@versini/auth-provider 2.0.2 → 2.1.1

package/dist/index.d.ts

@@ -8,17 +8,21 @@ type AuthProviderProps = {
 	accessType?: string;
 };
 
-type AuthContextProps = {
-	login: (username: string, password: string) => Promise<boolean>;
-	logout: () => void;
+type AuthState = {
 	isAuthenticated: boolean;
+	idToken?: string;
 	accessToken?: string;
 	refreshToken?: string;
-	idToken?: string;
 	logoutReason?: string;
+	userId?: string;
 };
 
-declare const AuthProvider: ({ children, sessionExpiration, clientId, accessType, }: AuthProviderProps) => react_jsx_runtime.JSX.Element;
+type AuthContextProps = {
+	login: (username: string, password: string) => Promise<boolean>;
+	logout: () => void;
+} & AuthState;
+
+declare const AuthProvider: ({ children, sessionExpiration, clientId, }: AuthProviderProps) => react_jsx_runtime.JSX.Element;
 
 declare const useAuth: (context?: react.Context<AuthContextProps>) => AuthContextProps;
 

package/dist/index.js

@@ -1,148 +1,165 @@
-import { jsx as z } from "react/jsx-runtime";
-import { useCallback as w, useState as x, useEffect as f, useRef as R, useLayoutEffect as F, createContext as M, useContext as H } from "react";
+import { jsx as ne } from "react/jsx-runtime";
+import * as A from "react";
+import { useRef as oe, useEffect as G, createContext as ae, useState as se, useContext as ie } from "react";
 /*!
-  @versini/auth-provider v2.0.2
+  @versini/auth-provider v2.1.1
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "2.0.2",
-    buildTime: "06/20/2024 03:39 AM EDT",
+    version: "2.1.1",
+    buildTime: "06/24/2024 03:44 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.0.0
+  @versini/auth-common v2.1.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.0.0",
-    buildTime: "06/20/2024 03:38 AM EDT",
+    version: "2.1.0",
+    buildTime: "06/24/2024 03:43 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const X = {
+const ce = {
   ID_TOKEN: "id_token"
-}, G = {
+}, ue = {
   CLIENT_ID: "X-Auth-ClientId"
+}, b = {
+  ALG: "RS256",
+  USER_ID_KEY: "_id",
+  ISSUER: "gizmette.com"
 };
-var j = typeof window < "u" ? F : f;
-function b(t, e, o, n) {
-  const c = R(e);
-  j(() => {
-    c.current = e;
-  }, [e]), f(() => {
-    const d = window;
-    if (!(d && d.addEventListener))
-      return;
-    const u = (h) => {
-      c.current(h);
-    };
-    return d.addEventListener(t, u, n), () => {
-      d.removeEventListener(t, u, n);
-    };
-  }, [t, o, n]);
+function Y(e, t) {
+  window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-function A(t) {
-  const e = R(() => {
-    throw new Error("Cannot call an event handler while rendering.");
-  });
-  return j(() => {
-    e.current = t;
-  }, [t]), w((...o) => {
-    var n;
-    return (n = e.current) == null ? void 0 : n.call(e, ...o);
-  }, [e]);
-}
-var k = typeof window > "u";
-function S(t, e, o = {}) {
-  const { initializeWithValue: n = !0 } = o, c = w(
-    (r) => o.serializer ? o.serializer(r) : JSON.stringify(r),
-    [o]
-  ), d = w(
-    (r) => {
-      if (o.deserializer)
-        return o.deserializer(r);
-      if (r === "undefined")
-        return;
-      const a = e instanceof Function ? e() : e;
-      let g;
+const D = (e, t) => {
+  const n = JSON.stringify(
+    typeof t == "function" ? t() : t
+  );
+  window.localStorage.setItem(e, n), Y(e, n);
+}, de = (e) => {
+  window.localStorage.removeItem(e), Y(e, null);
+}, K = (e) => window.localStorage.getItem(e), le = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function fe({
+  key: e,
+  initialValue: t
+}) {
+  const n = () => K(e), r = A.useSyncExternalStore(
+    le,
+    n
+  ), o = A.useCallback(
+    (i) => {
       try {
-        g = JSON.parse(r);
-      } catch (y) {
-        return console.error("Error parsing JSON:", y), a;
+        const c = typeof i == "function" ? i(JSON.parse(r)) : i;
+        c == null ? de(e) : D(e, c);
+      } catch (c) {
+        console.warn(c);
       }
-      return g;
     },
-    [o, e]
-  ), u = w(() => {
-    const r = e instanceof Function ? e() : e;
-    if (k)
-      return r;
-    try {
-      const a = window.localStorage.getItem(t);
-      return a ? d(a) : r;
-    } catch (a) {
-      return console.warn(`Error reading localStorage key “${t}”:`, a), r;
-    }
-  }, [e, t, d]), [h, p] = x(() => n ? u() : e instanceof Function ? e() : e), _ = A((r) => {
-    k && console.warn(
-      `Tried setting localStorage key “${t}” even though environment is not a client`
-    );
+    [e, r]
+  ), s = A.useCallback(() => {
+    o(t);
+  }, [t, o]), a = A.useCallback(() => {
+    o(null);
+  }, [o]);
+  return A.useEffect(() => {
     try {
-      const a = r instanceof Function ? r(u()) : r;
-      window.localStorage.setItem(t, c(a)), p(a), window.dispatchEvent(new StorageEvent("local-storage", { key: t }));
-    } catch (a) {
-      console.warn(`Error setting localStorage key “${t}”:`, a);
+      K(e) === null && typeof t < "u" && D(e, t);
+    } catch (i) {
+      console.warn(i);
     }
-  }), i = A(() => {
-    k && console.warn(
-      `Tried removing localStorage key “${t}” even though environment is not a client`
-    );
-    const r = e instanceof Function ? e() : e;
-    window.localStorage.removeItem(t), p(r), window.dispatchEvent(new StorageEvent("local-storage", { key: t }));
-  });
-  f(() => {
-    p(u());
-  }, [t]);
-  const v = w(
-    (r) => {
-      r.key && r.key !== t || p(u());
-    },
-    [t, u]
-  );
-  return b("storage", v), b("local-storage", v), [h, _, i];
-}
-new TextEncoder();
-const L = new TextDecoder(), K = (t) => {
-  const e = atob(t), o = new Uint8Array(e.length);
-  for (let n = 0; n < e.length; n++)
-    o[n] = e.charCodeAt(n);
-  return o;
-}, B = (t) => {
-  let e = t;
-  e instanceof Uint8Array && (e = L.decode(e)), e = e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  }, [e, t]), [r ? JSON.parse(r) : null, o, s, a];
+}
+const he = "Oops! It looks like your session has expired. For your security, please log in again to continue.", pe = "Your session has been successfully terminated.", me = "You forgot to wrap your component in <AuthProvider>.", L = {
+  dev: "https://auth.gizmette.local.com:3003",
+  prod: "https://mylogin.gizmette.com"
+}, ye = "@@auth@@", Se = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
+w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
+i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
+aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
+l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
+sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
+awIDAQAB
+-----END PUBLIC KEY-----`, J = crypto, q = (e) => e instanceof CryptoKey, _ = new TextEncoder(), R = new TextDecoder();
+function we(...e) {
+  const t = e.reduce((o, { length: s }) => o + s, 0), n = new Uint8Array(t);
+  let r = 0;
+  for (const o of e)
+    n.set(o, r), r += o.length;
+  return n;
+}
+const Ee = (e) => {
+  const t = atob(e), n = new Uint8Array(t.length);
+  for (let r = 0; r < t.length; r++)
+    n[r] = t.charCodeAt(r);
+  return n;
+}, x = (e) => {
+  let t = e;
+  t instanceof Uint8Array && (t = R.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return K(e);
+    return Ee(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-class Y extends Error {
+class g extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
-  constructor(e) {
-    var o;
-    super(e), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
+  constructor(t) {
+    var n;
+    super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
+  }
+}
+class m extends g {
+  static get code() {
+    return "ERR_JWT_CLAIM_VALIDATION_FAILED";
+  }
+  constructor(t, n, r = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = o, this.payload = n;
+  }
+}
+class W extends g {
+  static get code() {
+    return "ERR_JWT_EXPIRED";
+  }
+  constructor(t, n, r = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = o, this.payload = n;
+  }
+}
+class ge extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
+  }
+  static get code() {
+    return "ERR_JOSE_ALG_NOT_ALLOWED";
+  }
+}
+class C extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
+  }
+  static get code() {
+    return "ERR_JOSE_NOT_SUPPORTED";
+  }
+}
+class l extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JWS_INVALID";
+  }
+  static get code() {
+    return "ERR_JWS_INVALID";
   }
 }
-class T extends Y {
+class z extends g {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -150,199 +167,655 @@ class T extends Y {
     return "ERR_JWT_INVALID";
   }
 }
-function q(t) {
-  return typeof t == "object" && t !== null;
+class be extends g {
+  constructor() {
+    super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
+  }
+  static get code() {
+    return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
+  }
+}
+function S(e, t = "algorithm.name") {
+  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function Q(t) {
-  if (!q(t) || Object.prototype.toString.call(t) !== "[object Object]")
-    return !1;
-  if (Object.getPrototypeOf(t) === null)
+function T(e, t) {
+  return e.name === t;
+}
+function O(e) {
+  return parseInt(e.name.slice(4), 10);
+}
+function Ae(e) {
+  switch (e) {
+    case "ES256":
+      return "P-256";
+    case "ES384":
+      return "P-384";
+    case "ES512":
+      return "P-521";
+    default:
+      throw new Error("unreachable");
+  }
+}
+function Ie(e, t) {
+  if (t.length && !t.some((n) => e.usages.includes(n))) {
+    let n = "CryptoKey does not support this operation, its usages must include ";
+    if (t.length > 2) {
+      const r = t.pop();
+      n += `one of ${t.join(", ")}, or ${r}.`;
+    } else
+      t.length === 2 ? n += `one of ${t[0]} or ${t[1]}.` : n += `${t[0]}.`;
+    throw new TypeError(n);
+  }
+}
+function _e(e, t, ...n) {
+  switch (t) {
+    case "HS256":
+    case "HS384":
+    case "HS512": {
+      if (!T(e.algorithm, "HMAC"))
+        throw S("HMAC");
+      const r = parseInt(t.slice(2), 10);
+      if (O(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
+      break;
+    }
+    case "RS256":
+    case "RS384":
+    case "RS512": {
+      if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw S("RSASSA-PKCS1-v1_5");
+      const r = parseInt(t.slice(2), 10);
+      if (O(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
+      break;
+    }
+    case "PS256":
+    case "PS384":
+    case "PS512": {
+      if (!T(e.algorithm, "RSA-PSS"))
+        throw S("RSA-PSS");
+      const r = parseInt(t.slice(2), 10);
+      if (O(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
+      break;
+    }
+    case "EdDSA": {
+      if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
+        throw S("Ed25519 or Ed448");
+      break;
+    }
+    case "ES256":
+    case "ES384":
+    case "ES512": {
+      if (!T(e.algorithm, "ECDSA"))
+        throw S("ECDSA");
+      const r = Ae(t);
+      if (e.algorithm.namedCurve !== r)
+        throw S(r, "algorithm.namedCurve");
+      break;
+    }
+    default:
+      throw new TypeError("CryptoKey does not support this operation");
+  }
+  Ie(e, n);
+}
+function X(e, t, ...n) {
+  var r;
+  if (n.length > 2) {
+    const o = n.pop();
+    e += `one of type ${n.join(", ")}, or ${o}.`;
+  } else
+    n.length === 2 ? e += `one of type ${n[0]} or ${n[1]}.` : e += `of type ${n[0]}.`;
+  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
+}
+const H = (e, ...t) => X("Key must be ", e, ...t);
+function j(e, t, ...n) {
+  return X(`Key for the ${e} algorithm must be `, t, ...n);
+}
+const Q = (e) => q(e), E = ["CryptoKey"], Te = (...e) => {
+  const t = e.filter(Boolean);
+  if (t.length === 0 || t.length === 1)
     return !0;
-  let e = t;
-  for (; Object.getPrototypeOf(e) !== null; )
-    e = Object.getPrototypeOf(e);
-  return Object.getPrototypeOf(t) === e;
-}
-const Z = B;
-function N(t) {
-  if (typeof t != "string")
-    throw new T("JWTs must use Compact JWS serialization, JWT must be a string");
-  const { 1: e, length: o } = t.split(".");
-  if (o === 5)
-    throw new T("Only JWTs using Compact JWS serialization can be decoded");
-  if (o !== 3)
-    throw new T("Invalid JWT");
-  if (!e)
-    throw new T("JWTs must contain a payload");
   let n;
+  for (const r of t) {
+    const o = Object.keys(r);
+    if (!n || n.size === 0) {
+      n = new Set(o);
+      continue;
+    }
+    for (const s of o) {
+      if (n.has(s))
+        return !1;
+      n.add(s);
+    }
+  }
+  return !0;
+};
+function ve(e) {
+  return typeof e == "object" && e !== null;
+}
+function U(e) {
+  if (!ve(e) || Object.prototype.toString.call(e) !== "[object Object]")
+    return !1;
+  if (Object.getPrototypeOf(e) === null)
+    return !0;
+  let t = e;
+  for (; Object.getPrototypeOf(t) !== null; )
+    t = Object.getPrototypeOf(t);
+  return Object.getPrototypeOf(e) === t;
+}
+const Re = (e, t) => {
+  if (e.startsWith("RS") || e.startsWith("PS")) {
+    const { modulusLength: n } = t.algorithm;
+    if (typeof n != "number" || n < 2048)
+      throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
+  }
+}, w = (e, t, n = 0) => {
+  n === 0 && (t.unshift(t.length), t.unshift(6));
+  const r = e.indexOf(t[0], n);
+  if (r === -1)
+    return !1;
+  const o = e.subarray(r, r + t.length);
+  return o.length !== t.length ? !1 : o.every((s, a) => s === t[a]) || w(e, t, r + 1);
+}, $ = (e) => {
+  switch (!0) {
+    case w(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+      return "P-256";
+    case w(e, [43, 129, 4, 0, 34]):
+      return "P-384";
+    case w(e, [43, 129, 4, 0, 35]):
+      return "P-521";
+    case w(e, [43, 101, 110]):
+      return "X25519";
+    case w(e, [43, 101, 111]):
+      return "X448";
+    case w(e, [43, 101, 112]):
+      return "Ed25519";
+    case w(e, [43, 101, 113]):
+      return "Ed448";
+    default:
+      throw new C("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+  }
+}, Ce = async (e, t, n, r, o) => {
+  let s, a;
+  const i = new Uint8Array(atob(n.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
+  switch (r) {
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      s = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
+      break;
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
+      break;
+    case "RSA-OAEP":
+    case "RSA-OAEP-256":
+    case "RSA-OAEP-384":
+    case "RSA-OAEP-512":
+      s = {
+        name: "RSA-OAEP",
+        hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
+      }, a = ["encrypt", "wrapKey"];
+      break;
+    case "ES256":
+      s = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
+      break;
+    case "ES384":
+      s = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
+      break;
+    case "ES512":
+      s = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
+      break;
+    case "ECDH-ES":
+    case "ECDH-ES+A128KW":
+    case "ECDH-ES+A192KW":
+    case "ECDH-ES+A256KW": {
+      const c = $(i);
+      s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, a = [];
+      break;
+    }
+    case "EdDSA":
+      s = { name: $(i) }, a = ["verify"];
+      break;
+    default:
+      throw new C('Invalid or unsupported "alg" (Algorithm) value');
+  }
+  return J.subtle.importKey(t, i, s, !1, a);
+}, Pe = (e, t, n) => Ce(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function xe(e, t, n) {
+  if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
+    throw new TypeError('"spki" must be SPKI formatted string');
+  return Pe(e, t);
+}
+const Oe = (e, t) => {
+  if (!(t instanceof Uint8Array)) {
+    if (!Q(t))
+      throw new TypeError(j(e, t, ...E, "Uint8Array"));
+    if (t.type !== "secret")
+      throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
+  }
+}, Ne = (e, t, n) => {
+  if (!Q(t))
+    throw new TypeError(j(e, t, ...E));
+  if (t.type === "secret")
+    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
+  if (t.algorithm && n === "verify" && t.type === "private")
+    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
+  if (t.algorithm && n === "encrypt" && t.type === "private")
+    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
+}, Ue = (e, t, n) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Oe(e, t) : Ne(e, t, n);
+};
+function Je(e, t, n, r, o) {
+  if (o.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
+    throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
+  if (!r || r.crit === void 0)
+    return /* @__PURE__ */ new Set();
+  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
+    throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
+  let s;
+  n !== void 0 ? s = new Map([...Object.entries(n), ...t.entries()]) : s = t;
+  for (const a of r.crit) {
+    if (!s.has(a))
+      throw new C(`Extension Header Parameter "${a}" is not recognized`);
+    if (o[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" is missing`);
+    if (s.get(a) && r[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
+  }
+  return new Set(r.crit);
+}
+const ke = (e, t) => {
+  if (t !== void 0 && (!Array.isArray(t) || t.some((n) => typeof n != "string")))
+    throw new TypeError(`"${e}" option must be an array of strings`);
+  if (t)
+    return new Set(t);
+};
+function De(e, t) {
+  const n = `SHA-${e.slice(-3)}`;
+  switch (e) {
+    case "HS256":
+    case "HS384":
+    case "HS512":
+      return { hash: n, name: "HMAC" };
+    case "PS256":
+    case "PS384":
+    case "PS512":
+      return { hash: n, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
+    case "RS256":
+    case "RS384":
+    case "RS512":
+      return { hash: n, name: "RSASSA-PKCS1-v1_5" };
+    case "ES256":
+    case "ES384":
+    case "ES512":
+      return { hash: n, name: "ECDSA", namedCurve: t.namedCurve };
+    case "EdDSA":
+      return { name: t.name };
+    default:
+      throw new C(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+  }
+}
+function Ke(e, t, n) {
+  if (q(t))
+    return _e(t, e, n), t;
+  if (t instanceof Uint8Array) {
+    if (!e.startsWith("HS"))
+      throw new TypeError(H(t, ...E));
+    return J.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [n]);
+  }
+  throw new TypeError(H(t, ...E, "Uint8Array"));
+}
+const Le = async (e, t, n, r) => {
+  const o = await Ke(e, t, "verify");
+  Re(e, o);
+  const s = De(e, o.algorithm);
   try {
-    n = Z(e);
+    return await J.subtle.verify(s, o, n, r);
   } catch {
-    throw new T("Failed to base64url decode the payload");
+    return !1;
   }
-  let c;
+};
+async function We(e, t, n) {
+  if (!U(e))
+    throw new l("Flattened JWS must be an object");
+  if (e.protected === void 0 && e.header === void 0)
+    throw new l('Flattened JWS must have either of the "protected" or "header" members');
+  if (e.protected !== void 0 && typeof e.protected != "string")
+    throw new l("JWS Protected Header incorrect type");
+  if (e.payload === void 0)
+    throw new l("JWS Payload missing");
+  if (typeof e.signature != "string")
+    throw new l("JWS Signature missing or incorrect type");
+  if (e.header !== void 0 && !U(e.header))
+    throw new l("JWS Unprotected Header incorrect type");
+  let r = {};
+  if (e.protected)
+    try {
+      const P = x(e.protected);
+      r = JSON.parse(R.decode(P));
+    } catch {
+      throw new l("JWS Protected Header is invalid");
+    }
+  if (!Te(r, e.header))
+    throw new l("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+  const o = {
+    ...r,
+    ...e.header
+  }, s = Je(l, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, o);
+  let a = !0;
+  if (s.has("b64") && (a = r.b64, typeof a != "boolean"))
+    throw new l('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
+  const { alg: i } = o;
+  if (typeof i != "string" || !i)
+    throw new l('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const c = n && ke("algorithms", n.algorithms);
+  if (c && !c.has(i))
+    throw new ge('"alg" (Algorithm) Header Parameter value not allowed');
+  if (a) {
+    if (typeof e.payload != "string")
+      throw new l("JWS Payload must be a string");
+  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
+    throw new l("JWS Payload must be a string or an Uint8Array instance");
+  let h = !1;
+  typeof t == "function" && (t = await t(r, e), h = !0), Ue(i, t, "verify");
+  const y = we(_.encode(e.protected ?? ""), _.encode("."), typeof e.payload == "string" ? _.encode(e.payload) : e.payload);
+  let u;
   try {
-    c = JSON.parse(L.decode(n));
+    u = x(e.signature);
   } catch {
-    throw new T("Failed to parse the decoded payload as JSON");
+    throw new l("Failed to base64url decode the signature");
   }
-  if (!Q(c))
-    throw new T("Invalid JWT Claims Set");
-  return c;
+  if (!await Le(i, t, u, y))
+    throw new be();
+  let f;
+  if (a)
+    try {
+      f = x(e.payload);
+    } catch {
+      throw new l("Failed to base64url decode the payload");
+    }
+  else
+    typeof e.payload == "string" ? f = _.encode(e.payload) : f = e.payload;
+  const p = { payload: f };
+  return e.protected !== void 0 && (p.protectedHeader = r), e.header !== void 0 && (p.unprotectedHeader = e.header), h ? { ...p, key: t } : p;
 }
-const C = "Oops! It looks like your session has expired. For your security, please log in again to continue.", ee = "You forgot to wrap your component in <AuthProvider>.", J = {
-  dev: "https://auth.gizmette.local.com:3003",
-  prod: "https://mylogin.gizmette.com"
+async function He(e, t, n) {
+  if (e instanceof Uint8Array && (e = R.decode(e)), typeof e != "string")
+    throw new l("Compact JWS must be a string or Uint8Array");
+  const { 0: r, 1: o, 2: s, length: a } = e.split(".");
+  if (a !== 3)
+    throw new l("Invalid Compact JWS");
+  const i = await We({ payload: o, protected: r, signature: s }, t, n), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  return typeof t == "function" ? { ...c, key: i.key } : c;
+}
+const $e = (e) => Math.floor(e.getTime() / 1e3), Z = 60, ee = Z * 60, k = ee * 24, Me = k * 7, Ve = k * 365.25, Be = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
+  const t = Be.exec(e);
+  if (!t || t[4] && t[1])
+    throw new TypeError("Invalid time period format");
+  const n = parseFloat(t[2]), r = t[3].toLowerCase();
+  let o;
+  switch (r) {
+    case "sec":
+    case "secs":
+    case "second":
+    case "seconds":
+    case "s":
+      o = Math.round(n);
+      break;
+    case "minute":
+    case "minutes":
+    case "min":
+    case "mins":
+    case "m":
+      o = Math.round(n * Z);
+      break;
+    case "hour":
+    case "hours":
+    case "hr":
+    case "hrs":
+    case "h":
+      o = Math.round(n * ee);
+      break;
+    case "day":
+    case "days":
+    case "d":
+      o = Math.round(n * k);
+      break;
+    case "week":
+    case "weeks":
+    case "w":
+      o = Math.round(n * Me);
+      break;
+    default:
+      o = Math.round(n * Ve);
+      break;
+  }
+  return t[1] === "-" || t[4] === "ago" ? -o : o;
+}, V = (e) => e.toLowerCase().replace(/^application\//, ""), Fe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ge = (e, t, n = {}) => {
+  let r;
+  try {
+    r = JSON.parse(R.decode(t));
+  } catch {
+  }
+  if (!U(r))
+    throw new z("JWT Claims Set must be a top-level JSON object");
+  const { typ: o } = n;
+  if (o && (typeof e.typ != "string" || V(e.typ) !== V(o)))
+    throw new m('unexpected "typ" JWT header value', r, "typ", "check_failed");
+  const { requiredClaims: s = [], issuer: a, subject: i, audience: c, maxTokenAge: h } = n, y = [...s];
+  h !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), a !== void 0 && y.push("iss");
+  for (const p of new Set(y.reverse()))
+    if (!(p in r))
+      throw new m(`missing required "${p}" claim`, r, p, "missing");
+  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
+    throw new m('unexpected "iss" claim value', r, "iss", "check_failed");
+  if (i && r.sub !== i)
+    throw new m('unexpected "sub" claim value', r, "sub", "check_failed");
+  if (c && !Fe(r.aud, typeof c == "string" ? [c] : c))
+    throw new m('unexpected "aud" claim value', r, "aud", "check_failed");
+  let u;
+  switch (typeof n.clockTolerance) {
+    case "string":
+      u = M(n.clockTolerance);
+      break;
+    case "number":
+      u = n.clockTolerance;
+      break;
+    case "undefined":
+      u = 0;
+      break;
+    default:
+      throw new TypeError("Invalid clockTolerance option type");
+  }
+  const { currentDate: I } = n, f = $e(I || /* @__PURE__ */ new Date());
+  if ((r.iat !== void 0 || h) && typeof r.iat != "number")
+    throw new m('"iat" claim must be a number', r, "iat", "invalid");
+  if (r.nbf !== void 0) {
+    if (typeof r.nbf != "number")
+      throw new m('"nbf" claim must be a number', r, "nbf", "invalid");
+    if (r.nbf > f + u)
+      throw new m('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
+  }
+  if (r.exp !== void 0) {
+    if (typeof r.exp != "number")
+      throw new m('"exp" claim must be a number', r, "exp", "invalid");
+    if (r.exp <= f - u)
+      throw new W('"exp" claim timestamp check failed', r, "exp", "check_failed");
+  }
+  if (h) {
+    const p = f - r.iat, P = typeof h == "number" ? h : M(h);
+    if (p - u > P)
+      throw new W('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+    if (p < 0 - u)
+      throw new m('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
+  }
+  return r;
 };
-var s = [];
-for (var O = 0; O < 256; ++O)
-  s.push((O + 256).toString(16).slice(1));
-function te(t, e = 0) {
-  return (s[t[e + 0]] + s[t[e + 1]] + s[t[e + 2]] + s[t[e + 3]] + "-" + s[t[e + 4]] + s[t[e + 5]] + "-" + s[t[e + 6]] + s[t[e + 7]] + "-" + s[t[e + 8]] + s[t[e + 9]] + "-" + s[t[e + 10]] + s[t[e + 11]] + s[t[e + 12]] + s[t[e + 13]] + s[t[e + 14]] + s[t[e + 15]]).toLowerCase();
-}
-var m, oe = new Uint8Array(16);
-function ne() {
-  if (!m && (m = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !m))
+async function Ye(e, t, n) {
+  var a;
+  const r = await He(e, t, n);
+  if ((a = r.protectedHeader.crit) != null && a.includes("b64") && r.protectedHeader.b64 === !1)
+    throw new z("JWTs MUST NOT use unencoded payload");
+  const s = { payload: Ge(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
+  return typeof t == "function" ? { ...s, key: r.key } : s;
+}
+var d = [];
+for (var N = 0; N < 256; ++N)
+  d.push((N + 256).toString(16).slice(1));
+function qe(e, t = 0) {
+  return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
+}
+var v, ze = new Uint8Array(16);
+function Xe() {
+  if (!v && (v = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !v))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return m(oe);
+  return v(ze);
 }
-var re = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const D = {
-  randomUUID: re
+var je = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const B = {
+  randomUUID: je
 };
-function se(t, e, o) {
-  if (D.randomUUID && !e && !t)
-    return D.randomUUID();
-  t = t || {};
-  var n = t.random || (t.rng || ne)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, te(n);
-}
-const ce = process.env.NODE_ENV === "production", ae = !ce, ie = async ({ params: t = {} }) => {
+function Qe(e, t, n) {
+  if (B.randomUUID && !t && !e)
+    return B.randomUUID();
+  e = e || {};
+  var r = e.random || (e.rng || Xe)();
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, qe(r);
+}
+const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params: e = {} }) => {
   try {
-    const e = se(), o = await fetch(
-      ae ? `${J.dev}/authenticate` : `${J.prod}/authenticate`,
+    const t = Qe(), n = await fetch(
+      et ? `${L.dev}/authenticate` : `${L.prod}/authenticate`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [G.CLIENT_ID]: `${t.clientId}`
+          [ue.CLIENT_ID]: `${e.clientId}`
         },
-        body: JSON.stringify({ ...t, nonce: e })
+        body: JSON.stringify({ ...e, nonce: t })
       }
     );
-    if (o.status !== 200)
-      return { status: o.status, data: [] };
-    const { data: n, errors: c } = await o.json();
-    return n.nonce !== e ? { status: 500, data: [] } : {
-      status: o.status,
-      data: n,
-      errors: c
+    if (n.status !== 200)
+      return { status: n.status, data: [] };
+    const { data: r, errors: o } = await n.json();
+    return r.nonce !== t ? { status: 500, data: [] } : {
+      status: n.status,
+      data: r,
+      errors: o
+    };
+  } catch (t) {
+    return console.error(t), { status: 500, data: [] };
+  }
+}, te = async (e, t) => {
+  try {
+    const n = b.ALG, o = await xe(Se, n);
+    return await Ye(e, o, {
+      issuer: b.ISSUER,
+      audience: t
+    });
+  } catch {
+    return;
+  }
+}, rt = async ({
+  username: e,
+  password: t,
+  clientId: n,
+  sessionExpiration: r
+}) => {
+  try {
+    const o = await tt({
+      params: {
+        type: ce.ID_TOKEN,
+        username: e,
+        password: t,
+        sessionExpiration: r,
+        clientId: n
+      }
+    }), s = await te(o.data.idToken, n);
+    return s && s.payload[b.USER_ID_KEY] !== "" ? {
+      idToken: o.data.idToken,
+      userId: s.payload[b.USER_ID_KEY],
+      status: !0
+    } : {
+      status: !1
+    };
+  } catch {
+    return {
+      status: !1
     };
-  } catch (e) {
-    return console.error(e), { status: 500, data: [] };
   }
 };
-function ue(t) {
-  const e = R();
-  return f(() => {
-    e.current = t;
-  }), e.current;
-}
-const U = () => {
-  throw new Error(ee);
-}, P = M({
+function nt(e) {
+  const t = oe();
+  return G(() => {
+    t.current = e;
+  }), t.current;
+}
+const F = () => {
+  throw new Error(me);
+}, re = ae({
   isAuthenticated: !1,
-  login: U,
-  logout: U,
+  login: F,
+  logout: F,
   accessToken: void 0,
   refreshToken: void 0,
   idToken: void 0,
   logoutReason: ""
-}), he = ({
-  children: t,
-  sessionExpiration: e,
-  clientId: o,
-  accessType: n
+}), st = ({
+  children: e,
+  sessionExpiration: t,
+  clientId: n
 }) => {
-  const [c, d, u] = S(
-    `@@auth@@::${o}::@@access@@`,
-    ""
-  ), [h, p, _] = S(
-    `@@auth@@::${o}::@@refresh@@`,
-    ""
-  ), [i, v, r] = S(
-    `@@auth@@::${o}::@@user@@`,
-    ""
-  ), [a, g] = x({
-    isAuthenticated: !!i,
-    accessToken: c,
-    refreshToken: h,
-    idToken: i,
+  const [r, o, , s] = fe({
+    key: `${ye}::${n}::@@user@@`
+  }), [a, i] = se({
+    isAuthenticated: !!r,
     logoutReason: "",
     userId: ""
-  }), y = ue(i) || "";
-  f(() => {
-    if (y !== i && i !== "")
+  }), c = nt(r) || "";
+  G(() => {
+    c !== r && r !== null && (async () => {
       try {
-        const { _id: E } = N(i);
-        g({
+        const u = await te(r, n);
+        u && u.payload[b.USER_ID_KEY] !== "" && i({
           isAuthenticated: !0,
-          accessToken: c,
-          refreshToken: h,
-          idToken: i,
           logoutReason: "",
-          userId: E || ""
+          userId: u.payload[b.USER_ID_KEY]
         });
       } catch {
-        g({
+        i({
           isAuthenticated: !1,
-          accessToken: "",
-          refreshToken: "",
-          idToken: "",
-          logoutReason: C,
+          logoutReason: he,
           userId: ""
         });
       }
-    else
-      y !== i && i === "" && g({
-        isAuthenticated: !1,
-        accessToken: "",
-        refreshToken: "",
-        idToken: "",
-        logoutReason: C,
-        userId: ""
-      });
-  }, [c, h, i, y]);
-  const $ = async (E, W) => {
-    const l = await ie({
-      params: {
-        type: n || X.ID_TOKEN,
-        username: E,
-        password: W,
-        sessionExpiration: e,
-        clientId: o
-      }
+    })();
+  }, [r, c, n]);
+  const h = async (u, I) => {
+    const f = await rt({
+      username: u,
+      password: I,
+      clientId: n,
+      sessionExpiration: t
     });
-    try {
-      const { _id: I } = N(l.data.idToken);
-      return I ? (v(l.data.idToken), l.data.accessToken && d(l.data.accessToken), l.data.refreshToken && p(l.data.refreshToken), g({
-        isAuthenticated: !0,
-        idToken: l.data.idToken,
-        accessToken: l.data.accessToken,
-        refreshToken: l.data.refreshToken,
-        userId: I,
-        logoutReason: ""
-      }), !0) : !1;
-    } catch {
-      return !1;
-    }
-  }, V = () => {
-    u(), _(), r();
+    return f.status ? (o(f.idToken), i({
+      isAuthenticated: !0,
+      userId: f.userId
+    }), !0) : !1;
+  }, y = () => {
+    i({
+      isAuthenticated: !1,
+      logoutReason: pe,
+      userId: ""
+    }), s();
   };
-  return /* @__PURE__ */ z(P.Provider, { value: { ...a, login: $, logout: V }, children: t });
-}, ge = (t = P) => H(t);
+  return /* @__PURE__ */ ne(re.Provider, { value: { ...a, login: h, logout: y }, children: e });
+}, it = (e = re) => ie(e);
 export {
-  he as AuthProvider,
-  ge as useAuth
+  st as AuthProvider,
+  it as useAuth
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "2.0.2",
+	"version": "2.1.1",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -44,10 +44,10 @@
 		"react-dom": "18.3.1"
 	},
 	"dependencies": {
-		"@versini/auth-common": "2.0.0",
-		"@versini/ui-hooks": "3.0.0",
+		"@versini/auth-common": "2.1.0",
+		"@versini/ui-hooks": "4.0.0",
 		"jose": "5.4.1",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "e60af859117bfbd5af8dd27504cd1ca214c28194"
+	"gitHead": "1b07ca8f692468b40f3c579a94cb3b933cc3a88f"
 }