@versini/auth-provider 6.3.0 → 6.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +400 -399
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
var _t = Object.defineProperty;
|
|
2
2
|
var vt = (e, t, n) => t in e ? _t(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
|
|
3
3
|
var z = (e, t, n) => vt(e, typeof t != "symbol" ? t + "" : t, n);
|
|
4
|
-
import { jsx as
|
|
5
|
-
import
|
|
4
|
+
import { jsx as ke } from "react/jsx-runtime";
|
|
5
|
+
import kt, { useSyncExternalStore as Ct, useCallback as W, useEffect as Te, createContext as Pt, useReducer as Ot, useRef as Ce, useContext as Nt } from "react";
|
|
6
6
|
/*!
|
|
7
|
-
@versini/auth-provider v6.3.
|
|
7
|
+
@versini/auth-provider v6.3.1
|
|
8
8
|
© 2024 gizmette.com
|
|
9
9
|
*/
|
|
10
10
|
try {
|
|
11
11
|
window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
|
|
12
|
-
version: "6.3.
|
|
13
|
-
buildTime: "07/
|
|
12
|
+
version: "6.3.1",
|
|
13
|
+
buildTime: "07/22/2024 07:45 AM EDT",
|
|
14
14
|
homepage: "https://github.com/aversini/auth-client",
|
|
15
15
|
license: "MIT"
|
|
16
16
|
});
|
|
17
17
|
} catch {
|
|
18
18
|
}
|
|
19
|
-
function
|
|
19
|
+
function v(e) {
|
|
20
20
|
const t = new Uint8Array(e);
|
|
21
21
|
let n = "";
|
|
22
22
|
for (const a of t)
|
|
@@ -43,7 +43,7 @@ function Ye(e) {
|
|
|
43
43
|
function Ve(e) {
|
|
44
44
|
return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
|
|
45
45
|
}
|
|
46
|
-
class
|
|
46
|
+
class b extends Error {
|
|
47
47
|
constructor({ message: t, code: n, cause: r, name: a }) {
|
|
48
48
|
super(t, { cause: r }), this.name = a ?? r.name, this.code = n;
|
|
49
49
|
}
|
|
@@ -55,43 +55,43 @@ function Dt({ error: e, options: t }) {
|
|
|
55
55
|
throw Error("options was missing required publicKey property");
|
|
56
56
|
if (e.name === "AbortError") {
|
|
57
57
|
if (t.signal instanceof AbortSignal)
|
|
58
|
-
return new
|
|
58
|
+
return new b({
|
|
59
59
|
message: "Registration ceremony was sent an abort signal",
|
|
60
60
|
code: "ERROR_CEREMONY_ABORTED",
|
|
61
61
|
cause: e
|
|
62
62
|
});
|
|
63
63
|
} else if (e.name === "ConstraintError") {
|
|
64
64
|
if (((r = n.authenticatorSelection) == null ? void 0 : r.requireResidentKey) === !0)
|
|
65
|
-
return new
|
|
65
|
+
return new b({
|
|
66
66
|
message: "Discoverable credentials were required but no available authenticator supported it",
|
|
67
67
|
code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
|
|
68
68
|
cause: e
|
|
69
69
|
});
|
|
70
70
|
if (((a = n.authenticatorSelection) == null ? void 0 : a.userVerification) === "required")
|
|
71
|
-
return new
|
|
71
|
+
return new b({
|
|
72
72
|
message: "User verification was required but no available authenticator supported it",
|
|
73
73
|
code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
|
|
74
74
|
cause: e
|
|
75
75
|
});
|
|
76
76
|
} else {
|
|
77
77
|
if (e.name === "InvalidStateError")
|
|
78
|
-
return new
|
|
78
|
+
return new b({
|
|
79
79
|
message: "The authenticator was previously registered",
|
|
80
80
|
code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
|
|
81
81
|
cause: e
|
|
82
82
|
});
|
|
83
83
|
if (e.name === "NotAllowedError")
|
|
84
|
-
return new
|
|
84
|
+
return new b({
|
|
85
85
|
message: e.message,
|
|
86
86
|
code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
|
|
87
87
|
cause: e
|
|
88
88
|
});
|
|
89
89
|
if (e.name === "NotSupportedError")
|
|
90
|
-
return n.pubKeyCredParams.filter((o) => o.type === "public-key").length === 0 ? new
|
|
90
|
+
return n.pubKeyCredParams.filter((o) => o.type === "public-key").length === 0 ? new b({
|
|
91
91
|
message: 'No entry in pubKeyCredParams was of type "public-key"',
|
|
92
92
|
code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
|
|
93
93
|
cause: e
|
|
94
|
-
}) : new
|
|
94
|
+
}) : new b({
|
|
95
95
|
message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
|
|
96
96
|
code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
|
|
97
97
|
cause: e
|
|
@@ -100,25 +100,25 @@ function Dt({ error: e, options: t }) {
|
|
|
100
100
|
const s = window.location.hostname;
|
|
101
101
|
if (Ve(s)) {
|
|
102
102
|
if (n.rp.id !== s)
|
|
103
|
-
return new
|
|
103
|
+
return new b({
|
|
104
104
|
message: `The RP ID "${n.rp.id}" is invalid for this domain`,
|
|
105
105
|
code: "ERROR_INVALID_RP_ID",
|
|
106
106
|
cause: e
|
|
107
107
|
});
|
|
108
|
-
} else return new
|
|
108
|
+
} else return new b({
|
|
109
109
|
message: `${window.location.hostname} is an invalid domain`,
|
|
110
110
|
code: "ERROR_INVALID_DOMAIN",
|
|
111
111
|
cause: e
|
|
112
112
|
});
|
|
113
113
|
} else if (e.name === "TypeError") {
|
|
114
114
|
if (n.user.id.byteLength < 1 || n.user.id.byteLength > 64)
|
|
115
|
-
return new
|
|
115
|
+
return new b({
|
|
116
116
|
message: "User ID was not between 1 and 64 characters",
|
|
117
117
|
code: "ERROR_INVALID_USER_ID_LENGTH",
|
|
118
118
|
cause: e
|
|
119
119
|
});
|
|
120
120
|
} else if (e.name === "UnknownError")
|
|
121
|
-
return new
|
|
121
|
+
return new b({
|
|
122
122
|
message: "The authenticator was unable to process the specified options, or could not create a new credential",
|
|
123
123
|
code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
|
|
124
124
|
cause: e
|
|
@@ -148,7 +148,7 @@ function Fe(e) {
|
|
|
148
148
|
return e;
|
|
149
149
|
}
|
|
150
150
|
async function Kt(e) {
|
|
151
|
-
var
|
|
151
|
+
var m;
|
|
152
152
|
if (!Re())
|
|
153
153
|
throw new Error("WebAuthn is not supported in this browser");
|
|
154
154
|
const n = { publicKey: {
|
|
@@ -158,52 +158,52 @@ async function Kt(e) {
|
|
|
158
158
|
...e.user,
|
|
159
159
|
id: ie(e.user.id)
|
|
160
160
|
},
|
|
161
|
-
excludeCredentials: (
|
|
161
|
+
excludeCredentials: (m = e.excludeCredentials) == null ? void 0 : m.map(Ye)
|
|
162
162
|
} };
|
|
163
163
|
n.signal = je.createNewAbortSignal();
|
|
164
164
|
let r;
|
|
165
165
|
try {
|
|
166
166
|
r = await navigator.credentials.create(n);
|
|
167
|
-
} catch (
|
|
168
|
-
throw Dt({ error:
|
|
167
|
+
} catch (u) {
|
|
168
|
+
throw Dt({ error: u, options: n });
|
|
169
169
|
}
|
|
170
170
|
if (!r)
|
|
171
171
|
throw new Error("Registration was not completed");
|
|
172
172
|
const { id: a, rawId: s, response: o, type: i } = r;
|
|
173
|
-
let
|
|
174
|
-
typeof o.getTransports == "function" && (
|
|
175
|
-
let
|
|
173
|
+
let l;
|
|
174
|
+
typeof o.getTransports == "function" && (l = o.getTransports());
|
|
175
|
+
let y;
|
|
176
176
|
if (typeof o.getPublicKeyAlgorithm == "function")
|
|
177
177
|
try {
|
|
178
|
-
|
|
179
|
-
} catch (
|
|
180
|
-
fe("getPublicKeyAlgorithm()",
|
|
178
|
+
y = o.getPublicKeyAlgorithm();
|
|
179
|
+
} catch (u) {
|
|
180
|
+
fe("getPublicKeyAlgorithm()", u);
|
|
181
181
|
}
|
|
182
|
-
let
|
|
182
|
+
let h;
|
|
183
183
|
if (typeof o.getPublicKey == "function")
|
|
184
184
|
try {
|
|
185
|
-
const
|
|
186
|
-
|
|
187
|
-
} catch (
|
|
188
|
-
fe("getPublicKey()",
|
|
185
|
+
const u = o.getPublicKey();
|
|
186
|
+
u !== null && (h = v(u));
|
|
187
|
+
} catch (u) {
|
|
188
|
+
fe("getPublicKey()", u);
|
|
189
189
|
}
|
|
190
|
-
let
|
|
190
|
+
let p;
|
|
191
191
|
if (typeof o.getAuthenticatorData == "function")
|
|
192
192
|
try {
|
|
193
|
-
|
|
194
|
-
} catch (
|
|
195
|
-
fe("getAuthenticatorData()",
|
|
193
|
+
p = v(o.getAuthenticatorData());
|
|
194
|
+
} catch (u) {
|
|
195
|
+
fe("getAuthenticatorData()", u);
|
|
196
196
|
}
|
|
197
197
|
return {
|
|
198
198
|
id: a,
|
|
199
|
-
rawId:
|
|
199
|
+
rawId: v(s),
|
|
200
200
|
response: {
|
|
201
|
-
attestationObject:
|
|
202
|
-
clientDataJSON:
|
|
203
|
-
transports:
|
|
204
|
-
publicKeyAlgorithm:
|
|
205
|
-
publicKey:
|
|
206
|
-
authenticatorData:
|
|
201
|
+
attestationObject: v(o.attestationObject),
|
|
202
|
+
clientDataJSON: v(o.clientDataJSON),
|
|
203
|
+
transports: l,
|
|
204
|
+
publicKeyAlgorithm: y,
|
|
205
|
+
publicKey: h,
|
|
206
|
+
authenticatorData: p
|
|
207
207
|
},
|
|
208
208
|
type: i,
|
|
209
209
|
clientExtensionResults: r.getClientExtensionResults(),
|
|
@@ -226,14 +226,14 @@ function Lt({ error: e, options: t }) {
|
|
|
226
226
|
throw Error("options was missing required publicKey property");
|
|
227
227
|
if (e.name === "AbortError") {
|
|
228
228
|
if (t.signal instanceof AbortSignal)
|
|
229
|
-
return new
|
|
229
|
+
return new b({
|
|
230
230
|
message: "Authentication ceremony was sent an abort signal",
|
|
231
231
|
code: "ERROR_CEREMONY_ABORTED",
|
|
232
232
|
cause: e
|
|
233
233
|
});
|
|
234
234
|
} else {
|
|
235
235
|
if (e.name === "NotAllowedError")
|
|
236
|
-
return new
|
|
236
|
+
return new b({
|
|
237
237
|
message: e.message,
|
|
238
238
|
code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
|
|
239
239
|
cause: e
|
|
@@ -242,18 +242,18 @@ function Lt({ error: e, options: t }) {
|
|
|
242
242
|
const r = window.location.hostname;
|
|
243
243
|
if (Ve(r)) {
|
|
244
244
|
if (n.rpId !== r)
|
|
245
|
-
return new
|
|
245
|
+
return new b({
|
|
246
246
|
message: `The RP ID "${n.rpId}" is invalid for this domain`,
|
|
247
247
|
code: "ERROR_INVALID_RP_ID",
|
|
248
248
|
cause: e
|
|
249
249
|
});
|
|
250
|
-
} else return new
|
|
250
|
+
} else return new b({
|
|
251
251
|
message: `${window.location.hostname} is an invalid domain`,
|
|
252
252
|
code: "ERROR_INVALID_DOMAIN",
|
|
253
253
|
cause: e
|
|
254
254
|
});
|
|
255
255
|
} else if (e.name === "UnknownError")
|
|
256
|
-
return new
|
|
256
|
+
return new b({
|
|
257
257
|
message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
|
|
258
258
|
code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
|
|
259
259
|
cause: e
|
|
@@ -262,11 +262,11 @@ function Lt({ error: e, options: t }) {
|
|
|
262
262
|
return e;
|
|
263
263
|
}
|
|
264
264
|
async function Wt(e, t = !1) {
|
|
265
|
-
var
|
|
265
|
+
var p, m;
|
|
266
266
|
if (!Re())
|
|
267
267
|
throw new Error("WebAuthn is not supported in this browser");
|
|
268
268
|
let n;
|
|
269
|
-
((
|
|
269
|
+
((p = e.allowCredentials) == null ? void 0 : p.length) !== 0 && (n = (m = e.allowCredentials) == null ? void 0 : m.map(Ye));
|
|
270
270
|
const r = {
|
|
271
271
|
...e,
|
|
272
272
|
challenge: ie(e.challenge),
|
|
@@ -283,41 +283,41 @@ async function Wt(e, t = !1) {
|
|
|
283
283
|
let s;
|
|
284
284
|
try {
|
|
285
285
|
s = await navigator.credentials.get(a);
|
|
286
|
-
} catch (
|
|
287
|
-
throw Lt({ error:
|
|
286
|
+
} catch (u) {
|
|
287
|
+
throw Lt({ error: u, options: a });
|
|
288
288
|
}
|
|
289
289
|
if (!s)
|
|
290
290
|
throw new Error("Authentication was not completed");
|
|
291
|
-
const { id: o, rawId: i, response:
|
|
292
|
-
let
|
|
293
|
-
return
|
|
291
|
+
const { id: o, rawId: i, response: l, type: y } = s;
|
|
292
|
+
let h;
|
|
293
|
+
return l.userHandle && (h = v(l.userHandle)), {
|
|
294
294
|
id: o,
|
|
295
|
-
rawId:
|
|
295
|
+
rawId: v(i),
|
|
296
296
|
response: {
|
|
297
|
-
authenticatorData:
|
|
298
|
-
clientDataJSON:
|
|
299
|
-
signature:
|
|
300
|
-
userHandle:
|
|
297
|
+
authenticatorData: v(l.authenticatorData),
|
|
298
|
+
clientDataJSON: v(l.clientDataJSON),
|
|
299
|
+
signature: v(l.signature),
|
|
300
|
+
userHandle: h
|
|
301
301
|
},
|
|
302
|
-
type:
|
|
302
|
+
type: y,
|
|
303
303
|
clientExtensionResults: s.getClientExtensionResults(),
|
|
304
304
|
authenticatorAttachment: Fe(s.authenticatorAttachment)
|
|
305
305
|
};
|
|
306
306
|
}
|
|
307
307
|
/*!
|
|
308
|
-
@versini/auth-common v3.
|
|
308
|
+
@versini/auth-common v3.3.0
|
|
309
309
|
© 2024 gizmette.com
|
|
310
310
|
*/
|
|
311
311
|
try {
|
|
312
312
|
window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
|
|
313
|
-
version: "3.
|
|
314
|
-
buildTime: "07/
|
|
313
|
+
version: "3.3.0",
|
|
314
|
+
buildTime: "07/22/2024 07:45 AM EDT",
|
|
315
315
|
homepage: "https://github.com/aversini/auth-client",
|
|
316
316
|
license: "MIT"
|
|
317
317
|
});
|
|
318
318
|
} catch {
|
|
319
319
|
}
|
|
320
|
-
const
|
|
320
|
+
const j = {
|
|
321
321
|
ID_TOKEN: "id_token",
|
|
322
322
|
ACCESS_TOKEN: "token",
|
|
323
323
|
ID_AND_ACCESS_TOKEN: "id_token token",
|
|
@@ -326,7 +326,7 @@ const F = {
|
|
|
326
326
|
PASSKEY: "passkey"
|
|
327
327
|
}, Be = {
|
|
328
328
|
CLIENT_ID: "X-Auth-ClientId"
|
|
329
|
-
},
|
|
329
|
+
}, T = {
|
|
330
330
|
ALG: "RS256",
|
|
331
331
|
USER_ID_KEY: "sub",
|
|
332
332
|
TOKEN_ID_KEY: "__raw",
|
|
@@ -349,7 +349,7 @@ awIDAQAB
|
|
|
349
349
|
AUTHENTICATE: "authenticate",
|
|
350
350
|
CODE: "code",
|
|
351
351
|
LOGOUT: "logout"
|
|
352
|
-
}, he = crypto, qe = (e) => e instanceof CryptoKey, Q = new TextEncoder(),
|
|
352
|
+
}, he = crypto, qe = (e) => e instanceof CryptoKey, Q = new TextEncoder(), F = new TextDecoder();
|
|
353
353
|
function Mt(...e) {
|
|
354
354
|
const t = e.reduce((a, { length: s }) => a + s, 0), n = new Uint8Array(t);
|
|
355
355
|
let r = 0;
|
|
@@ -362,16 +362,16 @@ const Gt = (e) => {
|
|
|
362
362
|
for (let r = 0; r < t.length; r++)
|
|
363
363
|
n[r] = t.charCodeAt(r);
|
|
364
364
|
return n;
|
|
365
|
-
},
|
|
365
|
+
}, V = (e) => {
|
|
366
366
|
let t = e;
|
|
367
|
-
t instanceof Uint8Array && (t =
|
|
367
|
+
t instanceof Uint8Array && (t = F.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
|
|
368
368
|
try {
|
|
369
369
|
return Gt(t);
|
|
370
370
|
} catch {
|
|
371
371
|
throw new TypeError("The input to be decoded is not correctly encoded.");
|
|
372
372
|
}
|
|
373
373
|
};
|
|
374
|
-
let
|
|
374
|
+
let D = class extends Error {
|
|
375
375
|
static get code() {
|
|
376
376
|
return "ERR_JOSE_GENERIC";
|
|
377
377
|
}
|
|
@@ -379,14 +379,14 @@ let U = class extends Error {
|
|
|
379
379
|
var n;
|
|
380
380
|
super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
|
|
381
381
|
}
|
|
382
|
-
},
|
|
382
|
+
}, _ = class extends D {
|
|
383
383
|
static get code() {
|
|
384
384
|
return "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
385
385
|
}
|
|
386
386
|
constructor(t, n, r = "unspecified", a = "unspecified") {
|
|
387
387
|
super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = a, this.payload = n;
|
|
388
388
|
}
|
|
389
|
-
},
|
|
389
|
+
}, Pe = class extends D {
|
|
390
390
|
static get code() {
|
|
391
391
|
return "ERR_JWT_EXPIRED";
|
|
392
392
|
}
|
|
@@ -394,7 +394,7 @@ let U = class extends Error {
|
|
|
394
394
|
super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = a, this.payload = n;
|
|
395
395
|
}
|
|
396
396
|
};
|
|
397
|
-
class Jt extends
|
|
397
|
+
class Jt extends D {
|
|
398
398
|
constructor() {
|
|
399
399
|
super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
400
400
|
}
|
|
@@ -402,7 +402,7 @@ class Jt extends U {
|
|
|
402
402
|
return "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
403
403
|
}
|
|
404
404
|
}
|
|
405
|
-
let
|
|
405
|
+
let O = class extends D {
|
|
406
406
|
constructor() {
|
|
407
407
|
super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
408
408
|
}
|
|
@@ -410,7 +410,7 @@ let N = class extends U {
|
|
|
410
410
|
return "ERR_JOSE_NOT_SUPPORTED";
|
|
411
411
|
}
|
|
412
412
|
};
|
|
413
|
-
class
|
|
413
|
+
class A extends D {
|
|
414
414
|
constructor() {
|
|
415
415
|
super(...arguments), this.code = "ERR_JWS_INVALID";
|
|
416
416
|
}
|
|
@@ -418,7 +418,7 @@ class R extends U {
|
|
|
418
418
|
return "ERR_JWS_INVALID";
|
|
419
419
|
}
|
|
420
420
|
}
|
|
421
|
-
let
|
|
421
|
+
let C = class extends D {
|
|
422
422
|
constructor() {
|
|
423
423
|
super(...arguments), this.code = "ERR_JWT_INVALID";
|
|
424
424
|
}
|
|
@@ -426,7 +426,7 @@ let k = class extends U {
|
|
|
426
426
|
return "ERR_JWT_INVALID";
|
|
427
427
|
}
|
|
428
428
|
};
|
|
429
|
-
class Yt extends
|
|
429
|
+
class Yt extends D {
|
|
430
430
|
constructor() {
|
|
431
431
|
super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
|
|
432
432
|
}
|
|
@@ -434,7 +434,7 @@ class Yt extends U {
|
|
|
434
434
|
return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
435
435
|
}
|
|
436
436
|
}
|
|
437
|
-
function
|
|
437
|
+
function k(e, t = "algorithm.name") {
|
|
438
438
|
return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
|
|
439
439
|
}
|
|
440
440
|
function X(e, t) {
|
|
@@ -471,45 +471,45 @@ function Ft(e, t, ...n) {
|
|
|
471
471
|
case "HS384":
|
|
472
472
|
case "HS512": {
|
|
473
473
|
if (!X(e.algorithm, "HMAC"))
|
|
474
|
-
throw
|
|
474
|
+
throw k("HMAC");
|
|
475
475
|
const r = parseInt(t.slice(2), 10);
|
|
476
476
|
if (ye(e.algorithm.hash) !== r)
|
|
477
|
-
throw
|
|
477
|
+
throw k(`SHA-${r}`, "algorithm.hash");
|
|
478
478
|
break;
|
|
479
479
|
}
|
|
480
480
|
case "RS256":
|
|
481
481
|
case "RS384":
|
|
482
482
|
case "RS512": {
|
|
483
483
|
if (!X(e.algorithm, "RSASSA-PKCS1-v1_5"))
|
|
484
|
-
throw
|
|
484
|
+
throw k("RSASSA-PKCS1-v1_5");
|
|
485
485
|
const r = parseInt(t.slice(2), 10);
|
|
486
486
|
if (ye(e.algorithm.hash) !== r)
|
|
487
|
-
throw
|
|
487
|
+
throw k(`SHA-${r}`, "algorithm.hash");
|
|
488
488
|
break;
|
|
489
489
|
}
|
|
490
490
|
case "PS256":
|
|
491
491
|
case "PS384":
|
|
492
492
|
case "PS512": {
|
|
493
493
|
if (!X(e.algorithm, "RSA-PSS"))
|
|
494
|
-
throw
|
|
494
|
+
throw k("RSA-PSS");
|
|
495
495
|
const r = parseInt(t.slice(2), 10);
|
|
496
496
|
if (ye(e.algorithm.hash) !== r)
|
|
497
|
-
throw
|
|
497
|
+
throw k(`SHA-${r}`, "algorithm.hash");
|
|
498
498
|
break;
|
|
499
499
|
}
|
|
500
500
|
case "EdDSA": {
|
|
501
501
|
if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
|
|
502
|
-
throw
|
|
502
|
+
throw k("Ed25519 or Ed448");
|
|
503
503
|
break;
|
|
504
504
|
}
|
|
505
505
|
case "ES256":
|
|
506
506
|
case "ES384":
|
|
507
507
|
case "ES512": {
|
|
508
508
|
if (!X(e.algorithm, "ECDSA"))
|
|
509
|
-
throw
|
|
509
|
+
throw k("ECDSA");
|
|
510
510
|
const r = Vt(t);
|
|
511
511
|
if (e.algorithm.namedCurve !== r)
|
|
512
|
-
throw
|
|
512
|
+
throw k(r, "algorithm.namedCurve");
|
|
513
513
|
break;
|
|
514
514
|
}
|
|
515
515
|
default:
|
|
@@ -593,7 +593,7 @@ function Qt(e) {
|
|
|
593
593
|
}, n = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
|
|
594
594
|
break;
|
|
595
595
|
default:
|
|
596
|
-
throw new
|
|
596
|
+
throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
597
597
|
}
|
|
598
598
|
break;
|
|
599
599
|
}
|
|
@@ -615,7 +615,7 @@ function Qt(e) {
|
|
|
615
615
|
t = { name: "ECDH", namedCurve: e.crv }, n = e.d ? ["deriveBits"] : [];
|
|
616
616
|
break;
|
|
617
617
|
default:
|
|
618
|
-
throw new
|
|
618
|
+
throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
619
619
|
}
|
|
620
620
|
break;
|
|
621
621
|
}
|
|
@@ -631,12 +631,12 @@ function Qt(e) {
|
|
|
631
631
|
t = { name: e.crv }, n = e.d ? ["deriveBits"] : [];
|
|
632
632
|
break;
|
|
633
633
|
default:
|
|
634
|
-
throw new
|
|
634
|
+
throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
635
635
|
}
|
|
636
636
|
break;
|
|
637
637
|
}
|
|
638
638
|
default:
|
|
639
|
-
throw new
|
|
639
|
+
throw new O('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
|
|
640
640
|
}
|
|
641
641
|
return { algorithm: t, keyUsages: n };
|
|
642
642
|
}
|
|
@@ -649,7 +649,7 @@ const Xt = async (e) => {
|
|
|
649
649
|
e.key_ops ?? n
|
|
650
650
|
], a = { ...e };
|
|
651
651
|
return delete a.alg, delete a.use, he.subtle.importKey("jwk", a, ...r);
|
|
652
|
-
}, Ze = (e) =>
|
|
652
|
+
}, Ze = (e) => V(e);
|
|
653
653
|
let ge, me;
|
|
654
654
|
const et = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", tt = async (e, t, n, r) => {
|
|
655
655
|
let a = e.get(t);
|
|
@@ -669,35 +669,35 @@ const et = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
669
669
|
return n.k ? Ze(n.k) : (ge || (ge = /* @__PURE__ */ new WeakMap()), tt(ge, e, n, t));
|
|
670
670
|
}
|
|
671
671
|
return e;
|
|
672
|
-
}, tn = { normalizePublicKey: Zt, normalizePrivateKey: en },
|
|
672
|
+
}, tn = { normalizePublicKey: Zt, normalizePrivateKey: en }, P = (e, t, n = 0) => {
|
|
673
673
|
n === 0 && (t.unshift(t.length), t.unshift(6));
|
|
674
674
|
const r = e.indexOf(t[0], n);
|
|
675
675
|
if (r === -1)
|
|
676
676
|
return !1;
|
|
677
677
|
const a = e.subarray(r, r + t.length);
|
|
678
|
-
return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) ||
|
|
678
|
+
return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) || P(e, t, r + 1);
|
|
679
679
|
}, Ne = (e) => {
|
|
680
680
|
switch (!0) {
|
|
681
|
-
case
|
|
681
|
+
case P(e, [42, 134, 72, 206, 61, 3, 1, 7]):
|
|
682
682
|
return "P-256";
|
|
683
|
-
case
|
|
683
|
+
case P(e, [43, 129, 4, 0, 34]):
|
|
684
684
|
return "P-384";
|
|
685
|
-
case
|
|
685
|
+
case P(e, [43, 129, 4, 0, 35]):
|
|
686
686
|
return "P-521";
|
|
687
|
-
case
|
|
687
|
+
case P(e, [43, 101, 110]):
|
|
688
688
|
return "X25519";
|
|
689
|
-
case
|
|
689
|
+
case P(e, [43, 101, 111]):
|
|
690
690
|
return "X448";
|
|
691
|
-
case
|
|
691
|
+
case P(e, [43, 101, 112]):
|
|
692
692
|
return "Ed25519";
|
|
693
|
-
case
|
|
693
|
+
case P(e, [43, 101, 113]):
|
|
694
694
|
return "Ed448";
|
|
695
695
|
default:
|
|
696
|
-
throw new
|
|
696
|
+
throw new O("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
|
|
697
697
|
}
|
|
698
698
|
}, nn = async (e, t, n, r, a) => {
|
|
699
699
|
let s, o;
|
|
700
|
-
const i = new Uint8Array(atob(n.replace(e, "")).split("").map((
|
|
700
|
+
const i = new Uint8Array(atob(n.replace(e, "")).split("").map((l) => l.charCodeAt(0)));
|
|
701
701
|
switch (r) {
|
|
702
702
|
case "PS256":
|
|
703
703
|
case "PS384":
|
|
@@ -731,15 +731,15 @@ const et = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
731
731
|
case "ECDH-ES+A128KW":
|
|
732
732
|
case "ECDH-ES+A192KW":
|
|
733
733
|
case "ECDH-ES+A256KW": {
|
|
734
|
-
const
|
|
735
|
-
s =
|
|
734
|
+
const l = Ne(i);
|
|
735
|
+
s = l.startsWith("P-") ? { name: "ECDH", namedCurve: l } : { name: l }, o = [];
|
|
736
736
|
break;
|
|
737
737
|
}
|
|
738
738
|
case "EdDSA":
|
|
739
739
|
s = { name: Ne(i) }, o = ["verify"];
|
|
740
740
|
break;
|
|
741
741
|
default:
|
|
742
|
-
throw new
|
|
742
|
+
throw new O('Invalid or unsupported "alg" (Algorithm) value');
|
|
743
743
|
}
|
|
744
744
|
return he.subtle.importKey(t, i, s, !1, o);
|
|
745
745
|
}, rn = (e, t, n) => nn(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
|
|
@@ -778,7 +778,7 @@ function un(e, t, n, r, a) {
|
|
|
778
778
|
n !== void 0 ? s = new Map([...Object.entries(n), ...t.entries()]) : s = t;
|
|
779
779
|
for (const o of r.crit) {
|
|
780
780
|
if (!s.has(o))
|
|
781
|
-
throw new
|
|
781
|
+
throw new O(`Extension Header Parameter "${o}" is not recognized`);
|
|
782
782
|
if (a[o] === void 0)
|
|
783
783
|
throw new e(`Extension Header Parameter "${o}" is missing`);
|
|
784
784
|
if (s.get(o) && r[o] === void 0)
|
|
@@ -814,7 +814,7 @@ function dn(e, t) {
|
|
|
814
814
|
case "EdDSA":
|
|
815
815
|
return { name: t.name };
|
|
816
816
|
default:
|
|
817
|
-
throw new
|
|
817
|
+
throw new O(`alg ${e} is not supported either by JOSE or your javascript runtime`);
|
|
818
818
|
}
|
|
819
819
|
}
|
|
820
820
|
async function hn(e, t, n) {
|
|
@@ -839,75 +839,75 @@ const pn = async (e, t, n, r) => {
|
|
|
839
839
|
};
|
|
840
840
|
async function fn(e, t, n) {
|
|
841
841
|
if (!ue(e))
|
|
842
|
-
throw new
|
|
842
|
+
throw new A("Flattened JWS must be an object");
|
|
843
843
|
if (e.protected === void 0 && e.header === void 0)
|
|
844
|
-
throw new
|
|
844
|
+
throw new A('Flattened JWS must have either of the "protected" or "header" members');
|
|
845
845
|
if (e.protected !== void 0 && typeof e.protected != "string")
|
|
846
|
-
throw new
|
|
846
|
+
throw new A("JWS Protected Header incorrect type");
|
|
847
847
|
if (e.payload === void 0)
|
|
848
|
-
throw new
|
|
848
|
+
throw new A("JWS Payload missing");
|
|
849
849
|
if (typeof e.signature != "string")
|
|
850
|
-
throw new
|
|
850
|
+
throw new A("JWS Signature missing or incorrect type");
|
|
851
851
|
if (e.header !== void 0 && !ue(e.header))
|
|
852
|
-
throw new
|
|
852
|
+
throw new A("JWS Unprotected Header incorrect type");
|
|
853
853
|
let r = {};
|
|
854
854
|
if (e.protected)
|
|
855
855
|
try {
|
|
856
|
-
const d =
|
|
857
|
-
r = JSON.parse(
|
|
856
|
+
const d = V(e.protected);
|
|
857
|
+
r = JSON.parse(F.decode(d));
|
|
858
858
|
} catch {
|
|
859
|
-
throw new
|
|
859
|
+
throw new A("JWS Protected Header is invalid");
|
|
860
860
|
}
|
|
861
861
|
if (!Bt(r, e.header))
|
|
862
|
-
throw new
|
|
862
|
+
throw new A("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
863
863
|
const a = {
|
|
864
864
|
...r,
|
|
865
865
|
...e.header
|
|
866
|
-
}, s = un(
|
|
866
|
+
}, s = un(A, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, a);
|
|
867
867
|
let o = !0;
|
|
868
868
|
if (s.has("b64") && (o = r.b64, typeof o != "boolean"))
|
|
869
|
-
throw new
|
|
869
|
+
throw new A('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
870
870
|
const { alg: i } = a;
|
|
871
871
|
if (typeof i != "string" || !i)
|
|
872
|
-
throw new
|
|
873
|
-
const
|
|
874
|
-
if (
|
|
872
|
+
throw new A('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
873
|
+
const l = n && ln("algorithms", n.algorithms);
|
|
874
|
+
if (l && !l.has(i))
|
|
875
875
|
throw new Jt('"alg" (Algorithm) Header Parameter value not allowed');
|
|
876
876
|
if (o) {
|
|
877
877
|
if (typeof e.payload != "string")
|
|
878
|
-
throw new
|
|
878
|
+
throw new A("JWS Payload must be a string");
|
|
879
879
|
} else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
|
|
880
|
-
throw new
|
|
881
|
-
let
|
|
882
|
-
typeof t == "function" && (t = await t(r, e),
|
|
883
|
-
const
|
|
884
|
-
let
|
|
880
|
+
throw new A("JWS Payload must be a string or an Uint8Array instance");
|
|
881
|
+
let y = !1;
|
|
882
|
+
typeof t == "function" && (t = await t(r, e), y = !0), cn(i, t, "verify");
|
|
883
|
+
const h = Mt(Q.encode(e.protected ?? ""), Q.encode("."), typeof e.payload == "string" ? Q.encode(e.payload) : e.payload);
|
|
884
|
+
let p;
|
|
885
885
|
try {
|
|
886
|
-
|
|
886
|
+
p = V(e.signature);
|
|
887
887
|
} catch {
|
|
888
|
-
throw new
|
|
888
|
+
throw new A("Failed to base64url decode the signature");
|
|
889
889
|
}
|
|
890
|
-
if (!await pn(i, t,
|
|
890
|
+
if (!await pn(i, t, p, h))
|
|
891
891
|
throw new Yt();
|
|
892
|
-
let
|
|
892
|
+
let m;
|
|
893
893
|
if (o)
|
|
894
894
|
try {
|
|
895
|
-
|
|
895
|
+
m = V(e.payload);
|
|
896
896
|
} catch {
|
|
897
|
-
throw new
|
|
897
|
+
throw new A("Failed to base64url decode the payload");
|
|
898
898
|
}
|
|
899
|
-
else typeof e.payload == "string" ?
|
|
900
|
-
const
|
|
901
|
-
return e.protected !== void 0 && (
|
|
899
|
+
else typeof e.payload == "string" ? m = Q.encode(e.payload) : m = e.payload;
|
|
900
|
+
const u = { payload: m };
|
|
901
|
+
return e.protected !== void 0 && (u.protectedHeader = r), e.header !== void 0 && (u.unprotectedHeader = e.header), y ? { ...u, key: t } : u;
|
|
902
902
|
}
|
|
903
903
|
async function yn(e, t, n) {
|
|
904
|
-
if (e instanceof Uint8Array && (e =
|
|
905
|
-
throw new
|
|
904
|
+
if (e instanceof Uint8Array && (e = F.decode(e)), typeof e != "string")
|
|
905
|
+
throw new A("Compact JWS must be a string or Uint8Array");
|
|
906
906
|
const { 0: r, 1: a, 2: s, length: o } = e.split(".");
|
|
907
907
|
if (o !== 3)
|
|
908
|
-
throw new
|
|
909
|
-
const i = await fn({ payload: a, protected: r, signature: s }, t, n),
|
|
910
|
-
return typeof t == "function" ? { ...
|
|
908
|
+
throw new A("Invalid Compact JWS");
|
|
909
|
+
const i = await fn({ payload: a, protected: r, signature: s }, t, n), l = { payload: i.payload, protectedHeader: i.protectedHeader };
|
|
910
|
+
return typeof t == "function" ? { ...l, key: i.key } : l;
|
|
911
911
|
}
|
|
912
912
|
const gn = (e) => Math.floor(e.getTime() / 1e3), nt = 60, rt = nt * 60, be = rt * 24, mn = be * 7, wn = be * 365.25, En = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, De = (e) => {
|
|
913
913
|
const t = En.exec(e);
|
|
@@ -955,60 +955,60 @@ const gn = (e) => Math.floor(e.getTime() / 1e3), nt = 60, rt = nt * 60, be = rt
|
|
|
955
955
|
}, Ue = (e) => e.toLowerCase().replace(/^application\//, ""), Sn = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, An = (e, t, n = {}) => {
|
|
956
956
|
let r;
|
|
957
957
|
try {
|
|
958
|
-
r = JSON.parse(
|
|
958
|
+
r = JSON.parse(F.decode(t));
|
|
959
959
|
} catch {
|
|
960
960
|
}
|
|
961
961
|
if (!ue(r))
|
|
962
|
-
throw new
|
|
962
|
+
throw new C("JWT Claims Set must be a top-level JSON object");
|
|
963
963
|
const { typ: a } = n;
|
|
964
964
|
if (a && (typeof e.typ != "string" || Ue(e.typ) !== Ue(a)))
|
|
965
|
-
throw new
|
|
966
|
-
const { requiredClaims: s = [], issuer: o, subject: i, audience:
|
|
967
|
-
|
|
968
|
-
for (const d of new Set(
|
|
965
|
+
throw new _('unexpected "typ" JWT header value', r, "typ", "check_failed");
|
|
966
|
+
const { requiredClaims: s = [], issuer: o, subject: i, audience: l, maxTokenAge: y } = n, h = [...s];
|
|
967
|
+
y !== void 0 && h.push("iat"), l !== void 0 && h.push("aud"), i !== void 0 && h.push("sub"), o !== void 0 && h.push("iss");
|
|
968
|
+
for (const d of new Set(h.reverse()))
|
|
969
969
|
if (!(d in r))
|
|
970
|
-
throw new
|
|
970
|
+
throw new _(`missing required "${d}" claim`, r, d, "missing");
|
|
971
971
|
if (o && !(Array.isArray(o) ? o : [o]).includes(r.iss))
|
|
972
|
-
throw new
|
|
972
|
+
throw new _('unexpected "iss" claim value', r, "iss", "check_failed");
|
|
973
973
|
if (i && r.sub !== i)
|
|
974
|
-
throw new
|
|
975
|
-
if (
|
|
976
|
-
throw new
|
|
977
|
-
let
|
|
974
|
+
throw new _('unexpected "sub" claim value', r, "sub", "check_failed");
|
|
975
|
+
if (l && !Sn(r.aud, typeof l == "string" ? [l] : l))
|
|
976
|
+
throw new _('unexpected "aud" claim value', r, "aud", "check_failed");
|
|
977
|
+
let p;
|
|
978
978
|
switch (typeof n.clockTolerance) {
|
|
979
979
|
case "string":
|
|
980
|
-
|
|
980
|
+
p = De(n.clockTolerance);
|
|
981
981
|
break;
|
|
982
982
|
case "number":
|
|
983
|
-
|
|
983
|
+
p = n.clockTolerance;
|
|
984
984
|
break;
|
|
985
985
|
case "undefined":
|
|
986
|
-
|
|
986
|
+
p = 0;
|
|
987
987
|
break;
|
|
988
988
|
default:
|
|
989
989
|
throw new TypeError("Invalid clockTolerance option type");
|
|
990
990
|
}
|
|
991
|
-
const { currentDate:
|
|
992
|
-
if ((r.iat !== void 0 ||
|
|
993
|
-
throw new
|
|
991
|
+
const { currentDate: m } = n, u = gn(m || /* @__PURE__ */ new Date());
|
|
992
|
+
if ((r.iat !== void 0 || y) && typeof r.iat != "number")
|
|
993
|
+
throw new _('"iat" claim must be a number', r, "iat", "invalid");
|
|
994
994
|
if (r.nbf !== void 0) {
|
|
995
995
|
if (typeof r.nbf != "number")
|
|
996
|
-
throw new
|
|
997
|
-
if (r.nbf >
|
|
998
|
-
throw new
|
|
996
|
+
throw new _('"nbf" claim must be a number', r, "nbf", "invalid");
|
|
997
|
+
if (r.nbf > u + p)
|
|
998
|
+
throw new _('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
|
|
999
999
|
}
|
|
1000
1000
|
if (r.exp !== void 0) {
|
|
1001
1001
|
if (typeof r.exp != "number")
|
|
1002
|
-
throw new
|
|
1003
|
-
if (r.exp <=
|
|
1004
|
-
throw new
|
|
1002
|
+
throw new _('"exp" claim must be a number', r, "exp", "invalid");
|
|
1003
|
+
if (r.exp <= u - p)
|
|
1004
|
+
throw new Pe('"exp" claim timestamp check failed', r, "exp", "check_failed");
|
|
1005
1005
|
}
|
|
1006
|
-
if (
|
|
1007
|
-
const d =
|
|
1008
|
-
if (d -
|
|
1009
|
-
throw new
|
|
1010
|
-
if (d < 0 -
|
|
1011
|
-
throw new
|
|
1006
|
+
if (y) {
|
|
1007
|
+
const d = u - r.iat, g = typeof y == "number" ? y : De(y);
|
|
1008
|
+
if (d - p > g)
|
|
1009
|
+
throw new Pe('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
|
|
1010
|
+
if (d < 0 - p)
|
|
1011
|
+
throw new _('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
|
|
1012
1012
|
}
|
|
1013
1013
|
return r;
|
|
1014
1014
|
};
|
|
@@ -1016,42 +1016,42 @@ async function Tn(e, t, n) {
|
|
|
1016
1016
|
var r;
|
|
1017
1017
|
const a = await yn(e, t, n);
|
|
1018
1018
|
if ((r = a.protectedHeader.crit) != null && r.includes("b64") && a.protectedHeader.b64 === !1)
|
|
1019
|
-
throw new
|
|
1019
|
+
throw new C("JWTs MUST NOT use unencoded payload");
|
|
1020
1020
|
const s = { payload: An(a.protectedHeader, a.payload, n), protectedHeader: a.protectedHeader };
|
|
1021
1021
|
return typeof t == "function" ? { ...s, key: a.key } : s;
|
|
1022
1022
|
}
|
|
1023
|
-
const Rn =
|
|
1023
|
+
const Rn = V;
|
|
1024
1024
|
function bn(e) {
|
|
1025
1025
|
if (typeof e != "string")
|
|
1026
|
-
throw new
|
|
1026
|
+
throw new C("JWTs must use Compact JWS serialization, JWT must be a string");
|
|
1027
1027
|
const { 1: t, length: n } = e.split(".");
|
|
1028
1028
|
if (n === 5)
|
|
1029
|
-
throw new
|
|
1029
|
+
throw new C("Only JWTs using Compact JWS serialization can be decoded");
|
|
1030
1030
|
if (n !== 3)
|
|
1031
|
-
throw new
|
|
1031
|
+
throw new C("Invalid JWT");
|
|
1032
1032
|
if (!t)
|
|
1033
|
-
throw new
|
|
1033
|
+
throw new C("JWTs must contain a payload");
|
|
1034
1034
|
let r;
|
|
1035
1035
|
try {
|
|
1036
1036
|
r = Rn(t);
|
|
1037
1037
|
} catch {
|
|
1038
|
-
throw new
|
|
1038
|
+
throw new C("Failed to base64url decode the payload");
|
|
1039
1039
|
}
|
|
1040
1040
|
let a;
|
|
1041
1041
|
try {
|
|
1042
|
-
a = JSON.parse(
|
|
1042
|
+
a = JSON.parse(F.decode(r));
|
|
1043
1043
|
} catch {
|
|
1044
|
-
throw new
|
|
1044
|
+
throw new C("Failed to parse the decoded payload as JSON");
|
|
1045
1045
|
}
|
|
1046
1046
|
if (!ue(a))
|
|
1047
|
-
throw new
|
|
1047
|
+
throw new C("Invalid JWT Claims Set");
|
|
1048
1048
|
return a;
|
|
1049
1049
|
}
|
|
1050
|
-
const
|
|
1050
|
+
const x = async (e) => {
|
|
1051
1051
|
try {
|
|
1052
|
-
const t =
|
|
1052
|
+
const t = T.ALG, n = await an(xt, t);
|
|
1053
1053
|
return await Tn(e, n, {
|
|
1054
|
-
issuer:
|
|
1054
|
+
issuer: T.ISSUER
|
|
1055
1055
|
});
|
|
1056
1056
|
} catch {
|
|
1057
1057
|
return;
|
|
@@ -1063,14 +1063,14 @@ const M = async (e) => {
|
|
|
1063
1063
|
return;
|
|
1064
1064
|
}
|
|
1065
1065
|
};
|
|
1066
|
-
var
|
|
1066
|
+
var E = [];
|
|
1067
1067
|
for (var we = 0; we < 256; ++we)
|
|
1068
|
-
|
|
1068
|
+
E.push((we + 256).toString(16).slice(1));
|
|
1069
1069
|
function _n(e, t = 0) {
|
|
1070
|
-
return (
|
|
1070
|
+
return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
|
|
1071
1071
|
}
|
|
1072
1072
|
var Z, vn = new Uint8Array(16);
|
|
1073
|
-
function
|
|
1073
|
+
function kn() {
|
|
1074
1074
|
if (!Z && (Z = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !Z))
|
|
1075
1075
|
throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
|
|
1076
1076
|
return Z(vn);
|
|
@@ -1083,10 +1083,10 @@ function Ke(e, t, n) {
|
|
|
1083
1083
|
if ($e.randomUUID && !t && !e)
|
|
1084
1084
|
return $e.randomUUID();
|
|
1085
1085
|
e = e || {};
|
|
1086
|
-
var r = e.random || (e.rng ||
|
|
1086
|
+
var r = e.random || (e.rng || kn)();
|
|
1087
1087
|
return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, _n(r);
|
|
1088
1088
|
}
|
|
1089
|
-
const He = globalThis.crypto,
|
|
1089
|
+
const He = globalThis.crypto, Pn = (e) => `${Ke()}${Ke()}`.slice(0, e), On = (e) => btoa(
|
|
1090
1090
|
[...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
|
|
1091
1091
|
);
|
|
1092
1092
|
async function Nn(e) {
|
|
@@ -1098,20 +1098,21 @@ async function Nn(e) {
|
|
|
1098
1098
|
return On(n).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1099
1099
|
}
|
|
1100
1100
|
async function Dn(e) {
|
|
1101
|
-
const n =
|
|
1101
|
+
const n = Pn(43), r = await Nn(n);
|
|
1102
1102
|
return {
|
|
1103
1103
|
code_verifier: n,
|
|
1104
1104
|
code_challenge: r
|
|
1105
1105
|
};
|
|
1106
1106
|
}
|
|
1107
|
-
const
|
|
1108
|
-
var n
|
|
1109
|
-
const
|
|
1110
|
-
if (
|
|
1111
|
-
|
|
1112
|
-
|
|
1113
|
-
|
|
1114
|
-
|
|
1107
|
+
const Pr = async (e, t) => {
|
|
1108
|
+
var n;
|
|
1109
|
+
const r = await x(e);
|
|
1110
|
+
if (!r || !Array.isArray((n = r.payload) == null ? void 0 : n[T.SCOPES_KEY]))
|
|
1111
|
+
return !1;
|
|
1112
|
+
const a = r.payload[T.SCOPES_KEY];
|
|
1113
|
+
return Array.isArray(t) ? t.every((s) => a.includes(s)) : Object.keys(t).some(
|
|
1114
|
+
(s) => t[s].every((o) => a.includes(o))
|
|
1115
|
+
);
|
|
1115
1116
|
};
|
|
1116
1117
|
function at(e, t) {
|
|
1117
1118
|
window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
|
|
@@ -1128,7 +1129,7 @@ function ee({
|
|
|
1128
1129
|
key: e,
|
|
1129
1130
|
initialValue: t
|
|
1130
1131
|
}) {
|
|
1131
|
-
const n = Ct($n, () => We(e)), r =
|
|
1132
|
+
const n = Ct($n, () => We(e)), r = W(
|
|
1132
1133
|
(o) => {
|
|
1133
1134
|
try {
|
|
1134
1135
|
const i = typeof o == "function" ? o(JSON.parse(n)) : o;
|
|
@@ -1138,9 +1139,9 @@ function ee({
|
|
|
1138
1139
|
}
|
|
1139
1140
|
},
|
|
1140
1141
|
[e, n]
|
|
1141
|
-
), a =
|
|
1142
|
+
), a = W(() => {
|
|
1142
1143
|
r(t);
|
|
1143
|
-
}, [t, r]), s =
|
|
1144
|
+
}, [t, r]), s = W(() => {
|
|
1144
1145
|
r(null);
|
|
1145
1146
|
}, [r]);
|
|
1146
1147
|
return Te(() => {
|
|
@@ -1151,11 +1152,11 @@ function ee({
|
|
|
1151
1152
|
}
|
|
1152
1153
|
}, [e, t]), [n ? JSON.parse(n) : null, r, a, s];
|
|
1153
1154
|
}
|
|
1154
|
-
var
|
|
1155
|
+
var S = [];
|
|
1155
1156
|
for (var Ee = 0; Ee < 256; ++Ee)
|
|
1156
|
-
|
|
1157
|
+
S.push((Ee + 256).toString(16).slice(1));
|
|
1157
1158
|
function Kn(e, t = 0) {
|
|
1158
|
-
return (
|
|
1159
|
+
return (S[e[t + 0]] + S[e[t + 1]] + S[e[t + 2]] + S[e[t + 3]] + "-" + S[e[t + 4]] + S[e[t + 5]] + "-" + S[e[t + 6]] + S[e[t + 7]] + "-" + S[e[t + 8]] + S[e[t + 9]] + "-" + S[e[t + 10]] + S[e[t + 11]] + S[e[t + 12]] + S[e[t + 13]] + S[e[t + 14]] + S[e[t + 15]]).toLowerCase();
|
|
1159
1160
|
}
|
|
1160
1161
|
var te, Hn = new Uint8Array(16);
|
|
1161
1162
|
function Ln() {
|
|
@@ -1203,19 +1204,19 @@ async function Mn(e, t, n = 50) {
|
|
|
1203
1204
|
await Me(n);
|
|
1204
1205
|
const i = o.createElement("iframe");
|
|
1205
1206
|
try {
|
|
1206
|
-
for (await new Promise((
|
|
1207
|
-
let
|
|
1208
|
-
const
|
|
1209
|
-
|
|
1210
|
-
},
|
|
1211
|
-
|
|
1207
|
+
for (await new Promise((l, y) => {
|
|
1208
|
+
let h = !1;
|
|
1209
|
+
const p = () => {
|
|
1210
|
+
h = !0, l();
|
|
1211
|
+
}, m = (g) => {
|
|
1212
|
+
h = !0, y(g);
|
|
1212
1213
|
};
|
|
1213
|
-
i.onload =
|
|
1214
|
-
const { style:
|
|
1215
|
-
|
|
1214
|
+
i.onload = p, i.onerror = m;
|
|
1215
|
+
const { style: u } = i;
|
|
1216
|
+
u.setProperty("display", "block", "important"), u.position = "absolute", u.top = "0", u.left = "0", u.visibility = "hidden", i.src = "about:blank", o.body.appendChild(i);
|
|
1216
1217
|
const d = () => {
|
|
1217
|
-
var
|
|
1218
|
-
|
|
1218
|
+
var g, R;
|
|
1219
|
+
h || (((R = (g = i.contentWindow) == null ? void 0 : g.document) == null ? void 0 : R.readyState) === "complete" ? p() : setTimeout(d, 10));
|
|
1219
1220
|
};
|
|
1220
1221
|
d();
|
|
1221
1222
|
}); !((a = (r = i.contentWindow) == null ? void 0 : r.document) != null && a.body); )
|
|
@@ -1299,13 +1300,13 @@ const Gn = {
|
|
|
1299
1300
|
const r = [];
|
|
1300
1301
|
for (let o = 0; o < e[0].data.length; o++) {
|
|
1301
1302
|
const i = [];
|
|
1302
|
-
for (let
|
|
1303
|
-
i.push(e[
|
|
1303
|
+
for (let l = 0; l < e.length; l++)
|
|
1304
|
+
i.push(e[l].data[o]);
|
|
1304
1305
|
r.push(Fn(i));
|
|
1305
1306
|
}
|
|
1306
1307
|
const a = r, s = new Uint8ClampedArray(a);
|
|
1307
1308
|
return new ImageData(s, t, n);
|
|
1308
|
-
}, qn = [], zn = "mmMwWLliI0O&1", Qn = "48px",
|
|
1309
|
+
}, qn = [], zn = "mmMwWLliI0O&1", Qn = "48px", $ = ["monospace", "sans-serif", "serif"], Ge = [
|
|
1309
1310
|
"sans-serif-thin",
|
|
1310
1311
|
"ARNO PRO",
|
|
1311
1312
|
"Agency FB",
|
|
@@ -1349,22 +1350,22 @@ const Gn = {
|
|
|
1349
1350
|
const a = n.createElement("div");
|
|
1350
1351
|
a.style.setProperty("visibility", "hidden", "important");
|
|
1351
1352
|
const s = {}, o = {}, i = (d) => {
|
|
1352
|
-
const
|
|
1353
|
-
return
|
|
1354
|
-
},
|
|
1353
|
+
const g = n.createElement("span"), { style: R } = g;
|
|
1354
|
+
return R.position = "absolute", R.top = "0", R.left = "0", R.fontFamily = d, g.textContent = zn, a.appendChild(g), g;
|
|
1355
|
+
}, l = (d, g) => i(`'${d}',${g}`), y = () => $.map(i), h = () => {
|
|
1355
1356
|
const d = {};
|
|
1356
|
-
for (const
|
|
1357
|
-
d[
|
|
1358
|
-
(
|
|
1357
|
+
for (const g of Ge)
|
|
1358
|
+
d[g] = $.map(
|
|
1359
|
+
(R) => l(g, R)
|
|
1359
1360
|
);
|
|
1360
1361
|
return d;
|
|
1361
|
-
},
|
|
1362
|
-
(
|
|
1363
|
-
),
|
|
1362
|
+
}, p = (d) => $.some(
|
|
1363
|
+
(g, R) => d[R].offsetWidth !== s[g] || d[R].offsetHeight !== o[g]
|
|
1364
|
+
), m = y(), u = h();
|
|
1364
1365
|
r.appendChild(a);
|
|
1365
|
-
for (let d = 0; d <
|
|
1366
|
-
s[
|
|
1367
|
-
return Ge.filter((d) =>
|
|
1366
|
+
for (let d = 0; d < $.length; d++)
|
|
1367
|
+
s[$[d]] = m[d].offsetWidth, o[$[d]] = m[d].offsetHeight;
|
|
1368
|
+
return Ge.filter((d) => p(u[d]));
|
|
1368
1369
|
}), ct = {
|
|
1369
1370
|
vendor: "",
|
|
1370
1371
|
vendorUnmasked: "",
|
|
@@ -1533,10 +1534,10 @@ const cr = async (e) => {
|
|
|
1533
1534
|
}, ne = "Oops! It looks like your session has expired. For your security, please log in again to continue.", dr = "Your session has been successfully terminated.", re = "Login failed. Please try again.", Ae = "Error getting access token, please re-authenticate.", hr = "You forgot to wrap your component in <AuthProvider>.", le = {
|
|
1534
1535
|
dev: "https://auth.gizmette.local.com:3003",
|
|
1535
1536
|
prod: "https://mylogin.gizmette.com/auth"
|
|
1536
|
-
}, ae = "@@auth@@",
|
|
1537
|
+
}, ae = "@@auth@@", J = "LOADING", Y = "LOGIN", ht = "LOGOUT", pr = process.env.NODE_ENV === "production", pt = !pr, fr = (e) => {
|
|
1537
1538
|
try {
|
|
1538
1539
|
const t = In(e);
|
|
1539
|
-
return t ? t[
|
|
1540
|
+
return t ? t[T.USER_ID_KEY] : "";
|
|
1540
1541
|
} catch {
|
|
1541
1542
|
return "";
|
|
1542
1543
|
}
|
|
@@ -1605,30 +1606,30 @@ const cr = async (e) => {
|
|
|
1605
1606
|
sessionExpiration: s,
|
|
1606
1607
|
code: o,
|
|
1607
1608
|
code_verifier: i,
|
|
1608
|
-
domain:
|
|
1609
|
-
fingerprint:
|
|
1609
|
+
domain: l,
|
|
1610
|
+
fingerprint: y
|
|
1610
1611
|
}) => {
|
|
1611
1612
|
try {
|
|
1612
|
-
const
|
|
1613
|
+
const h = await pe({
|
|
1613
1614
|
type: de.AUTHENTICATE,
|
|
1614
1615
|
clientId: n,
|
|
1615
1616
|
params: {
|
|
1616
|
-
type: a ||
|
|
1617
|
+
type: a || j.ID_AND_ACCESS_TOKEN,
|
|
1617
1618
|
username: e,
|
|
1618
1619
|
password: t,
|
|
1619
1620
|
sessionExpiration: s,
|
|
1620
1621
|
nonce: r,
|
|
1621
1622
|
code: o,
|
|
1622
1623
|
code_verifier: i,
|
|
1623
|
-
domain:
|
|
1624
|
-
fingerprint:
|
|
1624
|
+
domain: l,
|
|
1625
|
+
fingerprint: y
|
|
1625
1626
|
}
|
|
1626
|
-
}),
|
|
1627
|
-
return
|
|
1628
|
-
idToken:
|
|
1629
|
-
accessToken:
|
|
1630
|
-
refreshToken:
|
|
1631
|
-
userId:
|
|
1627
|
+
}), p = await x(h.data.idToken);
|
|
1628
|
+
return p && p.payload[T.USER_ID_KEY] !== "" && p.payload[T.NONCE_KEY] === r ? {
|
|
1629
|
+
idToken: h.data.idToken,
|
|
1630
|
+
accessToken: h.data.accessToken,
|
|
1631
|
+
refreshToken: h.data.refreshToken,
|
|
1632
|
+
userId: p.payload[T.USER_ID_KEY],
|
|
1632
1633
|
status: !0
|
|
1633
1634
|
} : {
|
|
1634
1635
|
status: !1
|
|
@@ -1648,7 +1649,7 @@ const cr = async (e) => {
|
|
|
1648
1649
|
type: de.CODE,
|
|
1649
1650
|
clientId: t,
|
|
1650
1651
|
params: {
|
|
1651
|
-
type:
|
|
1652
|
+
type: j.CODE,
|
|
1652
1653
|
nonce: e,
|
|
1653
1654
|
code_challenge: n
|
|
1654
1655
|
}
|
|
@@ -1677,7 +1678,7 @@ const cr = async (e) => {
|
|
|
1677
1678
|
type: de.AUTHENTICATE,
|
|
1678
1679
|
clientId: e,
|
|
1679
1680
|
params: {
|
|
1680
|
-
type:
|
|
1681
|
+
type: j.REFRESH_TOKEN,
|
|
1681
1682
|
userId: t,
|
|
1682
1683
|
nonce: n,
|
|
1683
1684
|
refreshToken: r,
|
|
@@ -1685,11 +1686,11 @@ const cr = async (e) => {
|
|
|
1685
1686
|
domain: s,
|
|
1686
1687
|
fingerprint: await ft()
|
|
1687
1688
|
}
|
|
1688
|
-
}), i = await
|
|
1689
|
-
return i && i.payload[
|
|
1689
|
+
}), i = await x(o.data.accessToken);
|
|
1690
|
+
return i && i.payload[T.USER_ID_KEY] !== "" && i.payload[T.NONCE_KEY] === n ? {
|
|
1690
1691
|
accessToken: o.data.accessToken,
|
|
1691
1692
|
refreshToken: o.data.refreshToken,
|
|
1692
|
-
userId: i.payload[
|
|
1693
|
+
userId: i.payload[T.USER_ID_KEY],
|
|
1693
1694
|
status: !0
|
|
1694
1695
|
} : {
|
|
1695
1696
|
status: !1
|
|
@@ -1774,7 +1775,7 @@ const cr = async (e) => {
|
|
|
1774
1775
|
username,
|
|
1775
1776
|
}
|
|
1776
1777
|
}`
|
|
1777
|
-
},
|
|
1778
|
+
}, K = {
|
|
1778
1779
|
GET_REGISTRATION_OPTIONS: {
|
|
1779
1780
|
schema: oe.GET_REGISTRATION_OPTIONS,
|
|
1780
1781
|
method: "getPasskeyRegistrationOptions"
|
|
@@ -1791,7 +1792,7 @@ const cr = async (e) => {
|
|
|
1791
1792
|
schema: oe.VERIFY_AUTHENTICATION,
|
|
1792
1793
|
method: "verifyPasskeyAuthentication"
|
|
1793
1794
|
}
|
|
1794
|
-
},
|
|
1795
|
+
}, H = async ({
|
|
1795
1796
|
accessToken: e,
|
|
1796
1797
|
type: t,
|
|
1797
1798
|
clientId: n,
|
|
@@ -1817,11 +1818,11 @@ const cr = async (e) => {
|
|
|
1817
1818
|
);
|
|
1818
1819
|
if (o.status !== 200)
|
|
1819
1820
|
return { status: o.status, data: [] };
|
|
1820
|
-
const { data: i, errors:
|
|
1821
|
+
const { data: i, errors: l } = await o.json();
|
|
1821
1822
|
return {
|
|
1822
1823
|
status: o.status,
|
|
1823
1824
|
data: i[t.method],
|
|
1824
|
-
errors:
|
|
1825
|
+
errors: l
|
|
1825
1826
|
};
|
|
1826
1827
|
} catch (a) {
|
|
1827
1828
|
return console.error(a), { status: 500, data: [] };
|
|
@@ -1864,8 +1865,8 @@ class wr {
|
|
|
1864
1865
|
nonce: r,
|
|
1865
1866
|
domain: a
|
|
1866
1867
|
}) {
|
|
1867
|
-
const s = await
|
|
1868
|
-
if (s && s.payload[
|
|
1868
|
+
const s = await x(this.refreshToken);
|
|
1869
|
+
if (s && s.payload[T.USER_ID_KEY] !== "") {
|
|
1869
1870
|
const o = await mr({
|
|
1870
1871
|
clientId: t,
|
|
1871
1872
|
userId: n,
|
|
@@ -1887,20 +1888,25 @@ class wr {
|
|
|
1887
1888
|
};
|
|
1888
1889
|
}
|
|
1889
1890
|
}
|
|
1890
|
-
const
|
|
1891
|
+
const Er = (e) => W(
|
|
1892
|
+
(...t) => {
|
|
1893
|
+
e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
|
|
1894
|
+
},
|
|
1895
|
+
[e]
|
|
1896
|
+
), L = () => {
|
|
1891
1897
|
throw new Error(hr);
|
|
1892
|
-
}, yt =
|
|
1898
|
+
}, yt = Pt({
|
|
1893
1899
|
isAuthenticated: !1,
|
|
1894
1900
|
isLoading: !1,
|
|
1895
1901
|
authenticationType: null,
|
|
1896
|
-
login:
|
|
1897
|
-
logout:
|
|
1898
|
-
getAccessToken:
|
|
1899
|
-
getIdToken:
|
|
1900
|
-
registeringForPasskey:
|
|
1901
|
-
loginWithPasskey:
|
|
1902
|
+
login: L,
|
|
1903
|
+
logout: L,
|
|
1904
|
+
getAccessToken: L,
|
|
1905
|
+
getIdToken: L,
|
|
1906
|
+
registeringForPasskey: L,
|
|
1907
|
+
loginWithPasskey: L,
|
|
1902
1908
|
logoutReason: ""
|
|
1903
|
-
}),
|
|
1909
|
+
}), Sr = kt.createContext({
|
|
1904
1910
|
state: {
|
|
1905
1911
|
isLoading: !0,
|
|
1906
1912
|
isAuthenticated: !1,
|
|
@@ -1911,10 +1917,10 @@ const W = () => {
|
|
|
1911
1917
|
},
|
|
1912
1918
|
dispatch: () => {
|
|
1913
1919
|
}
|
|
1914
|
-
}),
|
|
1920
|
+
}), Ar = (e, t) => (t == null ? void 0 : t.type) === J ? {
|
|
1915
1921
|
...e,
|
|
1916
1922
|
isLoading: t.payload.isLoading
|
|
1917
|
-
} : (t == null ? void 0 : t.type) ===
|
|
1923
|
+
} : (t == null ? void 0 : t.type) === Y ? {
|
|
1918
1924
|
...e,
|
|
1919
1925
|
isLoading: !1,
|
|
1920
1926
|
isAuthenticated: !0,
|
|
@@ -1928,38 +1934,33 @@ const W = () => {
|
|
|
1928
1934
|
user: void 0,
|
|
1929
1935
|
authenticationType: null,
|
|
1930
1936
|
logoutReason: t.payload.logoutReason
|
|
1931
|
-
} : e,
|
|
1937
|
+
} : e, Or = ({
|
|
1932
1938
|
children: e,
|
|
1933
1939
|
sessionExpiration: t,
|
|
1934
1940
|
clientId: n,
|
|
1935
1941
|
domain: r = "",
|
|
1936
1942
|
debug: a = !1
|
|
1937
1943
|
}) => {
|
|
1938
|
-
const [s, o] = Ot(
|
|
1944
|
+
const [s, o] = Ot(Ar, {
|
|
1939
1945
|
isLoading: !0,
|
|
1940
1946
|
isAuthenticated: !1,
|
|
1941
1947
|
authenticationType: null,
|
|
1942
1948
|
user: void 0,
|
|
1943
1949
|
logoutReason: "",
|
|
1944
1950
|
debug: a
|
|
1945
|
-
}), i = Ce(!1),
|
|
1951
|
+
}), i = Er(a), l = Ce(!1), y = Ce(""), [h, p, , m] = ee({
|
|
1946
1952
|
key: `${ae}::${n}::@@user@@`
|
|
1947
|
-
}), [
|
|
1953
|
+
}), [u, d, , g] = ee({
|
|
1948
1954
|
key: `${ae}::${n}::@@access@@`
|
|
1949
|
-
}), [
|
|
1955
|
+
}), [R, B, , q] = ee(
|
|
1950
1956
|
{
|
|
1951
1957
|
key: `${ae}::${n}::@@refresh@@`
|
|
1952
1958
|
}
|
|
1953
1959
|
), [gt, Ie, , _e] = ee({
|
|
1954
1960
|
key: `${ae}::${n}::@@nonce@@`
|
|
1955
|
-
}),
|
|
1956
|
-
(...c) => {
|
|
1957
|
-
a && console.info(`==> [Auth ${Date.now()}]: `, ...c);
|
|
1958
|
-
},
|
|
1959
|
-
[a]
|
|
1960
|
-
), mt = new wr(p, m), $ = x(
|
|
1961
|
+
}), mt = new wr(u, R), U = W(
|
|
1961
1962
|
(c) => {
|
|
1962
|
-
|
|
1963
|
+
i(
|
|
1963
1964
|
"removeStateAndLocalStorage: removing state and local storage with reason: ",
|
|
1964
1965
|
c
|
|
1965
1966
|
), o({
|
|
@@ -1967,178 +1968,178 @@ const W = () => {
|
|
|
1967
1968
|
payload: {
|
|
1968
1969
|
logoutReason: c || ne
|
|
1969
1970
|
}
|
|
1970
|
-
}),
|
|
1971
|
+
}), m(), g(), q(), _e(), o({ type: J, payload: { isLoading: !1 } });
|
|
1971
1972
|
},
|
|
1972
|
-
[
|
|
1973
|
-
),
|
|
1973
|
+
[g, m, _e, q, i]
|
|
1974
|
+
), N = W(
|
|
1974
1975
|
async (c) => {
|
|
1975
|
-
|
|
1976
|
-
const { user:
|
|
1977
|
-
|
|
1976
|
+
i("invalidateAndLogout: invalidating and logging out");
|
|
1977
|
+
const { user: w } = s, f = (w == null ? void 0 : w.userId) || fr(h);
|
|
1978
|
+
f || i(
|
|
1978
1979
|
"invalidateAndLogout: user cannot be identified, logging out without userId"
|
|
1979
1980
|
), await yr({
|
|
1980
|
-
userId:
|
|
1981
|
-
idToken:
|
|
1982
|
-
accessToken:
|
|
1983
|
-
refreshToken:
|
|
1981
|
+
userId: f,
|
|
1982
|
+
idToken: h,
|
|
1983
|
+
accessToken: u,
|
|
1984
|
+
refreshToken: R,
|
|
1984
1985
|
clientId: n,
|
|
1985
1986
|
domain: r
|
|
1986
|
-
}),
|
|
1987
|
+
}), U(c || ne);
|
|
1987
1988
|
},
|
|
1988
1989
|
[
|
|
1989
|
-
|
|
1990
|
+
u,
|
|
1990
1991
|
s,
|
|
1991
1992
|
n,
|
|
1992
1993
|
r,
|
|
1993
|
-
|
|
1994
|
-
|
|
1995
|
-
|
|
1996
|
-
|
|
1994
|
+
h,
|
|
1995
|
+
R,
|
|
1996
|
+
U,
|
|
1997
|
+
i
|
|
1997
1998
|
]
|
|
1998
1999
|
);
|
|
1999
|
-
Te(() => ((async () => (
|
|
2000
|
-
|
|
2000
|
+
Te(() => ((async () => (i("useEffect: setting the fingerprint"), y.current = await ft()))(), () => {
|
|
2001
|
+
i("useEffect: cleaning up the fingerprint"), y.current = "";
|
|
2001
2002
|
}), []), Te(() => {
|
|
2002
|
-
if (!
|
|
2003
|
-
return s.isLoading &&
|
|
2003
|
+
if (!l.current)
|
|
2004
|
+
return s.isLoading && h !== null ? (async () => {
|
|
2004
2005
|
try {
|
|
2005
|
-
const c = await
|
|
2006
|
-
c && c.payload[
|
|
2007
|
-
type:
|
|
2006
|
+
const c = await x(h);
|
|
2007
|
+
c && c.payload[T.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), o({
|
|
2008
|
+
type: Y,
|
|
2008
2009
|
payload: {
|
|
2009
|
-
authenticationType: c.payload[
|
|
2010
|
+
authenticationType: c.payload[T.AUTH_TYPE_KEY],
|
|
2010
2011
|
user: {
|
|
2011
|
-
userId: c.payload[
|
|
2012
|
-
username: c.payload[
|
|
2012
|
+
userId: c.payload[T.USER_ID_KEY],
|
|
2013
|
+
username: c.payload[T.USERNAME_KEY]
|
|
2013
2014
|
}
|
|
2014
2015
|
}
|
|
2015
|
-
})) : (
|
|
2016
|
+
})) : (i("useEffect: invalid JWT, invalidating and logging out"), await N(ne));
|
|
2016
2017
|
} catch {
|
|
2017
|
-
|
|
2018
|
+
i(
|
|
2018
2019
|
"useEffect: exception validating JWT, invalidating and logging out"
|
|
2019
|
-
), await
|
|
2020
|
+
), await N(ne);
|
|
2020
2021
|
}
|
|
2021
|
-
})() : (
|
|
2022
|
-
|
|
2022
|
+
})() : (i("useEffect: setting the loading state to false"), o({ type: J, payload: { isLoading: !1 } })), () => {
|
|
2023
|
+
l.current = !0;
|
|
2023
2024
|
};
|
|
2024
|
-
}, [s.isLoading,
|
|
2025
|
-
const wt = async (c,
|
|
2026
|
-
const
|
|
2027
|
-
if (Ie(
|
|
2025
|
+
}, [s.isLoading, h, N, i]);
|
|
2026
|
+
const wt = async (c, w, f) => {
|
|
2027
|
+
const I = Se();
|
|
2028
|
+
if (Ie(I), o({ type: J, payload: { isLoading: !0 } }), m(), g(), q(), i("login: Logging in with type: ", f), f === j.CODE) {
|
|
2028
2029
|
const { code_verifier: bt, code_challenge: It } = await Dn(), ve = await gr({
|
|
2029
|
-
nonce:
|
|
2030
|
+
nonce: I,
|
|
2030
2031
|
clientId: n,
|
|
2031
2032
|
code_challenge: It
|
|
2032
2033
|
});
|
|
2033
2034
|
if (ve.status) {
|
|
2034
|
-
const
|
|
2035
|
+
const G = await Je({
|
|
2035
2036
|
username: c,
|
|
2036
|
-
password:
|
|
2037
|
+
password: w,
|
|
2037
2038
|
clientId: n,
|
|
2038
2039
|
sessionExpiration: t,
|
|
2039
|
-
nonce:
|
|
2040
|
-
type:
|
|
2040
|
+
nonce: I,
|
|
2041
|
+
type: f,
|
|
2041
2042
|
code: ve.code,
|
|
2042
2043
|
code_verifier: bt,
|
|
2043
2044
|
domain: r,
|
|
2044
|
-
fingerprint:
|
|
2045
|
+
fingerprint: y.current
|
|
2045
2046
|
});
|
|
2046
|
-
return
|
|
2047
|
-
type:
|
|
2047
|
+
return G.status ? (p(G.idToken), d(G.accessToken), B(G.refreshToken), o({
|
|
2048
|
+
type: Y,
|
|
2048
2049
|
payload: {
|
|
2049
|
-
authenticationType:
|
|
2050
|
+
authenticationType: f,
|
|
2050
2051
|
user: {
|
|
2051
|
-
userId:
|
|
2052
|
+
userId: G.userId,
|
|
2052
2053
|
username: c
|
|
2053
2054
|
}
|
|
2054
2055
|
}
|
|
2055
|
-
}), !0) : (
|
|
2056
|
+
}), !0) : (U(re), !1);
|
|
2056
2057
|
}
|
|
2057
2058
|
return !1;
|
|
2058
2059
|
}
|
|
2059
|
-
const
|
|
2060
|
+
const M = await Je({
|
|
2060
2061
|
username: c,
|
|
2061
|
-
password:
|
|
2062
|
+
password: w,
|
|
2062
2063
|
clientId: n,
|
|
2063
2064
|
sessionExpiration: t,
|
|
2064
|
-
nonce:
|
|
2065
|
-
type:
|
|
2065
|
+
nonce: I,
|
|
2066
|
+
type: f,
|
|
2066
2067
|
domain: r,
|
|
2067
|
-
fingerprint:
|
|
2068
|
+
fingerprint: y.current
|
|
2068
2069
|
});
|
|
2069
|
-
return
|
|
2070
|
-
type:
|
|
2070
|
+
return M.status ? (p(M.idToken), d(M.accessToken), B(M.refreshToken), o({
|
|
2071
|
+
type: Y,
|
|
2071
2072
|
payload: {
|
|
2072
|
-
authenticationType:
|
|
2073
|
+
authenticationType: f,
|
|
2073
2074
|
user: {
|
|
2074
|
-
userId:
|
|
2075
|
+
userId: M.userId,
|
|
2075
2076
|
username: c
|
|
2076
2077
|
}
|
|
2077
2078
|
}
|
|
2078
|
-
}), !0) : (
|
|
2079
|
+
}), !0) : (U(re), !1);
|
|
2079
2080
|
}, Et = async (c) => {
|
|
2080
|
-
c == null || c.preventDefault(), await
|
|
2081
|
+
c == null || c.preventDefault(), await N(dr);
|
|
2081
2082
|
}, St = async () => {
|
|
2082
|
-
const { isAuthenticated: c, user:
|
|
2083
|
+
const { isAuthenticated: c, user: w } = s;
|
|
2083
2084
|
try {
|
|
2084
|
-
if (c &&
|
|
2085
|
-
if (
|
|
2086
|
-
|
|
2087
|
-
const
|
|
2088
|
-
if (
|
|
2089
|
-
return
|
|
2085
|
+
if (c && w && w.userId) {
|
|
2086
|
+
if (u) {
|
|
2087
|
+
i("getAccessToken");
|
|
2088
|
+
const I = await x(u);
|
|
2089
|
+
if (I && I.payload[T.USER_ID_KEY] !== "")
|
|
2090
|
+
return u;
|
|
2090
2091
|
}
|
|
2091
|
-
|
|
2092
|
-
const
|
|
2092
|
+
i("getAccessToken: invalid access token, refreshing it");
|
|
2093
|
+
const f = await mt.refreshtoken({
|
|
2093
2094
|
clientId: n,
|
|
2094
|
-
userId:
|
|
2095
|
+
userId: w.userId,
|
|
2095
2096
|
nonce: gt,
|
|
2096
2097
|
domain: r
|
|
2097
2098
|
});
|
|
2098
|
-
return
|
|
2099
|
+
return f.status && f.status === "success" ? (d(f.newAccessToken), B(f.newRefreshToken), f.newAccessToken) : (i("getAccessToken: invalid refresh token, re-authenticating user"), await N(Ae), "");
|
|
2099
2100
|
}
|
|
2100
|
-
return
|
|
2101
|
+
return i(
|
|
2101
2102
|
"getAccessToken: user is not authenticated, cannot get access token"
|
|
2102
|
-
), await
|
|
2103
|
+
), await N(Ae), "";
|
|
2103
2104
|
} catch {
|
|
2104
|
-
return
|
|
2105
|
+
return i(
|
|
2105
2106
|
"getAccessToken: exception occurred, invalidating and logging out"
|
|
2106
|
-
), await
|
|
2107
|
+
), await N(Ae), "";
|
|
2107
2108
|
}
|
|
2108
2109
|
}, At = () => {
|
|
2109
|
-
if (s.isAuthenticated &&
|
|
2110
|
-
return
|
|
2110
|
+
if (s.isAuthenticated && h)
|
|
2111
|
+
return h;
|
|
2111
2112
|
}, Tt = async () => {
|
|
2112
2113
|
const { user: c } = s;
|
|
2113
|
-
let
|
|
2114
|
-
accessToken:
|
|
2114
|
+
let w = await H({
|
|
2115
|
+
accessToken: u,
|
|
2115
2116
|
clientId: n,
|
|
2116
|
-
type:
|
|
2117
|
+
type: K.GET_REGISTRATION_OPTIONS,
|
|
2117
2118
|
params: {
|
|
2118
2119
|
clientId: n,
|
|
2119
2120
|
id: c == null ? void 0 : c.userId,
|
|
2120
2121
|
username: c == null ? void 0 : c.username
|
|
2121
2122
|
}
|
|
2122
2123
|
});
|
|
2123
|
-
if (
|
|
2124
|
+
if (w.status)
|
|
2124
2125
|
try {
|
|
2125
|
-
const
|
|
2126
|
-
|
|
2127
|
-
accessToken:
|
|
2126
|
+
const f = await Kt(w.data);
|
|
2127
|
+
w = await H({
|
|
2128
|
+
accessToken: u,
|
|
2128
2129
|
clientId: n,
|
|
2129
|
-
type:
|
|
2130
|
+
type: K.VERIFY_REGISTRATION,
|
|
2130
2131
|
params: {
|
|
2131
2132
|
clientId: n,
|
|
2132
2133
|
id: c == null ? void 0 : c.userId,
|
|
2133
2134
|
username: c == null ? void 0 : c.username,
|
|
2134
|
-
registration:
|
|
2135
|
+
registration: f
|
|
2135
2136
|
}
|
|
2136
2137
|
});
|
|
2137
2138
|
} catch {
|
|
2138
|
-
return await
|
|
2139
|
-
accessToken:
|
|
2139
|
+
return await H({
|
|
2140
|
+
accessToken: u,
|
|
2140
2141
|
clientId: n,
|
|
2141
|
-
type:
|
|
2142
|
+
type: K.VERIFY_REGISTRATION,
|
|
2142
2143
|
params: {
|
|
2143
2144
|
clientId: n,
|
|
2144
2145
|
id: c == null ? void 0 : c.userId,
|
|
@@ -2149,58 +2150,58 @@ const W = () => {
|
|
|
2149
2150
|
}
|
|
2150
2151
|
}, Rt = async () => {
|
|
2151
2152
|
const c = Se();
|
|
2152
|
-
Ie(c), o({ type:
|
|
2153
|
-
const
|
|
2154
|
-
let
|
|
2155
|
-
accessToken:
|
|
2153
|
+
Ie(c), o({ type: J, payload: { isLoading: !0 } }), m(), g(), q(), i("loginWithPasskey");
|
|
2154
|
+
const w = Se();
|
|
2155
|
+
let f = await H({
|
|
2156
|
+
accessToken: u,
|
|
2156
2157
|
clientId: n,
|
|
2157
|
-
type:
|
|
2158
|
+
type: K.GET_AUTHENTICATION_OPTIONS,
|
|
2158
2159
|
params: {
|
|
2159
|
-
id:
|
|
2160
|
+
id: w,
|
|
2160
2161
|
clientId: n
|
|
2161
2162
|
}
|
|
2162
2163
|
});
|
|
2163
|
-
if (
|
|
2164
|
+
if (f.status)
|
|
2164
2165
|
try {
|
|
2165
|
-
const
|
|
2166
|
-
return
|
|
2167
|
-
accessToken:
|
|
2166
|
+
const I = await Wt(f.data);
|
|
2167
|
+
return f = await H({
|
|
2168
|
+
accessToken: u,
|
|
2168
2169
|
clientId: n,
|
|
2169
|
-
type:
|
|
2170
|
+
type: K.VERIFY_AUTHENTICATION,
|
|
2170
2171
|
params: {
|
|
2171
2172
|
clientId: n,
|
|
2172
|
-
id:
|
|
2173
|
-
authentication:
|
|
2173
|
+
id: w,
|
|
2174
|
+
authentication: I,
|
|
2174
2175
|
nonce: c,
|
|
2175
2176
|
domain: r,
|
|
2176
|
-
fingerprint:
|
|
2177
|
+
fingerprint: y.current
|
|
2177
2178
|
}
|
|
2178
|
-
}),
|
|
2179
|
-
type:
|
|
2179
|
+
}), f.data.status === "success" ? (p(f.data.idToken), d(f.data.accessToken), B(f.data.refreshToken), o({
|
|
2180
|
+
type: Y,
|
|
2180
2181
|
payload: {
|
|
2181
|
-
authenticationType:
|
|
2182
|
+
authenticationType: j.PASSKEY,
|
|
2182
2183
|
user: {
|
|
2183
|
-
userId:
|
|
2184
|
-
username:
|
|
2184
|
+
userId: f.data.userId,
|
|
2185
|
+
username: f.data.username
|
|
2185
2186
|
}
|
|
2186
2187
|
}
|
|
2187
|
-
}), !0) : (
|
|
2188
|
+
}), !0) : (U(re), !1);
|
|
2188
2189
|
} catch {
|
|
2189
|
-
return await
|
|
2190
|
-
accessToken:
|
|
2190
|
+
return await H({
|
|
2191
|
+
accessToken: u,
|
|
2191
2192
|
clientId: n,
|
|
2192
|
-
type:
|
|
2193
|
+
type: K.VERIFY_AUTHENTICATION,
|
|
2193
2194
|
params: {
|
|
2194
2195
|
clientId: n,
|
|
2195
|
-
id:
|
|
2196
|
+
id: w,
|
|
2196
2197
|
authentication: {},
|
|
2197
2198
|
nonce: c,
|
|
2198
2199
|
domain: r
|
|
2199
2200
|
}
|
|
2200
|
-
}),
|
|
2201
|
+
}), U(re), !1;
|
|
2201
2202
|
}
|
|
2202
2203
|
};
|
|
2203
|
-
return /* @__PURE__ */
|
|
2204
|
+
return /* @__PURE__ */ ke(Sr.Provider, { value: { state: s, dispatch: o }, children: /* @__PURE__ */ ke(
|
|
2204
2205
|
yt.Provider,
|
|
2205
2206
|
{
|
|
2206
2207
|
value: {
|
|
@@ -2215,10 +2216,10 @@ const W = () => {
|
|
|
2215
2216
|
children: e
|
|
2216
2217
|
}
|
|
2217
2218
|
) });
|
|
2218
|
-
},
|
|
2219
|
+
}, Nr = (e = yt) => Nt(e);
|
|
2219
2220
|
export {
|
|
2220
|
-
|
|
2221
|
-
|
|
2222
|
-
|
|
2223
|
-
|
|
2221
|
+
j as AUTH_TYPES,
|
|
2222
|
+
Or as AuthProvider,
|
|
2223
|
+
Pr as isGranted,
|
|
2224
|
+
Nr as useAuth
|
|
2224
2225
|
};
|