@versini/auth-common 4.2.0 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +2 -0
  2. package/dist/index.js +627 -536
  3. package/package.json +4 -4
package/dist/index.js CHANGED
@@ -1,28 +1,33 @@
1
+ var re = Object.defineProperty;
2
+ var ne = (e, t, r) => t in e ? re(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
3
+ var d = (e, t, r) => ne(e, typeof t != "symbol" ? t + "" : t, r);
1
4
  /*!
2
- @versini/auth-common v4.2.0
3
- © 2024 gizmette.com
5
+ @versini/auth-common v4.3.0
6
+ © 2025 gizmette.com
4
7
  */
5
8
  try {
6
9
  window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
7
- version: "4.2.0",
8
- buildTime: "12/18/2024 02:36 PM EST",
10
+ version: "4.3.0",
11
+ buildTime: "04/19/2025 03:24 PM EDT",
9
12
  homepage: "https://github.com/aversini/auth-client",
10
13
  license: "MIT"
11
14
  });
12
15
  } catch {
13
16
  }
14
- const ht = {
17
+ const nt = {
15
18
  ID_TOKEN: "id_token",
16
19
  ACCESS_TOKEN: "token",
17
20
  ID_AND_ACCESS_TOKEN: "id_token token",
18
21
  CODE: "code",
19
22
  REFRESH_TOKEN: "refresh_token",
20
- PASSKEY: "passkey"
21
- }, pt = {
22
- CLIENT_ID: "X-Auth-ClientId"
23
- }, ue = {
23
+ PASSKEY: "passkey",
24
+ AUTH0: "auth0"
25
+ }, at = {
26
+ CLIENT_ID: "X-Auth-ClientId",
27
+ AUTH_TYPE: "X-Auth-Type"
28
+ }, ae = {
24
29
  ACCESS_TOKEN: "access_token"
25
- }, W = {
30
+ }, O = {
26
31
  ALG: "RS256",
27
32
  USER_ID_KEY: "sub",
28
33
  USERNAME_KEY: "username",
@@ -35,7 +40,7 @@ const ht = {
35
40
  SCOPES_KEY: "scopes",
36
41
  CLIENT_ID_KEY: "aud",
37
42
  ISSUER: "gizmette.com"
38
- }, de = `-----BEGIN PUBLIC KEY-----
43
+ }, ie = `-----BEGIN PUBLIC KEY-----
39
44
  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
40
45
  w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
41
46
  i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -43,138 +48,120 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
43
48
  l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
44
49
  sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
45
50
  awIDAQAB
46
- -----END PUBLIC KEY-----`, mt = {
51
+ -----END PUBLIC KEY-----`, it = {
47
52
  ACCESS: "5m",
48
53
  ID: "90d",
49
54
  REFRESH: "90d"
50
- }, Et = {
55
+ }, ot = {
51
56
  CODE: "code",
52
57
  LOGOUT: "logout",
53
58
  LOGIN: "login",
54
59
  REFRESH: "refresh"
55
- }, x = crypto, X = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
56
- function le(...e) {
57
- const t = e.reduce((o, { length: i }) => o + i, 0), r = new Uint8Array(t);
60
+ }, I = new TextEncoder(), K = new TextDecoder();
61
+ function oe(...e) {
62
+ const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
58
63
  let n = 0;
59
- for (const o of e)
60
- r.set(o, n), n += o.length;
64
+ for (const a of e)
65
+ r.set(a, n), n += a.length;
61
66
  return r;
62
67
  }
63
- const fe = (e) => {
68
+ function se(e) {
69
+ if (Uint8Array.fromBase64)
70
+ return Uint8Array.fromBase64(e);
64
71
  const t = atob(e), r = new Uint8Array(t.length);
65
72
  for (let n = 0; n < t.length; n++)
66
73
  r[n] = t.charCodeAt(n);
67
74
  return r;
68
- }, b = (e) => {
75
+ }
76
+ function v(e) {
77
+ if (Uint8Array.fromBase64)
78
+ return Uint8Array.fromBase64(typeof e == "string" ? e : K.decode(e), {
79
+ alphabet: "base64url"
80
+ });
69
81
  let t = e;
70
- t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
82
+ t instanceof Uint8Array && (t = K.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
71
83
  try {
72
- return fe(t);
84
+ return se(t);
73
85
  } catch {
74
86
  throw new TypeError("The input to be decoded is not correctly encoded.");
75
87
  }
76
- };
77
- class l extends Error {
78
- constructor(t, r) {
79
- var n;
80
- super(t, r), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
81
- }
82
88
  }
83
- l.code = "ERR_JOSE_GENERIC";
84
- class h extends l {
85
- constructor(t, r, n = "unspecified", o = "unspecified") {
86
- super(t, { cause: { claim: n, reason: o, payload: r } }), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = o, this.payload = r;
89
+ class w extends Error {
90
+ constructor(r, n) {
91
+ var a;
92
+ super(r, n);
93
+ d(this, "code", "ERR_JOSE_GENERIC");
94
+ this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
87
95
  }
88
96
  }
89
- h.code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
90
- class U extends l {
91
- constructor(t, r, n = "unspecified", o = "unspecified") {
92
- super(t, { cause: { claim: n, reason: o, payload: r } }), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = o, this.payload = r;
93
- }
94
- }
95
- U.code = "ERR_JWT_EXPIRED";
96
- class Q extends l {
97
- constructor() {
98
- super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
97
+ d(w, "code", "ERR_JOSE_GENERIC");
98
+ class l extends w {
99
+ constructor(r, n, a = "unspecified", i = "unspecified") {
100
+ super(r, { cause: { claim: a, reason: i, payload: n } });
101
+ d(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
102
+ d(this, "claim");
103
+ d(this, "reason");
104
+ d(this, "payload");
105
+ this.claim = a, this.reason = i, this.payload = n;
99
106
  }
100
107
  }
101
- Q.code = "ERR_JOSE_ALG_NOT_ALLOWED";
102
- class p extends l {
103
- constructor() {
104
- super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
105
- }
106
- }
107
- p.code = "ERR_JOSE_NOT_SUPPORTED";
108
- class he extends l {
109
- constructor(t = "decryption operation failed", r) {
110
- super(t, r), this.code = "ERR_JWE_DECRYPTION_FAILED";
111
- }
112
- }
113
- he.code = "ERR_JWE_DECRYPTION_FAILED";
114
- class pe extends l {
115
- constructor() {
116
- super(...arguments), this.code = "ERR_JWE_INVALID";
108
+ d(l, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
109
+ class J extends w {
110
+ constructor(r, n, a = "unspecified", i = "unspecified") {
111
+ super(r, { cause: { claim: a, reason: i, payload: n } });
112
+ d(this, "code", "ERR_JWT_EXPIRED");
113
+ d(this, "claim");
114
+ d(this, "reason");
115
+ d(this, "payload");
116
+ this.claim = a, this.reason = i, this.payload = n;
117
117
  }
118
118
  }
119
- pe.code = "ERR_JWE_INVALID";
120
- class c extends l {
119
+ d(J, "code", "ERR_JWT_EXPIRED");
120
+ class F extends w {
121
121
  constructor() {
122
- super(...arguments), this.code = "ERR_JWS_INVALID";
122
+ super(...arguments);
123
+ d(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
123
124
  }
124
125
  }
125
- c.code = "ERR_JWS_INVALID";
126
- class E extends l {
126
+ d(F, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
127
+ class E extends w {
127
128
  constructor() {
128
- super(...arguments), this.code = "ERR_JWT_INVALID";
129
+ super(...arguments);
130
+ d(this, "code", "ERR_JOSE_NOT_SUPPORTED");
129
131
  }
130
132
  }
131
- E.code = "ERR_JWT_INVALID";
132
- class me extends l {
133
+ d(E, "code", "ERR_JOSE_NOT_SUPPORTED");
134
+ class u extends w {
133
135
  constructor() {
134
- super(...arguments), this.code = "ERR_JWK_INVALID";
136
+ super(...arguments);
137
+ d(this, "code", "ERR_JWS_INVALID");
135
138
  }
136
139
  }
137
- me.code = "ERR_JWK_INVALID";
138
- class Ee extends l {
140
+ d(u, "code", "ERR_JWS_INVALID");
141
+ class y extends w {
139
142
  constructor() {
140
- super(...arguments), this.code = "ERR_JWKS_INVALID";
143
+ super(...arguments);
144
+ d(this, "code", "ERR_JWT_INVALID");
141
145
  }
142
146
  }
143
- Ee.code = "ERR_JWKS_INVALID";
144
- class Se extends l {
145
- constructor(t = "no applicable key found in the JSON Web Key Set", r) {
146
- super(t, r), this.code = "ERR_JWKS_NO_MATCHING_KEY";
147
+ d(y, "code", "ERR_JWT_INVALID");
148
+ class V extends w {
149
+ constructor(r = "signature verification failed", n) {
150
+ super(r, n);
151
+ d(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
147
152
  }
148
153
  }
149
- Se.code = "ERR_JWKS_NO_MATCHING_KEY";
150
- class ye extends l {
151
- constructor(t = "multiple matching keys found in the JSON Web Key Set", r) {
152
- super(t, r), this.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
153
- }
154
- }
155
- ye.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
156
- class we extends l {
157
- constructor(t = "request timed out", r) {
158
- super(t, r), this.code = "ERR_JWKS_TIMEOUT";
159
- }
160
- }
161
- we.code = "ERR_JWKS_TIMEOUT";
162
- class Z extends l {
163
- constructor(t = "signature verification failed", r) {
164
- super(t, r), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
165
- }
166
- }
167
- Z.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
168
- function y(e, t = "algorithm.name") {
154
+ d(V, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
155
+ function S(e, t = "algorithm.name") {
169
156
  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
170
157
  }
171
- function P(e, t) {
158
+ function T(e, t) {
172
159
  return e.name === t;
173
160
  }
174
161
  function D(e) {
175
162
  return parseInt(e.name.slice(4), 10);
176
163
  }
177
- function Ae(e) {
164
+ function ce(e) {
178
165
  switch (e) {
179
166
  case "ES256":
180
167
  return "P-256";
@@ -186,92 +173,93 @@ function Ae(e) {
186
173
  throw new Error("unreachable");
187
174
  }
188
175
  }
189
- function be(e, t) {
190
- if (t.length && !t.some((r) => e.usages.includes(r))) {
191
- let r = "CryptoKey does not support this operation, its usages must include ";
192
- if (t.length > 2) {
193
- const n = t.pop();
194
- r += `one of ${t.join(", ")}, or ${n}.`;
195
- } else t.length === 2 ? r += `one of ${t[0]} or ${t[1]}.` : r += `${t[0]}.`;
196
- throw new TypeError(r);
197
- }
176
+ function de(e, t) {
177
+ if (!e.usages.includes(t))
178
+ throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
198
179
  }
199
- function ge(e, t, ...r) {
180
+ function ue(e, t, r) {
200
181
  switch (t) {
201
182
  case "HS256":
202
183
  case "HS384":
203
184
  case "HS512": {
204
- if (!P(e.algorithm, "HMAC"))
205
- throw y("HMAC");
185
+ if (!T(e.algorithm, "HMAC"))
186
+ throw S("HMAC");
206
187
  const n = parseInt(t.slice(2), 10);
207
188
  if (D(e.algorithm.hash) !== n)
208
- throw y(`SHA-${n}`, "algorithm.hash");
189
+ throw S(`SHA-${n}`, "algorithm.hash");
209
190
  break;
210
191
  }
211
192
  case "RS256":
212
193
  case "RS384":
213
194
  case "RS512": {
214
- if (!P(e.algorithm, "RSASSA-PKCS1-v1_5"))
215
- throw y("RSASSA-PKCS1-v1_5");
195
+ if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
196
+ throw S("RSASSA-PKCS1-v1_5");
216
197
  const n = parseInt(t.slice(2), 10);
217
198
  if (D(e.algorithm.hash) !== n)
218
- throw y(`SHA-${n}`, "algorithm.hash");
199
+ throw S(`SHA-${n}`, "algorithm.hash");
219
200
  break;
220
201
  }
221
202
  case "PS256":
222
203
  case "PS384":
223
204
  case "PS512": {
224
- if (!P(e.algorithm, "RSA-PSS"))
225
- throw y("RSA-PSS");
205
+ if (!T(e.algorithm, "RSA-PSS"))
206
+ throw S("RSA-PSS");
226
207
  const n = parseInt(t.slice(2), 10);
227
208
  if (D(e.algorithm.hash) !== n)
228
- throw y(`SHA-${n}`, "algorithm.hash");
209
+ throw S(`SHA-${n}`, "algorithm.hash");
229
210
  break;
230
211
  }
212
+ case "Ed25519":
231
213
  case "EdDSA": {
232
- if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
233
- throw y("Ed25519 or Ed448");
214
+ if (!T(e.algorithm, "Ed25519"))
215
+ throw S("Ed25519");
234
216
  break;
235
217
  }
236
218
  case "ES256":
237
219
  case "ES384":
238
220
  case "ES512": {
239
- if (!P(e.algorithm, "ECDSA"))
240
- throw y("ECDSA");
241
- const n = Ae(t);
221
+ if (!T(e.algorithm, "ECDSA"))
222
+ throw S("ECDSA");
223
+ const n = ce(t);
242
224
  if (e.algorithm.namedCurve !== n)
243
- throw y(n, "algorithm.namedCurve");
225
+ throw S(n, "algorithm.namedCurve");
244
226
  break;
245
227
  }
246
228
  default:
247
229
  throw new TypeError("CryptoKey does not support this operation");
248
230
  }
249
- be(e, r);
231
+ de(e, r);
250
232
  }
251
- function j(e, t, ...r) {
233
+ function G(e, t, ...r) {
252
234
  var n;
253
235
  if (r = r.filter(Boolean), r.length > 2) {
254
- const o = r.pop();
255
- e += `one of type ${r.join(", ")}, or ${o}.`;
236
+ const a = r.pop();
237
+ e += `one of type ${r.join(", ")}, or ${a}.`;
256
238
  } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
257
239
  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
258
240
  }
259
- const V = (e, ...t) => j("Key must be ", e, ...t);
260
- function ee(e, t, ...r) {
261
- return j(`Key for the ${e} algorithm must be `, t, ...r);
241
+ const fe = (e, ...t) => G("Key must be ", e, ...t);
242
+ function q(e, t, ...r) {
243
+ return G(`Key for the ${e} algorithm must be `, t, ...r);
262
244
  }
263
- const te = (e) => X(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", J = ["CryptoKey"], _e = (...e) => {
245
+ function z(e) {
246
+ return (e == null ? void 0 : e[Symbol.toStringTag]) === "CryptoKey";
247
+ }
248
+ function X(e) {
249
+ return (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject";
250
+ }
251
+ const Q = (e) => z(e) || X(e), he = (...e) => {
264
252
  const t = e.filter(Boolean);
265
253
  if (t.length === 0 || t.length === 1)
266
254
  return !0;
267
255
  let r;
268
256
  for (const n of t) {
269
- const o = Object.keys(n);
257
+ const a = Object.keys(n);
270
258
  if (!r || r.size === 0) {
271
- r = new Set(o);
259
+ r = new Set(a);
272
260
  continue;
273
261
  }
274
- for (const i of o) {
262
+ for (const i of a) {
275
263
  if (r.has(i))
276
264
  return !1;
277
265
  r.add(i);
@@ -279,11 +267,11 @@ const te = (e) => X(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "
279
267
  }
280
268
  return !0;
281
269
  };
282
- function Ke(e) {
270
+ function le(e) {
283
271
  return typeof e == "object" && e !== null;
284
272
  }
285
- function T(e) {
286
- if (!Ke(e) || Object.prototype.toString.call(e) !== "[object Object]")
273
+ const P = (e) => {
274
+ if (!le(e) || Object.prototype.toString.call(e) !== "[object Object]")
287
275
  return !1;
288
276
  if (Object.getPrototypeOf(e) === null)
289
277
  return !0;
@@ -291,27 +279,80 @@ function T(e) {
291
279
  for (; Object.getPrototypeOf(t) !== null; )
292
280
  t = Object.getPrototypeOf(t);
293
281
  return Object.getPrototypeOf(e) === t;
294
- }
295
- const Re = (e, t) => {
282
+ }, pe = (e, t) => {
296
283
  if (e.startsWith("RS") || e.startsWith("PS")) {
297
284
  const { modulusLength: r } = t.algorithm;
298
285
  if (typeof r != "number" || r < 2048)
299
286
  throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
300
287
  }
301
- };
302
- function I(e) {
303
- return T(e) && typeof e.kty == "string";
304
- }
305
- function Te(e) {
306
- return e.kty !== "oct" && typeof e.d == "string";
307
- }
308
- function Ie(e) {
309
- return e.kty !== "oct" && typeof e.d > "u";
310
- }
311
- function Ce(e) {
312
- return I(e) && e.kty === "oct" && typeof e.k == "string";
313
- }
314
- function ve(e) {
288
+ }, W = (e, t, r = 0) => {
289
+ r === 0 && (t.unshift(t.length), t.unshift(6));
290
+ const n = e.indexOf(t[0], r);
291
+ if (n === -1)
292
+ return !1;
293
+ const a = e.subarray(n, n + t.length);
294
+ return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || W(e, t, n + 1);
295
+ }, ye = (e) => {
296
+ switch (!0) {
297
+ case W(e, [42, 134, 72, 206, 61, 3, 1, 7]):
298
+ return "P-256";
299
+ case W(e, [43, 129, 4, 0, 34]):
300
+ return "P-384";
301
+ case W(e, [43, 129, 4, 0, 35]):
302
+ return "P-521";
303
+ default:
304
+ return;
305
+ }
306
+ }, me = async (e, t, r, n, a) => {
307
+ let i, o;
308
+ const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
309
+ switch (n) {
310
+ case "PS256":
311
+ case "PS384":
312
+ case "PS512":
313
+ i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
314
+ break;
315
+ case "RS256":
316
+ case "RS384":
317
+ case "RS512":
318
+ i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
319
+ break;
320
+ case "RSA-OAEP":
321
+ case "RSA-OAEP-256":
322
+ case "RSA-OAEP-384":
323
+ case "RSA-OAEP-512":
324
+ i = {
325
+ name: "RSA-OAEP",
326
+ hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
327
+ }, o = ["encrypt", "wrapKey"];
328
+ break;
329
+ case "ES256":
330
+ i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
331
+ break;
332
+ case "ES384":
333
+ i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
334
+ break;
335
+ case "ES512":
336
+ i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
337
+ break;
338
+ case "ECDH-ES":
339
+ case "ECDH-ES+A128KW":
340
+ case "ECDH-ES+A192KW":
341
+ case "ECDH-ES+A256KW": {
342
+ const s = ye(c);
343
+ i = s != null && s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: "X25519" }, o = [];
344
+ break;
345
+ }
346
+ case "Ed25519":
347
+ case "EdDSA":
348
+ i = { name: "Ed25519" }, o = ["verify"];
349
+ break;
350
+ default:
351
+ throw new E('Invalid or unsupported "alg" (Algorithm) value');
352
+ }
353
+ return crypto.subtle.importKey(t, c, i, !0, o);
354
+ }, Se = (e, t, r) => me(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
355
+ function Ee(e) {
315
356
  let t, r;
316
357
  switch (e.kty) {
317
358
  case "RSA": {
@@ -336,7 +377,7 @@ function ve(e) {
336
377
  }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
337
378
  break;
338
379
  default:
339
- throw new p('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
380
+ throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
340
381
  }
341
382
  break;
342
383
  }
@@ -358,14 +399,15 @@ function ve(e) {
358
399
  t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
359
400
  break;
360
401
  default:
361
- throw new p('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
402
+ throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
362
403
  }
363
404
  break;
364
405
  }
365
406
  case "OKP": {
366
407
  switch (e.alg) {
408
+ case "Ed25519":
367
409
  case "EdDSA":
368
- t = { name: e.crv }, r = e.d ? ["sign"] : ["verify"];
410
+ t = { name: "Ed25519" }, r = e.d ? ["sign"] : ["verify"];
369
411
  break;
370
412
  case "ECDH-ES":
371
413
  case "ECDH-ES+A128KW":
@@ -374,218 +416,266 @@ function ve(e) {
374
416
  t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
375
417
  break;
376
418
  default:
377
- throw new p('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
419
+ throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
378
420
  }
379
421
  break;
380
422
  }
381
423
  default:
382
- throw new p('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
424
+ throw new E('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
383
425
  }
384
426
  return { algorithm: t, keyUsages: r };
385
427
  }
386
- const re = async (e) => {
428
+ const we = async (e) => {
387
429
  if (!e.alg)
388
430
  throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
389
- const { algorithm: t, keyUsages: r } = ve(e), n = [
390
- t,
391
- e.ext ?? !1,
392
- e.key_ops ?? r
393
- ], o = { ...e };
394
- return delete o.alg, delete o.use, x.subtle.importKey("jwk", o, ...n);
395
- }, ne = (e) => b(e);
396
- let _, K;
397
- const oe = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", O = async (e, t, r, n, o = !1) => {
398
- let i = e.get(t);
399
- if (i != null && i[n])
400
- return i[n];
401
- const a = await re({ ...r, alg: n });
402
- return o && Object.freeze(t), i ? i[n] = a : e.set(t, { [n]: a }), a;
403
- }, Pe = (e, t) => {
404
- if (oe(e)) {
405
- let r = e.export({ format: "jwk" });
406
- return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? ne(r.k) : (K || (K = /* @__PURE__ */ new WeakMap()), O(K, e, r, t));
431
+ const { algorithm: t, keyUsages: r } = Ee(e), n = { ...e };
432
+ return delete n.alg, delete n.use, crypto.subtle.importKey("jwk", n, t, e.ext ?? !e.d, e.key_ops ?? r);
433
+ };
434
+ async function Ae(e, t, r) {
435
+ if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
436
+ throw new TypeError('"spki" must be SPKI formatted string');
437
+ return Se(e, t);
438
+ }
439
+ const be = (e, t, r, n, a) => {
440
+ if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
441
+ throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
442
+ if (!n || n.crit === void 0)
443
+ return /* @__PURE__ */ new Set();
444
+ if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
445
+ throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
446
+ let i;
447
+ r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
448
+ for (const o of n.crit) {
449
+ if (!i.has(o))
450
+ throw new E(`Extension Header Parameter "${o}" is not recognized`);
451
+ if (a[o] === void 0)
452
+ throw new e(`Extension Header Parameter "${o}" is missing`);
453
+ if (i.get(o) && n[o] === void 0)
454
+ throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
407
455
  }
408
- return I(e) ? e.k ? b(e.k) : (K || (K = /* @__PURE__ */ new WeakMap()), O(K, e, e, t, !0)) : e;
409
- }, We = (e, t) => {
410
- if (oe(e)) {
411
- let r = e.export({ format: "jwk" });
412
- return r.k ? ne(r.k) : (_ || (_ = /* @__PURE__ */ new WeakMap()), O(_, e, r, t));
456
+ return new Set(n.crit);
457
+ }, ge = (e, t) => {
458
+ if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
459
+ throw new TypeError(`"${e}" option must be an array of strings`);
460
+ if (t)
461
+ return new Set(t);
462
+ };
463
+ function N(e) {
464
+ return P(e) && typeof e.kty == "string";
465
+ }
466
+ function Ce(e) {
467
+ return e.kty !== "oct" && typeof e.d == "string";
468
+ }
469
+ function Ke(e) {
470
+ return e.kty !== "oct" && typeof e.d > "u";
471
+ }
472
+ function Te(e) {
473
+ return e.kty === "oct" && typeof e.k == "string";
474
+ }
475
+ let C;
476
+ const $ = async (e, t, r, n = !1) => {
477
+ C || (C = /* @__PURE__ */ new WeakMap());
478
+ let a = C.get(e);
479
+ if (a != null && a[r])
480
+ return a[r];
481
+ const i = await we({ ...t, alg: r });
482
+ return n && Object.freeze(e), a ? a[r] = i : C.set(e, { [r]: i }), i;
483
+ }, ve = (e, t) => {
484
+ var o;
485
+ C || (C = /* @__PURE__ */ new WeakMap());
486
+ let r = C.get(e);
487
+ if (r != null && r[t])
488
+ return r[t];
489
+ const n = e.type === "public", a = !!n;
490
+ let i;
491
+ if (e.asymmetricKeyType === "x25519") {
492
+ switch (t) {
493
+ case "ECDH-ES":
494
+ case "ECDH-ES+A128KW":
495
+ case "ECDH-ES+A192KW":
496
+ case "ECDH-ES+A256KW":
497
+ break;
498
+ default:
499
+ throw new TypeError("given KeyObject instance cannot be used for this algorithm");
500
+ }
501
+ i = e.toCryptoKey(e.asymmetricKeyType, a, n ? [] : ["deriveBits"]);
413
502
  }
414
- return I(e) ? e.k ? b(e.k) : (_ || (_ = /* @__PURE__ */ new WeakMap()), O(_, e, e, t, !0)) : e;
415
- }, Je = { normalizePublicKey: Pe, normalizePrivateKey: We }, A = (e, t, r = 0) => {
416
- r === 0 && (t.unshift(t.length), t.unshift(6));
417
- const n = e.indexOf(t[0], r);
418
- if (n === -1)
419
- return !1;
420
- const o = e.subarray(n, n + t.length);
421
- return o.length !== t.length ? !1 : o.every((i, a) => i === t[a]) || A(e, t, n + 1);
422
- }, Y = (e) => {
423
- switch (!0) {
424
- case A(e, [42, 134, 72, 206, 61, 3, 1, 7]):
425
- return "P-256";
426
- case A(e, [43, 129, 4, 0, 34]):
427
- return "P-384";
428
- case A(e, [43, 129, 4, 0, 35]):
429
- return "P-521";
430
- case A(e, [43, 101, 110]):
431
- return "X25519";
432
- case A(e, [43, 101, 111]):
433
- return "X448";
434
- case A(e, [43, 101, 112]):
435
- return "Ed25519";
436
- case A(e, [43, 101, 113]):
437
- return "Ed448";
438
- default:
439
- throw new p("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
503
+ if (e.asymmetricKeyType === "ed25519") {
504
+ if (t !== "EdDSA" && t !== "Ed25519")
505
+ throw new TypeError("given KeyObject instance cannot be used for this algorithm");
506
+ i = e.toCryptoKey(e.asymmetricKeyType, a, [
507
+ n ? "verify" : "sign"
508
+ ]);
440
509
  }
441
- }, Oe = async (e, t, r, n, o) => {
442
- let i, a;
443
- const s = new Uint8Array(atob(r.replace(e, "")).split("").map((u) => u.charCodeAt(0)));
444
- switch (n) {
445
- case "PS256":
446
- case "PS384":
447
- case "PS512":
448
- i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, a = ["verify"];
449
- break;
450
- case "RS256":
451
- case "RS384":
452
- case "RS512":
453
- i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, a = ["verify"];
454
- break;
455
- case "RSA-OAEP":
456
- case "RSA-OAEP-256":
457
- case "RSA-OAEP-384":
458
- case "RSA-OAEP-512":
459
- i = {
460
- name: "RSA-OAEP",
461
- hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
462
- }, a = ["encrypt", "wrapKey"];
463
- break;
464
- case "ES256":
465
- i = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
466
- break;
467
- case "ES384":
468
- i = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
469
- break;
470
- case "ES512":
471
- i = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
472
- break;
473
- case "ECDH-ES":
474
- case "ECDH-ES+A128KW":
475
- case "ECDH-ES+A192KW":
476
- case "ECDH-ES+A256KW": {
477
- const u = Y(s);
478
- i = u.startsWith("P-") ? { name: "ECDH", namedCurve: u } : { name: u }, a = [];
479
- break;
510
+ if (e.asymmetricKeyType === "rsa") {
511
+ let c;
512
+ switch (t) {
513
+ case "RSA-OAEP":
514
+ c = "SHA-1";
515
+ break;
516
+ case "RS256":
517
+ case "PS256":
518
+ case "RSA-OAEP-256":
519
+ c = "SHA-256";
520
+ break;
521
+ case "RS384":
522
+ case "PS384":
523
+ case "RSA-OAEP-384":
524
+ c = "SHA-384";
525
+ break;
526
+ case "RS512":
527
+ case "PS512":
528
+ case "RSA-OAEP-512":
529
+ c = "SHA-512";
530
+ break;
531
+ default:
532
+ throw new TypeError("given KeyObject instance cannot be used for this algorithm");
480
533
  }
481
- case "EdDSA":
482
- i = { name: Y(s) }, a = ["verify"];
483
- break;
484
- default:
485
- throw new p('Invalid or unsupported "alg" (Algorithm) value');
534
+ if (t.startsWith("RSA-OAEP"))
535
+ return e.toCryptoKey({
536
+ name: "RSA-OAEP",
537
+ hash: c
538
+ }, a, n ? ["encrypt"] : ["decrypt"]);
539
+ i = e.toCryptoKey({
540
+ name: t.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
541
+ hash: c
542
+ }, a, [n ? "verify" : "sign"]);
486
543
  }
487
- return x.subtle.importKey(t, s, i, !1, a);
488
- }, xe = (e, t, r) => Oe(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
489
- async function Ne(e, t, r) {
490
- if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
491
- throw new TypeError('"spki" must be SPKI formatted string');
492
- return xe(e, t);
493
- }
494
- async function De(e, t) {
495
- if (!T(e))
496
- throw new TypeError("JWK must be an object");
497
- switch (t || (t = e.alg), e.kty) {
498
- case "oct":
499
- if (typeof e.k != "string" || !e.k)
500
- throw new TypeError('missing "k" (Key Value) Parameter value');
501
- return b(e.k);
502
- case "RSA":
503
- if (e.oth !== void 0)
504
- throw new p('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
505
- case "EC":
506
- case "OKP":
507
- return re({ ...e, alg: t });
508
- default:
509
- throw new p('Unsupported "kty" (Key Type) Parameter value');
544
+ if (e.asymmetricKeyType === "ec") {
545
+ const s = (/* @__PURE__ */ new Map([
546
+ ["prime256v1", "P-256"],
547
+ ["secp384r1", "P-384"],
548
+ ["secp521r1", "P-521"]
549
+ ])).get((o = e.asymmetricKeyDetails) == null ? void 0 : o.namedCurve);
550
+ if (!s)
551
+ throw new TypeError("given KeyObject instance cannot be used for this algorithm");
552
+ t === "ES256" && s === "P-256" && (i = e.toCryptoKey({
553
+ name: "ECDSA",
554
+ namedCurve: s
555
+ }, a, [n ? "verify" : "sign"])), t === "ES384" && s === "P-384" && (i = e.toCryptoKey({
556
+ name: "ECDSA",
557
+ namedCurve: s
558
+ }, a, [n ? "verify" : "sign"])), t === "ES512" && s === "P-521" && (i = e.toCryptoKey({
559
+ name: "ECDSA",
560
+ namedCurve: s
561
+ }, a, [n ? "verify" : "sign"])), t.startsWith("ECDH-ES") && (i = e.toCryptoKey({
562
+ name: "ECDH",
563
+ namedCurve: s
564
+ }, a, n ? [] : ["deriveBits"]));
565
+ }
566
+ if (!i)
567
+ throw new TypeError("given KeyObject instance cannot be used for this algorithm");
568
+ return r ? r[t] = i : C.set(e, { [t]: i }), i;
569
+ }, Pe = async (e, t) => {
570
+ if (e instanceof Uint8Array || z(e))
571
+ return e;
572
+ if (X(e)) {
573
+ if (e.type === "secret")
574
+ return e.export();
575
+ if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
576
+ try {
577
+ return ve(e, t);
578
+ } catch (n) {
579
+ if (n instanceof TypeError)
580
+ throw n;
581
+ }
582
+ let r = e.export({ format: "jwk" });
583
+ return $(e, r, t);
584
+ }
585
+ if (N(e))
586
+ return e.k ? v(e.k) : $(e, e, t, !0);
587
+ throw new Error("unreachable");
588
+ }, g = (e) => e == null ? void 0 : e[Symbol.toStringTag], x = (e, t, r) => {
589
+ var n, a;
590
+ if (t.use !== void 0) {
591
+ let i;
592
+ switch (r) {
593
+ case "sign":
594
+ case "verify":
595
+ i = "sig";
596
+ break;
597
+ case "encrypt":
598
+ case "decrypt":
599
+ i = "enc";
600
+ break;
601
+ }
602
+ if (t.use !== i)
603
+ throw new TypeError(`Invalid key for this operation, its "use" must be "${i}" when present`);
510
604
  }
511
- }
512
- const R = (e) => e == null ? void 0 : e[Symbol.toStringTag], L = (e, t, r) => {
513
- var n, o;
514
- if (t.use !== void 0 && t.use !== "sig")
515
- throw new TypeError("Invalid key for this operation, when present its use must be sig");
516
- if (t.key_ops !== void 0 && ((o = (n = t.key_ops).includes) == null ? void 0 : o.call(n, r)) !== !0)
517
- throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);
518
605
  if (t.alg !== void 0 && t.alg !== e)
519
- throw new TypeError(`Invalid key for this operation, when present its alg must be ${e}`);
606
+ throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);
607
+ if (Array.isArray(t.key_ops)) {
608
+ let i;
609
+ switch (!0) {
610
+ case r === "verify":
611
+ case e === "dir":
612
+ case e.includes("CBC-HS"):
613
+ i = r;
614
+ break;
615
+ case e.startsWith("PBES2"):
616
+ i = "deriveBits";
617
+ break;
618
+ case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):
619
+ !e.includes("GCM") && e.endsWith("KW") ? i = "unwrapKey" : i = r;
620
+ break;
621
+ case r === "encrypt":
622
+ i = "wrapKey";
623
+ break;
624
+ case r === "decrypt":
625
+ i = e.startsWith("RSA") ? "unwrapKey" : "deriveBits";
626
+ break;
627
+ }
628
+ if (i && ((a = (n = t.key_ops) == null ? void 0 : n.includes) == null ? void 0 : a.call(n, i)) === !1)
629
+ throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${i}" when present`);
630
+ }
520
631
  return !0;
521
- }, He = (e, t, r, n) => {
632
+ }, _e = (e, t, r) => {
522
633
  if (!(t instanceof Uint8Array)) {
523
- if (n && I(t)) {
524
- if (Ce(t) && L(e, t, r))
634
+ if (N(t)) {
635
+ if (Te(t) && x(e, t, r))
525
636
  return;
526
637
  throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
527
638
  }
528
- if (!te(t))
529
- throw new TypeError(ee(e, t, ...J, "Uint8Array", n ? "JSON Web Key" : null));
639
+ if (!Q(t))
640
+ throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
530
641
  if (t.type !== "secret")
531
- throw new TypeError(`${R(t)} instances for symmetric algorithms must be of type "secret"`);
642
+ throw new TypeError(`${g(t)} instances for symmetric algorithms must be of type "secret"`);
532
643
  }
533
- }, Ue = (e, t, r, n) => {
534
- if (n && I(t))
644
+ }, Re = (e, t, r) => {
645
+ if (N(t))
535
646
  switch (r) {
647
+ case "decrypt":
536
648
  case "sign":
537
- if (Te(t) && L(e, t, r))
649
+ if (Ce(t) && x(e, t, r))
538
650
  return;
539
651
  throw new TypeError("JSON Web Key for this operation be a private JWK");
652
+ case "encrypt":
540
653
  case "verify":
541
- if (Ie(t) && L(e, t, r))
654
+ if (Ke(t) && x(e, t, r))
542
655
  return;
543
656
  throw new TypeError("JSON Web Key for this operation be a public JWK");
544
657
  }
545
- if (!te(t))
546
- throw new TypeError(ee(e, t, ...J, n ? "JSON Web Key" : null));
658
+ if (!Q(t))
659
+ throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
547
660
  if (t.type === "secret")
548
- throw new TypeError(`${R(t)} instances for asymmetric algorithms must not be of type "secret"`);
549
- if (r === "sign" && t.type === "public")
550
- throw new TypeError(`${R(t)} instances for asymmetric algorithm signing must be of type "private"`);
551
- if (r === "decrypt" && t.type === "public")
552
- throw new TypeError(`${R(t)} instances for asymmetric algorithm decryption must be of type "private"`);
553
- if (t.algorithm && r === "verify" && t.type === "private")
554
- throw new TypeError(`${R(t)} instances for asymmetric algorithm verifying must be of type "public"`);
555
- if (t.algorithm && r === "encrypt" && t.type === "private")
556
- throw new TypeError(`${R(t)} instances for asymmetric algorithm encryption must be of type "public"`);
557
- };
558
- function ie(e, t, r, n) {
559
- t.startsWith("HS") || t === "dir" || t.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(t) ? He(t, r, n, e) : Ue(t, r, n, e);
560
- }
561
- ie.bind(void 0, !1);
562
- const F = ie.bind(void 0, !0);
563
- function Le(e, t, r, n, o) {
564
- if (o.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
565
- throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
566
- if (!n || n.crit === void 0)
567
- return /* @__PURE__ */ new Set();
568
- if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((a) => typeof a != "string" || a.length === 0))
569
- throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
570
- let i;
571
- r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
572
- for (const a of n.crit) {
573
- if (!i.has(a))
574
- throw new p(`Extension Header Parameter "${a}" is not recognized`);
575
- if (o[a] === void 0)
576
- throw new e(`Extension Header Parameter "${a}" is missing`);
577
- if (i.get(a) && n[a] === void 0)
578
- throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
579
- }
580
- return new Set(n.crit);
581
- }
582
- const $e = (e, t) => {
583
- if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
584
- throw new TypeError(`"${e}" option must be an array of strings`);
585
- if (t)
586
- return new Set(t);
587
- };
588
- function Me(e, t) {
661
+ throw new TypeError(`${g(t)} instances for asymmetric algorithms must not be of type "secret"`);
662
+ if (t.type === "public")
663
+ switch (r) {
664
+ case "sign":
665
+ throw new TypeError(`${g(t)} instances for asymmetric algorithm signing must be of type "private"`);
666
+ case "decrypt":
667
+ throw new TypeError(`${g(t)} instances for asymmetric algorithm decryption must be of type "private"`);
668
+ }
669
+ if (t.type === "private")
670
+ switch (r) {
671
+ case "verify":
672
+ throw new TypeError(`${g(t)} instances for asymmetric algorithm verifying must be of type "public"`);
673
+ case "encrypt":
674
+ throw new TypeError(`${g(t)} instances for asymmetric algorithm encryption must be of type "public"`);
675
+ }
676
+ }, Ie = (e, t, r) => {
677
+ e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? _e(e, t, r) : Re(e, t, r);
678
+ }, We = (e, t) => {
589
679
  const r = `SHA-${e.slice(-3)}`;
590
680
  switch (e) {
591
681
  case "HS256":
@@ -595,7 +685,7 @@ function Me(e, t) {
595
685
  case "PS256":
596
686
  case "PS384":
597
687
  case "PS512":
598
- return { hash: r, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
688
+ return { hash: r, name: "RSA-PSS", saltLength: parseInt(e.slice(-3), 10) >> 3 };
599
689
  case "RS256":
600
690
  case "RS384":
601
691
  case "RS512":
@@ -604,356 +694,357 @@ function Me(e, t) {
604
694
  case "ES384":
605
695
  case "ES512":
606
696
  return { hash: r, name: "ECDSA", namedCurve: t.namedCurve };
697
+ case "Ed25519":
607
698
  case "EdDSA":
608
- return { name: t.name };
699
+ return { name: "Ed25519" };
609
700
  default:
610
- throw new p(`alg ${e} is not supported either by JOSE or your javascript runtime`);
701
+ throw new E(`alg ${e} is not supported either by JOSE or your javascript runtime`);
611
702
  }
612
- }
613
- async function Ve(e, t, r) {
614
- if (t = await Je.normalizePublicKey(t, e), X(t))
615
- return ge(t, e, r), t;
703
+ }, Oe = async (e, t, r) => {
616
704
  if (t instanceof Uint8Array) {
617
705
  if (!e.startsWith("HS"))
618
- throw new TypeError(V(t, ...J));
619
- return x.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
706
+ throw new TypeError(fe(t, "CryptoKey", "KeyObject", "JSON Web Key"));
707
+ return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
620
708
  }
621
- throw new TypeError(V(t, ...J, "Uint8Array", "JSON Web Key"));
622
- }
623
- const Ye = async (e, t, r, n) => {
624
- const o = await Ve(e, t, "verify");
625
- Re(e, o);
626
- const i = Me(e, o.algorithm);
709
+ return ue(t, e, r), t;
710
+ }, De = async (e, t, r, n) => {
711
+ const a = await Oe(e, t, "verify");
712
+ pe(e, a);
713
+ const i = We(e, a.algorithm);
627
714
  try {
628
- return await x.subtle.verify(i, o, r, n);
715
+ return await crypto.subtle.verify(i, a, r, n);
629
716
  } catch {
630
717
  return !1;
631
718
  }
632
719
  };
633
- async function Fe(e, t, r) {
634
- if (!T(e))
635
- throw new c("Flattened JWS must be an object");
720
+ async function He(e, t, r) {
721
+ if (!P(e))
722
+ throw new u("Flattened JWS must be an object");
636
723
  if (e.protected === void 0 && e.header === void 0)
637
- throw new c('Flattened JWS must have either of the "protected" or "header" members');
724
+ throw new u('Flattened JWS must have either of the "protected" or "header" members');
638
725
  if (e.protected !== void 0 && typeof e.protected != "string")
639
- throw new c("JWS Protected Header incorrect type");
726
+ throw new u("JWS Protected Header incorrect type");
640
727
  if (e.payload === void 0)
641
- throw new c("JWS Payload missing");
728
+ throw new u("JWS Payload missing");
642
729
  if (typeof e.signature != "string")
643
- throw new c("JWS Signature missing or incorrect type");
644
- if (e.header !== void 0 && !T(e.header))
645
- throw new c("JWS Unprotected Header incorrect type");
730
+ throw new u("JWS Signature missing or incorrect type");
731
+ if (e.header !== void 0 && !P(e.header))
732
+ throw new u("JWS Unprotected Header incorrect type");
646
733
  let n = {};
647
734
  if (e.protected)
648
735
  try {
649
- const N = b(e.protected);
650
- n = JSON.parse(C.decode(N));
736
+ const te = v(e.protected);
737
+ n = JSON.parse(K.decode(te));
651
738
  } catch {
652
- throw new c("JWS Protected Header is invalid");
739
+ throw new u("JWS Protected Header is invalid");
653
740
  }
654
- if (!_e(n, e.header))
655
- throw new c("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
656
- const o = {
741
+ if (!he(n, e.header))
742
+ throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
743
+ const a = {
657
744
  ...n,
658
745
  ...e.header
659
- }, i = Le(c, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, o);
660
- let a = !0;
661
- if (i.has("b64") && (a = n.b64, typeof a != "boolean"))
662
- throw new c('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
663
- const { alg: s } = o;
664
- if (typeof s != "string" || !s)
665
- throw new c('JWS "alg" (Algorithm) Header Parameter missing or invalid');
666
- const u = r && $e("algorithms", r.algorithms);
667
- if (u && !u.has(s))
668
- throw new Q('"alg" (Algorithm) Header Parameter value not allowed');
669
- if (a) {
746
+ }, i = be(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
747
+ let o = !0;
748
+ if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
749
+ throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
750
+ const { alg: c } = a;
751
+ if (typeof c != "string" || !c)
752
+ throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
753
+ const s = r && ge("algorithms", r.algorithms);
754
+ if (s && !s.has(c))
755
+ throw new F('"alg" (Algorithm) Header Parameter value not allowed');
756
+ if (o) {
670
757
  if (typeof e.payload != "string")
671
- throw new c("JWS Payload must be a string");
758
+ throw new u("JWS Payload must be a string");
672
759
  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
673
- throw new c("JWS Payload must be a string or an Uint8Array instance");
674
- let S = !1;
675
- typeof t == "function" ? (t = await t(n, e), S = !0, F(s, t, "verify"), I(t) && (t = await De(t, s))) : F(s, t, "verify");
676
- const g = le(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
677
- let m;
760
+ throw new u("JWS Payload must be a string or an Uint8Array instance");
761
+ let m = !1;
762
+ typeof t == "function" && (t = await t(n, e), m = !0), Ie(c, t, "verify");
763
+ const A = oe(I.encode(e.protected ?? ""), I.encode("."), typeof e.payload == "string" ? I.encode(e.payload) : e.payload);
764
+ let p;
678
765
  try {
679
- m = b(e.signature);
766
+ p = v(e.signature);
680
767
  } catch {
681
- throw new c("Failed to base64url decode the signature");
768
+ throw new u("Failed to base64url decode the signature");
682
769
  }
683
- if (!await Ye(s, t, m, g))
684
- throw new Z();
685
- let w;
686
- if (a)
770
+ const _ = await Pe(t, c);
771
+ if (!await De(c, _, p, A))
772
+ throw new V();
773
+ let h;
774
+ if (o)
687
775
  try {
688
- w = b(e.payload);
776
+ h = v(e.payload);
689
777
  } catch {
690
- throw new c("Failed to base64url decode the payload");
778
+ throw new u("Failed to base64url decode the payload");
691
779
  }
692
- else typeof e.payload == "string" ? w = v.encode(e.payload) : w = e.payload;
693
- const f = { payload: w };
694
- return e.protected !== void 0 && (f.protectedHeader = n), e.header !== void 0 && (f.unprotectedHeader = e.header), S ? { ...f, key: t } : f;
695
- }
696
- async function Be(e, t, r) {
697
- if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
698
- throw new c("Compact JWS must be a string or Uint8Array");
699
- const { 0: n, 1: o, 2: i, length: a } = e.split(".");
700
- if (a !== 3)
701
- throw new c("Invalid Compact JWS");
702
- const s = await Fe({ payload: o, protected: n, signature: i }, t, r), u = { payload: s.payload, protectedHeader: s.protectedHeader };
703
- return typeof t == "function" ? { ...u, key: s.key } : u;
704
- }
705
- const ke = (e) => Math.floor(e.getTime() / 1e3), ae = 60, se = ae * 60, $ = se * 24, Ge = $ * 7, qe = $ * 365.25, ze = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, B = (e) => {
706
- const t = ze.exec(e);
780
+ else typeof e.payload == "string" ? h = I.encode(e.payload) : h = e.payload;
781
+ const b = { payload: h };
782
+ return e.protected !== void 0 && (b.protectedHeader = n), e.header !== void 0 && (b.unprotectedHeader = e.header), m ? { ...b, key: _ } : b;
783
+ }
784
+ async function Je(e, t, r) {
785
+ if (e instanceof Uint8Array && (e = K.decode(e)), typeof e != "string")
786
+ throw new u("Compact JWS must be a string or Uint8Array");
787
+ const { 0: n, 1: a, 2: i, length: o } = e.split(".");
788
+ if (o !== 3)
789
+ throw new u("Invalid Compact JWS");
790
+ const c = await He({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
791
+ return typeof t == "function" ? { ...s, key: c.key } : s;
792
+ }
793
+ const xe = (e) => Math.floor(e.getTime() / 1e3), Z = 60, j = Z * 60, U = j * 24, Ne = U * 7, Ue = U * 365.25, $e = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, L = (e) => {
794
+ const t = $e.exec(e);
707
795
  if (!t || t[4] && t[1])
708
796
  throw new TypeError("Invalid time period format");
709
797
  const r = parseFloat(t[2]), n = t[3].toLowerCase();
710
- let o;
798
+ let a;
711
799
  switch (n) {
712
800
  case "sec":
713
801
  case "secs":
714
802
  case "second":
715
803
  case "seconds":
716
804
  case "s":
717
- o = Math.round(r);
805
+ a = Math.round(r);
718
806
  break;
719
807
  case "minute":
720
808
  case "minutes":
721
809
  case "min":
722
810
  case "mins":
723
811
  case "m":
724
- o = Math.round(r * ae);
812
+ a = Math.round(r * Z);
725
813
  break;
726
814
  case "hour":
727
815
  case "hours":
728
816
  case "hr":
729
817
  case "hrs":
730
818
  case "h":
731
- o = Math.round(r * se);
819
+ a = Math.round(r * j);
732
820
  break;
733
821
  case "day":
734
822
  case "days":
735
823
  case "d":
736
- o = Math.round(r * $);
824
+ a = Math.round(r * U);
737
825
  break;
738
826
  case "week":
739
827
  case "weeks":
740
828
  case "w":
741
- o = Math.round(r * Ge);
829
+ a = Math.round(r * Ne);
742
830
  break;
743
831
  default:
744
- o = Math.round(r * qe);
832
+ a = Math.round(r * Ue);
745
833
  break;
746
834
  }
747
- return t[1] === "-" || t[4] === "ago" ? -o : o;
748
- }, k = (e) => e.toLowerCase().replace(/^application\//, ""), Xe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Qe = (e, t, r = {}) => {
835
+ return t[1] === "-" || t[4] === "ago" ? -a : a;
836
+ }, B = (e) => e.toLowerCase().replace(/^application\//, ""), Le = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
837
+ function Be(e, t, r = {}) {
749
838
  let n;
750
839
  try {
751
- n = JSON.parse(C.decode(t));
840
+ n = JSON.parse(K.decode(t));
752
841
  } catch {
753
842
  }
754
- if (!T(n))
755
- throw new E("JWT Claims Set must be a top-level JSON object");
756
- const { typ: o } = r;
757
- if (o && (typeof e.typ != "string" || k(e.typ) !== k(o)))
758
- throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
759
- const { requiredClaims: i = [], issuer: a, subject: s, audience: u, maxTokenAge: S } = r, g = [...i];
760
- S !== void 0 && g.push("iat"), u !== void 0 && g.push("aud"), s !== void 0 && g.push("sub"), a !== void 0 && g.push("iss");
761
- for (const f of new Set(g.reverse()))
762
- if (!(f in n))
763
- throw new h(`missing required "${f}" claim`, n, f, "missing");
764
- if (a && !(Array.isArray(a) ? a : [a]).includes(n.iss))
765
- throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
766
- if (s && n.sub !== s)
767
- throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
768
- if (u && !Xe(n.aud, typeof u == "string" ? [u] : u))
769
- throw new h('unexpected "aud" claim value', n, "aud", "check_failed");
770
- let m;
843
+ if (!P(n))
844
+ throw new y("JWT Claims Set must be a top-level JSON object");
845
+ const { typ: a } = r;
846
+ if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
847
+ throw new l('unexpected "typ" JWT header value', n, "typ", "check_failed");
848
+ const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: m } = r, A = [...i];
849
+ m !== void 0 && A.push("iat"), s !== void 0 && A.push("aud"), c !== void 0 && A.push("sub"), o !== void 0 && A.push("iss");
850
+ for (const h of new Set(A.reverse()))
851
+ if (!(h in n))
852
+ throw new l(`missing required "${h}" claim`, n, h, "missing");
853
+ if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
854
+ throw new l('unexpected "iss" claim value', n, "iss", "check_failed");
855
+ if (c && n.sub !== c)
856
+ throw new l('unexpected "sub" claim value', n, "sub", "check_failed");
857
+ if (s && !Le(n.aud, typeof s == "string" ? [s] : s))
858
+ throw new l('unexpected "aud" claim value', n, "aud", "check_failed");
859
+ let p;
771
860
  switch (typeof r.clockTolerance) {
772
861
  case "string":
773
- m = B(r.clockTolerance);
862
+ p = L(r.clockTolerance);
774
863
  break;
775
864
  case "number":
776
- m = r.clockTolerance;
865
+ p = r.clockTolerance;
777
866
  break;
778
867
  case "undefined":
779
- m = 0;
868
+ p = 0;
780
869
  break;
781
870
  default:
782
871
  throw new TypeError("Invalid clockTolerance option type");
783
872
  }
784
- const { currentDate: M } = r, w = ke(M || /* @__PURE__ */ new Date());
785
- if ((n.iat !== void 0 || S) && typeof n.iat != "number")
786
- throw new h('"iat" claim must be a number', n, "iat", "invalid");
873
+ const { currentDate: _ } = r, R = xe(_ || /* @__PURE__ */ new Date());
874
+ if ((n.iat !== void 0 || m) && typeof n.iat != "number")
875
+ throw new l('"iat" claim must be a number', n, "iat", "invalid");
787
876
  if (n.nbf !== void 0) {
788
877
  if (typeof n.nbf != "number")
789
- throw new h('"nbf" claim must be a number', n, "nbf", "invalid");
790
- if (n.nbf > w + m)
791
- throw new h('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
878
+ throw new l('"nbf" claim must be a number', n, "nbf", "invalid");
879
+ if (n.nbf > R + p)
880
+ throw new l('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
792
881
  }
793
882
  if (n.exp !== void 0) {
794
883
  if (typeof n.exp != "number")
795
- throw new h('"exp" claim must be a number', n, "exp", "invalid");
796
- if (n.exp <= w - m)
797
- throw new U('"exp" claim timestamp check failed', n, "exp", "check_failed");
884
+ throw new l('"exp" claim must be a number', n, "exp", "invalid");
885
+ if (n.exp <= R - p)
886
+ throw new J('"exp" claim timestamp check failed', n, "exp", "check_failed");
798
887
  }
799
- if (S) {
800
- const f = w - n.iat, N = typeof S == "number" ? S : B(S);
801
- if (f - m > N)
802
- throw new U('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
803
- if (f < 0 - m)
804
- throw new h('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
888
+ if (m) {
889
+ const h = R - n.iat, b = typeof m == "number" ? m : L(m);
890
+ if (h - p > b)
891
+ throw new J('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
892
+ if (h < 0 - p)
893
+ throw new l('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
805
894
  }
806
895
  return n;
807
- };
808
- async function Ze(e, t, r) {
809
- var a;
810
- const n = await Be(e, t, r);
811
- if ((a = n.protectedHeader.crit) != null && a.includes("b64") && n.protectedHeader.b64 === !1)
812
- throw new E("JWTs MUST NOT use unencoded payload");
813
- const i = { payload: Qe(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
896
+ }
897
+ async function Me(e, t, r) {
898
+ var o;
899
+ const n = await Je(e, t, r);
900
+ if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
901
+ throw new y("JWTs MUST NOT use unencoded payload");
902
+ const i = { payload: Be(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
814
903
  return typeof t == "function" ? { ...i, key: n.key } : i;
815
904
  }
816
- const je = b;
817
- function et(e) {
905
+ function ke(e) {
818
906
  if (typeof e != "string")
819
- throw new E("JWTs must use Compact JWS serialization, JWT must be a string");
907
+ throw new y("JWTs must use Compact JWS serialization, JWT must be a string");
820
908
  const { 1: t, length: r } = e.split(".");
821
909
  if (r === 5)
822
- throw new E("Only JWTs using Compact JWS serialization can be decoded");
910
+ throw new y("Only JWTs using Compact JWS serialization can be decoded");
823
911
  if (r !== 3)
824
- throw new E("Invalid JWT");
912
+ throw new y("Invalid JWT");
825
913
  if (!t)
826
- throw new E("JWTs must contain a payload");
914
+ throw new y("JWTs must contain a payload");
827
915
  let n;
828
916
  try {
829
- n = je(t);
917
+ n = v(t);
830
918
  } catch {
831
- throw new E("Failed to base64url decode the payload");
919
+ throw new y("Failed to base64url decode the payload");
832
920
  }
833
- let o;
921
+ let a;
834
922
  try {
835
- o = JSON.parse(C.decode(n));
923
+ a = JSON.parse(K.decode(n));
836
924
  } catch {
837
- throw new E("Failed to parse the decoded payload as JSON");
925
+ throw new y("Failed to parse the decoded payload as JSON");
838
926
  }
839
- if (!T(o))
840
- throw new E("Invalid JWT Claims Set");
841
- return o;
927
+ if (!P(a))
928
+ throw new y("Invalid JWT Claims Set");
929
+ return a;
842
930
  }
843
- const tt = async (e) => {
931
+ const Ye = async (e) => {
844
932
  try {
845
- const t = W.ALG, n = await Ne(de, t);
846
- return await Ze(e, n, {
847
- issuer: W.ISSUER
933
+ const t = O.ALG, n = await Ae(ie, t);
934
+ return await Me(e, n, {
935
+ issuer: O.ISSUER
848
936
  });
849
937
  } catch {
850
938
  return;
851
939
  }
852
- }, St = (e) => {
940
+ }, st = (e) => {
853
941
  try {
854
- return et(e);
942
+ return ke(e);
855
943
  } catch {
856
944
  return;
857
945
  }
858
- }, d = [];
946
+ }, f = [];
859
947
  for (let e = 0; e < 256; ++e)
860
- d.push((e + 256).toString(16).slice(1));
861
- function rt(e, t = 0) {
862
- return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
948
+ f.push((e + 256).toString(16).slice(1));
949
+ function Fe(e, t = 0) {
950
+ return (f[e[t + 0]] + f[e[t + 1]] + f[e[t + 2]] + f[e[t + 3]] + "-" + f[e[t + 4]] + f[e[t + 5]] + "-" + f[e[t + 6]] + f[e[t + 7]] + "-" + f[e[t + 8]] + f[e[t + 9]] + "-" + f[e[t + 10]] + f[e[t + 11]] + f[e[t + 12]] + f[e[t + 13]] + f[e[t + 14]] + f[e[t + 15]]).toLowerCase();
863
951
  }
864
952
  let H;
865
- const nt = new Uint8Array(16);
866
- function ot() {
953
+ const Ve = new Uint8Array(16);
954
+ function Ge() {
867
955
  if (!H) {
868
956
  if (typeof crypto > "u" || !crypto.getRandomValues)
869
957
  throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
870
958
  H = crypto.getRandomValues.bind(crypto);
871
959
  }
872
- return H(nt);
960
+ return H(Ve);
873
961
  }
874
- const it = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), G = { randomUUID: it };
875
- function q(e, t, r) {
876
- if (G.randomUUID && !t && !e)
877
- return G.randomUUID();
962
+ const qe = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), M = { randomUUID: qe };
963
+ function k(e, t, r) {
964
+ var a;
965
+ if (M.randomUUID && !e)
966
+ return M.randomUUID();
878
967
  e = e || {};
879
- const n = e.random || (e.rng || ot)();
880
- return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, rt(n);
968
+ const n = e.random ?? ((a = e.rng) == null ? void 0 : a.call(e)) ?? Ge();
969
+ if (n.length < 16)
970
+ throw new Error("Random bytes length must be >= 16");
971
+ return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Fe(n);
881
972
  }
882
- const z = globalThis.crypto, at = (e) => `${q()}${q()}`.slice(0, e), st = (e) => btoa(
973
+ const Y = globalThis.crypto, ze = (e) => `${k()}${k()}`.slice(0, e), Xe = (e) => btoa(
883
974
  [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
884
975
  );
885
- async function ce(e) {
886
- if (!z.subtle)
976
+ async function ee(e) {
977
+ if (!Y.subtle)
887
978
  throw new Error(
888
979
  "crypto.subtle is available only in secure contexts (HTTPS)."
889
980
  );
890
- const t = new TextEncoder().encode(e), r = await z.subtle.digest("SHA-256", t);
891
- return st(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
981
+ const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
982
+ return Xe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
892
983
  }
893
- async function yt(e) {
984
+ async function ct(e) {
894
985
  const t = e || 43;
895
986
  if (t < 43 || t > 128)
896
987
  throw `Expected a length between 43 and 128. Received ${e}.`;
897
- const r = at(t), n = await ce(r);
988
+ const r = ze(t), n = await ee(r);
898
989
  return {
899
990
  code_verifier: r,
900
991
  code_challenge: n
901
992
  };
902
993
  }
903
- async function wt(e, t) {
904
- return t === await ce(e);
994
+ async function dt(e, t) {
995
+ return t === await ee(e);
905
996
  }
906
- const ct = /^Bearer (.+)$/i, ut = (e) => {
997
+ const Qe = /^Bearer (.+)$/i, Ze = (e) => {
907
998
  if (typeof (e == null ? void 0 : e.authorization) != "string")
908
999
  return;
909
- const t = e.authorization.match(ct);
1000
+ const t = e.authorization.match(Qe);
910
1001
  if (t)
911
1002
  return t[1];
912
- }, dt = (e, t) => {
1003
+ }, je = (e, t) => {
913
1004
  const r = e == null ? void 0 : e.cookie;
914
1005
  if (typeof r != "string")
915
1006
  return;
916
- const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), o = r.match(n);
917
- if (o)
918
- return o[1];
919
- }, lt = (e) => {
920
- const t = e == null ? void 0 : e[ue.ACCESS_TOKEN];
1007
+ const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
1008
+ if (a)
1009
+ return a[1];
1010
+ }, et = (e) => {
1011
+ const t = e == null ? void 0 : e[ae.ACCESS_TOKEN];
921
1012
  if (typeof t == "string")
922
1013
  return t;
923
- }, At = ({ headers: e, body: t, clientId: r }) => {
924
- const n = ut(e), o = dt(e, r);
925
- return lt(t) || o || n || "";
926
- }, bt = async (e, t) => {
927
- var o;
928
- const r = await tt(e);
929
- if (!r || !Array.isArray((o = r.payload) == null ? void 0 : o[W.SCOPES_KEY]))
1014
+ }, ut = ({ headers: e, body: t, clientId: r }) => {
1015
+ const n = Ze(e), a = je(e, r);
1016
+ return et(t) || a || n || "";
1017
+ }, ft = async (e, t) => {
1018
+ var a;
1019
+ const r = await Ye(e);
1020
+ if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[O.SCOPES_KEY]))
930
1021
  return !1;
931
- const n = r.payload[W.SCOPES_KEY];
1022
+ const n = r.payload[O.SCOPES_KEY];
932
1023
  return Array.isArray(t) ? t.every((i) => n.includes(i)) : Object.keys(t).some(
933
- (i) => t[i].every((a) => n.includes(a))
1024
+ (i) => t[i].every((o) => n.includes(o))
934
1025
  );
935
- }, ft = (e, t) => {
1026
+ }, tt = (e, t) => {
936
1027
  const r = e == null ? void 0 : e.cookie;
937
1028
  if (typeof r != "string")
938
1029
  return;
939
- const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), o = r.match(n);
940
- if (o)
941
- return o[1];
942
- }, gt = ({ headers: e, clientId: t }) => ft(e, t) || "";
1030
+ const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
1031
+ if (a)
1032
+ return a[1];
1033
+ }, ht = ({ headers: e, clientId: t }) => tt(e, t) || "";
943
1034
  export {
944
- Et as API_TYPE,
945
- ht as AUTH_TYPES,
946
- ue as BODY,
947
- pt as HEADERS,
948
- W as JWT,
949
- de as JWT_PUBLIC_KEY,
950
- mt as TOKEN_EXPIRATION,
951
- St as decodeToken,
952
- ce as generateCodeChallenge,
953
- gt as getSession,
954
- At as getToken,
955
- bt as isGranted,
956
- yt as pkceChallengePair,
957
- tt as verifyAndExtractToken,
958
- wt as verifyChallenge
1035
+ ot as API_TYPE,
1036
+ nt as AUTH_TYPES,
1037
+ ae as BODY,
1038
+ at as HEADERS,
1039
+ O as JWT,
1040
+ ie as JWT_PUBLIC_KEY,
1041
+ it as TOKEN_EXPIRATION,
1042
+ st as decodeToken,
1043
+ ee as generateCodeChallenge,
1044
+ ht as getSession,
1045
+ ut as getToken,
1046
+ ft as isGranted,
1047
+ ct as pkceChallengePair,
1048
+ Ye as verifyAndExtractToken,
1049
+ dt as verifyChallenge
959
1050
  };