _e = (e, t, r) => {
   e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : Te(e, t, r);
 };
@@ -474,27 +475,27 @@ function ve(e, t, r, n, a) {
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((i) => typeof i != "string" || i.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let i;
-  r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
-  for (const o of n.crit) {
-    if (!i.has(o))
-      throw new w(`Extension Header Parameter "${o}" is not recognized`);
-    if (a[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" is missing`);
-    if (i.get(o) && n[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
+  let o;
+  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
+  for (const i of n.crit) {
+    if (!o.has(i))
+      throw new w(`Extension Header Parameter "${i}" is not recognized`);
+    if (a[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" is missing`);
+    if (o.get(i) && n[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
-const Pe = (e, t) => {
+const Ie = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Ie(e, t) {
+function Pe(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -532,9 +533,9 @@ async function Re(e, t, r) {
 const Ke = async (e, t, r, n) => {
   const a = await Re(e, t, "verify");
   pe(e, a);
-  const i = Ie(e, a.algorithm);
+  const o = Pe(e, a.algorithm);
   try {
-    return await O.subtle.verify(i, a, r, n);
+    return await O.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
@@ -565,17 +566,17 @@ async function Oe(e, t, r) {
   const a = {
     ...n,
     ...e.header
-  }, i = ve(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
-  let o = !0;
-  if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
+  }, o = ve(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  let i = !0;
+  if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = a;
   if (typeof c != "string" || !c)
     throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = r && Pe("algorithms", r.algorithms);
+  const s = r && Ie("algorithms", r.algorithms);
   if (s && !s.has(c))
     throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
-  if (o) {
+  if (i) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
@@ -592,7 +593,7 @@ async function Oe(e, t, r) {
   if (!await Ke(c, t, f, g))
     throw new se();
   let y;
-  if (o)
+  if (i)
     try {
       y = b(e.payload);
     } catch {
@@ -605,13 +606,13 @@ async function Oe(e, t, r) {
 async function xe(e, t, r) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new u("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: a, 2: i, length: o } = e.split(".");
-  if (o !== 3)
+  const { 0: n, 1: a, 2: o, length: i } = e.split(".");
+  if (i !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await Oe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await Oe({ payload: a, protected: n, signature: o }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, Je = N * 7, De = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
+const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, De = N * 7, Je = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
   const t = He.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
@@ -647,10 +648,10 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * Je);
+      a = Math.round(r * De);
       break;
     default:
-      a = Math.round(r * De);
+      a = Math.round(r * Je);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
@@ -665,12 +666,12 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
   const { typ: a } = r;
   if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
-  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
+  const { requiredClaims: o = [], issuer: i, subject: c, audience: s, maxTokenAge: p } = r, g = [...o];
+  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), i !== void 0 && g.push("iss");
   for (const l of new Set(g.reverse()))
     if (!(l in n))
       throw new h(`missing required "${l}" claim`, n, l, "missing");
-  if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
+  if (i && !(Array.isArray(i) ? i : [i]).includes(n.iss))
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
@@ -715,12 +716,12 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
   return n;
 };
 async function $e(e, t, r) {
-  var o;
+  var i;
   const n = await xe(e, t, r);
-  if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
+  if ((i = n.protectedHeader.crit) != null && i.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
-  const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...i, key: n.key } : i;
+  const o = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...o, key: n.key } : o;
 }
 const Le = b;
 function ke(e) {
@@ -751,9 +752,9 @@ function ke(e) {
 }
 const Me = async (e) => {
   try {
-    const t = I.ALG, n = await be(ae, t);
+    const t = P.ALG, n = await be(ae, t);
     return await $e(e, n, {
-      issuer: I.ISSUER
+      issuer: P.ISSUER
     });
   } catch {
     return;
@@ -771,32 +772,32 @@ for (var H = 0; H < 256; ++H)
 function Be(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var v, Fe = new Uint8Array(16);
-function Ve() {
+var v, Ye = new Uint8Array(16);
+function Fe() {
   if (!v && (v = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !v))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return v(Fe);
+  return v(Ye);
 }
-var Ye = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const F = {
-  randomUUID: Ye
+var Ve = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const Y = {
+  randomUUID: Ve
 };
-function V(e, t, r) {
-  if (F.randomUUID && !t && !e)
-    return F.randomUUID();
+function F(e, t, r) {
+  if (Y.randomUUID && !t && !e)
+    return Y.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Ve)();
+  var n = e.random || (e.rng || Fe)();
   return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Be(n);
 }
-const Y = globalThis.crypto, Ge = (e) => `${V()}${V()}`.slice(0, e), qe = (e) => btoa(
+const V = globalThis.crypto, Ge = (e) => `${F()}${F()}`.slice(0, e), qe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
 async function re(e) {
-  if (!Y.subtle)
+  if (!V.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
+  const t = new TextEncoder().encode(e), r = await V.subtle.digest("SHA-256", t);
   return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 async function at(e) {
@@ -833,20 +834,21 @@ const ze = /^Bearer (.+)$/i, Xe = (e) => {
   const n = Xe(e), a = Qe(e, r);
   return Ze(t) || a || n || "";
 }, ct = async (e, t) => {
-  var n, a;
+  var a;
   const r = await Me(e);
-  if ((a = r && ((n = r == null ? void 0 : r.payload) == null ? void 0 : n[I.SCOPES_KEY])) != null && a.length) {
-    const i = r.payload[I.SCOPES_KEY];
-    return t.every((o) => i.includes(o));
-  }
-  return !1;
+  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[P.SCOPES_KEY]))
+    return !1;
+  const n = r.payload[P.SCOPES_KEY];
+  return Array.isArray(t) ? t.every((o) => n.includes(o)) : Object.keys(t).some(
+    (o) => t[o].every((i) => n.includes(i))
+  );
 };
 export {
   rt as API_TYPE,
   je as AUTH_TYPES,
   ne as BODY,
   et as HEADERS,
-  I as JWT,
+  P as JWT,
   ae as JWT_PUBLIC_KEY,
   tt as TOKEN_EXPIRATION,
   nt as decodeToken,

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "3.2.0",
+	"version": "3.3.1",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "57d681a2201591a0623cbbef9dc2edc65f2e3cdc"
+	"gitHead": "01228321ca4f7b62244a5dc9b2b001053fd0bba2"
 }