npm - @versini/auth-common - Versions diffs - 3.2.0 → 3.3.1 - Mend

@versini/auth-common 3.2.0 → 3.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -24,6 +24,7 @@ declare const JWT: {
     EXPIRES_AT_KEY: string;
     CREATED_AT_KEY: string;
     SCOPES_KEY: string;
+    CLIENT_ID_KEY: string;
     ISSUER: string;
 };
 declare const JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7\nw5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5\ni1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle\naMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+\nl0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE\nsjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81\nawIDAQAB\n-----END PUBLIC KEY-----";
@@ -94,6 +95,43 @@ type GetToken = {
 };
 declare const getToken: ({ headers, body, clientId }: GetToken) => string;
-declare const isGranted: (token: string, scopes: string[]) => Promise<boolean>;
+type ScopesGrants = {
+    [key: string]: string[];
+} | string[];
+/**
+ * Checks if the given token grants the required scopes.
+ *
+ * This function verifies the provided token and extracts its payload.
+ * It then checks if the token contains the required scopes. The scopes can be provided
+ * either as an array of strings or as a map of string arrays. When the scopes are provided
+ * as a map, the function checks if the token contains at least one of the scopes in each
+ * of the map's values (OR operation).
+ *
+ *
+ * @async
+ * @function isGranted
+ * @param {string} token - The token to be verified and checked for scopes.
+ * @param {ScopesGrants} scopes - The required scopes. This can be an array of strings
+ *  															representing the scopes or a map where the keys are strings
+ * 																and the values are arrays of strings representing the scopes.
+ * @returns {Promise<boolean>} - A promise that resolves to a boolean indicating whether the
+ * 															token grants the required scopes.
+ *
+ * @example
+ * Example with an array of scopes (AND operation)
+ * const scopesArray = ["read", "write"];
+ * const res = isGranted(token, scopesArray);
+ * console.log(res); // true only if the token has both "read" and "write" scopes
+ *
+ * @example
+ * Example with a map of scopes (OR operation)
+ * const scopesMap = {
+ * 	"admin": ["read", "write"],
+ * 	"user": ["read"]
+ * };
+ * const res = isGranted(token, scopesMap);
+ * console.log(res); // true if the token has either "read" and "write" scopes or "read" scope
+ */
+declare const isGranted: (token: string, scopes: ScopesGrants) => Promise<boolean>;
-export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js CHANGED Viewed

@@ -1,11 +1,11 @@
 /*!
-  @versini/auth-common v3.2.0
+  @versini/auth-common v3.3.1
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "3.2.0",
-    buildTime: "07/21/2024 03:41 PM EDT",
+    version: "3.3.1",
+    buildTime: "08/01/2024 10:23 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -22,7 +22,7 @@ const je = {
   CLIENT_ID: "X-Auth-ClientId"
 }, ne = {
   ACCESS_TOKEN: "access_token"
-}, I = {
+}, P = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
@@ -32,6 +32,7 @@ const je = {
   EXPIRES_AT_KEY: "exp",
   CREATED_AT_KEY: "iat",
   SCOPES_KEY: "scopes",
+  CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
 }, ae = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
@@ -51,7 +52,7 @@ awIDAQAB
   LOGOUT: "logout"
 }, O = crypto, G = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
 function oe(...e) {
-  const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
+  const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
@@ -242,10 +243,10 @@ const X = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
       r = new Set(a);
       continue;
     }
-    for (const i of a) {
-      if (r.has(i))
+    for (const o of a) {
+      if (r.has(o))
         return !1;
-      r.add(i);
+      r.add(o);
     }
   }
   return !0;
@@ -352,23 +353,23 @@ const Se = async (e) => {
   ], a = { ...e };
   return delete a.alg, delete a.use, O.subtle.importKey("jwk", a, ...n);
 }, Q = (e) => b(e);
-let J, D;
+let D, J;
 const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const i = await Se({ ...r, alg: n });
-  return a ? a[n] = i : e.set(t, { [n]: i }), i;
+  const o = await Se({ ...r, alg: n });
+  return a ? a[n] = o : e.set(t, { [n]: o }), o;
 }, ye = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (D || (D = /* @__PURE__ */ new WeakMap()), j(D, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
   }
   return e;
 }, Ee = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
+    return r.k ? Q(r.k) : (D || (D = /* @__PURE__ */ new WeakMap()), j(D, e, r, t));
   }
   return e;
 }, we = { normalizePublicKey: ye, normalizePrivateKey: Ee }, E = (e, t, r = 0) => {
@@ -377,7 +378,7 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
   if (n === -1)
     return !1;
   const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || E(e, t, n + 1);
+  return a.length !== t.length ? !1 : a.every((o, i) => o === t[i]) || E(e, t, n + 1);
 }, k = (e) => {
   switch (!0) {
     case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
@@ -398,74 +399,74 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
       throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
 }, ge = async (e, t, r, n, a) => {
-  let i, o;
+  let o, i;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
+      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, i = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      i = {
+      o = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
-      }, o = ["encrypt", "wrapKey"];
+      }, i = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-256" }, i = ["verify"];
       break;
     case "ES384":
-      i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-384" }, i = ["verify"];
       break;
     case "ES512":
-      i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
+      o = { name: "ECDSA", namedCurve: "P-521" }, i = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
       const s = k(c);
-      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
+      o = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, i = [];
       break;
     }
     case "EdDSA":
-      i = { name: k(c) }, o = ["verify"];
+      o = { name: k(c) }, i = ["verify"];
       break;
     default:
       throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return O.subtle.importKey(t, c, i, !1, o);
+  return O.subtle.importKey(t, c, o, !1, i);
 }, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
 async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
   return Ae(e, t);
 }
-const P = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
+const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
   if (!(t instanceof Uint8Array)) {
     if (!X(t))
       throw new TypeError(z(e, t, ...R, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${P(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${I(t)} instances for symmetric algorithms must be of type "secret"`);
   }
 }, Te = (e, t, r) => {
   if (!X(t))
     throw new TypeError(z(e, t, ...R));
   if (t.type === "secret")
-    throw new TypeError(`${P(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${P(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${P(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 }, _e = (e, t, r) => {
   e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : Te(e, t, r);
 };
@@ -474,27 +475,27 @@ function ve(e, t, r, n, a) {
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((i) => typeof i != "string" || i.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let i;
-  r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
-  for (const o of n.crit) {
-    if (!i.has(o))
-      throw new w(`Extension Header Parameter "${o}" is not recognized`);
-    if (a[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" is missing`);
-    if (i.get(o) && n[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
+  let o;
+  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
+  for (const i of n.crit) {
+    if (!o.has(i))
+      throw new w(`Extension Header Parameter "${i}" is not recognized`);
+    if (a[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" is missing`);
+    if (o.get(i) && n[i] === void 0)
+      throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
-const Pe = (e, t) => {
+const Ie = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Ie(e, t) {
+function Pe(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -532,9 +533,9 @@ async function Re(e, t, r) {
 const Ke = async (e, t, r, n) => {
   const a = await Re(e, t, "verify");
   pe(e, a);
-  const i = Ie(e, a.algorithm);
+  const o = Pe(e, a.algorithm);
   try {
-    return await O.subtle.verify(i, a, r, n);
+    return await O.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
@@ -565,17 +566,17 @@ async function Oe(e, t, r) {
   const a = {
     ...n,
     ...e.header
-  }, i = ve(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
-  let o = !0;
-  if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
+  }, o = ve(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  let i = !0;
+  if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = a;
   if (typeof c != "string" || !c)
     throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = r && Pe("algorithms", r.algorithms);
+  const s = r && Ie("algorithms", r.algorithms);
   if (s && !s.has(c))
     throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
-  if (o) {
+  if (i) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
@@ -592,7 +593,7 @@ async function Oe(e, t, r) {
   if (!await Ke(c, t, f, g))
     throw new se();
   let y;
-  if (o)
+  if (i)
     try {
       y = b(e.payload);
     } catch {
@@ -605,13 +606,13 @@ async function Oe(e, t, r) {
 async function xe(e, t, r) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new u("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: a, 2: i, length: o } = e.split(".");
-  if (o !== 3)
+  const { 0: n, 1: a, 2: o, length: i } = e.split(".");
+  if (i !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await Oe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await Oe({ payload: a, protected: n, signature: o }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, Je = N * 7, De = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
+const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te * 24, De = N * 7, Je = N * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
   const t = He.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
@@ -647,10 +648,10 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * Je);
+      a = Math.round(r * De);
       break;
     default:
-      a = Math.round(r * De);
+      a = Math.round(r * Je);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
@@ -665,12 +666,12 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
   const { typ: a } = r;
   if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
-  const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
-  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
+  const { requiredClaims: o = [], issuer: i, subject: c, audience: s, maxTokenAge: p } = r, g = [...o];
+  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), i !== void 0 && g.push("iss");
   for (const l of new Set(g.reverse()))
     if (!(l in n))
       throw new h(`missing required "${l}" claim`, n, l, "missing");
-  if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
+  if (i && !(Array.isArray(i) ? i : [i]).includes(n.iss))
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
@@ -715,12 +716,12 @@ const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, N = te *
   return n;
 };
 async function $e(e, t, r) {
-  var o;
+  var i;
   const n = await xe(e, t, r);
-  if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
+  if ((i = n.protectedHeader.crit) != null && i.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
-  const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...i, key: n.key } : i;
+  const o = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...o, key: n.key } : o;
 }
 const Le = b;
 function ke(e) {
@@ -751,9 +752,9 @@ function ke(e) {
 }
 const Me = async (e) => {
   try {
-    const t = I.ALG, n = await be(ae, t);
+    const t = P.ALG, n = await be(ae, t);
     return await $e(e, n, {
-      issuer: I.ISSUER
+      issuer: P.ISSUER
     });
   } catch {
     return;
@@ -771,32 +772,32 @@ for (var H = 0; H < 256; ++H)
 function Be(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var v, Fe = new Uint8Array(16);
-function Ve() {
+var v, Ye = new Uint8Array(16);
+function Fe() {
   if (!v && (v = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !v))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return v(Fe);
+  return v(Ye);
 }
-var Ye = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const F = {
-  randomUUID: Ye
+var Ve = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const Y = {
+  randomUUID: Ve
 };
-function V(e, t, r) {
-  if (F.randomUUID && !t && !e)
-    return F.randomUUID();
+function F(e, t, r) {
+  if (Y.randomUUID && !t && !e)
+    return Y.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Ve)();
+  var n = e.random || (e.rng || Fe)();
   return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Be(n);
 }
-const Y = globalThis.crypto, Ge = (e) => `${V()}${V()}`.slice(0, e), qe = (e) => btoa(
+const V = globalThis.crypto, Ge = (e) => `${F()}${F()}`.slice(0, e), qe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
 async function re(e) {
-  if (!Y.subtle)
+  if (!V.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
+  const t = new TextEncoder().encode(e), r = await V.subtle.digest("SHA-256", t);
   return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 async function at(e) {
@@ -833,20 +834,21 @@ const ze = /^Bearer (.+)$/i, Xe = (e) => {
   const n = Xe(e), a = Qe(e, r);
   return Ze(t) || a || n || "";
 }, ct = async (e, t) => {
-  var n, a;
+  var a;
   const r = await Me(e);
-  if ((a = r && ((n = r == null ? void 0 : r.payload) == null ? void 0 : n[I.SCOPES_KEY])) != null && a.length) {
-    const i = r.payload[I.SCOPES_KEY];
-    return t.every((o) => i.includes(o));
-  }
-  return !1;
+  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[P.SCOPES_KEY]))
+    return !1;
+  const n = r.payload[P.SCOPES_KEY];
+  return Array.isArray(t) ? t.every((o) => n.includes(o)) : Object.keys(t).some(
+    (o) => t[o].every((i) => n.includes(i))
+  );
 };
 export {
   rt as API_TYPE,
   je as AUTH_TYPES,
   ne as BODY,
   et as HEADERS,
-  I as JWT,
+  P as JWT,
   ae as JWT_PUBLIC_KEY,
   tt as TOKEN_EXPIRATION,
   nt as decodeToken,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "3.2.0",
+	"version": "3.3.1",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "57d681a2201591a0623cbbef9dc2edc65f2e3cdc"
+	"gitHead": "01228321ca4f7b62244a5dc9b2b001053fd0bba2"
 }