@versini/auth-provider 6.3.0 → 6.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +393 -389
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -2,21 +2,21 @@ var _t = Object.defineProperty;
|
|
|
2
2
|
var vt = (e, t, n) => t in e ? _t(e, t, { enumerable: !0, configurable: !0, writable: !0, value: n }) : e[t] = n;
|
|
3
3
|
var z = (e, t, n) => vt(e, typeof t != "symbol" ? t + "" : t, n);
|
|
4
4
|
import { jsx as Pe } from "react/jsx-runtime";
|
|
5
|
-
import Pt, { useSyncExternalStore as
|
|
5
|
+
import Pt, { useSyncExternalStore as kt, useCallback as W, useEffect as Te, createContext as Ct, useReducer as Ot, useRef as ke, useContext as Nt } from "react";
|
|
6
6
|
/*!
|
|
7
|
-
@versini/auth-provider v6.3.
|
|
7
|
+
@versini/auth-provider v6.3.2
|
|
8
8
|
© 2024 gizmette.com
|
|
9
9
|
*/
|
|
10
10
|
try {
|
|
11
11
|
window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
|
|
12
|
-
version: "6.3.
|
|
13
|
-
buildTime: "07/
|
|
12
|
+
version: "6.3.2",
|
|
13
|
+
buildTime: "07/23/2024 01:37 PM EDT",
|
|
14
14
|
homepage: "https://github.com/aversini/auth-client",
|
|
15
15
|
license: "MIT"
|
|
16
16
|
});
|
|
17
17
|
} catch {
|
|
18
18
|
}
|
|
19
|
-
function
|
|
19
|
+
function v(e) {
|
|
20
20
|
const t = new Uint8Array(e);
|
|
21
21
|
let n = "";
|
|
22
22
|
for (const a of t)
|
|
@@ -43,7 +43,7 @@ function Ye(e) {
|
|
|
43
43
|
function Ve(e) {
|
|
44
44
|
return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
|
|
45
45
|
}
|
|
46
|
-
class
|
|
46
|
+
class b extends Error {
|
|
47
47
|
constructor({ message: t, code: n, cause: r, name: a }) {
|
|
48
48
|
super(t, { cause: r }), this.name = a ?? r.name, this.code = n;
|
|
49
49
|
}
|
|
@@ -55,43 +55,43 @@ function Dt({ error: e, options: t }) {
|
|
|
55
55
|
throw Error("options was missing required publicKey property");
|
|
56
56
|
if (e.name === "AbortError") {
|
|
57
57
|
if (t.signal instanceof AbortSignal)
|
|
58
|
-
return new
|
|
58
|
+
return new b({
|
|
59
59
|
message: "Registration ceremony was sent an abort signal",
|
|
60
60
|
code: "ERROR_CEREMONY_ABORTED",
|
|
61
61
|
cause: e
|
|
62
62
|
});
|
|
63
63
|
} else if (e.name === "ConstraintError") {
|
|
64
64
|
if (((r = n.authenticatorSelection) == null ? void 0 : r.requireResidentKey) === !0)
|
|
65
|
-
return new
|
|
65
|
+
return new b({
|
|
66
66
|
message: "Discoverable credentials were required but no available authenticator supported it",
|
|
67
67
|
code: "ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT",
|
|
68
68
|
cause: e
|
|
69
69
|
});
|
|
70
70
|
if (((a = n.authenticatorSelection) == null ? void 0 : a.userVerification) === "required")
|
|
71
|
-
return new
|
|
71
|
+
return new b({
|
|
72
72
|
message: "User verification was required but no available authenticator supported it",
|
|
73
73
|
code: "ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT",
|
|
74
74
|
cause: e
|
|
75
75
|
});
|
|
76
76
|
} else {
|
|
77
77
|
if (e.name === "InvalidStateError")
|
|
78
|
-
return new
|
|
78
|
+
return new b({
|
|
79
79
|
message: "The authenticator was previously registered",
|
|
80
80
|
code: "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED",
|
|
81
81
|
cause: e
|
|
82
82
|
});
|
|
83
83
|
if (e.name === "NotAllowedError")
|
|
84
|
-
return new
|
|
84
|
+
return new b({
|
|
85
85
|
message: e.message,
|
|
86
86
|
code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
|
|
87
87
|
cause: e
|
|
88
88
|
});
|
|
89
89
|
if (e.name === "NotSupportedError")
|
|
90
|
-
return n.pubKeyCredParams.filter((o) => o.type === "public-key").length === 0 ? new
|
|
90
|
+
return n.pubKeyCredParams.filter((o) => o.type === "public-key").length === 0 ? new b({
|
|
91
91
|
message: 'No entry in pubKeyCredParams was of type "public-key"',
|
|
92
92
|
code: "ERROR_MALFORMED_PUBKEYCREDPARAMS",
|
|
93
93
|
cause: e
|
|
94
|
-
}) : new
|
|
94
|
+
}) : new b({
|
|
95
95
|
message: "No available authenticator supported any of the specified pubKeyCredParams algorithms",
|
|
96
96
|
code: "ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG",
|
|
97
97
|
cause: e
|
|
@@ -100,25 +100,25 @@ function Dt({ error: e, options: t }) {
|
|
|
100
100
|
const s = window.location.hostname;
|
|
101
101
|
if (Ve(s)) {
|
|
102
102
|
if (n.rp.id !== s)
|
|
103
|
-
return new
|
|
103
|
+
return new b({
|
|
104
104
|
message: `The RP ID "${n.rp.id}" is invalid for this domain`,
|
|
105
105
|
code: "ERROR_INVALID_RP_ID",
|
|
106
106
|
cause: e
|
|
107
107
|
});
|
|
108
|
-
} else return new
|
|
108
|
+
} else return new b({
|
|
109
109
|
message: `${window.location.hostname} is an invalid domain`,
|
|
110
110
|
code: "ERROR_INVALID_DOMAIN",
|
|
111
111
|
cause: e
|
|
112
112
|
});
|
|
113
113
|
} else if (e.name === "TypeError") {
|
|
114
114
|
if (n.user.id.byteLength < 1 || n.user.id.byteLength > 64)
|
|
115
|
-
return new
|
|
115
|
+
return new b({
|
|
116
116
|
message: "User ID was not between 1 and 64 characters",
|
|
117
117
|
code: "ERROR_INVALID_USER_ID_LENGTH",
|
|
118
118
|
cause: e
|
|
119
119
|
});
|
|
120
120
|
} else if (e.name === "UnknownError")
|
|
121
|
-
return new
|
|
121
|
+
return new b({
|
|
122
122
|
message: "The authenticator was unable to process the specified options, or could not create a new credential",
|
|
123
123
|
code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
|
|
124
124
|
cause: e
|
|
@@ -148,7 +148,7 @@ function Fe(e) {
|
|
|
148
148
|
return e;
|
|
149
149
|
}
|
|
150
150
|
async function Kt(e) {
|
|
151
|
-
var
|
|
151
|
+
var m;
|
|
152
152
|
if (!Re())
|
|
153
153
|
throw new Error("WebAuthn is not supported in this browser");
|
|
154
154
|
const n = { publicKey: {
|
|
@@ -158,52 +158,52 @@ async function Kt(e) {
|
|
|
158
158
|
...e.user,
|
|
159
159
|
id: ie(e.user.id)
|
|
160
160
|
},
|
|
161
|
-
excludeCredentials: (
|
|
161
|
+
excludeCredentials: (m = e.excludeCredentials) == null ? void 0 : m.map(Ye)
|
|
162
162
|
} };
|
|
163
163
|
n.signal = je.createNewAbortSignal();
|
|
164
164
|
let r;
|
|
165
165
|
try {
|
|
166
166
|
r = await navigator.credentials.create(n);
|
|
167
|
-
} catch (
|
|
168
|
-
throw Dt({ error:
|
|
167
|
+
} catch (u) {
|
|
168
|
+
throw Dt({ error: u, options: n });
|
|
169
169
|
}
|
|
170
170
|
if (!r)
|
|
171
171
|
throw new Error("Registration was not completed");
|
|
172
172
|
const { id: a, rawId: s, response: o, type: i } = r;
|
|
173
|
-
let
|
|
174
|
-
typeof o.getTransports == "function" && (
|
|
175
|
-
let
|
|
173
|
+
let l;
|
|
174
|
+
typeof o.getTransports == "function" && (l = o.getTransports());
|
|
175
|
+
let y;
|
|
176
176
|
if (typeof o.getPublicKeyAlgorithm == "function")
|
|
177
177
|
try {
|
|
178
|
-
|
|
179
|
-
} catch (
|
|
180
|
-
fe("getPublicKeyAlgorithm()",
|
|
178
|
+
y = o.getPublicKeyAlgorithm();
|
|
179
|
+
} catch (u) {
|
|
180
|
+
fe("getPublicKeyAlgorithm()", u);
|
|
181
181
|
}
|
|
182
|
-
let
|
|
182
|
+
let h;
|
|
183
183
|
if (typeof o.getPublicKey == "function")
|
|
184
184
|
try {
|
|
185
|
-
const
|
|
186
|
-
|
|
187
|
-
} catch (
|
|
188
|
-
fe("getPublicKey()",
|
|
185
|
+
const u = o.getPublicKey();
|
|
186
|
+
u !== null && (h = v(u));
|
|
187
|
+
} catch (u) {
|
|
188
|
+
fe("getPublicKey()", u);
|
|
189
189
|
}
|
|
190
|
-
let
|
|
190
|
+
let p;
|
|
191
191
|
if (typeof o.getAuthenticatorData == "function")
|
|
192
192
|
try {
|
|
193
|
-
|
|
194
|
-
} catch (
|
|
195
|
-
fe("getAuthenticatorData()",
|
|
193
|
+
p = v(o.getAuthenticatorData());
|
|
194
|
+
} catch (u) {
|
|
195
|
+
fe("getAuthenticatorData()", u);
|
|
196
196
|
}
|
|
197
197
|
return {
|
|
198
198
|
id: a,
|
|
199
|
-
rawId:
|
|
199
|
+
rawId: v(s),
|
|
200
200
|
response: {
|
|
201
|
-
attestationObject:
|
|
202
|
-
clientDataJSON:
|
|
203
|
-
transports:
|
|
204
|
-
publicKeyAlgorithm:
|
|
205
|
-
publicKey:
|
|
206
|
-
authenticatorData:
|
|
201
|
+
attestationObject: v(o.attestationObject),
|
|
202
|
+
clientDataJSON: v(o.clientDataJSON),
|
|
203
|
+
transports: l,
|
|
204
|
+
publicKeyAlgorithm: y,
|
|
205
|
+
publicKey: h,
|
|
206
|
+
authenticatorData: p
|
|
207
207
|
},
|
|
208
208
|
type: i,
|
|
209
209
|
clientExtensionResults: r.getClientExtensionResults(),
|
|
@@ -226,14 +226,14 @@ function Lt({ error: e, options: t }) {
|
|
|
226
226
|
throw Error("options was missing required publicKey property");
|
|
227
227
|
if (e.name === "AbortError") {
|
|
228
228
|
if (t.signal instanceof AbortSignal)
|
|
229
|
-
return new
|
|
229
|
+
return new b({
|
|
230
230
|
message: "Authentication ceremony was sent an abort signal",
|
|
231
231
|
code: "ERROR_CEREMONY_ABORTED",
|
|
232
232
|
cause: e
|
|
233
233
|
});
|
|
234
234
|
} else {
|
|
235
235
|
if (e.name === "NotAllowedError")
|
|
236
|
-
return new
|
|
236
|
+
return new b({
|
|
237
237
|
message: e.message,
|
|
238
238
|
code: "ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY",
|
|
239
239
|
cause: e
|
|
@@ -242,18 +242,18 @@ function Lt({ error: e, options: t }) {
|
|
|
242
242
|
const r = window.location.hostname;
|
|
243
243
|
if (Ve(r)) {
|
|
244
244
|
if (n.rpId !== r)
|
|
245
|
-
return new
|
|
245
|
+
return new b({
|
|
246
246
|
message: `The RP ID "${n.rpId}" is invalid for this domain`,
|
|
247
247
|
code: "ERROR_INVALID_RP_ID",
|
|
248
248
|
cause: e
|
|
249
249
|
});
|
|
250
|
-
} else return new
|
|
250
|
+
} else return new b({
|
|
251
251
|
message: `${window.location.hostname} is an invalid domain`,
|
|
252
252
|
code: "ERROR_INVALID_DOMAIN",
|
|
253
253
|
cause: e
|
|
254
254
|
});
|
|
255
255
|
} else if (e.name === "UnknownError")
|
|
256
|
-
return new
|
|
256
|
+
return new b({
|
|
257
257
|
message: "The authenticator was unable to process the specified options, or could not create a new assertion signature",
|
|
258
258
|
code: "ERROR_AUTHENTICATOR_GENERAL_ERROR",
|
|
259
259
|
cause: e
|
|
@@ -262,11 +262,11 @@ function Lt({ error: e, options: t }) {
|
|
|
262
262
|
return e;
|
|
263
263
|
}
|
|
264
264
|
async function Wt(e, t = !1) {
|
|
265
|
-
var
|
|
265
|
+
var p, m;
|
|
266
266
|
if (!Re())
|
|
267
267
|
throw new Error("WebAuthn is not supported in this browser");
|
|
268
268
|
let n;
|
|
269
|
-
((
|
|
269
|
+
((p = e.allowCredentials) == null ? void 0 : p.length) !== 0 && (n = (m = e.allowCredentials) == null ? void 0 : m.map(Ye));
|
|
270
270
|
const r = {
|
|
271
271
|
...e,
|
|
272
272
|
challenge: ie(e.challenge),
|
|
@@ -283,41 +283,41 @@ async function Wt(e, t = !1) {
|
|
|
283
283
|
let s;
|
|
284
284
|
try {
|
|
285
285
|
s = await navigator.credentials.get(a);
|
|
286
|
-
} catch (
|
|
287
|
-
throw Lt({ error:
|
|
286
|
+
} catch (u) {
|
|
287
|
+
throw Lt({ error: u, options: a });
|
|
288
288
|
}
|
|
289
289
|
if (!s)
|
|
290
290
|
throw new Error("Authentication was not completed");
|
|
291
|
-
const { id: o, rawId: i, response:
|
|
292
|
-
let
|
|
293
|
-
return
|
|
291
|
+
const { id: o, rawId: i, response: l, type: y } = s;
|
|
292
|
+
let h;
|
|
293
|
+
return l.userHandle && (h = v(l.userHandle)), {
|
|
294
294
|
id: o,
|
|
295
|
-
rawId:
|
|
295
|
+
rawId: v(i),
|
|
296
296
|
response: {
|
|
297
|
-
authenticatorData:
|
|
298
|
-
clientDataJSON:
|
|
299
|
-
signature:
|
|
300
|
-
userHandle:
|
|
297
|
+
authenticatorData: v(l.authenticatorData),
|
|
298
|
+
clientDataJSON: v(l.clientDataJSON),
|
|
299
|
+
signature: v(l.signature),
|
|
300
|
+
userHandle: h
|
|
301
301
|
},
|
|
302
|
-
type:
|
|
302
|
+
type: y,
|
|
303
303
|
clientExtensionResults: s.getClientExtensionResults(),
|
|
304
304
|
authenticatorAttachment: Fe(s.authenticatorAttachment)
|
|
305
305
|
};
|
|
306
306
|
}
|
|
307
307
|
/*!
|
|
308
|
-
@versini/auth-common v3.
|
|
308
|
+
@versini/auth-common v3.3.0
|
|
309
309
|
© 2024 gizmette.com
|
|
310
310
|
*/
|
|
311
311
|
try {
|
|
312
312
|
window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
|
|
313
|
-
version: "3.
|
|
314
|
-
buildTime: "07/
|
|
313
|
+
version: "3.3.0",
|
|
314
|
+
buildTime: "07/23/2024 01:36 PM EDT",
|
|
315
315
|
homepage: "https://github.com/aversini/auth-client",
|
|
316
316
|
license: "MIT"
|
|
317
317
|
});
|
|
318
318
|
} catch {
|
|
319
319
|
}
|
|
320
|
-
const
|
|
320
|
+
const j = {
|
|
321
321
|
ID_TOKEN: "id_token",
|
|
322
322
|
ACCESS_TOKEN: "token",
|
|
323
323
|
ID_AND_ACCESS_TOKEN: "id_token token",
|
|
@@ -326,7 +326,7 @@ const F = {
|
|
|
326
326
|
PASSKEY: "passkey"
|
|
327
327
|
}, Be = {
|
|
328
328
|
CLIENT_ID: "X-Auth-ClientId"
|
|
329
|
-
},
|
|
329
|
+
}, T = {
|
|
330
330
|
ALG: "RS256",
|
|
331
331
|
USER_ID_KEY: "sub",
|
|
332
332
|
TOKEN_ID_KEY: "__raw",
|
|
@@ -349,7 +349,7 @@ awIDAQAB
|
|
|
349
349
|
AUTHENTICATE: "authenticate",
|
|
350
350
|
CODE: "code",
|
|
351
351
|
LOGOUT: "logout"
|
|
352
|
-
}, he = crypto, qe = (e) => e instanceof CryptoKey, Q = new TextEncoder(),
|
|
352
|
+
}, he = crypto, qe = (e) => e instanceof CryptoKey, Q = new TextEncoder(), F = new TextDecoder();
|
|
353
353
|
function Mt(...e) {
|
|
354
354
|
const t = e.reduce((a, { length: s }) => a + s, 0), n = new Uint8Array(t);
|
|
355
355
|
let r = 0;
|
|
@@ -362,16 +362,16 @@ const Gt = (e) => {
|
|
|
362
362
|
for (let r = 0; r < t.length; r++)
|
|
363
363
|
n[r] = t.charCodeAt(r);
|
|
364
364
|
return n;
|
|
365
|
-
},
|
|
365
|
+
}, V = (e) => {
|
|
366
366
|
let t = e;
|
|
367
|
-
t instanceof Uint8Array && (t =
|
|
367
|
+
t instanceof Uint8Array && (t = F.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
|
|
368
368
|
try {
|
|
369
369
|
return Gt(t);
|
|
370
370
|
} catch {
|
|
371
371
|
throw new TypeError("The input to be decoded is not correctly encoded.");
|
|
372
372
|
}
|
|
373
373
|
};
|
|
374
|
-
let
|
|
374
|
+
let D = class extends Error {
|
|
375
375
|
static get code() {
|
|
376
376
|
return "ERR_JOSE_GENERIC";
|
|
377
377
|
}
|
|
@@ -379,14 +379,14 @@ let U = class extends Error {
|
|
|
379
379
|
var n;
|
|
380
380
|
super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
|
|
381
381
|
}
|
|
382
|
-
},
|
|
382
|
+
}, _ = class extends D {
|
|
383
383
|
static get code() {
|
|
384
384
|
return "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
385
385
|
}
|
|
386
386
|
constructor(t, n, r = "unspecified", a = "unspecified") {
|
|
387
387
|
super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = a, this.payload = n;
|
|
388
388
|
}
|
|
389
|
-
},
|
|
389
|
+
}, Ce = class extends D {
|
|
390
390
|
static get code() {
|
|
391
391
|
return "ERR_JWT_EXPIRED";
|
|
392
392
|
}
|
|
@@ -394,7 +394,7 @@ let U = class extends Error {
|
|
|
394
394
|
super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = a, this.payload = n;
|
|
395
395
|
}
|
|
396
396
|
};
|
|
397
|
-
class Jt extends
|
|
397
|
+
class Jt extends D {
|
|
398
398
|
constructor() {
|
|
399
399
|
super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
400
400
|
}
|
|
@@ -402,7 +402,7 @@ class Jt extends U {
|
|
|
402
402
|
return "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
403
403
|
}
|
|
404
404
|
}
|
|
405
|
-
let
|
|
405
|
+
let O = class extends D {
|
|
406
406
|
constructor() {
|
|
407
407
|
super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
408
408
|
}
|
|
@@ -410,7 +410,7 @@ let N = class extends U {
|
|
|
410
410
|
return "ERR_JOSE_NOT_SUPPORTED";
|
|
411
411
|
}
|
|
412
412
|
};
|
|
413
|
-
class
|
|
413
|
+
class A extends D {
|
|
414
414
|
constructor() {
|
|
415
415
|
super(...arguments), this.code = "ERR_JWS_INVALID";
|
|
416
416
|
}
|
|
@@ -418,7 +418,7 @@ class R extends U {
|
|
|
418
418
|
return "ERR_JWS_INVALID";
|
|
419
419
|
}
|
|
420
420
|
}
|
|
421
|
-
let k = class extends
|
|
421
|
+
let k = class extends D {
|
|
422
422
|
constructor() {
|
|
423
423
|
super(...arguments), this.code = "ERR_JWT_INVALID";
|
|
424
424
|
}
|
|
@@ -426,7 +426,7 @@ let k = class extends U {
|
|
|
426
426
|
return "ERR_JWT_INVALID";
|
|
427
427
|
}
|
|
428
428
|
};
|
|
429
|
-
class Yt extends
|
|
429
|
+
class Yt extends D {
|
|
430
430
|
constructor() {
|
|
431
431
|
super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
|
|
432
432
|
}
|
|
@@ -434,7 +434,7 @@ class Yt extends U {
|
|
|
434
434
|
return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
435
435
|
}
|
|
436
436
|
}
|
|
437
|
-
function
|
|
437
|
+
function P(e, t = "algorithm.name") {
|
|
438
438
|
return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
|
|
439
439
|
}
|
|
440
440
|
function X(e, t) {
|
|
@@ -471,45 +471,45 @@ function Ft(e, t, ...n) {
|
|
|
471
471
|
case "HS384":
|
|
472
472
|
case "HS512": {
|
|
473
473
|
if (!X(e.algorithm, "HMAC"))
|
|
474
|
-
throw
|
|
474
|
+
throw P("HMAC");
|
|
475
475
|
const r = parseInt(t.slice(2), 10);
|
|
476
476
|
if (ye(e.algorithm.hash) !== r)
|
|
477
|
-
throw
|
|
477
|
+
throw P(`SHA-${r}`, "algorithm.hash");
|
|
478
478
|
break;
|
|
479
479
|
}
|
|
480
480
|
case "RS256":
|
|
481
481
|
case "RS384":
|
|
482
482
|
case "RS512": {
|
|
483
483
|
if (!X(e.algorithm, "RSASSA-PKCS1-v1_5"))
|
|
484
|
-
throw
|
|
484
|
+
throw P("RSASSA-PKCS1-v1_5");
|
|
485
485
|
const r = parseInt(t.slice(2), 10);
|
|
486
486
|
if (ye(e.algorithm.hash) !== r)
|
|
487
|
-
throw
|
|
487
|
+
throw P(`SHA-${r}`, "algorithm.hash");
|
|
488
488
|
break;
|
|
489
489
|
}
|
|
490
490
|
case "PS256":
|
|
491
491
|
case "PS384":
|
|
492
492
|
case "PS512": {
|
|
493
493
|
if (!X(e.algorithm, "RSA-PSS"))
|
|
494
|
-
throw
|
|
494
|
+
throw P("RSA-PSS");
|
|
495
495
|
const r = parseInt(t.slice(2), 10);
|
|
496
496
|
if (ye(e.algorithm.hash) !== r)
|
|
497
|
-
throw
|
|
497
|
+
throw P(`SHA-${r}`, "algorithm.hash");
|
|
498
498
|
break;
|
|
499
499
|
}
|
|
500
500
|
case "EdDSA": {
|
|
501
501
|
if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
|
|
502
|
-
throw
|
|
502
|
+
throw P("Ed25519 or Ed448");
|
|
503
503
|
break;
|
|
504
504
|
}
|
|
505
505
|
case "ES256":
|
|
506
506
|
case "ES384":
|
|
507
507
|
case "ES512": {
|
|
508
508
|
if (!X(e.algorithm, "ECDSA"))
|
|
509
|
-
throw
|
|
509
|
+
throw P("ECDSA");
|
|
510
510
|
const r = Vt(t);
|
|
511
511
|
if (e.algorithm.namedCurve !== r)
|
|
512
|
-
throw
|
|
512
|
+
throw P(r, "algorithm.namedCurve");
|
|
513
513
|
break;
|
|
514
514
|
}
|
|
515
515
|
default:
|
|
@@ -593,7 +593,7 @@ function Qt(e) {
|
|
|
593
593
|
}, n = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
|
|
594
594
|
break;
|
|
595
595
|
default:
|
|
596
|
-
throw new
|
|
596
|
+
throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
597
597
|
}
|
|
598
598
|
break;
|
|
599
599
|
}
|
|
@@ -615,7 +615,7 @@ function Qt(e) {
|
|
|
615
615
|
t = { name: "ECDH", namedCurve: e.crv }, n = e.d ? ["deriveBits"] : [];
|
|
616
616
|
break;
|
|
617
617
|
default:
|
|
618
|
-
throw new
|
|
618
|
+
throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
619
619
|
}
|
|
620
620
|
break;
|
|
621
621
|
}
|
|
@@ -631,12 +631,12 @@ function Qt(e) {
|
|
|
631
631
|
t = { name: e.crv }, n = e.d ? ["deriveBits"] : [];
|
|
632
632
|
break;
|
|
633
633
|
default:
|
|
634
|
-
throw new
|
|
634
|
+
throw new O('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
635
635
|
}
|
|
636
636
|
break;
|
|
637
637
|
}
|
|
638
638
|
default:
|
|
639
|
-
throw new
|
|
639
|
+
throw new O('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
|
|
640
640
|
}
|
|
641
641
|
return { algorithm: t, keyUsages: n };
|
|
642
642
|
}
|
|
@@ -649,7 +649,7 @@ const Xt = async (e) => {
|
|
|
649
649
|
e.key_ops ?? n
|
|
650
650
|
], a = { ...e };
|
|
651
651
|
return delete a.alg, delete a.use, he.subtle.importKey("jwk", a, ...r);
|
|
652
|
-
}, Ze = (e) =>
|
|
652
|
+
}, Ze = (e) => V(e);
|
|
653
653
|
let ge, me;
|
|
654
654
|
const et = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", tt = async (e, t, n, r) => {
|
|
655
655
|
let a = e.get(t);
|
|
@@ -669,35 +669,35 @@ const et = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
669
669
|
return n.k ? Ze(n.k) : (ge || (ge = /* @__PURE__ */ new WeakMap()), tt(ge, e, n, t));
|
|
670
670
|
}
|
|
671
671
|
return e;
|
|
672
|
-
}, tn = { normalizePublicKey: Zt, normalizePrivateKey: en },
|
|
672
|
+
}, tn = { normalizePublicKey: Zt, normalizePrivateKey: en }, C = (e, t, n = 0) => {
|
|
673
673
|
n === 0 && (t.unshift(t.length), t.unshift(6));
|
|
674
674
|
const r = e.indexOf(t[0], n);
|
|
675
675
|
if (r === -1)
|
|
676
676
|
return !1;
|
|
677
677
|
const a = e.subarray(r, r + t.length);
|
|
678
|
-
return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) ||
|
|
678
|
+
return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) || C(e, t, r + 1);
|
|
679
679
|
}, Ne = (e) => {
|
|
680
680
|
switch (!0) {
|
|
681
|
-
case
|
|
681
|
+
case C(e, [42, 134, 72, 206, 61, 3, 1, 7]):
|
|
682
682
|
return "P-256";
|
|
683
|
-
case
|
|
683
|
+
case C(e, [43, 129, 4, 0, 34]):
|
|
684
684
|
return "P-384";
|
|
685
|
-
case
|
|
685
|
+
case C(e, [43, 129, 4, 0, 35]):
|
|
686
686
|
return "P-521";
|
|
687
|
-
case
|
|
687
|
+
case C(e, [43, 101, 110]):
|
|
688
688
|
return "X25519";
|
|
689
|
-
case
|
|
689
|
+
case C(e, [43, 101, 111]):
|
|
690
690
|
return "X448";
|
|
691
|
-
case
|
|
691
|
+
case C(e, [43, 101, 112]):
|
|
692
692
|
return "Ed25519";
|
|
693
|
-
case
|
|
693
|
+
case C(e, [43, 101, 113]):
|
|
694
694
|
return "Ed448";
|
|
695
695
|
default:
|
|
696
|
-
throw new
|
|
696
|
+
throw new O("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
|
|
697
697
|
}
|
|
698
698
|
}, nn = async (e, t, n, r, a) => {
|
|
699
699
|
let s, o;
|
|
700
|
-
const i = new Uint8Array(atob(n.replace(e, "")).split("").map((
|
|
700
|
+
const i = new Uint8Array(atob(n.replace(e, "")).split("").map((l) => l.charCodeAt(0)));
|
|
701
701
|
switch (r) {
|
|
702
702
|
case "PS256":
|
|
703
703
|
case "PS384":
|
|
@@ -731,15 +731,15 @@ const et = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
731
731
|
case "ECDH-ES+A128KW":
|
|
732
732
|
case "ECDH-ES+A192KW":
|
|
733
733
|
case "ECDH-ES+A256KW": {
|
|
734
|
-
const
|
|
735
|
-
s =
|
|
734
|
+
const l = Ne(i);
|
|
735
|
+
s = l.startsWith("P-") ? { name: "ECDH", namedCurve: l } : { name: l }, o = [];
|
|
736
736
|
break;
|
|
737
737
|
}
|
|
738
738
|
case "EdDSA":
|
|
739
739
|
s = { name: Ne(i) }, o = ["verify"];
|
|
740
740
|
break;
|
|
741
741
|
default:
|
|
742
|
-
throw new
|
|
742
|
+
throw new O('Invalid or unsupported "alg" (Algorithm) value');
|
|
743
743
|
}
|
|
744
744
|
return he.subtle.importKey(t, i, s, !1, o);
|
|
745
745
|
}, rn = (e, t, n) => nn(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
|
|
@@ -778,7 +778,7 @@ function un(e, t, n, r, a) {
|
|
|
778
778
|
n !== void 0 ? s = new Map([...Object.entries(n), ...t.entries()]) : s = t;
|
|
779
779
|
for (const o of r.crit) {
|
|
780
780
|
if (!s.has(o))
|
|
781
|
-
throw new
|
|
781
|
+
throw new O(`Extension Header Parameter "${o}" is not recognized`);
|
|
782
782
|
if (a[o] === void 0)
|
|
783
783
|
throw new e(`Extension Header Parameter "${o}" is missing`);
|
|
784
784
|
if (s.get(o) && r[o] === void 0)
|
|
@@ -814,7 +814,7 @@ function dn(e, t) {
|
|
|
814
814
|
case "EdDSA":
|
|
815
815
|
return { name: t.name };
|
|
816
816
|
default:
|
|
817
|
-
throw new
|
|
817
|
+
throw new O(`alg ${e} is not supported either by JOSE or your javascript runtime`);
|
|
818
818
|
}
|
|
819
819
|
}
|
|
820
820
|
async function hn(e, t, n) {
|
|
@@ -839,75 +839,75 @@ const pn = async (e, t, n, r) => {
|
|
|
839
839
|
};
|
|
840
840
|
async function fn(e, t, n) {
|
|
841
841
|
if (!ue(e))
|
|
842
|
-
throw new
|
|
842
|
+
throw new A("Flattened JWS must be an object");
|
|
843
843
|
if (e.protected === void 0 && e.header === void 0)
|
|
844
|
-
throw new
|
|
844
|
+
throw new A('Flattened JWS must have either of the "protected" or "header" members');
|
|
845
845
|
if (e.protected !== void 0 && typeof e.protected != "string")
|
|
846
|
-
throw new
|
|
846
|
+
throw new A("JWS Protected Header incorrect type");
|
|
847
847
|
if (e.payload === void 0)
|
|
848
|
-
throw new
|
|
848
|
+
throw new A("JWS Payload missing");
|
|
849
849
|
if (typeof e.signature != "string")
|
|
850
|
-
throw new
|
|
850
|
+
throw new A("JWS Signature missing or incorrect type");
|
|
851
851
|
if (e.header !== void 0 && !ue(e.header))
|
|
852
|
-
throw new
|
|
852
|
+
throw new A("JWS Unprotected Header incorrect type");
|
|
853
853
|
let r = {};
|
|
854
854
|
if (e.protected)
|
|
855
855
|
try {
|
|
856
|
-
const d =
|
|
857
|
-
r = JSON.parse(
|
|
856
|
+
const d = V(e.protected);
|
|
857
|
+
r = JSON.parse(F.decode(d));
|
|
858
858
|
} catch {
|
|
859
|
-
throw new
|
|
859
|
+
throw new A("JWS Protected Header is invalid");
|
|
860
860
|
}
|
|
861
861
|
if (!Bt(r, e.header))
|
|
862
|
-
throw new
|
|
862
|
+
throw new A("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
863
863
|
const a = {
|
|
864
864
|
...r,
|
|
865
865
|
...e.header
|
|
866
|
-
}, s = un(
|
|
866
|
+
}, s = un(A, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, a);
|
|
867
867
|
let o = !0;
|
|
868
868
|
if (s.has("b64") && (o = r.b64, typeof o != "boolean"))
|
|
869
|
-
throw new
|
|
869
|
+
throw new A('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
870
870
|
const { alg: i } = a;
|
|
871
871
|
if (typeof i != "string" || !i)
|
|
872
|
-
throw new
|
|
873
|
-
const
|
|
874
|
-
if (
|
|
872
|
+
throw new A('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
873
|
+
const l = n && ln("algorithms", n.algorithms);
|
|
874
|
+
if (l && !l.has(i))
|
|
875
875
|
throw new Jt('"alg" (Algorithm) Header Parameter value not allowed');
|
|
876
876
|
if (o) {
|
|
877
877
|
if (typeof e.payload != "string")
|
|
878
|
-
throw new
|
|
878
|
+
throw new A("JWS Payload must be a string");
|
|
879
879
|
} else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
|
|
880
|
-
throw new
|
|
881
|
-
let
|
|
882
|
-
typeof t == "function" && (t = await t(r, e),
|
|
883
|
-
const
|
|
884
|
-
let
|
|
880
|
+
throw new A("JWS Payload must be a string or an Uint8Array instance");
|
|
881
|
+
let y = !1;
|
|
882
|
+
typeof t == "function" && (t = await t(r, e), y = !0), cn(i, t, "verify");
|
|
883
|
+
const h = Mt(Q.encode(e.protected ?? ""), Q.encode("."), typeof e.payload == "string" ? Q.encode(e.payload) : e.payload);
|
|
884
|
+
let p;
|
|
885
885
|
try {
|
|
886
|
-
|
|
886
|
+
p = V(e.signature);
|
|
887
887
|
} catch {
|
|
888
|
-
throw new
|
|
888
|
+
throw new A("Failed to base64url decode the signature");
|
|
889
889
|
}
|
|
890
|
-
if (!await pn(i, t,
|
|
890
|
+
if (!await pn(i, t, p, h))
|
|
891
891
|
throw new Yt();
|
|
892
|
-
let
|
|
892
|
+
let m;
|
|
893
893
|
if (o)
|
|
894
894
|
try {
|
|
895
|
-
|
|
895
|
+
m = V(e.payload);
|
|
896
896
|
} catch {
|
|
897
|
-
throw new
|
|
897
|
+
throw new A("Failed to base64url decode the payload");
|
|
898
898
|
}
|
|
899
|
-
else typeof e.payload == "string" ?
|
|
900
|
-
const
|
|
901
|
-
return e.protected !== void 0 && (
|
|
899
|
+
else typeof e.payload == "string" ? m = Q.encode(e.payload) : m = e.payload;
|
|
900
|
+
const u = { payload: m };
|
|
901
|
+
return e.protected !== void 0 && (u.protectedHeader = r), e.header !== void 0 && (u.unprotectedHeader = e.header), y ? { ...u, key: t } : u;
|
|
902
902
|
}
|
|
903
903
|
async function yn(e, t, n) {
|
|
904
|
-
if (e instanceof Uint8Array && (e =
|
|
905
|
-
throw new
|
|
904
|
+
if (e instanceof Uint8Array && (e = F.decode(e)), typeof e != "string")
|
|
905
|
+
throw new A("Compact JWS must be a string or Uint8Array");
|
|
906
906
|
const { 0: r, 1: a, 2: s, length: o } = e.split(".");
|
|
907
907
|
if (o !== 3)
|
|
908
|
-
throw new
|
|
909
|
-
const i = await fn({ payload: a, protected: r, signature: s }, t, n),
|
|
910
|
-
return typeof t == "function" ? { ...
|
|
908
|
+
throw new A("Invalid Compact JWS");
|
|
909
|
+
const i = await fn({ payload: a, protected: r, signature: s }, t, n), l = { payload: i.payload, protectedHeader: i.protectedHeader };
|
|
910
|
+
return typeof t == "function" ? { ...l, key: i.key } : l;
|
|
911
911
|
}
|
|
912
912
|
const gn = (e) => Math.floor(e.getTime() / 1e3), nt = 60, rt = nt * 60, be = rt * 24, mn = be * 7, wn = be * 365.25, En = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, De = (e) => {
|
|
913
913
|
const t = En.exec(e);
|
|
@@ -955,60 +955,60 @@ const gn = (e) => Math.floor(e.getTime() / 1e3), nt = 60, rt = nt * 60, be = rt
|
|
|
955
955
|
}, Ue = (e) => e.toLowerCase().replace(/^application\//, ""), Sn = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, An = (e, t, n = {}) => {
|
|
956
956
|
let r;
|
|
957
957
|
try {
|
|
958
|
-
r = JSON.parse(
|
|
958
|
+
r = JSON.parse(F.decode(t));
|
|
959
959
|
} catch {
|
|
960
960
|
}
|
|
961
961
|
if (!ue(r))
|
|
962
962
|
throw new k("JWT Claims Set must be a top-level JSON object");
|
|
963
963
|
const { typ: a } = n;
|
|
964
964
|
if (a && (typeof e.typ != "string" || Ue(e.typ) !== Ue(a)))
|
|
965
|
-
throw new
|
|
966
|
-
const { requiredClaims: s = [], issuer: o, subject: i, audience:
|
|
967
|
-
|
|
968
|
-
for (const d of new Set(
|
|
965
|
+
throw new _('unexpected "typ" JWT header value', r, "typ", "check_failed");
|
|
966
|
+
const { requiredClaims: s = [], issuer: o, subject: i, audience: l, maxTokenAge: y } = n, h = [...s];
|
|
967
|
+
y !== void 0 && h.push("iat"), l !== void 0 && h.push("aud"), i !== void 0 && h.push("sub"), o !== void 0 && h.push("iss");
|
|
968
|
+
for (const d of new Set(h.reverse()))
|
|
969
969
|
if (!(d in r))
|
|
970
|
-
throw new
|
|
970
|
+
throw new _(`missing required "${d}" claim`, r, d, "missing");
|
|
971
971
|
if (o && !(Array.isArray(o) ? o : [o]).includes(r.iss))
|
|
972
|
-
throw new
|
|
972
|
+
throw new _('unexpected "iss" claim value', r, "iss", "check_failed");
|
|
973
973
|
if (i && r.sub !== i)
|
|
974
|
-
throw new
|
|
975
|
-
if (
|
|
976
|
-
throw new
|
|
977
|
-
let
|
|
974
|
+
throw new _('unexpected "sub" claim value', r, "sub", "check_failed");
|
|
975
|
+
if (l && !Sn(r.aud, typeof l == "string" ? [l] : l))
|
|
976
|
+
throw new _('unexpected "aud" claim value', r, "aud", "check_failed");
|
|
977
|
+
let p;
|
|
978
978
|
switch (typeof n.clockTolerance) {
|
|
979
979
|
case "string":
|
|
980
|
-
|
|
980
|
+
p = De(n.clockTolerance);
|
|
981
981
|
break;
|
|
982
982
|
case "number":
|
|
983
|
-
|
|
983
|
+
p = n.clockTolerance;
|
|
984
984
|
break;
|
|
985
985
|
case "undefined":
|
|
986
|
-
|
|
986
|
+
p = 0;
|
|
987
987
|
break;
|
|
988
988
|
default:
|
|
989
989
|
throw new TypeError("Invalid clockTolerance option type");
|
|
990
990
|
}
|
|
991
|
-
const { currentDate:
|
|
992
|
-
if ((r.iat !== void 0 ||
|
|
993
|
-
throw new
|
|
991
|
+
const { currentDate: m } = n, u = gn(m || /* @__PURE__ */ new Date());
|
|
992
|
+
if ((r.iat !== void 0 || y) && typeof r.iat != "number")
|
|
993
|
+
throw new _('"iat" claim must be a number', r, "iat", "invalid");
|
|
994
994
|
if (r.nbf !== void 0) {
|
|
995
995
|
if (typeof r.nbf != "number")
|
|
996
|
-
throw new
|
|
997
|
-
if (r.nbf >
|
|
998
|
-
throw new
|
|
996
|
+
throw new _('"nbf" claim must be a number', r, "nbf", "invalid");
|
|
997
|
+
if (r.nbf > u + p)
|
|
998
|
+
throw new _('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
|
|
999
999
|
}
|
|
1000
1000
|
if (r.exp !== void 0) {
|
|
1001
1001
|
if (typeof r.exp != "number")
|
|
1002
|
-
throw new
|
|
1003
|
-
if (r.exp <=
|
|
1004
|
-
throw new
|
|
1002
|
+
throw new _('"exp" claim must be a number', r, "exp", "invalid");
|
|
1003
|
+
if (r.exp <= u - p)
|
|
1004
|
+
throw new Ce('"exp" claim timestamp check failed', r, "exp", "check_failed");
|
|
1005
1005
|
}
|
|
1006
|
-
if (
|
|
1007
|
-
const d =
|
|
1008
|
-
if (d -
|
|
1009
|
-
throw new
|
|
1010
|
-
if (d < 0 -
|
|
1011
|
-
throw new
|
|
1006
|
+
if (y) {
|
|
1007
|
+
const d = u - r.iat, g = typeof y == "number" ? y : De(y);
|
|
1008
|
+
if (d - p > g)
|
|
1009
|
+
throw new Ce('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
|
|
1010
|
+
if (d < 0 - p)
|
|
1011
|
+
throw new _('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
|
|
1012
1012
|
}
|
|
1013
1013
|
return r;
|
|
1014
1014
|
};
|
|
@@ -1020,7 +1020,7 @@ async function Tn(e, t, n) {
|
|
|
1020
1020
|
const s = { payload: An(a.protectedHeader, a.payload, n), protectedHeader: a.protectedHeader };
|
|
1021
1021
|
return typeof t == "function" ? { ...s, key: a.key } : s;
|
|
1022
1022
|
}
|
|
1023
|
-
const Rn =
|
|
1023
|
+
const Rn = V;
|
|
1024
1024
|
function bn(e) {
|
|
1025
1025
|
if (typeof e != "string")
|
|
1026
1026
|
throw new k("JWTs must use Compact JWS serialization, JWT must be a string");
|
|
@@ -1039,7 +1039,7 @@ function bn(e) {
|
|
|
1039
1039
|
}
|
|
1040
1040
|
let a;
|
|
1041
1041
|
try {
|
|
1042
|
-
a = JSON.parse(
|
|
1042
|
+
a = JSON.parse(F.decode(r));
|
|
1043
1043
|
} catch {
|
|
1044
1044
|
throw new k("Failed to parse the decoded payload as JSON");
|
|
1045
1045
|
}
|
|
@@ -1047,11 +1047,11 @@ function bn(e) {
|
|
|
1047
1047
|
throw new k("Invalid JWT Claims Set");
|
|
1048
1048
|
return a;
|
|
1049
1049
|
}
|
|
1050
|
-
const
|
|
1050
|
+
const x = async (e) => {
|
|
1051
1051
|
try {
|
|
1052
|
-
const t =
|
|
1052
|
+
const t = T.ALG, n = await an(xt, t);
|
|
1053
1053
|
return await Tn(e, n, {
|
|
1054
|
-
issuer:
|
|
1054
|
+
issuer: T.ISSUER
|
|
1055
1055
|
});
|
|
1056
1056
|
} catch {
|
|
1057
1057
|
return;
|
|
@@ -1063,11 +1063,11 @@ const M = async (e) => {
|
|
|
1063
1063
|
return;
|
|
1064
1064
|
}
|
|
1065
1065
|
};
|
|
1066
|
-
var
|
|
1066
|
+
var E = [];
|
|
1067
1067
|
for (var we = 0; we < 256; ++we)
|
|
1068
|
-
|
|
1068
|
+
E.push((we + 256).toString(16).slice(1));
|
|
1069
1069
|
function _n(e, t = 0) {
|
|
1070
|
-
return (
|
|
1070
|
+
return (E[e[t + 0]] + E[e[t + 1]] + E[e[t + 2]] + E[e[t + 3]] + "-" + E[e[t + 4]] + E[e[t + 5]] + "-" + E[e[t + 6]] + E[e[t + 7]] + "-" + E[e[t + 8]] + E[e[t + 9]] + "-" + E[e[t + 10]] + E[e[t + 11]] + E[e[t + 12]] + E[e[t + 13]] + E[e[t + 14]] + E[e[t + 15]]).toLowerCase();
|
|
1071
1071
|
}
|
|
1072
1072
|
var Z, vn = new Uint8Array(16);
|
|
1073
1073
|
function Pn() {
|
|
@@ -1075,9 +1075,9 @@ function Pn() {
|
|
|
1075
1075
|
throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
|
|
1076
1076
|
return Z(vn);
|
|
1077
1077
|
}
|
|
1078
|
-
var
|
|
1078
|
+
var kn = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
|
|
1079
1079
|
const $e = {
|
|
1080
|
-
randomUUID:
|
|
1080
|
+
randomUUID: kn
|
|
1081
1081
|
};
|
|
1082
1082
|
function Ke(e, t, n) {
|
|
1083
1083
|
if ($e.randomUUID && !t && !e)
|
|
@@ -1086,7 +1086,7 @@ function Ke(e, t, n) {
|
|
|
1086
1086
|
var r = e.random || (e.rng || Pn)();
|
|
1087
1087
|
return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, _n(r);
|
|
1088
1088
|
}
|
|
1089
|
-
const He = globalThis.crypto,
|
|
1089
|
+
const He = globalThis.crypto, Cn = (e) => `${Ke()}${Ke()}`.slice(0, e), On = (e) => btoa(
|
|
1090
1090
|
[...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
|
|
1091
1091
|
);
|
|
1092
1092
|
async function Nn(e) {
|
|
@@ -1098,20 +1098,21 @@ async function Nn(e) {
|
|
|
1098
1098
|
return On(n).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1099
1099
|
}
|
|
1100
1100
|
async function Dn(e) {
|
|
1101
|
-
const n =
|
|
1101
|
+
const n = Cn(43), r = await Nn(n);
|
|
1102
1102
|
return {
|
|
1103
1103
|
code_verifier: n,
|
|
1104
1104
|
code_challenge: r
|
|
1105
1105
|
};
|
|
1106
1106
|
}
|
|
1107
1107
|
const Cr = async (e, t) => {
|
|
1108
|
-
var n
|
|
1109
|
-
const
|
|
1110
|
-
if (
|
|
1111
|
-
|
|
1112
|
-
|
|
1113
|
-
|
|
1114
|
-
|
|
1108
|
+
var n;
|
|
1109
|
+
const r = await x(e);
|
|
1110
|
+
if (!r || !Array.isArray((n = r.payload) == null ? void 0 : n[T.SCOPES_KEY]))
|
|
1111
|
+
return !1;
|
|
1112
|
+
const a = r.payload[T.SCOPES_KEY];
|
|
1113
|
+
return Array.isArray(t) ? t.every((s) => a.includes(s)) : Object.keys(t).some(
|
|
1114
|
+
(s) => t[s].every((o) => a.includes(o))
|
|
1115
|
+
);
|
|
1115
1116
|
};
|
|
1116
1117
|
function at(e, t) {
|
|
1117
1118
|
window.dispatchEvent(new StorageEvent("storage", { key: e, newValue: t }));
|
|
@@ -1128,7 +1129,7 @@ function ee({
|
|
|
1128
1129
|
key: e,
|
|
1129
1130
|
initialValue: t
|
|
1130
1131
|
}) {
|
|
1131
|
-
const n =
|
|
1132
|
+
const n = kt($n, () => We(e)), r = W(
|
|
1132
1133
|
(o) => {
|
|
1133
1134
|
try {
|
|
1134
1135
|
const i = typeof o == "function" ? o(JSON.parse(n)) : o;
|
|
@@ -1138,9 +1139,9 @@ function ee({
|
|
|
1138
1139
|
}
|
|
1139
1140
|
},
|
|
1140
1141
|
[e, n]
|
|
1141
|
-
), a =
|
|
1142
|
+
), a = W(() => {
|
|
1142
1143
|
r(t);
|
|
1143
|
-
}, [t, r]), s =
|
|
1144
|
+
}, [t, r]), s = W(() => {
|
|
1144
1145
|
r(null);
|
|
1145
1146
|
}, [r]);
|
|
1146
1147
|
return Te(() => {
|
|
@@ -1151,11 +1152,11 @@ function ee({
|
|
|
1151
1152
|
}
|
|
1152
1153
|
}, [e, t]), [n ? JSON.parse(n) : null, r, a, s];
|
|
1153
1154
|
}
|
|
1154
|
-
var
|
|
1155
|
+
var S = [];
|
|
1155
1156
|
for (var Ee = 0; Ee < 256; ++Ee)
|
|
1156
|
-
|
|
1157
|
+
S.push((Ee + 256).toString(16).slice(1));
|
|
1157
1158
|
function Kn(e, t = 0) {
|
|
1158
|
-
return (
|
|
1159
|
+
return (S[e[t + 0]] + S[e[t + 1]] + S[e[t + 2]] + S[e[t + 3]] + "-" + S[e[t + 4]] + S[e[t + 5]] + "-" + S[e[t + 6]] + S[e[t + 7]] + "-" + S[e[t + 8]] + S[e[t + 9]] + "-" + S[e[t + 10]] + S[e[t + 11]] + S[e[t + 12]] + S[e[t + 13]] + S[e[t + 14]] + S[e[t + 15]]).toLowerCase();
|
|
1159
1160
|
}
|
|
1160
1161
|
var te, Hn = new Uint8Array(16);
|
|
1161
1162
|
function Ln() {
|
|
@@ -1203,19 +1204,19 @@ async function Mn(e, t, n = 50) {
|
|
|
1203
1204
|
await Me(n);
|
|
1204
1205
|
const i = o.createElement("iframe");
|
|
1205
1206
|
try {
|
|
1206
|
-
for (await new Promise((
|
|
1207
|
-
let
|
|
1208
|
-
const
|
|
1209
|
-
|
|
1210
|
-
},
|
|
1211
|
-
|
|
1207
|
+
for (await new Promise((l, y) => {
|
|
1208
|
+
let h = !1;
|
|
1209
|
+
const p = () => {
|
|
1210
|
+
h = !0, l();
|
|
1211
|
+
}, m = (g) => {
|
|
1212
|
+
h = !0, y(g);
|
|
1212
1213
|
};
|
|
1213
|
-
i.onload =
|
|
1214
|
-
const { style:
|
|
1215
|
-
|
|
1214
|
+
i.onload = p, i.onerror = m;
|
|
1215
|
+
const { style: u } = i;
|
|
1216
|
+
u.setProperty("display", "block", "important"), u.position = "absolute", u.top = "0", u.left = "0", u.visibility = "hidden", i.src = "about:blank", o.body.appendChild(i);
|
|
1216
1217
|
const d = () => {
|
|
1217
|
-
var
|
|
1218
|
-
|
|
1218
|
+
var g, R;
|
|
1219
|
+
h || (((R = (g = i.contentWindow) == null ? void 0 : g.document) == null ? void 0 : R.readyState) === "complete" ? p() : setTimeout(d, 10));
|
|
1219
1220
|
};
|
|
1220
1221
|
d();
|
|
1221
1222
|
}); !((a = (r = i.contentWindow) == null ? void 0 : r.document) != null && a.body); )
|
|
@@ -1299,13 +1300,13 @@ const Gn = {
|
|
|
1299
1300
|
const r = [];
|
|
1300
1301
|
for (let o = 0; o < e[0].data.length; o++) {
|
|
1301
1302
|
const i = [];
|
|
1302
|
-
for (let
|
|
1303
|
-
i.push(e[
|
|
1303
|
+
for (let l = 0; l < e.length; l++)
|
|
1304
|
+
i.push(e[l].data[o]);
|
|
1304
1305
|
r.push(Fn(i));
|
|
1305
1306
|
}
|
|
1306
1307
|
const a = r, s = new Uint8ClampedArray(a);
|
|
1307
1308
|
return new ImageData(s, t, n);
|
|
1308
|
-
}, qn = [], zn = "mmMwWLliI0O&1", Qn = "48px",
|
|
1309
|
+
}, qn = [], zn = "mmMwWLliI0O&1", Qn = "48px", $ = ["monospace", "sans-serif", "serif"], Ge = [
|
|
1309
1310
|
"sans-serif-thin",
|
|
1310
1311
|
"ARNO PRO",
|
|
1311
1312
|
"Agency FB",
|
|
@@ -1349,22 +1350,22 @@ const Gn = {
|
|
|
1349
1350
|
const a = n.createElement("div");
|
|
1350
1351
|
a.style.setProperty("visibility", "hidden", "important");
|
|
1351
1352
|
const s = {}, o = {}, i = (d) => {
|
|
1352
|
-
const
|
|
1353
|
-
return
|
|
1354
|
-
},
|
|
1353
|
+
const g = n.createElement("span"), { style: R } = g;
|
|
1354
|
+
return R.position = "absolute", R.top = "0", R.left = "0", R.fontFamily = d, g.textContent = zn, a.appendChild(g), g;
|
|
1355
|
+
}, l = (d, g) => i(`'${d}',${g}`), y = () => $.map(i), h = () => {
|
|
1355
1356
|
const d = {};
|
|
1356
|
-
for (const
|
|
1357
|
-
d[
|
|
1358
|
-
(
|
|
1357
|
+
for (const g of Ge)
|
|
1358
|
+
d[g] = $.map(
|
|
1359
|
+
(R) => l(g, R)
|
|
1359
1360
|
);
|
|
1360
1361
|
return d;
|
|
1361
|
-
},
|
|
1362
|
-
(
|
|
1363
|
-
),
|
|
1362
|
+
}, p = (d) => $.some(
|
|
1363
|
+
(g, R) => d[R].offsetWidth !== s[g] || d[R].offsetHeight !== o[g]
|
|
1364
|
+
), m = y(), u = h();
|
|
1364
1365
|
r.appendChild(a);
|
|
1365
|
-
for (let d = 0; d <
|
|
1366
|
-
s[
|
|
1367
|
-
return Ge.filter((d) =>
|
|
1366
|
+
for (let d = 0; d < $.length; d++)
|
|
1367
|
+
s[$[d]] = m[d].offsetWidth, o[$[d]] = m[d].offsetHeight;
|
|
1368
|
+
return Ge.filter((d) => p(u[d]));
|
|
1368
1369
|
}), ct = {
|
|
1369
1370
|
vendor: "",
|
|
1370
1371
|
vendorUnmasked: "",
|
|
@@ -1533,10 +1534,10 @@ const cr = async (e) => {
|
|
|
1533
1534
|
}, ne = "Oops! It looks like your session has expired. For your security, please log in again to continue.", dr = "Your session has been successfully terminated.", re = "Login failed. Please try again.", Ae = "Error getting access token, please re-authenticate.", hr = "You forgot to wrap your component in <AuthProvider>.", le = {
|
|
1534
1535
|
dev: "https://auth.gizmette.local.com:3003",
|
|
1535
1536
|
prod: "https://mylogin.gizmette.com/auth"
|
|
1536
|
-
}, ae = "@@auth@@",
|
|
1537
|
+
}, ae = "@@auth@@", J = "LOADING", Y = "LOGIN", ht = "LOGOUT", pr = process.env.NODE_ENV === "production", pt = !pr, fr = (e) => {
|
|
1537
1538
|
try {
|
|
1538
1539
|
const t = In(e);
|
|
1539
|
-
return t ? t[
|
|
1540
|
+
return t ? t[T.USER_ID_KEY] : "";
|
|
1540
1541
|
} catch {
|
|
1541
1542
|
return "";
|
|
1542
1543
|
}
|
|
@@ -1605,30 +1606,30 @@ const cr = async (e) => {
|
|
|
1605
1606
|
sessionExpiration: s,
|
|
1606
1607
|
code: o,
|
|
1607
1608
|
code_verifier: i,
|
|
1608
|
-
domain:
|
|
1609
|
-
fingerprint:
|
|
1609
|
+
domain: l,
|
|
1610
|
+
fingerprint: y
|
|
1610
1611
|
}) => {
|
|
1611
1612
|
try {
|
|
1612
|
-
const
|
|
1613
|
+
const h = await pe({
|
|
1613
1614
|
type: de.AUTHENTICATE,
|
|
1614
1615
|
clientId: n,
|
|
1615
1616
|
params: {
|
|
1616
|
-
type: a ||
|
|
1617
|
+
type: a || j.ID_AND_ACCESS_TOKEN,
|
|
1617
1618
|
username: e,
|
|
1618
1619
|
password: t,
|
|
1619
1620
|
sessionExpiration: s,
|
|
1620
1621
|
nonce: r,
|
|
1621
1622
|
code: o,
|
|
1622
1623
|
code_verifier: i,
|
|
1623
|
-
domain:
|
|
1624
|
-
fingerprint:
|
|
1624
|
+
domain: l,
|
|
1625
|
+
fingerprint: y
|
|
1625
1626
|
}
|
|
1626
|
-
}),
|
|
1627
|
-
return
|
|
1628
|
-
idToken:
|
|
1629
|
-
accessToken:
|
|
1630
|
-
refreshToken:
|
|
1631
|
-
userId:
|
|
1627
|
+
}), p = await x(h.data.idToken);
|
|
1628
|
+
return p && p.payload[T.USER_ID_KEY] !== "" && p.payload[T.NONCE_KEY] === r ? {
|
|
1629
|
+
idToken: h.data.idToken,
|
|
1630
|
+
accessToken: h.data.accessToken,
|
|
1631
|
+
refreshToken: h.data.refreshToken,
|
|
1632
|
+
userId: p.payload[T.USER_ID_KEY],
|
|
1632
1633
|
status: !0
|
|
1633
1634
|
} : {
|
|
1634
1635
|
status: !1
|
|
@@ -1648,7 +1649,7 @@ const cr = async (e) => {
|
|
|
1648
1649
|
type: de.CODE,
|
|
1649
1650
|
clientId: t,
|
|
1650
1651
|
params: {
|
|
1651
|
-
type:
|
|
1652
|
+
type: j.CODE,
|
|
1652
1653
|
nonce: e,
|
|
1653
1654
|
code_challenge: n
|
|
1654
1655
|
}
|
|
@@ -1677,7 +1678,7 @@ const cr = async (e) => {
|
|
|
1677
1678
|
type: de.AUTHENTICATE,
|
|
1678
1679
|
clientId: e,
|
|
1679
1680
|
params: {
|
|
1680
|
-
type:
|
|
1681
|
+
type: j.REFRESH_TOKEN,
|
|
1681
1682
|
userId: t,
|
|
1682
1683
|
nonce: n,
|
|
1683
1684
|
refreshToken: r,
|
|
@@ -1685,11 +1686,11 @@ const cr = async (e) => {
|
|
|
1685
1686
|
domain: s,
|
|
1686
1687
|
fingerprint: await ft()
|
|
1687
1688
|
}
|
|
1688
|
-
}), i = await
|
|
1689
|
-
return i && i.payload[
|
|
1689
|
+
}), i = await x(o.data.accessToken);
|
|
1690
|
+
return i && i.payload[T.USER_ID_KEY] !== "" && i.payload[T.NONCE_KEY] === n ? {
|
|
1690
1691
|
accessToken: o.data.accessToken,
|
|
1691
1692
|
refreshToken: o.data.refreshToken,
|
|
1692
|
-
userId: i.payload[
|
|
1693
|
+
userId: i.payload[T.USER_ID_KEY],
|
|
1693
1694
|
status: !0
|
|
1694
1695
|
} : {
|
|
1695
1696
|
status: !1
|
|
@@ -1720,7 +1721,6 @@ const cr = async (e) => {
|
|
|
1720
1721
|
alg
|
|
1721
1722
|
}
|
|
1722
1723
|
timeout
|
|
1723
|
-
|
|
1724
1724
|
attestation
|
|
1725
1725
|
}
|
|
1726
1726
|
}`,
|
|
@@ -1747,7 +1747,11 @@ const cr = async (e) => {
|
|
|
1747
1747
|
clientId: $clientId) {
|
|
1748
1748
|
rpId,
|
|
1749
1749
|
challenge,
|
|
1750
|
-
allowCredentials
|
|
1750
|
+
allowCredentials {
|
|
1751
|
+
id,
|
|
1752
|
+
type,
|
|
1753
|
+
transports
|
|
1754
|
+
}
|
|
1751
1755
|
timeout,
|
|
1752
1756
|
userVerification,
|
|
1753
1757
|
}
|
|
@@ -1774,7 +1778,7 @@ const cr = async (e) => {
|
|
|
1774
1778
|
username,
|
|
1775
1779
|
}
|
|
1776
1780
|
}`
|
|
1777
|
-
},
|
|
1781
|
+
}, K = {
|
|
1778
1782
|
GET_REGISTRATION_OPTIONS: {
|
|
1779
1783
|
schema: oe.GET_REGISTRATION_OPTIONS,
|
|
1780
1784
|
method: "getPasskeyRegistrationOptions"
|
|
@@ -1791,7 +1795,7 @@ const cr = async (e) => {
|
|
|
1791
1795
|
schema: oe.VERIFY_AUTHENTICATION,
|
|
1792
1796
|
method: "verifyPasskeyAuthentication"
|
|
1793
1797
|
}
|
|
1794
|
-
},
|
|
1798
|
+
}, H = async ({
|
|
1795
1799
|
accessToken: e,
|
|
1796
1800
|
type: t,
|
|
1797
1801
|
clientId: n,
|
|
@@ -1817,11 +1821,11 @@ const cr = async (e) => {
|
|
|
1817
1821
|
);
|
|
1818
1822
|
if (o.status !== 200)
|
|
1819
1823
|
return { status: o.status, data: [] };
|
|
1820
|
-
const { data: i, errors:
|
|
1824
|
+
const { data: i, errors: l } = await o.json();
|
|
1821
1825
|
return {
|
|
1822
1826
|
status: o.status,
|
|
1823
1827
|
data: i[t.method],
|
|
1824
|
-
errors:
|
|
1828
|
+
errors: l
|
|
1825
1829
|
};
|
|
1826
1830
|
} catch (a) {
|
|
1827
1831
|
return console.error(a), { status: 500, data: [] };
|
|
@@ -1864,8 +1868,8 @@ class wr {
|
|
|
1864
1868
|
nonce: r,
|
|
1865
1869
|
domain: a
|
|
1866
1870
|
}) {
|
|
1867
|
-
const s = await
|
|
1868
|
-
if (s && s.payload[
|
|
1871
|
+
const s = await x(this.refreshToken);
|
|
1872
|
+
if (s && s.payload[T.USER_ID_KEY] !== "") {
|
|
1869
1873
|
const o = await mr({
|
|
1870
1874
|
clientId: t,
|
|
1871
1875
|
userId: n,
|
|
@@ -1887,20 +1891,25 @@ class wr {
|
|
|
1887
1891
|
};
|
|
1888
1892
|
}
|
|
1889
1893
|
}
|
|
1890
|
-
const
|
|
1894
|
+
const Er = (e) => W(
|
|
1895
|
+
(...t) => {
|
|
1896
|
+
e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
|
|
1897
|
+
},
|
|
1898
|
+
[e]
|
|
1899
|
+
), L = () => {
|
|
1891
1900
|
throw new Error(hr);
|
|
1892
|
-
}, yt =
|
|
1901
|
+
}, yt = Ct({
|
|
1893
1902
|
isAuthenticated: !1,
|
|
1894
1903
|
isLoading: !1,
|
|
1895
1904
|
authenticationType: null,
|
|
1896
|
-
login:
|
|
1897
|
-
logout:
|
|
1898
|
-
getAccessToken:
|
|
1899
|
-
getIdToken:
|
|
1900
|
-
registeringForPasskey:
|
|
1901
|
-
loginWithPasskey:
|
|
1905
|
+
login: L,
|
|
1906
|
+
logout: L,
|
|
1907
|
+
getAccessToken: L,
|
|
1908
|
+
getIdToken: L,
|
|
1909
|
+
registeringForPasskey: L,
|
|
1910
|
+
loginWithPasskey: L,
|
|
1902
1911
|
logoutReason: ""
|
|
1903
|
-
}),
|
|
1912
|
+
}), Sr = Pt.createContext({
|
|
1904
1913
|
state: {
|
|
1905
1914
|
isLoading: !0,
|
|
1906
1915
|
isAuthenticated: !1,
|
|
@@ -1911,10 +1920,10 @@ const W = () => {
|
|
|
1911
1920
|
},
|
|
1912
1921
|
dispatch: () => {
|
|
1913
1922
|
}
|
|
1914
|
-
}),
|
|
1923
|
+
}), Ar = (e, t) => (t == null ? void 0 : t.type) === J ? {
|
|
1915
1924
|
...e,
|
|
1916
1925
|
isLoading: t.payload.isLoading
|
|
1917
|
-
} : (t == null ? void 0 : t.type) ===
|
|
1926
|
+
} : (t == null ? void 0 : t.type) === Y ? {
|
|
1918
1927
|
...e,
|
|
1919
1928
|
isLoading: !1,
|
|
1920
1929
|
isAuthenticated: !0,
|
|
@@ -1928,38 +1937,33 @@ const W = () => {
|
|
|
1928
1937
|
user: void 0,
|
|
1929
1938
|
authenticationType: null,
|
|
1930
1939
|
logoutReason: t.payload.logoutReason
|
|
1931
|
-
} : e,
|
|
1940
|
+
} : e, Or = ({
|
|
1932
1941
|
children: e,
|
|
1933
1942
|
sessionExpiration: t,
|
|
1934
1943
|
clientId: n,
|
|
1935
1944
|
domain: r = "",
|
|
1936
1945
|
debug: a = !1
|
|
1937
1946
|
}) => {
|
|
1938
|
-
const [s, o] = Ot(
|
|
1947
|
+
const [s, o] = Ot(Ar, {
|
|
1939
1948
|
isLoading: !0,
|
|
1940
1949
|
isAuthenticated: !1,
|
|
1941
1950
|
authenticationType: null,
|
|
1942
1951
|
user: void 0,
|
|
1943
1952
|
logoutReason: "",
|
|
1944
1953
|
debug: a
|
|
1945
|
-
}), i =
|
|
1954
|
+
}), i = Er(a), l = ke(!1), y = ke(""), [h, p, , m] = ee({
|
|
1946
1955
|
key: `${ae}::${n}::@@user@@`
|
|
1947
|
-
}), [
|
|
1956
|
+
}), [u, d, , g] = ee({
|
|
1948
1957
|
key: `${ae}::${n}::@@access@@`
|
|
1949
|
-
}), [
|
|
1958
|
+
}), [R, B, , q] = ee(
|
|
1950
1959
|
{
|
|
1951
1960
|
key: `${ae}::${n}::@@refresh@@`
|
|
1952
1961
|
}
|
|
1953
1962
|
), [gt, Ie, , _e] = ee({
|
|
1954
1963
|
key: `${ae}::${n}::@@nonce@@`
|
|
1955
|
-
}),
|
|
1956
|
-
(...c) => {
|
|
1957
|
-
a && console.info(`==> [Auth ${Date.now()}]: `, ...c);
|
|
1958
|
-
},
|
|
1959
|
-
[a]
|
|
1960
|
-
), mt = new wr(p, m), $ = x(
|
|
1964
|
+
}), mt = new wr(u, R), U = W(
|
|
1961
1965
|
(c) => {
|
|
1962
|
-
|
|
1966
|
+
i(
|
|
1963
1967
|
"removeStateAndLocalStorage: removing state and local storage with reason: ",
|
|
1964
1968
|
c
|
|
1965
1969
|
), o({
|
|
@@ -1967,178 +1971,178 @@ const W = () => {
|
|
|
1967
1971
|
payload: {
|
|
1968
1972
|
logoutReason: c || ne
|
|
1969
1973
|
}
|
|
1970
|
-
}),
|
|
1974
|
+
}), m(), g(), q(), _e(), o({ type: J, payload: { isLoading: !1 } });
|
|
1971
1975
|
},
|
|
1972
|
-
[
|
|
1973
|
-
),
|
|
1976
|
+
[g, m, _e, q, i]
|
|
1977
|
+
), N = W(
|
|
1974
1978
|
async (c) => {
|
|
1975
|
-
|
|
1976
|
-
const { user:
|
|
1977
|
-
|
|
1979
|
+
i("invalidateAndLogout: invalidating and logging out");
|
|
1980
|
+
const { user: w } = s, f = (w == null ? void 0 : w.userId) || fr(h);
|
|
1981
|
+
f || i(
|
|
1978
1982
|
"invalidateAndLogout: user cannot be identified, logging out without userId"
|
|
1979
1983
|
), await yr({
|
|
1980
|
-
userId:
|
|
1981
|
-
idToken:
|
|
1982
|
-
accessToken:
|
|
1983
|
-
refreshToken:
|
|
1984
|
+
userId: f,
|
|
1985
|
+
idToken: h,
|
|
1986
|
+
accessToken: u,
|
|
1987
|
+
refreshToken: R,
|
|
1984
1988
|
clientId: n,
|
|
1985
1989
|
domain: r
|
|
1986
|
-
}),
|
|
1990
|
+
}), U(c || ne);
|
|
1987
1991
|
},
|
|
1988
1992
|
[
|
|
1989
|
-
|
|
1993
|
+
u,
|
|
1990
1994
|
s,
|
|
1991
1995
|
n,
|
|
1992
1996
|
r,
|
|
1993
|
-
|
|
1994
|
-
|
|
1995
|
-
|
|
1996
|
-
|
|
1997
|
+
h,
|
|
1998
|
+
R,
|
|
1999
|
+
U,
|
|
2000
|
+
i
|
|
1997
2001
|
]
|
|
1998
2002
|
);
|
|
1999
|
-
Te(() => ((async () => (
|
|
2000
|
-
|
|
2003
|
+
Te(() => ((async () => (i("useEffect: setting the fingerprint"), y.current = await ft()))(), () => {
|
|
2004
|
+
i("useEffect: cleaning up the fingerprint"), y.current = "";
|
|
2001
2005
|
}), []), Te(() => {
|
|
2002
|
-
if (!
|
|
2003
|
-
return s.isLoading &&
|
|
2006
|
+
if (!l.current)
|
|
2007
|
+
return s.isLoading && h !== null ? (async () => {
|
|
2004
2008
|
try {
|
|
2005
|
-
const c = await
|
|
2006
|
-
c && c.payload[
|
|
2007
|
-
type:
|
|
2009
|
+
const c = await x(h);
|
|
2010
|
+
c && c.payload[T.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), o({
|
|
2011
|
+
type: Y,
|
|
2008
2012
|
payload: {
|
|
2009
|
-
authenticationType: c.payload[
|
|
2013
|
+
authenticationType: c.payload[T.AUTH_TYPE_KEY],
|
|
2010
2014
|
user: {
|
|
2011
|
-
userId: c.payload[
|
|
2012
|
-
username: c.payload[
|
|
2015
|
+
userId: c.payload[T.USER_ID_KEY],
|
|
2016
|
+
username: c.payload[T.USERNAME_KEY]
|
|
2013
2017
|
}
|
|
2014
2018
|
}
|
|
2015
|
-
})) : (
|
|
2019
|
+
})) : (i("useEffect: invalid JWT, invalidating and logging out"), await N(ne));
|
|
2016
2020
|
} catch {
|
|
2017
|
-
|
|
2021
|
+
i(
|
|
2018
2022
|
"useEffect: exception validating JWT, invalidating and logging out"
|
|
2019
|
-
), await
|
|
2023
|
+
), await N(ne);
|
|
2020
2024
|
}
|
|
2021
|
-
})() : (
|
|
2022
|
-
|
|
2025
|
+
})() : (i("useEffect: setting the loading state to false"), o({ type: J, payload: { isLoading: !1 } })), () => {
|
|
2026
|
+
l.current = !0;
|
|
2023
2027
|
};
|
|
2024
|
-
}, [s.isLoading,
|
|
2025
|
-
const wt = async (c,
|
|
2026
|
-
const
|
|
2027
|
-
if (Ie(
|
|
2028
|
+
}, [s.isLoading, h, N, i]);
|
|
2029
|
+
const wt = async (c, w, f) => {
|
|
2030
|
+
const I = Se();
|
|
2031
|
+
if (Ie(I), o({ type: J, payload: { isLoading: !0 } }), m(), g(), q(), i("login: Logging in with type: ", f), f === j.CODE) {
|
|
2028
2032
|
const { code_verifier: bt, code_challenge: It } = await Dn(), ve = await gr({
|
|
2029
|
-
nonce:
|
|
2033
|
+
nonce: I,
|
|
2030
2034
|
clientId: n,
|
|
2031
2035
|
code_challenge: It
|
|
2032
2036
|
});
|
|
2033
2037
|
if (ve.status) {
|
|
2034
|
-
const
|
|
2038
|
+
const G = await Je({
|
|
2035
2039
|
username: c,
|
|
2036
|
-
password:
|
|
2040
|
+
password: w,
|
|
2037
2041
|
clientId: n,
|
|
2038
2042
|
sessionExpiration: t,
|
|
2039
|
-
nonce:
|
|
2040
|
-
type:
|
|
2043
|
+
nonce: I,
|
|
2044
|
+
type: f,
|
|
2041
2045
|
code: ve.code,
|
|
2042
2046
|
code_verifier: bt,
|
|
2043
2047
|
domain: r,
|
|
2044
|
-
fingerprint:
|
|
2048
|
+
fingerprint: y.current
|
|
2045
2049
|
});
|
|
2046
|
-
return
|
|
2047
|
-
type:
|
|
2050
|
+
return G.status ? (p(G.idToken), d(G.accessToken), B(G.refreshToken), o({
|
|
2051
|
+
type: Y,
|
|
2048
2052
|
payload: {
|
|
2049
|
-
authenticationType:
|
|
2053
|
+
authenticationType: f,
|
|
2050
2054
|
user: {
|
|
2051
|
-
userId:
|
|
2055
|
+
userId: G.userId,
|
|
2052
2056
|
username: c
|
|
2053
2057
|
}
|
|
2054
2058
|
}
|
|
2055
|
-
}), !0) : (
|
|
2059
|
+
}), !0) : (U(re), !1);
|
|
2056
2060
|
}
|
|
2057
2061
|
return !1;
|
|
2058
2062
|
}
|
|
2059
|
-
const
|
|
2063
|
+
const M = await Je({
|
|
2060
2064
|
username: c,
|
|
2061
|
-
password:
|
|
2065
|
+
password: w,
|
|
2062
2066
|
clientId: n,
|
|
2063
2067
|
sessionExpiration: t,
|
|
2064
|
-
nonce:
|
|
2065
|
-
type:
|
|
2068
|
+
nonce: I,
|
|
2069
|
+
type: f,
|
|
2066
2070
|
domain: r,
|
|
2067
|
-
fingerprint:
|
|
2071
|
+
fingerprint: y.current
|
|
2068
2072
|
});
|
|
2069
|
-
return
|
|
2070
|
-
type:
|
|
2073
|
+
return M.status ? (p(M.idToken), d(M.accessToken), B(M.refreshToken), o({
|
|
2074
|
+
type: Y,
|
|
2071
2075
|
payload: {
|
|
2072
|
-
authenticationType:
|
|
2076
|
+
authenticationType: f,
|
|
2073
2077
|
user: {
|
|
2074
|
-
userId:
|
|
2078
|
+
userId: M.userId,
|
|
2075
2079
|
username: c
|
|
2076
2080
|
}
|
|
2077
2081
|
}
|
|
2078
|
-
}), !0) : (
|
|
2082
|
+
}), !0) : (U(re), !1);
|
|
2079
2083
|
}, Et = async (c) => {
|
|
2080
|
-
c == null || c.preventDefault(), await
|
|
2084
|
+
c == null || c.preventDefault(), await N(dr);
|
|
2081
2085
|
}, St = async () => {
|
|
2082
|
-
const { isAuthenticated: c, user:
|
|
2086
|
+
const { isAuthenticated: c, user: w } = s;
|
|
2083
2087
|
try {
|
|
2084
|
-
if (c &&
|
|
2085
|
-
if (
|
|
2086
|
-
|
|
2087
|
-
const
|
|
2088
|
-
if (
|
|
2089
|
-
return
|
|
2088
|
+
if (c && w && w.userId) {
|
|
2089
|
+
if (u) {
|
|
2090
|
+
i("getAccessToken");
|
|
2091
|
+
const I = await x(u);
|
|
2092
|
+
if (I && I.payload[T.USER_ID_KEY] !== "")
|
|
2093
|
+
return u;
|
|
2090
2094
|
}
|
|
2091
|
-
|
|
2092
|
-
const
|
|
2095
|
+
i("getAccessToken: invalid access token, refreshing it");
|
|
2096
|
+
const f = await mt.refreshtoken({
|
|
2093
2097
|
clientId: n,
|
|
2094
|
-
userId:
|
|
2098
|
+
userId: w.userId,
|
|
2095
2099
|
nonce: gt,
|
|
2096
2100
|
domain: r
|
|
2097
2101
|
});
|
|
2098
|
-
return
|
|
2102
|
+
return f.status && f.status === "success" ? (d(f.newAccessToken), B(f.newRefreshToken), f.newAccessToken) : (i("getAccessToken: invalid refresh token, re-authenticating user"), await N(Ae), "");
|
|
2099
2103
|
}
|
|
2100
|
-
return
|
|
2104
|
+
return i(
|
|
2101
2105
|
"getAccessToken: user is not authenticated, cannot get access token"
|
|
2102
|
-
), await
|
|
2106
|
+
), await N(Ae), "";
|
|
2103
2107
|
} catch {
|
|
2104
|
-
return
|
|
2108
|
+
return i(
|
|
2105
2109
|
"getAccessToken: exception occurred, invalidating and logging out"
|
|
2106
|
-
), await
|
|
2110
|
+
), await N(Ae), "";
|
|
2107
2111
|
}
|
|
2108
2112
|
}, At = () => {
|
|
2109
|
-
if (s.isAuthenticated &&
|
|
2110
|
-
return
|
|
2113
|
+
if (s.isAuthenticated && h)
|
|
2114
|
+
return h;
|
|
2111
2115
|
}, Tt = async () => {
|
|
2112
2116
|
const { user: c } = s;
|
|
2113
|
-
let
|
|
2114
|
-
accessToken:
|
|
2117
|
+
let w = await H({
|
|
2118
|
+
accessToken: u,
|
|
2115
2119
|
clientId: n,
|
|
2116
|
-
type:
|
|
2120
|
+
type: K.GET_REGISTRATION_OPTIONS,
|
|
2117
2121
|
params: {
|
|
2118
2122
|
clientId: n,
|
|
2119
2123
|
id: c == null ? void 0 : c.userId,
|
|
2120
2124
|
username: c == null ? void 0 : c.username
|
|
2121
2125
|
}
|
|
2122
2126
|
});
|
|
2123
|
-
if (
|
|
2127
|
+
if (w.status)
|
|
2124
2128
|
try {
|
|
2125
|
-
const
|
|
2126
|
-
|
|
2127
|
-
accessToken:
|
|
2129
|
+
const f = await Kt(w.data);
|
|
2130
|
+
w = await H({
|
|
2131
|
+
accessToken: u,
|
|
2128
2132
|
clientId: n,
|
|
2129
|
-
type:
|
|
2133
|
+
type: K.VERIFY_REGISTRATION,
|
|
2130
2134
|
params: {
|
|
2131
2135
|
clientId: n,
|
|
2132
2136
|
id: c == null ? void 0 : c.userId,
|
|
2133
2137
|
username: c == null ? void 0 : c.username,
|
|
2134
|
-
registration:
|
|
2138
|
+
registration: f
|
|
2135
2139
|
}
|
|
2136
2140
|
});
|
|
2137
2141
|
} catch {
|
|
2138
|
-
return await
|
|
2139
|
-
accessToken:
|
|
2142
|
+
return await H({
|
|
2143
|
+
accessToken: u,
|
|
2140
2144
|
clientId: n,
|
|
2141
|
-
type:
|
|
2145
|
+
type: K.VERIFY_REGISTRATION,
|
|
2142
2146
|
params: {
|
|
2143
2147
|
clientId: n,
|
|
2144
2148
|
id: c == null ? void 0 : c.userId,
|
|
@@ -2149,58 +2153,58 @@ const W = () => {
|
|
|
2149
2153
|
}
|
|
2150
2154
|
}, Rt = async () => {
|
|
2151
2155
|
const c = Se();
|
|
2152
|
-
Ie(c), o({ type:
|
|
2153
|
-
const
|
|
2154
|
-
let
|
|
2155
|
-
accessToken:
|
|
2156
|
+
Ie(c), o({ type: J, payload: { isLoading: !0 } }), m(), g(), q(), i("loginWithPasskey");
|
|
2157
|
+
const w = Se();
|
|
2158
|
+
let f = await H({
|
|
2159
|
+
accessToken: u,
|
|
2156
2160
|
clientId: n,
|
|
2157
|
-
type:
|
|
2161
|
+
type: K.GET_AUTHENTICATION_OPTIONS,
|
|
2158
2162
|
params: {
|
|
2159
|
-
id:
|
|
2163
|
+
id: w,
|
|
2160
2164
|
clientId: n
|
|
2161
2165
|
}
|
|
2162
2166
|
});
|
|
2163
|
-
if (
|
|
2167
|
+
if (f.status)
|
|
2164
2168
|
try {
|
|
2165
|
-
const
|
|
2166
|
-
return
|
|
2167
|
-
accessToken:
|
|
2169
|
+
const I = await Wt(f.data);
|
|
2170
|
+
return f = await H({
|
|
2171
|
+
accessToken: u,
|
|
2168
2172
|
clientId: n,
|
|
2169
|
-
type:
|
|
2173
|
+
type: K.VERIFY_AUTHENTICATION,
|
|
2170
2174
|
params: {
|
|
2171
2175
|
clientId: n,
|
|
2172
|
-
id:
|
|
2173
|
-
authentication:
|
|
2176
|
+
id: w,
|
|
2177
|
+
authentication: I,
|
|
2174
2178
|
nonce: c,
|
|
2175
2179
|
domain: r,
|
|
2176
|
-
fingerprint:
|
|
2180
|
+
fingerprint: y.current
|
|
2177
2181
|
}
|
|
2178
|
-
}),
|
|
2179
|
-
type:
|
|
2182
|
+
}), f.data.status === "success" ? (p(f.data.idToken), d(f.data.accessToken), B(f.data.refreshToken), o({
|
|
2183
|
+
type: Y,
|
|
2180
2184
|
payload: {
|
|
2181
|
-
authenticationType:
|
|
2185
|
+
authenticationType: j.PASSKEY,
|
|
2182
2186
|
user: {
|
|
2183
|
-
userId:
|
|
2184
|
-
username:
|
|
2187
|
+
userId: f.data.userId,
|
|
2188
|
+
username: f.data.username
|
|
2185
2189
|
}
|
|
2186
2190
|
}
|
|
2187
|
-
}), !0) : (
|
|
2191
|
+
}), !0) : (U(re), !1);
|
|
2188
2192
|
} catch {
|
|
2189
|
-
return await
|
|
2190
|
-
accessToken:
|
|
2193
|
+
return await H({
|
|
2194
|
+
accessToken: u,
|
|
2191
2195
|
clientId: n,
|
|
2192
|
-
type:
|
|
2196
|
+
type: K.VERIFY_AUTHENTICATION,
|
|
2193
2197
|
params: {
|
|
2194
2198
|
clientId: n,
|
|
2195
|
-
id:
|
|
2199
|
+
id: w,
|
|
2196
2200
|
authentication: {},
|
|
2197
2201
|
nonce: c,
|
|
2198
2202
|
domain: r
|
|
2199
2203
|
}
|
|
2200
|
-
}),
|
|
2204
|
+
}), U(re), !1;
|
|
2201
2205
|
}
|
|
2202
2206
|
};
|
|
2203
|
-
return /* @__PURE__ */ Pe(
|
|
2207
|
+
return /* @__PURE__ */ Pe(Sr.Provider, { value: { state: s, dispatch: o }, children: /* @__PURE__ */ Pe(
|
|
2204
2208
|
yt.Provider,
|
|
2205
2209
|
{
|
|
2206
2210
|
value: {
|
|
@@ -2215,10 +2219,10 @@ const W = () => {
|
|
|
2215
2219
|
children: e
|
|
2216
2220
|
}
|
|
2217
2221
|
) });
|
|
2218
|
-
},
|
|
2222
|
+
}, Nr = (e = yt) => Nt(e);
|
|
2219
2223
|
export {
|
|
2220
|
-
|
|
2221
|
-
|
|
2224
|
+
j as AUTH_TYPES,
|
|
2225
|
+
Or as AuthProvider,
|
|
2222
2226
|
Cr as isGranted,
|
|
2223
|
-
|
|
2227
|
+
Nr as useAuth
|
|
2224
2228
|
};
|