npm - @versini/auth-common - Versions diffs - 4.6.0 → 4.6.1 - Mend

@versini/auth-common 4.6.0 → 4.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +225 -213
package/package.json +3 -3

package/dist/index.js CHANGED Viewed

@@ -1,17 +1,17 @@
 /*!
-  @versini/auth-common v4.6.0
+  @versini/auth-common v4.6.1
   © 2025 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.6.0",
-    buildTime: "11/23/2025 02:59 PM EST",
+    version: "4.6.1",
+    buildTime: "11/29/2025 08:06 PM EST",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const it = {
+const st = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
@@ -20,10 +20,10 @@ const it = {
   PASSKEY: "passkey",
   AUTH0: "auth0",
   GOOGLE: "google"
-}, st = {
+}, ct = {
   CLIENT_ID: "X-Auth-ClientId",
   AUTH_TYPE: "X-Auth-Type"
-}, ae = {
+}, oe = {
   ACCESS_TOKEN: "access_token"
 }, y = {
   ALG: "RS256",
@@ -39,7 +39,7 @@ const it = {
   SCOPE_KEY: "scope",
   CLIENT_ID_KEY: "aud",
   ISSUER: "gizmette.com"
-}, oe = `-----BEGIN PUBLIC KEY-----
+}, ie = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -47,24 +47,34 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, ct = {
+-----END PUBLIC KEY-----`, dt = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, dt = {
+}, ut = {
   CODE: "code",
   LOGOUT: "logout",
   LOGIN: "login",
   REFRESH: "refresh",
   GOOGLE: "google"
-}, R = new TextEncoder(), v = new TextDecoder();
-function ie(...e) {
+}, N = new TextEncoder(), T = new TextDecoder();
+function se(...e) {
   const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
+function D(e) {
+  const t = new Uint8Array(e.length);
+  for (let r = 0; r < e.length; r++) {
+    const n = e.charCodeAt(r);
+    if (n > 127)
+      throw new TypeError("non-ASCII string encountered in encode()");
+    t[r] = n;
+  }
+  return t;
+}
 function G(e) {
   if (Uint8Array.fromBase64)
     return Uint8Array.fromBase64(e);
@@ -73,13 +83,13 @@ function G(e) {
     r[n] = t.charCodeAt(n);
   return r;
 }
-function T(e) {
+function v(e) {
   if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof e == "string" ? e : v.decode(e), {
+    return Uint8Array.fromBase64(typeof e == "string" ? e : T.decode(e), {
       alphabet: "base64url"
     });
   let t = e;
-  t instanceof Uint8Array && (t = v.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = T.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/");
   try {
     return G(t);
   } catch {
@@ -103,7 +113,7 @@ class p extends A {
     super(t, { cause: { claim: n, reason: a, payload: r } }), this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class U extends A {
+class M extends A {
   static code = "ERR_JWT_EXPIRED";
   code = "ERR_JWT_EXPIRED";
   claim;
@@ -113,7 +123,7 @@ class U extends A {
     super(t, { cause: { claim: n, reason: a, payload: r } }), this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class se extends A {
+class ce extends A {
   static code = "ERR_JOSE_ALG_NOT_ALLOWED";
   code = "ERR_JOSE_ALG_NOT_ALLOWED";
 }
@@ -129,23 +139,18 @@ class S extends A {
   static code = "ERR_JWT_INVALID";
   code = "ERR_JWT_INVALID";
 }
-class ce extends A {
+class de extends A {
   static code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   constructor(t = "signature verification failed", r) {
     super(t, r);
   }
 }
-function h(e, t = "algorithm.name") {
-  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
-}
-function b(e, t) {
-  return e.name === t;
-}
-function W(e) {
+const h = (e, t = "algorithm.name") => new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`), b = (e, t) => e.name === t;
+function x(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function de(e) {
+function ue(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -157,11 +162,11 @@ function de(e) {
       throw new Error("unreachable");
   }
 }
-function ue(e, t) {
+function fe(e, t) {
   if (!e.usages.includes(t))
     throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
 }
-function fe(e, t, r) {
+function le(e, t, r) {
   switch (t) {
     case "HS256":
     case "HS384":
@@ -169,7 +174,7 @@ function fe(e, t, r) {
       if (!b(e.algorithm, "HMAC"))
         throw h("HMAC");
       const n = parseInt(t.slice(2), 10);
-      if (W(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw h(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -179,7 +184,7 @@ function fe(e, t, r) {
       if (!b(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw h("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
-      if (W(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw h(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -189,7 +194,7 @@ function fe(e, t, r) {
       if (!b(e.algorithm, "RSA-PSS"))
         throw h("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
-      if (W(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw h(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -211,7 +216,7 @@ function fe(e, t, r) {
     case "ES512": {
       if (!b(e.algorithm, "ECDSA"))
         throw h("ECDSA");
-      const n = de(t);
+      const n = ue(t);
       if (e.algorithm.namedCurve !== n)
         throw h(n, "algorithm.namedCurve");
       break;
@@ -219,26 +224,25 @@ function fe(e, t, r) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  ue(e, r);
+  fe(e, r);
 }
-function V(e, t, ...r) {
+function q(e, t, ...r) {
   if (r = r.filter(Boolean), r.length > 2) {
     const n = r.pop();
     e += `one of type ${r.join(", ")}, or ${n}.`;
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && t.constructor?.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const le = (e, ...t) => V("Key must be ", e, ...t);
-function q(e, t, ...r) {
-  return V(`Key for the ${e} algorithm must be `, t, ...r);
-}
-function z(e) {
-  return e?.[Symbol.toStringTag] === "CryptoKey";
-}
-function X(e) {
-  return e?.[Symbol.toStringTag] === "KeyObject";
-}
-const Q = (e) => z(e) || X(e), pe = (...e) => {
+const pe = (e, ...t) => q("Key must be ", e, ...t), z = (e, t, ...r) => q(`Key for the ${e} algorithm must be `, t, ...r), X = (e) => {
+  if (e?.[Symbol.toStringTag] === "CryptoKey")
+    return !0;
+  try {
+    return e instanceof CryptoKey;
+  } catch {
+    return !1;
+  }
+}, Q = (e) => e?.[Symbol.toStringTag] === "KeyObject", Z = (e) => X(e) || Q(e);
+function he(...e) {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -256,12 +260,10 @@ const Q = (e) => z(e) || X(e), pe = (...e) => {
     }
   }
   return !0;
-};
-function he(e) {
-  return typeof e == "object" && e !== null;
 }
-const P = (e) => {
-  if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
+const ye = (e) => typeof e == "object" && e !== null;
+function P(e) {
+  if (!ye(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -269,20 +271,22 @@ const P = (e) => {
   for (; Object.getPrototypeOf(t) !== null; )
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
-}, ye = (e, t) => {
+}
+function me(e, t) {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
-}, x = (e, t) => {
+}
+const W = (e, t) => {
   if (e.byteLength !== t.length)
     return !1;
   for (let r = 0; r < e.byteLength; r++)
     if (e[r] !== t[r])
       return !1;
   return !0;
-}, me = (e) => ({ data: e, pos: 0 }), O = (e) => {
+}, Se = (e) => ({ data: e, pos: 0 }), R = (e) => {
   const t = e.data[e.pos++];
   if (t & 128) {
     const r = t & 127;
@@ -292,39 +296,39 @@ const P = (e) => {
     return n;
   }
   return t;
-}, D = (e, t, r) => {
+}, O = (e, t, r) => {
   if (e.data[e.pos++] !== t)
     throw new Error(r);
-}, Z = (e, t) => {
+}, j = (e, t) => {
   const r = e.data.subarray(e.pos, e.pos + t);
   return e.pos += t, r;
-}, Se = (e) => {
-  D(e, 6, "Expected algorithm OID");
-  const t = O(e);
-  return Z(e, t);
+}, Ee = (e) => {
+  O(e, 6, "Expected algorithm OID");
+  const t = R(e);
+  return j(e, t);
 };
-function Ee(e) {
-  D(e, 48, "Invalid SPKI structure"), O(e), D(e, 48, "Expected algorithm identifier");
-  const t = O(e);
+function we(e) {
+  O(e, 48, "Invalid SPKI structure"), R(e), O(e, 48, "Expected algorithm identifier");
+  const t = R(e);
   return { algIdStart: e.pos, algIdLength: t };
 }
-const we = (e) => {
-  const t = Se(e);
-  if (x(t, [43, 101, 110]))
+const Ae = (e) => {
+  const t = Ee(e);
+  if (W(t, [43, 101, 110]))
     return "X25519";
-  if (!x(t, [42, 134, 72, 206, 61, 2, 1]))
+  if (!W(t, [42, 134, 72, 206, 61, 2, 1]))
     throw new Error("Unsupported key algorithm");
-  D(e, 6, "Expected curve OID");
-  const r = O(e), n = Z(e, r);
+  O(e, 6, "Expected curve OID");
+  const r = R(e), n = j(e, r);
   for (const { name: a, oid: o } of [
     { name: "P-256", oid: [42, 134, 72, 206, 61, 3, 1, 7] },
     { name: "P-384", oid: [43, 129, 4, 0, 34] },
     { name: "P-521", oid: [43, 129, 4, 0, 35] }
   ])
-    if (x(n, o))
+    if (W(n, o))
       return a;
   throw new Error("Unsupported named curve");
-}, Ae = async (e, t, r, n) => {
+}, ge = async (e, t, r, n) => {
   let a, o;
   const i = () => ["verify"], s = () => ["encrypt", "wrapKey"];
   switch (r) {
@@ -379,15 +383,15 @@ const we = (e) => {
       throw new E('Invalid or unsupported "alg" (Algorithm) value');
   }
   return crypto.subtle.importKey(e, t, a, n?.extractable ?? !0, o);
-}, ge = (e, t) => G(e.replace(t, "")), be = (e, t, r) => {
-  const n = ge(e, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
+}, be = (e, t) => G(e.replace(t, "")), Ce = (e, t, r) => {
+  const n = be(e, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
   let a = r;
   return t?.startsWith?.("ECDH-ES") && (a ||= {}, a.getNamedCurve = (o) => {
-    const i = me(o);
-    return Ee(i), we(i);
-  }), Ae("spki", n, t, a);
+    const i = Se(o);
+    return we(i), Ae(i);
+  }), ge("spki", n, t, a);
 };
-function Ce(e) {
+function Ke(e) {
   let t, r;
   switch (e.kty) {
     case "AKP": {
@@ -472,18 +476,18 @@ function Ce(e) {
   }
   return { algorithm: t, keyUsages: r };
 }
-const Ke = async (e) => {
+async function Te(e) {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Ce(e), n = { ...e };
+  const { algorithm: t, keyUsages: r } = Ke(e), n = { ...e };
   return n.kty !== "AKP" && delete n.alg, delete n.use, crypto.subtle.importKey("jwk", n, t, e.ext ?? !(e.d || e.priv), e.key_ops ?? r);
-};
+}
 async function ve(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return be(e, t, r);
+  return Ce(e, t, r);
 }
-const Te = (e, t, r, n, a) => {
+function Pe(e, t, r, n, a) {
   if (a.crit !== void 0 && n?.crit === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
@@ -501,33 +505,23 @@ const Te = (e, t, r, n, a) => {
       throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
-}, Pe = (e, t) => {
+}
+function _e(e, t) {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
-};
-function L(e) {
-  return P(e) && typeof e.kty == "string";
-}
-function _e(e) {
-  return e.kty !== "oct" && (e.kty === "AKP" && typeof e.priv == "string" || typeof e.d == "string");
-}
-function Ie(e) {
-  return e.kty !== "oct" && typeof e.d > "u" && typeof e.priv > "u";
-}
-function Re(e) {
-  return e.kty === "oct" && typeof e.k == "string";
 }
+const L = (e) => P(e) && typeof e.kty == "string", Ie = (e) => e.kty !== "oct" && (e.kty === "AKP" && typeof e.priv == "string" || typeof e.d == "string"), Re = (e) => e.kty !== "oct" && e.d === void 0 && e.priv === void 0, Oe = (e) => e.kty === "oct" && typeof e.k == "string";
 let K;
-const M = async (e, t, r, n = !1) => {
+const $ = async (e, t, r, n = !1) => {
   K ||= /* @__PURE__ */ new WeakMap();
   let a = K.get(e);
   if (a?.[r])
     return a[r];
-  const o = await Ke({ ...t, alg: r });
+  const o = await Te({ ...t, alg: r });
   return n && Object.freeze(e), a ? a[r] = o : K.set(e, { [r]: o }), o;
-}, Oe = (e, t) => {
+}, De = (e, t) => {
   K ||= /* @__PURE__ */ new WeakMap();
   let r = K.get(e);
   if (r?.[t])
@@ -623,26 +617,28 @@ const M = async (e, t, r, n = !1) => {
   if (!o)
     throw new TypeError("given KeyObject instance cannot be used for this algorithm");
   return r ? r[t] = o : K.set(e, { [t]: o }), o;
-}, De = async (e, t) => {
-  if (e instanceof Uint8Array || z(e))
+};
+async function xe(e, t) {
+  if (e instanceof Uint8Array || X(e))
     return e;
-  if (X(e)) {
+  if (Q(e)) {
     if (e.type === "secret")
       return e.export();
     if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
       try {
-        return Oe(e, t);
+        return De(e, t);
       } catch (n) {
         if (n instanceof TypeError)
           throw n;
       }
     let r = e.export({ format: "jwk" });
-    return M(e, r, t);
+    return $(e, r, t);
   }
   if (L(e))
-    return e.k ? T(e.k) : M(e, e, t, !0);
+    return e.k ? v(e.k) : $(e, e, t, !0);
   throw new Error("unreachable");
-}, C = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
+}
+const C = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
   if (t.use !== void 0) {
     let n;
     switch (r) {
@@ -688,31 +684,31 @@ const M = async (e, t, r, n = !1) => {
 }, We = (e, t, r) => {
   if (!(t instanceof Uint8Array)) {
     if (L(t)) {
-      if (Re(t) && J(e, t, r))
+      if (Oe(t) && J(e, t, r))
         return;
       throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
     }
-    if (!Q(t))
-      throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+    if (!Z(t))
+      throw new TypeError(z(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${C(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, xe = (e, t, r) => {
+}, He = (e, t, r) => {
   if (L(t))
     switch (r) {
       case "decrypt":
       case "sign":
-        if (_e(t) && J(e, t, r))
+        if (Ie(t) && J(e, t, r))
           return;
         throw new TypeError("JSON Web Key for this operation be a private JWK");
       case "encrypt":
       case "verify":
-        if (Ie(t) && J(e, t, r))
+        if (Re(t) && J(e, t, r))
           return;
         throw new TypeError("JSON Web Key for this operation be a public JWK");
     }
-  if (!Q(t))
-    throw new TypeError(q(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
+  if (!Z(t))
+    throw new TypeError(z(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
   if (t.type === "secret")
     throw new TypeError(`${C(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.type === "public")
@@ -729,9 +725,21 @@ const M = async (e, t, r, n = !1) => {
       case "encrypt":
         throw new TypeError(`${C(t)} instances for asymmetric algorithm encryption must be of type "public"`);
     }
-}, He = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? We(e, t, r) : xe(e, t, r);
-}, Je = (e, t) => {
+};
+function Je(e, t, r) {
+  switch (e.substring(0, 2)) {
+    case "A1":
+    case "A2":
+    case "di":
+    case "HS":
+    case "PB":
+      We(e, t, r);
+      break;
+    default:
+      He(e, t, r);
+  }
+}
+function Le(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -760,24 +768,26 @@ const M = async (e, t, r, n = !1) => {
     default:
       throw new E(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
-}, Le = async (e, t, r) => {
+}
+async function Ue(e, t, r) {
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(le(t, "CryptoKey", "KeyObject", "JSON Web Key"));
+      throw new TypeError(pe(t, "CryptoKey", "KeyObject", "JSON Web Key"));
     return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  return fe(t, e, r), t;
-}, Ne = async (e, t, r, n) => {
-  const a = await Le(e, t, "verify");
-  ye(e, a);
-  const o = Je(e, a.algorithm);
+  return le(t, e, r), t;
+}
+async function Ne(e, t, r, n) {
+  const a = await Ue(e, t, "verify");
+  me(e, a);
+  const o = Le(e, a.algorithm);
   try {
     return await crypto.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
-};
-async function Ue(e, t, r) {
+}
+async function Me(e, t, r) {
   if (!P(e))
     throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
@@ -793,65 +803,66 @@ async function Ue(e, t, r) {
   let n = {};
   if (e.protected)
     try {
-      const ne = T(e.protected);
-      n = JSON.parse(v.decode(ne));
+      const ae = v(e.protected);
+      n = JSON.parse(T.decode(ae));
     } catch {
       throw new d("JWS Protected Header is invalid");
     }
-  if (!pe(n, e.header))
+  if (!he(n, e.header))
     throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, o = Te(d, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
+  }, o = Pe(d, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
   let i = !0;
   if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: s } = a;
   if (typeof s != "string" || !s)
     throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const u = r && Pe("algorithms", r.algorithms);
+  const u = r && _e("algorithms", r.algorithms);
   if (u && !u.has(s))
-    throw new se('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
   if (i) {
     if (typeof e.payload != "string")
       throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new d("JWS Payload must be a string or an Uint8Array instance");
   let m = !1;
-  typeof t == "function" && (t = await t(n, e), m = !0), He(s, t, "verify");
-  const w = ie(R.encode(e.protected ?? ""), R.encode("."), typeof e.payload == "string" ? R.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(n, e), m = !0), Je(s, t, "verify");
+  const w = se(e.protected !== void 0 ? D(e.protected) : new Uint8Array(), D("."), typeof e.payload == "string" ? i ? D(e.payload) : N.encode(e.payload) : e.payload);
   let l;
   try {
-    l = T(e.signature);
+    l = v(e.signature);
   } catch {
     throw new d("Failed to base64url decode the signature");
   }
-  const _ = await De(t, s);
+  const _ = await xe(t, s);
   if (!await Ne(s, _, l, w))
-    throw new ce();
+    throw new de();
   let f;
   if (i)
     try {
-      f = T(e.payload);
+      f = v(e.payload);
     } catch {
       throw new d("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? f = R.encode(e.payload) : f = e.payload;
+  else typeof e.payload == "string" ? f = N.encode(e.payload) : f = e.payload;
   const g = { payload: f };
   return e.protected !== void 0 && (g.protectedHeader = n), e.header !== void 0 && (g.unprotectedHeader = e.header), m ? { ...g, key: _ } : g;
 }
-async function Me(e, t, r) {
-  if (e instanceof Uint8Array && (e = v.decode(e)), typeof e != "string")
+async function $e(e, t, r) {
+  if (e instanceof Uint8Array && (e = T.decode(e)), typeof e != "string")
     throw new d("Compact JWS must be a string or Uint8Array");
   const { 0: n, 1: a, 2: o, length: i } = e.split(".");
   if (i !== 3)
     throw new d("Invalid Compact JWS");
-  const s = await Ue({ payload: a, protected: n, signature: o }, t, r), u = { payload: s.payload, protectedHeader: s.protectedHeader };
+  const s = await Me({ payload: a, protected: n, signature: o }, t, r), u = { payload: s.payload, protectedHeader: s.protectedHeader };
   return typeof t == "function" ? { ...u, key: s.key } : u;
 }
-const $e = (e) => Math.floor(e.getTime() / 1e3), j = 60, ee = j * 60, N = ee * 24, ke = N * 7, Be = N * 365.25, Ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, $ = (e) => {
-  const t = Ye.exec(e);
+const ke = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, U = te * 24, Be = U * 7, Ye = U * 365.25, Fe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+function k(e) {
+  const t = Fe.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
@@ -869,41 +880,42 @@ const $e = (e) => Math.floor(e.getTime() / 1e3), j = 60, ee = j * 60, N = ee * 2
     case "min":
     case "mins":
     case "m":
-      a = Math.round(r * j);
+      a = Math.round(r * ee);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      a = Math.round(r * ee);
+      a = Math.round(r * te);
       break;
     case "day":
     case "days":
     case "d":
-      a = Math.round(r * N);
+      a = Math.round(r * U);
       break;
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * ke);
+      a = Math.round(r * Be);
       break;
     default:
-      a = Math.round(r * Be);
+      a = Math.round(r * Ye);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, k = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, Fe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
+}
+const B = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, Ve = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
 function Ge(e, t, r = {}) {
   let n;
   try {
-    n = JSON.parse(v.decode(t));
+    n = JSON.parse(T.decode(t));
   } catch {
   }
   if (!P(n))
     throw new S("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
-  if (a && (typeof e.typ != "string" || k(e.typ) !== k(a)))
+  if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new p('unexpected "typ" JWT header value', n, "typ", "check_failed");
   const { requiredClaims: o = [], issuer: i, subject: s, audience: u, maxTokenAge: m } = r, w = [...o];
   m !== void 0 && w.push("iat"), u !== void 0 && w.push("aud"), s !== void 0 && w.push("sub"), i !== void 0 && w.push("iss");
@@ -914,12 +926,12 @@ function Ge(e, t, r = {}) {
     throw new p('unexpected "iss" claim value', n, "iss", "check_failed");
   if (s && n.sub !== s)
     throw new p('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (u && !Fe(n.aud, typeof u == "string" ? [u] : u))
+  if (u && !Ve(n.aud, typeof u == "string" ? [u] : u))
     throw new p('unexpected "aud" claim value', n, "aud", "check_failed");
   let l;
   switch (typeof r.clockTolerance) {
     case "string":
-      l = $(r.clockTolerance);
+      l = k(r.clockTolerance);
       break;
     case "number":
       l = r.clockTolerance;
@@ -930,7 +942,7 @@ function Ge(e, t, r = {}) {
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: _ } = r, I = $e(_ || /* @__PURE__ */ new Date());
+  const { currentDate: _ } = r, I = ke(_ || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || m) && typeof n.iat != "number")
     throw new p('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -943,25 +955,25 @@ function Ge(e, t, r = {}) {
     if (typeof n.exp != "number")
       throw new p('"exp" claim must be a number', n, "exp", "invalid");
     if (n.exp <= I - l)
-      throw new U('"exp" claim timestamp check failed', n, "exp", "check_failed");
+      throw new M('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (m) {
-    const f = I - n.iat, g = typeof m == "number" ? m : $(m);
+    const f = I - n.iat, g = typeof m == "number" ? m : k(m);
     if (f - l > g)
-      throw new U('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
+      throw new M('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
     if (f < 0 - l)
       throw new p('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
 }
-async function Ve(e, t, r) {
-  const n = await Me(e, t, r);
+async function qe(e, t, r) {
+  const n = await $e(e, t, r);
   if (n.protectedHeader.crit?.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
   const o = { payload: Ge(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...o, key: n.key } : o;
 }
-function te(e) {
+function re(e) {
   if (typeof e != "string")
     throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -973,13 +985,13 @@ function te(e) {
     throw new S("JWTs must contain a payload");
   let n;
   try {
-    n = T(t);
+    n = v(t);
   } catch {
     throw new S("Failed to base64url decode the payload");
   }
   let a;
   try {
-    a = JSON.parse(v.decode(n));
+    a = JSON.parse(T.decode(n));
   } catch {
     throw new S("Failed to parse the decoded payload as JSON");
   }
@@ -987,93 +999,93 @@ function te(e) {
     throw new S("Invalid JWT Claims Set");
   return a;
 }
-const qe = async (e) => {
+const ze = async (e) => {
   try {
-    const t = y.ALG, n = await ve(oe, t);
-    return await Ve(e, n, {
+    const t = y.ALG, n = await ve(ie, t);
+    return await qe(e, n, {
       issuer: y.ISSUER
     });
   } catch {
     return;
   }
-}, ut = (e) => {
+}, ft = (e) => {
   try {
-    return te(e);
+    return re(e);
   } catch {
     return;
   }
 }, c = [];
 for (let e = 0; e < 256; ++e)
   c.push((e + 256).toString(16).slice(1));
-function ze(e, t = 0) {
+function Xe(e, t = 0) {
   return (c[e[t + 0]] + c[e[t + 1]] + c[e[t + 2]] + c[e[t + 3]] + "-" + c[e[t + 4]] + c[e[t + 5]] + "-" + c[e[t + 6]] + c[e[t + 7]] + "-" + c[e[t + 8]] + c[e[t + 9]] + "-" + c[e[t + 10]] + c[e[t + 11]] + c[e[t + 12]] + c[e[t + 13]] + c[e[t + 14]] + c[e[t + 15]]).toLowerCase();
 }
 let H;
-const Xe = new Uint8Array(16);
-function Qe() {
+const Qe = new Uint8Array(16);
+function Ze() {
   if (!H) {
     if (typeof crypto > "u" || !crypto.getRandomValues)
       throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
     H = crypto.getRandomValues.bind(crypto);
   }
-  return H(Xe);
+  return H(Qe);
 }
-const Ze = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), B = { randomUUID: Ze };
-function Y(e, t, r) {
-  if (B.randomUUID && !e)
-    return B.randomUUID();
+const je = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), Y = { randomUUID: je };
+function F(e, t, r) {
+  if (Y.randomUUID && !e)
+    return Y.randomUUID();
   e = e || {};
-  const n = e.random ?? e.rng?.() ?? Qe();
+  const n = e.random ?? e.rng?.() ?? Ze();
   if (n.length < 16)
     throw new Error("Random bytes length must be >= 16");
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, ze(n);
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Xe(n);
 }
-const F = globalThis.crypto, je = (e) => `${Y()}${Y()}`.slice(0, e), et = (e) => btoa(
+const V = globalThis.crypto, et = (e) => `${F()}${F()}`.slice(0, e), tt = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function re(e) {
-  if (!F.subtle)
+async function ne(e) {
+  if (!V.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await F.subtle.digest("SHA-256", t);
-  return et(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const t = new TextEncoder().encode(e), r = await V.subtle.digest("SHA-256", t);
+  return tt(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function ft(e) {
+async function lt(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = je(t), n = await re(r);
+  const r = et(t), n = await ne(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-async function lt(e, t) {
-  return t === await re(e);
+async function pt(e, t) {
+  return t === await ne(e);
 }
-const tt = /^Bearer (.+)$/i, rt = (e) => {
+const rt = /^Bearer (.+)$/i, nt = (e) => {
   if (typeof e?.authorization != "string")
     return;
-  const t = e.authorization.match(tt);
+  const t = e.authorization.match(rt);
   if (t)
     return t[1];
-}, nt = (e, t) => {
+}, at = (e, t) => {
   const r = e?.cookie;
   if (typeof r != "string")
     return;
   const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
   if (a)
     return a[1];
-}, at = (e) => {
-  const t = e?.[ae.ACCESS_TOKEN];
+}, ot = (e) => {
+  const t = e?.[oe.ACCESS_TOKEN];
   if (typeof t == "string")
     return t;
-}, pt = ({ headers: e, body: t, clientId: r }) => {
-  const n = rt(e), a = nt(e, r);
-  return at(t) || a || n || "";
-}, ht = async (e, t) => {
-  const r = await qe(e);
+}, ht = ({ headers: e, body: t, clientId: r }) => {
+  const n = nt(e), a = at(e, r);
+  return ot(t) || a || n || "";
+}, yt = async (e, t) => {
+  const r = await ze(e);
   if (!r || !r.payload)
     return !1;
   let n = [];
@@ -1086,9 +1098,9 @@ const tt = /^Bearer (.+)$/i, rt = (e) => {
   return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
     (a) => t[a].every((o) => n.includes(o))
   );
-}, yt = (e, t) => {
+}, mt = (e, t) => {
   try {
-    const r = te(e);
+    const r = re(e);
     if (!r)
       return !1;
     let n = [];
@@ -1104,29 +1116,29 @@ const tt = /^Bearer (.+)$/i, rt = (e) => {
   } catch {
     return !1;
   }
-}, ot = (e, t) => {
+}, it = (e, t) => {
   const r = e?.cookie;
   if (typeof r != "string")
     return;
   const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
   if (a)
     return a[1];
-}, mt = ({ headers: e, clientId: t }) => ot(e, t) || "";
+}, St = ({ headers: e, clientId: t }) => it(e, t) || "";
 export {
-  dt as API_TYPE,
-  it as AUTH_TYPES,
-  ae as BODY,
-  st as HEADERS,
+  ut as API_TYPE,
+  st as AUTH_TYPES,
+  oe as BODY,
+  ct as HEADERS,
   y as JWT,
-  oe as JWT_PUBLIC_KEY,
-  ct as TOKEN_EXPIRATION,
-  ut as decodeToken,
-  re as generateCodeChallenge,
-  mt as getSession,
-  pt as getToken,
-  ht as isGranted,
-  yt as isGrantedSync,
-  ft as pkceChallengePair,
-  qe as verifyAndExtractToken,
-  lt as verifyChallenge
+  ie as JWT_PUBLIC_KEY,
+  dt as TOKEN_EXPIRATION,
+  ft as decodeToken,
+  ne as generateCodeChallenge,
+  St as getSession,
+  ht as getToken,
+  yt as isGranted,
+  mt as isGrantedSync,
+  lt as pkceChallengePair,
+  ze as verifyAndExtractToken,
+  pt as verifyChallenge
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "4.6.0",
+	"version": "4.6.1",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -34,8 +34,8 @@
 		"test:coverage": "vitest run --coverage"
 	},
 	"dependencies": {
-		"jose": "6.1.0",
+		"jose": "6.1.2",
 		"uuid": "11.1.0"
 	},
-	"gitHead": "08365bc6d187fe1379f4f86fb6ec730cc9129ddf"
+	"gitHead": "f9cc50d9cfb4b7ac832410455a02bb7c65cf82a3"
 }