npm - @versini/auth-provider - Versions diffs - 3.1.0 → 4.1.0 - Mend

@versini/auth-provider 3.1.0 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +329 -283
package/package.json +3 -3

package/dist/index.js CHANGED Viewed

@@ -1,55 +1,55 @@
-import { jsx as ue } from "react/jsx-runtime";
+import { jsx as pe } from "react/jsx-runtime";
 import * as I from "react";
-import { useRef as de, useEffect as X, createContext as le, useState as he, useCallback as pe, useContext as fe } from "react";
+import { createContext as fe, useState as ye, useCallback as me, useEffect as we, useContext as Se } from "react";
 /*!
-  @versini/auth-provider v3.1.0
+  @versini/auth-provider v4.1.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "3.1.0",
-    buildTime: "06/25/2024 05:52 PM EDT",
+    version: "4.1.0",
+    buildTime: "06/26/2024 12:59 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
 /*!
-  @versini/auth-common v2.5.0
+  @versini/auth-common v2.6.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.5.0",
-    buildTime: "06/25/2024 05:52 PM EDT",
+    version: "2.6.0",
+    buildTime: "06/26/2024 12:59 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const $ = crypto, Q = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
-function ye(...e) {
-  const t = e.reduce((n, { length: a }) => n + a, 0), o = new Uint8Array(t);
+const x = crypto, Z = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
+function Ee(...e) {
+  const t = e.reduce((a, { length: s }) => a + s, 0), o = new Uint8Array(t);
   let r = 0;
-  for (const n of e)
-    o.set(n, r), r += n.length;
+  for (const a of e)
+    o.set(a, r), r += a.length;
   return o;
 }
-const me = (e) => {
+const ge = (e) => {
   const t = atob(e), o = new Uint8Array(t.length);
   for (let r = 0; r < t.length; r++)
     o[r] = t.charCodeAt(r);
   return o;
-}, D = (e) => {
+}, N = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return me(t);
+    return ge(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-let _ = class extends Error {
+let b = class extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -58,23 +58,23 @@ let _ = class extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (o = Error.captureStackTrace) == null || o.call(Error, this, this.constructor);
   }
 };
-class S extends _ {
+class S extends b {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
-  constructor(t, o, r = "unspecified", n = "unspecified") {
-    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = n, this.payload = o;
+  constructor(t, o, r = "unspecified", a = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = a, this.payload = o;
   }
 }
-class W extends _ {
+class V extends b {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
-  constructor(t, o, r = "unspecified", n = "unspecified") {
-    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = n, this.payload = o;
+  constructor(t, o, r = "unspecified", a = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = a, this.payload = o;
   }
 }
-class we extends _ {
+class Ae extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -82,7 +82,7 @@ class we extends _ {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class P extends _ {
+class P extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -90,7 +90,7 @@ class P extends _ {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-let d = class extends _ {
+let d = class extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -98,7 +98,7 @@ let d = class extends _ {
     return "ERR_JWS_INVALID";
   }
 };
-class Z extends _ {
+class ee extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -106,7 +106,7 @@ class Z extends _ {
     return "ERR_JWT_INVALID";
   }
 }
-class Se extends _ {
+class _e extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -120,10 +120,10 @@ function E(e, t = "algorithm.name") {
 function R(e, t) {
   return e.name === t;
 }
-function N(e) {
+function D(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function Ee(e) {
+function be(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -135,7 +135,7 @@ function Ee(e) {
       throw new Error("unreachable");
   }
 }
-function ge(e, t) {
+function Ie(e, t) {
   if (t.length && !t.some((o) => e.usages.includes(o))) {
     let o = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -146,7 +146,7 @@ function ge(e, t) {
     throw new TypeError(o);
   }
 }
-function Ae(e, t, ...o) {
+function Te(e, t, ...o) {
   switch (t) {
     case "HS256":
     case "HS384":
@@ -154,7 +154,7 @@ function Ae(e, t, ...o) {
       if (!R(e.algorithm, "HMAC"))
         throw E("HMAC");
       const r = parseInt(t.slice(2), 10);
-      if (N(e.algorithm.hash) !== r)
+      if (D(e.algorithm.hash) !== r)
         throw E(`SHA-${r}`, "algorithm.hash");
       break;
     }
@@ -164,7 +164,7 @@ function Ae(e, t, ...o) {
       if (!R(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw E("RSASSA-PKCS1-v1_5");
       const r = parseInt(t.slice(2), 10);
-      if (N(e.algorithm.hash) !== r)
+      if (D(e.algorithm.hash) !== r)
         throw E(`SHA-${r}`, "algorithm.hash");
       break;
     }
@@ -174,7 +174,7 @@ function Ae(e, t, ...o) {
       if (!R(e.algorithm, "RSA-PSS"))
         throw E("RSA-PSS");
       const r = parseInt(t.slice(2), 10);
-      if (N(e.algorithm.hash) !== r)
+      if (D(e.algorithm.hash) !== r)
         throw E(`SHA-${r}`, "algorithm.hash");
       break;
     }
@@ -188,7 +188,7 @@ function Ae(e, t, ...o) {
     case "ES512": {
       if (!R(e.algorithm, "ECDSA"))
         throw E("ECDSA");
-      const r = Ee(t);
+      const r = be(t);
       if (e.algorithm.namedCurve !== r)
         throw E(r, "algorithm.namedCurve");
       break;
@@ -196,45 +196,45 @@ function Ae(e, t, ...o) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  ge(e, o);
+  Ie(e, o);
 }
-function ee(e, t, ...o) {
+function te(e, t, ...o) {
   var r;
   if (o.length > 2) {
-    const n = o.pop();
-    e += `one of type ${o.join(", ")}, or ${n}.`;
+    const a = o.pop();
+    e += `one of type ${o.join(", ")}, or ${a}.`;
   } else
     o.length === 2 ? e += `one of type ${o[0]} or ${o[1]}.` : e += `of type ${o[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const x = (e, ...t) => ee("Key must be ", e, ...t);
-function te(e, t, ...o) {
-  return ee(`Key for the ${e} algorithm must be `, t, ...o);
+const Y = (e, ...t) => te("Key must be ", e, ...t);
+function re(e, t, ...o) {
+  return te(`Key for the ${e} algorithm must be `, t, ...o);
 }
-const re = (e) => Q(e), A = ["CryptoKey"], be = (...e) => {
+const oe = (e) => Z(e), A = ["CryptoKey"], ve = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
   let o;
   for (const r of t) {
-    const n = Object.keys(r);
+    const a = Object.keys(r);
     if (!o || o.size === 0) {
-      o = new Set(n);
+      o = new Set(a);
       continue;
     }
-    for (const a of n) {
-      if (o.has(a))
+    for (const s of a) {
+      if (o.has(s))
         return !1;
-      o.add(a);
+      o.add(s);
     }
   }
   return !0;
 };
-function _e(e) {
+function Re(e) {
   return typeof e == "object" && e !== null;
 }
-function J(e) {
-  if (!_e(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function W(e) {
+  if (!Re(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -243,7 +243,7 @@ function J(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const Ie = (e, t) => {
+const ke = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: o } = t.algorithm;
     if (typeof o != "number" || o < 2048)
@@ -254,9 +254,9 @@ const Ie = (e, t) => {
   const r = e.indexOf(t[0], o);
   if (r === -1)
     return !1;
-  const n = e.subarray(r, r + t.length);
-  return n.length !== t.length ? !1 : n.every((a, s) => a === t[s]) || g(e, t, r + 1);
-}, j = (e) => {
+  const a = e.subarray(r, r + t.length);
+  return a.length !== t.length ? !1 : a.every((s, n) => s === t[n]) || g(e, t, r + 1);
+}, G = (e) => {
   switch (!0) {
     case g(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -275,104 +275,104 @@ const Ie = (e, t) => {
     default:
       throw new P("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, ve = async (e, t, o, r, n) => {
-  let a, s;
+}, Ce = async (e, t, o, r, a) => {
+  let s, n;
   const i = new Uint8Array(atob(o.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
   switch (r) {
     case "PS256":
     case "PS384":
     case "PS512":
-      a = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, s = ["verify"];
+      s = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, n = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      a = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, s = ["verify"];
+      s = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, n = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
     case "RSA-OAEP-384":
     case "RSA-OAEP-512":
-      a = {
+      s = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
-      }, s = ["encrypt", "wrapKey"];
+      }, n = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      a = { name: "ECDSA", namedCurve: "P-256" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-256" }, n = ["verify"];
       break;
     case "ES384":
-      a = { name: "ECDSA", namedCurve: "P-384" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-384" }, n = ["verify"];
       break;
     case "ES512":
-      a = { name: "ECDSA", namedCurve: "P-521" }, s = ["verify"];
+      s = { name: "ECDSA", namedCurve: "P-521" }, n = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const c = j(i);
-      a = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, s = [];
+      const c = G(i);
+      s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, n = [];
       break;
     }
     case "EdDSA":
-      a = { name: j(i) }, s = ["verify"];
+      s = { name: G(i) }, n = ["verify"];
       break;
     default:
       throw new P('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return $.subtle.importKey(t, i, a, !1, s);
-}, Te = (e, t, o) => ve(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Re(e, t, o) {
+  return x.subtle.importKey(t, i, s, !1, n);
+}, Pe = (e, t, o) => Ce(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function Oe(e, t, o) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Te(e, t);
+  return Pe(e, t);
 }
-const ke = (e, t) => {
+const Ne = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!re(t))
-      throw new TypeError(te(e, t, ...A, "Uint8Array"));
+    if (!oe(t))
+      throw new TypeError(re(e, t, ...A, "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${A.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Ce = (e, t, o) => {
-  if (!re(t))
-    throw new TypeError(te(e, t, ...A));
+}, De = (e, t, o) => {
+  if (!oe(t))
+    throw new TypeError(re(e, t, ...A));
   if (t.type === "secret")
     throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && o === "verify" && t.type === "private")
     throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && o === "encrypt" && t.type === "private")
     throw new TypeError(`${A.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
-}, Pe = (e, t, o) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? ke(e, t) : Ce(e, t, o);
+}, Ue = (e, t, o) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ne(e, t) : De(e, t, o);
 };
-function Oe(e, t, o, r, n) {
-  if (n.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
+function He(e, t, o, r, a) {
+  if (a.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!r || r.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((s) => typeof s != "string" || s.length === 0))
+  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((n) => typeof n != "string" || n.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let a;
-  o !== void 0 ? a = new Map([...Object.entries(o), ...t.entries()]) : a = t;
-  for (const s of r.crit) {
-    if (!a.has(s))
-      throw new P(`Extension Header Parameter "${s}" is not recognized`);
-    if (n[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" is missing`);
-    if (a.get(s) && r[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`);
+  let s;
+  o !== void 0 ? s = new Map([...Object.entries(o), ...t.entries()]) : s = t;
+  for (const n of r.crit) {
+    if (!s.has(n))
+      throw new P(`Extension Header Parameter "${n}" is not recognized`);
+    if (a[n] === void 0)
+      throw new e(`Extension Header Parameter "${n}" is missing`);
+    if (s.get(n) && r[n] === void 0)
+      throw new e(`Extension Header Parameter "${n}" MUST be integrity protected`);
   }
   return new Set(r.crit);
 }
-const De = (e, t) => {
+const Le = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((o) => typeof o != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Ne(e, t) {
+function $e(e, t) {
   const o = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -397,28 +397,28 @@ function Ne(e, t) {
       throw new P(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-function He(e, t, o) {
-  if (Q(t))
-    return Ae(t, e, o), t;
+function Je(e, t, o) {
+  if (Z(t))
+    return Te(t, e, o), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(x(t, ...A));
-    return $.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
+      throw new TypeError(Y(t, ...A));
+    return x.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [o]);
   }
-  throw new TypeError(x(t, ...A, "Uint8Array"));
+  throw new TypeError(Y(t, ...A, "Uint8Array"));
 }
-const Ue = async (e, t, o, r) => {
-  const n = await He(e, t, "verify");
-  Ie(e, n);
-  const a = Ne(e, n.algorithm);
+const Ke = async (e, t, o, r) => {
+  const a = await Je(e, t, "verify");
+  ke(e, a);
+  const s = $e(e, a.algorithm);
   try {
-    return await $.subtle.verify(a, n, o, r);
+    return await x.subtle.verify(s, a, o, r);
   } catch {
     return !1;
   }
 };
-async function Le(e, t, o) {
-  if (!J(e))
+async function We(e, t, o) {
+  if (!W(e))
     throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new d('Flattened JWS must have either of the "protected" or "header" members');
@@ -428,137 +428,137 @@ async function Le(e, t, o) {
     throw new d("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new d("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !J(e.header))
+  if (e.header !== void 0 && !W(e.header))
     throw new d("JWS Unprotected Header incorrect type");
   let r = {};
   if (e.protected)
     try {
-      const w = D(e.protected);
+      const w = N(e.protected);
       r = JSON.parse(C.decode(w));
     } catch {
       throw new d("JWS Protected Header is invalid");
     }
-  if (!be(r, e.header))
+  if (!ve(r, e.header))
     throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const n = {
+  const a = {
     ...r,
     ...e.header
-  }, a = Oe(d, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, n);
-  let s = !0;
-  if (a.has("b64") && (s = r.b64, typeof s != "boolean"))
+  }, s = He(d, /* @__PURE__ */ new Map([["b64", !0]]), o == null ? void 0 : o.crit, r, a);
+  let n = !0;
+  if (s.has("b64") && (n = r.b64, typeof n != "boolean"))
     throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: i } = n;
+  const { alg: i } = a;
   if (typeof i != "string" || !i)
     throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const c = o && De("algorithms", o.algorithms);
+  const c = o && Le("algorithms", o.algorithms);
   if (c && !c.has(i))
-    throw new we('"alg" (Algorithm) Header Parameter value not allowed');
-  if (s) {
+    throw new Ae('"alg" (Algorithm) Header Parameter value not allowed');
+  if (n) {
     if (typeof e.payload != "string")
       throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new d("JWS Payload must be a string or an Uint8Array instance");
   let p = !1;
-  typeof t == "function" && (t = await t(r, e), p = !0), Pe(i, t, "verify");
-  const f = ye(T.encode(e.protected ?? ""), T.encode("."), typeof e.payload == "string" ? T.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(r, e), p = !0), Ue(i, t, "verify");
+  const y = Ee(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
   let l;
   try {
-    l = D(e.signature);
+    l = N(e.signature);
   } catch {
     throw new d("Failed to base64url decode the signature");
   }
-  if (!await Ue(i, t, l, f))
-    throw new Se();
-  let h;
-  if (s)
+  if (!await Ke(i, t, l, y))
+    throw new _e();
+  let m;
+  if (n)
     try {
-      h = D(e.payload);
+      m = N(e.payload);
     } catch {
       throw new d("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? h = T.encode(e.payload) : h = e.payload;
-  const m = { payload: h };
-  return e.protected !== void 0 && (m.protectedHeader = r), e.header !== void 0 && (m.unprotectedHeader = e.header), p ? { ...m, key: t } : m;
+    typeof e.payload == "string" ? m = v.encode(e.payload) : m = e.payload;
+  const h = { payload: m };
+  return e.protected !== void 0 && (h.protectedHeader = r), e.header !== void 0 && (h.unprotectedHeader = e.header), p ? { ...h, key: t } : h;
 }
-async function Je(e, t, o) {
+async function xe(e, t, o) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new d("Compact JWS must be a string or Uint8Array");
-  const { 0: r, 1: n, 2: a, length: s } = e.split(".");
-  if (s !== 3)
+  const { 0: r, 1: a, 2: s, length: n } = e.split(".");
+  if (n !== 3)
     throw new d("Invalid Compact JWS");
-  const i = await Le({ payload: n, protected: r, signature: a }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
+  const i = await We({ payload: a, protected: r, signature: s }, t, o), c = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...c, key: i.key } : c;
 }
-const $e = (e) => Math.floor(e.getTime() / 1e3), oe = 60, ne = oe * 60, K = ne * 24, Ke = K * 7, We = K * 365.25, xe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, M = (e) => {
-  const t = xe.exec(e);
+const je = (e) => Math.floor(e.getTime() / 1e3), ae = 60, ne = ae * 60, j = ne * 24, Me = j * 7, Ve = j * 365.25, Ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, B = (e) => {
+  const t = Ye.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const o = parseFloat(t[2]), r = t[3].toLowerCase();
-  let n;
+  let a;
   switch (r) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      n = Math.round(o);
+      a = Math.round(o);
       break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      n = Math.round(o * oe);
+      a = Math.round(o * ae);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      n = Math.round(o * ne);
+      a = Math.round(o * ne);
       break;
     case "day":
     case "days":
     case "d":
-      n = Math.round(o * K);
+      a = Math.round(o * j);
       break;
     case "week":
     case "weeks":
     case "w":
-      n = Math.round(o * Ke);
+      a = Math.round(o * Me);
       break;
     default:
-      n = Math.round(o * We);
+      a = Math.round(o * Ve);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, V = (e) => e.toLowerCase().replace(/^application\//, ""), je = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Me = (e, t, o = {}) => {
+  return t[1] === "-" || t[4] === "ago" ? -a : a;
+}, F = (e) => e.toLowerCase().replace(/^application\//, ""), Ge = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Be = (e, t, o = {}) => {
   let r;
   try {
     r = JSON.parse(C.decode(t));
   } catch {
   }
-  if (!J(r))
-    throw new Z("JWT Claims Set must be a top-level JSON object");
-  const { typ: n } = o;
-  if (n && (typeof e.typ != "string" || V(e.typ) !== V(n)))
+  if (!W(r))
+    throw new ee("JWT Claims Set must be a top-level JSON object");
+  const { typ: a } = o;
+  if (a && (typeof e.typ != "string" || F(e.typ) !== F(a)))
     throw new S('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: a = [], issuer: s, subject: i, audience: c, maxTokenAge: p } = o, f = [...a];
-  p !== void 0 && f.push("iat"), c !== void 0 && f.push("aud"), i !== void 0 && f.push("sub"), s !== void 0 && f.push("iss");
-  for (const w of new Set(f.reverse()))
+  const { requiredClaims: s = [], issuer: n, subject: i, audience: c, maxTokenAge: p } = o, y = [...s];
+  p !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), n !== void 0 && y.push("iss");
+  for (const w of new Set(y.reverse()))
     if (!(w in r))
       throw new S(`missing required "${w}" claim`, r, w, "missing");
-  if (s && !(Array.isArray(s) ? s : [s]).includes(r.iss))
+  if (n && !(Array.isArray(n) ? n : [n]).includes(r.iss))
     throw new S('unexpected "iss" claim value', r, "iss", "check_failed");
   if (i && r.sub !== i)
     throw new S('unexpected "sub" claim value', r, "sub", "check_failed");
-  if (c && !je(r.aud, typeof c == "string" ? [c] : c))
+  if (c && !Ge(r.aud, typeof c == "string" ? [c] : c))
     throw new S('unexpected "aud" claim value', r, "aud", "check_failed");
   let l;
   switch (typeof o.clockTolerance) {
     case "string":
-      l = M(o.clockTolerance);
+      l = B(o.clockTolerance);
       break;
     case "number":
       l = o.clockTolerance;
@@ -569,50 +569,51 @@ const $e = (e) => Math.floor(e.getTime() / 1e3), oe = 60, ne = oe * 60, K = ne *
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: h } = o, m = $e(h || /* @__PURE__ */ new Date());
+  const { currentDate: m } = o, h = je(m || /* @__PURE__ */ new Date());
   if ((r.iat !== void 0 || p) && typeof r.iat != "number")
     throw new S('"iat" claim must be a number', r, "iat", "invalid");
   if (r.nbf !== void 0) {
     if (typeof r.nbf != "number")
       throw new S('"nbf" claim must be a number', r, "nbf", "invalid");
-    if (r.nbf > m + l)
+    if (r.nbf > h + l)
       throw new S('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
   }
   if (r.exp !== void 0) {
     if (typeof r.exp != "number")
       throw new S('"exp" claim must be a number', r, "exp", "invalid");
-    if (r.exp <= m - l)
-      throw new W('"exp" claim timestamp check failed', r, "exp", "check_failed");
+    if (r.exp <= h - l)
+      throw new V('"exp" claim timestamp check failed', r, "exp", "check_failed");
   }
   if (p) {
-    const w = m - r.iat, O = typeof p == "number" ? p : M(p);
+    const w = h - r.iat, O = typeof p == "number" ? p : B(p);
     if (w - l > O)
-      throw new W('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
+      throw new V('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
     if (w < 0 - l)
       throw new S('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
   }
   return r;
 };
-async function Ve(e, t, o) {
+async function Fe(e, t, o) {
   var r;
-  const n = await Je(e, t, o);
-  if ((r = n.protectedHeader.crit) != null && r.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new Z("JWTs MUST NOT use unencoded payload");
-  const a = { payload: Me(n.protectedHeader, n.payload, o), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...a, key: n.key } : a;
+  const a = await xe(e, t, o);
+  if ((r = a.protectedHeader.crit) != null && r.includes("b64") && a.protectedHeader.b64 === !1)
+    throw new ee("JWTs MUST NOT use unencoded payload");
+  const s = { payload: Be(a.protectedHeader, a.payload, o), protectedHeader: a.protectedHeader };
+  return typeof t == "function" ? { ...s, key: a.key } : s;
 }
-const Be = {
+const qe = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token"
-}, Fe = {
+}, ze = {
   CLIENT_ID: "X-Auth-ClientId"
-}, b = {
+}, _ = {
   ALG: "RS256",
   USER_ID_KEY: "_id",
   TOKEN_ID_KEY: "__raw",
+  NONCE_KEY: "_nonce",
   ISSUER: "gizmette.com"
-}, Ge = `-----BEGIN PUBLIC KEY-----
+}, Xe = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -620,130 +621,156 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, ae = async (e, t) => {
+-----END PUBLIC KEY-----`, se = async (e, t) => {
   try {
-    const o = b.ALG, r = await Re(Ge, o);
-    return await Ve(e, r, {
-      issuer: b.ISSUER,
+    const o = _.ALG, r = await Oe(Xe, o);
+    return await Fe(e, r, {
+      issuer: _.ISSUER,
       audience: t
     });
   } catch {
     return;
   }
 };
-function se(e, t) {
+function ie(e, t) {
   window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
 }
-const B = (e, t) => {
+const q = (e, t) => {
   const o = JSON.stringify(
     typeof t == "function" ? t() : t
   );
-  window.localStorage.setItem(e, o), se(e, o);
-}, Ye = (e) => {
-  window.localStorage.removeItem(e), se(e, null);
-}, F = (e) => window.localStorage.getItem(e), qe = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function G({
+  window.localStorage.setItem(e, o), ie(e, o);
+}, Qe = (e) => {
+  window.localStorage.removeItem(e), ie(e, null);
+}, z = (e) => window.localStorage.getItem(e), Ze = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
+function U({
   key: e,
   initialValue: t
 }) {
-  const o = () => F(e), r = I.useSyncExternalStore(
-    qe,
+  const o = () => z(e), r = I.useSyncExternalStore(
+    Ze,
     o
-  ), n = I.useCallback(
+  ), a = I.useCallback(
     (i) => {
       try {
         const c = typeof i == "function" ? i(JSON.parse(r)) : i;
-        c == null ? Ye(e) : B(e, c);
+        c == null ? Qe(e) : q(e, c);
       } catch (c) {
         console.warn(c);
       }
     },
     [e, r]
-  ), a = I.useCallback(() => {
-    n(t);
-  }, [t, n]), s = I.useCallback(() => {
-    n(null);
-  }, [n]);
+  ), s = I.useCallback(() => {
+    a(t);
+  }, [t, a]), n = I.useCallback(() => {
+    a(null);
+  }, [a]);
   return I.useEffect(() => {
     try {
-      F(e) === null && typeof t < "u" && B(e, t);
+      z(e) === null && typeof t < "u" && q(e, t);
     } catch (i) {
       console.warn(i);
     }
-  }, [e, t]), [r ? JSON.parse(r) : null, n, a, s];
+  }, [e, t]), [r ? JSON.parse(r) : null, a, s, n];
 }
-const H = "Oops! It looks like your session has expired. For your security, please log in again to continue.", ze = "Your session has been successfully terminated.", Xe = "Login failed. Please try again.", Qe = "You forgot to wrap your component in <AuthProvider>.", Y = {
-  dev: "https://auth.gizmette.local.com:3003",
-  prod: "https://mylogin.gizmette.com"
-}, q = "@@auth@@";
 var u = [];
-for (var U = 0; U < 256; ++U)
-  u.push((U + 256).toString(16).slice(1));
-function Ze(e, t = 0) {
+for (var H = 0; H < 256; ++H)
+  u.push((H + 256).toString(16).slice(1));
+function et(e, t = 0) {
   return (u[e[t + 0]] + u[e[t + 1]] + u[e[t + 2]] + u[e[t + 3]] + "-" + u[e[t + 4]] + u[e[t + 5]] + "-" + u[e[t + 6]] + u[e[t + 7]] + "-" + u[e[t + 8]] + u[e[t + 9]] + "-" + u[e[t + 10]] + u[e[t + 11]] + u[e[t + 12]] + u[e[t + 13]] + u[e[t + 14]] + u[e[t + 15]]).toLowerCase();
 }
-var k, et = new Uint8Array(16);
-function tt() {
+var k, tt = new Uint8Array(16);
+function rt() {
   if (!k && (k = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !k))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return k(et);
+  return k(tt);
 }
-var rt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const z = {
-  randomUUID: rt
+var ot = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const X = {
+  randomUUID: ot
 };
-function ot(e, t, o) {
-  if (z.randomUUID && !t && !e)
-    return z.randomUUID();
+function at(e, t, o) {
+  if (X.randomUUID && !t && !e)
+    return X.randomUUID();
   e = e || {};
-  var r = e.random || (e.rng || tt)();
-  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, Ze(r);
+  var r = e.random || (e.rng || rt)();
+  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, et(r);
 }
-const nt = process.env.NODE_ENV === "production", at = !nt, st = async ({ params: e = {} }) => {
+const L = "Oops! It looks like your session has expired. For your security, please log in again to continue.", nt = "Your session has been successfully terminated.", st = "Login failed. Please try again.", it = "You forgot to wrap your component in <AuthProvider>.", Q = {
+  dev: "https://auth.gizmette.local.com:3003",
+  prod: "https://mylogin.gizmette.com"
+}, $ = "@@auth@@", ct = process.env.NODE_ENV === "production", ut = !ct, ce = {
+  AUTHENTICATE: "authenticate",
+  LOGOUT: "logout"
+}, ue = async ({ type: e, params: t = {} }) => {
   try {
-    const t = ot(), o = await fetch(
-      at ? `${Y.dev}/authenticate` : `${Y.prod}/authenticate`,
+    const o = await fetch(
+      ut ? `${Q.dev}/${e}` : `${Q.prod}/${e}`,
       {
         credentials: "include",
         method: "POST",
         headers: {
           "Content-Type": "application/json",
-          [Fe.CLIENT_ID]: `${e.clientId}`
+          [ze.CLIENT_ID]: `${t.clientId}`
         },
-        body: JSON.stringify({ ...e, nonce: t })
+        body: JSON.stringify(t)
       }
     );
     if (o.status !== 200)
       return { status: o.status, data: [] };
-    const { data: r, errors: n } = await o.json();
-    return r.nonce !== t ? { status: 500, data: [] } : {
+    const { data: r, errors: a } = await o.json();
+    return {
       status: o.status,
       data: r,
-      errors: n
+      errors: a
+    };
+  } catch (o) {
+    return console.error(o), { status: 500, data: [] };
+  }
+}, J = async ({
+  idToken: e,
+  accessToken: t,
+  clientId: o
+}) => {
+  try {
+    return {
+      status: (await ue({
+        type: ce.LOGOUT,
+        params: {
+          idToken: e,
+          accessToken: t,
+          clientId: o
+        }
+      })).status === 200
+    };
+  } catch {
+    return {
+      status: !1
     };
-  } catch (t) {
-    return console.error(t), { status: 500, data: [] };
   }
-}, it = async ({
+}, dt = async ({
   username: e,
   password: t,
   clientId: o,
-  sessionExpiration: r
+  nonce: r,
+  sessionExpiration: a
 }) => {
   try {
-    const n = await st({
+    const s = await ue({
+      type: ce.AUTHENTICATE,
       params: {
-        type: Be.ID_AND_ACCESS_TOKEN,
+        type: qe.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
-        sessionExpiration: r,
-        clientId: o
+        sessionExpiration: a,
+        clientId: o,
+        nonce: r
       }
-    }), a = await ae(n.data.idToken, o);
-    return a && a.payload[b.USER_ID_KEY] !== "" ? {
-      idToken: n.data.idToken,
-      accessToken: n.data.accessToken,
-      userId: a.payload[b.USER_ID_KEY],
+    }), n = await se(s.data.idToken, o);
+    return n && n.payload[_.USER_ID_KEY] !== "" && n.payload[_.NONCE_KEY] === r ? {
+      idToken: s.data.idToken,
+      accessToken: s.data.accessToken,
+      userId: n.payload[_.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -753,93 +780,112 @@ const nt = process.env.NODE_ENV === "production", at = !nt, st = async ({ params
       status: !1
     };
   }
-};
-function ct(e) {
-  const t = de();
-  return X(() => {
-    t.current = e;
-  }), t.current;
-}
-const L = () => {
-  throw new Error(Qe);
-}, ie = le({
+}, K = () => {
+  throw new Error(it);
+}, de = fe({
   isAuthenticated: !1,
   isLoading: !1,
-  login: L,
-  logout: L,
-  getAccessToken: L,
+  login: K,
+  logout: K,
+  getAccessToken: K,
   logoutReason: "",
   idTokenClaims: null
-}), pt = ({
+}), yt = ({
   children: e,
   sessionExpiration: t,
   clientId: o
 }) => {
-  const [r, n, , a] = G({
-    key: `${q}::${o}::@@user@@`
-  }), [s, i, , c] = G({
-    key: `${q}::${o}::@@access@@`
-  }), [p, f] = he({
+  const [r, a, , s] = U({
+    key: `${$}::${o}::@@user@@`
+  }), [n, i, , c] = U({
+    key: `${$}::${o}::@@access@@`
+  }), [, p, , y] = U({
+    key: `${$}::${o}::@@nonce@@`
+  }), [l, m] = ye({
     isLoading: !0,
     isAuthenticated: !1,
     logoutReason: "",
     userId: "",
     idTokenClaims: null
-  }), l = ct(r) || "", h = pe(
-    (y) => {
-      f({
+  }), h = me(
+    (f) => {
+      m({
         isLoading: !1,
         isAuthenticated: !1,
-        logoutReason: y || H,
+        logoutReason: f || L,
         userId: "",
         idTokenClaims: null
-      }), a(), c();
+      }), s(), c(), y();
     },
-    [a, c]
+    [s, c, y]
   );
-  X(() => {
-    l !== r && r !== null && (async () => {
+  we(() => {
+    l.isLoading && r !== null && (async () => {
       try {
-        const y = await ae(r, o);
-        y && y.payload[b.USER_ID_KEY] !== "" ? f({
+        const f = await se(r, o);
+        f && f.payload[_.USER_ID_KEY] !== "" ? m({
           isLoading: !1,
           isAuthenticated: !0,
           logoutReason: "",
-          userId: y.payload[b.USER_ID_KEY],
+          userId: f.payload[_.USER_ID_KEY],
           idTokenClaims: {
-            ...y == null ? void 0 : y.payload,
-            [b.TOKEN_ID_KEY]: r
+            ...f == null ? void 0 : f.payload,
+            [_.TOKEN_ID_KEY]: r
           }
-        }) : h(H);
+        }) : (h(L), await J({
+          idToken: r,
+          accessToken: n,
+          clientId: o
+        }));
       } catch {
-        h(H);
+        h(L), await J({
+          idToken: r,
+          accessToken: n,
+          clientId: o
+        });
       }
     })();
-  }, [r, l, o, h]);
-  const m = async (y, ce) => {
-    const v = await it({
-      username: y,
-      password: ce,
+  }, [
+    l.isLoading,
+    n,
+    r,
+    o,
+    h
+  ]);
+  const w = async (f, he) => {
+    const M = at();
+    p(M);
+    const T = await dt({
+      username: f,
+      password: he,
       clientId: o,
-      sessionExpiration: t
+      sessionExpiration: t,
+      nonce: M
     });
-    return v.status ? (n(v.idToken), i(v.accessToken), f({
+    return T.status ? (a(T.idToken), i(T.accessToken), m({
       isLoading: !1,
       isAuthenticated: !0,
-      userId: v.userId
-    }), !0) : (h(Xe), !1);
-  }, w = () => {
-    h(ze);
-  }, O = () => s;
-  return /* @__PURE__ */ ue(
-    ie.Provider,
+      userId: T.userId
+    }), !0) : (h(st), !1);
+  }, O = async () => {
+    h(nt), await J({
+      idToken: r,
+      accessToken: n,
+      clientId: o
+    });
+  }, le = () => {
+    if (l.isAuthenticated && n)
+      return n;
+  };
+  return /* @__PURE__ */ pe(
+    de.Provider,
     {
-      value: { ...p, login: m, logout: w, getAccessToken: O },
+      value: { ...l, login: w, logout: O, getAccessToken: le },
       children: e
     }
   );
-}, ft = (e = ie) => fe(e);
+}, mt = (e = de) => Se(e);
 export {
-  pt as AuthProvider,
-  ft as useAuth
+  yt as AuthProvider,
+  mt as useAuth
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "3.1.0",
+	"version": "4.1.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -44,10 +44,10 @@
 		"react-dom": "18.3.1"
 	},
 	"dependencies": {
-		"@versini/auth-common": "2.5.0",
+		"@versini/auth-common": "2.6.0",
 		"@versini/ui-hooks": "4.0.0",
 		"jose": "5.4.1",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "25c60a5226b6f9d95aa3a3fcdbbc8448181e937a"
+	"gitHead": "7d1b235e792243f979ae462cca442c9ae2a3c180"
 }