@versini/auth-provider 7.3.3 → 7.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +471 -444
- package/package.json +8 -8
package/dist/index.js
CHANGED
|
@@ -2,45 +2,45 @@ var At = Object.defineProperty;
|
|
|
2
2
|
var Tt = (e, t, r) => t in e ? At(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
|
|
3
3
|
var X = (e, t, r) => Tt(e, typeof t != "symbol" ? t + "" : t, r);
|
|
4
4
|
import { jsx as Oe } from "react/jsx-runtime";
|
|
5
|
-
import Rt, { useSyncExternalStore as
|
|
5
|
+
import Rt, { useSyncExternalStore as _t, useCallback as D, useEffect as Je, createContext as It, useReducer as bt, useRef as kt, useContext as Ot } from "react";
|
|
6
6
|
/*!
|
|
7
|
-
@versini/auth-provider v7.
|
|
7
|
+
@versini/auth-provider v7.4.0
|
|
8
8
|
© 2024 gizmette.com
|
|
9
9
|
*/
|
|
10
10
|
try {
|
|
11
11
|
window.__VERSINI_AUTH_CLIENT__ || (window.__VERSINI_AUTH_CLIENT__ = {
|
|
12
|
-
version: "7.
|
|
13
|
-
buildTime: "
|
|
12
|
+
version: "7.4.0",
|
|
13
|
+
buildTime: "12/18/2024 02:36 PM EST",
|
|
14
14
|
homepage: "https://github.com/aversini/auth-client",
|
|
15
15
|
license: "MIT"
|
|
16
16
|
});
|
|
17
17
|
} catch {
|
|
18
18
|
}
|
|
19
|
-
function
|
|
19
|
+
function k(e) {
|
|
20
20
|
const t = new Uint8Array(e);
|
|
21
21
|
let r = "";
|
|
22
22
|
for (const a of t)
|
|
23
23
|
r += String.fromCharCode(a);
|
|
24
24
|
return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
|
|
25
25
|
}
|
|
26
|
-
function
|
|
26
|
+
function oe(e) {
|
|
27
27
|
const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = (4 - t.length % 4) % 4, n = t.padEnd(t.length + r, "="), a = atob(n), s = new ArrayBuffer(a.length), o = new Uint8Array(s);
|
|
28
28
|
for (let i = 0; i < a.length; i++)
|
|
29
29
|
o[i] = a.charCodeAt(i);
|
|
30
30
|
return s;
|
|
31
31
|
}
|
|
32
|
-
function
|
|
32
|
+
function Te() {
|
|
33
33
|
return window?.PublicKeyCredential !== void 0 && typeof window.PublicKeyCredential == "function";
|
|
34
34
|
}
|
|
35
|
-
function
|
|
35
|
+
function Ye(e) {
|
|
36
36
|
const { id: t } = e;
|
|
37
37
|
return {
|
|
38
38
|
...e,
|
|
39
|
-
id:
|
|
39
|
+
id: oe(t),
|
|
40
40
|
transports: e.transports
|
|
41
41
|
};
|
|
42
42
|
}
|
|
43
|
-
function
|
|
43
|
+
function xe(e) {
|
|
44
44
|
return e === "localhost" || /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(e);
|
|
45
45
|
}
|
|
46
46
|
class S extends Error {
|
|
@@ -48,7 +48,7 @@ class S extends Error {
|
|
|
48
48
|
super(t, { cause: n }), this.name = a ?? n.name, this.code = r;
|
|
49
49
|
}
|
|
50
50
|
}
|
|
51
|
-
function
|
|
51
|
+
function vt({ error: e, options: t }) {
|
|
52
52
|
const { publicKey: r } = t;
|
|
53
53
|
if (!r)
|
|
54
54
|
throw Error("options was missing required publicKey property");
|
|
@@ -97,7 +97,7 @@ function Ot({ error: e, options: t }) {
|
|
|
97
97
|
});
|
|
98
98
|
if (e.name === "SecurityError") {
|
|
99
99
|
const n = window.location.hostname;
|
|
100
|
-
if (
|
|
100
|
+
if (xe(n)) {
|
|
101
101
|
if (r.rp.id !== n)
|
|
102
102
|
return new S({
|
|
103
103
|
message: `The RP ID "${r.rp.id}" is invalid for this domain`,
|
|
@@ -141,29 +141,29 @@ class Pt {
|
|
|
141
141
|
}
|
|
142
142
|
}
|
|
143
143
|
}
|
|
144
|
-
const
|
|
145
|
-
function
|
|
144
|
+
const Me = new Pt(), Ct = ["cross-platform", "platform"];
|
|
145
|
+
function Ge(e) {
|
|
146
146
|
if (e && !(Ct.indexOf(e) < 0))
|
|
147
147
|
return e;
|
|
148
148
|
}
|
|
149
149
|
async function Nt(e) {
|
|
150
|
-
if (!
|
|
150
|
+
if (!Te())
|
|
151
151
|
throw new Error("WebAuthn is not supported in this browser");
|
|
152
152
|
const r = { publicKey: {
|
|
153
153
|
...e,
|
|
154
|
-
challenge:
|
|
154
|
+
challenge: oe(e.challenge),
|
|
155
155
|
user: {
|
|
156
156
|
...e.user,
|
|
157
|
-
id:
|
|
157
|
+
id: oe(e.user.id)
|
|
158
158
|
},
|
|
159
|
-
excludeCredentials: e.excludeCredentials?.map(
|
|
159
|
+
excludeCredentials: e.excludeCredentials?.map(Ye)
|
|
160
160
|
} };
|
|
161
|
-
r.signal =
|
|
161
|
+
r.signal = Me.createNewAbortSignal();
|
|
162
162
|
let n;
|
|
163
163
|
try {
|
|
164
164
|
n = await navigator.credentials.create(r);
|
|
165
165
|
} catch (l) {
|
|
166
|
-
throw
|
|
166
|
+
throw vt({ error: l, options: r });
|
|
167
167
|
}
|
|
168
168
|
if (!n)
|
|
169
169
|
throw new Error("Registration was not completed");
|
|
@@ -175,29 +175,29 @@ async function Nt(e) {
|
|
|
175
175
|
try {
|
|
176
176
|
h = o.getPublicKeyAlgorithm();
|
|
177
177
|
} catch (l) {
|
|
178
|
-
|
|
178
|
+
ye("getPublicKeyAlgorithm()", l);
|
|
179
179
|
}
|
|
180
180
|
let y;
|
|
181
181
|
if (typeof o.getPublicKey == "function")
|
|
182
182
|
try {
|
|
183
183
|
const l = o.getPublicKey();
|
|
184
|
-
l !== null && (y =
|
|
184
|
+
l !== null && (y = k(l));
|
|
185
185
|
} catch (l) {
|
|
186
|
-
|
|
186
|
+
ye("getPublicKey()", l);
|
|
187
187
|
}
|
|
188
188
|
let p;
|
|
189
189
|
if (typeof o.getAuthenticatorData == "function")
|
|
190
190
|
try {
|
|
191
|
-
p =
|
|
191
|
+
p = k(o.getAuthenticatorData());
|
|
192
192
|
} catch (l) {
|
|
193
|
-
|
|
193
|
+
ye("getAuthenticatorData()", l);
|
|
194
194
|
}
|
|
195
195
|
return {
|
|
196
196
|
id: a,
|
|
197
|
-
rawId:
|
|
197
|
+
rawId: k(s),
|
|
198
198
|
response: {
|
|
199
|
-
attestationObject:
|
|
200
|
-
clientDataJSON:
|
|
199
|
+
attestationObject: k(o.attestationObject),
|
|
200
|
+
clientDataJSON: k(o.clientDataJSON),
|
|
201
201
|
transports: c,
|
|
202
202
|
publicKeyAlgorithm: h,
|
|
203
203
|
publicKey: y,
|
|
@@ -205,20 +205,20 @@ async function Nt(e) {
|
|
|
205
205
|
},
|
|
206
206
|
type: i,
|
|
207
207
|
clientExtensionResults: n.getClientExtensionResults(),
|
|
208
|
-
authenticatorAttachment:
|
|
208
|
+
authenticatorAttachment: Ge(n.authenticatorAttachment)
|
|
209
209
|
};
|
|
210
210
|
}
|
|
211
|
-
function
|
|
211
|
+
function ye(e, t) {
|
|
212
212
|
console.warn(`The browser extension that intercepted this WebAuthn API call incorrectly implemented ${e}. You should report this error to them.
|
|
213
213
|
`, t);
|
|
214
214
|
}
|
|
215
|
-
function
|
|
216
|
-
if (!
|
|
215
|
+
function Kt() {
|
|
216
|
+
if (!Te())
|
|
217
217
|
return new Promise((t) => t(!1));
|
|
218
218
|
const e = window.PublicKeyCredential;
|
|
219
219
|
return e.isConditionalMediationAvailable === void 0 ? new Promise((t) => t(!1)) : e.isConditionalMediationAvailable();
|
|
220
220
|
}
|
|
221
|
-
function
|
|
221
|
+
function Dt({ error: e, options: t }) {
|
|
222
222
|
const { publicKey: r } = t;
|
|
223
223
|
if (!r)
|
|
224
224
|
throw Error("options was missing required publicKey property");
|
|
@@ -238,7 +238,7 @@ function Kt({ error: e, options: t }) {
|
|
|
238
238
|
});
|
|
239
239
|
if (e.name === "SecurityError") {
|
|
240
240
|
const n = window.location.hostname;
|
|
241
|
-
if (
|
|
241
|
+
if (xe(n)) {
|
|
242
242
|
if (r.rpId !== n)
|
|
243
243
|
return new S({
|
|
244
244
|
message: `The RP ID "${r.rpId}" is invalid for this domain`,
|
|
@@ -260,68 +260,68 @@ function Kt({ error: e, options: t }) {
|
|
|
260
260
|
return e;
|
|
261
261
|
}
|
|
262
262
|
async function Ut(e, t = !1) {
|
|
263
|
-
if (!
|
|
263
|
+
if (!Te())
|
|
264
264
|
throw new Error("WebAuthn is not supported in this browser");
|
|
265
265
|
let r;
|
|
266
|
-
e.allowCredentials?.length !== 0 && (r = e.allowCredentials?.map(
|
|
266
|
+
e.allowCredentials?.length !== 0 && (r = e.allowCredentials?.map(Ye));
|
|
267
267
|
const n = {
|
|
268
268
|
...e,
|
|
269
|
-
challenge:
|
|
269
|
+
challenge: oe(e.challenge),
|
|
270
270
|
allowCredentials: r
|
|
271
271
|
}, a = {};
|
|
272
272
|
if (t) {
|
|
273
|
-
if (!await
|
|
273
|
+
if (!await Kt())
|
|
274
274
|
throw Error("Browser does not support WebAuthn autofill");
|
|
275
275
|
if (document.querySelectorAll("input[autocomplete$='webauthn']").length < 1)
|
|
276
276
|
throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
|
|
277
277
|
a.mediation = "conditional", n.allowCredentials = [];
|
|
278
278
|
}
|
|
279
|
-
a.publicKey = n, a.signal =
|
|
279
|
+
a.publicKey = n, a.signal = Me.createNewAbortSignal();
|
|
280
280
|
let s;
|
|
281
281
|
try {
|
|
282
282
|
s = await navigator.credentials.get(a);
|
|
283
283
|
} catch (p) {
|
|
284
|
-
throw
|
|
284
|
+
throw Dt({ error: p, options: a });
|
|
285
285
|
}
|
|
286
286
|
if (!s)
|
|
287
287
|
throw new Error("Authentication was not completed");
|
|
288
288
|
const { id: o, rawId: i, response: c, type: h } = s;
|
|
289
289
|
let y;
|
|
290
|
-
return c.userHandle && (y =
|
|
290
|
+
return c.userHandle && (y = k(c.userHandle)), {
|
|
291
291
|
id: o,
|
|
292
|
-
rawId:
|
|
292
|
+
rawId: k(i),
|
|
293
293
|
response: {
|
|
294
|
-
authenticatorData:
|
|
295
|
-
clientDataJSON:
|
|
296
|
-
signature:
|
|
294
|
+
authenticatorData: k(c.authenticatorData),
|
|
295
|
+
clientDataJSON: k(c.clientDataJSON),
|
|
296
|
+
signature: k(c.signature),
|
|
297
297
|
userHandle: y
|
|
298
298
|
},
|
|
299
299
|
type: h,
|
|
300
300
|
clientExtensionResults: s.getClientExtensionResults(),
|
|
301
|
-
authenticatorAttachment:
|
|
301
|
+
authenticatorAttachment: Ge(s.authenticatorAttachment)
|
|
302
302
|
};
|
|
303
303
|
}
|
|
304
304
|
/*!
|
|
305
|
-
@versini/auth-common v4.
|
|
305
|
+
@versini/auth-common v4.2.0
|
|
306
306
|
© 2024 gizmette.com
|
|
307
307
|
*/
|
|
308
308
|
try {
|
|
309
309
|
window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
|
|
310
|
-
version: "4.
|
|
311
|
-
buildTime: "
|
|
310
|
+
version: "4.2.0",
|
|
311
|
+
buildTime: "12/18/2024 02:36 PM EST",
|
|
312
312
|
homepage: "https://github.com/aversini/auth-client",
|
|
313
313
|
license: "MIT"
|
|
314
314
|
});
|
|
315
315
|
} catch {
|
|
316
316
|
}
|
|
317
|
-
const
|
|
317
|
+
const M = {
|
|
318
318
|
ID_TOKEN: "id_token",
|
|
319
319
|
ACCESS_TOKEN: "token",
|
|
320
320
|
ID_AND_ACCESS_TOKEN: "id_token token",
|
|
321
321
|
CODE: "code",
|
|
322
322
|
REFRESH_TOKEN: "refresh_token",
|
|
323
323
|
PASSKEY: "passkey"
|
|
324
|
-
},
|
|
324
|
+
}, Ve = {
|
|
325
325
|
CLIENT_ID: "X-Auth-ClientId"
|
|
326
326
|
}, f = {
|
|
327
327
|
ALG: "RS256",
|
|
@@ -336,7 +336,7 @@ const G = {
|
|
|
336
336
|
SCOPES_KEY: "scopes",
|
|
337
337
|
CLIENT_ID_KEY: "aud",
|
|
338
338
|
ISSUER: "gizmette.com"
|
|
339
|
-
},
|
|
339
|
+
}, Lt = `-----BEGIN PUBLIC KEY-----
|
|
340
340
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
|
|
341
341
|
w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
|
|
342
342
|
i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
|
|
@@ -344,108 +344,134 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
|
|
|
344
344
|
l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
|
|
345
345
|
sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
|
|
346
346
|
awIDAQAB
|
|
347
|
-
-----END PUBLIC KEY-----`,
|
|
347
|
+
-----END PUBLIC KEY-----`, ue = {
|
|
348
348
|
CODE: "code",
|
|
349
349
|
LOGOUT: "logout",
|
|
350
350
|
LOGIN: "login",
|
|
351
351
|
REFRESH: "refresh"
|
|
352
|
-
},
|
|
353
|
-
function
|
|
352
|
+
}, le = crypto, je = (e) => e instanceof CryptoKey, Z = new TextEncoder(), q = new TextDecoder();
|
|
353
|
+
function Wt(...e) {
|
|
354
354
|
const t = e.reduce((a, { length: s }) => a + s, 0), r = new Uint8Array(t);
|
|
355
355
|
let n = 0;
|
|
356
356
|
for (const a of e)
|
|
357
357
|
r.set(a, n), n += a.length;
|
|
358
358
|
return r;
|
|
359
359
|
}
|
|
360
|
-
const
|
|
360
|
+
const Ht = (e) => {
|
|
361
361
|
const t = atob(e), r = new Uint8Array(t.length);
|
|
362
362
|
for (let n = 0; n < t.length; n++)
|
|
363
363
|
r[n] = t.charCodeAt(n);
|
|
364
364
|
return r;
|
|
365
|
-
},
|
|
365
|
+
}, C = (e) => {
|
|
366
366
|
let t = e;
|
|
367
367
|
t instanceof Uint8Array && (t = q.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
|
|
368
368
|
try {
|
|
369
|
-
return
|
|
369
|
+
return Ht(t);
|
|
370
370
|
} catch {
|
|
371
371
|
throw new TypeError("The input to be decoded is not correctly encoded.");
|
|
372
372
|
}
|
|
373
373
|
};
|
|
374
|
-
class
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
constructor(t) {
|
|
379
|
-
var r;
|
|
380
|
-
super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
|
|
381
|
-
}
|
|
382
|
-
}
|
|
383
|
-
class R extends K {
|
|
384
|
-
static get code() {
|
|
385
|
-
return "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
374
|
+
let A = class extends Error {
|
|
375
|
+
constructor(t, r) {
|
|
376
|
+
var n;
|
|
377
|
+
super(t, r), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
|
|
386
378
|
}
|
|
379
|
+
};
|
|
380
|
+
A.code = "ERR_JOSE_GENERIC";
|
|
381
|
+
class _ extends A {
|
|
387
382
|
constructor(t, r, n = "unspecified", a = "unspecified") {
|
|
388
|
-
super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
|
|
383
|
+
super(t, { cause: { claim: n, reason: a, payload: r } }), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
|
|
389
384
|
}
|
|
390
385
|
}
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
return "ERR_JWT_EXPIRED";
|
|
394
|
-
}
|
|
386
|
+
_.code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
387
|
+
class Se extends A {
|
|
395
388
|
constructor(t, r, n = "unspecified", a = "unspecified") {
|
|
396
|
-
super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
|
|
389
|
+
super(t, { cause: { claim: n, reason: a, payload: r } }), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
|
|
397
390
|
}
|
|
398
391
|
}
|
|
399
|
-
|
|
392
|
+
Se.code = "ERR_JWT_EXPIRED";
|
|
393
|
+
class Fe extends A {
|
|
400
394
|
constructor() {
|
|
401
395
|
super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
402
396
|
}
|
|
403
|
-
static get code() {
|
|
404
|
-
return "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
405
|
-
}
|
|
406
397
|
}
|
|
407
|
-
|
|
398
|
+
Fe.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
399
|
+
class I extends A {
|
|
408
400
|
constructor() {
|
|
409
401
|
super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
410
402
|
}
|
|
411
|
-
|
|
412
|
-
|
|
403
|
+
}
|
|
404
|
+
I.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
405
|
+
class $t extends A {
|
|
406
|
+
constructor(t = "decryption operation failed", r) {
|
|
407
|
+
super(t, r), this.code = "ERR_JWE_DECRYPTION_FAILED";
|
|
413
408
|
}
|
|
414
409
|
}
|
|
415
|
-
|
|
410
|
+
$t.code = "ERR_JWE_DECRYPTION_FAILED";
|
|
411
|
+
class Jt extends A {
|
|
416
412
|
constructor() {
|
|
417
|
-
super(...arguments), this.code = "
|
|
413
|
+
super(...arguments), this.code = "ERR_JWE_INVALID";
|
|
418
414
|
}
|
|
419
|
-
|
|
420
|
-
|
|
415
|
+
}
|
|
416
|
+
Jt.code = "ERR_JWE_INVALID";
|
|
417
|
+
class E extends A {
|
|
418
|
+
constructor() {
|
|
419
|
+
super(...arguments), this.code = "ERR_JWS_INVALID";
|
|
421
420
|
}
|
|
422
421
|
}
|
|
423
|
-
|
|
422
|
+
E.code = "ERR_JWS_INVALID";
|
|
423
|
+
let b = class extends A {
|
|
424
424
|
constructor() {
|
|
425
425
|
super(...arguments), this.code = "ERR_JWT_INVALID";
|
|
426
426
|
}
|
|
427
|
-
static get code() {
|
|
428
|
-
return "ERR_JWT_INVALID";
|
|
429
|
-
}
|
|
430
427
|
};
|
|
431
|
-
|
|
428
|
+
b.code = "ERR_JWT_INVALID";
|
|
429
|
+
class Yt extends A {
|
|
432
430
|
constructor() {
|
|
433
|
-
super(...arguments), this.code = "
|
|
431
|
+
super(...arguments), this.code = "ERR_JWK_INVALID";
|
|
434
432
|
}
|
|
435
|
-
|
|
436
|
-
|
|
433
|
+
}
|
|
434
|
+
Yt.code = "ERR_JWK_INVALID";
|
|
435
|
+
class xt extends A {
|
|
436
|
+
constructor() {
|
|
437
|
+
super(...arguments), this.code = "ERR_JWKS_INVALID";
|
|
438
|
+
}
|
|
439
|
+
}
|
|
440
|
+
xt.code = "ERR_JWKS_INVALID";
|
|
441
|
+
class Mt extends A {
|
|
442
|
+
constructor(t = "no applicable key found in the JSON Web Key Set", r) {
|
|
443
|
+
super(t, r), this.code = "ERR_JWKS_NO_MATCHING_KEY";
|
|
437
444
|
}
|
|
438
445
|
}
|
|
439
|
-
|
|
446
|
+
Mt.code = "ERR_JWKS_NO_MATCHING_KEY";
|
|
447
|
+
class Gt extends A {
|
|
448
|
+
constructor(t = "multiple matching keys found in the JSON Web Key Set", r) {
|
|
449
|
+
super(t, r), this.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
|
|
450
|
+
}
|
|
451
|
+
}
|
|
452
|
+
Gt.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
|
|
453
|
+
class Vt extends A {
|
|
454
|
+
constructor(t = "request timed out", r) {
|
|
455
|
+
super(t, r), this.code = "ERR_JWKS_TIMEOUT";
|
|
456
|
+
}
|
|
457
|
+
}
|
|
458
|
+
Vt.code = "ERR_JWKS_TIMEOUT";
|
|
459
|
+
class Be extends A {
|
|
460
|
+
constructor(t = "signature verification failed", r) {
|
|
461
|
+
super(t, r), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
462
|
+
}
|
|
463
|
+
}
|
|
464
|
+
Be.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
465
|
+
function v(e, t = "algorithm.name") {
|
|
440
466
|
return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
|
|
441
467
|
}
|
|
442
468
|
function ee(e, t) {
|
|
443
469
|
return e.name === t;
|
|
444
470
|
}
|
|
445
|
-
function
|
|
471
|
+
function fe(e) {
|
|
446
472
|
return parseInt(e.name.slice(4), 10);
|
|
447
473
|
}
|
|
448
|
-
function
|
|
474
|
+
function jt(e) {
|
|
449
475
|
switch (e) {
|
|
450
476
|
case "ES256":
|
|
451
477
|
return "P-256";
|
|
@@ -457,7 +483,7 @@ function Yt(e) {
|
|
|
457
483
|
throw new Error("unreachable");
|
|
458
484
|
}
|
|
459
485
|
}
|
|
460
|
-
function
|
|
486
|
+
function Ft(e, t) {
|
|
461
487
|
if (t.length && !t.some((r) => e.usages.includes(r))) {
|
|
462
488
|
let r = "CryptoKey does not support this operation, its usages must include ";
|
|
463
489
|
if (t.length > 2) {
|
|
@@ -467,57 +493,57 @@ function xt(e, t) {
|
|
|
467
493
|
throw new TypeError(r);
|
|
468
494
|
}
|
|
469
495
|
}
|
|
470
|
-
function
|
|
496
|
+
function Bt(e, t, ...r) {
|
|
471
497
|
switch (t) {
|
|
472
498
|
case "HS256":
|
|
473
499
|
case "HS384":
|
|
474
500
|
case "HS512": {
|
|
475
501
|
if (!ee(e.algorithm, "HMAC"))
|
|
476
|
-
throw
|
|
502
|
+
throw v("HMAC");
|
|
477
503
|
const n = parseInt(t.slice(2), 10);
|
|
478
|
-
if (
|
|
479
|
-
throw
|
|
504
|
+
if (fe(e.algorithm.hash) !== n)
|
|
505
|
+
throw v(`SHA-${n}`, "algorithm.hash");
|
|
480
506
|
break;
|
|
481
507
|
}
|
|
482
508
|
case "RS256":
|
|
483
509
|
case "RS384":
|
|
484
510
|
case "RS512": {
|
|
485
511
|
if (!ee(e.algorithm, "RSASSA-PKCS1-v1_5"))
|
|
486
|
-
throw
|
|
512
|
+
throw v("RSASSA-PKCS1-v1_5");
|
|
487
513
|
const n = parseInt(t.slice(2), 10);
|
|
488
|
-
if (
|
|
489
|
-
throw
|
|
514
|
+
if (fe(e.algorithm.hash) !== n)
|
|
515
|
+
throw v(`SHA-${n}`, "algorithm.hash");
|
|
490
516
|
break;
|
|
491
517
|
}
|
|
492
518
|
case "PS256":
|
|
493
519
|
case "PS384":
|
|
494
520
|
case "PS512": {
|
|
495
521
|
if (!ee(e.algorithm, "RSA-PSS"))
|
|
496
|
-
throw
|
|
522
|
+
throw v("RSA-PSS");
|
|
497
523
|
const n = parseInt(t.slice(2), 10);
|
|
498
|
-
if (
|
|
499
|
-
throw
|
|
524
|
+
if (fe(e.algorithm.hash) !== n)
|
|
525
|
+
throw v(`SHA-${n}`, "algorithm.hash");
|
|
500
526
|
break;
|
|
501
527
|
}
|
|
502
528
|
case "EdDSA": {
|
|
503
529
|
if (e.algorithm.name !== "Ed25519" && e.algorithm.name !== "Ed448")
|
|
504
|
-
throw
|
|
530
|
+
throw v("Ed25519 or Ed448");
|
|
505
531
|
break;
|
|
506
532
|
}
|
|
507
533
|
case "ES256":
|
|
508
534
|
case "ES384":
|
|
509
535
|
case "ES512": {
|
|
510
536
|
if (!ee(e.algorithm, "ECDSA"))
|
|
511
|
-
throw
|
|
512
|
-
const n =
|
|
537
|
+
throw v("ECDSA");
|
|
538
|
+
const n = jt(t);
|
|
513
539
|
if (e.algorithm.namedCurve !== n)
|
|
514
|
-
throw
|
|
540
|
+
throw v(n, "algorithm.namedCurve");
|
|
515
541
|
break;
|
|
516
542
|
}
|
|
517
543
|
default:
|
|
518
544
|
throw new TypeError("CryptoKey does not support this operation");
|
|
519
545
|
}
|
|
520
|
-
|
|
546
|
+
Ft(e, r);
|
|
521
547
|
}
|
|
522
548
|
function qe(e, t, ...r) {
|
|
523
549
|
var n;
|
|
@@ -527,11 +553,11 @@ function qe(e, t, ...r) {
|
|
|
527
553
|
} else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
|
|
528
554
|
return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
|
|
529
555
|
}
|
|
530
|
-
const
|
|
556
|
+
const ve = (e, ...t) => qe("Key must be ", e, ...t);
|
|
531
557
|
function ze(e, t, ...r) {
|
|
532
558
|
return qe(`Key for the ${e} algorithm must be `, t, ...r);
|
|
533
559
|
}
|
|
534
|
-
const Qe = (e) =>
|
|
560
|
+
const Qe = (e) => je(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", se = ["CryptoKey"], qt = (...e) => {
|
|
535
561
|
const t = e.filter(Boolean);
|
|
536
562
|
if (t.length === 0 || t.length === 1)
|
|
537
563
|
return !0;
|
|
@@ -550,11 +576,11 @@ const Qe = (e) => Be(e) ? !0 : e?.[Symbol.toStringTag] === "KeyObject", ce = ["C
|
|
|
550
576
|
}
|
|
551
577
|
return !0;
|
|
552
578
|
};
|
|
553
|
-
function
|
|
579
|
+
function zt(e) {
|
|
554
580
|
return typeof e == "object" && e !== null;
|
|
555
581
|
}
|
|
556
|
-
function
|
|
557
|
-
if (!
|
|
582
|
+
function G(e) {
|
|
583
|
+
if (!zt(e) || Object.prototype.toString.call(e) !== "[object Object]")
|
|
558
584
|
return !1;
|
|
559
585
|
if (Object.getPrototypeOf(e) === null)
|
|
560
586
|
return !0;
|
|
@@ -563,7 +589,7 @@ function M(e) {
|
|
|
563
589
|
t = Object.getPrototypeOf(t);
|
|
564
590
|
return Object.getPrototypeOf(e) === t;
|
|
565
591
|
}
|
|
566
|
-
const
|
|
592
|
+
const Qt = (e, t) => {
|
|
567
593
|
if (e.startsWith("RS") || e.startsWith("PS")) {
|
|
568
594
|
const { modulusLength: r } = t.algorithm;
|
|
569
595
|
if (typeof r != "number" || r < 2048)
|
|
@@ -571,18 +597,18 @@ const jt = (e, t) => {
|
|
|
571
597
|
}
|
|
572
598
|
};
|
|
573
599
|
function j(e) {
|
|
574
|
-
return
|
|
600
|
+
return G(e) && typeof e.kty == "string";
|
|
575
601
|
}
|
|
576
|
-
function
|
|
602
|
+
function Xt(e) {
|
|
577
603
|
return e.kty !== "oct" && typeof e.d == "string";
|
|
578
604
|
}
|
|
579
|
-
function
|
|
605
|
+
function Zt(e) {
|
|
580
606
|
return e.kty !== "oct" && typeof e.d > "u";
|
|
581
607
|
}
|
|
582
|
-
function
|
|
608
|
+
function er(e) {
|
|
583
609
|
return j(e) && e.kty === "oct" && typeof e.k == "string";
|
|
584
610
|
}
|
|
585
|
-
function
|
|
611
|
+
function tr(e) {
|
|
586
612
|
let t, r;
|
|
587
613
|
switch (e.kty) {
|
|
588
614
|
case "RSA": {
|
|
@@ -607,7 +633,7 @@ function zt(e) {
|
|
|
607
633
|
}, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
|
|
608
634
|
break;
|
|
609
635
|
default:
|
|
610
|
-
throw new
|
|
636
|
+
throw new I('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
611
637
|
}
|
|
612
638
|
break;
|
|
613
639
|
}
|
|
@@ -629,7 +655,7 @@ function zt(e) {
|
|
|
629
655
|
t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
|
|
630
656
|
break;
|
|
631
657
|
default:
|
|
632
|
-
throw new
|
|
658
|
+
throw new I('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
633
659
|
}
|
|
634
660
|
break;
|
|
635
661
|
}
|
|
@@ -645,71 +671,71 @@ function zt(e) {
|
|
|
645
671
|
t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
|
|
646
672
|
break;
|
|
647
673
|
default:
|
|
648
|
-
throw new
|
|
674
|
+
throw new I('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
649
675
|
}
|
|
650
676
|
break;
|
|
651
677
|
}
|
|
652
678
|
default:
|
|
653
|
-
throw new
|
|
679
|
+
throw new I('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
|
|
654
680
|
}
|
|
655
681
|
return { algorithm: t, keyUsages: r };
|
|
656
682
|
}
|
|
657
683
|
const Xe = async (e) => {
|
|
658
684
|
if (!e.alg)
|
|
659
685
|
throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
|
|
660
|
-
const { algorithm: t, keyUsages: r } =
|
|
686
|
+
const { algorithm: t, keyUsages: r } = tr(e), n = [
|
|
661
687
|
t,
|
|
662
688
|
e.ext ?? !1,
|
|
663
689
|
e.key_ops ?? r
|
|
664
690
|
], a = { ...e };
|
|
665
|
-
return delete a.alg, delete a.use,
|
|
666
|
-
}, Ze = (e) =>
|
|
667
|
-
let
|
|
668
|
-
const et = (e) => e?.[Symbol.toStringTag] === "KeyObject",
|
|
691
|
+
return delete a.alg, delete a.use, le.subtle.importKey("jwk", a, ...n);
|
|
692
|
+
}, Ze = (e) => C(e);
|
|
693
|
+
let L, W;
|
|
694
|
+
const et = (e) => e?.[Symbol.toStringTag] === "KeyObject", ie = async (e, t, r, n, a = !1) => {
|
|
669
695
|
let s = e.get(t);
|
|
670
696
|
if (s != null && s[n])
|
|
671
697
|
return s[n];
|
|
672
698
|
const o = await Xe({ ...r, alg: n });
|
|
673
699
|
return a && Object.freeze(t), s ? s[n] = o : e.set(t, { [n]: o }), o;
|
|
674
|
-
},
|
|
700
|
+
}, rr = (e, t) => {
|
|
675
701
|
if (et(e)) {
|
|
676
702
|
let r = e.export({ format: "jwk" });
|
|
677
|
-
return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Ze(r.k) : (
|
|
703
|
+
return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Ze(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), ie(W, e, r, t));
|
|
678
704
|
}
|
|
679
|
-
return j(e) ? e.k ?
|
|
680
|
-
},
|
|
705
|
+
return j(e) ? e.k ? C(e.k) : (W || (W = /* @__PURE__ */ new WeakMap()), ie(W, e, e, t, !0)) : e;
|
|
706
|
+
}, nr = (e, t) => {
|
|
681
707
|
if (et(e)) {
|
|
682
708
|
let r = e.export({ format: "jwk" });
|
|
683
|
-
return r.k ? Ze(r.k) : (
|
|
709
|
+
return r.k ? Ze(r.k) : (L || (L = /* @__PURE__ */ new WeakMap()), ie(L, e, r, t));
|
|
684
710
|
}
|
|
685
|
-
return j(e) ? e.k ?
|
|
686
|
-
},
|
|
711
|
+
return j(e) ? e.k ? C(e.k) : (L || (L = /* @__PURE__ */ new WeakMap()), ie(L, e, e, t, !0)) : e;
|
|
712
|
+
}, ar = { normalizePublicKey: rr, normalizePrivateKey: nr }, P = (e, t, r = 0) => {
|
|
687
713
|
r === 0 && (t.unshift(t.length), t.unshift(6));
|
|
688
714
|
const n = e.indexOf(t[0], r);
|
|
689
715
|
if (n === -1)
|
|
690
716
|
return !1;
|
|
691
717
|
const a = e.subarray(n, n + t.length);
|
|
692
|
-
return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) ||
|
|
693
|
-
},
|
|
718
|
+
return a.length !== t.length ? !1 : a.every((s, o) => s === t[o]) || P(e, t, n + 1);
|
|
719
|
+
}, Pe = (e) => {
|
|
694
720
|
switch (!0) {
|
|
695
|
-
case
|
|
721
|
+
case P(e, [42, 134, 72, 206, 61, 3, 1, 7]):
|
|
696
722
|
return "P-256";
|
|
697
|
-
case
|
|
723
|
+
case P(e, [43, 129, 4, 0, 34]):
|
|
698
724
|
return "P-384";
|
|
699
|
-
case
|
|
725
|
+
case P(e, [43, 129, 4, 0, 35]):
|
|
700
726
|
return "P-521";
|
|
701
|
-
case
|
|
727
|
+
case P(e, [43, 101, 110]):
|
|
702
728
|
return "X25519";
|
|
703
|
-
case
|
|
729
|
+
case P(e, [43, 101, 111]):
|
|
704
730
|
return "X448";
|
|
705
|
-
case
|
|
731
|
+
case P(e, [43, 101, 112]):
|
|
706
732
|
return "Ed25519";
|
|
707
|
-
case
|
|
733
|
+
case P(e, [43, 101, 113]):
|
|
708
734
|
return "Ed448";
|
|
709
735
|
default:
|
|
710
|
-
throw new
|
|
736
|
+
throw new I("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
|
|
711
737
|
}
|
|
712
|
-
},
|
|
738
|
+
}, or = async (e, t, r, n, a) => {
|
|
713
739
|
let s, o;
|
|
714
740
|
const i = new Uint8Array(atob(r.replace(e, "")).split("").map((c) => c.charCodeAt(0)));
|
|
715
741
|
switch (n) {
|
|
@@ -745,42 +771,42 @@ const et = (e) => e?.[Symbol.toStringTag] === "KeyObject", ue = async (e, t, r,
|
|
|
745
771
|
case "ECDH-ES+A128KW":
|
|
746
772
|
case "ECDH-ES+A192KW":
|
|
747
773
|
case "ECDH-ES+A256KW": {
|
|
748
|
-
const c =
|
|
774
|
+
const c = Pe(i);
|
|
749
775
|
s = c.startsWith("P-") ? { name: "ECDH", namedCurve: c } : { name: c }, o = [];
|
|
750
776
|
break;
|
|
751
777
|
}
|
|
752
778
|
case "EdDSA":
|
|
753
|
-
s = { name:
|
|
779
|
+
s = { name: Pe(i) }, o = ["verify"];
|
|
754
780
|
break;
|
|
755
781
|
default:
|
|
756
|
-
throw new
|
|
782
|
+
throw new I('Invalid or unsupported "alg" (Algorithm) value');
|
|
757
783
|
}
|
|
758
|
-
return
|
|
759
|
-
},
|
|
760
|
-
async function
|
|
784
|
+
return le.subtle.importKey(t, i, s, !1, o);
|
|
785
|
+
}, sr = (e, t, r) => or(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
|
|
786
|
+
async function ir(e, t, r) {
|
|
761
787
|
if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
|
|
762
788
|
throw new TypeError('"spki" must be SPKI formatted string');
|
|
763
|
-
return
|
|
789
|
+
return sr(e, t);
|
|
764
790
|
}
|
|
765
|
-
async function
|
|
766
|
-
if (!
|
|
791
|
+
async function cr(e, t) {
|
|
792
|
+
if (!G(e))
|
|
767
793
|
throw new TypeError("JWK must be an object");
|
|
768
794
|
switch (t || (t = e.alg), e.kty) {
|
|
769
795
|
case "oct":
|
|
770
796
|
if (typeof e.k != "string" || !e.k)
|
|
771
797
|
throw new TypeError('missing "k" (Key Value) Parameter value');
|
|
772
|
-
return
|
|
798
|
+
return C(e.k);
|
|
773
799
|
case "RSA":
|
|
774
800
|
if (e.oth !== void 0)
|
|
775
|
-
throw new
|
|
801
|
+
throw new I('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
|
|
776
802
|
case "EC":
|
|
777
803
|
case "OKP":
|
|
778
804
|
return Xe({ ...e, alg: t });
|
|
779
805
|
default:
|
|
780
|
-
throw new
|
|
806
|
+
throw new I('Unsupported "kty" (Key Type) Parameter value');
|
|
781
807
|
}
|
|
782
808
|
}
|
|
783
|
-
const x = (e) => e?.[Symbol.toStringTag],
|
|
809
|
+
const x = (e) => e?.[Symbol.toStringTag], Ae = (e, t, r) => {
|
|
784
810
|
var n, a;
|
|
785
811
|
if (t.use !== void 0 && t.use !== "sig")
|
|
786
812
|
throw new TypeError("Invalid key for this operation, when present its use must be sig");
|
|
@@ -789,32 +815,32 @@ const x = (e) => e?.[Symbol.toStringTag], Te = (e, t, r) => {
|
|
|
789
815
|
if (t.alg !== void 0 && t.alg !== e)
|
|
790
816
|
throw new TypeError(`Invalid key for this operation, when present its alg must be ${e}`);
|
|
791
817
|
return !0;
|
|
792
|
-
},
|
|
818
|
+
}, ur = (e, t, r, n) => {
|
|
793
819
|
if (!(t instanceof Uint8Array)) {
|
|
794
820
|
if (n && j(t)) {
|
|
795
|
-
if (
|
|
821
|
+
if (er(t) && Ae(e, t, r))
|
|
796
822
|
return;
|
|
797
823
|
throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
|
|
798
824
|
}
|
|
799
825
|
if (!Qe(t))
|
|
800
|
-
throw new TypeError(ze(e, t, ...
|
|
826
|
+
throw new TypeError(ze(e, t, ...se, "Uint8Array", n ? "JSON Web Key" : null));
|
|
801
827
|
if (t.type !== "secret")
|
|
802
828
|
throw new TypeError(`${x(t)} instances for symmetric algorithms must be of type "secret"`);
|
|
803
829
|
}
|
|
804
|
-
},
|
|
830
|
+
}, lr = (e, t, r, n) => {
|
|
805
831
|
if (n && j(t))
|
|
806
832
|
switch (r) {
|
|
807
833
|
case "sign":
|
|
808
|
-
if (
|
|
834
|
+
if (Xt(t) && Ae(e, t, r))
|
|
809
835
|
return;
|
|
810
836
|
throw new TypeError("JSON Web Key for this operation be a private JWK");
|
|
811
837
|
case "verify":
|
|
812
|
-
if (
|
|
838
|
+
if (Zt(t) && Ae(e, t, r))
|
|
813
839
|
return;
|
|
814
840
|
throw new TypeError("JSON Web Key for this operation be a public JWK");
|
|
815
841
|
}
|
|
816
842
|
if (!Qe(t))
|
|
817
|
-
throw new TypeError(ze(e, t, ...
|
|
843
|
+
throw new TypeError(ze(e, t, ...se, n ? "JSON Web Key" : null));
|
|
818
844
|
if (t.type === "secret")
|
|
819
845
|
throw new TypeError(`${x(t)} instances for asymmetric algorithms must not be of type "secret"`);
|
|
820
846
|
if (r === "sign" && t.type === "public")
|
|
@@ -827,11 +853,11 @@ const x = (e) => e?.[Symbol.toStringTag], Te = (e, t, r) => {
|
|
|
827
853
|
throw new TypeError(`${x(t)} instances for asymmetric algorithm encryption must be of type "public"`);
|
|
828
854
|
};
|
|
829
855
|
function tt(e, t, r, n) {
|
|
830
|
-
t.startsWith("HS") || t === "dir" || t.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(t) ?
|
|
856
|
+
t.startsWith("HS") || t === "dir" || t.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(t) ? ur(t, r, n, e) : lr(t, r, n, e);
|
|
831
857
|
}
|
|
832
858
|
tt.bind(void 0, !1);
|
|
833
|
-
const
|
|
834
|
-
function
|
|
859
|
+
const Ce = tt.bind(void 0, !0);
|
|
860
|
+
function dr(e, t, r, n, a) {
|
|
835
861
|
if (a.crit !== void 0 && n?.crit === void 0)
|
|
836
862
|
throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
|
|
837
863
|
if (!n || n.crit === void 0)
|
|
@@ -842,7 +868,7 @@ function sr(e, t, r, n, a) {
|
|
|
842
868
|
r !== void 0 ? s = new Map([...Object.entries(r), ...t.entries()]) : s = t;
|
|
843
869
|
for (const o of n.crit) {
|
|
844
870
|
if (!s.has(o))
|
|
845
|
-
throw new
|
|
871
|
+
throw new I(`Extension Header Parameter "${o}" is not recognized`);
|
|
846
872
|
if (a[o] === void 0)
|
|
847
873
|
throw new e(`Extension Header Parameter "${o}" is missing`);
|
|
848
874
|
if (s.get(o) && n[o] === void 0)
|
|
@@ -850,13 +876,13 @@ function sr(e, t, r, n, a) {
|
|
|
850
876
|
}
|
|
851
877
|
return new Set(n.crit);
|
|
852
878
|
}
|
|
853
|
-
const
|
|
879
|
+
const hr = (e, t) => {
|
|
854
880
|
if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
|
|
855
881
|
throw new TypeError(`"${e}" option must be an array of strings`);
|
|
856
882
|
if (t)
|
|
857
883
|
return new Set(t);
|
|
858
884
|
};
|
|
859
|
-
function
|
|
885
|
+
function pr(e, t) {
|
|
860
886
|
const r = `SHA-${e.slice(-3)}`;
|
|
861
887
|
switch (e) {
|
|
862
888
|
case "HS256":
|
|
@@ -878,103 +904,103 @@ function cr(e, t) {
|
|
|
878
904
|
case "EdDSA":
|
|
879
905
|
return { name: t.name };
|
|
880
906
|
default:
|
|
881
|
-
throw new
|
|
907
|
+
throw new I(`alg ${e} is not supported either by JOSE or your javascript runtime`);
|
|
882
908
|
}
|
|
883
909
|
}
|
|
884
|
-
async function
|
|
885
|
-
if (t = await
|
|
886
|
-
return
|
|
910
|
+
async function yr(e, t, r) {
|
|
911
|
+
if (t = await ar.normalizePublicKey(t, e), je(t))
|
|
912
|
+
return Bt(t, e, r), t;
|
|
887
913
|
if (t instanceof Uint8Array) {
|
|
888
914
|
if (!e.startsWith("HS"))
|
|
889
|
-
throw new TypeError(
|
|
890
|
-
return
|
|
915
|
+
throw new TypeError(ve(t, ...se));
|
|
916
|
+
return le.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
|
|
891
917
|
}
|
|
892
|
-
throw new TypeError(
|
|
918
|
+
throw new TypeError(ve(t, ...se, "Uint8Array", "JSON Web Key"));
|
|
893
919
|
}
|
|
894
|
-
const
|
|
895
|
-
const a = await
|
|
896
|
-
|
|
897
|
-
const s =
|
|
920
|
+
const fr = async (e, t, r, n) => {
|
|
921
|
+
const a = await yr(e, t, "verify");
|
|
922
|
+
Qt(e, a);
|
|
923
|
+
const s = pr(e, a.algorithm);
|
|
898
924
|
try {
|
|
899
|
-
return await
|
|
925
|
+
return await le.subtle.verify(s, a, r, n);
|
|
900
926
|
} catch {
|
|
901
927
|
return !1;
|
|
902
928
|
}
|
|
903
929
|
};
|
|
904
|
-
async function
|
|
905
|
-
if (!
|
|
906
|
-
throw new
|
|
930
|
+
async function Er(e, t, r) {
|
|
931
|
+
if (!G(e))
|
|
932
|
+
throw new E("Flattened JWS must be an object");
|
|
907
933
|
if (e.protected === void 0 && e.header === void 0)
|
|
908
|
-
throw new
|
|
934
|
+
throw new E('Flattened JWS must have either of the "protected" or "header" members');
|
|
909
935
|
if (e.protected !== void 0 && typeof e.protected != "string")
|
|
910
|
-
throw new
|
|
936
|
+
throw new E("JWS Protected Header incorrect type");
|
|
911
937
|
if (e.payload === void 0)
|
|
912
|
-
throw new
|
|
938
|
+
throw new E("JWS Payload missing");
|
|
913
939
|
if (typeof e.signature != "string")
|
|
914
|
-
throw new
|
|
915
|
-
if (e.header !== void 0 && !
|
|
916
|
-
throw new
|
|
940
|
+
throw new E("JWS Signature missing or incorrect type");
|
|
941
|
+
if (e.header !== void 0 && !G(e.header))
|
|
942
|
+
throw new E("JWS Unprotected Header incorrect type");
|
|
917
943
|
let n = {};
|
|
918
944
|
if (e.protected)
|
|
919
945
|
try {
|
|
920
|
-
const
|
|
921
|
-
n = JSON.parse(q.decode(
|
|
946
|
+
const R = C(e.protected);
|
|
947
|
+
n = JSON.parse(q.decode(R));
|
|
922
948
|
} catch {
|
|
923
|
-
throw new
|
|
949
|
+
throw new E("JWS Protected Header is invalid");
|
|
924
950
|
}
|
|
925
|
-
if (!
|
|
926
|
-
throw new
|
|
951
|
+
if (!qt(n, e.header))
|
|
952
|
+
throw new E("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
927
953
|
const a = {
|
|
928
954
|
...n,
|
|
929
955
|
...e.header
|
|
930
|
-
}, s =
|
|
956
|
+
}, s = dr(E, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, a);
|
|
931
957
|
let o = !0;
|
|
932
958
|
if (s.has("b64") && (o = n.b64, typeof o != "boolean"))
|
|
933
|
-
throw new
|
|
959
|
+
throw new E('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
934
960
|
const { alg: i } = a;
|
|
935
961
|
if (typeof i != "string" || !i)
|
|
936
|
-
throw new
|
|
937
|
-
const c = r &&
|
|
962
|
+
throw new E('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
963
|
+
const c = r && hr("algorithms", r.algorithms);
|
|
938
964
|
if (c && !c.has(i))
|
|
939
|
-
throw new
|
|
965
|
+
throw new Fe('"alg" (Algorithm) Header Parameter value not allowed');
|
|
940
966
|
if (o) {
|
|
941
967
|
if (typeof e.payload != "string")
|
|
942
|
-
throw new
|
|
968
|
+
throw new E("JWS Payload must be a string");
|
|
943
969
|
} else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
|
|
944
|
-
throw new
|
|
970
|
+
throw new E("JWS Payload must be a string or an Uint8Array instance");
|
|
945
971
|
let h = !1;
|
|
946
|
-
typeof t == "function" ? (t = await t(n, e), h = !0,
|
|
947
|
-
const y =
|
|
972
|
+
typeof t == "function" ? (t = await t(n, e), h = !0, Ce(i, t, "verify"), j(t) && (t = await cr(t, i))) : Ce(i, t, "verify");
|
|
973
|
+
const y = Wt(Z.encode(e.protected ?? ""), Z.encode("."), typeof e.payload == "string" ? Z.encode(e.payload) : e.payload);
|
|
948
974
|
let p;
|
|
949
975
|
try {
|
|
950
|
-
p =
|
|
976
|
+
p = C(e.signature);
|
|
951
977
|
} catch {
|
|
952
|
-
throw new
|
|
978
|
+
throw new E("Failed to base64url decode the signature");
|
|
953
979
|
}
|
|
954
|
-
if (!await
|
|
955
|
-
throw new
|
|
980
|
+
if (!await fr(i, t, p, y))
|
|
981
|
+
throw new Be();
|
|
956
982
|
let l;
|
|
957
983
|
if (o)
|
|
958
984
|
try {
|
|
959
|
-
l =
|
|
985
|
+
l = C(e.payload);
|
|
960
986
|
} catch {
|
|
961
|
-
throw new
|
|
987
|
+
throw new E("Failed to base64url decode the payload");
|
|
962
988
|
}
|
|
963
989
|
else typeof e.payload == "string" ? l = Z.encode(e.payload) : l = e.payload;
|
|
964
|
-
const
|
|
965
|
-
return e.protected !== void 0 && (
|
|
990
|
+
const T = { payload: l };
|
|
991
|
+
return e.protected !== void 0 && (T.protectedHeader = n), e.header !== void 0 && (T.unprotectedHeader = e.header), h ? { ...T, key: t } : T;
|
|
966
992
|
}
|
|
967
|
-
async function
|
|
993
|
+
async function gr(e, t, r) {
|
|
968
994
|
if (e instanceof Uint8Array && (e = q.decode(e)), typeof e != "string")
|
|
969
|
-
throw new
|
|
995
|
+
throw new E("Compact JWS must be a string or Uint8Array");
|
|
970
996
|
const { 0: n, 1: a, 2: s, length: o } = e.split(".");
|
|
971
997
|
if (o !== 3)
|
|
972
|
-
throw new
|
|
973
|
-
const i = await
|
|
998
|
+
throw new E("Invalid Compact JWS");
|
|
999
|
+
const i = await Er({ payload: a, protected: n, signature: s }, t, r), c = { payload: i.payload, protectedHeader: i.protectedHeader };
|
|
974
1000
|
return typeof t == "function" ? { ...c, key: i.key } : c;
|
|
975
1001
|
}
|
|
976
|
-
const
|
|
977
|
-
const t =
|
|
1002
|
+
const mr = (e) => Math.floor(e.getTime() / 1e3), rt = 60, nt = rt * 60, Re = nt * 24, wr = Re * 7, Sr = Re * 365.25, Ar = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, Ne = (e) => {
|
|
1003
|
+
const t = Ar.exec(e);
|
|
978
1004
|
if (!t || t[4] && t[1])
|
|
979
1005
|
throw new TypeError("Invalid time period format");
|
|
980
1006
|
const r = parseFloat(t[2]), n = t[3].toLowerCase();
|
|
@@ -1004,44 +1030,44 @@ const pr = (e) => Math.floor(e.getTime() / 1e3), rt = 60, nt = rt * 60, be = nt
|
|
|
1004
1030
|
case "day":
|
|
1005
1031
|
case "days":
|
|
1006
1032
|
case "d":
|
|
1007
|
-
a = Math.round(r *
|
|
1033
|
+
a = Math.round(r * Re);
|
|
1008
1034
|
break;
|
|
1009
1035
|
case "week":
|
|
1010
1036
|
case "weeks":
|
|
1011
1037
|
case "w":
|
|
1012
|
-
a = Math.round(r *
|
|
1038
|
+
a = Math.round(r * wr);
|
|
1013
1039
|
break;
|
|
1014
1040
|
default:
|
|
1015
|
-
a = Math.round(r *
|
|
1041
|
+
a = Math.round(r * Sr);
|
|
1016
1042
|
break;
|
|
1017
1043
|
}
|
|
1018
1044
|
return t[1] === "-" || t[4] === "ago" ? -a : a;
|
|
1019
|
-
},
|
|
1045
|
+
}, Ke = (e) => e.toLowerCase().replace(/^application\//, ""), Tr = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Rr = (e, t, r = {}) => {
|
|
1020
1046
|
let n;
|
|
1021
1047
|
try {
|
|
1022
1048
|
n = JSON.parse(q.decode(t));
|
|
1023
1049
|
} catch {
|
|
1024
1050
|
}
|
|
1025
|
-
if (!
|
|
1026
|
-
throw new
|
|
1051
|
+
if (!G(n))
|
|
1052
|
+
throw new b("JWT Claims Set must be a top-level JSON object");
|
|
1027
1053
|
const { typ: a } = r;
|
|
1028
|
-
if (a && (typeof e.typ != "string" ||
|
|
1029
|
-
throw new
|
|
1054
|
+
if (a && (typeof e.typ != "string" || Ke(e.typ) !== Ke(a)))
|
|
1055
|
+
throw new _('unexpected "typ" JWT header value', n, "typ", "check_failed");
|
|
1030
1056
|
const { requiredClaims: s = [], issuer: o, subject: i, audience: c, maxTokenAge: h } = r, y = [...s];
|
|
1031
1057
|
h !== void 0 && y.push("iat"), c !== void 0 && y.push("aud"), i !== void 0 && y.push("sub"), o !== void 0 && y.push("iss");
|
|
1032
|
-
for (const
|
|
1033
|
-
if (!(
|
|
1034
|
-
throw new
|
|
1058
|
+
for (const R of new Set(y.reverse()))
|
|
1059
|
+
if (!(R in n))
|
|
1060
|
+
throw new _(`missing required "${R}" claim`, n, R, "missing");
|
|
1035
1061
|
if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
|
|
1036
|
-
throw new
|
|
1062
|
+
throw new _('unexpected "iss" claim value', n, "iss", "check_failed");
|
|
1037
1063
|
if (i && n.sub !== i)
|
|
1038
|
-
throw new
|
|
1039
|
-
if (c && !
|
|
1040
|
-
throw new
|
|
1064
|
+
throw new _('unexpected "sub" claim value', n, "sub", "check_failed");
|
|
1065
|
+
if (c && !Tr(n.aud, typeof c == "string" ? [c] : c))
|
|
1066
|
+
throw new _('unexpected "aud" claim value', n, "aud", "check_failed");
|
|
1041
1067
|
let p;
|
|
1042
1068
|
switch (typeof r.clockTolerance) {
|
|
1043
1069
|
case "string":
|
|
1044
|
-
p =
|
|
1070
|
+
p = Ne(r.clockTolerance);
|
|
1045
1071
|
break;
|
|
1046
1072
|
case "number":
|
|
1047
1073
|
p = r.clockTolerance;
|
|
@@ -1052,123 +1078,123 @@ const pr = (e) => Math.floor(e.getTime() / 1e3), rt = 60, nt = rt * 60, be = nt
|
|
|
1052
1078
|
default:
|
|
1053
1079
|
throw new TypeError("Invalid clockTolerance option type");
|
|
1054
1080
|
}
|
|
1055
|
-
const { currentDate: l } = r,
|
|
1081
|
+
const { currentDate: l } = r, T = mr(l || /* @__PURE__ */ new Date());
|
|
1056
1082
|
if ((n.iat !== void 0 || h) && typeof n.iat != "number")
|
|
1057
|
-
throw new
|
|
1083
|
+
throw new _('"iat" claim must be a number', n, "iat", "invalid");
|
|
1058
1084
|
if (n.nbf !== void 0) {
|
|
1059
1085
|
if (typeof n.nbf != "number")
|
|
1060
|
-
throw new
|
|
1061
|
-
if (n.nbf >
|
|
1062
|
-
throw new
|
|
1086
|
+
throw new _('"nbf" claim must be a number', n, "nbf", "invalid");
|
|
1087
|
+
if (n.nbf > T + p)
|
|
1088
|
+
throw new _('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
|
|
1063
1089
|
}
|
|
1064
1090
|
if (n.exp !== void 0) {
|
|
1065
1091
|
if (typeof n.exp != "number")
|
|
1066
|
-
throw new
|
|
1067
|
-
if (n.exp <=
|
|
1068
|
-
throw new
|
|
1092
|
+
throw new _('"exp" claim must be a number', n, "exp", "invalid");
|
|
1093
|
+
if (n.exp <= T - p)
|
|
1094
|
+
throw new Se('"exp" claim timestamp check failed', n, "exp", "check_failed");
|
|
1069
1095
|
}
|
|
1070
1096
|
if (h) {
|
|
1071
|
-
const
|
|
1072
|
-
if (
|
|
1073
|
-
throw new
|
|
1074
|
-
if (
|
|
1075
|
-
throw new
|
|
1097
|
+
const R = T - n.iat, he = typeof h == "number" ? h : Ne(h);
|
|
1098
|
+
if (R - p > he)
|
|
1099
|
+
throw new Se('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
|
|
1100
|
+
if (R < 0 - p)
|
|
1101
|
+
throw new _('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
|
|
1076
1102
|
}
|
|
1077
1103
|
return n;
|
|
1078
1104
|
};
|
|
1079
|
-
async function
|
|
1105
|
+
async function _r(e, t, r) {
|
|
1080
1106
|
var n;
|
|
1081
|
-
const a = await
|
|
1107
|
+
const a = await gr(e, t, r);
|
|
1082
1108
|
if ((n = a.protectedHeader.crit) != null && n.includes("b64") && a.protectedHeader.b64 === !1)
|
|
1083
|
-
throw new
|
|
1084
|
-
const s = { payload:
|
|
1109
|
+
throw new b("JWTs MUST NOT use unencoded payload");
|
|
1110
|
+
const s = { payload: Rr(a.protectedHeader, a.payload, r), protectedHeader: a.protectedHeader };
|
|
1085
1111
|
return typeof t == "function" ? { ...s, key: a.key } : s;
|
|
1086
1112
|
}
|
|
1087
|
-
const
|
|
1088
|
-
function
|
|
1113
|
+
const Ir = C;
|
|
1114
|
+
function br(e) {
|
|
1089
1115
|
if (typeof e != "string")
|
|
1090
|
-
throw new
|
|
1116
|
+
throw new b("JWTs must use Compact JWS serialization, JWT must be a string");
|
|
1091
1117
|
const { 1: t, length: r } = e.split(".");
|
|
1092
1118
|
if (r === 5)
|
|
1093
|
-
throw new
|
|
1119
|
+
throw new b("Only JWTs using Compact JWS serialization can be decoded");
|
|
1094
1120
|
if (r !== 3)
|
|
1095
|
-
throw new
|
|
1121
|
+
throw new b("Invalid JWT");
|
|
1096
1122
|
if (!t)
|
|
1097
|
-
throw new
|
|
1123
|
+
throw new b("JWTs must contain a payload");
|
|
1098
1124
|
let n;
|
|
1099
1125
|
try {
|
|
1100
|
-
n =
|
|
1126
|
+
n = Ir(t);
|
|
1101
1127
|
} catch {
|
|
1102
|
-
throw new
|
|
1128
|
+
throw new b("Failed to base64url decode the payload");
|
|
1103
1129
|
}
|
|
1104
1130
|
let a;
|
|
1105
1131
|
try {
|
|
1106
1132
|
a = JSON.parse(q.decode(n));
|
|
1107
1133
|
} catch {
|
|
1108
|
-
throw new
|
|
1134
|
+
throw new b("Failed to parse the decoded payload as JSON");
|
|
1109
1135
|
}
|
|
1110
|
-
if (!
|
|
1111
|
-
throw new
|
|
1136
|
+
if (!G(a))
|
|
1137
|
+
throw new b("Invalid JWT Claims Set");
|
|
1112
1138
|
return a;
|
|
1113
1139
|
}
|
|
1114
1140
|
const V = async (e) => {
|
|
1115
1141
|
try {
|
|
1116
|
-
const t = f.ALG, r = await
|
|
1117
|
-
return await
|
|
1142
|
+
const t = f.ALG, r = await ir(Lt, t);
|
|
1143
|
+
return await _r(e, r, {
|
|
1118
1144
|
issuer: f.ISSUER
|
|
1119
1145
|
});
|
|
1120
1146
|
} catch {
|
|
1121
1147
|
return;
|
|
1122
1148
|
}
|
|
1123
|
-
},
|
|
1149
|
+
}, kr = (e) => {
|
|
1124
1150
|
try {
|
|
1125
|
-
return
|
|
1151
|
+
return br(e);
|
|
1126
1152
|
} catch {
|
|
1127
1153
|
return;
|
|
1128
1154
|
}
|
|
1129
|
-
};
|
|
1130
|
-
|
|
1131
|
-
|
|
1132
|
-
|
|
1133
|
-
|
|
1134
|
-
|
|
1135
|
-
|
|
1136
|
-
|
|
1137
|
-
function
|
|
1138
|
-
if (!
|
|
1139
|
-
|
|
1140
|
-
|
|
1141
|
-
|
|
1142
|
-
|
|
1143
|
-
|
|
1144
|
-
|
|
1145
|
-
};
|
|
1146
|
-
function
|
|
1147
|
-
if (
|
|
1148
|
-
return
|
|
1155
|
+
}, m = [];
|
|
1156
|
+
for (let e = 0; e < 256; ++e)
|
|
1157
|
+
m.push((e + 256).toString(16).slice(1));
|
|
1158
|
+
function Or(e, t = 0) {
|
|
1159
|
+
return (m[e[t + 0]] + m[e[t + 1]] + m[e[t + 2]] + m[e[t + 3]] + "-" + m[e[t + 4]] + m[e[t + 5]] + "-" + m[e[t + 6]] + m[e[t + 7]] + "-" + m[e[t + 8]] + m[e[t + 9]] + "-" + m[e[t + 10]] + m[e[t + 11]] + m[e[t + 12]] + m[e[t + 13]] + m[e[t + 14]] + m[e[t + 15]]).toLowerCase();
|
|
1160
|
+
}
|
|
1161
|
+
let Ee;
|
|
1162
|
+
const vr = new Uint8Array(16);
|
|
1163
|
+
function Pr() {
|
|
1164
|
+
if (!Ee) {
|
|
1165
|
+
if (typeof crypto > "u" || !crypto.getRandomValues)
|
|
1166
|
+
throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
|
|
1167
|
+
Ee = crypto.getRandomValues.bind(crypto);
|
|
1168
|
+
}
|
|
1169
|
+
return Ee(vr);
|
|
1170
|
+
}
|
|
1171
|
+
const Cr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), De = { randomUUID: Cr };
|
|
1172
|
+
function Ue(e, t, r) {
|
|
1173
|
+
if (De.randomUUID && !t && !e)
|
|
1174
|
+
return De.randomUUID();
|
|
1149
1175
|
e = e || {};
|
|
1150
|
-
|
|
1151
|
-
return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128,
|
|
1176
|
+
const n = e.random || (e.rng || Pr)();
|
|
1177
|
+
return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Or(n);
|
|
1152
1178
|
}
|
|
1153
|
-
const Le = globalThis.crypto,
|
|
1179
|
+
const Le = globalThis.crypto, Nr = (e) => `${Ue()}${Ue()}`.slice(0, e), Kr = (e) => btoa(
|
|
1154
1180
|
[...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
|
|
1155
1181
|
);
|
|
1156
|
-
async function
|
|
1182
|
+
async function Dr(e) {
|
|
1157
1183
|
if (!Le.subtle)
|
|
1158
1184
|
throw new Error(
|
|
1159
1185
|
"crypto.subtle is available only in secure contexts (HTTPS)."
|
|
1160
1186
|
);
|
|
1161
1187
|
const t = new TextEncoder().encode(e), r = await Le.subtle.digest("SHA-256", t);
|
|
1162
|
-
return
|
|
1188
|
+
return Kr(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1163
1189
|
}
|
|
1164
|
-
async function
|
|
1165
|
-
const r =
|
|
1190
|
+
async function Ur(e) {
|
|
1191
|
+
const r = Nr(43), n = await Dr(r);
|
|
1166
1192
|
return {
|
|
1167
1193
|
code_verifier: r,
|
|
1168
1194
|
code_challenge: n
|
|
1169
1195
|
};
|
|
1170
1196
|
}
|
|
1171
|
-
const
|
|
1197
|
+
const sn = async (e, t) => {
|
|
1172
1198
|
var r;
|
|
1173
1199
|
const n = await V(e);
|
|
1174
1200
|
if (!n || !Array.isArray((r = n.payload) == null ? void 0 : r[f.SCOPES_KEY]))
|
|
@@ -1186,18 +1212,18 @@ const We = (e, t) => {
|
|
|
1186
1212
|
typeof t == "function" ? t() : t
|
|
1187
1213
|
);
|
|
1188
1214
|
window.localStorage.setItem(e, r), at(e, r);
|
|
1189
|
-
},
|
|
1215
|
+
}, Lr = (e) => {
|
|
1190
1216
|
window.localStorage.removeItem(e), at(e, null);
|
|
1191
|
-
},
|
|
1192
|
-
function
|
|
1217
|
+
}, He = (e) => window.localStorage.getItem(e), Wr = (e) => (window.addEventListener("storage", e), () => window.removeEventListener("storage", e));
|
|
1218
|
+
function te({
|
|
1193
1219
|
key: e,
|
|
1194
1220
|
initialValue: t
|
|
1195
1221
|
}) {
|
|
1196
|
-
const r =
|
|
1222
|
+
const r = _t(Wr, () => He(e)), n = D(
|
|
1197
1223
|
(o) => {
|
|
1198
1224
|
try {
|
|
1199
1225
|
const i = typeof o == "function" ? o(JSON.parse(r)) : o;
|
|
1200
|
-
i == null ?
|
|
1226
|
+
i == null ? Lr(e) : We(e, i);
|
|
1201
1227
|
} catch (i) {
|
|
1202
1228
|
console.warn(i);
|
|
1203
1229
|
}
|
|
@@ -1208,41 +1234,42 @@ function re({
|
|
|
1208
1234
|
}, [t, n]), s = D(() => {
|
|
1209
1235
|
n(null);
|
|
1210
1236
|
}, [n]);
|
|
1211
|
-
return
|
|
1237
|
+
return Je(() => {
|
|
1212
1238
|
try {
|
|
1213
|
-
|
|
1239
|
+
He(e) === null && typeof t < "u" && We(e, t);
|
|
1214
1240
|
} catch (o) {
|
|
1215
1241
|
console.warn(o);
|
|
1216
1242
|
}
|
|
1217
1243
|
}, [e, t]), [r ? JSON.parse(r) : null, n, a, s];
|
|
1218
1244
|
}
|
|
1219
|
-
|
|
1220
|
-
for (
|
|
1221
|
-
|
|
1222
|
-
function
|
|
1223
|
-
return (
|
|
1245
|
+
const w = [];
|
|
1246
|
+
for (let e = 0; e < 256; ++e)
|
|
1247
|
+
w.push((e + 256).toString(16).slice(1));
|
|
1248
|
+
function Hr(e, t = 0) {
|
|
1249
|
+
return (w[e[t + 0]] + w[e[t + 1]] + w[e[t + 2]] + w[e[t + 3]] + "-" + w[e[t + 4]] + w[e[t + 5]] + "-" + w[e[t + 6]] + w[e[t + 7]] + "-" + w[e[t + 8]] + w[e[t + 9]] + "-" + w[e[t + 10]] + w[e[t + 11]] + w[e[t + 12]] + w[e[t + 13]] + w[e[t + 14]] + w[e[t + 15]]).toLowerCase();
|
|
1224
1250
|
}
|
|
1225
|
-
|
|
1226
|
-
|
|
1227
|
-
|
|
1228
|
-
|
|
1229
|
-
|
|
1251
|
+
let ge;
|
|
1252
|
+
const $r = new Uint8Array(16);
|
|
1253
|
+
function Jr() {
|
|
1254
|
+
if (!ge) {
|
|
1255
|
+
if (typeof crypto > "u" || !crypto.getRandomValues)
|
|
1256
|
+
throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
|
|
1257
|
+
ge = crypto.getRandomValues.bind(crypto);
|
|
1258
|
+
}
|
|
1259
|
+
return ge($r);
|
|
1230
1260
|
}
|
|
1231
|
-
|
|
1232
|
-
|
|
1233
|
-
randomUUID
|
|
1234
|
-
|
|
1235
|
-
function Se(e, t, r) {
|
|
1236
|
-
if (Ye.randomUUID && !t && !e)
|
|
1237
|
-
return Ye.randomUUID();
|
|
1261
|
+
const Yr = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), $e = { randomUUID: Yr };
|
|
1262
|
+
function me(e, t, r) {
|
|
1263
|
+
if ($e.randomUUID && !t && !e)
|
|
1264
|
+
return $e.randomUUID();
|
|
1238
1265
|
e = e || {};
|
|
1239
|
-
|
|
1240
|
-
return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128,
|
|
1266
|
+
const n = e.random || (e.rng || Jr)();
|
|
1267
|
+
return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Hr(n);
|
|
1241
1268
|
}
|
|
1242
|
-
const
|
|
1269
|
+
const H = "Your session has expired. For your security, please log in again to continue.", xr = "Your session has been successfully terminated.", we = "Login failed. Please try again.", Mr = "Error getting access token, please re-authenticate.", Gr = "You forgot to wrap your component in <AuthProvider>.", ce = {
|
|
1243
1270
|
dev: "https://auth.gizmette.local.com:3003",
|
|
1244
1271
|
prod: "https://mylogin.gizmette.com/auth"
|
|
1245
|
-
},
|
|
1272
|
+
}, re = "@@auth@@", B = "LOADING", ae = "LOGIN", ot = "LOGOUT", z = "success", O = "failure", st = "include", it = "POST", ct = "application/json", ne = {
|
|
1246
1273
|
GET_REGISTRATION_OPTIONS: `mutation GetPasskeyRegistrationOptions(
|
|
1247
1274
|
$clientId: String!,
|
|
1248
1275
|
$username: String!,
|
|
@@ -1323,21 +1350,21 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1323
1350
|
email
|
|
1324
1351
|
}
|
|
1325
1352
|
}`
|
|
1326
|
-
},
|
|
1353
|
+
}, $ = {
|
|
1327
1354
|
GET_REGISTRATION_OPTIONS: {
|
|
1328
|
-
schema:
|
|
1355
|
+
schema: ne.GET_REGISTRATION_OPTIONS,
|
|
1329
1356
|
method: "getPasskeyRegistrationOptions"
|
|
1330
1357
|
},
|
|
1331
1358
|
VERIFY_REGISTRATION: {
|
|
1332
|
-
schema:
|
|
1359
|
+
schema: ne.VERIFY_REGISTRATION,
|
|
1333
1360
|
method: "verifyPasskeyRegistration"
|
|
1334
1361
|
},
|
|
1335
1362
|
GET_AUTHENTICATION_OPTIONS: {
|
|
1336
|
-
schema:
|
|
1363
|
+
schema: ne.GET_AUTHENTICATION_OPTIONS,
|
|
1337
1364
|
method: "getPasskeyAuthenticationOptions"
|
|
1338
1365
|
},
|
|
1339
1366
|
VERIFY_AUTHENTICATION: {
|
|
1340
|
-
schema:
|
|
1367
|
+
schema: ne.VERIFY_AUTHENTICATION,
|
|
1341
1368
|
method: "verifyPasskeyAuthentication"
|
|
1342
1369
|
}
|
|
1343
1370
|
}, J = async ({
|
|
@@ -1348,14 +1375,14 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1348
1375
|
}) => {
|
|
1349
1376
|
try {
|
|
1350
1377
|
const a = `Bearer ${e}`, s = await fetch(
|
|
1351
|
-
ut ? `${
|
|
1378
|
+
ut ? `${ce.dev}/graphql` : `${ce.prod}/graphql`,
|
|
1352
1379
|
{
|
|
1353
1380
|
credentials: st,
|
|
1354
1381
|
method: it,
|
|
1355
1382
|
headers: {
|
|
1356
1383
|
authorization: a,
|
|
1357
1384
|
"Content-Type": ct,
|
|
1358
|
-
[
|
|
1385
|
+
[Ve.CLIENT_ID]: `${r}`
|
|
1359
1386
|
},
|
|
1360
1387
|
body: JSON.stringify({
|
|
1361
1388
|
query: t.schema,
|
|
@@ -1364,58 +1391,58 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1364
1391
|
}
|
|
1365
1392
|
);
|
|
1366
1393
|
if (s.status !== 200)
|
|
1367
|
-
return { status:
|
|
1394
|
+
return { status: O, data: [] };
|
|
1368
1395
|
const { data: o } = await s.json();
|
|
1369
1396
|
return {
|
|
1370
1397
|
status: z,
|
|
1371
1398
|
data: o[t.method]
|
|
1372
1399
|
};
|
|
1373
1400
|
} catch (a) {
|
|
1374
|
-
return console.error(a), { status:
|
|
1401
|
+
return console.error(a), { status: O, data: [] };
|
|
1375
1402
|
}
|
|
1376
|
-
},
|
|
1403
|
+
}, de = async ({
|
|
1377
1404
|
type: e,
|
|
1378
1405
|
clientId: t,
|
|
1379
1406
|
params: r = {}
|
|
1380
1407
|
}) => {
|
|
1381
1408
|
try {
|
|
1382
1409
|
const n = await fetch(
|
|
1383
|
-
ut ? `${
|
|
1410
|
+
ut ? `${ce.dev}/${e}` : `${ce.prod}/${e}`,
|
|
1384
1411
|
{
|
|
1385
1412
|
credentials: st,
|
|
1386
1413
|
method: it,
|
|
1387
1414
|
headers: {
|
|
1388
1415
|
"Content-Type": ct,
|
|
1389
|
-
[
|
|
1416
|
+
[Ve.CLIENT_ID]: `${t}`
|
|
1390
1417
|
},
|
|
1391
1418
|
body: JSON.stringify(r)
|
|
1392
1419
|
}
|
|
1393
1420
|
);
|
|
1394
1421
|
if (n.status !== 200)
|
|
1395
|
-
return { status:
|
|
1422
|
+
return { status: O, data: [] };
|
|
1396
1423
|
const { data: a } = await n.json();
|
|
1397
1424
|
return {
|
|
1398
1425
|
status: z,
|
|
1399
1426
|
data: a || []
|
|
1400
1427
|
};
|
|
1401
1428
|
} catch (n) {
|
|
1402
|
-
return console.error(n), { status:
|
|
1429
|
+
return console.error(n), { status: O, data: [] };
|
|
1403
1430
|
}
|
|
1404
|
-
},
|
|
1431
|
+
}, Vr = process.env.NODE_ENV === "production", ut = !Vr, lt = {
|
|
1405
1432
|
isLoading: !0,
|
|
1406
1433
|
isAuthenticated: !1,
|
|
1407
1434
|
user: void 0,
|
|
1408
1435
|
logoutReason: "",
|
|
1409
1436
|
debug: !1,
|
|
1410
1437
|
authenticationType: ""
|
|
1411
|
-
},
|
|
1438
|
+
}, jr = (e) => {
|
|
1412
1439
|
try {
|
|
1413
|
-
const t =
|
|
1440
|
+
const t = kr(e);
|
|
1414
1441
|
return t ? t[f.USER_ID_KEY] : "";
|
|
1415
1442
|
} catch {
|
|
1416
1443
|
return "";
|
|
1417
1444
|
}
|
|
1418
|
-
},
|
|
1445
|
+
}, Fr = async ({
|
|
1419
1446
|
userId: e,
|
|
1420
1447
|
clientId: t,
|
|
1421
1448
|
domain: r,
|
|
@@ -1423,22 +1450,22 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1423
1450
|
}) => {
|
|
1424
1451
|
try {
|
|
1425
1452
|
return {
|
|
1426
|
-
status: (await
|
|
1427
|
-
type:
|
|
1453
|
+
status: (await de({
|
|
1454
|
+
type: ue.LOGOUT,
|
|
1428
1455
|
clientId: t,
|
|
1429
1456
|
params: {
|
|
1430
1457
|
userId: e,
|
|
1431
1458
|
domain: r,
|
|
1432
1459
|
idToken: n
|
|
1433
1460
|
}
|
|
1434
|
-
}))?.status ||
|
|
1461
|
+
}))?.status || O
|
|
1435
1462
|
};
|
|
1436
1463
|
} catch {
|
|
1437
1464
|
return {
|
|
1438
|
-
status:
|
|
1465
|
+
status: O
|
|
1439
1466
|
};
|
|
1440
1467
|
}
|
|
1441
|
-
},
|
|
1468
|
+
}, Br = async ({
|
|
1442
1469
|
username: e,
|
|
1443
1470
|
password: t,
|
|
1444
1471
|
clientId: r,
|
|
@@ -1451,11 +1478,11 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1451
1478
|
ua: h
|
|
1452
1479
|
}) => {
|
|
1453
1480
|
try {
|
|
1454
|
-
const y = await
|
|
1455
|
-
type:
|
|
1481
|
+
const y = await de({
|
|
1482
|
+
type: ue.LOGIN,
|
|
1456
1483
|
clientId: r,
|
|
1457
1484
|
params: {
|
|
1458
|
-
type: a ||
|
|
1485
|
+
type: a || M.ID_AND_ACCESS_TOKEN,
|
|
1459
1486
|
username: e,
|
|
1460
1487
|
password: t,
|
|
1461
1488
|
sessionExpiration: s,
|
|
@@ -1481,17 +1508,17 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1481
1508
|
status: !1
|
|
1482
1509
|
};
|
|
1483
1510
|
}
|
|
1484
|
-
},
|
|
1511
|
+
}, qr = async ({
|
|
1485
1512
|
nonce: e,
|
|
1486
1513
|
clientId: t,
|
|
1487
1514
|
code_challenge: r
|
|
1488
1515
|
}) => {
|
|
1489
1516
|
try {
|
|
1490
|
-
const n = await
|
|
1491
|
-
type:
|
|
1517
|
+
const n = await de({
|
|
1518
|
+
type: ue.CODE,
|
|
1492
1519
|
clientId: t,
|
|
1493
1520
|
params: {
|
|
1494
|
-
type:
|
|
1521
|
+
type: M.CODE,
|
|
1495
1522
|
nonce: e,
|
|
1496
1523
|
code_challenge: r
|
|
1497
1524
|
}
|
|
@@ -1500,16 +1527,16 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1500
1527
|
status: z,
|
|
1501
1528
|
data: n.data.code
|
|
1502
1529
|
} : {
|
|
1503
|
-
status:
|
|
1530
|
+
status: O,
|
|
1504
1531
|
data: ""
|
|
1505
1532
|
};
|
|
1506
1533
|
} catch {
|
|
1507
1534
|
return {
|
|
1508
|
-
status:
|
|
1535
|
+
status: O,
|
|
1509
1536
|
data: ""
|
|
1510
1537
|
};
|
|
1511
1538
|
}
|
|
1512
|
-
},
|
|
1539
|
+
}, zr = async ({
|
|
1513
1540
|
clientId: e,
|
|
1514
1541
|
userId: t,
|
|
1515
1542
|
nonce: r,
|
|
@@ -1518,11 +1545,11 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1518
1545
|
domain: s
|
|
1519
1546
|
}) => {
|
|
1520
1547
|
try {
|
|
1521
|
-
const o = await
|
|
1522
|
-
type:
|
|
1548
|
+
const o = await de({
|
|
1549
|
+
type: ue.REFRESH,
|
|
1523
1550
|
clientId: e,
|
|
1524
1551
|
params: {
|
|
1525
|
-
type:
|
|
1552
|
+
type: M.REFRESH_TOKEN,
|
|
1526
1553
|
userId: t,
|
|
1527
1554
|
nonce: r,
|
|
1528
1555
|
refreshToken: n,
|
|
@@ -1544,7 +1571,7 @@ const L = "Your session has expired. For your security, please log in again to c
|
|
|
1544
1571
|
};
|
|
1545
1572
|
}
|
|
1546
1573
|
};
|
|
1547
|
-
class
|
|
1574
|
+
class Qr {
|
|
1548
1575
|
constructor(t = null, r = null) {
|
|
1549
1576
|
X(this, "refreshTokenPromise", null);
|
|
1550
1577
|
X(this, "accessToken");
|
|
@@ -1577,7 +1604,7 @@ class jr {
|
|
|
1577
1604
|
}) {
|
|
1578
1605
|
const s = await V(this.refreshToken);
|
|
1579
1606
|
if (s && s.payload[f.USER_ID_KEY] !== "") {
|
|
1580
|
-
const o = await
|
|
1607
|
+
const o = await zr({
|
|
1581
1608
|
clientId: t,
|
|
1582
1609
|
userId: r,
|
|
1583
1610
|
nonce: n,
|
|
@@ -1590,22 +1617,22 @@ class jr {
|
|
|
1590
1617
|
newAccessToken: o.accessToken,
|
|
1591
1618
|
newRefreshToken: o.refreshToken
|
|
1592
1619
|
}) : {
|
|
1593
|
-
status:
|
|
1620
|
+
status: O
|
|
1594
1621
|
};
|
|
1595
1622
|
} else
|
|
1596
1623
|
return {
|
|
1597
|
-
status:
|
|
1624
|
+
status: O
|
|
1598
1625
|
};
|
|
1599
1626
|
}
|
|
1600
1627
|
}
|
|
1601
|
-
const
|
|
1628
|
+
const Xr = (e) => D(
|
|
1602
1629
|
(...t) => {
|
|
1603
1630
|
e && console.info(`==> [Auth ${Date.now()}]: `, ...t);
|
|
1604
1631
|
},
|
|
1605
1632
|
[e]
|
|
1606
1633
|
), Y = () => {
|
|
1607
|
-
throw new Error(
|
|
1608
|
-
}, dt =
|
|
1634
|
+
throw new Error(Gr);
|
|
1635
|
+
}, dt = It({
|
|
1609
1636
|
isAuthenticated: !1,
|
|
1610
1637
|
isLoading: !1,
|
|
1611
1638
|
login: Y,
|
|
@@ -1616,14 +1643,14 @@ const Fr = (e) => D(
|
|
|
1616
1643
|
loginWithPasskey: Y,
|
|
1617
1644
|
logoutReason: "",
|
|
1618
1645
|
authenticationType: ""
|
|
1619
|
-
}),
|
|
1646
|
+
}), Zr = Rt.createContext({
|
|
1620
1647
|
state: lt,
|
|
1621
1648
|
dispatch: () => {
|
|
1622
1649
|
}
|
|
1623
|
-
}),
|
|
1650
|
+
}), en = (e, t) => t?.type === B ? {
|
|
1624
1651
|
...e,
|
|
1625
1652
|
isLoading: t.payload.isLoading
|
|
1626
|
-
} : t?.type ===
|
|
1653
|
+
} : t?.type === ae ? {
|
|
1627
1654
|
...e,
|
|
1628
1655
|
isLoading: !1,
|
|
1629
1656
|
isAuthenticated: !0,
|
|
@@ -1637,32 +1664,32 @@ const Fr = (e) => D(
|
|
|
1637
1664
|
user: void 0,
|
|
1638
1665
|
authenticationType: "",
|
|
1639
1666
|
logoutReason: t.payload.logoutReason
|
|
1640
|
-
} : e,
|
|
1667
|
+
} : e, cn = ({
|
|
1641
1668
|
children: e,
|
|
1642
1669
|
sessionExpiration: t,
|
|
1643
1670
|
clientId: r,
|
|
1644
1671
|
domain: n = "",
|
|
1645
1672
|
debug: a = !1
|
|
1646
1673
|
}) => {
|
|
1647
|
-
const [s, o] =
|
|
1674
|
+
const [s, o] = bt(en, {
|
|
1648
1675
|
...lt,
|
|
1649
1676
|
debug: a
|
|
1650
|
-
}), i =
|
|
1651
|
-
key: `${
|
|
1652
|
-
}), [l,
|
|
1653
|
-
key: `${
|
|
1654
|
-
}), [
|
|
1677
|
+
}), i = Xr(a), c = kt(!1), [h, y, , p] = te({
|
|
1678
|
+
key: `${re}::${r}::@@user@@`
|
|
1679
|
+
}), [l, T, , R] = te({
|
|
1680
|
+
key: `${re}::${r}::@@access@@`
|
|
1681
|
+
}), [he, pe, , _e] = te(
|
|
1655
1682
|
{
|
|
1656
|
-
key: `${
|
|
1683
|
+
key: `${re}::${r}::@@refresh@@`
|
|
1657
1684
|
}
|
|
1658
|
-
), [ht, Ie, ,
|
|
1659
|
-
key: `${
|
|
1660
|
-
}), pt = new
|
|
1661
|
-
i("removeLocalStorage: removing local storage"), p(),
|
|
1685
|
+
), [ht, Ie, , be] = te({
|
|
1686
|
+
key: `${re}::${r}::@@nonce@@`
|
|
1687
|
+
}), pt = new Qr(l, he), Q = D(() => {
|
|
1688
|
+
i("removeLocalStorage: removing local storage"), p(), R(), _e(), be();
|
|
1662
1689
|
}, [
|
|
1663
|
-
|
|
1690
|
+
R,
|
|
1664
1691
|
p,
|
|
1665
|
-
|
|
1692
|
+
be,
|
|
1666
1693
|
_e,
|
|
1667
1694
|
i
|
|
1668
1695
|
]), F = D(
|
|
@@ -1673,33 +1700,33 @@ const Fr = (e) => D(
|
|
|
1673
1700
|
), o({
|
|
1674
1701
|
type: ot,
|
|
1675
1702
|
payload: {
|
|
1676
|
-
logoutReason: u ||
|
|
1703
|
+
logoutReason: u || H
|
|
1677
1704
|
}
|
|
1678
1705
|
}), Q(), o({ type: B, payload: { isLoading: !1 } });
|
|
1679
1706
|
},
|
|
1680
1707
|
[Q, i]
|
|
1681
|
-
),
|
|
1708
|
+
), N = D(
|
|
1682
1709
|
async (u) => {
|
|
1683
1710
|
i("invalidateAndLogout: invalidating and logging out");
|
|
1684
|
-
const { user: g } = s, d = g?.userId ||
|
|
1711
|
+
const { user: g } = s, d = g?.userId || jr(h);
|
|
1685
1712
|
d || i(
|
|
1686
1713
|
"invalidateAndLogout: user cannot be identified, logging out without userId"
|
|
1687
|
-
), await
|
|
1714
|
+
), await Fr({
|
|
1688
1715
|
userId: d,
|
|
1689
1716
|
clientId: r,
|
|
1690
1717
|
domain: n,
|
|
1691
1718
|
idToken: h
|
|
1692
|
-
}), F(u ||
|
|
1719
|
+
}), F(u || H);
|
|
1693
1720
|
},
|
|
1694
1721
|
[h, s, r, n, F, i]
|
|
1695
1722
|
);
|
|
1696
|
-
|
|
1723
|
+
Je(() => {
|
|
1697
1724
|
if (!c.current)
|
|
1698
1725
|
return s.isLoading && h !== null ? (async () => {
|
|
1699
1726
|
try {
|
|
1700
1727
|
const u = await V(h);
|
|
1701
1728
|
u && u.payload[f.USER_ID_KEY] !== "" ? (i("useEffect: setting the authentication state"), o({
|
|
1702
|
-
type:
|
|
1729
|
+
type: ae,
|
|
1703
1730
|
payload: {
|
|
1704
1731
|
authenticationType: u.payload[f.AUTH_TYPE_KEY],
|
|
1705
1732
|
user: {
|
|
@@ -1708,61 +1735,61 @@ const Fr = (e) => D(
|
|
|
1708
1735
|
email: u.payload[f.EMAIL_KEY]
|
|
1709
1736
|
}
|
|
1710
1737
|
}
|
|
1711
|
-
})) : (i("useEffect: invalid JWT, invalidating and logging out"), await
|
|
1738
|
+
})) : (i("useEffect: invalid JWT, invalidating and logging out"), await N(H));
|
|
1712
1739
|
} catch {
|
|
1713
1740
|
i(
|
|
1714
1741
|
"useEffect: exception validating JWT, invalidating and logging out"
|
|
1715
|
-
), await
|
|
1742
|
+
), await N(H);
|
|
1716
1743
|
}
|
|
1717
1744
|
})() : (i("useEffect: setting the loading state to false"), o({ type: B, payload: { isLoading: !1 } })), () => {
|
|
1718
1745
|
c.current = !0;
|
|
1719
1746
|
};
|
|
1720
|
-
}, [s.isLoading, h,
|
|
1747
|
+
}, [s.isLoading, h, N, i]);
|
|
1721
1748
|
const yt = async (u, g) => {
|
|
1722
1749
|
o({ type: B, payload: { isLoading: !0 } }), Q();
|
|
1723
|
-
const d =
|
|
1750
|
+
const d = me();
|
|
1724
1751
|
Ie(d), i("login: Logging in with password");
|
|
1725
|
-
const { code_verifier:
|
|
1752
|
+
const { code_verifier: K, code_challenge: St } = await Ur(), ke = await qr({
|
|
1726
1753
|
nonce: d,
|
|
1727
1754
|
clientId: r,
|
|
1728
1755
|
code_challenge: St
|
|
1729
1756
|
});
|
|
1730
|
-
if (
|
|
1731
|
-
const U = await
|
|
1757
|
+
if (ke.status) {
|
|
1758
|
+
const U = await Br({
|
|
1732
1759
|
username: u,
|
|
1733
1760
|
password: g,
|
|
1734
1761
|
clientId: r,
|
|
1735
1762
|
sessionExpiration: t,
|
|
1736
1763
|
nonce: d,
|
|
1737
|
-
type:
|
|
1738
|
-
code:
|
|
1739
|
-
code_verifier:
|
|
1764
|
+
type: M.CODE,
|
|
1765
|
+
code: ke.data,
|
|
1766
|
+
code_verifier: K,
|
|
1740
1767
|
domain: n,
|
|
1741
1768
|
ua: navigator.userAgent
|
|
1742
1769
|
});
|
|
1743
|
-
return U.status ? (y(U.idToken),
|
|
1744
|
-
type:
|
|
1770
|
+
return U.status ? (y(U.idToken), T(U.accessToken), pe(U.refreshToken), o({
|
|
1771
|
+
type: ae,
|
|
1745
1772
|
payload: {
|
|
1746
|
-
authenticationType:
|
|
1773
|
+
authenticationType: M.CODE,
|
|
1747
1774
|
user: {
|
|
1748
1775
|
userId: U.userId,
|
|
1749
1776
|
username: u,
|
|
1750
1777
|
email: U.email
|
|
1751
1778
|
}
|
|
1752
1779
|
}
|
|
1753
|
-
}), !0) : (F(
|
|
1780
|
+
}), !0) : (F(we), !1);
|
|
1754
1781
|
}
|
|
1755
1782
|
return !1;
|
|
1756
1783
|
}, ft = async (u) => {
|
|
1757
|
-
u?.preventDefault(), await
|
|
1758
|
-
},
|
|
1784
|
+
u?.preventDefault(), await N(xr);
|
|
1785
|
+
}, Et = async () => {
|
|
1759
1786
|
const { isAuthenticated: u, user: g } = s;
|
|
1760
1787
|
try {
|
|
1761
1788
|
if (u && g && g.userId) {
|
|
1762
1789
|
if (l) {
|
|
1763
1790
|
i("getAccessToken");
|
|
1764
|
-
const
|
|
1765
|
-
if (
|
|
1791
|
+
const K = await V(l);
|
|
1792
|
+
if (K && K.payload[f.USER_ID_KEY] !== "")
|
|
1766
1793
|
return l;
|
|
1767
1794
|
}
|
|
1768
1795
|
i("getAccessToken: invalid access token, trying to refresh it");
|
|
@@ -1772,24 +1799,24 @@ const Fr = (e) => D(
|
|
|
1772
1799
|
nonce: ht,
|
|
1773
1800
|
domain: n
|
|
1774
1801
|
});
|
|
1775
|
-
return d.status && d.status === "success" && d.newAccessToken ? (
|
|
1802
|
+
return d.status && d.status === "success" && d.newAccessToken ? (T(d.newAccessToken), pe(d.newRefreshToken), d.newAccessToken) : (i(
|
|
1776
1803
|
"getAccessToken: invalid refresh token, need to re-authenticate"
|
|
1777
|
-
), await
|
|
1804
|
+
), await N(H), "");
|
|
1778
1805
|
}
|
|
1779
1806
|
return i(
|
|
1780
1807
|
"getAccessToken: user is not authenticated, cannot get access token"
|
|
1781
|
-
), await
|
|
1808
|
+
), await N(H), "";
|
|
1782
1809
|
} catch {
|
|
1783
1810
|
return i(
|
|
1784
1811
|
"getAccessToken: exception occurred, invalidating and logging out"
|
|
1785
|
-
), await
|
|
1812
|
+
), await N(Mr), "";
|
|
1786
1813
|
}
|
|
1787
|
-
},
|
|
1814
|
+
}, gt = () => s.isAuthenticated && h ? h : "", mt = async () => {
|
|
1788
1815
|
const { user: u } = s;
|
|
1789
1816
|
let g = await J({
|
|
1790
1817
|
accessToken: l,
|
|
1791
1818
|
clientId: r,
|
|
1792
|
-
type:
|
|
1819
|
+
type: $.GET_REGISTRATION_OPTIONS,
|
|
1793
1820
|
params: {
|
|
1794
1821
|
clientId: r,
|
|
1795
1822
|
id: u?.userId,
|
|
@@ -1802,7 +1829,7 @@ const Fr = (e) => D(
|
|
|
1802
1829
|
return g = await J({
|
|
1803
1830
|
accessToken: l,
|
|
1804
1831
|
clientId: r,
|
|
1805
|
-
type:
|
|
1832
|
+
type: $.VERIFY_REGISTRATION,
|
|
1806
1833
|
params: {
|
|
1807
1834
|
clientId: r,
|
|
1808
1835
|
id: u?.userId,
|
|
@@ -1814,7 +1841,7 @@ const Fr = (e) => D(
|
|
|
1814
1841
|
return await J({
|
|
1815
1842
|
accessToken: l,
|
|
1816
1843
|
clientId: r,
|
|
1817
|
-
type:
|
|
1844
|
+
type: $.VERIFY_REGISTRATION,
|
|
1818
1845
|
params: {
|
|
1819
1846
|
clientId: r,
|
|
1820
1847
|
id: u?.userId,
|
|
@@ -1826,13 +1853,13 @@ const Fr = (e) => D(
|
|
|
1826
1853
|
return !1;
|
|
1827
1854
|
}, wt = async () => {
|
|
1828
1855
|
o({ type: B, payload: { isLoading: !0 } }), Q();
|
|
1829
|
-
const u =
|
|
1856
|
+
const u = me();
|
|
1830
1857
|
Ie(u), i("loginWithPasskey");
|
|
1831
|
-
const g =
|
|
1858
|
+
const g = me();
|
|
1832
1859
|
let d = await J({
|
|
1833
1860
|
accessToken: l,
|
|
1834
1861
|
clientId: r,
|
|
1835
|
-
type:
|
|
1862
|
+
type: $.GET_AUTHENTICATION_OPTIONS,
|
|
1836
1863
|
params: {
|
|
1837
1864
|
id: g,
|
|
1838
1865
|
clientId: r
|
|
@@ -1840,36 +1867,36 @@ const Fr = (e) => D(
|
|
|
1840
1867
|
});
|
|
1841
1868
|
if (d.status)
|
|
1842
1869
|
try {
|
|
1843
|
-
const
|
|
1870
|
+
const K = await Ut(d.data);
|
|
1844
1871
|
return d = await J({
|
|
1845
1872
|
accessToken: l,
|
|
1846
1873
|
clientId: r,
|
|
1847
|
-
type:
|
|
1874
|
+
type: $.VERIFY_AUTHENTICATION,
|
|
1848
1875
|
params: {
|
|
1849
1876
|
clientId: r,
|
|
1850
1877
|
id: g,
|
|
1851
|
-
authentication:
|
|
1878
|
+
authentication: K,
|
|
1852
1879
|
nonce: u,
|
|
1853
1880
|
domain: n,
|
|
1854
1881
|
sessionExpiration: t,
|
|
1855
1882
|
ua: navigator.userAgent
|
|
1856
1883
|
}
|
|
1857
|
-
}), d.data.status === z ? (y(d.data.idToken),
|
|
1858
|
-
type:
|
|
1884
|
+
}), d.data.status === z ? (y(d.data.idToken), T(d.data.accessToken), pe(d.data.refreshToken), o({
|
|
1885
|
+
type: ae,
|
|
1859
1886
|
payload: {
|
|
1860
|
-
authenticationType:
|
|
1887
|
+
authenticationType: M.PASSKEY,
|
|
1861
1888
|
user: {
|
|
1862
1889
|
userId: d.data.userId,
|
|
1863
1890
|
username: d.data.username,
|
|
1864
1891
|
email: d.data.email
|
|
1865
1892
|
}
|
|
1866
1893
|
}
|
|
1867
|
-
}), !0) : (F(
|
|
1894
|
+
}), !0) : (F(we), !1);
|
|
1868
1895
|
} catch {
|
|
1869
1896
|
return await J({
|
|
1870
1897
|
accessToken: l,
|
|
1871
1898
|
clientId: r,
|
|
1872
|
-
type:
|
|
1899
|
+
type: $.VERIFY_AUTHENTICATION,
|
|
1873
1900
|
params: {
|
|
1874
1901
|
clientId: r,
|
|
1875
1902
|
id: g,
|
|
@@ -1878,29 +1905,29 @@ const Fr = (e) => D(
|
|
|
1878
1905
|
domain: n,
|
|
1879
1906
|
sessionExpiration: t
|
|
1880
1907
|
}
|
|
1881
|
-
}), F(
|
|
1908
|
+
}), F(we), !1;
|
|
1882
1909
|
}
|
|
1883
1910
|
return !1;
|
|
1884
1911
|
};
|
|
1885
|
-
return /* @__PURE__ */ Oe(
|
|
1912
|
+
return /* @__PURE__ */ Oe(Zr.Provider, { value: { state: s, dispatch: o }, children: /* @__PURE__ */ Oe(
|
|
1886
1913
|
dt.Provider,
|
|
1887
1914
|
{
|
|
1888
1915
|
value: {
|
|
1889
1916
|
...s,
|
|
1890
1917
|
login: yt,
|
|
1891
1918
|
logout: ft,
|
|
1892
|
-
getAccessToken:
|
|
1893
|
-
getIdToken:
|
|
1919
|
+
getAccessToken: Et,
|
|
1920
|
+
getIdToken: gt,
|
|
1894
1921
|
registeringForPasskey: mt,
|
|
1895
1922
|
loginWithPasskey: wt
|
|
1896
1923
|
},
|
|
1897
1924
|
children: e
|
|
1898
1925
|
}
|
|
1899
1926
|
) });
|
|
1900
|
-
},
|
|
1927
|
+
}, un = (e = dt) => Ot(e);
|
|
1901
1928
|
export {
|
|
1902
|
-
|
|
1903
|
-
|
|
1904
|
-
|
|
1905
|
-
|
|
1929
|
+
M as AUTH_TYPES,
|
|
1930
|
+
cn as AuthProvider,
|
|
1931
|
+
sn as isGranted,
|
|
1932
|
+
un as useAuth
|
|
1906
1933
|
};
|