@versini/auth-provider 5.3.0 → 6.0.0

package/dist/index.d.ts

@@ -3,6 +3,14 @@ import { AUTH_TYPES } from '@versini/auth-common';
 export { AUTH_TYPES } from '@versini/auth-common';
 import * as react from 'react';
 
+type AuthenticationTypes =
+	| typeof AUTH_TYPES.PASSKEY
+	| typeof AUTH_TYPES.CODE
+	| typeof AUTH_TYPES.ID_TOKEN
+	| typeof AUTH_TYPES.ACCESS_TOKEN
+	| typeof AUTH_TYPES.ID_AND_ACCESS_TOKEN
+	| null;
+
 type AuthProviderProps = {
 	children: React.ReactNode;
 	sessionExpiration?: string;
@@ -15,6 +23,7 @@ type AuthState = {
 	isLoading: boolean;
 	isAuthenticated: boolean;
 	logoutReason?: string;
+	authenticationType: AuthenticationTypes;
 	user?: {
 		userId?: string;
 		username?: string;

package/dist/index.js

@@ -4,26 +4,26 @@ var M = (e, t, r) => ht(e, typeof t != "symbol" ? t + "" : t, r);
 import { jsx as Te } from "react/jsx-runtime";
 import pt, { useSyncExternalStore as ft, useCallback as x, useEffect as Ke, createContext as yt, useReducer as mt, useRef as Et, useContext as wt } from "react";
 /*!
-  @versini/auth-provider v5.3.0
+  @versini/auth-provider v6.0.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
-    version: "5.3.0",
-    buildTime: "07/14/2024 06:45 PM EDT",
+    version: "6.0.0",
+    buildTime: "07/15/2024 12:46 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-function b(e) {
+function _(e) {
   const t = new Uint8Array(e);
   let r = "";
   for (const a of t)
     r += String.fromCharCode(a);
   return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
-function ee(e) {
+function te(e) {
   const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, n = t.padEnd(t.length + r, "="), a = atob(n), o = new ArrayBuffer(a.length), s = new Uint8Array(o);
   for (let i = 0; i < a.length; i++)
     s[i] = a.charCodeAt(i);
@@ -36,7 +36,7 @@ function He(e) {
   const { id: t } = e;
   return {
     ...e,
-    id: ee(t),
+    id: te(t),
     transports: e.transports
   };
 }
@@ -153,10 +153,10 @@ async function Tt(e) {
     throw new Error("WebAuthn is not supported in this browser");
   const r = { publicKey: {
     ...e,
-    challenge: ee(e.challenge),
+    challenge: te(e.challenge),
     user: {
       ...e.user,
-      id: ee(e.user.id)
+      id: te(e.user.id)
     },
     excludeCredentials: (m = e.excludeCredentials) == null ? void 0 : m.map(He)
   } };
@@ -183,23 +183,23 @@ async function Tt(e) {
   if (typeof s.getPublicKey == "function")
     try {
       const d = s.getPublicKey();
-      d !== null && (l = b(d));
+      d !== null && (l = _(d));
     } catch (d) {
       ce("getPublicKey()", d);
     }
   let f;
   if (typeof s.getAuthenticatorData == "function")
     try {
-      f = b(s.getAuthenticatorData());
+      f = _(s.getAuthenticatorData());
     } catch (d) {
       ce("getAuthenticatorData()", d);
     }
   return {
     id: a,
-    rawId: b(o),
+    rawId: _(o),
     response: {
-      attestationObject: b(s.attestationObject),
-      clientDataJSON: b(s.clientDataJSON),
+      attestationObject: _(s.attestationObject),
+      clientDataJSON: _(s.clientDataJSON),
       transports: u,
       publicKeyAlgorithm: h,
       publicKey: l,
@@ -261,7 +261,7 @@ function It({ error: e, options: t }) {
   }
   return e;
 }
-async function bt(e, t = !1) {
+async function _t(e, t = !1) {
   var f, m;
   if (!Ee())
     throw new Error("WebAuthn is not supported in this browser");
@@ -269,7 +269,7 @@ async function bt(e, t = !1) {
   ((f = e.allowCredentials) == null ? void 0 : f.length) !== 0 && (r = (m = e.allowCredentials) == null ? void 0 : m.map(He));
   const n = {
     ...e,
-    challenge: ee(e.challenge),
+    challenge: te(e.challenge),
     allowCredentials: r
   }, a = {};
   if (t) {
@@ -290,13 +290,13 @@ async function bt(e, t = !1) {
     throw new Error("Authentication was not completed");
   const { id: s, rawId: i, response: u, type: h } = o;
   let l;
-  return u.userHandle && (l = b(u.userHandle)), {
+  return u.userHandle && (l = _(u.userHandle)), {
     id: s,
-    rawId: b(i),
+    rawId: _(i),
     response: {
-      authenticatorData: b(u.authenticatorData),
-      clientDataJSON: b(u.clientDataJSON),
-      signature: b(u.signature),
+      authenticatorData: _(u.authenticatorData),
+      clientDataJSON: _(u.clientDataJSON),
+      signature: _(u.signature),
       userHandle: l
     },
     type: h,
@@ -305,34 +305,36 @@ async function bt(e, t = !1) {
   };
 }
 /*!
-  @versini/auth-common v2.11.0
+  @versini/auth-common v2.12.1
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.11.0",
-    buildTime: "07/14/2024 06:45 PM EDT",
+    version: "2.12.1",
+    buildTime: "07/15/2024 12:46 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const ne = {
+const Y = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
-  REFRESH_TOKEN: "refresh_token"
+  REFRESH_TOKEN: "refresh_token",
+  PASSKEY: "passkey"
 }, xe = {
   CLIENT_ID: "X-Auth-ClientId"
-}, T = {
+}, S = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
   NONCE_KEY: "_nonce",
   USERNAME_KEY: "username",
+  AUTH_TYPE_KEY: "auth_type",
   ISSUER: "gizmette.com"
-}, _t = `-----BEGIN PUBLIC KEY-----
+}, bt = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -344,24 +346,24 @@ awIDAQAB
   AUTHENTICATE: "authenticate",
   CODE: "code",
   LOGOUT: "logout"
-}, se = crypto, Ge = (e) => e instanceof CryptoKey, V = new TextEncoder(), oe = new TextDecoder();
-function Ot(...e) {
+}, se = crypto, Ye = (e) => e instanceof CryptoKey, V = new TextEncoder(), oe = new TextDecoder();
+function kt(...e) {
   const t = e.reduce((a, { length: o }) => a + o, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
-const kt = (e) => {
+const Ot = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
   for (let n = 0; n < t.length; n++)
     r[n] = t.charCodeAt(n);
   return r;
-}, X = (e) => {
+}, Z = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = oe.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return kt(t);
+    return Ot(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -399,7 +401,7 @@ class Pt extends v {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class k extends v {
+class O extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -415,7 +417,7 @@ class g extends v {
     return "ERR_JWS_INVALID";
   }
 }
-let Me = class extends v {
+let Ge = class extends v {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -431,7 +433,7 @@ class vt extends v {
     return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   }
 }
-function _(e, t = "algorithm.name") {
+function b(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
 function J(e, t) {
@@ -468,45 +470,45 @@ function Dt(e, t, ...r) {
     case "HS384":
     case "HS512": {
       if (!J(e.algorithm, "HMAC"))
-        throw _("HMAC");
+        throw b("HMAC");
       const n = parseInt(t.slice(2), 10);
       if (ue(e.algorithm.hash) !== n)
-        throw _(`SHA-${n}`, "algorithm.hash");
+        throw b(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
       if (!J(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw _("RSASSA-PKCS1-v1_5");
+        throw b("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
       if (ue(e.algorithm.hash) !== n)
-        throw _(`SHA-${n}`, "algorithm.hash");
+        throw b(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
       if (!J(e.algorithm, "RSA-PSS"))
-        throw _("RSA-PSS");
+        throw b("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
       if (ue(e.algorithm.hash) !== n)
-        throw _(`SHA-${n}`, "algorithm.hash");
+        throw b(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
       if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
-        throw _("Ed25519 or Ed448");
+        throw b("Ed25519 or Ed448");
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
       if (!J(e.algorithm, "ECDSA"))
-        throw _("ECDSA");
+        throw b("ECDSA");
       const n = Ct(t);
       if (e.algorithm.namedCurve !== n)
-        throw _(n, "algorithm.namedCurve");
+        throw b(n, "algorithm.namedCurve");
       break;
     }
     default:
@@ -514,7 +516,7 @@ function Dt(e, t, ...r) {
   }
   Nt(e, r);
 }
-function Ve(e, t, ...r) {
+function Me(e, t, ...r) {
   var n;
   if (r.length > 2) {
     const a = r.pop();
@@ -522,11 +524,11 @@ function Ve(e, t, ...r) {
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const Ie = (e, ...t) => Ve("Key must be ", e, ...t);
-function Je(e, t, ...r) {
-  return Ve(`Key for the ${e} algorithm must be `, t, ...r);
+const Ie = (e, ...t) => Me("Key must be ", e, ...t);
+function Ve(e, t, ...r) {
+  return Me(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Ye = (e) => Ge(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", te = ["CryptoKey"], Ut = (...e) => {
+const Je = (e) => Ye(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", re = ["CryptoKey"], Ut = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -590,7 +592,7 @@ function $t(e) {
           }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
           break;
         default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -612,7 +614,7 @@ function $t(e) {
           t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
@@ -628,12 +630,12 @@ function $t(e) {
           t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
           break;
         default:
-          throw new k('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+          throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
       }
       break;
     }
     default:
-      throw new k('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+      throw new O('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
   return { algorithm: t, keyUsages: r };
 }
@@ -646,7 +648,7 @@ const Lt = async (e) => {
     e.key_ops ?? r
   ], a = { ...e };
   return delete a.alg, delete a.use, se.subtle.importKey("jwk", a, ...n);
-}, je = (e) => X(e);
+}, je = (e) => Z(e);
 let le, de;
 const Fe = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", Be = async (e, t, r, n) => {
   let a = e.get(t);
@@ -666,33 +668,33 @@ const Fe = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
     return r.k ? je(r.k) : (le || (le = /* @__PURE__ */ new WeakMap()), Be(le, e, r, t));
   }
   return e;
-}, Gt = { normalizePublicKey: Wt, normalizePrivateKey: xt }, O = (e, t, r = 0) => {
+}, Yt = { normalizePublicKey: Wt, normalizePrivateKey: xt }, k = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
   const n = e.indexOf(t[0], r);
   if (n === -1)
     return !1;
   const a = e.subarray(n, n + t.length);
-  return a.length !== t.length ? !1 : a.every((o, s) => o === t[s]) || O(e, t, n + 1);
-}, be = (e) => {
+  return a.length !== t.length ? !1 : a.every((o, s) => o === t[s]) || k(e, t, n + 1);
+}, _e = (e) => {
   switch (!0) {
-    case O(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+    case k(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
-    case O(e, [43, 129, 4, 0, 34]):
+    case k(e, [43, 129, 4, 0, 34]):
       return "P-384";
-    case O(e, [43, 129, 4, 0, 35]):
+    case k(e, [43, 129, 4, 0, 35]):
       return "P-521";
-    case O(e, [43, 101, 110]):
+    case k(e, [43, 101, 110]):
       return "X25519";
-    case O(e, [43, 101, 111]):
+    case k(e, [43, 101, 111]):
       return "X448";
-    case O(e, [43, 101, 112]):
+    case k(e, [43, 101, 112]):
       return "Ed25519";
-    case O(e, [43, 101, 113]):
+    case k(e, [43, 101, 113]):
       return "Ed448";
     default:
-      throw new k("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+      throw new O("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, Mt = async (e, t, r, n, a) => {
+}, Gt = async (e, t, r, n, a) => {
   let o, s;
   const i = new Uint8Array(atob(r.replace(e, "")).split("").map((u) => u.charCodeAt(0)));
   switch (n) {
@@ -728,41 +730,41 @@ const Fe = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const u = be(i);
+      const u = _e(i);
       o = u.startsWith("P-") ? { name: "ECDH", namedCurve: u } : { name: u }, s = [];
       break;
     }
     case "EdDSA":
-      o = { name: be(i) }, s = ["verify"];
+      o = { name: _e(i) }, s = ["verify"];
       break;
     default:
-      throw new k('Invalid or unsupported "alg" (Algorithm) value');
+      throw new O('Invalid or unsupported "alg" (Algorithm) value');
   }
   return se.subtle.importKey(t, i, o, !1, s);
-}, Vt = (e, t, r) => Mt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Jt(e, t, r) {
+}, Mt = (e, t, r) => Gt(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function Vt(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return Vt(e, t);
+  return Mt(e, t);
 }
-const Z = (e) => e == null ? void 0 : e[Symbol.toStringTag], Yt = (e, t) => {
+const ee = (e) => e == null ? void 0 : e[Symbol.toStringTag], Jt = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!Ye(t))
-      throw new TypeError(Je(e, t, ...te, "Uint8Array"));
+    if (!Je(t))
+      throw new TypeError(Ve(e, t, ...re, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${Z(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${ee(t)} instances for symmetric algorithms must be of type "secret"`);
   }
 }, jt = (e, t, r) => {
-  if (!Ye(t))
-    throw new TypeError(Je(e, t, ...te));
+  if (!Je(t))
+    throw new TypeError(Ve(e, t, ...re));
   if (t.type === "secret")
-    throw new TypeError(`${Z(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${ee(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${Z(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${ee(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${Z(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+    throw new TypeError(`${ee(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 }, Ft = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Yt(e, t) : jt(e, t, r);
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Jt(e, t) : jt(e, t, r);
 };
 function Bt(e, t, r, n, a) {
   if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
@@ -775,7 +777,7 @@ function Bt(e, t, r, n, a) {
   r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
   for (const s of n.crit) {
     if (!o.has(s))
-      throw new k(`Extension Header Parameter "${s}" is not recognized`);
+      throw new O(`Extension Header Parameter "${s}" is not recognized`);
     if (a[s] === void 0)
       throw new e(`Extension Header Parameter "${s}" is missing`);
     if (o.get(s) && n[s] === void 0)
@@ -811,18 +813,18 @@ function zt(e, t) {
     case "EdDSA":
       return { name: t.name };
     default:
-      throw new k(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new O(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
 async function Qt(e, t, r) {
-  if (t = await Gt.normalizePublicKey(t, e), Ge(t))
+  if (t = await Yt.normalizePublicKey(t, e), Ye(t))
     return Dt(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(Ie(t, ...te));
+      throw new TypeError(Ie(t, ...re));
     return se.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(Ie(t, ...te, "Uint8Array"));
+  throw new TypeError(Ie(t, ...re, "Uint8Array"));
 }
 const Xt = async (e, t, r, n) => {
   const a = await Qt(e, t, "verify");
@@ -850,8 +852,8 @@ async function Zt(e, t, r) {
   let n = {};
   if (e.protected)
     try {
-      const S = X(e.protected);
-      n = JSON.parse(oe.decode(S));
+      const T = Z(e.protected);
+      n = JSON.parse(oe.decode(T));
     } catch {
       throw new g("JWS Protected Header is invalid");
     }
@@ -877,10 +879,10 @@ async function Zt(e, t, r) {
     throw new g("JWS Payload must be a string or an Uint8Array instance");
   let h = !1;
   typeof t == "function" && (t = await t(n, e), h = !0), Ft(i, t, "verify");
-  const l = Ot(V.encode(e.protected ?? ""), V.encode("."), typeof e.payload == "string" ? V.encode(e.payload) : e.payload);
+  const l = kt(V.encode(e.protected ?? ""), V.encode("."), typeof e.payload == "string" ? V.encode(e.payload) : e.payload);
   let f;
   try {
-    f = X(e.signature);
+    f = Z(e.signature);
   } catch {
     throw new g("Failed to base64url decode the signature");
   }
@@ -889,7 +891,7 @@ async function Zt(e, t, r) {
   let m;
   if (s)
     try {
-      m = X(e.payload);
+      m = Z(e.payload);
     } catch {
       throw new g("Failed to base64url decode the payload");
     }
@@ -906,7 +908,7 @@ async function er(e, t, r) {
   const i = await Zt({ payload: a, protected: n, signature: o }, t, r), u = { payload: i.payload, protectedHeader: i.protectedHeader };
   return typeof t == "function" ? { ...u, key: i.key } : u;
 }
-const tr = (e) => Math.floor(e.getTime() / 1e3), qe = 60, ze = qe * 60, we = ze * 24, rr = we * 7, nr = we * 365.25, ar = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, _e = (e) => {
+const tr = (e) => Math.floor(e.getTime() / 1e3), qe = 60, ze = qe * 60, we = ze * 24, rr = we * 7, nr = we * 365.25, ar = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, be = (e) => {
   const t = ar.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
@@ -949,22 +951,22 @@ const tr = (e) => Math.floor(e.getTime() / 1e3), qe = 60, ze = qe * 60, we = ze
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, Oe = (e) => e.toLowerCase().replace(/^application\//, ""), sr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, or = (e, t, r = {}) => {
+}, ke = (e) => e.toLowerCase().replace(/^application\//, ""), sr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, or = (e, t, r = {}) => {
   let n;
   try {
     n = JSON.parse(oe.decode(t));
   } catch {
   }
   if (!me(n))
-    throw new Me("JWT Claims Set must be a top-level JSON object");
+    throw new Ge("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
-  if (a && (typeof e.typ != "string" || Oe(e.typ) !== Oe(a)))
+  if (a && (typeof e.typ != "string" || ke(e.typ) !== ke(a)))
     throw new I('unexpected "typ" JWT header value', n, "typ", "check_failed");
   const { requiredClaims: o = [], issuer: s, subject: i, audience: u, maxTokenAge: h } = r, l = [...o];
   h !== void 0 && l.push("iat"), u !== void 0 && l.push("aud"), i !== void 0 && l.push("sub"), s !== void 0 && l.push("iss");
-  for (const S of new Set(l.reverse()))
-    if (!(S in n))
-      throw new I(`missing required "${S}" claim`, n, S, "missing");
+  for (const T of new Set(l.reverse()))
+    if (!(T in n))
+      throw new I(`missing required "${T}" claim`, n, T, "missing");
   if (s && !(Array.isArray(s) ? s : [s]).includes(n.iss))
     throw new I('unexpected "iss" claim value', n, "iss", "check_failed");
   if (i && n.sub !== i)
@@ -974,7 +976,7 @@ const tr = (e) => Math.floor(e.getTime() / 1e3), qe = 60, ze = qe * 60, we = ze
   let f;
   switch (typeof r.clockTolerance) {
     case "string":
-      f = _e(r.clockTolerance);
+      f = be(r.clockTolerance);
       break;
     case "number":
       f = r.clockTolerance;
@@ -1001,10 +1003,10 @@ const tr = (e) => Math.floor(e.getTime() / 1e3), qe = 60, ze = qe * 60, we = ze
       throw new Re('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (h) {
-    const S = d - n.iat, C = typeof h == "number" ? h : _e(h);
-    if (S - f > C)
+    const T = d - n.iat, C = typeof h == "number" ? h : be(h);
+    if (T - f > C)
       throw new Re('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
-    if (S < 0 - f)
+    if (T < 0 - f)
       throw new I('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
@@ -1013,15 +1015,15 @@ async function ir(e, t, r) {
   var n;
   const a = await er(e, t, r);
   if ((n = a.protectedHeader.crit) != null && n.includes("b64") && a.protectedHeader.b64 === !1)
-    throw new Me("JWTs MUST NOT use unencoded payload");
+    throw new Ge("JWTs MUST NOT use unencoded payload");
   const o = { payload: or(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
   return typeof t == "function" ? { ...o, key: a.key } : o;
 }
 const G = async (e) => {
   try {
-    const t = T.ALG, r = await Jt(_t, t);
+    const t = S.ALG, r = await Vt(bt, t);
     return await ir(e, r, {
-      issuer: T.ISSUER
+      issuer: S.ISSUER
     });
   } catch {
     return;
@@ -1033,19 +1035,19 @@ for (var he = 0; he < 256; ++he)
 function cr(e, t = 0) {
   return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
 }
-var Y, ur = new Uint8Array(16);
+var j, ur = new Uint8Array(16);
 function lr() {
-  if (!Y && (Y = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !Y))
+  if (!j && (j = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !j))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return Y(ur);
+  return j(ur);
 }
 var dr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const ke = {
+const Oe = {
   randomUUID: dr
 };
 function Pe(e, t, r) {
-  if (ke.randomUUID && !t && !e)
-    return ke.randomUUID();
+  if (Oe.randomUUID && !t && !e)
+    return Oe.randomUUID();
   e = e || {};
   var n = e.random || (e.rng || lr)();
   return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, cr(n);
@@ -1079,7 +1081,7 @@ const Ce = (e, t) => {
 }, mr = (e) => {
   window.localStorage.removeItem(e), Qe(e, null);
 }, Ne = (e) => window.localStorage.getItem(e), Er = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
-function j({
+function F({
   key: e,
   initialValue: t
 }) {
@@ -1112,11 +1114,11 @@ for (var pe = 0; pe < 256; ++pe)
 function wr(e, t = 0) {
   return (w[e[t + 0]] + w[e[t + 1]] + w[e[t + 2]] + w[e[t + 3]] + "-" + w[e[t + 4]] + w[e[t + 5]] + "-" + w[e[t + 6]] + w[e[t + 7]] + "-" + w[e[t + 8]] + w[e[t + 9]] + "-" + w[e[t + 10]] + w[e[t + 11]] + w[e[t + 12]] + w[e[t + 13]] + w[e[t + 14]] + w[e[t + 15]]).toLowerCase();
 }
-var F, gr = new Uint8Array(16);
+var B, gr = new Uint8Array(16);
 function Ar() {
-  if (!F && (F = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !F))
+  if (!B && (B = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !B))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return F(gr);
+  return B(gr);
 }
 var Sr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
 const De = {
@@ -1129,17 +1131,17 @@ function fe(e, t, r) {
   var n = e.random || (e.rng || Ar)();
   return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, wr(n);
 }
-const B = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Tr = "Your session has been successfully terminated.", q = "Login failed. Please try again.", ye = "Error getting access token, please re-authenticate.", Rr = "You forgot to wrap your component in <AuthProvider>.", re = {
+const q = "Oops! It looks like your session has expired. For your security, please log in again to continue.", Tr = "Your session has been successfully terminated.", z = "Login failed. Please try again.", ye = "Error getting access token, please re-authenticate.", Rr = "You forgot to wrap your component in <AuthProvider>.", ne = {
   dev: "https://auth.gizmette.local.com:3003",
-  prod: "https://mylogin.gizmette.com"
-}, z = "@@auth@@", L = "LOADING", W = "LOGIN", Xe = "LOGOUT", Ir = process.env.NODE_ENV === "production", Ze = !Ir, ie = async ({
+  prod: "https://mylogin.gizmette.com/auth"
+}, Q = "@@auth@@", L = "LOADING", W = "LOGIN", Xe = "LOGOUT", Ir = process.env.NODE_ENV === "production", Ze = !Ir, ie = async ({
   type: e,
   clientId: t,
   params: r = {}
 }) => {
   try {
     const n = await fetch(
-      Ze ? `${re.dev}/${e}` : `${re.prod}/${e}`,
+      Ze ? `${ne.dev}/${e}` : `${ne.prod}/${e}`,
       {
         credentials: "include",
         method: "POST",
@@ -1161,7 +1163,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
   } catch (n) {
     return console.error(n), { status: 500, data: [] };
   }
-}, br = async ({
+}, _r = async ({
   userId: e,
   idToken: t,
   accessToken: r,
@@ -1204,7 +1206,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
       type: ae.AUTHENTICATE,
       clientId: r,
       params: {
-        type: a || ne.ID_AND_ACCESS_TOKEN,
+        type: a || Y.ID_AND_ACCESS_TOKEN,
         username: e,
         password: t,
         sessionExpiration: o,
@@ -1214,11 +1216,11 @@ const B = "Oops! It looks like your session has expired. For your security, plea
         domain: u
       }
     }), l = await G(h.data.idToken);
-    return l && l.payload[T.USER_ID_KEY] !== "" && l.payload[T.NONCE_KEY] === n ? {
+    return l && l.payload[S.USER_ID_KEY] !== "" && l.payload[S.NONCE_KEY] === n ? {
       idToken: h.data.idToken,
       accessToken: h.data.accessToken,
       refreshToken: h.data.refreshToken,
-      userId: l.payload[T.USER_ID_KEY],
+      userId: l.payload[S.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -1228,7 +1230,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, _r = async ({
+}, br = async ({
   nonce: e,
   clientId: t,
   code_challenge: r
@@ -1238,7 +1240,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
       type: ae.CODE,
       clientId: t,
       params: {
-        type: ne.CODE,
+        type: Y.CODE,
         nonce: e,
         code_challenge: r
       }
@@ -1254,7 +1256,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, Or = async ({
+}, kr = async ({
   clientId: e,
   userId: t,
   nonce: r,
@@ -1267,7 +1269,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
       type: ae.AUTHENTICATE,
       clientId: e,
       params: {
-        type: ne.REFRESH_TOKEN,
+        type: Y.REFRESH_TOKEN,
         userId: t,
         nonce: r,
         refreshToken: n,
@@ -1275,10 +1277,10 @@ const B = "Oops! It looks like your session has expired. For your security, plea
         domain: o
       }
     }), i = await G(s.data.accessToken);
-    return i && i.payload[T.USER_ID_KEY] !== "" && i.payload[T.NONCE_KEY] === r ? {
+    return i && i.payload[S.USER_ID_KEY] !== "" && i.payload[S.NONCE_KEY] === r ? {
       accessToken: s.data.accessToken,
       refreshToken: s.data.refreshToken,
-      userId: i.payload[T.USER_ID_KEY],
+      userId: i.payload[S.USER_ID_KEY],
       status: !0
     } : {
       status: !1
@@ -1288,7 +1290,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
       status: !1
     };
   }
-}, Q = {
+}, X = {
   GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
 	$clientId: String!,
 	$username: String!,
@@ -1363,19 +1365,19 @@ const B = "Oops! It looks like your session has expired. For your security, plea
 	}`
 }, D = {
   GET_REGISTRATION_OPTIONS: {
-    schema: Q.GET_REGISTRATION_OPTIONS,
+    schema: X.GET_REGISTRATION_OPTIONS,
     method: "getPasskeyRegistrationOptions"
   },
   VERIFY_REGISTRATION: {
-    schema: Q.VERIFY_REGISTRATION,
+    schema: X.VERIFY_REGISTRATION,
     method: "verifyPasskeyRegistration"
   },
   GET_AUTHENTICATION_OPTIONS: {
-    schema: Q.GET_AUTHENTICATION_OPTIONS,
+    schema: X.GET_AUTHENTICATION_OPTIONS,
     method: "getPasskeyAuthenticationOptions"
   },
   VERIFY_AUTHENTICATION: {
-    schema: Q.VERIFY_AUTHENTICATION,
+    schema: X.VERIFY_AUTHENTICATION,
     method: "verifyPasskeyAuthentication"
   }
 }, U = async ({
@@ -1386,7 +1388,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
 }) => {
   try {
     const a = t != null && t.data ? t.data(n) : n, o = `Bearer ${e}`, s = await fetch(
-      Ze ? `${re.dev}/graphql` : `${re.prod}/graphql`,
+      Ze ? `${ne.dev}/graphql` : `${ne.prod}/graphql`,
       {
         method: "POST",
         credentials: "include",
@@ -1414,7 +1416,7 @@ const B = "Oops! It looks like your session has expired. For your security, plea
     return console.error(a), { status: 500, data: [] };
   }
 };
-class kr {
+class Or {
   constructor(t = null, r = null) {
     M(this, "refreshTokenPromise", null);
     M(this, "accessToken");
@@ -1446,8 +1448,8 @@ class kr {
     domain: a
   }) {
     const o = await G(this.refreshToken);
-    if (o && o.payload[T.USER_ID_KEY] !== "") {
-      const s = await Or({
+    if (o && o.payload[S.USER_ID_KEY] !== "") {
+      const s = await kr({
         clientId: t,
         userId: r,
         nonce: n,
@@ -1473,6 +1475,7 @@ const K = () => {
 }, et = yt({
   isAuthenticated: !1,
   isLoading: !1,
+  authenticationType: null,
   login: K,
   logout: K,
   getAccessToken: K,
@@ -1484,6 +1487,7 @@ const K = () => {
   state: {
     isLoading: !0,
     isAuthenticated: !1,
+    authenticationType: null,
     user: void 0,
     logoutReason: ""
   },
@@ -1497,12 +1501,14 @@ const K = () => {
   isLoading: !1,
   isAuthenticated: !0,
   user: t.payload.user,
+  authenticationType: t.payload.authenticationType,
   logoutReason: ""
 } : (t == null ? void 0 : t.type) === Xe ? {
   ...e,
   isLoading: !1,
   isAuthenticated: !1,
   user: void 0,
+  authenticationType: null,
   logoutReason: t.payload.logoutReason
 } : e, Kr = ({
   children: e,
@@ -1513,24 +1519,25 @@ const K = () => {
   const [a, o] = mt(vr, {
     isLoading: !0,
     isAuthenticated: !1,
+    authenticationType: null,
     user: void 0,
     logoutReason: ""
-  }), s = Et(!1), [i, u, , h] = j({
-    key: `${z}::${r}::@@user@@`
-  }), [l, f, , m] = j({
-    key: `${z}::${r}::@@access@@`
-  }), [d, S, , C] = j(
+  }), s = Et(!1), [i, u, , h] = F({
+    key: `${Q}::${r}::@@user@@`
+  }), [l, f, , m] = F({
+    key: `${Q}::${r}::@@access@@`
+  }), [d, T, , C] = F(
     {
-      key: `${z}::${r}::@@refresh@@`
+      key: `${Q}::${r}::@@refresh@@`
     }
-  ), [tt, ge, , Ae] = j({
-    key: `${z}::${r}::@@nonce@@`
-  }), rt = new kr(l, d), N = x(
+  ), [tt, ge, , Ae] = F({
+    key: `${Q}::${r}::@@nonce@@`
+  }), rt = new Or(l, d), N = x(
     (c) => {
       console.warn(c), o({
         type: Xe,
         payload: {
-          logoutReason: c || B
+          logoutReason: c || q
         }
       }), h(), m(), C(), Ae(), o({ type: L, payload: { isLoading: !1 } });
     },
@@ -1538,14 +1545,14 @@ const K = () => {
   ), P = x(
     async (c) => {
       const { user: y } = a;
-      await br({
+      await _r({
         userId: (y == null ? void 0 : y.userId) || "",
         idToken: i,
         accessToken: l,
         refreshToken: d,
         clientId: r,
         domain: n
-      }), N(c || B);
+      }), N(c || q);
     },
     [
       l,
@@ -1562,17 +1569,18 @@ const K = () => {
       return a.isLoading && i !== null ? (async () => {
         try {
           const c = await G(i);
-          c && c.payload[T.USER_ID_KEY] !== "" ? o({
+          c && c.payload[S.USER_ID_KEY] !== "" ? o({
             type: W,
             payload: {
+              authenticationType: c.payload[S.AUTH_TYPE_KEY],
               user: {
-                userId: c.payload[T.USER_ID_KEY],
-                username: c.payload[T.USERNAME_KEY]
+                userId: c.payload[S.USER_ID_KEY],
+                username: c.payload[S.USERNAME_KEY]
               }
             }
-          }) : await P(B);
+          }) : await P(q);
         } catch {
-          await P(B);
+          await P(q);
         }
       })() : o({ type: L, payload: { isLoading: !1 } }), () => {
         s.current = !0;
@@ -1580,8 +1588,8 @@ const K = () => {
   }, [a.isLoading, i, P]);
   const nt = async (c, y, p) => {
     const R = fe();
-    if (ge(R), o({ type: L, payload: { isLoading: !0 } }), h(), m(), C(), p === ne.CODE) {
-      const { code_verifier: ut, code_challenge: lt } = await yr(), Se = await _r({
+    if (ge(R), o({ type: L, payload: { isLoading: !0 } }), h(), m(), C(), p === Y.CODE) {
+      const { code_verifier: ut, code_challenge: lt } = await yr(), Se = await br({
         nonce: R,
         clientId: r,
         code_challenge: lt
@@ -1598,15 +1606,16 @@ const K = () => {
           code_verifier: ut,
           domain: n
         });
-        return $.status ? (u($.idToken), f($.accessToken), S($.refreshToken), o({
+        return $.status ? (u($.idToken), f($.accessToken), T($.refreshToken), o({
           type: W,
           payload: {
+            authenticationType: p,
             user: {
               userId: $.userId,
               username: c
             }
           }
-        }), !0) : (N(q), !1);
+        }), !0) : (N(z), !1);
       }
       return !1;
     }
@@ -1619,15 +1628,16 @@ const K = () => {
       type: p,
       domain: n
     });
-    return H.status ? (u(H.idToken), f(H.accessToken), S(H.refreshToken), o({
+    return H.status ? (u(H.idToken), f(H.accessToken), T(H.refreshToken), o({
       type: W,
       payload: {
+        authenticationType: p,
         user: {
           userId: H.userId,
           username: c
         }
       }
-    }), !0) : (N(q), !1);
+    }), !0) : (N(z), !1);
   }, at = async (c) => {
     c == null || c.preventDefault(), await P(Tr);
   }, st = async () => {
@@ -1636,7 +1646,7 @@ const K = () => {
       if (c && y && y.userId) {
         if (l) {
           const R = await G(l);
-          if (R && R.payload[T.USER_ID_KEY] !== "")
+          if (R && R.payload[S.USER_ID_KEY] !== "")
             return l;
         }
         const p = await rt.refreshtoken({
@@ -1645,7 +1655,7 @@ const K = () => {
           nonce: tt,
           domain: n
         });
-        return p.status && p.status === "success" ? (f(p.newAccessToken), S(p.newRefreshToken), p.newAccessToken) : (await P(ye), "");
+        return p.status && p.status === "success" ? (f(p.newAccessToken), T(p.newRefreshToken), p.newAccessToken) : (await P(ye), "");
       }
       return await P(ye), "";
     } catch {
@@ -1708,7 +1718,7 @@ const K = () => {
     });
     if (p.status)
       try {
-        const R = await bt(p.data);
+        const R = await _t(p.data);
         return p = await U({
           accessToken: l,
           clientId: r,
@@ -1720,15 +1730,16 @@ const K = () => {
             nonce: c,
             domain: n
           }
-        }), p.data.status === "success" ? (u(p.data.idToken), f(p.data.accessToken), S(p.data.refreshToken), o({
+        }), p.data.status === "success" ? (u(p.data.idToken), f(p.data.accessToken), T(p.data.refreshToken), o({
           type: W,
           payload: {
+            authenticationType: Y.PASSKEY,
             user: {
               userId: p.data.userId,
               username: p.data.username
             }
           }
-        }), !0) : (N(q), !1);
+        }), !0) : (N(z), !1);
       } catch {
         return await U({
           accessToken: l,
@@ -1741,7 +1752,7 @@ const K = () => {
             nonce: c,
             domain: n
           }
-        }), N(q), !1;
+        }), N(z), !1;
       }
   };
   return /* @__PURE__ */ Te(Pr.Provider, { value: { state: a, dispatch: o }, children: /* @__PURE__ */ Te(
@@ -1761,7 +1772,7 @@ const K = () => {
   ) });
 }, Hr = (e = et) => wt(e);
 export {
-  ne as AUTH_TYPES,
+  Y as AUTH_TYPES,
   Kr as AuthProvider,
   Hr as useAuth
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-provider",
-	"version": "5.3.0",
+	"version": "6.0.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -45,10 +45,10 @@
 	},
 	"dependencies": {
 		"@simplewebauthn/browser": "10.0.0",
-		"@versini/auth-common": "2.11.0",
+		"@versini/auth-common": "2.12.1",
 		"@versini/ui-hooks": "4.0.1",
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "2326cd27edccae77d1a131d5343ca30810e8b967"
+	"gitHead": "0c1ec6aec9a55466a3ade7f55ab6b6c386f3305b"
 }