@versini/auth-provider 5.0.0 → 5.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +342 -293
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -1,14 +1,17 @@
|
|
|
1
|
-
|
|
1
|
+
var xe = Object.defineProperty;
|
|
2
|
+
var je = (e, t, r) => t in e ? xe(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
|
|
3
|
+
var K = (e, t, r) => (je(e, typeof t != "symbol" ? t + "" : t, r), r);
|
|
4
|
+
import { jsx as Me } from "react/jsx-runtime";
|
|
2
5
|
import * as D from "react";
|
|
3
|
-
import { createContext as
|
|
6
|
+
import { createContext as Ve, useState as Ye, useCallback as Be, useEffect as Fe, useContext as Ge } from "react";
|
|
4
7
|
/*!
|
|
5
|
-
@versini/auth-provider v5.0.
|
|
8
|
+
@versini/auth-provider v5.0.2
|
|
6
9
|
© 2024 gizmette.com
|
|
7
10
|
*/
|
|
8
11
|
try {
|
|
9
12
|
window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
|
|
10
|
-
version: "5.0.
|
|
11
|
-
buildTime: "
|
|
13
|
+
version: "5.0.2",
|
|
14
|
+
buildTime: "07/04/2024 08:12 PM EDT",
|
|
12
15
|
homepage: "https://github.com/aversini/auth-client",
|
|
13
16
|
license: "MIT"
|
|
14
17
|
});
|
|
@@ -21,7 +24,7 @@ try {
|
|
|
21
24
|
try {
|
|
22
25
|
window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
|
|
23
26
|
version: "2.10.1",
|
|
24
|
-
buildTime: "
|
|
27
|
+
buildTime: "07/04/2024 08:12 PM EDT",
|
|
25
28
|
homepage: "https://github.com/aversini/auth-client",
|
|
26
29
|
license: "MIT"
|
|
27
30
|
});
|
|
@@ -33,16 +36,16 @@ const B = {
|
|
|
33
36
|
ID_AND_ACCESS_TOKEN: "id_token token",
|
|
34
37
|
CODE: "code",
|
|
35
38
|
REFRESH_TOKEN: "refresh_token"
|
|
36
|
-
},
|
|
39
|
+
}, qe = {
|
|
37
40
|
CLIENT_ID: "X-Auth-ClientId"
|
|
38
|
-
},
|
|
41
|
+
}, y = {
|
|
39
42
|
ALG: "RS256",
|
|
40
43
|
USER_ID_KEY: "sub",
|
|
41
44
|
TOKEN_ID_KEY: "__raw",
|
|
42
45
|
NONCE_KEY: "_nonce",
|
|
43
46
|
USERNAME_KEY: "username",
|
|
44
47
|
ISSUER: "gizmette.com"
|
|
45
|
-
},
|
|
48
|
+
}, ze = `-----BEGIN PUBLIC KEY-----
|
|
46
49
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
|
|
47
50
|
w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
|
|
48
51
|
i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
|
|
@@ -54,15 +57,15 @@ awIDAQAB
|
|
|
54
57
|
AUTHENTICATE: "authenticate",
|
|
55
58
|
CODE: "code",
|
|
56
59
|
LOGOUT: "logout"
|
|
57
|
-
}, G = crypto,
|
|
58
|
-
function
|
|
60
|
+
}, G = crypto, ke = (e) => e instanceof CryptoKey, N = new TextEncoder(), q = new TextDecoder();
|
|
61
|
+
function Xe(...e) {
|
|
59
62
|
const t = e.reduce((n, { length: s }) => n + s, 0), r = new Uint8Array(t);
|
|
60
63
|
let a = 0;
|
|
61
64
|
for (const n of e)
|
|
62
65
|
r.set(n, a), a += n.length;
|
|
63
66
|
return r;
|
|
64
67
|
}
|
|
65
|
-
const
|
|
68
|
+
const Qe = (e) => {
|
|
66
69
|
const t = atob(e), r = new Uint8Array(t.length);
|
|
67
70
|
for (let a = 0; a < t.length; a++)
|
|
68
71
|
r[a] = t.charCodeAt(a);
|
|
@@ -71,12 +74,12 @@ const Ge = (e) => {
|
|
|
71
74
|
let t = e;
|
|
72
75
|
t instanceof Uint8Array && (t = q.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
|
|
73
76
|
try {
|
|
74
|
-
return
|
|
77
|
+
return Qe(t);
|
|
75
78
|
} catch {
|
|
76
79
|
throw new TypeError("The input to be decoded is not correctly encoded.");
|
|
77
80
|
}
|
|
78
81
|
};
|
|
79
|
-
class
|
|
82
|
+
class R extends Error {
|
|
80
83
|
static get code() {
|
|
81
84
|
return "ERR_JOSE_GENERIC";
|
|
82
85
|
}
|
|
@@ -85,7 +88,7 @@ class C extends Error {
|
|
|
85
88
|
super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
|
|
86
89
|
}
|
|
87
90
|
}
|
|
88
|
-
class
|
|
91
|
+
class S extends R {
|
|
89
92
|
static get code() {
|
|
90
93
|
return "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
91
94
|
}
|
|
@@ -93,7 +96,7 @@ class g extends C {
|
|
|
93
96
|
super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = a, this.reason = n, this.payload = r;
|
|
94
97
|
}
|
|
95
98
|
}
|
|
96
|
-
class
|
|
99
|
+
class ue extends R {
|
|
97
100
|
static get code() {
|
|
98
101
|
return "ERR_JWT_EXPIRED";
|
|
99
102
|
}
|
|
@@ -101,7 +104,7 @@ class ie extends C {
|
|
|
101
104
|
super(t), this.code = "ERR_JWT_EXPIRED", this.claim = a, this.reason = n, this.payload = r;
|
|
102
105
|
}
|
|
103
106
|
}
|
|
104
|
-
class
|
|
107
|
+
class Ze extends R {
|
|
105
108
|
constructor() {
|
|
106
109
|
super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
107
110
|
}
|
|
@@ -109,14 +112,14 @@ class qe extends C {
|
|
|
109
112
|
return "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
110
113
|
}
|
|
111
114
|
}
|
|
112
|
-
let
|
|
115
|
+
let _ = class extends R {
|
|
113
116
|
constructor() {
|
|
114
117
|
super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
115
118
|
}
|
|
116
119
|
static get code() {
|
|
117
120
|
return "ERR_JOSE_NOT_SUPPORTED";
|
|
118
121
|
}
|
|
119
|
-
}, h = class extends
|
|
122
|
+
}, h = class extends R {
|
|
120
123
|
constructor() {
|
|
121
124
|
super(...arguments), this.code = "ERR_JWS_INVALID";
|
|
122
125
|
}
|
|
@@ -124,7 +127,7 @@ let T = class extends C {
|
|
|
124
127
|
return "ERR_JWS_INVALID";
|
|
125
128
|
}
|
|
126
129
|
};
|
|
127
|
-
class be extends
|
|
130
|
+
class be extends R {
|
|
128
131
|
constructor() {
|
|
129
132
|
super(...arguments), this.code = "ERR_JWT_INVALID";
|
|
130
133
|
}
|
|
@@ -132,7 +135,7 @@ class be extends C {
|
|
|
132
135
|
return "ERR_JWT_INVALID";
|
|
133
136
|
}
|
|
134
137
|
}
|
|
135
|
-
class
|
|
138
|
+
class et extends R {
|
|
136
139
|
constructor() {
|
|
137
140
|
super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
|
|
138
141
|
}
|
|
@@ -140,16 +143,16 @@ class ze extends C {
|
|
|
140
143
|
return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
141
144
|
}
|
|
142
145
|
}
|
|
143
|
-
function
|
|
146
|
+
function T(e, t = "algorithm.name") {
|
|
144
147
|
return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
|
|
145
148
|
}
|
|
146
149
|
function $(e, t) {
|
|
147
150
|
return e.name === t;
|
|
148
151
|
}
|
|
149
|
-
function
|
|
152
|
+
function Q(e) {
|
|
150
153
|
return parseInt(e.name.slice(4), 10);
|
|
151
154
|
}
|
|
152
|
-
function
|
|
155
|
+
function tt(e) {
|
|
153
156
|
switch (e) {
|
|
154
157
|
case "ES256":
|
|
155
158
|
return "P-256";
|
|
@@ -161,7 +164,7 @@ function Xe(e) {
|
|
|
161
164
|
throw new Error("unreachable");
|
|
162
165
|
}
|
|
163
166
|
}
|
|
164
|
-
function
|
|
167
|
+
function rt(e, t) {
|
|
165
168
|
if (t.length && !t.some((r) => e.usages.includes(r))) {
|
|
166
169
|
let r = "CryptoKey does not support this operation, its usages must include ";
|
|
167
170
|
if (t.length > 2) {
|
|
@@ -172,57 +175,57 @@ function Qe(e, t) {
|
|
|
172
175
|
throw new TypeError(r);
|
|
173
176
|
}
|
|
174
177
|
}
|
|
175
|
-
function
|
|
178
|
+
function at(e, t, ...r) {
|
|
176
179
|
switch (t) {
|
|
177
180
|
case "HS256":
|
|
178
181
|
case "HS384":
|
|
179
182
|
case "HS512": {
|
|
180
183
|
if (!$(e.algorithm, "HMAC"))
|
|
181
|
-
throw
|
|
184
|
+
throw T("HMAC");
|
|
182
185
|
const a = parseInt(t.slice(2), 10);
|
|
183
|
-
if (
|
|
184
|
-
throw
|
|
186
|
+
if (Q(e.algorithm.hash) !== a)
|
|
187
|
+
throw T(`SHA-${a}`, "algorithm.hash");
|
|
185
188
|
break;
|
|
186
189
|
}
|
|
187
190
|
case "RS256":
|
|
188
191
|
case "RS384":
|
|
189
192
|
case "RS512": {
|
|
190
193
|
if (!$(e.algorithm, "RSASSA-PKCS1-v1_5"))
|
|
191
|
-
throw
|
|
194
|
+
throw T("RSASSA-PKCS1-v1_5");
|
|
192
195
|
const a = parseInt(t.slice(2), 10);
|
|
193
|
-
if (
|
|
194
|
-
throw
|
|
196
|
+
if (Q(e.algorithm.hash) !== a)
|
|
197
|
+
throw T(`SHA-${a}`, "algorithm.hash");
|
|
195
198
|
break;
|
|
196
199
|
}
|
|
197
200
|
case "PS256":
|
|
198
201
|
case "PS384":
|
|
199
202
|
case "PS512": {
|
|
200
203
|
if (!$(e.algorithm, "RSA-PSS"))
|
|
201
|
-
throw
|
|
204
|
+
throw T("RSA-PSS");
|
|
202
205
|
const a = parseInt(t.slice(2), 10);
|
|
203
|
-
if (
|
|
204
|
-
throw
|
|
206
|
+
if (Q(e.algorithm.hash) !== a)
|
|
207
|
+
throw T(`SHA-${a}`, "algorithm.hash");
|
|
205
208
|
break;
|
|
206
209
|
}
|
|
207
210
|
case "EdDSA": {
|
|
208
211
|
if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
|
|
209
|
-
throw
|
|
212
|
+
throw T("Ed25519 or Ed448");
|
|
210
213
|
break;
|
|
211
214
|
}
|
|
212
215
|
case "ES256":
|
|
213
216
|
case "ES384":
|
|
214
217
|
case "ES512": {
|
|
215
218
|
if (!$(e.algorithm, "ECDSA"))
|
|
216
|
-
throw
|
|
217
|
-
const a =
|
|
219
|
+
throw T("ECDSA");
|
|
220
|
+
const a = tt(t);
|
|
218
221
|
if (e.algorithm.namedCurve !== a)
|
|
219
|
-
throw
|
|
222
|
+
throw T(a, "algorithm.namedCurve");
|
|
220
223
|
break;
|
|
221
224
|
}
|
|
222
225
|
default:
|
|
223
226
|
throw new TypeError("CryptoKey does not support this operation");
|
|
224
227
|
}
|
|
225
|
-
|
|
228
|
+
rt(e, r);
|
|
226
229
|
}
|
|
227
230
|
function _e(e, t, ...r) {
|
|
228
231
|
var a;
|
|
@@ -233,11 +236,11 @@ function _e(e, t, ...r) {
|
|
|
233
236
|
r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
|
|
234
237
|
return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (a = t.constructor) != null && a.name && (e += ` Received an instance of ${t.constructor.name}`), e;
|
|
235
238
|
}
|
|
236
|
-
const
|
|
239
|
+
const de = (e, ...t) => _e("Key must be ", e, ...t);
|
|
237
240
|
function ve(e, t, ...r) {
|
|
238
241
|
return _e(`Key for the ${e} algorithm must be `, t, ...r);
|
|
239
242
|
}
|
|
240
|
-
const
|
|
243
|
+
const Re = (e) => ke(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", Y = ["CryptoKey"], nt = (...e) => {
|
|
241
244
|
const t = e.filter(Boolean);
|
|
242
245
|
if (t.length === 0 || t.length === 1)
|
|
243
246
|
return !0;
|
|
@@ -256,11 +259,11 @@ const Te = (e) => Ae(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) ===
|
|
|
256
259
|
}
|
|
257
260
|
return !0;
|
|
258
261
|
};
|
|
259
|
-
function
|
|
262
|
+
function st(e) {
|
|
260
263
|
return typeof e == "object" && e !== null;
|
|
261
264
|
}
|
|
262
|
-
function
|
|
263
|
-
if (!
|
|
265
|
+
function oe(e) {
|
|
266
|
+
if (!st(e) || Object.prototype.toString.call(e) !== "[object Object]")
|
|
264
267
|
return !1;
|
|
265
268
|
if (Object.getPrototypeOf(e) === null)
|
|
266
269
|
return !0;
|
|
@@ -269,14 +272,14 @@ function ne(e) {
|
|
|
269
272
|
t = Object.getPrototypeOf(t);
|
|
270
273
|
return Object.getPrototypeOf(e) === t;
|
|
271
274
|
}
|
|
272
|
-
const
|
|
275
|
+
const ot = (e, t) => {
|
|
273
276
|
if (e.startsWith("RS") || e.startsWith("PS")) {
|
|
274
277
|
const { modulusLength: r } = t.algorithm;
|
|
275
278
|
if (typeof r != "number" || r < 2048)
|
|
276
279
|
throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
|
|
277
280
|
}
|
|
278
281
|
};
|
|
279
|
-
function
|
|
282
|
+
function it(e) {
|
|
280
283
|
let t, r;
|
|
281
284
|
switch (e.kty) {
|
|
282
285
|
case "RSA": {
|
|
@@ -301,7 +304,7 @@ function at(e) {
|
|
|
301
304
|
}, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
|
|
302
305
|
break;
|
|
303
306
|
default:
|
|
304
|
-
throw new
|
|
307
|
+
throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
305
308
|
}
|
|
306
309
|
break;
|
|
307
310
|
}
|
|
@@ -323,7 +326,7 @@ function at(e) {
|
|
|
323
326
|
t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
|
|
324
327
|
break;
|
|
325
328
|
default:
|
|
326
|
-
throw new
|
|
329
|
+
throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
327
330
|
}
|
|
328
331
|
break;
|
|
329
332
|
}
|
|
@@ -339,71 +342,71 @@ function at(e) {
|
|
|
339
342
|
t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
|
|
340
343
|
break;
|
|
341
344
|
default:
|
|
342
|
-
throw new
|
|
345
|
+
throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
343
346
|
}
|
|
344
347
|
break;
|
|
345
348
|
}
|
|
346
349
|
default:
|
|
347
|
-
throw new
|
|
350
|
+
throw new _('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
|
|
348
351
|
}
|
|
349
352
|
return { algorithm: t, keyUsages: r };
|
|
350
353
|
}
|
|
351
|
-
const
|
|
354
|
+
const ct = async (e) => {
|
|
352
355
|
if (!e.alg)
|
|
353
356
|
throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
|
|
354
|
-
const { algorithm: t, keyUsages: r } =
|
|
357
|
+
const { algorithm: t, keyUsages: r } = it(e), a = [
|
|
355
358
|
t,
|
|
356
359
|
e.ext ?? !1,
|
|
357
360
|
e.key_ops ?? r
|
|
358
361
|
], n = { ...e };
|
|
359
362
|
return delete n.alg, delete n.use, G.subtle.importKey("jwk", n, ...a);
|
|
360
|
-
},
|
|
361
|
-
let
|
|
362
|
-
const
|
|
363
|
+
}, Ie = (e) => M(e);
|
|
364
|
+
let Z, ee;
|
|
365
|
+
const Ce = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", Pe = async (e, t, r, a) => {
|
|
363
366
|
let n = e.get(t);
|
|
364
367
|
if (n != null && n[a])
|
|
365
368
|
return n[a];
|
|
366
|
-
const s = await
|
|
369
|
+
const s = await ct({ ...r, alg: a });
|
|
367
370
|
return n ? n[a] = s : e.set(t, { [a]: s }), s;
|
|
368
|
-
},
|
|
369
|
-
if (
|
|
371
|
+
}, ut = (e, t) => {
|
|
372
|
+
if (Ce(e)) {
|
|
370
373
|
let r = e.export({ format: "jwk" });
|
|
371
|
-
return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ?
|
|
374
|
+
return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Ie(r.k) : (ee || (ee = /* @__PURE__ */ new WeakMap()), Pe(ee, e, r, t));
|
|
372
375
|
}
|
|
373
376
|
return e;
|
|
374
|
-
},
|
|
375
|
-
if (
|
|
377
|
+
}, dt = (e, t) => {
|
|
378
|
+
if (Ce(e)) {
|
|
376
379
|
let r = e.export({ format: "jwk" });
|
|
377
|
-
return r.k ?
|
|
380
|
+
return r.k ? Ie(r.k) : (Z || (Z = /* @__PURE__ */ new WeakMap()), Pe(Z, e, r, t));
|
|
378
381
|
}
|
|
379
382
|
return e;
|
|
380
|
-
},
|
|
383
|
+
}, lt = { normalizePublicKey: ut, normalizePrivateKey: dt }, b = (e, t, r = 0) => {
|
|
381
384
|
r === 0 && (t.unshift(t.length), t.unshift(6));
|
|
382
385
|
const a = e.indexOf(t[0], r);
|
|
383
386
|
if (a === -1)
|
|
384
387
|
return !1;
|
|
385
388
|
const n = e.subarray(a, a + t.length);
|
|
386
|
-
return n.length !== t.length ? !1 : n.every((s, o) => s === t[o]) ||
|
|
387
|
-
},
|
|
389
|
+
return n.length !== t.length ? !1 : n.every((s, o) => s === t[o]) || b(e, t, a + 1);
|
|
390
|
+
}, le = (e) => {
|
|
388
391
|
switch (!0) {
|
|
389
|
-
case
|
|
392
|
+
case b(e, [42, 134, 72, 206, 61, 3, 1, 7]):
|
|
390
393
|
return "P-256";
|
|
391
|
-
case
|
|
394
|
+
case b(e, [43, 129, 4, 0, 34]):
|
|
392
395
|
return "P-384";
|
|
393
|
-
case
|
|
396
|
+
case b(e, [43, 129, 4, 0, 35]):
|
|
394
397
|
return "P-521";
|
|
395
|
-
case
|
|
398
|
+
case b(e, [43, 101, 110]):
|
|
396
399
|
return "X25519";
|
|
397
|
-
case
|
|
400
|
+
case b(e, [43, 101, 111]):
|
|
398
401
|
return "X448";
|
|
399
|
-
case
|
|
402
|
+
case b(e, [43, 101, 112]):
|
|
400
403
|
return "Ed25519";
|
|
401
|
-
case
|
|
404
|
+
case b(e, [43, 101, 113]):
|
|
402
405
|
return "Ed448";
|
|
403
406
|
default:
|
|
404
|
-
throw new
|
|
407
|
+
throw new _("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
|
|
405
408
|
}
|
|
406
|
-
},
|
|
409
|
+
}, ht = async (e, t, r, a, n) => {
|
|
407
410
|
let s, o;
|
|
408
411
|
const c = new Uint8Array(atob(r.replace(e, "")).split("").map((i) => i.charCodeAt(0)));
|
|
409
412
|
switch (a) {
|
|
@@ -439,32 +442,32 @@ const Re = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
439
442
|
case "ECDH-ES+A128KW":
|
|
440
443
|
case "ECDH-ES+A192KW":
|
|
441
444
|
case "ECDH-ES+A256KW": {
|
|
442
|
-
const i =
|
|
445
|
+
const i = le(c);
|
|
443
446
|
s = i.startsWith("P-") ? { name: "ECDH", namedCurve: i } : { name: i }, o = [];
|
|
444
447
|
break;
|
|
445
448
|
}
|
|
446
449
|
case "EdDSA":
|
|
447
|
-
s = { name:
|
|
450
|
+
s = { name: le(c) }, o = ["verify"];
|
|
448
451
|
break;
|
|
449
452
|
default:
|
|
450
|
-
throw new
|
|
453
|
+
throw new _('Invalid or unsupported "alg" (Algorithm) value');
|
|
451
454
|
}
|
|
452
455
|
return G.subtle.importKey(t, c, s, !1, o);
|
|
453
|
-
},
|
|
454
|
-
async function
|
|
456
|
+
}, pt = (e, t, r) => ht(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
|
|
457
|
+
async function ft(e, t, r) {
|
|
455
458
|
if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
|
|
456
459
|
throw new TypeError('"spki" must be SPKI formatted string');
|
|
457
|
-
return
|
|
460
|
+
return pt(e, t);
|
|
458
461
|
}
|
|
459
|
-
const V = (e) => e == null ? void 0 : e[Symbol.toStringTag],
|
|
462
|
+
const V = (e) => e == null ? void 0 : e[Symbol.toStringTag], yt = (e, t) => {
|
|
460
463
|
if (!(t instanceof Uint8Array)) {
|
|
461
|
-
if (!
|
|
464
|
+
if (!Re(t))
|
|
462
465
|
throw new TypeError(ve(e, t, ...Y, "Uint8Array"));
|
|
463
466
|
if (t.type !== "secret")
|
|
464
467
|
throw new TypeError(`${V(t)} instances for symmetric algorithms must be of type "secret"`);
|
|
465
468
|
}
|
|
466
|
-
},
|
|
467
|
-
if (!
|
|
469
|
+
}, mt = (e, t, r) => {
|
|
470
|
+
if (!Re(t))
|
|
468
471
|
throw new TypeError(ve(e, t, ...Y));
|
|
469
472
|
if (t.type === "secret")
|
|
470
473
|
throw new TypeError(`${V(t)} instances for asymmetric algorithms must not be of type "secret"`);
|
|
@@ -472,10 +475,10 @@ const V = (e) => e == null ? void 0 : e[Symbol.toStringTag], lt = (e, t) => {
|
|
|
472
475
|
throw new TypeError(`${V(t)} instances for asymmetric algorithm verifying must be of type "public"`);
|
|
473
476
|
if (t.algorithm && r === "encrypt" && t.type === "private")
|
|
474
477
|
throw new TypeError(`${V(t)} instances for asymmetric algorithm encryption must be of type "public"`);
|
|
475
|
-
},
|
|
476
|
-
e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ?
|
|
478
|
+
}, wt = (e, t, r) => {
|
|
479
|
+
e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? yt(e, t) : mt(e, t, r);
|
|
477
480
|
};
|
|
478
|
-
function
|
|
481
|
+
function Et(e, t, r, a, n) {
|
|
479
482
|
if (n.crit !== void 0 && (a == null ? void 0 : a.crit) === void 0)
|
|
480
483
|
throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
|
|
481
484
|
if (!a || a.crit === void 0)
|
|
@@ -486,7 +489,7 @@ function yt(e, t, r, a, n) {
|
|
|
486
489
|
r !== void 0 ? s = new Map([...Object.entries(r), ...t.entries()]) : s = t;
|
|
487
490
|
for (const o of a.crit) {
|
|
488
491
|
if (!s.has(o))
|
|
489
|
-
throw new
|
|
492
|
+
throw new _(`Extension Header Parameter "${o}" is not recognized`);
|
|
490
493
|
if (n[o] === void 0)
|
|
491
494
|
throw new e(`Extension Header Parameter "${o}" is missing`);
|
|
492
495
|
if (s.get(o) && a[o] === void 0)
|
|
@@ -494,13 +497,13 @@ function yt(e, t, r, a, n) {
|
|
|
494
497
|
}
|
|
495
498
|
return new Set(a.crit);
|
|
496
499
|
}
|
|
497
|
-
const
|
|
500
|
+
const St = (e, t) => {
|
|
498
501
|
if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
|
|
499
502
|
throw new TypeError(`"${e}" option must be an array of strings`);
|
|
500
503
|
if (t)
|
|
501
504
|
return new Set(t);
|
|
502
505
|
};
|
|
503
|
-
function
|
|
506
|
+
function gt(e, t) {
|
|
504
507
|
const r = `SHA-${e.slice(-3)}`;
|
|
505
508
|
switch (e) {
|
|
506
509
|
case "HS256":
|
|
@@ -522,31 +525,31 @@ function mt(e, t) {
|
|
|
522
525
|
case "EdDSA":
|
|
523
526
|
return { name: t.name };
|
|
524
527
|
default:
|
|
525
|
-
throw new
|
|
528
|
+
throw new _(`alg ${e} is not supported either by JOSE or your javascript runtime`);
|
|
526
529
|
}
|
|
527
530
|
}
|
|
528
|
-
async function
|
|
529
|
-
if (t = await
|
|
530
|
-
return
|
|
531
|
+
async function At(e, t, r) {
|
|
532
|
+
if (t = await lt.normalizePublicKey(t, e), ke(t))
|
|
533
|
+
return at(t, e, r), t;
|
|
531
534
|
if (t instanceof Uint8Array) {
|
|
532
535
|
if (!e.startsWith("HS"))
|
|
533
|
-
throw new TypeError(
|
|
536
|
+
throw new TypeError(de(t, ...Y));
|
|
534
537
|
return G.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
|
|
535
538
|
}
|
|
536
|
-
throw new TypeError(
|
|
539
|
+
throw new TypeError(de(t, ...Y, "Uint8Array"));
|
|
537
540
|
}
|
|
538
|
-
const
|
|
539
|
-
const n = await
|
|
540
|
-
|
|
541
|
-
const s =
|
|
541
|
+
const Tt = async (e, t, r, a) => {
|
|
542
|
+
const n = await At(e, t, "verify");
|
|
543
|
+
ot(e, n);
|
|
544
|
+
const s = gt(e, n.algorithm);
|
|
542
545
|
try {
|
|
543
546
|
return await G.subtle.verify(s, n, r, a);
|
|
544
547
|
} catch {
|
|
545
548
|
return !1;
|
|
546
549
|
}
|
|
547
550
|
};
|
|
548
|
-
async function
|
|
549
|
-
if (!
|
|
551
|
+
async function kt(e, t, r) {
|
|
552
|
+
if (!oe(e))
|
|
550
553
|
throw new h("Flattened JWS must be an object");
|
|
551
554
|
if (e.protected === void 0 && e.header === void 0)
|
|
552
555
|
throw new h('Flattened JWS must have either of the "protected" or "header" members');
|
|
@@ -556,7 +559,7 @@ async function St(e, t, r) {
|
|
|
556
559
|
throw new h("JWS Payload missing");
|
|
557
560
|
if (typeof e.signature != "string")
|
|
558
561
|
throw new h("JWS Signature missing or incorrect type");
|
|
559
|
-
if (e.header !== void 0 && !
|
|
562
|
+
if (e.header !== void 0 && !oe(e.header))
|
|
560
563
|
throw new h("JWS Unprotected Header incorrect type");
|
|
561
564
|
let a = {};
|
|
562
565
|
if (e.protected)
|
|
@@ -566,60 +569,60 @@ async function St(e, t, r) {
|
|
|
566
569
|
} catch {
|
|
567
570
|
throw new h("JWS Protected Header is invalid");
|
|
568
571
|
}
|
|
569
|
-
if (!
|
|
572
|
+
if (!nt(a, e.header))
|
|
570
573
|
throw new h("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
571
574
|
const n = {
|
|
572
575
|
...a,
|
|
573
576
|
...e.header
|
|
574
|
-
}, s =
|
|
577
|
+
}, s = Et(h, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, a, n);
|
|
575
578
|
let o = !0;
|
|
576
579
|
if (s.has("b64") && (o = a.b64, typeof o != "boolean"))
|
|
577
580
|
throw new h('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
578
581
|
const { alg: c } = n;
|
|
579
582
|
if (typeof c != "string" || !c)
|
|
580
583
|
throw new h('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
581
|
-
const i = r &&
|
|
584
|
+
const i = r && St("algorithms", r.algorithms);
|
|
582
585
|
if (i && !i.has(c))
|
|
583
|
-
throw new
|
|
586
|
+
throw new Ze('"alg" (Algorithm) Header Parameter value not allowed');
|
|
584
587
|
if (o) {
|
|
585
588
|
if (typeof e.payload != "string")
|
|
586
589
|
throw new h("JWS Payload must be a string");
|
|
587
590
|
} else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
|
|
588
591
|
throw new h("JWS Payload must be a string or an Uint8Array instance");
|
|
589
592
|
let u = !1;
|
|
590
|
-
typeof t == "function" && (t = await t(a, e), u = !0),
|
|
591
|
-
const m =
|
|
592
|
-
let
|
|
593
|
+
typeof t == "function" && (t = await t(a, e), u = !0), wt(c, t, "verify");
|
|
594
|
+
const m = Xe(N.encode(e.protected ?? ""), N.encode("."), typeof e.payload == "string" ? N.encode(e.payload) : e.payload);
|
|
595
|
+
let f;
|
|
593
596
|
try {
|
|
594
|
-
|
|
597
|
+
f = M(e.signature);
|
|
595
598
|
} catch {
|
|
596
599
|
throw new h("Failed to base64url decode the signature");
|
|
597
600
|
}
|
|
598
|
-
if (!await
|
|
599
|
-
throw new
|
|
600
|
-
let
|
|
601
|
+
if (!await Tt(c, t, f, m))
|
|
602
|
+
throw new et();
|
|
603
|
+
let k;
|
|
601
604
|
if (o)
|
|
602
605
|
try {
|
|
603
|
-
|
|
606
|
+
k = M(e.payload);
|
|
604
607
|
} catch {
|
|
605
608
|
throw new h("Failed to base64url decode the payload");
|
|
606
609
|
}
|
|
607
610
|
else
|
|
608
|
-
typeof e.payload == "string" ?
|
|
609
|
-
const E = { payload:
|
|
611
|
+
typeof e.payload == "string" ? k = N.encode(e.payload) : k = e.payload;
|
|
612
|
+
const E = { payload: k };
|
|
610
613
|
return e.protected !== void 0 && (E.protectedHeader = a), e.header !== void 0 && (E.unprotectedHeader = e.header), u ? { ...E, key: t } : E;
|
|
611
614
|
}
|
|
612
|
-
async function
|
|
615
|
+
async function bt(e, t, r) {
|
|
613
616
|
if (e instanceof Uint8Array && (e = q.decode(e)), typeof e != "string")
|
|
614
617
|
throw new h("Compact JWS must be a string or Uint8Array");
|
|
615
618
|
const { 0: a, 1: n, 2: s, length: o } = e.split(".");
|
|
616
619
|
if (o !== 3)
|
|
617
620
|
throw new h("Invalid Compact JWS");
|
|
618
|
-
const c = await
|
|
621
|
+
const c = await kt({ payload: n, protected: a, signature: s }, t, r), i = { payload: c.payload, protectedHeader: c.protectedHeader };
|
|
619
622
|
return typeof t == "function" ? { ...i, key: c.key } : i;
|
|
620
623
|
}
|
|
621
|
-
const
|
|
622
|
-
const t =
|
|
624
|
+
const _t = (e) => Math.floor(e.getTime() / 1e3), Oe = 60, De = Oe * 60, ie = De * 24, vt = ie * 7, Rt = ie * 365.25, It = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, he = (e) => {
|
|
625
|
+
const t = It.exec(e);
|
|
623
626
|
if (!t || t[4] && t[1])
|
|
624
627
|
throw new TypeError("Invalid time period format");
|
|
625
628
|
const r = parseFloat(t[2]), a = t[3].toLowerCase();
|
|
@@ -637,172 +640,172 @@ const At = (e) => Math.floor(e.getTime() / 1e3), Ce = 60, Pe = Ce * 60, oe = Pe
|
|
|
637
640
|
case "min":
|
|
638
641
|
case "mins":
|
|
639
642
|
case "m":
|
|
640
|
-
n = Math.round(r *
|
|
643
|
+
n = Math.round(r * Oe);
|
|
641
644
|
break;
|
|
642
645
|
case "hour":
|
|
643
646
|
case "hours":
|
|
644
647
|
case "hr":
|
|
645
648
|
case "hrs":
|
|
646
649
|
case "h":
|
|
647
|
-
n = Math.round(r *
|
|
650
|
+
n = Math.round(r * De);
|
|
648
651
|
break;
|
|
649
652
|
case "day":
|
|
650
653
|
case "days":
|
|
651
654
|
case "d":
|
|
652
|
-
n = Math.round(r *
|
|
655
|
+
n = Math.round(r * ie);
|
|
653
656
|
break;
|
|
654
657
|
case "week":
|
|
655
658
|
case "weeks":
|
|
656
659
|
case "w":
|
|
657
|
-
n = Math.round(r *
|
|
660
|
+
n = Math.round(r * vt);
|
|
658
661
|
break;
|
|
659
662
|
default:
|
|
660
|
-
n = Math.round(r *
|
|
663
|
+
n = Math.round(r * Rt);
|
|
661
664
|
break;
|
|
662
665
|
}
|
|
663
666
|
return t[1] === "-" || t[4] === "ago" ? -n : n;
|
|
664
|
-
},
|
|
667
|
+
}, pe = (e) => e.toLowerCase().replace(/^application\//, ""), Ct = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Pt = (e, t, r = {}) => {
|
|
665
668
|
let a;
|
|
666
669
|
try {
|
|
667
670
|
a = JSON.parse(q.decode(t));
|
|
668
671
|
} catch {
|
|
669
672
|
}
|
|
670
|
-
if (!
|
|
673
|
+
if (!oe(a))
|
|
671
674
|
throw new be("JWT Claims Set must be a top-level JSON object");
|
|
672
675
|
const { typ: n } = r;
|
|
673
|
-
if (n && (typeof e.typ != "string" ||
|
|
674
|
-
throw new
|
|
676
|
+
if (n && (typeof e.typ != "string" || pe(e.typ) !== pe(n)))
|
|
677
|
+
throw new S('unexpected "typ" JWT header value', a, "typ", "check_failed");
|
|
675
678
|
const { requiredClaims: s = [], issuer: o, subject: c, audience: i, maxTokenAge: u } = r, m = [...s];
|
|
676
679
|
u !== void 0 && m.push("iat"), i !== void 0 && m.push("aud"), c !== void 0 && m.push("sub"), o !== void 0 && m.push("iss");
|
|
677
680
|
for (const w of new Set(m.reverse()))
|
|
678
681
|
if (!(w in a))
|
|
679
|
-
throw new
|
|
682
|
+
throw new S(`missing required "${w}" claim`, a, w, "missing");
|
|
680
683
|
if (o && !(Array.isArray(o) ? o : [o]).includes(a.iss))
|
|
681
|
-
throw new
|
|
684
|
+
throw new S('unexpected "iss" claim value', a, "iss", "check_failed");
|
|
682
685
|
if (c && a.sub !== c)
|
|
683
|
-
throw new
|
|
684
|
-
if (i && !
|
|
685
|
-
throw new
|
|
686
|
-
let
|
|
686
|
+
throw new S('unexpected "sub" claim value', a, "sub", "check_failed");
|
|
687
|
+
if (i && !Ct(a.aud, typeof i == "string" ? [i] : i))
|
|
688
|
+
throw new S('unexpected "aud" claim value', a, "aud", "check_failed");
|
|
689
|
+
let f;
|
|
687
690
|
switch (typeof r.clockTolerance) {
|
|
688
691
|
case "string":
|
|
689
|
-
|
|
692
|
+
f = he(r.clockTolerance);
|
|
690
693
|
break;
|
|
691
694
|
case "number":
|
|
692
|
-
|
|
695
|
+
f = r.clockTolerance;
|
|
693
696
|
break;
|
|
694
697
|
case "undefined":
|
|
695
|
-
|
|
698
|
+
f = 0;
|
|
696
699
|
break;
|
|
697
700
|
default:
|
|
698
701
|
throw new TypeError("Invalid clockTolerance option type");
|
|
699
702
|
}
|
|
700
|
-
const { currentDate:
|
|
703
|
+
const { currentDate: k } = r, E = _t(k || /* @__PURE__ */ new Date());
|
|
701
704
|
if ((a.iat !== void 0 || u) && typeof a.iat != "number")
|
|
702
|
-
throw new
|
|
705
|
+
throw new S('"iat" claim must be a number', a, "iat", "invalid");
|
|
703
706
|
if (a.nbf !== void 0) {
|
|
704
707
|
if (typeof a.nbf != "number")
|
|
705
|
-
throw new
|
|
706
|
-
if (a.nbf > E +
|
|
707
|
-
throw new
|
|
708
|
+
throw new S('"nbf" claim must be a number', a, "nbf", "invalid");
|
|
709
|
+
if (a.nbf > E + f)
|
|
710
|
+
throw new S('"nbf" claim timestamp check failed', a, "nbf", "check_failed");
|
|
708
711
|
}
|
|
709
712
|
if (a.exp !== void 0) {
|
|
710
713
|
if (typeof a.exp != "number")
|
|
711
|
-
throw new
|
|
712
|
-
if (a.exp <= E -
|
|
713
|
-
throw new
|
|
714
|
+
throw new S('"exp" claim must be a number', a, "exp", "invalid");
|
|
715
|
+
if (a.exp <= E - f)
|
|
716
|
+
throw new ue('"exp" claim timestamp check failed', a, "exp", "check_failed");
|
|
714
717
|
}
|
|
715
718
|
if (u) {
|
|
716
|
-
const w = E - a.iat,
|
|
717
|
-
if (w -
|
|
718
|
-
throw new
|
|
719
|
-
if (w < 0 -
|
|
720
|
-
throw new
|
|
719
|
+
const w = E - a.iat, X = typeof u == "number" ? u : he(u);
|
|
720
|
+
if (w - f > X)
|
|
721
|
+
throw new ue('"iat" claim timestamp check failed (too far in the past)', a, "iat", "check_failed");
|
|
722
|
+
if (w < 0 - f)
|
|
723
|
+
throw new S('"iat" claim timestamp check failed (it should be in the past)', a, "iat", "check_failed");
|
|
721
724
|
}
|
|
722
725
|
return a;
|
|
723
726
|
};
|
|
724
|
-
async function
|
|
727
|
+
async function Ot(e, t, r) {
|
|
725
728
|
var a;
|
|
726
|
-
const n = await
|
|
729
|
+
const n = await bt(e, t, r);
|
|
727
730
|
if ((a = n.protectedHeader.crit) != null && a.includes("b64") && n.protectedHeader.b64 === !1)
|
|
728
731
|
throw new be("JWTs MUST NOT use unencoded payload");
|
|
729
|
-
const s = { payload:
|
|
732
|
+
const s = { payload: Pt(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
|
|
730
733
|
return typeof t == "function" ? { ...s, key: n.key } : s;
|
|
731
734
|
}
|
|
732
|
-
const
|
|
735
|
+
const U = async (e) => {
|
|
733
736
|
try {
|
|
734
|
-
const t =
|
|
735
|
-
return await
|
|
736
|
-
issuer:
|
|
737
|
+
const t = y.ALG, r = await ft(ze, t);
|
|
738
|
+
return await Ot(e, r, {
|
|
739
|
+
issuer: y.ISSUER
|
|
737
740
|
});
|
|
738
741
|
} catch {
|
|
739
742
|
return;
|
|
740
743
|
}
|
|
741
744
|
};
|
|
742
745
|
var d = [];
|
|
743
|
-
for (var
|
|
744
|
-
d.push((
|
|
745
|
-
function
|
|
746
|
+
for (var te = 0; te < 256; ++te)
|
|
747
|
+
d.push((te + 256).toString(16).slice(1));
|
|
748
|
+
function Dt(e, t = 0) {
|
|
746
749
|
return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
|
|
747
750
|
}
|
|
748
|
-
var L,
|
|
749
|
-
function
|
|
751
|
+
var L, Ut = new Uint8Array(16);
|
|
752
|
+
function Ht() {
|
|
750
753
|
if (!L && (L = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !L))
|
|
751
754
|
throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
|
|
752
|
-
return L(
|
|
755
|
+
return L(Ut);
|
|
753
756
|
}
|
|
754
|
-
var
|
|
755
|
-
const
|
|
756
|
-
randomUUID:
|
|
757
|
+
var Kt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
|
|
758
|
+
const fe = {
|
|
759
|
+
randomUUID: Kt
|
|
757
760
|
};
|
|
758
|
-
function
|
|
759
|
-
if (
|
|
760
|
-
return
|
|
761
|
+
function ye(e, t, r) {
|
|
762
|
+
if (fe.randomUUID && !t && !e)
|
|
763
|
+
return fe.randomUUID();
|
|
761
764
|
e = e || {};
|
|
762
|
-
var a = e.random || (e.rng ||
|
|
763
|
-
return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128,
|
|
765
|
+
var a = e.random || (e.rng || Ht)();
|
|
766
|
+
return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, Dt(a);
|
|
764
767
|
}
|
|
765
|
-
const
|
|
768
|
+
const me = globalThis.crypto, Nt = (e) => `${ye()}${ye()}`.slice(0, e), $t = (e) => btoa(
|
|
766
769
|
[...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
|
|
767
770
|
);
|
|
768
|
-
async function
|
|
769
|
-
if (!
|
|
771
|
+
async function Lt(e) {
|
|
772
|
+
if (!me.subtle)
|
|
770
773
|
throw new Error(
|
|
771
774
|
"crypto.subtle is available only in secure contexts (HTTPS)."
|
|
772
775
|
);
|
|
773
|
-
const t = new TextEncoder().encode(e), r = await
|
|
774
|
-
return
|
|
776
|
+
const t = new TextEncoder().encode(e), r = await me.subtle.digest("SHA-256", t);
|
|
777
|
+
return $t(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
775
778
|
}
|
|
776
|
-
async function
|
|
777
|
-
const r =
|
|
779
|
+
async function Wt(e) {
|
|
780
|
+
const r = Nt(43), a = await Lt(r);
|
|
778
781
|
return {
|
|
779
782
|
code_verifier: r,
|
|
780
783
|
code_challenge: a
|
|
781
784
|
};
|
|
782
785
|
}
|
|
783
|
-
function
|
|
786
|
+
function Ue(e, t) {
|
|
784
787
|
window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
|
|
785
788
|
}
|
|
786
|
-
const
|
|
789
|
+
const we = (e, t) => {
|
|
787
790
|
const r = JSON.stringify(
|
|
788
791
|
typeof t == "function" ? t() : t
|
|
789
792
|
);
|
|
790
|
-
window.localStorage.setItem(e, r),
|
|
791
|
-
},
|
|
792
|
-
window.localStorage.removeItem(e),
|
|
793
|
-
},
|
|
793
|
+
window.localStorage.setItem(e, r), Ue(e, r);
|
|
794
|
+
}, Jt = (e) => {
|
|
795
|
+
window.localStorage.removeItem(e), Ue(e, null);
|
|
796
|
+
}, Ee = (e) => window.localStorage.getItem(e), xt = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
|
|
794
797
|
function W({
|
|
795
798
|
key: e,
|
|
796
799
|
initialValue: t
|
|
797
800
|
}) {
|
|
798
|
-
const r = () =>
|
|
799
|
-
|
|
801
|
+
const r = () => Ee(e), a = D.useSyncExternalStore(
|
|
802
|
+
xt,
|
|
800
803
|
r
|
|
801
804
|
), n = D.useCallback(
|
|
802
805
|
(c) => {
|
|
803
806
|
try {
|
|
804
807
|
const i = typeof c == "function" ? c(JSON.parse(a)) : c;
|
|
805
|
-
i == null ?
|
|
808
|
+
i == null ? Jt(e) : we(e, i);
|
|
806
809
|
} catch (i) {
|
|
807
810
|
console.warn(i);
|
|
808
811
|
}
|
|
@@ -815,52 +818,52 @@ function W({
|
|
|
815
818
|
}, [n]);
|
|
816
819
|
return D.useEffect(() => {
|
|
817
820
|
try {
|
|
818
|
-
|
|
821
|
+
Ee(e) === null && typeof t < "u" && we(e, t);
|
|
819
822
|
} catch (c) {
|
|
820
823
|
console.warn(c);
|
|
821
824
|
}
|
|
822
825
|
}, [e, t]), [a ? JSON.parse(a) : null, n, s, o];
|
|
823
826
|
}
|
|
824
827
|
var l = [];
|
|
825
|
-
for (var
|
|
826
|
-
l.push((
|
|
827
|
-
function
|
|
828
|
+
for (var re = 0; re < 256; ++re)
|
|
829
|
+
l.push((re + 256).toString(16).slice(1));
|
|
830
|
+
function jt(e, t = 0) {
|
|
828
831
|
return (l[e[t + 0]] + l[e[t + 1]] + l[e[t + 2]] + l[e[t + 3]] + "-" + l[e[t + 4]] + l[e[t + 5]] + "-" + l[e[t + 6]] + l[e[t + 7]] + "-" + l[e[t + 8]] + l[e[t + 9]] + "-" + l[e[t + 10]] + l[e[t + 11]] + l[e[t + 12]] + l[e[t + 13]] + l[e[t + 14]] + l[e[t + 15]]).toLowerCase();
|
|
829
832
|
}
|
|
830
|
-
var J,
|
|
831
|
-
function
|
|
833
|
+
var J, Mt = new Uint8Array(16);
|
|
834
|
+
function Vt() {
|
|
832
835
|
if (!J && (J = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !J))
|
|
833
836
|
throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
|
|
834
|
-
return J(
|
|
837
|
+
return J(Mt);
|
|
835
838
|
}
|
|
836
|
-
var
|
|
837
|
-
const
|
|
838
|
-
randomUUID:
|
|
839
|
+
var Yt = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
|
|
840
|
+
const Se = {
|
|
841
|
+
randomUUID: Yt
|
|
839
842
|
};
|
|
840
|
-
function
|
|
841
|
-
if (
|
|
842
|
-
return
|
|
843
|
+
function Bt(e, t, r) {
|
|
844
|
+
if (Se.randomUUID && !t && !e)
|
|
845
|
+
return Se.randomUUID();
|
|
843
846
|
e = e || {};
|
|
844
|
-
var a = e.random || (e.rng ||
|
|
845
|
-
return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128,
|
|
847
|
+
var a = e.random || (e.rng || Vt)();
|
|
848
|
+
return a[6] = a[6] & 15 | 64, a[8] = a[8] & 63 | 128, jt(a);
|
|
846
849
|
}
|
|
847
|
-
const
|
|
850
|
+
const ae = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Ft = "Your session has been successfully terminated.", ge = "Login failed. Please try again.", ne = "Error getting access token, please re-authenticate.", Gt = "You forgot to wrap your component in <AuthProvider>.", Ae = {
|
|
848
851
|
dev: "https://auth.gizmette.local.com:3003",
|
|
849
852
|
prod: "https://mylogin.gizmette.com"
|
|
850
|
-
}, x = "@@auth@@",
|
|
853
|
+
}, x = "@@auth@@", qt = process.env.NODE_ENV === "production", zt = !qt, z = async ({
|
|
851
854
|
type: e,
|
|
852
855
|
clientId: t,
|
|
853
856
|
params: r = {}
|
|
854
857
|
}) => {
|
|
855
858
|
try {
|
|
856
859
|
const a = await fetch(
|
|
857
|
-
|
|
860
|
+
zt ? `${Ae.dev}/${e}` : `${Ae.prod}/${e}`,
|
|
858
861
|
{
|
|
859
862
|
credentials: "include",
|
|
860
863
|
method: "POST",
|
|
861
864
|
headers: {
|
|
862
865
|
"Content-Type": "application/json",
|
|
863
|
-
[
|
|
866
|
+
[qe.CLIENT_ID]: `${t}`
|
|
864
867
|
},
|
|
865
868
|
body: JSON.stringify(r)
|
|
866
869
|
}
|
|
@@ -876,7 +879,7 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
876
879
|
} catch (a) {
|
|
877
880
|
return console.error(a), { status: 500, data: [] };
|
|
878
881
|
}
|
|
879
|
-
},
|
|
882
|
+
}, se = async ({
|
|
880
883
|
idToken: e,
|
|
881
884
|
accessToken: t,
|
|
882
885
|
refreshToken: r,
|
|
@@ -899,7 +902,7 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
899
902
|
status: !1
|
|
900
903
|
};
|
|
901
904
|
}
|
|
902
|
-
},
|
|
905
|
+
}, Te = async ({
|
|
903
906
|
username: e,
|
|
904
907
|
password: t,
|
|
905
908
|
clientId: r,
|
|
@@ -922,12 +925,12 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
922
925
|
code: o,
|
|
923
926
|
code_verifier: c
|
|
924
927
|
}
|
|
925
|
-
}), u = await
|
|
926
|
-
return u && u.payload[
|
|
928
|
+
}), u = await U(i.data.idToken);
|
|
929
|
+
return u && u.payload[y.USER_ID_KEY] !== "" && u.payload[y.NONCE_KEY] === a ? {
|
|
927
930
|
idToken: i.data.idToken,
|
|
928
931
|
accessToken: i.data.accessToken,
|
|
929
932
|
refreshToken: i.data.refreshToken,
|
|
930
|
-
userId: u.payload[
|
|
933
|
+
userId: u.payload[y.USER_ID_KEY],
|
|
931
934
|
status: !0
|
|
932
935
|
} : {
|
|
933
936
|
status: !1
|
|
@@ -937,7 +940,7 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
937
940
|
status: !1
|
|
938
941
|
};
|
|
939
942
|
}
|
|
940
|
-
},
|
|
943
|
+
}, Xt = async ({
|
|
941
944
|
nonce: e,
|
|
942
945
|
clientId: t,
|
|
943
946
|
code_challenge: r
|
|
@@ -963,7 +966,7 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
963
966
|
status: !1
|
|
964
967
|
};
|
|
965
968
|
}
|
|
966
|
-
},
|
|
969
|
+
}, Qt = async ({
|
|
967
970
|
clientId: e,
|
|
968
971
|
userId: t,
|
|
969
972
|
nonce: r,
|
|
@@ -981,11 +984,11 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
981
984
|
refreshToken: a,
|
|
982
985
|
accessToken: n
|
|
983
986
|
}
|
|
984
|
-
}), o = await
|
|
985
|
-
return o && o.payload[
|
|
987
|
+
}), o = await U(s.data.accessToken);
|
|
988
|
+
return o && o.payload[y.USER_ID_KEY] !== "" && o.payload[y.NONCE_KEY] === r ? {
|
|
986
989
|
accessToken: s.data.accessToken,
|
|
987
990
|
refreshToken: s.data.refreshToken,
|
|
988
|
-
userId: o.payload[
|
|
991
|
+
userId: o.payload[y.USER_ID_KEY],
|
|
989
992
|
status: !0
|
|
990
993
|
} : {
|
|
991
994
|
status: !1
|
|
@@ -995,9 +998,60 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
995
998
|
status: !1
|
|
996
999
|
};
|
|
997
1000
|
}
|
|
998
|
-
}
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
+
};
|
|
1002
|
+
class Zt {
|
|
1003
|
+
constructor(t = null, r = null) {
|
|
1004
|
+
K(this, "refreshTokenPromise", null);
|
|
1005
|
+
K(this, "accessToken");
|
|
1006
|
+
K(this, "refreshToken");
|
|
1007
|
+
this.accessToken = t || "", this.refreshToken = r || "";
|
|
1008
|
+
}
|
|
1009
|
+
async refreshtoken({
|
|
1010
|
+
clientId: t,
|
|
1011
|
+
userId: r,
|
|
1012
|
+
nonce: a
|
|
1013
|
+
}) {
|
|
1014
|
+
this.refreshTokenPromise || (this.refreshTokenPromise = this._refreshToken({
|
|
1015
|
+
clientId: t,
|
|
1016
|
+
userId: r,
|
|
1017
|
+
nonce: a
|
|
1018
|
+
}));
|
|
1019
|
+
try {
|
|
1020
|
+
return await this.refreshTokenPromise;
|
|
1021
|
+
} finally {
|
|
1022
|
+
this.refreshTokenPromise = null;
|
|
1023
|
+
}
|
|
1024
|
+
}
|
|
1025
|
+
async _refreshToken({
|
|
1026
|
+
clientId: t,
|
|
1027
|
+
userId: r,
|
|
1028
|
+
nonce: a
|
|
1029
|
+
}) {
|
|
1030
|
+
const n = await U(this.refreshToken);
|
|
1031
|
+
if (n && n.payload[y.USER_ID_KEY] !== "") {
|
|
1032
|
+
const s = await Qt({
|
|
1033
|
+
clientId: t,
|
|
1034
|
+
userId: r,
|
|
1035
|
+
nonce: a,
|
|
1036
|
+
refreshToken: this.refreshToken,
|
|
1037
|
+
accessToken: this.accessToken
|
|
1038
|
+
});
|
|
1039
|
+
return s.status ? (this.accessToken = s.accessToken, this.refreshToken = s.refreshToken, {
|
|
1040
|
+
status: "success",
|
|
1041
|
+
newAccessToken: s.accessToken,
|
|
1042
|
+
newRefreshToken: s.refreshToken
|
|
1043
|
+
}) : {
|
|
1044
|
+
status: "failure"
|
|
1045
|
+
};
|
|
1046
|
+
} else
|
|
1047
|
+
return {
|
|
1048
|
+
status: "failure"
|
|
1049
|
+
};
|
|
1050
|
+
}
|
|
1051
|
+
}
|
|
1052
|
+
const j = () => {
|
|
1053
|
+
throw new Error(Gt);
|
|
1054
|
+
}, He = Ve({
|
|
1001
1055
|
isAuthenticated: !1,
|
|
1002
1056
|
isLoading: !1,
|
|
1003
1057
|
login: j,
|
|
@@ -1005,7 +1059,7 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
1005
1059
|
getAccessToken: j,
|
|
1006
1060
|
getIdToken: j,
|
|
1007
1061
|
logoutReason: ""
|
|
1008
|
-
}),
|
|
1062
|
+
}), sr = ({
|
|
1009
1063
|
children: e,
|
|
1010
1064
|
sessionExpiration: t,
|
|
1011
1065
|
clientId: r
|
|
@@ -1014,48 +1068,48 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
1014
1068
|
key: `${x}::${r}::@@user@@`
|
|
1015
1069
|
}), [o, c, , i] = W({
|
|
1016
1070
|
key: `${x}::${r}::@@access@@`
|
|
1017
|
-
}), [u, m, ,
|
|
1071
|
+
}), [u, m, , f] = W(
|
|
1018
1072
|
{
|
|
1019
1073
|
key: `${x}::${r}::@@refresh@@`
|
|
1020
1074
|
}
|
|
1021
|
-
), [
|
|
1075
|
+
), [k, E, , w] = W({
|
|
1022
1076
|
key: `${x}::${r}::@@nonce@@`
|
|
1023
|
-
}), [
|
|
1077
|
+
}), X = new Zt(o, u), [C, H] = Ye({
|
|
1024
1078
|
isLoading: !0,
|
|
1025
1079
|
isAuthenticated: !1,
|
|
1026
1080
|
user: void 0,
|
|
1027
1081
|
logoutReason: ""
|
|
1028
|
-
}),
|
|
1082
|
+
}), g = Be(
|
|
1029
1083
|
(p) => {
|
|
1030
|
-
|
|
1084
|
+
console.warn(p), H({
|
|
1031
1085
|
isLoading: !1,
|
|
1032
1086
|
isAuthenticated: !1,
|
|
1033
1087
|
user: void 0,
|
|
1034
|
-
logoutReason: p ||
|
|
1035
|
-
}), s(), i(),
|
|
1088
|
+
logoutReason: p || ae
|
|
1089
|
+
}), s(), i(), f(), w();
|
|
1036
1090
|
},
|
|
1037
|
-
[s, i, w,
|
|
1091
|
+
[s, i, w, f]
|
|
1038
1092
|
);
|
|
1039
|
-
|
|
1040
|
-
|
|
1093
|
+
Fe(() => {
|
|
1094
|
+
C.isLoading && a !== null && (async () => {
|
|
1041
1095
|
try {
|
|
1042
|
-
const p = await
|
|
1043
|
-
p && p.payload[
|
|
1096
|
+
const p = await U(a);
|
|
1097
|
+
p && p.payload[y.USER_ID_KEY] !== "" ? H({
|
|
1044
1098
|
isLoading: !1,
|
|
1045
1099
|
isAuthenticated: !0,
|
|
1046
1100
|
user: {
|
|
1047
|
-
userId: p.payload[
|
|
1048
|
-
username: p.payload[
|
|
1101
|
+
userId: p.payload[y.USER_ID_KEY],
|
|
1102
|
+
username: p.payload[y.USERNAME_KEY]
|
|
1049
1103
|
},
|
|
1050
1104
|
logoutReason: ""
|
|
1051
|
-
}) : (
|
|
1105
|
+
}) : (g(ae), await se({
|
|
1052
1106
|
idToken: a,
|
|
1053
1107
|
accessToken: o,
|
|
1054
1108
|
refreshToken: u,
|
|
1055
1109
|
clientId: r
|
|
1056
1110
|
}));
|
|
1057
1111
|
} catch {
|
|
1058
|
-
|
|
1112
|
+
g(ae), await se({
|
|
1059
1113
|
idToken: a,
|
|
1060
1114
|
accessToken: o,
|
|
1061
1115
|
refreshToken: u,
|
|
@@ -1064,33 +1118,33 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
1064
1118
|
}
|
|
1065
1119
|
})();
|
|
1066
1120
|
}, [
|
|
1067
|
-
|
|
1121
|
+
C.isLoading,
|
|
1068
1122
|
o,
|
|
1069
1123
|
a,
|
|
1070
1124
|
u,
|
|
1071
1125
|
r,
|
|
1072
|
-
|
|
1126
|
+
g
|
|
1073
1127
|
]);
|
|
1074
|
-
const
|
|
1075
|
-
const
|
|
1076
|
-
if (E(
|
|
1077
|
-
const { code_verifier:
|
|
1078
|
-
nonce:
|
|
1128
|
+
const Ke = async (p, I, A) => {
|
|
1129
|
+
const v = Bt();
|
|
1130
|
+
if (E(v), A === B.CODE) {
|
|
1131
|
+
const { code_verifier: We, code_challenge: Je } = await Wt(), ce = await Xt({
|
|
1132
|
+
nonce: v,
|
|
1079
1133
|
clientId: r,
|
|
1080
|
-
code_challenge:
|
|
1134
|
+
code_challenge: Je
|
|
1081
1135
|
});
|
|
1082
|
-
if (
|
|
1083
|
-
const O = await
|
|
1136
|
+
if (ce.status) {
|
|
1137
|
+
const O = await Te({
|
|
1084
1138
|
username: p,
|
|
1085
|
-
password:
|
|
1139
|
+
password: I,
|
|
1086
1140
|
clientId: r,
|
|
1087
1141
|
sessionExpiration: t,
|
|
1088
|
-
nonce:
|
|
1089
|
-
type:
|
|
1090
|
-
code:
|
|
1091
|
-
code_verifier:
|
|
1142
|
+
nonce: v,
|
|
1143
|
+
type: A,
|
|
1144
|
+
code: ce.code,
|
|
1145
|
+
code_verifier: We
|
|
1092
1146
|
});
|
|
1093
|
-
return O.status ? (n(O.idToken), c(O.accessToken), m(O.refreshToken),
|
|
1147
|
+
return O.status ? (n(O.idToken), c(O.accessToken), m(O.refreshToken), H({
|
|
1094
1148
|
isLoading: !1,
|
|
1095
1149
|
isAuthenticated: !0,
|
|
1096
1150
|
user: {
|
|
@@ -1098,72 +1152,67 @@ const re = "Oops! It looks like your session has expired. For your security, ple
|
|
|
1098
1152
|
username: p
|
|
1099
1153
|
},
|
|
1100
1154
|
logoutReason: ""
|
|
1101
|
-
}), !0) : (
|
|
1155
|
+
}), !0) : (g(ge), !1);
|
|
1102
1156
|
}
|
|
1103
1157
|
return !1;
|
|
1104
1158
|
}
|
|
1105
|
-
const
|
|
1159
|
+
const P = await Te({
|
|
1106
1160
|
username: p,
|
|
1107
|
-
password:
|
|
1161
|
+
password: I,
|
|
1108
1162
|
clientId: r,
|
|
1109
1163
|
sessionExpiration: t,
|
|
1110
|
-
nonce:
|
|
1111
|
-
type:
|
|
1164
|
+
nonce: v,
|
|
1165
|
+
type: A
|
|
1112
1166
|
});
|
|
1113
|
-
return
|
|
1167
|
+
return P.status ? (n(P.idToken), c(P.accessToken), m(P.refreshToken), H({
|
|
1114
1168
|
isLoading: !1,
|
|
1115
1169
|
isAuthenticated: !0,
|
|
1116
1170
|
user: {
|
|
1117
|
-
userId:
|
|
1171
|
+
userId: P.userId,
|
|
1118
1172
|
username: p
|
|
1119
1173
|
}
|
|
1120
|
-
}), !0) : (
|
|
1121
|
-
},
|
|
1122
|
-
|
|
1174
|
+
}), !0) : (g(ge), !1);
|
|
1175
|
+
}, Ne = async () => {
|
|
1176
|
+
g(Ft), await se({
|
|
1123
1177
|
idToken: a,
|
|
1124
1178
|
accessToken: o,
|
|
1125
1179
|
refreshToken: u,
|
|
1126
1180
|
clientId: r
|
|
1127
1181
|
});
|
|
1128
|
-
},
|
|
1129
|
-
const { isAuthenticated: p, user:
|
|
1182
|
+
}, $e = async () => {
|
|
1183
|
+
const { isAuthenticated: p, user: I } = C;
|
|
1130
1184
|
try {
|
|
1131
|
-
if (p &&
|
|
1132
|
-
|
|
1133
|
-
|
|
1134
|
-
|
|
1135
|
-
|
|
1136
|
-
if (I && I.payload[f.USER_ID_KEY] !== "") {
|
|
1137
|
-
const S = await Gt({
|
|
1138
|
-
clientId: r,
|
|
1139
|
-
userId: P.userId,
|
|
1140
|
-
nonce: _,
|
|
1141
|
-
refreshToken: u,
|
|
1142
|
-
accessToken: o
|
|
1143
|
-
});
|
|
1144
|
-
if (S.status)
|
|
1145
|
-
return c(S.accessToken), m(S.refreshToken), S.accessToken;
|
|
1146
|
-
A(U);
|
|
1185
|
+
if (p && I && I.userId) {
|
|
1186
|
+
if (o) {
|
|
1187
|
+
const v = await U(o);
|
|
1188
|
+
if (v && v.payload[y.USER_ID_KEY] !== "")
|
|
1189
|
+
return o;
|
|
1147
1190
|
}
|
|
1148
|
-
|
|
1191
|
+
const A = await X.refreshtoken({
|
|
1192
|
+
clientId: r,
|
|
1193
|
+
userId: I.userId,
|
|
1194
|
+
nonce: k
|
|
1195
|
+
});
|
|
1196
|
+
return A.status ? (c(A.newAccessToken), m(A.newRefreshToken), A.newAccessToken) : (g(ne), "");
|
|
1149
1197
|
}
|
|
1198
|
+
return g(ne), "";
|
|
1150
1199
|
} catch {
|
|
1151
|
-
return
|
|
1200
|
+
return g(ne), "";
|
|
1152
1201
|
}
|
|
1153
|
-
},
|
|
1154
|
-
if (
|
|
1202
|
+
}, Le = () => {
|
|
1203
|
+
if (C.isAuthenticated && a)
|
|
1155
1204
|
return a;
|
|
1156
1205
|
};
|
|
1157
|
-
return /* @__PURE__ */
|
|
1158
|
-
|
|
1206
|
+
return /* @__PURE__ */ Me(
|
|
1207
|
+
He.Provider,
|
|
1159
1208
|
{
|
|
1160
|
-
value: { ...
|
|
1209
|
+
value: { ...C, login: Ke, logout: Ne, getAccessToken: $e, getIdToken: Le },
|
|
1161
1210
|
children: e
|
|
1162
1211
|
}
|
|
1163
1212
|
);
|
|
1164
|
-
},
|
|
1213
|
+
}, or = (e = He) => Ge(e);
|
|
1165
1214
|
export {
|
|
1166
1215
|
B as AUTH_TYPES,
|
|
1167
|
-
|
|
1168
|
-
|
|
1216
|
+
sr as AuthProvider,
|
|
1217
|
+
or as useAuth
|
|
1169
1218
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@versini/auth-provider",
|
|
3
|
-
"version": "5.0.
|
|
3
|
+
"version": "5.0.2",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"author": "Arno Versini",
|
|
6
6
|
"publishConfig": {
|
|
@@ -46,8 +46,8 @@
|
|
|
46
46
|
"dependencies": {
|
|
47
47
|
"@versini/auth-common": "2.10.1",
|
|
48
48
|
"@versini/ui-hooks": "4.0.0",
|
|
49
|
-
"jose": "5.6.
|
|
49
|
+
"jose": "5.6.3",
|
|
50
50
|
"uuid": "10.0.0"
|
|
51
51
|
},
|
|
52
|
-
"gitHead": "
|
|
52
|
+
"gitHead": "6acc656ad13763d215aaf0e90d85e0ecf9cc4c7b"
|
|
53
53
|
}
|