@versini/auth-provider 3.1.0 → 4.0.0

package/dist/index.js

@@ -1,55 +1,55 @@
-import { jsx as ue } from "react/jsx-runtime";
+import { jsx as he } from "react/jsx-runtime";
 import * as I from "react";
-import { useRef as de, useEffect as X, createContext as le, useState as he, useCallback as pe, useContext as fe } from "react";
+import { useRef as pe, useEffect as Q, createContext as fe, useState as ye, useCallback as me, useContext as we } from "react";
 /*!
-  @versini/auth-provider v3.1.0
+  @versini/auth-provider v4.0.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "3.1.0",
-    buildTime: "06/25/2024 05:52 PM EDT",
+    version: "4.0.0",
+    buildTime: "06/26/2024 09:06 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.5.0
+  @versini/auth-common v2.6.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.5.0",
-    buildTime: "06/25/2024 05:52 PM EDT",
+    version: "2.6.0",
+    buildTime: "06/26/2024 09:06 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const $ = crypto, Q = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
-function ye(...e) {
-  const t = e.reduce((n, { length: a }) => n + a, 0), o = new Uint8Array(t);
+const W = crypto, Z = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
+function Se(...e) {
+  const t = e.reduce((n, { length: s }) => n + s, 0), o = new Uint8Array(t);
   let r = 0;
   for (const n of e)
     o.set(n, r), r += n.length;
   return o;
 }
-const me = (e) => {
+const Ee = (e) => {
   const t = atob(e), o = new Uint8Array(t.length);
   for (let r = 0; r < t.length; r++)
     o[r] = t.charCodeAt(r);
   return o;
-}, D = (e) => {
+}, N = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return me(t);
+    return Ee(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-let _ = class extends Error {
+let b = class extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -58,7 +58,7 @@ let _ = class extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 };
-class S extends _ {
+class S extends b {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
@@ -66,7 +66,7 @@ class S extends _ {
     super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class W extends _ {
+class M extends b {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
@@ -74,7 +74,7 @@ class W extends _ {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = n, this.payload = o;
   }
 }
-class we extends _ {
+class ge extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -82,7 +82,7 @@ class we extends _ {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class P extends _ {
+class P extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -90,7 +90,7 @@ class P extends _ {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-let d = class extends _ {
+let d = class extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -98,7 +98,7 @@ let d = class extends _ {
     return "ERR_JWS_INVALID";
   }
 };
-class Z extends _ {
+class ee extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -106,7 +106,7 @@ class Z extends _ {
     return "ERR_JWT_INVALID";
   }
 }
-class Se extends _ {
+class Ae extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -120,10 +120,10 @@ function E(e, t = "algorithm.name") {
 function R(e, t) {
   return e.name === t;
 }
-function N(e) {
+function D(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function Ee(e) {
+function _e(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -135,7 +135,7 @@ function Ee(e) {
       throw new Error("unreachable");
   }
 }
-function ge(e, t) {
+function be(e, t) {
   if (t.length && !t.some((o) => e.usages.includes(o))) {
     let o = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -146,7 +146,7 @@ function ge(e, t) {
     throw new TypeError(o);
   }
 }
-function Ae(e, t, ...o) {
+function Ie(e, t, ...o) {
   switch (t) {
     case "HS256":
     case "HS384":
@@ -154,7 +154,7 @@ function Ae(e, t, ...o) {
       if (!R(e.algorithm, "HMAC"))
         throw E("HMAC");
       const r = parseInt(t.slice(2), 10);
-      if (N(e.algorithm.hash) !== r)
+      if (D(e.algorithm.hash) !== r)
         throw E(`SHA-${r}`, "algorithm.hash");
       break;
     }
@@ -164,7 +164,7 @@ function Ae(e, t, ...o) {
       if (!R(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw E("RSASSA-PKCS1-v1_5");
       const r = parseInt(t.slice(2), 10);
-      if (N(e.algorithm.hash) !== r)
+      if (D(e.algorithm.hash) !== r)
         throw E(`SHA-${r}`, "algorithm.hash");
       break;
     }
@@ -174,7 +174,7 @@ function Ae(e, t, ...o) {
       if (!R(e.algorithm, "RSA-PSS"))
         throw E("RSA-PSS");
       const r = parseInt(t.slice(2), 10);
-      if (N(e.algorithm.hash) !== r)
+      if (D(e.algorithm.hash) !== r)
         throw E(`SHA-${r}`, "algorithm.hash");
       break;
     }
@@ -188,7 +188,7 @@ function Ae(e, t, ...o) {
     case "ES512": {
       if (!R(e.algorithm, "ECDSA"))
         throw E("ECDSA");
-      const r = Ee(t);
+      const r = _e(t);
       if (e.algorithm.namedCurve !== r)
         throw E(r, "algorithm.namedCurve");
       break;
@@ -196,9 +196,9 @@ function Ae(e, t, ...o) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  ge(e, o);
+  be(e, o);
 }
-function ee(e, t, ...o) {
+function te(e, t, ...o) {
   var r;
   if (o.length > 2) {
     const n = o.pop();
@@ -207,11 +207,11 @@ function ee(e, t, ...o) {
     o.length === 2 ? e += `one of type ${o[0]} or ${o[1]}.` : e += `of type ${o[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const x = (e, ...t) => ee("Key must be ", e, ...t);
-function te(e, t, ...o) {
-  return ee(`Key for the ${e} algorithm must be `, t, ...o);
+const V = (e, ...t) => te("Key must be ", e, ...t);
+function re(e, t, ...o) {
+  return te(`Key for the ${e} algorithm must be `, t, ...o);
 }
-const re = (e) => Q(e), A = ["CryptoKey"], be = (...e) => {
+const oe = (e) => Z(e), A = ["CryptoKey"], ve = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -222,19 +222,19 @@ const re = (e) => Q(e), A = ["CryptoKey"], be = (...e) => {
       o = new Set(n);
       continue;
     }
-    for (const a of n) {
-      if (o.has(a))
+    for (const s of n) {
+      if (o.has(s))
         return !1;
-      o.add(a);
+      o.add(s);
     }
   }
   return !0;
 };
-function _e(e) {
+function Te(e) {
   return typeof e == "object" && e !== null;
 }
-function J(e) {
-  if (!_e(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function K(e) {
+  if (!Te(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -243,7 +243,7 @@ function J(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const Ie = (e, t) => {
+const Re = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: o } = t.algorithm;
     if (typeof o != "number" || o < 2048)
@@ -255,8 +255,8 @@ const Ie = (e, t) => {
   if (r === -1)
     return !1;
   const n = e.subarray(r, r + t.length);
-  return n.length !== t.length ? !1 : n.every((a, s) => a === t[s]) || g(e, t, r + 1);
-}, j = (e) => {
+  return n.length !== t.length ? !1 : n.every((s, a) => s === t[a]) || g(e, t, r + 1);
+}, Y = (e) => {
   switch (!0) {
     case g(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -275,104 +275,104 @@ const Ie = (e, t) => {
     default:
       throw new P("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, ve = async (e, t, o, r, n) => {
-  let a, s;
+}, ke = async (e, t, o, r, n) => {
+  let s, a;
   const i = new Uint8Array(atob(o.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (r) {
     case "PS256":
     case "PS384":
     case "PS512":
-      a = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, s = ["verify"];
+      s = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      a = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, s = ["verify"];
+      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      a = {
+      s = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
-      }, s = ["encrypt", "wrapKey"];
+      }, a = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      a = { name: "ECDSA", namedCurve: "P-256" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
       break;
     case "ES384":
-      a = { name: "ECDSA", namedCurve: "P-384" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
       break;
     case "ES512":
-      a = { name: "ECDSA", namedCurve: "P-521" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = j(i);
-      a = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, s = [];
+      const c = Y(i);
+      s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, a = [];
       break;
     }
     case "EdDSA":
-      a = { name: j(i) }, s = ["verify"];
+      s = { name: Y(i) }, a = ["verify"];
       break;
     default:
       throw new P('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return $.subtle.importKey(t, i, a, !1, s);
-}, Te = (e, t, o) => ve(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Re(e, t, o) {
+  return W.subtle.importKey(t, i, s, !1, a);
+}, Ce = (e, t, o) => ke(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function Pe(e, t, o) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Te(e, t);
+  return Ce(e, t);
 }
-const ke = (e, t) => {
+const Oe = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!re(t))
-      throw new TypeError(te(e, t, ...A, "Uint8Array"));
+    if (!oe(t))
+      throw new TypeError(re(e, t, ...A, "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${A.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Ce = (e, t, o) => {
-  if (!re(t))
-    throw new TypeError(te(e, t, ...A));
+}, Ne = (e, t, o) => {
+  if (!oe(t))
+    throw new TypeError(re(e, t, ...A));
   if (t.type === "secret")
     throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && o === "verify" && t.type === "private")
     throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && o === "encrypt" && t.type === "private")
     throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
-}, Pe = (e, t, o) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? ke(e, t) : Ce(e, t, o);
+}, De = (e, t, o) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Oe(e, t) : Ne(e, t, o);
 };
-function Oe(e, t, o, r, n) {
+function He(e, t, o, r, n) {
   if (n.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!r || r.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((s) => typeof s != "string" || s.length === 0))
+  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let a;
-  o !== void 0 ? a = new Map([...Object.entries(o), ...t.entries()]) : a = t;
-  for (const s of r.crit) {
-    if (!a.has(s))
-      throw new P(`Extension Header Parameter "${s}" is not recognized`);
-    if (n[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" is missing`);
-    if (a.get(s) && r[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`);
+  let s;
+  o !== void 0 ? s = new Map([...Object.entries(o), ...t.entries()]) : s = t;
+  for (const a of r.crit) {
+    if (!s.has(a))
+      throw new P(`Extension Header Parameter "${a}" is not recognized`);
+    if (n[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" is missing`);
+    if (s.get(a) && r[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
   }
   return new Set(r.crit);
 }
-const De = (e, t) => {
+const Ue = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((o) => typeof o != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Ne(e, t) {
+function Le(e, t) {
   const o = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -397,28 +397,28 @@ function Ne(e, t) {
       throw new P(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-function He(e, t, o) {
-  if (Q(t))
-    return Ae(t, e, o), t;
+function $e(e, t, o) {
+  if (Z(t))
+    return Ie(t, e, o), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(x(t, ...A));
-    return $.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
+      throw new TypeError(V(t, ...A));
+    return W.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
   }
-  throw new TypeError(x(t, ...A, "Uint8Array"));
+  throw new TypeError(V(t, ...A, "Uint8Array"));
 }
-const Ue = async (e, t, o, r) => {
-  const n = await He(e, t, "verify");
-  Ie(e, n);
-  const a = Ne(e, n.algorithm);
+const Je = async (e, t, o, r) => {
+  const n = await $e(e, t, "verify");
+  Re(e, n);
+  const s = Le(e, n.algorithm);
   try {
-    return await $.subtle.verify(a, n, o, r);
+    return await W.subtle.verify(s, n, o, r);
   } catch {
     return !1;
   }
 };
-async function Le(e, t, o) {
-  if (!J(e))
+async function Ke(e, t, o) {
+  if (!K(e))
     throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new d('Flattened JWS must have either of the "protected" or "header" members');
@@ -428,70 +428,70 @@ async function Le(e, t, o) {
     throw new d("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new d("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !J(e.header))
+  if (e.header !== void 0 && !K(e.header))
     throw new d("JWS Unprotected Header incorrect type");
   let r = {};
   if (e.protected)
     try {
-      const w = D(e.protected);
-      r = JSON.parse(C.decode(w));
+      const l = N(e.protected);
+      r = JSON.parse(C.decode(l));
     } catch {
       throw new d("JWS Protected Header is invalid");
     }
-  if (!be(r, e.header))
+  if (!ve(r, e.header))
     throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const n = {
     ...r,
     ...e.header
-  }, a = Oe(d, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
-  let s = !0;
-  if (a.has("b64") && (s = r.b64, typeof s != "boolean"))
+  }, s = He(d, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
+  let a = !0;
+  if (s.has("b64") && (a = r.b64, typeof a != "boolean"))
     throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: i } = n;
   if (typeof i != "string" || !i)
     throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = o && De("algorithms", o.algorithms);
+  const c = o && Ue("algorithms", o.algorithms);
   if (c && !c.has(i))
-    throw new we('"alg" (Algorithm) Header Parameter value not allowed');
-  if (s) {
+    throw new ge('"alg" (Algorithm) Header Parameter value not allowed');
+  if (a) {
     if (typeof e.payload != "string")
       throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new d("JWS Payload must be a string or an Uint8Array instance");
   let p = !1;
-  typeof t == "function" && (t = await t(r, e), p = !0), Pe(i, t, "verify");
-  const f = ye(T.encode(e.protected ?? ""), T.encode("."), typeof e.payload == "string" ? T.encode(e.payload) : e.payload);
-  let l;
+  typeof t == "function" && (t = await t(r, e), p = !0), De(i, t, "verify");
+  const m = Se(T.encode(e.protected ?? ""), T.encode("."), typeof e.payload == "string" ? T.encode(e.payload) : e.payload);
+  let h;
   try {
-    l = D(e.signature);
+    h = N(e.signature);
   } catch {
     throw new d("Failed to base64url decode the signature");
   }
-  if (!await Ue(i, t, l, f))
-    throw new Se();
-  let h;
-  if (s)
+  if (!await Je(i, t, h, m))
+    throw new Ae();
+  let w;
+  if (a)
     try {
-      h = D(e.payload);
+      w = N(e.payload);
     } catch {
       throw new d("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? h = T.encode(e.payload) : h = e.payload;
-  const m = { payload: h };
-  return e.protected !== void 0 && (m.protectedHeader = r), e.header !== void 0 && (m.unprotectedHeader = e.header), p ? { ...m, key: t } : m;
+    typeof e.payload == "string" ? w = T.encode(e.payload) : w = e.payload;
+  const f = { payload: w };
+  return e.protected !== void 0 && (f.protectedHeader = r), e.header !== void 0 && (f.unprotectedHeader = e.header), p ? { ...f, key: t } : f;
 }
-async function Je(e, t, o) {
+async function We(e, t, o) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new d("Compact JWS must be a string or Uint8Array");
-  const { 0: r, 1: n, 2: a, length: s } = e.split(".");
-  if (s !== 3)
+  const { 0: r, 1: n, 2: s, length: a } = e.split(".");
+  if (a !== 3)
     throw new d("Invalid Compact JWS");
-  const i = await Le({ payload: n, protected: r, signature: a }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  const i = await Ke({ payload: n, protected: r, signature: s }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const $e = (e) => Math.floor(e.getTime() / 1e3), oe = 60, ne = oe * 60, K = ne * 24, Ke = K * 7, We = K * 365.25, xe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
-  const t = xe.exec(e);
+const xe = (e) => Math.floor(e.getTime() / 1e3), ne = 60, ae = ne * 60, x = ae * 24, je = x * 7, Me = x * 365.25, Ve = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, B = (e) => {
+  const t = Ve.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const o = parseFloat(t[2]), r = t[3].toLowerCase();
@@ -509,110 +509,111 @@ const $e = (e) => Math.floor(e.getTime() / 1e3), oe = 60, ne = oe * 60, K = ne *
     case "min":
     case "mins":
     case "m":
-      n = Math.round(o * oe);
+      n = Math.round(o * ne);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      n = Math.round(o * ne);
+      n = Math.round(o * ae);
       break;
     case "day":
     case "days":
     case "d":
-      n = Math.round(o * K);
+      n = Math.round(o * x);
       break;
     case "week":
     case "weeks":
     case "w":
-      n = Math.round(o * Ke);
+      n = Math.round(o * je);
       break;
     default:
-      n = Math.round(o * We);
+      n = Math.round(o * Me);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, V = (e) => e.toLowerCase().replace(/^application\//, ""), je = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Me = (e, t, o = {}) => {
+}, F = (e) => e.toLowerCase().replace(/^application\//, ""), Ye = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Be = (e, t, o = {}) => {
   let r;
   try {
     r = JSON.parse(C.decode(t));
   } catch {
   }
-  if (!J(r))
-    throw new Z("JWT Claims Set must be a top-level JSON object");
+  if (!K(r))
+    throw new ee("JWT Claims Set must be a top-level JSON object");
   const { typ: n } = o;
-  if (n && (typeof e.typ != "string" || V(e.typ) !== V(n)))
+  if (n && (typeof e.typ != "string" || F(e.typ) !== F(n)))
     throw new S('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: a = [], issuer: s, subject: i, audience: c, maxTokenAge: p } = o, f = [...a];
-  p !== void 0 && f.push("iat"), c !== void 0 && f.push("aud"), i !== void 0 && f.push("sub"), s !== void 0 && f.push("iss");
-  for (const w of new Set(f.reverse()))
-    if (!(w in r))
-      throw new S(`missing required "${w}" claim`, r, w, "missing");
-  if (s && !(Array.isArray(s) ? s : [s]).includes(r.iss))
+  const { requiredClaims: s = [], issuer: a, subject: i, audience: c, maxTokenAge: p } = o, m = [...s];
+  p !== void 0 && m.push("iat"), c !== void 0 && m.push("aud"), i !== void 0 && m.push("sub"), a !== void 0 && m.push("iss");
+  for (const l of new Set(m.reverse()))
+    if (!(l in r))
+      throw new S(`missing required "${l}" claim`, r, l, "missing");
+  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
     throw new S('unexpected "iss" claim value', r, "iss", "check_failed");
   if (i && r.sub !== i)
     throw new S('unexpected "sub" claim value', r, "sub", "check_failed");
-  if (c && !je(r.aud, typeof c == "string" ? [c] : c))
+  if (c && !Ye(r.aud, typeof c == "string" ? [c] : c))
     throw new S('unexpected "aud" claim value', r, "aud", "check_failed");
-  let l;
+  let h;
   switch (typeof o.clockTolerance) {
     case "string":
-      l = M(o.clockTolerance);
+      h = B(o.clockTolerance);
       break;
     case "number":
-      l = o.clockTolerance;
+      h = o.clockTolerance;
       break;
     case "undefined":
-      l = 0;
+      h = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: h } = o, m = $e(h || /* @__PURE__ */ new Date());
+  const { currentDate: w } = o, f = xe(w || /* @__PURE__ */ new Date());
   if ((r.iat !== void 0 || p) && typeof r.iat != "number")
     throw new S('"iat" claim must be a number', r, "iat", "invalid");
   if (r.nbf !== void 0) {
     if (typeof r.nbf != "number")
       throw new S('"nbf" claim must be a number', r, "nbf", "invalid");
-    if (r.nbf > m + l)
+    if (r.nbf > f + h)
       throw new S('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
   }
   if (r.exp !== void 0) {
     if (typeof r.exp != "number")
       throw new S('"exp" claim must be a number', r, "exp", "invalid");
-    if (r.exp <= m - l)
-      throw new W('"exp" claim timestamp check failed', r, "exp", "check_failed");
+    if (r.exp <= f - h)
+      throw new M('"exp" claim timestamp check failed', r, "exp", "check_failed");
   }
   if (p) {
-    const w = m - r.iat, O = typeof p == "number" ? p : M(p);
-    if (w - l > O)
-      throw new W('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
-    if (w < 0 - l)
+    const l = f - r.iat, O = typeof p == "number" ? p : B(p);
+    if (l - h > O)
+      throw new M('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+    if (l < 0 - h)
       throw new S('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
   }
   return r;
 };
-async function Ve(e, t, o) {
+async function Fe(e, t, o) {
   var r;
-  const n = await Je(e, t, o);
+  const n = await We(e, t, o);
   if ((r = n.protectedHeader.crit) != null && r.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new Z("JWTs MUST NOT use unencoded payload");
-  const a = { payload: Me(n.protectedHeader, n.payload, o), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...a, key: n.key } : a;
+    throw new ee("JWTs MUST NOT use unencoded payload");
+  const s = { payload: Be(n.protectedHeader, n.payload, o), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...s, key: n.key } : s;
 }
-const Be = {
+const Ge = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token"
-}, Fe = {
+}, qe = {
   CLIENT_ID: "X-Auth-ClientId"
-}, b = {
+}, _ = {
   ALG: "RS256",
   USER_ID_KEY: "_id",
   TOKEN_ID_KEY: "__raw",
+  NONCE_KEY: "_nonce",
   ISSUER: "gizmette.com"
-}, Ge = `-----BEGIN PUBLIC KEY-----
+}, ze = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -620,62 +621,58 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, ae = async (e, t) => {
+-----END PUBLIC KEY-----`, se = async (e, t) => {
   try {
-    const o = b.ALG, r = await Re(Ge, o);
-    return await Ve(e, r, {
-      issuer: b.ISSUER,
+    const o = _.ALG, r = await Pe(ze, o);
+    return await Fe(e, r, {
+      issuer: _.ISSUER,
       audience: t
     });
   } catch {
     return;
   }
 };
-function se(e, t) {
+function ie(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const B = (e, t) => {
+const G = (e, t) => {
   const o = JSON.stringify(
     typeof t == "function" ? t() : t
   );
-  window.localStorage.setItem(e, o), se(e, o);
-}, Ye = (e) => {
-  window.localStorage.removeItem(e), se(e, null);
-}, F = (e) => window.localStorage.getItem(e), qe = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function G({
+  window.localStorage.setItem(e, o), ie(e, o);
+}, Xe = (e) => {
+  window.localStorage.removeItem(e), ie(e, null);
+}, q = (e) => window.localStorage.getItem(e), Qe = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function H({
   key: e,
   initialValue: t
 }) {
-  const o = () => F(e), r = I.useSyncExternalStore(
-    qe,
+  const o = () => q(e), r = I.useSyncExternalStore(
+    Qe,
     o
   ), n = I.useCallback(
     (i) => {
       try {
         const c = typeof i == "function" ? i(JSON.parse(r)) : i;
-        c == null ? Ye(e) : B(e, c);
+        c == null ? Xe(e) : G(e, c);
       } catch (c) {
         console.warn(c);
       }
     },
     [e, r]
-  ), a = I.useCallback(() => {
+  ), s = I.useCallback(() => {
     n(t);
-  }, [t, n]), s = I.useCallback(() => {
+  }, [t, n]), a = I.useCallback(() => {
     n(null);
   }, [n]);
   return I.useEffect(() => {
     try {
-      F(e) === null && typeof t < "u" && B(e, t);
+      q(e) === null && typeof t < "u" && G(e, t);
     } catch (i) {
       console.warn(i);
     }
-  }, [e, t]), [r ? JSON.parse(r) : null, n, a, s];
+  }, [e, t]), [r ? JSON.parse(r) : null, n, s, a];
 }
-const H = "Oops! It looks like your session has expired. For your security, please log in again to continue.", ze = "Your session has been successfully terminated.", Xe = "Login failed. Please try again.", Qe = "You forgot to wrap your component in <AuthProvider>.", Y = {
-  dev: "https://auth.gizmette.local.com:3003",
-  prod: "https://mylogin.gizmette.com"
-}, q = "@@auth@@";
 var u = [];
 for (var U = 0; U < 256; ++U)
   u.push((U + 256).toString(16).slice(1));
@@ -699,51 +696,56 @@ function ot(e, t, o) {
   var r = e.random || (e.rng || tt)();
   return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, Ze(r);
 }
-const nt = process.env.NODE_ENV === "production", at = !nt, st = async ({ params: e = {} }) => {
+const L = "Oops! It looks like your session has expired. For your security, please log in again to continue.", nt = "Your session has been successfully terminated.", at = "Login failed. Please try again.", st = "You forgot to wrap your component in <AuthProvider>.", X = {
+  dev: "https://auth.gizmette.local.com:3003",
+  prod: "https://mylogin.gizmette.com"
+}, $ = "@@auth@@", it = process.env.NODE_ENV === "production", ct = !it, ut = async ({ params: e = {} }) => {
   try {
-    const t = ot(), o = await fetch(
-      at ? `${Y.dev}/authenticate` : `${Y.prod}/authenticate`,
+    const t = await fetch(
+      ct ? `${X.dev}/authenticate` : `${X.prod}/authenticate`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [Fe.CLIENT_ID]: `${e.clientId}`
+          [qe.CLIENT_ID]: `${e.clientId}`
         },
-        body: JSON.stringify({ ...e, nonce: t })
+        body: JSON.stringify(e)
       }
     );
-    if (o.status !== 200)
-      return { status: o.status, data: [] };
-    const { data: r, errors: n } = await o.json();
-    return r.nonce !== t ? { status: 500, data: [] } : {
-      status: o.status,
-      data: r,
-      errors: n
+    if (t.status !== 200)
+      return { status: t.status, data: [] };
+    const { data: o, errors: r } = await t.json();
+    return {
+      status: t.status,
+      data: o,
+      errors: r
     };
   } catch (t) {
     return console.error(t), { status: 500, data: [] };
   }
-}, it = async ({
+}, dt = async ({
   username: e,
   password: t,
   clientId: o,
-  sessionExpiration: r
+  nonce: r,
+  sessionExpiration: n
 }) => {
   try {
-    const n = await st({
+    const s = await ut({
       params: {
-        type: Be.ID_AND_ACCESS_TOKEN,
+        type: Ge.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
-        sessionExpiration: r,
-        clientId: o
+        sessionExpiration: n,
+        clientId: o,
+        nonce: r
       }
-    }), a = await ae(n.data.idToken, o);
-    return a && a.payload[b.USER_ID_KEY] !== "" ? {
-      idToken: n.data.idToken,
-      accessToken: n.data.accessToken,
-      userId: a.payload[b.USER_ID_KEY],
+    }), a = await se(s.data.idToken, o);
+    return a && a.payload[_.USER_ID_KEY] !== "" && a.payload[_.NONCE_KEY] === r ? {
+      idToken: s.data.idToken,
+      accessToken: s.data.accessToken,
+      userId: a.payload[_.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -754,92 +756,97 @@ const nt = process.env.NODE_ENV === "production", at = !nt, st = async ({ params
     };
   }
 };
-function ct(e) {
-  const t = de();
-  return X(() => {
+function lt(e) {
+  const t = pe();
+  return Q(() => {
     t.current = e;
   }), t.current;
 }
-const L = () => {
-  throw new Error(Qe);
-}, ie = le({
+const J = () => {
+  throw new Error(st);
+}, ce = fe({
   isAuthenticated: !1,
   isLoading: !1,
-  login: L,
-  logout: L,
-  getAccessToken: L,
+  login: J,
+  logout: J,
+  getAccessToken: J,
   logoutReason: "",
   idTokenClaims: null
-}), pt = ({
+}), mt = ({
   children: e,
   sessionExpiration: t,
   clientId: o
 }) => {
-  const [r, n, , a] = G({
-    key: `${q}::${o}::@@user@@`
-  }), [s, i, , c] = G({
-    key: `${q}::${o}::@@access@@`
-  }), [p, f] = he({
+  const [r, n, , s] = H({
+    key: `${$}::${o}::@@user@@`
+  }), [a, i, , c] = H({
+    key: `${$}::${o}::@@access@@`
+  }), [, p, , m] = H({
+    key: `${$}::${o}::@@nonce@@`
+  }), [h, w] = ye({
     isLoading: !0,
     isAuthenticated: !1,
     logoutReason: "",
     userId: "",
     idTokenClaims: null
-  }), l = ct(r) || "", h = pe(
+  }), f = lt(r) || "", l = me(
     (y) => {
-      f({
+      w({
         isLoading: !1,
         isAuthenticated: !1,
-        logoutReason: y || H,
+        logoutReason: y || L,
         userId: "",
         idTokenClaims: null
-      }), a(), c();
+      }), s(), c(), m();
     },
-    [a, c]
+    [s, c, m]
   );
-  X(() => {
-    l !== r && r !== null && (async () => {
+  Q(() => {
+    f !== r && r !== null && (async () => {
       try {
-        const y = await ae(r, o);
-        y && y.payload[b.USER_ID_KEY] !== "" ? f({
+        const y = await se(r, o);
+        y && y.payload[_.USER_ID_KEY] !== "" ? w({
           isLoading: !1,
           isAuthenticated: !0,
           logoutReason: "",
-          userId: y.payload[b.USER_ID_KEY],
+          userId: y.payload[_.USER_ID_KEY],
           idTokenClaims: {
             ...y == null ? void 0 : y.payload,
-            [b.TOKEN_ID_KEY]: r
+            [_.TOKEN_ID_KEY]: r
           }
-        }) : h(H);
+        }) : l(L);
       } catch {
-        h(H);
+        l(L);
       }
     })();
-  }, [r, l, o, h]);
-  const m = async (y, ce) => {
-    const v = await it({
+  }, [r, f, o, l]);
+  const O = async (y, le) => {
+    const j = ot();
+    p(j);
+    const v = await dt({
       username: y,
-      password: ce,
+      password: le,
       clientId: o,
-      sessionExpiration: t
+      sessionExpiration: t,
+      nonce: j
     });
-    return v.status ? (n(v.idToken), i(v.accessToken), f({
+    return v.status ? (n(v.idToken), i(v.accessToken), w({
       isLoading: !1,
       isAuthenticated: !0,
       userId: v.userId
-    }), !0) : (h(Xe), !1);
-  }, w = () => {
-    h(ze);
-  }, O = () => s;
-  return /* @__PURE__ */ ue(
-    ie.Provider,
+    }), !0) : (l(at), !1);
+  }, ue = () => {
+    l(nt);
+  }, de = () => a;
+  return /* @__PURE__ */ he(
+    ce.Provider,
     {
-      value: { ...p, login: m, logout: w, getAccessToken: O },
+      value: { ...h, login: O, logout: ue, getAccessToken: de },
       children: e
     }
   );
-}, ft = (e = ie) => fe(e);
+}, wt = (e = ce) => we(e);
 export {
-  pt as AuthProvider,
-  ft as useAuth
+  mt as AuthProvider,
+  wt as useAuth
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "3.1.0",
+	"version": "4.0.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -44,10 +44,10 @@
 		"react-dom": "18.3.1"
 	},
 	"dependencies": {
-		"@versini/auth-common": "2.5.0",
+		"@versini/auth-common": "2.6.0",
 		"@versini/ui-hooks": "4.0.0",
 		"jose": "5.4.1",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "25c60a5226b6f9d95aa3a3fcdbbc8448181e937a"
+	"gitHead": "8229de388733e13731f9dcfdfe6ffbc0ee9e77fb"
 }