npm - @versini/auth-provider - Versions diffs - 2.0.1 → 2.1.0 - Mend

@versini/auth-provider 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -8,17 +8,21 @@ type AuthProviderProps = {
 	accessType?: string;
 };
-type AuthContextProps = {
-	login: (username: string, password: string) => Promise<boolean>;
-	logout: () => void;
+type AuthState = {
 	isAuthenticated: boolean;
+	idToken?: string;
 	accessToken?: string;
 	refreshToken?: string;
-	idToken?: string;
 	logoutReason?: string;
+	userId?: string;
 };
-declare const AuthProvider: ({ children, sessionExpiration, clientId, accessType, }: AuthProviderProps) => react_jsx_runtime.JSX.Element;
+type AuthContextProps = {
+	login: (username: string, password: string) => Promise<boolean>;
+	logout: () => void;
+} & AuthState;
+declare const AuthProvider: ({ children, sessionExpiration, clientId, }: AuthProviderProps) => react_jsx_runtime.JSX.Element;
 declare const useAuth: (context?: react.Context<AuthContextProps>) => AuthContextProps;

package/dist/index.js CHANGED Viewed

@@ -1,257 +1,820 @@
-import { jsx as P } from "react/jsx-runtime";
-import { useCallback as p, useState as U, useEffect as w, useRef as _, useLayoutEffect as z, createContext as M, useContext as F } from "react";
+import { jsx as ne } from "react/jsx-runtime";
+import * as A from "react";
+import { useRef as oe, useEffect as G, createContext as ae, useState as se, useContext as ie } from "react";
 /*!
-  @versini/auth-provider v2.0.1
+  @versini/auth-provider v2.1.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "2.0.1",
-    buildTime: "06/18/2024 11:21 AM EDT",
+    version: "2.1.0",
+    buildTime: "06/24/2024 02:46 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.0.0
+  @versini/auth-common v2.1.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.0.0",
-    buildTime: "06/18/2024 11:21 AM EDT",
+    version: "2.1.0",
+    buildTime: "06/24/2024 02:46 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const H = {
+const ce = {
   ID_TOKEN: "id_token"
-}, j = {
+}, ue = {
   CLIENT_ID: "X-Auth-ClientId"
+}, b = {
+  ALG: "RS256",
+  USER_ID_KEY: "_id",
+  ISSUER: "gizmette.com"
 };
-var D = typeof window < "u" ? z : w;
-function A(e, t, n, r) {
-  const c = _(t);
-  D(() => {
-    c.current = t;
-  }, [t]), w(() => {
-    const l = window;
-    if (!(l && l.addEventListener))
-      return;
-    const u = (h) => {
-      c.current(h);
-    };
-    return l.addEventListener(e, u, r), () => {
-      l.removeEventListener(e, u, r);
-    };
-  }, [e, n, r]);
+function Y(e, t) {
+  window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-function N(e) {
-  const t = _(() => {
-    throw new Error("Cannot call an event handler while rendering.");
-  });
-  return D(() => {
-    t.current = e;
-  }, [e]), p((...n) => {
-    var r;
-    return (r = t.current) == null ? void 0 : r.call(t, ...n);
-  }, [t]);
-}
-var I = typeof window > "u";
-function E(e, t, n = {}) {
-  const { initializeWithValue: r = !0 } = n, c = p(
-    (o) => n.serializer ? n.serializer(o) : JSON.stringify(o),
-    [n]
-  ), l = p(
-    (o) => {
-      if (n.deserializer)
-        return n.deserializer(o);
-      if (o === "undefined")
-        return;
-      const a = t instanceof Function ? t() : t;
-      let T;
+const D = (e, t) => {
+  const n = JSON.stringify(
+    typeof t == "function" ? t() : t
+  );
+  window.localStorage.setItem(e, n), Y(e, n);
+}, de = (e) => {
+  window.localStorage.removeItem(e), Y(e, null);
+}, K = (e) => window.localStorage.getItem(e), le = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function fe({
+  key: e,
+  initialValue: t
+}) {
+  const n = () => K(e), r = A.useSyncExternalStore(
+    le,
+    n
+  ), o = A.useCallback(
+    (i) => {
       try {
-        T = JSON.parse(o);
-      } catch (v) {
-        return console.error("Error parsing JSON:", v), a;
+        const c = typeof i == "function" ? i(JSON.parse(r)) : i;
+        c == null ? de(e) : D(e, c);
+      } catch (c) {
+        console.warn(c);
       }
-      return T;
     },
-    [n, t]
-  ), u = p(() => {
-    const o = t instanceof Function ? t() : t;
-    if (I)
-      return o;
-    try {
-      const a = window.localStorage.getItem(e);
-      return a ? l(a) : o;
-    } catch (a) {
-      return console.warn(`Error reading localStorage key “${e}”:`, a), o;
-    }
-  }, [t, e, l]), [h, g] = U(() => r ? u() : t instanceof Function ? t() : t), k = N((o) => {
-    I && console.warn(
-      `Tried setting localStorage key “${e}” even though environment is not a client`
-    );
+    [e, r]
+  ), s = A.useCallback(() => {
+    o(t);
+  }, [t, o]), a = A.useCallback(() => {
+    o(null);
+  }, [o]);
+  return A.useEffect(() => {
     try {
-      const a = o instanceof Function ? o(u()) : o;
-      window.localStorage.setItem(e, c(a)), g(a), window.dispatchEvent(new StorageEvent("local-storage", { key: e }));
-    } catch (a) {
-      console.warn(`Error setting localStorage key “${e}”:`, a);
+      K(e) === null && typeof t < "u" && D(e, t);
+    } catch (i) {
+      console.warn(i);
     }
-  }), i = N(() => {
-    I && console.warn(
-      `Tried removing localStorage key “${e}” even though environment is not a client`
-    );
-    const o = t instanceof Function ? t() : t;
-    window.localStorage.removeItem(e), g(o), window.dispatchEvent(new StorageEvent("local-storage", { key: e }));
-  });
-  w(() => {
-    g(u());
-  }, [e]);
-  const y = p(
-    (o) => {
-      o.key && o.key !== e || g(u());
-    },
-    [e, u]
-  );
-  return A("storage", y), A("local-storage", y), [h, k, i];
+  }, [e, t]), [r ? JSON.parse(r) : null, o, s, a];
 }
-const J = "Oops! It looks like your session has expired. For your security, please log in again to continue.", X = "You forgot to wrap your component in <AuthProvider>.", R = {
+const he = "Oops! It looks like your session has expired. For your security, please log in again to continue.", pe = "Your session has been successfully terminated.", me = "You forgot to wrap your component in <AuthProvider>.", L = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com"
+}, ye = "@@auth@@", Se = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
+w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
+i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
+aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
+l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
+sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
+awIDAQAB
+-----END PUBLIC KEY-----`, J = crypto, q = (e) => e instanceof CryptoKey, _ = new TextEncoder(), R = new TextDecoder();
+function we(...e) {
+  const t = e.reduce((o, { length: s }) => o + s, 0), n = new Uint8Array(t);
+  let r = 0;
+  for (const o of e)
+    n.set(o, r), r += o.length;
+  return n;
+}
+const Ee = (e) => {
+  const t = atob(e), n = new Uint8Array(t.length);
+  for (let r = 0; r < t.length; r++)
+    n[r] = t.charCodeAt(r);
+  return n;
+}, x = (e) => {
+  let t = e;
+  t instanceof Uint8Array && (t = R.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  try {
+    return Ee(t);
+  } catch {
+    throw new TypeError("The input to be decoded is not correctly encoded.");
+  }
+};
+class g extends Error {
+  static get code() {
+    return "ERR_JOSE_GENERIC";
+  }
+  constructor(t) {
+    var n;
+    super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
+  }
+}
+class m extends g {
+  static get code() {
+    return "ERR_JWT_CLAIM_VALIDATION_FAILED";
+  }
+  constructor(t, n, r = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = o, this.payload = n;
+  }
+}
+class W extends g {
+  static get code() {
+    return "ERR_JWT_EXPIRED";
+  }
+  constructor(t, n, r = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = o, this.payload = n;
+  }
+}
+class ge extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
+  }
+  static get code() {
+    return "ERR_JOSE_ALG_NOT_ALLOWED";
+  }
+}
+class C extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
+  }
+  static get code() {
+    return "ERR_JOSE_NOT_SUPPORTED";
+  }
+}
+class l extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JWS_INVALID";
+  }
+  static get code() {
+    return "ERR_JWS_INVALID";
+  }
+}
+class z extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JWT_INVALID";
+  }
+  static get code() {
+    return "ERR_JWT_INVALID";
+  }
+}
+class be extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
+  }
+  static get code() {
+    return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
+  }
+}
+function S(e, t = "algorithm.name") {
+  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
+}
+function T(e, t) {
+  return e.name === t;
+}
+function O(e) {
+  return parseInt(e.name.slice(4), 10);
+}
+function Ae(e) {
+  switch (e) {
+    case "ES256":
+      return "P-256";
+    case "ES384":
+      return "P-384";
+    case "ES512":
+      return "P-521";
+    default:
+      throw new Error("unreachable");
+  }
+}
+function Ie(e, t) {
+  if (t.length && !t.some((n) => e.usages.includes(n))) {
+    let n = "CryptoKey does not support this operation, its usages must include ";
+    if (t.length > 2) {
+      const r = t.pop();
+      n += `one of ${t.join(", ")}, or ${r}.`;
+    } else
+      t.length === 2 ? n += `one of ${t[0]} or ${t[1]}.` : n += `${t[0]}.`;
+    throw new TypeError(n);
+  }
+}
+function _e(e, t, ...n) {
+  switch (t) {
+    case "HS256":
+    case "HS384":
+    case "HS512": {
+      if (!T(e.algorithm, "HMAC"))
+        throw S("HMAC");
+      const r = parseInt(t.slice(2), 10);
+      if (O(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
+      break;
+    }
+    case "RS256":
+    case "RS384":
+    case "RS512": {
+      if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw S("RSASSA-PKCS1-v1_5");
+      const r = parseInt(t.slice(2), 10);
+      if (O(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
+      break;
+    }
+    case "PS256":
+    case "PS384":
+    case "PS512": {
+      if (!T(e.algorithm, "RSA-PSS"))
+        throw S("RSA-PSS");
+      const r = parseInt(t.slice(2), 10);
+      if (O(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
+      break;
+    }
+    case "EdDSA": {
+      if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
+        throw S("Ed25519 or Ed448");
+      break;
+    }
+    case "ES256":
+    case "ES384":
+    case "ES512": {
+      if (!T(e.algorithm, "ECDSA"))
+        throw S("ECDSA");
+      const r = Ae(t);
+      if (e.algorithm.namedCurve !== r)
+        throw S(r, "algorithm.namedCurve");
+      break;
+    }
+    default:
+      throw new TypeError("CryptoKey does not support this operation");
+  }
+  Ie(e, n);
+}
+function X(e, t, ...n) {
+  var r;
+  if (n.length > 2) {
+    const o = n.pop();
+    e += `one of type ${n.join(", ")}, or ${o}.`;
+  } else
+    n.length === 2 ? e += `one of type ${n[0]} or ${n[1]}.` : e += `of type ${n[0]}.`;
+  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
+}
+const H = (e, ...t) => X("Key must be ", e, ...t);
+function j(e, t, ...n) {
+  return X(`Key for the ${e} algorithm must be `, t, ...n);
+}
+const Q = (e) => q(e), E = ["CryptoKey"], Te = (...e) => {
+  const t = e.filter(Boolean);
+  if (t.length === 0 || t.length === 1)
+    return !0;
+  let n;
+  for (const r of t) {
+    const o = Object.keys(r);
+    if (!n || n.size === 0) {
+      n = new Set(o);
+      continue;
+    }
+    for (const s of o) {
+      if (n.has(s))
+        return !1;
+      n.add(s);
+    }
+  }
+  return !0;
 };
-var s = [];
-for (var f = 0; f < 256; ++f)
-  s.push((f + 256).toString(16).slice(1));
-function K(e, t = 0) {
-  return (s[e[t + 0]] + s[e[t + 1]] + s[e[t + 2]] + s[e[t + 3]] + "-" + s[e[t + 4]] + s[e[t + 5]] + "-" + s[e[t + 6]] + s[e[t + 7]] + "-" + s[e[t + 8]] + s[e[t + 9]] + "-" + s[e[t + 10]] + s[e[t + 11]] + s[e[t + 12]] + s[e[t + 13]] + s[e[t + 14]] + s[e[t + 15]]).toLowerCase();
-}
-var m, W = new Uint8Array(16);
-function Y() {
-  if (!m && (m = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !m))
+function ve(e) {
+  return typeof e == "object" && e !== null;
+}
+function U(e) {
+  if (!ve(e) || Object.prototype.toString.call(e) !== "[object Object]")
+    return !1;
+  if (Object.getPrototypeOf(e) === null)
+    return !0;
+  let t = e;
+  for (; Object.getPrototypeOf(t) !== null; )
+    t = Object.getPrototypeOf(t);
+  return Object.getPrototypeOf(e) === t;
+}
+const Re = (e, t) => {
+  if (e.startsWith("RS") || e.startsWith("PS")) {
+    const { modulusLength: n } = t.algorithm;
+    if (typeof n != "number" || n < 2048)
+      throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
+  }
+}, w = (e, t, n = 0) => {
+  n === 0 && (t.unshift(t.length), t.unshift(6));
+  const r = e.indexOf(t[0], n);
+  if (r === -1)
+    return !1;
+  const o = e.subarray(r, r + t.length);
+  return o.length !== t.length ? !1 : o.every((s, a) => s === t[a]) || w(e, t, r + 1);
+}, $ = (e) => {
+  switch (!0) {
+    case w(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+      return "P-256";
+    case w(e, [43, 129, 4, 0, 34]):
+      return "P-384";
+    case w(e, [43, 129, 4, 0, 35]):
+      return "P-521";
+    case w(e, [43, 101, 110]):
+      return "X25519";
+    case w(e, [43, 101, 111]):
+      return "X448";
+    case w(e, [43, 101, 112]):
+      return "Ed25519";
+    case w(e, [43, 101, 113]):
+      return "Ed448";
+    default:
+      throw new C("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+  }
+}, Ce = async (e, t, n, r, o) => {
+  let s, a;
+  const i = new Uint8Array(atob(n.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
+  switch (r) {
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      s = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
+      break;
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
+      break;
+    case "RSA-OAEP":
+    case "RSA-OAEP-256":
+    case "RSA-OAEP-384":
+    case "RSA-OAEP-512":
+      s = {
+        name: "RSA-OAEP",
+        hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
+      }, a = ["encrypt", "wrapKey"];
+      break;
+    case "ES256":
+      s = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
+      break;
+    case "ES384":
+      s = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
+      break;
+    case "ES512":
+      s = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
+      break;
+    case "ECDH-ES":
+    case "ECDH-ES+A128KW":
+    case "ECDH-ES+A192KW":
+    case "ECDH-ES+A256KW": {
+      const c = $(i);
+      s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, a = [];
+      break;
+    }
+    case "EdDSA":
+      s = { name: $(i) }, a = ["verify"];
+      break;
+    default:
+      throw new C('Invalid or unsupported "alg" (Algorithm) value');
+  }
+  return J.subtle.importKey(t, i, s, !1, a);
+}, Pe = (e, t, n) => Ce(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function xe(e, t, n) {
+  if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
+    throw new TypeError('"spki" must be SPKI formatted string');
+  return Pe(e, t);
+}
+const Oe = (e, t) => {
+  if (!(t instanceof Uint8Array)) {
+    if (!Q(t))
+      throw new TypeError(j(e, t, ...E, "Uint8Array"));
+    if (t.type !== "secret")
+      throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
+  }
+}, Ne = (e, t, n) => {
+  if (!Q(t))
+    throw new TypeError(j(e, t, ...E));
+  if (t.type === "secret")
+    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
+  if (t.algorithm && n === "verify" && t.type === "private")
+    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
+  if (t.algorithm && n === "encrypt" && t.type === "private")
+    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
+}, Ue = (e, t, n) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Oe(e, t) : Ne(e, t, n);
+};
+function Je(e, t, n, r, o) {
+  if (o.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
+    throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
+  if (!r || r.crit === void 0)
+    return /* @__PURE__ */ new Set();
+  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
+    throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
+  let s;
+  n !== void 0 ? s = new Map([...Object.entries(n), ...t.entries()]) : s = t;
+  for (const a of r.crit) {
+    if (!s.has(a))
+      throw new C(`Extension Header Parameter "${a}" is not recognized`);
+    if (o[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" is missing`);
+    if (s.get(a) && r[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
+  }
+  return new Set(r.crit);
+}
+const ke = (e, t) => {
+  if (t !== void 0 && (!Array.isArray(t) || t.some((n) => typeof n != "string")))
+    throw new TypeError(`"${e}" option must be an array of strings`);
+  if (t)
+    return new Set(t);
+};
+function De(e, t) {
+  const n = `SHA-${e.slice(-3)}`;
+  switch (e) {
+    case "HS256":
+    case "HS384":
+    case "HS512":
+      return { hash: n, name: "HMAC" };
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      return { hash: n, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      return { hash: n, name: "RSASSA-PKCS1-v1_5" };
+    case "ES256":
+    case "ES384":
+    case "ES512":
+      return { hash: n, name: "ECDSA", namedCurve: t.namedCurve };
+    case "EdDSA":
+      return { name: t.name };
+    default:
+      throw new C(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+  }
+}
+function Ke(e, t, n) {
+  if (q(t))
+    return _e(t, e, n), t;
+  if (t instanceof Uint8Array) {
+    if (!e.startsWith("HS"))
+      throw new TypeError(H(t, ...E));
+    return J.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [n]);
+  }
+  throw new TypeError(H(t, ...E, "Uint8Array"));
+}
+const Le = async (e, t, n, r) => {
+  const o = await Ke(e, t, "verify");
+  Re(e, o);
+  const s = De(e, o.algorithm);
+  try {
+    return await J.subtle.verify(s, o, n, r);
+  } catch {
+    return !1;
+  }
+};
+async function We(e, t, n) {
+  if (!U(e))
+    throw new l("Flattened JWS must be an object");
+  if (e.protected === void 0 && e.header === void 0)
+    throw new l('Flattened JWS must have either of the "protected" or "header" members');
+  if (e.protected !== void 0 && typeof e.protected != "string")
+    throw new l("JWS Protected Header incorrect type");
+  if (e.payload === void 0)
+    throw new l("JWS Payload missing");
+  if (typeof e.signature != "string")
+    throw new l("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !U(e.header))
+    throw new l("JWS Unprotected Header incorrect type");
+  let r = {};
+  if (e.protected)
+    try {
+      const P = x(e.protected);
+      r = JSON.parse(R.decode(P));
+    } catch {
+      throw new l("JWS Protected Header is invalid");
+    }
+  if (!Te(r, e.header))
+    throw new l("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  const o = {
+    ...r,
+    ...e.header
+  }, s = Je(l, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, o);
+  let a = !0;
+  if (s.has("b64") && (a = r.b64, typeof a != "boolean"))
+    throw new l('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+  const { alg: i } = o;
+  if (typeof i != "string" || !i)
+    throw new l('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const c = n && ke("algorithms", n.algorithms);
+  if (c && !c.has(i))
+    throw new ge('"alg" (Algorithm) Header Parameter value not allowed');
+  if (a) {
+    if (typeof e.payload != "string")
+      throw new l("JWS Payload must be a string");
+  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
+    throw new l("JWS Payload must be a string or an Uint8Array instance");
+  let h = !1;
+  typeof t == "function" && (t = await t(r, e), h = !0), Ue(i, t, "verify");
+  const y = we(_.encode(e.protected ?? ""), _.encode("."), typeof e.payload == "string" ? _.encode(e.payload) : e.payload);
+  let u;
+  try {
+    u = x(e.signature);
+  } catch {
+    throw new l("Failed to base64url decode the signature");
+  }
+  if (!await Le(i, t, u, y))
+    throw new be();
+  let f;
+  if (a)
+    try {
+      f = x(e.payload);
+    } catch {
+      throw new l("Failed to base64url decode the payload");
+    }
+  else
+    typeof e.payload == "string" ? f = _.encode(e.payload) : f = e.payload;
+  const p = { payload: f };
+  return e.protected !== void 0 && (p.protectedHeader = r), e.header !== void 0 && (p.unprotectedHeader = e.header), h ? { ...p, key: t } : p;
+}
+async function He(e, t, n) {
+  if (e instanceof Uint8Array && (e = R.decode(e)), typeof e != "string")
+    throw new l("Compact JWS must be a string or Uint8Array");
+  const { 0: r, 1: o, 2: s, length: a } = e.split(".");
+  if (a !== 3)
+    throw new l("Invalid Compact JWS");
+  const i = await We({ payload: o, protected: r, signature: s }, t, n), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  return typeof t == "function" ? { ...c, key: i.key } : c;
+}
+const $e = (e) => Math.floor(e.getTime() / 1e3), Z = 60, ee = Z * 60, k = ee * 24, Me = k * 7, Ve = k * 365.25, Be = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
+  const t = Be.exec(e);
+  if (!t || t[4] && t[1])
+    throw new TypeError("Invalid time period format");
+  const n = parseFloat(t[2]), r = t[3].toLowerCase();
+  let o;
+  switch (r) {
+    case "sec":
+    case "secs":
+    case "second":
+    case "seconds":
+    case "s":
+      o = Math.round(n);
+      break;
+    case "minute":
+    case "minutes":
+    case "min":
+    case "mins":
+    case "m":
+      o = Math.round(n * Z);
+      break;
+    case "hour":
+    case "hours":
+    case "hr":
+    case "hrs":
+    case "h":
+      o = Math.round(n * ee);
+      break;
+    case "day":
+    case "days":
+    case "d":
+      o = Math.round(n * k);
+      break;
+    case "week":
+    case "weeks":
+    case "w":
+      o = Math.round(n * Me);
+      break;
+    default:
+      o = Math.round(n * Ve);
+      break;
+  }
+  return t[1] === "-" || t[4] === "ago" ? -o : o;
+}, V = (e) => e.toLowerCase().replace(/^application\//, ""), Fe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ge = (e, t, n = {}) => {
+  let r;
+  try {
+    r = JSON.parse(R.decode(t));
+  } catch {
+  }
+  if (!U(r))
+    throw new z("JWT Claims Set must be a top-level JSON object");
+  const { typ: o } = n;
+  if (o && (typeof e.typ != "string" || V(e.typ) !== V(o)))
+    throw new m('unexpected "typ" JWT header value', r, "typ", "check_failed");
+  const { requiredClaims: s = [], issuer: a, subject: i, audience: c, maxTokenAge: h } = n, y = [...s];
+  h !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), a !== void 0 && y.push("iss");
+  for (const p of new Set(y.reverse()))
+    if (!(p in r))
+      throw new m(`missing required "${p}" claim`, r, p, "missing");
+  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
+    throw new m('unexpected "iss" claim value', r, "iss", "check_failed");
+  if (i && r.sub !== i)
+    throw new m('unexpected "sub" claim value', r, "sub", "check_failed");
+  if (c && !Fe(r.aud, typeof c == "string" ? [c] : c))
+    throw new m('unexpected "aud" claim value', r, "aud", "check_failed");
+  let u;
+  switch (typeof n.clockTolerance) {
+    case "string":
+      u = M(n.clockTolerance);
+      break;
+    case "number":
+      u = n.clockTolerance;
+      break;
+    case "undefined":
+      u = 0;
+      break;
+    default:
+      throw new TypeError("Invalid clockTolerance option type");
+  }
+  const { currentDate: I } = n, f = $e(I || /* @__PURE__ */ new Date());
+  if ((r.iat !== void 0 || h) && typeof r.iat != "number")
+    throw new m('"iat" claim must be a number', r, "iat", "invalid");
+  if (r.nbf !== void 0) {
+    if (typeof r.nbf != "number")
+      throw new m('"nbf" claim must be a number', r, "nbf", "invalid");
+    if (r.nbf > f + u)
+      throw new m('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
+  }
+  if (r.exp !== void 0) {
+    if (typeof r.exp != "number")
+      throw new m('"exp" claim must be a number', r, "exp", "invalid");
+    if (r.exp <= f - u)
+      throw new W('"exp" claim timestamp check failed', r, "exp", "check_failed");
+  }
+  if (h) {
+    const p = f - r.iat, P = typeof h == "number" ? h : M(h);
+    if (p - u > P)
+      throw new W('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+    if (p < 0 - u)
+      throw new m('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
+  }
+  return r;
+};
+async function Ye(e, t, n) {
+  var a;
+  const r = await He(e, t, n);
+  if ((a = r.protectedHeader.crit) != null && a.includes("b64") && r.protectedHeader.b64 === !1)
+    throw new z("JWTs MUST NOT use unencoded payload");
+  const s = { payload: Ge(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
+  return typeof t == "function" ? { ...s, key: r.key } : s;
+}
+var d = [];
+for (var N = 0; N < 256; ++N)
+  d.push((N + 256).toString(16).slice(1));
+function qe(e, t = 0) {
+  return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
+}
+var v, ze = new Uint8Array(16);
+function Xe() {
+  if (!v && (v = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !v))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return m(W);
+  return v(ze);
 }
-var q = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const C = {
-  randomUUID: q
+var je = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const B = {
+  randomUUID: je
 };
-function B(e, t, n) {
-  if (C.randomUUID && !t && !e)
-    return C.randomUUID();
+function Qe(e, t, n) {
+  if (B.randomUUID && !t && !e)
+    return B.randomUUID();
   e = e || {};
-  var r = e.random || (e.rng || Y)();
-  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, K(r);
+  var r = e.random || (e.rng || Xe)();
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, qe(r);
 }
-const G = process.env.NODE_ENV === "production", Q = !G, Z = async ({ params: e = {} }) => {
+const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params: e = {} }) => {
   try {
-    const t = B(), n = await fetch(
-      Q ? `${R.dev}/authenticate` : `${R.prod}/authenticate`,
+    const t = Qe(), n = await fetch(
+      et ? `${L.dev}/authenticate` : `${L.prod}/authenticate`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [j.CLIENT_ID]: `${e.clientId}`
+          [ue.CLIENT_ID]: `${e.clientId}`
         },
         body: JSON.stringify({ ...e, nonce: t })
       }
     );
     if (n.status !== 200)
       return { status: n.status, data: [] };
-    const { data: r, errors: c } = await n.json();
+    const { data: r, errors: o } = await n.json();
     return r.nonce !== t ? { status: 500, data: [] } : {
       status: n.status,
       data: r,
-      errors: c
+      errors: o
     };
   } catch (t) {
     return console.error(t), { status: 500, data: [] };
   }
+}, te = async (e) => {
+  try {
+    const t = b.ALG, r = await xe(Se, t);
+    return await Ye(e, r, {
+      issuer: b.ISSUER
+    });
+  } catch {
+    return;
+  }
+}, rt = async ({
+  username: e,
+  password: t,
+  clientId: n,
+  sessionExpiration: r
+}) => {
+  try {
+    const o = await tt({
+      params: {
+        type: ce.ID_TOKEN,
+        username: e,
+        password: t,
+        sessionExpiration: r,
+        clientId: n
+      }
+    }), s = await te(o.data.idToken);
+    return s && s.payload[b.USER_ID_KEY] !== "" ? {
+      idToken: o.data.idToken,
+      userId: s.payload[b.USER_ID_KEY],
+      status: !0
+    } : {
+      status: !1
+    };
+  } catch {
+    return {
+      status: !1
+    };
+  }
 };
-function ee(e) {
-  const t = _();
-  return w(() => {
+function nt(e) {
+  const t = oe();
+  return G(() => {
     t.current = e;
   }), t.current;
 }
-const O = () => {
-  throw new Error(X);
-}, x = M({
+const F = () => {
+  throw new Error(me);
+}, re = ae({
   isAuthenticated: !1,
-  login: O,
-  logout: O,
+  login: F,
+  logout: F,
   accessToken: void 0,
   refreshToken: void 0,
   idToken: void 0,
   logoutReason: ""
-}), oe = ({
+}), st = ({
   children: e,
   sessionExpiration: t,
-  clientId: n,
-  accessType: r
+  clientId: n
 }) => {
-  const [c, l, u] = E(
-    `@@auth@@::${n}::@@access@@`,
-    ""
-  ), [h, g, k] = E(
-    `@@auth@@::${n}::@@refresh@@`,
-    ""
-  ), [i, y, o] = E(
-    `@@auth@@::${n}::@@user@@`,
-    ""
-  ), [a, T] = U({
-    isAuthenticated: !!i,
-    accessToken: c,
-    refreshToken: h,
-    idToken: i,
+  const [r, o, , s] = fe({
+    key: `${ye}::${n}::@@user@@`
+  }), [a, i] = se({
+    isAuthenticated: !!r,
     logoutReason: "",
     userId: ""
-  }), v = ee(i) || "";
-  w(() => {
-    v !== i && i !== "" ? T({
-      isAuthenticated: !0,
-      accessToken: c,
-      refreshToken: h,
-      idToken: i,
-      logoutReason: "",
-      userId: a.userId
-    }) : v !== i && i === "" && T({
-      isAuthenticated: !1,
-      accessToken: "",
-      refreshToken: "",
-      idToken: "",
-      logoutReason: J,
-      userId: ""
-    });
-  }, [c, h, i, v, a.userId]);
-  const $ = async (L, V) => {
-    var S;
-    const d = await Z({
-      params: {
-        type: r || H.ID_TOKEN,
-        username: L,
-        password: V,
-        sessionExpiration: t,
-        clientId: n
+  }), c = nt(r) || "";
+  G(() => {
+    c !== r && r !== null && (async () => {
+      try {
+        const u = await te(r);
+        u && u.payload[b.USER_ID_KEY] !== "" && i({
+          isAuthenticated: !0,
+          logoutReason: "",
+          userId: u.payload[b.USER_ID_KEY]
+        });
+      } catch {
+        i({
+          isAuthenticated: !1,
+          logoutReason: he,
+          userId: ""
+        });
       }
+    })();
+  }, [r, c]);
+  const h = async (u, I) => {
+    const f = await rt({
+      username: u,
+      password: I,
+      clientId: n,
+      sessionExpiration: t
     });
-    return (S = d.data) != null && S.idToken ? (y(d.data.idToken), d.data.accessToken && l(d.data.accessToken), d.data.refreshToken && g(d.data.refreshToken), T({
+    return f.status ? (o(f.idToken), i({
       isAuthenticated: !0,
-      idToken: d.data.idToken,
-      accessToken: d.data.accessToken,
-      refreshToken: d.data.refreshToken,
-      userId: d.data.userId,
-      logoutReason: ""
+      userId: f.userId
     }), !0) : !1;
-  }, b = () => {
-    u(), k(), o();
+  }, y = () => {
+    i({
+      isAuthenticated: !1,
+      logoutReason: pe,
+      userId: ""
+    }), s();
   };
-  return /* @__PURE__ */ P(x.Provider, { value: { ...a, login: $, logout: b }, children: e });
-}, re = (e = x) => F(e);
+  return /* @__PURE__ */ ne(re.Provider, { value: { ...a, login: h, logout: y }, children: e });
+}, it = (e = re) => ie(e);
 export {
-  oe as AuthProvider,
-  re as useAuth
+  st as AuthProvider,
+  it as useAuth
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "2.0.1",
+	"version": "2.1.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -44,9 +44,10 @@
 		"react-dom": "18.3.1"
 	},
 	"dependencies": {
-		"@versini/auth-common": "2.0.0",
-		"@versini/ui-hooks": "3.0.0",
+		"@versini/auth-common": "2.1.0",
+		"@versini/ui-hooks": "4.0.0",
+		"jose": "5.4.1",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "396698b2ecd3da3881a4b226a99eff3003501a27"
+	"gitHead": "a94b2706534018d76db4f96687260291b2b3b31e"
 }