@versini/auth-common 4.2.1 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -0
- package/dist/index.js +42 -40
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -2,13 +2,13 @@ var re = Object.defineProperty;
|
|
|
2
2
|
var ne = (e, t, r) => t in e ? re(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
|
|
3
3
|
var d = (e, t, r) => ne(e, typeof t != "symbol" ? t + "" : t, r);
|
|
4
4
|
/*!
|
|
5
|
-
@versini/auth-common v4.
|
|
5
|
+
@versini/auth-common v4.3.0
|
|
6
6
|
© 2025 gizmette.com
|
|
7
7
|
*/
|
|
8
8
|
try {
|
|
9
9
|
window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
|
|
10
|
-
version: "4.
|
|
11
|
-
buildTime: "04/
|
|
10
|
+
version: "4.3.0",
|
|
11
|
+
buildTime: "04/19/2025 03:24 PM EDT",
|
|
12
12
|
homepage: "https://github.com/aversini/auth-client",
|
|
13
13
|
license: "MIT"
|
|
14
14
|
});
|
|
@@ -20,9 +20,11 @@ const nt = {
|
|
|
20
20
|
ID_AND_ACCESS_TOKEN: "id_token token",
|
|
21
21
|
CODE: "code",
|
|
22
22
|
REFRESH_TOKEN: "refresh_token",
|
|
23
|
-
PASSKEY: "passkey"
|
|
23
|
+
PASSKEY: "passkey",
|
|
24
|
+
AUTH0: "auth0"
|
|
24
25
|
}, at = {
|
|
25
|
-
CLIENT_ID: "X-Auth-ClientId"
|
|
26
|
+
CLIENT_ID: "X-Auth-ClientId",
|
|
27
|
+
AUTH_TYPE: "X-Auth-Type"
|
|
26
28
|
}, ae = {
|
|
27
29
|
ACCESS_TOKEN: "access_token"
|
|
28
30
|
}, O = {
|
|
@@ -93,7 +95,7 @@ class w extends Error {
|
|
|
93
95
|
}
|
|
94
96
|
}
|
|
95
97
|
d(w, "code", "ERR_JOSE_GENERIC");
|
|
96
|
-
class
|
|
98
|
+
class l extends w {
|
|
97
99
|
constructor(r, n, a = "unspecified", i = "unspecified") {
|
|
98
100
|
super(r, { cause: { claim: a, reason: i, payload: n } });
|
|
99
101
|
d(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
|
|
@@ -103,7 +105,7 @@ class h extends w {
|
|
|
103
105
|
this.claim = a, this.reason = i, this.payload = n;
|
|
104
106
|
}
|
|
105
107
|
}
|
|
106
|
-
d(
|
|
108
|
+
d(l, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
|
|
107
109
|
class J extends w {
|
|
108
110
|
constructor(r, n, a = "unspecified", i = "unspecified") {
|
|
109
111
|
super(r, { cause: { claim: a, reason: i, payload: n } });
|
|
@@ -243,10 +245,10 @@ function q(e, t, ...r) {
|
|
|
243
245
|
function z(e) {
|
|
244
246
|
return (e == null ? void 0 : e[Symbol.toStringTag]) === "CryptoKey";
|
|
245
247
|
}
|
|
246
|
-
function
|
|
248
|
+
function X(e) {
|
|
247
249
|
return (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject";
|
|
248
250
|
}
|
|
249
|
-
const
|
|
251
|
+
const Q = (e) => z(e) || X(e), he = (...e) => {
|
|
250
252
|
const t = e.filter(Boolean);
|
|
251
253
|
if (t.length === 0 || t.length === 1)
|
|
252
254
|
return !0;
|
|
@@ -265,11 +267,11 @@ const X = (e) => z(e) || Q(e), le = (...e) => {
|
|
|
265
267
|
}
|
|
266
268
|
return !0;
|
|
267
269
|
};
|
|
268
|
-
function
|
|
270
|
+
function le(e) {
|
|
269
271
|
return typeof e == "object" && e !== null;
|
|
270
272
|
}
|
|
271
273
|
const P = (e) => {
|
|
272
|
-
if (!
|
|
274
|
+
if (!le(e) || Object.prototype.toString.call(e) !== "[object Object]")
|
|
273
275
|
return !1;
|
|
274
276
|
if (Object.getPrototypeOf(e) === null)
|
|
275
277
|
return !0;
|
|
@@ -567,7 +569,7 @@ const $ = async (e, t, r, n = !1) => {
|
|
|
567
569
|
}, Pe = async (e, t) => {
|
|
568
570
|
if (e instanceof Uint8Array || z(e))
|
|
569
571
|
return e;
|
|
570
|
-
if (
|
|
572
|
+
if (X(e)) {
|
|
571
573
|
if (e.type === "secret")
|
|
572
574
|
return e.export();
|
|
573
575
|
if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
|
|
@@ -634,7 +636,7 @@ const $ = async (e, t, r, n = !1) => {
|
|
|
634
636
|
return;
|
|
635
637
|
throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
|
|
636
638
|
}
|
|
637
|
-
if (!
|
|
639
|
+
if (!Q(t))
|
|
638
640
|
throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
|
|
639
641
|
if (t.type !== "secret")
|
|
640
642
|
throw new TypeError(`${g(t)} instances for symmetric algorithms must be of type "secret"`);
|
|
@@ -653,7 +655,7 @@ const $ = async (e, t, r, n = !1) => {
|
|
|
653
655
|
return;
|
|
654
656
|
throw new TypeError("JSON Web Key for this operation be a public JWK");
|
|
655
657
|
}
|
|
656
|
-
if (!
|
|
658
|
+
if (!Q(t))
|
|
657
659
|
throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
|
|
658
660
|
if (t.type === "secret")
|
|
659
661
|
throw new TypeError(`${g(t)} instances for asymmetric algorithms must not be of type "secret"`);
|
|
@@ -736,7 +738,7 @@ async function He(e, t, r) {
|
|
|
736
738
|
} catch {
|
|
737
739
|
throw new u("JWS Protected Header is invalid");
|
|
738
740
|
}
|
|
739
|
-
if (!
|
|
741
|
+
if (!he(n, e.header))
|
|
740
742
|
throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
741
743
|
const a = {
|
|
742
744
|
...n,
|
|
@@ -768,15 +770,15 @@ async function He(e, t, r) {
|
|
|
768
770
|
const _ = await Pe(t, c);
|
|
769
771
|
if (!await De(c, _, p, A))
|
|
770
772
|
throw new V();
|
|
771
|
-
let
|
|
773
|
+
let h;
|
|
772
774
|
if (o)
|
|
773
775
|
try {
|
|
774
|
-
|
|
776
|
+
h = v(e.payload);
|
|
775
777
|
} catch {
|
|
776
778
|
throw new u("Failed to base64url decode the payload");
|
|
777
779
|
}
|
|
778
|
-
else typeof e.payload == "string" ?
|
|
779
|
-
const b = { payload:
|
|
780
|
+
else typeof e.payload == "string" ? h = I.encode(e.payload) : h = e.payload;
|
|
781
|
+
const b = { payload: h };
|
|
780
782
|
return e.protected !== void 0 && (b.protectedHeader = n), e.header !== void 0 && (b.unprotectedHeader = e.header), m ? { ...b, key: _ } : b;
|
|
781
783
|
}
|
|
782
784
|
async function Je(e, t, r) {
|
|
@@ -842,18 +844,18 @@ function Be(e, t, r = {}) {
|
|
|
842
844
|
throw new y("JWT Claims Set must be a top-level JSON object");
|
|
843
845
|
const { typ: a } = r;
|
|
844
846
|
if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
|
|
845
|
-
throw new
|
|
847
|
+
throw new l('unexpected "typ" JWT header value', n, "typ", "check_failed");
|
|
846
848
|
const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: m } = r, A = [...i];
|
|
847
849
|
m !== void 0 && A.push("iat"), s !== void 0 && A.push("aud"), c !== void 0 && A.push("sub"), o !== void 0 && A.push("iss");
|
|
848
|
-
for (const
|
|
849
|
-
if (!(
|
|
850
|
-
throw new
|
|
850
|
+
for (const h of new Set(A.reverse()))
|
|
851
|
+
if (!(h in n))
|
|
852
|
+
throw new l(`missing required "${h}" claim`, n, h, "missing");
|
|
851
853
|
if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
|
|
852
|
-
throw new
|
|
854
|
+
throw new l('unexpected "iss" claim value', n, "iss", "check_failed");
|
|
853
855
|
if (c && n.sub !== c)
|
|
854
|
-
throw new
|
|
856
|
+
throw new l('unexpected "sub" claim value', n, "sub", "check_failed");
|
|
855
857
|
if (s && !Le(n.aud, typeof s == "string" ? [s] : s))
|
|
856
|
-
throw new
|
|
858
|
+
throw new l('unexpected "aud" claim value', n, "aud", "check_failed");
|
|
857
859
|
let p;
|
|
858
860
|
switch (typeof r.clockTolerance) {
|
|
859
861
|
case "string":
|
|
@@ -870,25 +872,25 @@ function Be(e, t, r = {}) {
|
|
|
870
872
|
}
|
|
871
873
|
const { currentDate: _ } = r, R = xe(_ || /* @__PURE__ */ new Date());
|
|
872
874
|
if ((n.iat !== void 0 || m) && typeof n.iat != "number")
|
|
873
|
-
throw new
|
|
875
|
+
throw new l('"iat" claim must be a number', n, "iat", "invalid");
|
|
874
876
|
if (n.nbf !== void 0) {
|
|
875
877
|
if (typeof n.nbf != "number")
|
|
876
|
-
throw new
|
|
878
|
+
throw new l('"nbf" claim must be a number', n, "nbf", "invalid");
|
|
877
879
|
if (n.nbf > R + p)
|
|
878
|
-
throw new
|
|
880
|
+
throw new l('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
|
|
879
881
|
}
|
|
880
882
|
if (n.exp !== void 0) {
|
|
881
883
|
if (typeof n.exp != "number")
|
|
882
|
-
throw new
|
|
884
|
+
throw new l('"exp" claim must be a number', n, "exp", "invalid");
|
|
883
885
|
if (n.exp <= R - p)
|
|
884
886
|
throw new J('"exp" claim timestamp check failed', n, "exp", "check_failed");
|
|
885
887
|
}
|
|
886
888
|
if (m) {
|
|
887
|
-
const
|
|
888
|
-
if (
|
|
889
|
+
const h = R - n.iat, b = typeof m == "number" ? m : L(m);
|
|
890
|
+
if (h - p > b)
|
|
889
891
|
throw new J('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
|
|
890
|
-
if (
|
|
891
|
-
throw new
|
|
892
|
+
if (h < 0 - p)
|
|
893
|
+
throw new l('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
|
|
892
894
|
}
|
|
893
895
|
return n;
|
|
894
896
|
}
|
|
@@ -968,7 +970,7 @@ function k(e, t, r) {
|
|
|
968
970
|
throw new Error("Random bytes length must be >= 16");
|
|
969
971
|
return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Fe(n);
|
|
970
972
|
}
|
|
971
|
-
const Y = globalThis.crypto, ze = (e) => `${k()}${k()}`.slice(0, e),
|
|
973
|
+
const Y = globalThis.crypto, ze = (e) => `${k()}${k()}`.slice(0, e), Xe = (e) => btoa(
|
|
972
974
|
[...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
|
|
973
975
|
);
|
|
974
976
|
async function ee(e) {
|
|
@@ -977,7 +979,7 @@ async function ee(e) {
|
|
|
977
979
|
"crypto.subtle is available only in secure contexts (HTTPS)."
|
|
978
980
|
);
|
|
979
981
|
const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
|
|
980
|
-
return
|
|
982
|
+
return Xe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
981
983
|
}
|
|
982
984
|
async function ct(e) {
|
|
983
985
|
const t = e || 43;
|
|
@@ -992,10 +994,10 @@ async function ct(e) {
|
|
|
992
994
|
async function dt(e, t) {
|
|
993
995
|
return t === await ee(e);
|
|
994
996
|
}
|
|
995
|
-
const
|
|
997
|
+
const Qe = /^Bearer (.+)$/i, Ze = (e) => {
|
|
996
998
|
if (typeof (e == null ? void 0 : e.authorization) != "string")
|
|
997
999
|
return;
|
|
998
|
-
const t = e.authorization.match(
|
|
1000
|
+
const t = e.authorization.match(Qe);
|
|
999
1001
|
if (t)
|
|
1000
1002
|
return t[1];
|
|
1001
1003
|
}, je = (e, t) => {
|
|
@@ -1028,7 +1030,7 @@ const Xe = /^Bearer (.+)$/i, Ze = (e) => {
|
|
|
1028
1030
|
const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
|
|
1029
1031
|
if (a)
|
|
1030
1032
|
return a[1];
|
|
1031
|
-
},
|
|
1033
|
+
}, ht = ({ headers: e, clientId: t }) => tt(e, t) || "";
|
|
1032
1034
|
export {
|
|
1033
1035
|
ot as API_TYPE,
|
|
1034
1036
|
nt as AUTH_TYPES,
|
|
@@ -1039,7 +1041,7 @@ export {
|
|
|
1039
1041
|
it as TOKEN_EXPIRATION,
|
|
1040
1042
|
st as decodeToken,
|
|
1041
1043
|
ee as generateCodeChallenge,
|
|
1042
|
-
|
|
1044
|
+
ht as getSession,
|
|
1043
1045
|
ut as getToken,
|
|
1044
1046
|
ft as isGranted,
|
|
1045
1047
|
ct as pkceChallengePair,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@versini/auth-common",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.3.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"author": "Arno Versini",
|
|
6
6
|
"publishConfig": {
|
|
@@ -36,5 +36,5 @@
|
|
|
36
36
|
"jose": "6.0.10",
|
|
37
37
|
"uuid": "11.1.0"
|
|
38
38
|
},
|
|
39
|
-
"gitHead": "
|
|
39
|
+
"gitHead": "687d768111980b3d94ca4008c9074477605e5871"
|
|
40
40
|
}
|