@versini/auth-provider 2.2.0 → 2.3.0

package/dist/index.d.ts

@@ -10,9 +10,6 @@ type AuthProviderProps = {
 
 type AuthState = {
 	isAuthenticated: boolean;
-	idToken?: string;
-	accessToken?: string;
-	refreshToken?: string;
 	logoutReason?: string;
 	userId?: string;
 };
@@ -20,6 +17,7 @@ type AuthState = {
 type AuthContextProps = {
 	login: (username: string, password: string) => Promise<boolean>;
 	logout: () => void;
+	getIdTokenClaims: () => Promise<any>;
 } & AuthState;
 
 declare const AuthProvider: ({ children, sessionExpiration, clientId, }: AuthProviderProps) => react_jsx_runtime.JSX.Element;

package/dist/index.js

@@ -1,33 +1,33 @@
 import { jsx as ne } from "react/jsx-runtime";
 import * as I from "react";
-import { useRef as ae, useEffect as F, createContext as se, useState as ie, useContext as ce } from "react";
+import { useRef as ae, useEffect as Y, createContext as se, useState as ie, useContext as ce } from "react";
 /*!
-  @versini/auth-provider v2.2.0
+  @versini/auth-provider v2.3.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "2.2.0",
-    buildTime: "06/24/2024 05:23 PM EDT",
+    version: "2.3.0",
+    buildTime: "06/24/2024 06:34 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.2.0
+  @versini/auth-common v2.3.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.2.0",
-    buildTime: "06/24/2024 05:23 PM EDT",
+    version: "2.3.0",
+    buildTime: "06/24/2024 06:34 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const H = crypto, G = (e) => e instanceof CryptoKey, v = new TextEncoder(), T = new TextDecoder();
+const U = crypto, G = (e) => e instanceof CryptoKey, _ = new TextEncoder(), T = new TextDecoder();
 function ue(...e) {
   const t = e.reduce((n, { length: a }) => n + a, 0), o = new Uint8Array(t);
   let r = 0;
@@ -40,7 +40,7 @@ const de = (e) => {
   for (let r = 0; r < t.length; r++)
     o[r] = t.charCodeAt(r);
   return o;
-}, P = (e) => {
+}, C = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = T.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
@@ -49,7 +49,7 @@ const de = (e) => {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-class A extends Error {
+class b extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -58,7 +58,7 @@ class A extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 }
-class f extends A {
+class m extends b {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
@@ -66,7 +66,7 @@ class f extends A {
     super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class N extends A {
+class $ extends b {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
@@ -74,7 +74,7 @@ class N extends A {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class le extends A {
+class le extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -82,7 +82,7 @@ class le extends A {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class k extends A {
+class k extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -90,7 +90,7 @@ class k extends A {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-let l = class extends A {
+let l = class extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -98,7 +98,7 @@ let l = class extends A {
     return "ERR_JWS_INVALID";
   }
 };
-class Y extends A {
+class q extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -106,7 +106,7 @@ class Y extends A {
     return "ERR_JWT_INVALID";
   }
 }
-class he extends A {
+class he extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -114,13 +114,13 @@ class he extends A {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function m(e, t = "algorithm.name") {
+function S(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function _(e, t) {
+function v(e, t) {
   return e.name === t;
 }
-function C(e) {
+function P(e) {
   return parseInt(e.name.slice(4), 10);
 }
 function pe(e) {
@@ -151,46 +151,46 @@ function ye(e, t, ...o) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!_(e.algorithm, "HMAC"))
-        throw m("HMAC");
+      if (!v(e.algorithm, "HMAC"))
+        throw S("HMAC");
       const r = parseInt(t.slice(2), 10);
-      if (C(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      if (P(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!_(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw m("RSASSA-PKCS1-v1_5");
+      if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw S("RSASSA-PKCS1-v1_5");
       const r = parseInt(t.slice(2), 10);
-      if (C(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      if (P(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!_(e.algorithm, "RSA-PSS"))
-        throw m("RSA-PSS");
+      if (!v(e.algorithm, "RSA-PSS"))
+        throw S("RSA-PSS");
       const r = parseInt(t.slice(2), 10);
-      if (C(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      if (P(e.algorithm.hash) !== r)
+        throw S(`SHA-${r}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw m("Ed25519 or Ed448");
+        throw S("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!_(e.algorithm, "ECDSA"))
-        throw m("ECDSA");
+      if (!v(e.algorithm, "ECDSA"))
+        throw S("ECDSA");
       const r = pe(t);
       if (e.algorithm.namedCurve !== r)
-        throw m(r, "algorithm.namedCurve");
+        throw S(r, "algorithm.namedCurve");
       break;
     }
     default:
@@ -198,7 +198,7 @@ function ye(e, t, ...o) {
   }
   fe(e, o);
 }
-function q(e, t, ...o) {
+function z(e, t, ...o) {
   var r;
   if (o.length > 2) {
     const n = o.pop();
@@ -207,11 +207,11 @@ function q(e, t, ...o) {
     o.length === 2 ? e += `one of type ${o[0]} or ${o[1]}.` : e += `of type ${o[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const J = (e, ...t) => q("Key must be ", e, ...t);
-function z(e, t, ...o) {
-  return q(`Key for the ${e} algorithm must be `, t, ...o);
+const L = (e, ...t) => z("Key must be ", e, ...t);
+function X(e, t, ...o) {
+  return z(`Key for the ${e} algorithm must be `, t, ...o);
 }
-const X = (e) => G(e), E = ["CryptoKey"], me = (...e) => {
+const Q = (e) => G(e), g = ["CryptoKey"], me = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -233,7 +233,7 @@ const X = (e) => G(e), E = ["CryptoKey"], me = (...e) => {
 function we(e) {
   return typeof e == "object" && e !== null;
 }
-function D(e) {
+function H(e) {
   if (!we(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
@@ -249,33 +249,33 @@ const Se = (e, t) => {
     if (typeof o != "number" || o < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
-}, g = (e, t, o = 0) => {
+}, E = (e, t, o = 0) => {
   o === 0 && (t.unshift(t.length), t.unshift(6));
   const r = e.indexOf(t[0], o);
   if (r === -1)
     return !1;
   const n = e.subarray(r, r + t.length);
-  return n.length !== t.length ? !1 : n.every((a, s) => a === t[s]) || g(e, t, r + 1);
-}, $ = (e) => {
+  return n.length !== t.length ? !1 : n.every((a, s) => a === t[s]) || E(e, t, r + 1);
+}, K = (e) => {
   switch (!0) {
-    case g(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+    case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
-    case g(e, [43, 129, 4, 0, 34]):
+    case E(e, [43, 129, 4, 0, 34]):
       return "P-384";
-    case g(e, [43, 129, 4, 0, 35]):
+    case E(e, [43, 129, 4, 0, 35]):
       return "P-521";
-    case g(e, [43, 101, 110]):
+    case E(e, [43, 101, 110]):
       return "X25519";
-    case g(e, [43, 101, 111]):
+    case E(e, [43, 101, 111]):
       return "X448";
-    case g(e, [43, 101, 112]):
+    case E(e, [43, 101, 112]):
       return "Ed25519";
-    case g(e, [43, 101, 113]):
+    case E(e, [43, 101, 113]):
       return "Ed448";
     default:
       throw new k("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, ge = async (e, t, o, r, n) => {
+}, Ee = async (e, t, o, r, n) => {
   let a, s;
   const i = new Uint8Array(atob(o.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (r) {
@@ -311,43 +311,43 @@ const Se = (e, t) => {
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = $(i);
+      const c = K(i);
       a = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, s = [];
       break;
     }
     case "EdDSA":
-      a = { name: $(i) }, s = ["verify"];
+      a = { name: K(i) }, s = ["verify"];
       break;
     default:
       throw new k('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return H.subtle.importKey(t, i, a, !1, s);
-}, Ee = (e, t, o) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+  return U.subtle.importKey(t, i, a, !1, s);
+}, ge = (e, t, o) => Ee(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
 async function Ae(e, t, o) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Ee(e, t);
+  return ge(e, t);
 }
 const be = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!X(t))
-      throw new TypeError(z(e, t, ...E, "Uint8Array"));
+    if (!Q(t))
+      throw new TypeError(X(e, t, ...g, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${g.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
   }
 }, Ie = (e, t, o) => {
-  if (!X(t))
-    throw new TypeError(z(e, t, ...E));
+  if (!Q(t))
+    throw new TypeError(X(e, t, ...g));
   if (t.type === "secret")
-    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${g.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && o === "verify" && t.type === "private")
-    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${g.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && o === "encrypt" && t.type === "private")
-    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
-}, ve = (e, t, o) => {
+    throw new TypeError(`${g.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
+}, _e = (e, t, o) => {
   e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? be(e, t) : Ie(e, t, o);
 };
-function _e(e, t, o, r, n) {
+function ve(e, t, o, r, n) {
   if (n.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!r || r.crit === void 0)
@@ -402,23 +402,23 @@ function ke(e, t, o) {
     return ye(t, e, o), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(J(t, ...E));
-    return H.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
+      throw new TypeError(L(t, ...g));
+    return U.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
   }
-  throw new TypeError(J(t, ...E, "Uint8Array"));
+  throw new TypeError(L(t, ...g, "Uint8Array"));
 }
-const Pe = async (e, t, o, r) => {
+const Ce = async (e, t, o, r) => {
   const n = await ke(e, t, "verify");
   Se(e, n);
   const a = Te(e, n.algorithm);
   try {
-    return await H.subtle.verify(a, n, o, r);
+    return await U.subtle.verify(a, n, o, r);
   } catch {
     return !1;
   }
 };
-async function Ce(e, t, o) {
-  if (!D(e))
+async function Pe(e, t, o) {
+  if (!H(e))
     throw new l("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new l('Flattened JWS must have either of the "protected" or "header" members');
@@ -428,13 +428,13 @@ async function Ce(e, t, o) {
     throw new l("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new l("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !D(e.header))
+  if (e.header !== void 0 && !H(e.header))
     throw new l("JWS Unprotected Header incorrect type");
   let r = {};
   if (e.protected)
     try {
-      const S = P(e.protected);
-      r = JSON.parse(T.decode(S));
+      const p = C(e.protected);
+      r = JSON.parse(T.decode(p));
     } catch {
       throw new l("JWS Protected Header is invalid");
     }
@@ -443,7 +443,7 @@ async function Ce(e, t, o) {
   const n = {
     ...r,
     ...e.header
-  }, a = _e(l, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
+  }, a = ve(l, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
   let s = !0;
   if (a.has("b64") && (s = r.b64, typeof s != "boolean"))
     throw new l('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
@@ -458,28 +458,28 @@ async function Ce(e, t, o) {
       throw new l("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new l("JWS Payload must be a string or an Uint8Array instance");
-  let p = !1;
-  typeof t == "function" && (t = await t(r, e), p = !0), ve(i, t, "verify");
-  const y = ue(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
-  let u;
+  let f = !1;
+  typeof t == "function" && (t = await t(r, e), f = !0), _e(i, t, "verify");
+  const w = ue(_.encode(e.protected ?? ""), _.encode("."), typeof e.payload == "string" ? _.encode(e.payload) : e.payload);
+  let h;
   try {
-    u = P(e.signature);
+    h = C(e.signature);
   } catch {
     throw new l("Failed to base64url decode the signature");
   }
-  if (!await Pe(i, t, u, y))
+  if (!await Ce(i, t, h, w))
     throw new he();
-  let w;
+  let u;
   if (s)
     try {
-      w = P(e.payload);
+      u = C(e.payload);
     } catch {
       throw new l("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? w = v.encode(e.payload) : w = e.payload;
-  const h = { payload: w };
-  return e.protected !== void 0 && (h.protectedHeader = r), e.header !== void 0 && (h.unprotectedHeader = e.header), p ? { ...h, key: t } : h;
+    typeof e.payload == "string" ? u = _.encode(e.payload) : u = e.payload;
+  const y = { payload: u };
+  return e.protected !== void 0 && (y.protectedHeader = r), e.header !== void 0 && (y.unprotectedHeader = e.header), f ? { ...y, key: t } : y;
 }
 async function Oe(e, t, o) {
   if (e instanceof Uint8Array && (e = T.decode(e)), typeof e != "string")
@@ -487,11 +487,11 @@ async function Oe(e, t, o) {
   const { 0: r, 1: n, 2: a, length: s } = e.split(".");
   if (s !== 3)
     throw new l("Invalid Compact JWS");
-  const i = await Ce({ payload: n, protected: r, signature: a }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  const i = await Pe({ payload: n, protected: r, signature: a }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const De = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24, He = U * 7, Ue = U * 365.25, Ne = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, L = (e) => {
-  const t = Ne.exec(e);
+const De = (e) => Math.floor(e.getTime() / 1e3), Z = 60, ee = Z * 60, J = ee * 24, He = J * 7, Ne = J * 365.25, Ue = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, W = (e) => {
+  const t = Ue.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const o = parseFloat(t[2]), r = t[3].toLowerCase();
@@ -509,19 +509,19 @@ const De = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24,
     case "min":
     case "mins":
     case "m":
-      n = Math.round(o * Q);
+      n = Math.round(o * Z);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      n = Math.round(o * Z);
+      n = Math.round(o * ee);
       break;
     case "day":
     case "days":
     case "d":
-      n = Math.round(o * U);
+      n = Math.round(o * J);
       break;
     case "week":
     case "weeks":
@@ -529,67 +529,67 @@ const De = (e) => Math.floor(e.getTime() / 1e3), Q = 60, Z = Q * 60, U = Z * 24,
       n = Math.round(o * He);
       break;
     default:
-      n = Math.round(o * Ue);
+      n = Math.round(o * Ne);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, W = (e) => e.toLowerCase().replace(/^application\//, ""), Je = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, $e = (e, t, o = {}) => {
+}, x = (e) => e.toLowerCase().replace(/^application\//, ""), Je = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, $e = (e, t, o = {}) => {
   let r;
   try {
     r = JSON.parse(T.decode(t));
   } catch {
   }
-  if (!D(r))
-    throw new Y("JWT Claims Set must be a top-level JSON object");
+  if (!H(r))
+    throw new q("JWT Claims Set must be a top-level JSON object");
   const { typ: n } = o;
-  if (n && (typeof e.typ != "string" || W(e.typ) !== W(n)))
-    throw new f('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: a = [], issuer: s, subject: i, audience: c, maxTokenAge: p } = o, y = [...a];
-  p !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), s !== void 0 && y.push("iss");
-  for (const S of new Set(y.reverse()))
-    if (!(S in r))
-      throw new f(`missing required "${S}" claim`, r, S, "missing");
+  if (n && (typeof e.typ != "string" || x(e.typ) !== x(n)))
+    throw new m('unexpected "typ" JWT header value', r, "typ", "check_failed");
+  const { requiredClaims: a = [], issuer: s, subject: i, audience: c, maxTokenAge: f } = o, w = [...a];
+  f !== void 0 && w.push("iat"), c !== void 0 && w.push("aud"), i !== void 0 && w.push("sub"), s !== void 0 && w.push("iss");
+  for (const p of new Set(w.reverse()))
+    if (!(p in r))
+      throw new m(`missing required "${p}" claim`, r, p, "missing");
   if (s && !(Array.isArray(s) ? s : [s]).includes(r.iss))
-    throw new f('unexpected "iss" claim value', r, "iss", "check_failed");
+    throw new m('unexpected "iss" claim value', r, "iss", "check_failed");
   if (i && r.sub !== i)
-    throw new f('unexpected "sub" claim value', r, "sub", "check_failed");
+    throw new m('unexpected "sub" claim value', r, "sub", "check_failed");
   if (c && !Je(r.aud, typeof c == "string" ? [c] : c))
-    throw new f('unexpected "aud" claim value', r, "aud", "check_failed");
-  let u;
+    throw new m('unexpected "aud" claim value', r, "aud", "check_failed");
+  let h;
   switch (typeof o.clockTolerance) {
     case "string":
-      u = L(o.clockTolerance);
+      h = W(o.clockTolerance);
       break;
     case "number":
-      u = o.clockTolerance;
+      h = o.clockTolerance;
       break;
     case "undefined":
-      u = 0;
+      h = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: w } = o, h = De(w || /* @__PURE__ */ new Date());
-  if ((r.iat !== void 0 || p) && typeof r.iat != "number")
-    throw new f('"iat" claim must be a number', r, "iat", "invalid");
+  const { currentDate: u } = o, y = De(u || /* @__PURE__ */ new Date());
+  if ((r.iat !== void 0 || f) && typeof r.iat != "number")
+    throw new m('"iat" claim must be a number', r, "iat", "invalid");
   if (r.nbf !== void 0) {
     if (typeof r.nbf != "number")
-      throw new f('"nbf" claim must be a number', r, "nbf", "invalid");
-    if (r.nbf > h + u)
-      throw new f('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
+      throw new m('"nbf" claim must be a number', r, "nbf", "invalid");
+    if (r.nbf > y + h)
+      throw new m('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
   }
   if (r.exp !== void 0) {
     if (typeof r.exp != "number")
-      throw new f('"exp" claim must be a number', r, "exp", "invalid");
-    if (r.exp <= h - u)
-      throw new N('"exp" claim timestamp check failed', r, "exp", "check_failed");
+      throw new m('"exp" claim must be a number', r, "exp", "invalid");
+    if (r.exp <= y - h)
+      throw new $('"exp" claim timestamp check failed', r, "exp", "check_failed");
   }
-  if (p) {
-    const S = h - r.iat, oe = typeof p == "number" ? p : L(p);
-    if (S - u > oe)
-      throw new N('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
-    if (S < 0 - u)
-      throw new f('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
+  if (f) {
+    const p = y - r.iat, oe = typeof f == "number" ? f : W(f);
+    if (p - h > oe)
+      throw new $('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+    if (p < 0 - h)
+      throw new m('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
   }
   return r;
 };
@@ -597,19 +597,20 @@ async function Le(e, t, o) {
   var r;
   const n = await Oe(e, t, o);
   if ((r = n.protectedHeader.crit) != null && r.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new Y("JWTs MUST NOT use unencoded payload");
+    throw new q("JWTs MUST NOT use unencoded payload");
   const a = { payload: $e(n.protectedHeader, n.payload, o), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...a, key: n.key } : a;
 }
-const We = {
+const Ke = {
   ID_TOKEN: "id_token"
-}, xe = {
+}, We = {
   CLIENT_ID: "X-Auth-ClientId"
-}, b = {
+}, A = {
   ALG: "RS256",
   USER_ID_KEY: "_id",
+  TOKEN_ID_KEY: "__raw",
   ISSUER: "gizmette.com"
-}, Ke = `-----BEGIN PUBLIC KEY-----
+}, xe = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -617,11 +618,11 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, ee = async (e, t) => {
+-----END PUBLIC KEY-----`, N = async (e, t) => {
   try {
-    const o = b.ALG, r = await Ae(Ke, o);
+    const o = A.ALG, r = await Ae(xe, o);
     return await Le(e, r, {
-      issuer: b.ISSUER,
+      issuer: A.ISSUER,
       audience: t
     });
   } catch {
@@ -631,26 +632,26 @@ awIDAQAB
 function te(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const x = (e, t) => {
+const j = (e, t) => {
   const o = JSON.stringify(
     typeof t == "function" ? t() : t
   );
   window.localStorage.setItem(e, o), te(e, o);
 }, je = (e) => {
   window.localStorage.removeItem(e), te(e, null);
-}, K = (e) => window.localStorage.getItem(e), Me = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+}, M = (e) => window.localStorage.getItem(e), Me = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
 function Ve({
   key: e,
   initialValue: t
 }) {
-  const o = () => K(e), r = I.useSyncExternalStore(
+  const o = () => M(e), r = I.useSyncExternalStore(
     Me,
     o
   ), n = I.useCallback(
     (i) => {
       try {
         const c = typeof i == "function" ? i(JSON.parse(r)) : i;
-        c == null ? je(e) : x(e, c);
+        c == null ? je(e) : j(e, c);
       } catch (c) {
         console.warn(c);
       }
@@ -663,20 +664,20 @@ function Ve({
   }, [n]);
   return I.useEffect(() => {
     try {
-      K(e) === null && typeof t < "u" && x(e, t);
+      M(e) === null && typeof t < "u" && j(e, t);
     } catch (i) {
       console.warn(i);
     }
   }, [e, t]), [r ? JSON.parse(r) : null, n, a, s];
 }
-const j = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Be = "Your session has been successfully terminated.", Fe = "You forgot to wrap your component in <AuthProvider>.", M = {
+const V = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Be = "Your session has been successfully terminated.", Fe = "You forgot to wrap your component in <AuthProvider>.", B = {
   dev: "https://auth.gizmette.local.com:3003",
   prod: "https://mylogin.gizmette.com"
-}, Ge = "@@auth@@";
+}, Ye = "@@auth@@";
 var d = [];
 for (var O = 0; O < 256; ++O)
   d.push((O + 256).toString(16).slice(1));
-function Ye(e, t = 0) {
+function Ge(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
 var R, qe = new Uint8Array(16);
@@ -686,26 +687,26 @@ function ze() {
   return R(qe);
 }
 var Xe = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const V = {
+const F = {
   randomUUID: Xe
 };
 function Qe(e, t, o) {
-  if (V.randomUUID && !t && !e)
-    return V.randomUUID();
+  if (F.randomUUID && !t && !e)
+    return F.randomUUID();
   e = e || {};
   var r = e.random || (e.rng || ze)();
-  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, Ye(r);
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, Ge(r);
 }
 const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params: e = {} }) => {
   try {
     const t = Qe(), o = await fetch(
-      et ? `${M.dev}/authenticate` : `${M.prod}/authenticate`,
+      et ? `${B.dev}/authenticate` : `${B.prod}/authenticate`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [xe.CLIENT_ID]: `${e.clientId}`
+          [We.CLIENT_ID]: `${e.clientId}`
         },
         body: JSON.stringify({ ...e, nonce: t })
       }
@@ -730,16 +731,16 @@ const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params
   try {
     const n = await tt({
       params: {
-        type: We.ID_TOKEN,
+        type: Ke.ID_TOKEN,
         username: e,
         password: t,
         sessionExpiration: r,
         clientId: o
       }
-    }), a = await ee(n.data.idToken, o);
-    return a && a.payload[b.USER_ID_KEY] !== "" ? {
+    }), a = await N(n.data.idToken, o);
+    return a && a.payload[A.USER_ID_KEY] !== "" ? {
       idToken: n.data.idToken,
-      userId: a.payload[b.USER_ID_KEY],
+      userId: a.payload[A.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -752,19 +753,17 @@ const Ze = process.env.NODE_ENV === "production", et = !Ze, tt = async ({ params
 };
 function ot(e) {
   const t = ae();
-  return F(() => {
+  return Y(() => {
     t.current = e;
   }), t.current;
 }
-const B = () => {
+const D = () => {
   throw new Error(Fe);
 }, re = se({
   isAuthenticated: !1,
-  login: B,
-  logout: B,
-  accessToken: void 0,
-  refreshToken: void 0,
-  idToken: void 0,
+  login: D,
+  logout: D,
+  getIdTokenClaims: D,
   logoutReason: ""
 }), it = ({
   children: e,
@@ -772,53 +771,68 @@ const B = () => {
   clientId: o
 }) => {
   const [r, n, , a] = Ve({
-    key: `${Ge}::${o}::@@user@@`
+    key: `${Ye}::${o}::@@user@@`
   }), [s, i] = ie({
     isAuthenticated: !!r,
     logoutReason: "",
     userId: ""
   }), c = ot(r) || "";
-  F(() => {
+  Y(() => {
     c !== r && r !== null && (async () => {
       try {
-        const u = await ee(r, o);
-        u && u.payload[b.USER_ID_KEY] !== "" ? i({
+        const u = await N(r, o);
+        u && u.payload[A.USER_ID_KEY] !== "" ? i({
           isAuthenticated: !0,
           logoutReason: "",
-          userId: u.payload[b.USER_ID_KEY]
+          userId: u.payload[A.USER_ID_KEY]
         }) : i({
           isAuthenticated: !1,
-          logoutReason: j,
+          logoutReason: V,
           userId: ""
         });
       } catch {
         i({
           isAuthenticated: !1,
-          logoutReason: j,
+          logoutReason: V,
           userId: ""
         });
       }
     })();
   }, [r, c, o]);
-  const p = async (u, w) => {
-    const h = await rt({
+  const f = async (u, y) => {
+    const p = await rt({
       username: u,
-      password: w,
+      password: y,
       clientId: o,
       sessionExpiration: t
     });
-    return h.status ? (n(h.idToken), i({
+    return p.status ? (n(p.idToken), i({
       isAuthenticated: !0,
-      userId: h.userId
+      userId: p.userId
     }), !0) : !1;
-  }, y = () => {
+  }, w = () => {
     i({
       isAuthenticated: !1,
       logoutReason: Be,
       userId: ""
     }), a();
+  }, h = async () => {
+    if (s.isAuthenticated)
+      try {
+        const u = await N(r, o);
+        return { ...u == null ? void 0 : u.payload, [A.TOKEN_ID_KEY]: r };
+      } catch {
+        return {};
+      }
+    return {};
   };
-  return /* @__PURE__ */ ne(re.Provider, { value: { ...s, login: p, logout: y }, children: e });
+  return /* @__PURE__ */ ne(
+    re.Provider,
+    {
+      value: { ...s, login: f, logout: w, getIdTokenClaims: h },
+      children: e
+    }
+  );
 }, ct = (e = re) => ce(e);
 export {
   it as AuthProvider,

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "2.2.0",
+	"version": "2.3.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -44,10 +44,10 @@
 		"react-dom": "18.3.1"
 	},
 	"dependencies": {
-		"@versini/auth-common": "2.2.0",
+		"@versini/auth-common": "2.3.0",
 		"@versini/ui-hooks": "4.0.0",
 		"jose": "5.4.1",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "8ba8747f5ea5473bf63a348fef316ccff144f272"
+	"gitHead": "db5816d0e48518c40b0aa20ff564a88abf5bc426"
 }