@versini/auth-common 4.6.1 → 4.6.2

package/dist/index.d.ts

@@ -46,35 +46,6 @@ declare const API_TYPE: {
     GOOGLE: string;
 };
 
-declare const verifyAndExtractToken: (token: string) => Promise<jose.JWTVerifyResult<jose.JWTPayload> | undefined>;
-declare const decodeToken: (token: string) => jose.JWTPayload | undefined;
-
-/**
- * Generate a PKCE code challenge from a code verifier.
- *
- * @param code_verifier
- * @returns The base64 url encoded code challenge.
- */
-declare function generateCodeChallenge(code_verifier: string): Promise<string>;
-/**
- * Generate a PKCE challenge pair.
- *
- * @param length Length of the verifier (between 43-128). Defaults to 43.
- * @returns PKCE challenge pair.
- */
-declare function pkceChallengePair(length?: number): Promise<{
-    code_verifier: string;
-    code_challenge: string;
-}>;
-/**
- * Verify that a code_verifier produces the expected code challenge.
- *
- * @param code_verifier
- * @param expectedChallenge The code challenge to verify.
- * @returns True if challenges are equal. False otherwise.
- */
-declare function verifyChallenge(code_verifier: string, expectedChallenge: string): Promise<boolean>;
-
 type BodyLike = Record<string, unknown> & {
     access_token?: string;
 };
@@ -102,6 +73,19 @@ type GetToken = {
 };
 declare const getToken: ({ headers, body, clientId }: GetToken) => string;
 
+/**
+ * Get a Session Id from a request.
+ *
+ * @param headers An object containing the request headers, usually `req.headers`.
+ * @param clientId The client ID to use.
+ *
+ */
+type GetSessionProps = {
+    clientId: string;
+    headers: HeadersLike;
+};
+declare const getSession: ({ headers, clientId }: GetSessionProps) => string;
+
 type ScopesGrants = {
     [key: string]: string[];
 } | string[];
@@ -177,16 +161,32 @@ declare const isGranted: (token: string, scopes: ScopesGrants) => Promise<boolea
 declare const isGrantedSync: (token: string, scopes: ScopesGrants) => boolean;
 
 /**
- * Get a Session Id from a request.
+ * Generate a PKCE code challenge from a code verifier.
  *
- * @param headers An object containing the request headers, usually `req.headers`.
- * @param clientId The client ID to use.
+ * @param code_verifier
+ * @returns The base64 url encoded code challenge.
+ */
+declare function generateCodeChallenge(code_verifier: string): Promise<string>;
+/**
+ * Generate a PKCE challenge pair.
  *
+ * @param length Length of the verifier (between 43-128). Defaults to 43.
+ * @returns PKCE challenge pair.
  */
-type GetSessionProps = {
-    clientId: string;
-    headers: HeadersLike;
-};
-declare const getSession: ({ headers, clientId }: GetSessionProps) => string;
+declare function pkceChallengePair(length?: number): Promise<{
+    code_verifier: string;
+    code_challenge: string;
+}>;
+/**
+ * Verify that a code_verifier produces the expected code challenge.
+ *
+ * @param code_verifier
+ * @param expectedChallenge The code challenge to verify.
+ * @returns True if challenges are equal. False otherwise.
+ */
+declare function verifyChallenge(code_verifier: string, expectedChallenge: string): Promise<boolean>;
+
+declare const verifyAndExtractToken: (token: string) => Promise<jose.JWTVerifyResult<jose.JWTPayload> | undefined>;
+declare const decodeToken: (token: string) => jose.JWTPayload | undefined;
 
 export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, type ScopesGrants, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getSession, getToken, isGranted, isGrantedSync, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js

@@ -1,17 +1,13 @@
-/*!
-  @versini/auth-common v4.6.1
-  © 2025 gizmette.com
-*/
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.6.1",
-    buildTime: "11/29/2025 08:06 PM EST",
+    version: "4.6.2",
+    buildTime: "01/23/2026 08:36 PM EST",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const st = {
+const ct = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
@@ -20,7 +16,7 @@ const st = {
   PASSKEY: "passkey",
   AUTH0: "auth0",
   GOOGLE: "google"
-}, ct = {
+}, dt = {
   CLIENT_ID: "X-Auth-ClientId",
   AUTH_TYPE: "X-Auth-Type"
 }, oe = {
@@ -47,18 +43,45 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, dt = {
+-----END PUBLIC KEY-----`, ut = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, ut = {
+}, ft = {
   CODE: "code",
   LOGOUT: "logout",
   LOGIN: "login",
   REFRESH: "refresh",
   GOOGLE: "google"
-}, N = new TextEncoder(), T = new TextDecoder();
-function se(...e) {
+}, se = (e, t) => {
+  const r = e?.cookie;
+  if (typeof r != "string")
+    return;
+  const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
+  if (a)
+    return a[1];
+}, lt = ({ headers: e, clientId: t }) => se(e, t) || "", ce = /^Bearer (.+)$/i, de = (e) => {
+  if (typeof e?.authorization != "string")
+    return;
+  const t = e.authorization.match(ce);
+  if (t)
+    return t[1];
+}, ue = (e, t) => {
+  const r = e?.cookie;
+  if (typeof r != "string")
+    return;
+  const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
+  if (a)
+    return a[1];
+}, fe = (e) => {
+  const t = e?.[oe.ACCESS_TOKEN];
+  if (typeof t == "string")
+    return t;
+}, pt = ({ headers: e, body: t, clientId: r }) => {
+  const n = de(e), a = ue(e, r);
+  return fe(t) || a || n || "";
+}, N = new TextEncoder(), v = new TextDecoder();
+function le(...e) {
   const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
@@ -83,13 +106,13 @@ function G(e) {
     r[n] = t.charCodeAt(n);
   return r;
 }
-function v(e) {
+function T(e) {
   if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof e == "string" ? e : T.decode(e), {
+    return Uint8Array.fromBase64(typeof e == "string" ? e : v.decode(e), {
       alphabet: "base64url"
     });
   let t = e;
-  t instanceof Uint8Array && (t = T.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/");
+  t instanceof Uint8Array && (t = v.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/");
   try {
     return G(t);
   } catch {
@@ -123,7 +146,7 @@ class M extends A {
     super(t, { cause: { claim: n, reason: a, payload: r } }), this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class ce extends A {
+class pe extends A {
   static code = "ERR_JOSE_ALG_NOT_ALLOWED";
   code = "ERR_JOSE_ALG_NOT_ALLOWED";
 }
@@ -139,7 +162,7 @@ class S extends A {
   static code = "ERR_JWT_INVALID";
   code = "ERR_JWT_INVALID";
 }
-class de extends A {
+class he extends A {
   static code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   constructor(t = "signature verification failed", r) {
@@ -150,7 +173,7 @@ const h = (e, t = "algorithm.name") => new TypeError(`CryptoKey does not support
 function x(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function ue(e) {
+function ye(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -162,11 +185,11 @@ function ue(e) {
       throw new Error("unreachable");
   }
 }
-function fe(e, t) {
+function me(e, t) {
   if (!e.usages.includes(t))
     throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
 }
-function le(e, t, r) {
+function Se(e, t, r) {
   switch (t) {
     case "HS256":
     case "HS384":
@@ -216,7 +239,7 @@ function le(e, t, r) {
     case "ES512": {
       if (!b(e.algorithm, "ECDSA"))
         throw h("ECDSA");
-      const n = ue(t);
+      const n = ye(t);
       if (e.algorithm.namedCurve !== n)
         throw h(n, "algorithm.namedCurve");
       break;
@@ -224,7 +247,7 @@ function le(e, t, r) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  fe(e, r);
+  me(e, r);
 }
 function q(e, t, ...r) {
   if (r = r.filter(Boolean), r.length > 2) {
@@ -233,7 +256,7 @@ function q(e, t, ...r) {
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && t.constructor?.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const pe = (e, ...t) => q("Key must be ", e, ...t), z = (e, t, ...r) => q(`Key for the ${e} algorithm must be `, t, ...r), X = (e) => {
+const Ee = (e, ...t) => q("Key must be ", e, ...t), z = (e, t, ...r) => q(`Key for the ${e} algorithm must be `, t, ...r), X = (e) => {
   if (e?.[Symbol.toStringTag] === "CryptoKey")
     return !0;
   try {
@@ -242,7 +265,7 @@ const pe = (e, ...t) => q("Key must be ", e, ...t), z = (e, t, ...r) => q(`Key f
     return !1;
   }
 }, Q = (e) => e?.[Symbol.toStringTag] === "KeyObject", Z = (e) => X(e) || Q(e);
-function he(...e) {
+function we(...e) {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -261,9 +284,9 @@ function he(...e) {
   }
   return !0;
 }
-const ye = (e) => typeof e == "object" && e !== null;
+const Ae = (e) => typeof e == "object" && e !== null;
 function P(e) {
-  if (!ye(e) || Object.prototype.toString.call(e) !== "[object Object]")
+  if (!Ae(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -272,7 +295,7 @@ function P(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-function me(e, t) {
+function ge(e, t) {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
@@ -286,7 +309,7 @@ const W = (e, t) => {
     if (e[r] !== t[r])
       return !1;
   return !0;
-}, Se = (e) => ({ data: e, pos: 0 }), R = (e) => {
+}, be = (e) => ({ data: e, pos: 0 }), R = (e) => {
   const t = e.data[e.pos++];
   if (t & 128) {
     const r = t & 127;
@@ -302,18 +325,18 @@ const W = (e, t) => {
 }, j = (e, t) => {
   const r = e.data.subarray(e.pos, e.pos + t);
   return e.pos += t, r;
-}, Ee = (e) => {
+}, Ce = (e) => {
   O(e, 6, "Expected algorithm OID");
   const t = R(e);
   return j(e, t);
 };
-function we(e) {
+function Ke(e) {
   O(e, 48, "Invalid SPKI structure"), R(e), O(e, 48, "Expected algorithm identifier");
   const t = R(e);
   return { algIdStart: e.pos, algIdLength: t };
 }
-const Ae = (e) => {
-  const t = Ee(e);
+const ve = (e) => {
+  const t = Ce(e);
   if (W(t, [43, 101, 110]))
     return "X25519";
   if (!W(t, [42, 134, 72, 206, 61, 2, 1]))
@@ -328,7 +351,7 @@ const Ae = (e) => {
     if (W(n, o))
       return a;
   throw new Error("Unsupported named curve");
-}, ge = async (e, t, r, n) => {
+}, Te = async (e, t, r, n) => {
   let a, o;
   const i = () => ["verify"], s = () => ["encrypt", "wrapKey"];
   switch (r) {
@@ -383,15 +406,15 @@ const Ae = (e) => {
       throw new E('Invalid or unsupported "alg" (Algorithm) value');
   }
   return crypto.subtle.importKey(e, t, a, n?.extractable ?? !0, o);
-}, be = (e, t) => G(e.replace(t, "")), Ce = (e, t, r) => {
-  const n = be(e, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
+}, Pe = (e, t) => G(e.replace(t, "")), _e = (e, t, r) => {
+  const n = Pe(e, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
   let a = r;
   return t?.startsWith?.("ECDH-ES") && (a ||= {}, a.getNamedCurve = (o) => {
-    const i = Se(o);
-    return we(i), Ae(i);
-  }), ge("spki", n, t, a);
+    const i = be(o);
+    return Ke(i), ve(i);
+  }), Te("spki", n, t, a);
 };
-function Ke(e) {
+function Ie(e) {
   let t, r;
   switch (e.kty) {
     case "AKP": {
@@ -476,18 +499,18 @@ function Ke(e) {
   }
   return { algorithm: t, keyUsages: r };
 }
-async function Te(e) {
+async function Re(e) {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Ke(e), n = { ...e };
+  const { algorithm: t, keyUsages: r } = Ie(e), n = { ...e };
   return n.kty !== "AKP" && delete n.alg, delete n.use, crypto.subtle.importKey("jwk", n, t, e.ext ?? !(e.d || e.priv), e.key_ops ?? r);
 }
-async function ve(e, t, r) {
+async function Oe(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Ce(e, t, r);
+  return _e(e, t, r);
 }
-function Pe(e, t, r, n, a) {
+function De(e, t, r, n, a) {
   if (a.crit !== void 0 && n?.crit === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
@@ -506,22 +529,22 @@ function Pe(e, t, r, n, a) {
   }
   return new Set(n.crit);
 }
-function _e(e, t) {
+function xe(e, t) {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 }
-const L = (e) => P(e) && typeof e.kty == "string", Ie = (e) => e.kty !== "oct" && (e.kty === "AKP" && typeof e.priv == "string" || typeof e.d == "string"), Re = (e) => e.kty !== "oct" && e.d === void 0 && e.priv === void 0, Oe = (e) => e.kty === "oct" && typeof e.k == "string";
+const L = (e) => P(e) && typeof e.kty == "string", We = (e) => e.kty !== "oct" && (e.kty === "AKP" && typeof e.priv == "string" || typeof e.d == "string"), He = (e) => e.kty !== "oct" && e.d === void 0 && e.priv === void 0, Je = (e) => e.kty === "oct" && typeof e.k == "string";
 let K;
 const $ = async (e, t, r, n = !1) => {
   K ||= /* @__PURE__ */ new WeakMap();
   let a = K.get(e);
   if (a?.[r])
     return a[r];
-  const o = await Te({ ...t, alg: r });
+  const o = await Re({ ...t, alg: r });
   return n && Object.freeze(e), a ? a[r] = o : K.set(e, { [r]: o }), o;
-}, De = (e, t) => {
+}, Le = (e, t) => {
   K ||= /* @__PURE__ */ new WeakMap();
   let r = K.get(e);
   if (r?.[t])
@@ -618,7 +641,7 @@ const $ = async (e, t, r, n = !1) => {
     throw new TypeError("given KeyObject instance cannot be used for this algorithm");
   return r ? r[t] = o : K.set(e, { [t]: o }), o;
 };
-async function xe(e, t) {
+async function Ue(e, t) {
   if (e instanceof Uint8Array || X(e))
     return e;
   if (Q(e)) {
@@ -626,7 +649,7 @@ async function xe(e, t) {
       return e.export();
     if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
       try {
-        return De(e, t);
+        return Le(e, t);
       } catch (n) {
         if (n instanceof TypeError)
           throw n;
@@ -635,7 +658,7 @@ async function xe(e, t) {
     return $(e, r, t);
   }
   if (L(e))
-    return e.k ? v(e.k) : $(e, e, t, !0);
+    return e.k ? T(e.k) : $(e, e, t, !0);
   throw new Error("unreachable");
 }
 const C = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
@@ -681,10 +704,10 @@ const C = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
       throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`);
   }
   return !0;
-}, We = (e, t, r) => {
+}, Ne = (e, t, r) => {
   if (!(t instanceof Uint8Array)) {
     if (L(t)) {
-      if (Oe(t) && J(e, t, r))
+      if (Je(t) && J(e, t, r))
         return;
       throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
     }
@@ -693,19 +716,19 @@ const C = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
     if (t.type !== "secret")
       throw new TypeError(`${C(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, He = (e, t, r) => {
+}, Me = (e, t, r) => {
   if (L(t))
     switch (r) {
       case "decrypt":
       case "sign":
-        if (Ie(t) && J(e, t, r))
+        if (We(t) && J(e, t, r))
           return;
-        throw new TypeError("JSON Web Key for this operation be a private JWK");
+        throw new TypeError("JSON Web Key for this operation must be a private JWK");
       case "encrypt":
       case "verify":
-        if (Re(t) && J(e, t, r))
+        if (He(t) && J(e, t, r))
           return;
-        throw new TypeError("JSON Web Key for this operation be a public JWK");
+        throw new TypeError("JSON Web Key for this operation must be a public JWK");
     }
   if (!Z(t))
     throw new TypeError(z(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
@@ -726,20 +749,20 @@ const C = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
         throw new TypeError(`${C(t)} instances for asymmetric algorithm encryption must be of type "public"`);
     }
 };
-function Je(e, t, r) {
+function $e(e, t, r) {
   switch (e.substring(0, 2)) {
     case "A1":
     case "A2":
     case "di":
     case "HS":
     case "PB":
-      We(e, t, r);
+      Ne(e, t, r);
       break;
     default:
-      He(e, t, r);
+      Me(e, t, r);
   }
 }
-function Le(e, t) {
+function ke(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -769,25 +792,25 @@ function Le(e, t) {
       throw new E(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function Ue(e, t, r) {
+async function Be(e, t, r) {
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(pe(t, "CryptoKey", "KeyObject", "JSON Web Key"));
+      throw new TypeError(Ee(t, "CryptoKey", "KeyObject", "JSON Web Key"));
     return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  return le(t, e, r), t;
+  return Se(t, e, r), t;
 }
-async function Ne(e, t, r, n) {
-  const a = await Ue(e, t, "verify");
-  me(e, a);
-  const o = Le(e, a.algorithm);
+async function Ye(e, t, r, n) {
+  const a = await Be(e, t, "verify");
+  ge(e, a);
+  const o = ke(e, a.algorithm);
   try {
     return await crypto.subtle.verify(o, a, r, n);
   } catch {
     return !1;
   }
 }
-async function Me(e, t, r) {
+async function Fe(e, t, r) {
   if (!P(e))
     throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
@@ -803,47 +826,47 @@ async function Me(e, t, r) {
   let n = {};
   if (e.protected)
     try {
-      const ae = v(e.protected);
-      n = JSON.parse(T.decode(ae));
+      const ae = T(e.protected);
+      n = JSON.parse(v.decode(ae));
     } catch {
       throw new d("JWS Protected Header is invalid");
     }
-  if (!he(n, e.header))
+  if (!we(n, e.header))
     throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, o = Pe(d, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
+  }, o = De(d, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
   let i = !0;
   if (o.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: s } = a;
   if (typeof s != "string" || !s)
     throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const u = r && _e("algorithms", r.algorithms);
+  const u = r && xe("algorithms", r.algorithms);
   if (u && !u.has(s))
-    throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new pe('"alg" (Algorithm) Header Parameter value not allowed');
   if (i) {
     if (typeof e.payload != "string")
       throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new d("JWS Payload must be a string or an Uint8Array instance");
   let m = !1;
-  typeof t == "function" && (t = await t(n, e), m = !0), Je(s, t, "verify");
-  const w = se(e.protected !== void 0 ? D(e.protected) : new Uint8Array(), D("."), typeof e.payload == "string" ? i ? D(e.payload) : N.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(n, e), m = !0), $e(s, t, "verify");
+  const w = le(e.protected !== void 0 ? D(e.protected) : new Uint8Array(), D("."), typeof e.payload == "string" ? i ? D(e.payload) : N.encode(e.payload) : e.payload);
   let l;
   try {
-    l = v(e.signature);
+    l = T(e.signature);
   } catch {
     throw new d("Failed to base64url decode the signature");
   }
-  const _ = await xe(t, s);
-  if (!await Ne(s, _, l, w))
-    throw new de();
+  const _ = await Ue(t, s);
+  if (!await Ye(s, _, l, w))
+    throw new he();
   let f;
   if (i)
     try {
-      f = v(e.payload);
+      f = T(e.payload);
     } catch {
       throw new d("Failed to base64url decode the payload");
     }
@@ -851,18 +874,18 @@ async function Me(e, t, r) {
   const g = { payload: f };
   return e.protected !== void 0 && (g.protectedHeader = n), e.header !== void 0 && (g.unprotectedHeader = e.header), m ? { ...g, key: _ } : g;
 }
-async function $e(e, t, r) {
-  if (e instanceof Uint8Array && (e = T.decode(e)), typeof e != "string")
+async function Ve(e, t, r) {
+  if (e instanceof Uint8Array && (e = v.decode(e)), typeof e != "string")
     throw new d("Compact JWS must be a string or Uint8Array");
   const { 0: n, 1: a, 2: o, length: i } = e.split(".");
   if (i !== 3)
     throw new d("Invalid Compact JWS");
-  const s = await Me({ payload: a, protected: n, signature: o }, t, r), u = { payload: s.payload, protectedHeader: s.protectedHeader };
+  const s = await Fe({ payload: a, protected: n, signature: o }, t, r), u = { payload: s.payload, protectedHeader: s.protectedHeader };
   return typeof t == "function" ? { ...u, key: s.key } : u;
 }
-const ke = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, U = te * 24, Be = U * 7, Ye = U * 365.25, Fe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+const Ge = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, U = te * 24, qe = U * 7, ze = U * 365.25, Xe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
 function k(e) {
-  const t = Fe.exec(e);
+  const t = Xe.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
@@ -897,19 +920,19 @@ function k(e) {
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * Be);
+      a = Math.round(r * qe);
       break;
     default:
-      a = Math.round(r * Ye);
+      a = Math.round(r * ze);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
 }
-const B = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, Ve = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
-function Ge(e, t, r = {}) {
+const B = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, Qe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
+function Ze(e, t, r = {}) {
   let n;
   try {
-    n = JSON.parse(T.decode(t));
+    n = JSON.parse(v.decode(t));
   } catch {
   }
   if (!P(n))
@@ -926,7 +949,7 @@ function Ge(e, t, r = {}) {
     throw new p('unexpected "iss" claim value', n, "iss", "check_failed");
   if (s && n.sub !== s)
     throw new p('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (u && !Ve(n.aud, typeof u == "string" ? [u] : u))
+  if (u && !Qe(n.aud, typeof u == "string" ? [u] : u))
     throw new p('unexpected "aud" claim value', n, "aud", "check_failed");
   let l;
   switch (typeof r.clockTolerance) {
@@ -942,7 +965,7 @@ function Ge(e, t, r = {}) {
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: _ } = r, I = ke(_ || /* @__PURE__ */ new Date());
+  const { currentDate: _ } = r, I = Ge(_ || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || m) && typeof n.iat != "number")
     throw new p('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -966,11 +989,11 @@ function Ge(e, t, r = {}) {
   }
   return n;
 }
-async function qe(e, t, r) {
-  const n = await $e(e, t, r);
+async function je(e, t, r) {
+  const n = await Ve(e, t, r);
   if (n.protectedHeader.crit?.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
-  const o = { payload: Ge(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  const o = { payload: Ze(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...o, key: n.key } : o;
 }
 function re(e) {
@@ -985,13 +1008,13 @@ function re(e) {
     throw new S("JWTs must contain a payload");
   let n;
   try {
-    n = v(t);
+    n = T(t);
   } catch {
     throw new S("Failed to base64url decode the payload");
   }
   let a;
   try {
-    a = JSON.parse(T.decode(n));
+    a = JSON.parse(v.decode(n));
   } catch {
     throw new S("Failed to parse the decoded payload as JSON");
   }
@@ -999,48 +1022,81 @@ function re(e) {
     throw new S("Invalid JWT Claims Set");
   return a;
 }
-const ze = async (e) => {
+const et = async (e) => {
   try {
-    const t = y.ALG, n = await ve(ie, t);
-    return await qe(e, n, {
+    const t = y.ALG, n = await Oe(ie, t);
+    return await je(e, n, {
       issuer: y.ISSUER
     });
   } catch {
     return;
   }
-}, ft = (e) => {
+}, ht = (e) => {
   try {
     return re(e);
   } catch {
     return;
   }
+}, yt = async (e, t) => {
+  const r = await et(e);
+  if (!r || !r.payload)
+    return !1;
+  let n = [];
+  if (Array.isArray(r.payload[y.SCOPES_KEY]))
+    n = r.payload[y.SCOPES_KEY];
+  else if (typeof r.payload[y.SCOPE_KEY] == "string")
+    n = r.payload[y.SCOPE_KEY].split(" ").filter((o) => o.trim() !== "");
+  else
+    return !1;
+  return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
+    (a) => t[a].every((o) => n.includes(o))
+  );
+}, mt = (e, t) => {
+  try {
+    const r = re(e);
+    if (!r)
+      return !1;
+    let n = [];
+    if (Array.isArray(r[y.SCOPES_KEY]))
+      n = r[y.SCOPES_KEY];
+    else if (typeof r[y.SCOPE_KEY] == "string")
+      n = r[y.SCOPE_KEY].split(" ").filter((o) => o.trim() !== "");
+    else
+      return !1;
+    return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
+      (a) => t[a].every((o) => n.includes(o))
+    );
+  } catch {
+    return !1;
+  }
 }, c = [];
 for (let e = 0; e < 256; ++e)
   c.push((e + 256).toString(16).slice(1));
-function Xe(e, t = 0) {
+function tt(e, t = 0) {
   return (c[e[t + 0]] + c[e[t + 1]] + c[e[t + 2]] + c[e[t + 3]] + "-" + c[e[t + 4]] + c[e[t + 5]] + "-" + c[e[t + 6]] + c[e[t + 7]] + "-" + c[e[t + 8]] + c[e[t + 9]] + "-" + c[e[t + 10]] + c[e[t + 11]] + c[e[t + 12]] + c[e[t + 13]] + c[e[t + 14]] + c[e[t + 15]]).toLowerCase();
 }
 let H;
-const Qe = new Uint8Array(16);
-function Ze() {
+const rt = new Uint8Array(16);
+function nt() {
   if (!H) {
     if (typeof crypto > "u" || !crypto.getRandomValues)
       throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
     H = crypto.getRandomValues.bind(crypto);
   }
-  return H(Qe);
+  return H(rt);
 }
-const je = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), Y = { randomUUID: je };
-function F(e, t, r) {
-  if (Y.randomUUID && !e)
-    return Y.randomUUID();
+const at = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), Y = { randomUUID: at };
+function ot(e, t, r) {
   e = e || {};
-  const n = e.random ?? e.rng?.() ?? Ze();
+  const n = e.random ?? e.rng?.() ?? nt();
   if (n.length < 16)
     throw new Error("Random bytes length must be >= 16");
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Xe(n);
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, tt(n);
+}
+function F(e, t, r) {
+  return Y.randomUUID && !e ? Y.randomUUID() : ot(e);
 }
-const V = globalThis.crypto, et = (e) => `${F()}${F()}`.slice(0, e), tt = (e) => btoa(
+const V = globalThis.crypto, it = (e) => `${F()}${F()}`.slice(0, e), st = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
 async function ne(e) {
@@ -1049,96 +1105,36 @@ async function ne(e) {
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
   const t = new TextEncoder().encode(e), r = await V.subtle.digest("SHA-256", t);
-  return tt(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return st(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function lt(e) {
+async function St(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = et(t), n = await ne(r);
+  const r = it(t), n = await ne(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-async function pt(e, t) {
+async function Et(e, t) {
   return t === await ne(e);
 }
-const rt = /^Bearer (.+)$/i, nt = (e) => {
-  if (typeof e?.authorization != "string")
-    return;
-  const t = e.authorization.match(rt);
-  if (t)
-    return t[1];
-}, at = (e, t) => {
-  const r = e?.cookie;
-  if (typeof r != "string")
-    return;
-  const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
-  if (a)
-    return a[1];
-}, ot = (e) => {
-  const t = e?.[oe.ACCESS_TOKEN];
-  if (typeof t == "string")
-    return t;
-}, ht = ({ headers: e, body: t, clientId: r }) => {
-  const n = nt(e), a = at(e, r);
-  return ot(t) || a || n || "";
-}, yt = async (e, t) => {
-  const r = await ze(e);
-  if (!r || !r.payload)
-    return !1;
-  let n = [];
-  if (Array.isArray(r.payload[y.SCOPES_KEY]))
-    n = r.payload[y.SCOPES_KEY];
-  else if (typeof r.payload[y.SCOPE_KEY] == "string")
-    n = r.payload[y.SCOPE_KEY].split(" ").filter((o) => o.trim() !== "");
-  else
-    return !1;
-  return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
-    (a) => t[a].every((o) => n.includes(o))
-  );
-}, mt = (e, t) => {
-  try {
-    const r = re(e);
-    if (!r)
-      return !1;
-    let n = [];
-    if (Array.isArray(r[y.SCOPES_KEY]))
-      n = r[y.SCOPES_KEY];
-    else if (typeof r[y.SCOPE_KEY] == "string")
-      n = r[y.SCOPE_KEY].split(" ").filter((o) => o.trim() !== "");
-    else
-      return !1;
-    return Array.isArray(t) ? t.every((a) => n.includes(a)) : Object.keys(t).some(
-      (a) => t[a].every((o) => n.includes(o))
-    );
-  } catch {
-    return !1;
-  }
-}, it = (e, t) => {
-  const r = e?.cookie;
-  if (typeof r != "string")
-    return;
-  const n = new RegExp(`auth.${t}.session=(.+?)(?:;|$)`), a = r.match(n);
-  if (a)
-    return a[1];
-}, St = ({ headers: e, clientId: t }) => it(e, t) || "";
 export {
-  ut as API_TYPE,
-  st as AUTH_TYPES,
+  ft as API_TYPE,
+  ct as AUTH_TYPES,
   oe as BODY,
-  ct as HEADERS,
+  dt as HEADERS,
   y as JWT,
   ie as JWT_PUBLIC_KEY,
-  dt as TOKEN_EXPIRATION,
-  ft as decodeToken,
+  ut as TOKEN_EXPIRATION,
+  ht as decodeToken,
   ne as generateCodeChallenge,
-  St as getSession,
-  ht as getToken,
+  lt as getSession,
+  pt as getToken,
   yt as isGranted,
   mt as isGrantedSync,
-  lt as pkceChallengePair,
-  ze as verifyAndExtractToken,
-  pt as verifyChallenge
+  St as pkceChallengePair,
+  et as verifyAndExtractToken,
+  Et as verifyChallenge
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "4.6.1",
+	"version": "4.6.2",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -34,8 +34,8 @@
 		"test:coverage": "vitest run --coverage"
 	},
 	"dependencies": {
-		"jose": "6.1.2",
-		"uuid": "11.1.0"
+		"jose": "6.1.3",
+		"uuid": "13.0.0"
 	},
-	"gitHead": "f9cc50d9cfb4b7ac832410455a02bb7c65cf82a3"
+	"gitHead": "78e93181feacb67a6de1628448ae7a22fddfdf34"
 }