npm - @versini/auth-common - Versions diffs - 4.2.1 → 4.4.0 - Mend

@versini/auth-common 4.2.1 → 4.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -7,9 +7,11 @@ declare const AUTH_TYPES: {
     CODE: string;
     REFRESH_TOKEN: string;
     PASSKEY: string;
+    AUTH0: string;
 };
 declare const HEADERS: {
     CLIENT_ID: string;
+    AUTH_TYPE: string;
 };
 declare const BODY: {
     ACCESS_TOKEN: string;
@@ -101,7 +103,7 @@ type ScopesGrants = {
     [key: string]: string[];
 } | string[];
 /**
- * Checks if the given token grants the required scopes.
+ * Checks if the given encoded access token grants the required scopes.
  *
  * This function verifies the provided token and extracts its payload.
  * It then checks if the token contains the required scopes. The scopes can be provided
@@ -135,6 +137,39 @@ type ScopesGrants = {
  * console.log(res); // true if the token has either "read" and "write" scopes or "read" scope
  */
 declare const isGranted: (token: string, scopes: ScopesGrants) => Promise<boolean>;
+/**
+ * Checks if the given non-encoded id token grants the required scopes.
+ *
+ * This function does not verify the token, it simply extracts its payload.
+ * It then checks if the token contains the required scopes. The scopes can be provided
+ * either as an array of strings or as a map of string arrays. When the scopes are provided
+ * as a map, the function checks if the token contains at least one of the scopes in each
+ * of the map's values (OR operation).
+ *
+ *
+ * @function isGrantedSync
+ * @param {string} token - The token to be checked for scopes.
+ * @param {ScopesGrants} scopes - The required scopes. This can be an array of strings
+ *  															representing the scopes or a map where the keys are strings
+ * 																and the values are arrays of strings representing the scopes.
+ * @returns {boolean} - A boolean indicating whether the token grants the required scopes.
+ *
+ * @example
+ * Example with an array of scopes (AND operation)
+ * const scopesArray = ["read", "write"];
+ * const res = isGranted(token, scopesArray);
+ * console.log(res); // true only if the token has both "read" and "write" scopes
+ *
+ * @example
+ * Example with a map of scopes (OR operation)
+ * const scopesMap = {
+ * 	"admin": ["read", "write"],
+ * 	"user": ["read"]
+ * };
+ * const res = isGranted(token, scopesMap);
+ * console.log(res); // true if the token has either "read" and "write" scopes or "read" scope
+ */
+declare const isGrantedSync: (token: string, scopes: ScopesGrants) => boolean;
 /**
  * Get a Session Id from a request.
@@ -149,4 +184,4 @@ type GetSessionProps = {
 };
 declare const getSession: ({ headers, clientId }: GetSessionProps) => string;
-export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getSession, getToken, isGranted, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getSession, getToken, isGranted, isGrantedSync, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js CHANGED Viewed

@@ -1,14 +1,14 @@
-var re = Object.defineProperty;
-var ne = (e, t, r) => t in e ? re(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
-var d = (e, t, r) => ne(e, typeof t != "symbol" ? t + "" : t, r);
+var ne = Object.defineProperty;
+var ae = (e, t, r) => t in e ? ne(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var u = (e, t, r) => ae(e, typeof t != "symbol" ? t + "" : t, r);
 /*!
-  @versini/auth-common v4.2.1
+  @versini/auth-common v4.4.0
   © 2025 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.2.1",
-    buildTime: "04/02/2025 04:33 PM EDT",
+    version: "4.4.0",
+    buildTime: "06/02/2025 05:45 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
@@ -20,12 +20,14 @@ const nt = {
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
-  PASSKEY: "passkey"
+  PASSKEY: "passkey",
+  AUTH0: "auth0"
 }, at = {
-  CLIENT_ID: "X-Auth-ClientId"
-}, ae = {
+  CLIENT_ID: "X-Auth-ClientId",
+  AUTH_TYPE: "X-Auth-Type"
+}, ie = {
   ACCESS_TOKEN: "access_token"
-}, O = {
+}, K = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   USERNAME_KEY: "username",
@@ -38,7 +40,7 @@ const nt = {
   SCOPES_KEY: "scopes",
   CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
-}, ie = `-----BEGIN PUBLIC KEY-----
+}, oe = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -55,15 +57,15 @@ awIDAQAB
   LOGOUT: "logout",
   LOGIN: "login",
   REFRESH: "refresh"
-}, I = new TextEncoder(), K = new TextDecoder();
-function oe(...e) {
+}, O = new TextEncoder(), T = new TextDecoder();
+function se(...e) {
   const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
-function se(e) {
+function ce(e) {
   if (Uint8Array.fromBase64)
     return Uint8Array.fromBase64(e);
   const t = atob(e), r = new Uint8Array(t.length);
@@ -71,15 +73,15 @@ function se(e) {
     r[n] = t.charCodeAt(n);
   return r;
 }
-function v(e) {
+function P(e) {
   if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof e == "string" ? e : K.decode(e), {
+    return Uint8Array.fromBase64(typeof e == "string" ? e : T.decode(e), {
       alphabet: "base64url"
     });
   let t = e;
-  t instanceof Uint8Array && (t = K.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = T.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return se(t);
+    return ce(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -88,78 +90,78 @@ class w extends Error {
   constructor(r, n) {
     var a;
     super(r, n);
-    d(this, "code", "ERR_JOSE_GENERIC");
+    u(this, "code", "ERR_JOSE_GENERIC");
     this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
   }
 }
-d(w, "code", "ERR_JOSE_GENERIC");
+u(w, "code", "ERR_JOSE_GENERIC");
 class h extends w {
   constructor(r, n, a = "unspecified", i = "unspecified") {
     super(r, { cause: { claim: a, reason: i, payload: n } });
-    d(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
-    d(this, "claim");
-    d(this, "reason");
-    d(this, "payload");
+    u(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
+    u(this, "claim");
+    u(this, "reason");
+    u(this, "payload");
     this.claim = a, this.reason = i, this.payload = n;
   }
 }
-d(h, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
+u(h, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
 class J extends w {
   constructor(r, n, a = "unspecified", i = "unspecified") {
     super(r, { cause: { claim: a, reason: i, payload: n } });
-    d(this, "code", "ERR_JWT_EXPIRED");
-    d(this, "claim");
-    d(this, "reason");
-    d(this, "payload");
+    u(this, "code", "ERR_JWT_EXPIRED");
+    u(this, "claim");
+    u(this, "reason");
+    u(this, "payload");
     this.claim = a, this.reason = i, this.payload = n;
   }
 }
-d(J, "code", "ERR_JWT_EXPIRED");
+u(J, "code", "ERR_JWT_EXPIRED");
 class F extends w {
   constructor() {
     super(...arguments);
-    d(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
+    u(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
   }
 }
-d(F, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
+u(F, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
 class E extends w {
   constructor() {
     super(...arguments);
-    d(this, "code", "ERR_JOSE_NOT_SUPPORTED");
+    u(this, "code", "ERR_JOSE_NOT_SUPPORTED");
   }
 }
-d(E, "code", "ERR_JOSE_NOT_SUPPORTED");
-class u extends w {
+u(E, "code", "ERR_JOSE_NOT_SUPPORTED");
+class d extends w {
   constructor() {
     super(...arguments);
-    d(this, "code", "ERR_JWS_INVALID");
+    u(this, "code", "ERR_JWS_INVALID");
   }
 }
-d(u, "code", "ERR_JWS_INVALID");
+u(d, "code", "ERR_JWS_INVALID");
 class y extends w {
   constructor() {
     super(...arguments);
-    d(this, "code", "ERR_JWT_INVALID");
+    u(this, "code", "ERR_JWT_INVALID");
   }
 }
-d(y, "code", "ERR_JWT_INVALID");
+u(y, "code", "ERR_JWT_INVALID");
 class V extends w {
   constructor(r = "signature verification failed", n) {
     super(r, n);
-    d(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
+    u(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
   }
 }
-d(V, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
+u(V, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
 function S(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function T(e, t) {
+function v(e, t) {
   return e.name === t;
 }
 function D(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function ce(e) {
+function ue(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -175,12 +177,12 @@ function de(e, t) {
   if (!e.usages.includes(t))
     throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
 }
-function ue(e, t, r) {
+function fe(e, t, r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!T(e.algorithm, "HMAC"))
+      if (!v(e.algorithm, "HMAC"))
         throw S("HMAC");
       const n = parseInt(t.slice(2), 10);
       if (D(e.algorithm.hash) !== n)
@@ -190,7 +192,7 @@ function ue(e, t, r) {
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw S("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
       if (D(e.algorithm.hash) !== n)
@@ -200,7 +202,7 @@ function ue(e, t, r) {
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!T(e.algorithm, "RSA-PSS"))
+      if (!v(e.algorithm, "RSA-PSS"))
         throw S("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
       if (D(e.algorithm.hash) !== n)
@@ -209,16 +211,16 @@ function ue(e, t, r) {
     }
     case "Ed25519":
     case "EdDSA": {
-      if (!T(e.algorithm, "Ed25519"))
+      if (!v(e.algorithm, "Ed25519"))
         throw S("Ed25519");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!T(e.algorithm, "ECDSA"))
+      if (!v(e.algorithm, "ECDSA"))
         throw S("ECDSA");
-      const n = ce(t);
+      const n = ue(t);
       if (e.algorithm.namedCurve !== n)
         throw S(n, "algorithm.namedCurve");
       break;
@@ -236,17 +238,17 @@ function G(e, t, ...r) {
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const fe = (e, ...t) => G("Key must be ", e, ...t);
+const le = (e, ...t) => G("Key must be ", e, ...t);
 function q(e, t, ...r) {
   return G(`Key for the ${e} algorithm must be `, t, ...r);
 }
 function z(e) {
   return (e == null ? void 0 : e[Symbol.toStringTag]) === "CryptoKey";
 }
-function Q(e) {
+function X(e) {
   return (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject";
 }
-const X = (e) => z(e) || Q(e), le = (...e) => {
+const Q = (e) => z(e) || X(e), he = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -265,11 +267,11 @@ const X = (e) => z(e) || Q(e), le = (...e) => {
   }
   return !0;
 };
-function he(e) {
+function pe(e) {
   return typeof e == "object" && e !== null;
 }
-const P = (e) => {
-  if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
+const _ = (e) => {
+  if (!pe(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -277,7 +279,7 @@ const P = (e) => {
   for (; Object.getPrototypeOf(t) !== null; )
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
-}, pe = (e, t) => {
+}, ye = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
@@ -290,7 +292,7 @@ const P = (e) => {
     return !1;
   const a = e.subarray(n, n + t.length);
   return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || W(e, t, n + 1);
-}, ye = (e) => {
+}, me = (e) => {
   switch (!0) {
     case W(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -301,7 +303,7 @@ const P = (e) => {
     default:
       return;
   }
-}, me = async (e, t, r, n, a) => {
+}, Se = async (e, t, r, n, a) => {
   let i, o;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
@@ -337,7 +339,7 @@ const P = (e) => {
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const s = ye(c);
+      const s = me(c);
       i = s != null && s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: "X25519" }, o = [];
       break;
     }
@@ -349,8 +351,8 @@ const P = (e) => {
       throw new E('Invalid or unsupported "alg" (Algorithm) value');
   }
   return crypto.subtle.importKey(t, c, i, !0, o);
-}, Se = (e, t, r) => me(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-function Ee(e) {
+}, Ee = (e, t, r) => Se(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+function we(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -423,18 +425,18 @@ function Ee(e) {
   }
   return { algorithm: t, keyUsages: r };
 }
-const we = async (e) => {
+const Ae = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Ee(e), n = { ...e };
+  const { algorithm: t, keyUsages: r } = we(e), n = { ...e };
   return delete n.alg, delete n.use, crypto.subtle.importKey("jwk", n, t, e.ext ?? !e.d, e.key_ops ?? r);
 };
-async function Ae(e, t, r) {
+async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Se(e, t);
+  return Ee(e, t);
 }
-const be = (e, t, r, n, a) => {
+const ge = (e, t, r, n, a) => {
   if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
@@ -452,22 +454,22 @@ const be = (e, t, r, n, a) => {
       throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
   }
   return new Set(n.crit);
-}, ge = (e, t) => {
+}, Ce = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
 function N(e) {
-  return P(e) && typeof e.kty == "string";
+  return _(e) && typeof e.kty == "string";
 }
-function Ce(e) {
+function Ke(e) {
   return e.kty !== "oct" && typeof e.d == "string";
 }
-function Ke(e) {
+function Te(e) {
   return e.kty !== "oct" && typeof e.d > "u";
 }
-function Te(e) {
+function ve(e) {
   return e.kty === "oct" && typeof e.k == "string";
 }
 let C;
@@ -476,9 +478,9 @@ const $ = async (e, t, r, n = !1) => {
   let a = C.get(e);
   if (a != null && a[r])
     return a[r];
-  const i = await we({ ...t, alg: r });
+  const i = await Ae({ ...t, alg: r });
   return n && Object.freeze(e), a ? a[r] = i : C.set(e, { [r]: i }), i;
-}, ve = (e, t) => {
+}, Pe = (e, t) => {
   var o;
   C || (C = /* @__PURE__ */ new WeakMap());
   let r = C.get(e);
@@ -564,15 +566,15 @@ const $ = async (e, t, r, n = !1) => {
   if (!i)
     throw new TypeError("given KeyObject instance cannot be used for this algorithm");
   return r ? r[t] = i : C.set(e, { [t]: i }), i;
-}, Pe = async (e, t) => {
+}, _e = async (e, t) => {
   if (e instanceof Uint8Array || z(e))
     return e;
-  if (Q(e)) {
+  if (X(e)) {
     if (e.type === "secret")
       return e.export();
     if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
       try {
-        return ve(e, t);
+        return Pe(e, t);
       } catch (n) {
         if (n instanceof TypeError)
           throw n;
@@ -581,7 +583,7 @@ const $ = async (e, t, r, n = !1) => {
     return $(e, r, t);
   }
   if (N(e))
-    return e.k ? v(e.k) : $(e, e, t, !0);
+    return e.k ? P(e.k) : $(e, e, t, !0);
   throw new Error("unreachable");
 }, g = (e) => e == null ? void 0 : e[Symbol.toStringTag], x = (e, t, r) => {
   var n, a;
@@ -627,33 +629,33 @@ const $ = async (e, t, r, n = !1) => {
       throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${i}" when present`);
   }
   return !0;
-}, _e = (e, t, r) => {
+}, Re = (e, t, r) => {
   if (!(t instanceof Uint8Array)) {
     if (N(t)) {
-      if (Te(t) && x(e, t, r))
+      if (ve(t) && x(e, t, r))
         return;
       throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
     }
-    if (!X(t))
+    if (!Q(t))
       throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${g(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Re = (e, t, r) => {
+}, Ie = (e, t, r) => {
   if (N(t))
     switch (r) {
       case "decrypt":
       case "sign":
-        if (Ce(t) && x(e, t, r))
+        if (Ke(t) && x(e, t, r))
           return;
         throw new TypeError("JSON Web Key for this operation be a private JWK");
       case "encrypt":
       case "verify":
-        if (Ke(t) && x(e, t, r))
+        if (Te(t) && x(e, t, r))
           return;
         throw new TypeError("JSON Web Key for this operation be a public JWK");
     }
-  if (!X(t))
+  if (!Q(t))
     throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
   if (t.type === "secret")
     throw new TypeError(`${g(t)} instances for asymmetric algorithms must not be of type "secret"`);
@@ -671,8 +673,8 @@ const $ = async (e, t, r, n = !1) => {
       case "encrypt":
         throw new TypeError(`${g(t)} instances for asymmetric algorithm encryption must be of type "public"`);
     }
-}, Ie = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? _e(e, t, r) : Re(e, t, r);
+}, Oe = (e, t, r) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? Re(e, t, r) : Ie(e, t, r);
 }, We = (e, t) => {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
@@ -698,16 +700,16 @@ const $ = async (e, t, r, n = !1) => {
     default:
       throw new E(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
-}, Oe = async (e, t, r) => {
+}, De = async (e, t, r) => {
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(fe(t, "CryptoKey", "KeyObject", "JSON Web Key"));
+      throw new TypeError(le(t, "CryptoKey", "KeyObject", "JSON Web Key"));
     return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  return ue(t, e, r), t;
-}, De = async (e, t, r, n) => {
-  const a = await Oe(e, t, "verify");
-  pe(e, a);
+  return fe(t, e, r), t;
+}, He = async (e, t, r, n) => {
+  const a = await De(e, t, "verify");
+  ye(e, a);
   const i = We(e, a.algorithm);
   try {
     return await crypto.subtle.verify(i, a, r, n);
@@ -715,81 +717,81 @@ const $ = async (e, t, r, n = !1) => {
     return !1;
   }
 };
-async function He(e, t, r) {
-  if (!P(e))
-    throw new u("Flattened JWS must be an object");
+async function Je(e, t, r) {
+  if (!_(e))
+    throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
-    throw new u('Flattened JWS must have either of the "protected" or "header" members');
+    throw new d('Flattened JWS must have either of the "protected" or "header" members');
   if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new u("JWS Protected Header incorrect type");
+    throw new d("JWS Protected Header incorrect type");
   if (e.payload === void 0)
-    throw new u("JWS Payload missing");
+    throw new d("JWS Payload missing");
   if (typeof e.signature != "string")
-    throw new u("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !P(e.header))
-    throw new u("JWS Unprotected Header incorrect type");
+    throw new d("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !_(e.header))
+    throw new d("JWS Unprotected Header incorrect type");
   let n = {};
   if (e.protected)
     try {
-      const te = v(e.protected);
-      n = JSON.parse(K.decode(te));
+      const re = P(e.protected);
+      n = JSON.parse(T.decode(re));
     } catch {
-      throw new u("JWS Protected Header is invalid");
+      throw new d("JWS Protected Header is invalid");
     }
-  if (!le(n, e.header))
-    throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  if (!he(n, e.header))
+    throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, i = be(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  }, i = ge(d, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
   let o = !0;
   if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
-    throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+    throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = a;
   if (typeof c != "string" || !c)
-    throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = r && ge("algorithms", r.algorithms);
+    throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const s = r && Ce("algorithms", r.algorithms);
   if (s && !s.has(c))
     throw new F('"alg" (Algorithm) Header Parameter value not allowed');
   if (o) {
     if (typeof e.payload != "string")
-      throw new u("JWS Payload must be a string");
+      throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new u("JWS Payload must be a string or an Uint8Array instance");
+    throw new d("JWS Payload must be a string or an Uint8Array instance");
   let m = !1;
-  typeof t == "function" && (t = await t(n, e), m = !0), Ie(c, t, "verify");
-  const A = oe(I.encode(e.protected ?? ""), I.encode("."), typeof e.payload == "string" ? I.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(n, e), m = !0), Oe(c, t, "verify");
+  const A = se(O.encode(e.protected ?? ""), O.encode("."), typeof e.payload == "string" ? O.encode(e.payload) : e.payload);
   let p;
   try {
-    p = v(e.signature);
+    p = P(e.signature);
   } catch {
-    throw new u("Failed to base64url decode the signature");
+    throw new d("Failed to base64url decode the signature");
   }
-  const _ = await Pe(t, c);
-  if (!await De(c, _, p, A))
+  const R = await _e(t, c);
+  if (!await He(c, R, p, A))
     throw new V();
   let l;
   if (o)
     try {
-      l = v(e.payload);
+      l = P(e.payload);
     } catch {
-      throw new u("Failed to base64url decode the payload");
+      throw new d("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? l = I.encode(e.payload) : l = e.payload;
+  else typeof e.payload == "string" ? l = O.encode(e.payload) : l = e.payload;
   const b = { payload: l };
-  return e.protected !== void 0 && (b.protectedHeader = n), e.header !== void 0 && (b.unprotectedHeader = e.header), m ? { ...b, key: _ } : b;
+  return e.protected !== void 0 && (b.protectedHeader = n), e.header !== void 0 && (b.unprotectedHeader = e.header), m ? { ...b, key: R } : b;
 }
-async function Je(e, t, r) {
-  if (e instanceof Uint8Array && (e = K.decode(e)), typeof e != "string")
-    throw new u("Compact JWS must be a string or Uint8Array");
+async function xe(e, t, r) {
+  if (e instanceof Uint8Array && (e = T.decode(e)), typeof e != "string")
+    throw new d("Compact JWS must be a string or Uint8Array");
   const { 0: n, 1: a, 2: i, length: o } = e.split(".");
   if (o !== 3)
-    throw new u("Invalid Compact JWS");
-  const c = await He({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+    throw new d("Invalid Compact JWS");
+  const c = await Je({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const xe = (e) => Math.floor(e.getTime() / 1e3), Z = 60, j = Z * 60, U = j * 24, Ne = U * 7, Ue = U * 365.25, $e = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, L = (e) => {
-  const t = $e.exec(e);
+const Ne = (e) => Math.floor(e.getTime() / 1e3), Z = 60, j = Z * 60, U = j * 24, Ue = U * 7, $e = U * 365.25, Le = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, L = (e) => {
+  const t = Le.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
@@ -824,21 +826,21 @@ const xe = (e) => Math.floor(e.getTime() / 1e3), Z = 60, j = Z * 60, U = j * 24,
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * Ne);
+      a = Math.round(r * Ue);
       break;
     default:
-      a = Math.round(r * Ue);
+      a = Math.round(r * $e);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, B = (e) => e.toLowerCase().replace(/^application\//, ""), Le = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
-function Be(e, t, r = {}) {
+}, B = (e) => e.toLowerCase().replace(/^application\//, ""), Be = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
+function Me(e, t, r = {}) {
   let n;
   try {
-    n = JSON.parse(K.decode(t));
+    n = JSON.parse(T.decode(t));
   } catch {
   }
-  if (!P(n))
+  if (!_(n))
     throw new y("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
   if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
@@ -852,7 +854,7 @@ function Be(e, t, r = {}) {
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (s && !Le(n.aud, typeof s == "string" ? [s] : s))
+  if (s && !Be(n.aud, typeof s == "string" ? [s] : s))
     throw new h('unexpected "aud" claim value', n, "aud", "check_failed");
   let p;
   switch (typeof r.clockTolerance) {
@@ -868,23 +870,23 @@ function Be(e, t, r = {}) {
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: _ } = r, R = xe(_ || /* @__PURE__ */ new Date());
+  const { currentDate: R } = r, I = Ne(R || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || m) && typeof n.iat != "number")
     throw new h('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
     if (typeof n.nbf != "number")
       throw new h('"nbf" claim must be a number', n, "nbf", "invalid");
-    if (n.nbf > R + p)
+    if (n.nbf > I + p)
       throw new h('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
   }
   if (n.exp !== void 0) {
     if (typeof n.exp != "number")
       throw new h('"exp" claim must be a number', n, "exp", "invalid");
-    if (n.exp <= R - p)
+    if (n.exp <= I - p)
       throw new J('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (m) {
-    const l = R - n.iat, b = typeof m == "number" ? m : L(m);
+    const l = I - n.iat, b = typeof m == "number" ? m : L(m);
     if (l - p > b)
       throw new J('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
     if (l < 0 - p)
@@ -892,15 +894,15 @@ function Be(e, t, r = {}) {
   }
   return n;
 }
-async function Me(e, t, r) {
+async function ke(e, t, r) {
   var o;
-  const n = await Je(e, t, r);
+  const n = await xe(e, t, r);
   if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
     throw new y("JWTs MUST NOT use unencoded payload");
-  const i = { payload: Be(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  const i = { payload: Me(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...i, key: n.key } : i;
 }
-function ke(e) {
+function ee(e) {
   if (typeof e != "string")
     throw new y("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -912,32 +914,32 @@ function ke(e) {
     throw new y("JWTs must contain a payload");
   let n;
   try {
-    n = v(t);
+    n = P(t);
   } catch {
     throw new y("Failed to base64url decode the payload");
   }
   let a;
   try {
-    a = JSON.parse(K.decode(n));
+    a = JSON.parse(T.decode(n));
   } catch {
     throw new y("Failed to parse the decoded payload as JSON");
   }
-  if (!P(a))
+  if (!_(a))
     throw new y("Invalid JWT Claims Set");
   return a;
 }
 const Ye = async (e) => {
   try {
-    const t = O.ALG, n = await Ae(ie, t);
-    return await Me(e, n, {
-      issuer: O.ISSUER
+    const t = K.ALG, n = await be(oe, t);
+    return await ke(e, n, {
+      issuer: K.ISSUER
     });
   } catch {
     return;
   }
 }, st = (e) => {
   try {
-    return ke(e);
+    return ee(e);
   } catch {
     return;
   }
@@ -968,34 +970,34 @@ function k(e, t, r) {
     throw new Error("Random bytes length must be >= 16");
   return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Fe(n);
 }
-const Y = globalThis.crypto, ze = (e) => `${k()}${k()}`.slice(0, e), Qe = (e) => btoa(
+const Y = globalThis.crypto, ze = (e) => `${k()}${k()}`.slice(0, e), Xe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function ee(e) {
+async function te(e) {
   if (!Y.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
   const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
-  return Qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return Xe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 async function ct(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = ze(t), n = await ee(r);
+  const r = ze(t), n = await te(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-async function dt(e, t) {
-  return t === await ee(e);
+async function ut(e, t) {
+  return t === await te(e);
 }
-const Xe = /^Bearer (.+)$/i, Ze = (e) => {
+const Qe = /^Bearer (.+)$/i, Ze = (e) => {
   if (typeof (e == null ? void 0 : e.authorization) != "string")
     return;
-  const t = e.authorization.match(Xe);
+  const t = e.authorization.match(Qe);
   if (t)
     return t[1];
 }, je = (e, t) => {
@@ -1006,21 +1008,33 @@ const Xe = /^Bearer (.+)$/i, Ze = (e) => {
   if (a)
     return a[1];
 }, et = (e) => {
-  const t = e == null ? void 0 : e[ae.ACCESS_TOKEN];
+  const t = e == null ? void 0 : e[ie.ACCESS_TOKEN];
   if (typeof t == "string")
     return t;
-}, ut = ({ headers: e, body: t, clientId: r }) => {
+}, dt = ({ headers: e, body: t, clientId: r }) => {
   const n = Ze(e), a = je(e, r);
   return et(t) || a || n || "";
 }, ft = async (e, t) => {
   var a;
   const r = await Ye(e);
-  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[O.SCOPES_KEY]))
+  if (!r || !Array.isArray((a = r.payload) == null ? void 0 : a[K.SCOPES_KEY]))
     return !1;
-  const n = r.payload[O.SCOPES_KEY];
+  const n = r.payload[K.SCOPES_KEY];
   return Array.isArray(t) ? t.every((i) => n.includes(i)) : Object.keys(t).some(
     (i) => t[i].every((o) => n.includes(o))
   );
+}, lt = (e, t) => {
+  try {
+    const r = ee(e);
+    if (!r || !Array.isArray(r[K.SCOPES_KEY]))
+      return !1;
+    const n = r[K.SCOPES_KEY];
+    return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
+      (a) => t[a].every((i) => n.includes(i))
+    );
+  } catch {
+    return !1;
+  }
 }, tt = (e, t) => {
   const r = e == null ? void 0 : e.cookie;
   if (typeof r != "string")
@@ -1028,21 +1042,22 @@ const Xe = /^Bearer (.+)$/i, Ze = (e) => {
   const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
   if (a)
     return a[1];
-}, lt = ({ headers: e, clientId: t }) => tt(e, t) || "";
+}, ht = ({ headers: e, clientId: t }) => tt(e, t) || "";
 export {
   ot as API_TYPE,
   nt as AUTH_TYPES,
-  ae as BODY,
+  ie as BODY,
   at as HEADERS,
-  O as JWT,
-  ie as JWT_PUBLIC_KEY,
+  K as JWT,
+  oe as JWT_PUBLIC_KEY,
   it as TOKEN_EXPIRATION,
   st as decodeToken,
-  ee as generateCodeChallenge,
-  lt as getSession,
-  ut as getToken,
+  te as generateCodeChallenge,
+  ht as getSession,
+  dt as getToken,
   ft as isGranted,
+  lt as isGrantedSync,
   ct as pkceChallengePair,
   Ye as verifyAndExtractToken,
-  dt as verifyChallenge
+  ut as verifyChallenge
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "4.2.1",
+	"version": "4.4.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "6.0.10",
 		"uuid": "11.1.0"
 	},
-	"gitHead": "0c8e2f0f14c18c1fd18e9c135ddc652a47692c85"
+	"gitHead": "3109c57783f179b3d0f2fee8cecf16cc8ba333e1"
 }