@zea.cl/auth 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/bin/zea-auth-init.mjs +53 -0
  2. package/dist/components/index.d.mts +150 -0
  3. package/dist/components/index.d.ts +150 -0
  4. package/dist/components/index.js +957 -0
  5. package/dist/components/index.js.map +1 -0
  6. package/dist/components/index.mjs +947 -0
  7. package/dist/components/index.mjs.map +1 -0
  8. package/dist/hooks/index.d.mts +2 -0
  9. package/dist/hooks/index.d.ts +2 -0
  10. package/dist/hooks/index.js +621 -0
  11. package/dist/hooks/index.js.map +1 -0
  12. package/dist/hooks/index.mjs +618 -0
  13. package/dist/hooks/index.mjs.map +1 -0
  14. package/dist/index-BnHWPrKX.d.mts +69 -0
  15. package/dist/index-BnHWPrKX.d.ts +69 -0
  16. package/dist/index-C5rsqdqK.d.ts +453 -0
  17. package/dist/index-DtXFjTm2.d.mts +453 -0
  18. package/dist/index.d.mts +12 -0
  19. package/dist/index.d.ts +12 -0
  20. package/dist/index.js +1041 -0
  21. package/dist/index.js.map +1 -0
  22. package/dist/index.mjs +1024 -0
  23. package/dist/index.mjs.map +1 -0
  24. package/dist/styles/base.css +219 -0
  25. package/package.json +72 -0
package/dist/hooks/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/client/auth/OAuth2.ts","../../src/client/tokens/TokenManager.ts","../../src/client/admin/AdminAPI.ts","../../src/client/ThalamusClient.ts","../../src/hooks/useThalamus.ts","../../src/hooks/useAdmin.ts"],"names":["useRef","useState","useEffect","useCallback"],"mappings":";;;;;;;;;;;;AAgBO,IAAM,SAAN,MAAa;AAAA,EAClB,YAAoB,MAAA,EAAwB;AAAxB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAyB;AAAA,EAAzB,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcpB,oBAAoB,OAAA,EAA2C;AAC7D,IAAA,MAAM;AAAA,MACJ,QAAQ,IAAA,CAAK,MAAA,CAAO,iBAAiB,CAAC,QAAA,EAAU,WAAW,OAAO,CAAA;AAAA,MAClE,KAAA,GAAQ,KAAK,aAAA,EAAc;AAAA,MAC3B,YAAA,GAAe,MAAA;AAAA,MACf,aAAA;AAAA,MACA;AAAA,KACF,GAAI,WAAW,EAAC;AAEhB,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,MACjC,aAAA,EAAe,YAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA,EAAO,MAAM,OAAA,CAAQ,KAAK,IAAI,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA,GAAI,KAAA;AAAA,MAChD;AAAA,KACD,CAAA;AAGD,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,MAAA,CAAO,GAAA,CAAI,kBAAkB,aAAa,CAAA;AAC1C,MAAA,MAAA,CAAO,GAAA,CAAI,uBAAA,EAAyB,mBAAA,IAAuB,MAAM,CAAA;AAAA,IACnE;AAEA,IAAA,OAAO,GAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,iBAAA,EAAoB,MAAA,CAAO,UAAU,CAAA,CAAA;AAAA,EACpE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,aACJ,aAAA,EACwB;AACxB,IAAA,MAAM,IAAA,GAAO,OAAO,aAAA,KAAkB,QAAA,GAAW,gBAAgB,aAAA,CAAc,IAAA;AAC/E,IAAA,MAAM,YAAA,GAAe,OAAO,aAAA,KAAkB,QAAA,GAAW,SAAY,aAAA,CAAc,YAAA;AAEnF,IAAA,MAAM,IAAA,GAA4B;AAAA,MAChC,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,aAAA,EAAe,KAAK,MAAA,CAAO,YAAA;AAAA,MAC3B,YAAA,EAAc,KAAK,MAAA,CAAO;AAAA,KAC5B;AAGA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,IAAA,CAAK,aAAA,GAAgB,YAAA;AAAA,IACvB;AAEA,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,0BACJ,OAAA,EACwB;AACxB,IAAA,MAAM,EAAE,QAAQ,IAAA,CAAK,MAAA,CAAO,iBAAiB,EAAC,EAAE,GAAI,OAAA,IAAW,EAAC;AAEhE,IAAA,MAAM,IAAA,GAA4B;AAAA,MAChC,UAAA,EAAY,oBAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,aAAA,EAAe,KAAK,MAAA,CAAO;AAAA,KAC7B;AAEA,IAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,MAAA,IAAA,CAAK,KAAA,GAAQ,MAAM,OAAA,CAAQ,KAAK,IAAI,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA,GAAI,KAAA;AAAA,IACxD;AAEA,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,aAAa,OAAA,EAAsD;AACvE,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,UAAA,EAAY,eAAA;AAAA,MACZ,eAAe,OAAA,CAAQ,YAAA;AAAA,MACvB,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,aAAA,EAAe,KAAK,MAAA,CAAO;AAAA,KAC7B;AAEA,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,WAAA,CAAY,KAAA,EAAe,aAAA,EAAiE;AAChG,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC;AAAA,KACF;AAEA,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,IAAA,CAAK,eAAA,GAAkB,aAAA;AAAA,IACzB;AAEA,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,aAAA,CAAA,EAAiB;AAAA,MAClE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,MAAM,IAAA,CAAK,WAAA,CAAY,QAAQ,CAAA;AAAA,IACvC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKO,aAAA,CAAc,SAAiB,EAAA,EAAY;AAChD,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,eAAA,EAAiB;AAC3D,MAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAAA,IAC9B,CAAA,MAAO;AAEL,MAAA,MAAM,YAAA,GAAe,UAAQ,QAAQ,CAAA;AACrC,MAAA,YAAA,CAAa,eAAe,KAAK,CAAA;AAAA,IACnC;AACA,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,SAAS,IAAA,CAAK,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aAAa,IAAA,EAAmD;AAC5E,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,YAAA,CAAA,EAAgB;AAAA,MACjE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,MAAM,IAAA,CAAK,WAAA,CAAY,QAAQ,CAAA;AAAA,IACvC;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YAAY,QAAA,EAA4C;AACpE,IAAA,IAAI,YAAiB,EAAC;AACtB,IAAA,IAAI;AACF,MAAA,SAAA,GAAY,MAAM,SAAS,IAAA,EAAK;AAAA,IAClC,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,QAAuB,IAAI,KAAA;AAAA,MAC/B,UAAU,iBAAA,IAAqB,SAAA,CAAU,OAAA,IAAW,CAAA,KAAA,EAAQ,SAAS,MAAM,CAAA;AAAA,KAC7E;AACA,IAAA,KAAA,CAAM,aAAa,QAAA,CAAS,MAAA;AAC5B,IAAA,KAAA,CAAM,QAAQ,SAAA,CAAU,KAAA;AACxB,IAAA,KAAA,CAAM,oBAAoB,SAAA,CAAU,iBAAA;AAEpC,IAAA,OAAO,KAAA;AAAA,EACT;AACF,CAAA;;;AChNO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAA,EAAwB;AAAxB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAyB;AAAA,EAAzB,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcpB,MAAM,WAAW,KAAA,EAA+C;AAC9D,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,iBAAA,CAAA,EAAqB;AAAA,MACtE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO;AAAA,KAC/B,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,MAAM,IAAA,CAAK,WAAA,CAAY,QAAQ,CAAA;AAAA,IACvC;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,YAAY,WAAA,EAAwC;AACxD,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,eAAA,CAAA,EAAmB;AAAA,MACpE,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACD,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,MAAM,IAAA,CAAK,WAAA,CAAY,QAAQ,CAAA;AAAA,IACvC;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,SAAS,KAAA,EAAiC;AAC9C,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,UAAA,CAAW,KAAK,CAAA;AAC1C,MAAA,OAAO,OAAO,MAAA,KAAW,IAAA;AAAA,IAC3B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YAAY,QAAA,EAA4C;AACpE,IAAA,IAAI,YAAiB,EAAC;AACtB,IAAA,IAAI;AACF,MAAA,SAAA,GAAY,MAAM,SAAS,IAAA,EAAK;AAAA,IAClC,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,QAAuB,IAAI,KAAA;AAAA,MAC/B,UAAU,iBAAA,IAAqB,SAAA,CAAU,OAAA,IAAW,CAAA,KAAA,EAAQ,SAAS,MAAM,CAAA;AAAA,KAC7E;AACA,IAAA,KAAA,CAAM,aAAa,QAAA,CAAS,MAAA;AAC5B,IAAA,KAAA,CAAM,QAAQ,SAAA,CAAU,KAAA;AACxB,IAAA,KAAA,CAAM,oBAAoB,SAAA,CAAU,iBAAA;AAEpC,IAAA,OAAO,KAAA;AAAA,EACT;AACF,CAAA;;;AC1DO,IAAM,WAAN,MAAe;AAAA,EACpB,YAAoB,MAAA,EAAwB;AAAxB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAyB;AAAA,EAAzB,MAAA;AAAA,EAEpB,IAAY,OAAA,GAAkB;AAC5B,IAAA,OAAO,KAAK,MAAA,CAAO,OAAA;AAAA,EACrB;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,GAA6B;AACjC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,UAAA,CAAY,CAAA;AAC1D,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,UAAA,GAA8B;AAClC,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,SAAA,EAAU;AACnC,IAAA,OAAO,MAAM,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,aAAa,IAAI,CAAA;AAAA,EAChD;AAAA;AAAA,EAGA,MAAM,QAAQ,EAAA,EAA2B;AACvC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,IAAA,CAAK,OAAO,CAAA,WAAA,EAAc,EAAE,CAAA,CAAE,CAAA;AAChE,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,YAAA,CAAa,KAAA,EAAe,MAAA,EAA8C;AAC9E,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,IAAA,CAAK,OAAO,CAAA,mBAAA,EAAsB,KAAK,CAAA,QAAA,CAAA,EAAY;AAAA,MACnF,MAAA,EAAQ,MAAA;AAAA,MACR,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,QAAQ;AAAA,KACzC,CAAA;AACD,IAAA,OAAO,IAAI,IAAA,EAAK;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,UAAA,CAAW,EAAA,EAAY,IAAA,EAAmE;AAC9F,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,IAAA,CAAK,OAAO,CAAA,WAAA,EAAc,EAAE,CAAA,CAAA,EAAI;AAAA,MAChE,MAAA,EAAQ,OAAA;AAAA,MACR,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,IAAA,EAAM,MAAM;AAAA,KACpC,CAAA;AACD,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,WAAW,IAAA,EAMC;AAChB,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,UAAA,CAAA,EAAc;AAAA,MAC1D,MAAA,EAAQ,MAAA;AAAA,MACR,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,IAAA,EAAM,MAAM;AAAA,KACpC,CAAA;AACD,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,EAAA,EAAwC;AAC5D,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,IAAA,CAAK,OAAO,CAAA,mBAAA,EAAsB,EAAE,CAAA,CAAE,CAAA;AACxE,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,iBAAA,GAAkD;AACtD,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,kBAAA,CAAoB,CAAA;AAClE,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAII;AACxB,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,IAAA,IAAI,SAAS,OAAA,EAAS,MAAA,CAAO,GAAA,CAAI,SAAA,EAAW,QAAQ,OAAO,CAAA;AAC3D,IAAA,IAAI,SAAS,eAAA,EAAiB,MAAA,CAAO,GAAA,CAAI,iBAAA,EAAmB,QAAQ,eAAe,CAAA;AACnF,IAAA,IAAI,SAAS,MAAA,EAAQ,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,QAAQ,MAAM,CAAA;AAExD,IAAA,MAAM,EAAA,GAAK,OAAO,QAAA,EAAS;AAC3B,IAAA,MAAM,GAAA,GAAM,GAAG,IAAA,CAAK,OAAO,qBAAqB,EAAA,GAAK,CAAA,CAAA,EAAI,EAAE,CAAA,CAAA,GAAK,EAAE,CAAA,CAAA;AAClE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AAClC,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,gBAAgB,MAAA,EAOW;AAC/B,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,wBAAA,CAAA,EAA4B;AAAA,MACxE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,MAAM;AAAA,KAC5B,CAAA;AACD,IAAA,OAAO,IAAI,IAAA,EAAK;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,iBAAiB,MAAA,EAKU;AAC/B,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,yBAAA,CAAA,EAA6B;AAAA,MACzE,MAAA,EAAQ,QAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,MAAM;AAAA,KAC5B,CAAA;AACD,IAAA,OAAO,IAAI,IAAA,EAAK;AAAA,EAClB;AAAA;AAAA;AAAA,EAKA,MAAM,SAAA,GAAkC;AACtC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,UAAA,CAAY,CAAA;AAC1D,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,WAAW,MAAA,EAKM;AACrB,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,UAAA,CAAA,EAAc;AAAA,MAC1D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,MAAM;AAAA,KAC5B,CAAA;AACD,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAGA,MAAM,WAAW,EAAA,EAA2B;AAC1C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,WAAA,EAAc,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,MAAA,EAA0C;AACjE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,IAAA,CAAK,OAAO,CAAA,WAAA,EAAc,MAAM,CAAA,iBAAA,CAAmB,CAAA;AACrF,IAAA,MAAM,IAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,IAAA,OAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EACtB;AAAA;AAAA,EAIQ,cAAA,GAAgC;AACtC,IAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,cAAA,IAAkB,UAAA,EAAY;AACrE,MAAA,MAAM,UAAA,GAAc,IAAA,CAAK,MAAA,CAAe,UAAA,IAAc,eAAA;AACtD,MAAA,MAAM,KAAA,GAAS,UAAA,CAAmB,YAAA,CAAa,OAAA,CAAQ,UAAU,CAAA;AACjE,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,IAAI;AACF,UAAA,OAAO,IAAA,CAAK,KAAA,CAAM,KAAK,CAAA,CAAE,WAAA;AAAA,QAC3B,CAAA,CAAA,MAAQ;AACN,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAc,OAAA,CAAQ,GAAA,EAAa,OAAA,GAAuB,EAAC,EAAsB;AAC/E,IAAA,MAAM,KAAA,GAAQ,KAAK,cAAA,EAAe;AAElC,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,MAC3B,GAAG,OAAA;AAAA,MACH,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,GAAI,QAAQ,EAAE,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA,KAAO,EAAC;AAAA,QACpD,GAAG,OAAA,CAAQ;AAAA;AACb,KACD,CAAA;AAED,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AAAA,IAC9B;AAEA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA,EAEA,MAAc,QAAQ,QAAA,EAA4C;AAChE,IAAA,IAAI,OAAY,EAAC;AACjB,IAAA,IAAI;AACF,MAAA,IAAA,GAAO,MAAM,SAAS,IAAA,EAAK;AAAA,IAC7B,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,QAAuB,IAAI,KAAA;AAAA,MAC/B,KAAK,iBAAA,IAAqB,IAAA,CAAK,KAAA,IAAS,CAAA,KAAA,EAAQ,SAAS,MAAM,CAAA;AAAA,KACjE;AACA,IAAA,KAAA,CAAM,aAAa,QAAA,CAAS,MAAA;AAC5B,IAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,IAAA,KAAA,CAAM,oBAAoB,IAAA,CAAK,iBAAA;AAE/B,IAAA,OAAO,KAAA;AAAA,EACT;AACF,CAAA;;;AChPO,IAAM,iBAAN,MAAqB;AAAA;AAAA,EAEV,IAAA;AAAA;AAAA,EAGA,MAAA;AAAA;AAAA,EAGA,KAAA;AAAA,EAEC,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjB,YAAY,MAAA,EAAwB;AAElC,IAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AACpB,MAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,IACxC;AACA,IAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AACA,IAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,MAAA,MAAM,IAAI,MAAM,qBAAqB,CAAA;AAAA,IACvC;AAGA,IAAA,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,OAAO,EAAE,CAAA;AAEjD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,IAAA,GAAO,IAAI,MAAA,CAAO,MAAM,CAAA;AAC7B,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,YAAA,CAAa,MAAM,CAAA;AACrC,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,QAAA,CAAS,MAAM,CAAA;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,GAAsC;AACpC,IAAA,OAAO,OAAO,MAAA,CAAO,EAAE,GAAG,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;;;AC5CO,SAAS,YAAY,OAAA,EAAgD;AAC1E,EAAA,MAAM,UAAA,GAAa,QAAQ,UAAA,IAAc,eAAA;AACzC,EAAA,MAAM,SAAA,GAAYA,YAAA,CAAO,IAAI,cAAA,CAAe,OAAO,CAAC,CAAA;AACpD,EAAA,MAAM,SAAS,SAAA,CAAU,OAAA;AAEzB,EAAA,MAAM,CAAC,KAAA,EAAO,QAAQ,CAAA,GAAIC,eAAwB,IAAI,CAAA;AACtD,EAAA,MAAM,CAAC,IAAA,EAAM,OAAO,CAAA,GAAIA,eAA0B,IAAI,CAAA;AACtD,EAAA,MAAM,CAAC,SAAA,EAAW,YAAY,CAAA,GAAIA,eAAS,IAAI,CAAA;AAC/C,EAAA,MAAM,CAAC,KAAA,EAAO,QAAQ,CAAA,GAAIA,eAAwB,IAAI,CAAA;AAGtD,EAAAC,eAAA,CAAU,MAAM;AACd,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,OAAA,CAAQ,UAAU,CAAA;AAC7C,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,MAAM,EAAE,WAAA,EAAa,YAAA,EAAc,IAAG,GAAI,IAAA,CAAK,MAAM,KAAK,CAAA;AAC1D,QAAA,QAAA,CAAS,WAAW,CAAA;AACpB,QAAA,MAAA,CAAO,MAAA,CAAO,WAAA,CAAY,WAAW,CAAA,CAAE,IAAA,CAAK,CAAA,CAAA,KAAK,OAAA,CAAQ,CAAC,CAAC,CAAA,CAAE,KAAA,CAAM,MAAM;AAAA,QAAC,CAAC,CAAA;AAAA,MAC7E;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAAC,CAAA,SAAE;AACT,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF,CAAA,EAAG,CAAC,UAAU,CAAC,CAAA;AAGf,EAAAA,eAAA,CAAU,MAAM;AACd,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,MAAA,CAAO,SAAS,MAAM,CAAA;AACzD,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAC9B,IAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AAChC,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,KAAA,EAAO;AAGrB,IAAA,MAAA,CAAO,QAAQ,YAAA,CAAa,IAAI,EAAA,EAAI,MAAA,CAAO,SAAS,QAAQ,CAAA;AAE5D,IAAA,MAAM,UAAA,GAAa,cAAA,CAAe,OAAA,CAAQ,CAAA,EAAG,UAAU,CAAA,MAAA,CAAQ,CAAA;AAC/D,IAAA,IAAI,UAAU,UAAA,EAAY;AACxB,MAAA,QAAA,CAAS,4CAAuC,CAAA;AAChD,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,cAAA,CAAe,OAAA,CAAQ,CAAA,EAAG,UAAU,CAAA,SAAA,CAAW,CAAA;AAChE,IAAA,IAAI,CAAC,QAAA,EAAU;AAAE,MAAA,QAAA,CAAS,uBAAuB,CAAA;AAAG,MAAA;AAAA,IAAO;AAE3D,IAAA,MAAA,CAAO,IAAA,CAAK,aAAa,EAAE,IAAA,EAAM,cAAc,QAAA,EAAU,CAAA,CACtD,IAAA,CAAK,CAAA,IAAA,KAAQ;AACZ,MAAA,WAAA,CAAY,IAAI,CAAA;AAChB,MAAA,QAAA,CAAS,KAAK,YAAY,CAAA;AAC1B,MAAA,MAAA,CAAO,MAAA,CAAO,WAAA,CAAY,IAAA,CAAK,YAAY,CAAA,CAAE,IAAA,CAAK,CAAA,CAAA,KAAK,OAAA,CAAQ,CAAC,CAAC,CAAA,CAAE,KAAA,CAAM,MAAM;AAAA,MAAC,CAAC,CAAA;AAAA,IACnF,CAAC,CAAA,CACA,KAAA,CAAM,SAAO,QAAA,CAAS,GAAA,CAAI,OAAO,CAAC,CAAA;AAAA,EACvC,CAAA,EAAG,CAAC,UAAU,CAAC,CAAA;AAGf,EAAA,MAAM,WAAA,GAAc,CAAC,IAAA,KAAwB;AAC3C,IAAA,YAAA,CAAa,OAAA,CAAQ,YAAY,IAAA,CAAK,SAAA,CAAU,EAAE,WAAA,EAAa,IAAA,CAAK,cAAc,YAAA,EAAc,IAAA,CAAK,iBAAiB,IAAA,EAAM,SAAA,EAAW,KAAK,GAAA,EAAI,GAAI,KAAK,UAAA,GAAa,GAAA,EAAM,CAAC,CAAA;AAAA,EAC/K,CAAA;AAGA,EAAA,MAAM,KAAA,GAAQC,iBAAA,CAAY,OAAO,IAAA,KAAgC;AAC/D,IAAA,QAAA,CAAS,IAAI,CAAA;AACb,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,IAAA,CAAK,aAAA,EAAc;AAC3C,IAAA,MAAM,SAAA,GAAY,MAAM,aAAA,CAAc,QAAQ,CAAA;AAC9C,IAAA,cAAA,CAAe,OAAA,CAAQ,CAAA,EAAG,UAAU,CAAA,SAAA,CAAA,EAAa,QAAQ,CAAA;AACzD,IAAA,MAAM,GAAA,GAAM,MAAA,CAAO,IAAA,CAAK,mBAAA,CAAoB,EAAE,KAAA,EAAO,IAAA,EAAM,KAAA,EAAO,aAAA,EAAe,SAAA,EAAW,mBAAA,EAAqB,MAAA,EAAQ,CAAA;AACzH,IAAA,cAAA,CAAe,OAAA,CAAQ,CAAA,EAAG,UAAU,CAAA,MAAA,CAAA,EAAU,IAAI,GAAA,CAAI,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA,IAAK,EAAE,CAAA;AAC1F,IAAA,MAAA,CAAO,SAAS,IAAA,GAAO,GAAA;AAAA,EACzB,CAAA,EAAG,CAAC,UAAU,CAAC,CAAA;AAGf,EAAA,MAAM,MAAA,GAASA,kBAAY,MAAM;AAC/B,IAAA,YAAA,CAAa,WAAW,UAAU,CAAA;AAClC,IAAA,QAAA,CAAS,IAAI,CAAA;AACb,IAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,EACd,CAAA,EAAG,CAAC,UAAU,CAAC,CAAA;AAGf,EAAA,MAAM,YAAA,GAAeA,kBAAY,YAAY;AAC3C,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,OAAA,CAAQ,UAAU,CAAA;AAC7C,MAAA,IAAI,CAAC,KAAA,EAAO;AACZ,MAAA,MAAM,EAAE,YAAA,EAAc,EAAA,EAAG,GAAI,IAAA,CAAK,MAAM,KAAK,CAAA;AAC7C,MAAA,IAAI,CAAC,EAAA,EAAI;AACT,MAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,IAAA,CAAK,aAAa,EAAE,YAAA,EAAc,IAAI,CAAA;AAChE,MAAA,WAAA,CAAY,IAAI,CAAA;AAChB,MAAA,QAAA,CAAS,KAAK,YAAY,CAAA;AAAA,IAC5B,CAAA,CAAA,MAAQ;AAAA,IAAC;AAAA,EACX,CAAA,EAAG,CAAC,UAAU,CAAC,CAAA;AAEf,EAAA,OAAO;AAAA,IACL,KAAA;AAAA,IAAO,MAAA;AAAA,IAAQ,KAAA;AAAA,IAAO,IAAA;AAAA,IACtB,eAAA,EAAiB,CAAC,CAAC,KAAA;AAAA,IACnB,SAAA;AAAA,IAAW,YAAA;AAAA,IACX,MAAA;AAAA,IAAQ;AAAA,GACV;AACF;AAGA,eAAe,cAAc,QAAA,EAAmC;AAC9D,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,OAAO,SAAA,EAAW,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAC,CAAA;AAC3E,EAAA,OAAO,IAAA,CAAK,OAAO,YAAA,CAAa,GAAG,IAAI,UAAA,CAAW,IAAI,CAAC,CAAC,CAAA,CACrD,QAAQ,KAAA,EAAO,GAAG,EAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC9D;AC9GO,SAAS,SAAS,OAAA,EAA0C;AACjE,EAAA,MAAM,EAAE,SAAQ,GAAI,OAAA;AACpB,EAAA,MAAM,YAAYH,YAAAA,CAAO,IAAI,cAAA,CAAe,EAAE,UAAU,OAAA,EAAS,WAAA,EAAa,OAAO,MAAA,KAAW,cAAc,MAAA,CAAO,QAAA,CAAS,SAAS,kBAAA,EAAoB,OAAA,EAAS,CAAC,CAAA;AACrK,EAAA,MAAM,CAAC,KAAA,EAAO,QAAQ,CAAA,GAAIC,cAAAA,CAAiB,EAAE,CAAA;AAC7C,EAAA,MAAM,CAAC,OAAA,EAAS,UAAU,CAAA,GAAIA,eAAS,KAAK,CAAA;AAC5C,EAAA,MAAM,CAAC,KAAA,EAAO,QAAQ,CAAA,GAAIA,eAAwB,IAAI,CAAA;AAEtD,EAAA,MAAM,UAAU,YAAY;AAC1B,IAAA,UAAA,CAAW,IAAI,CAAA;AAAG,IAAA,QAAA,CAAS,IAAI,CAAA;AAC/B,IAAA,IAAI;AACF,MAAA,MAAM,CAAA,GAAI,MAAM,SAAA,CAAU,OAAA,CAAQ,MAAM,SAAA,EAAU;AAClD,MAAA,QAAA,CAAS,CAAC,CAAA;AAAA,IACZ,SAAS,CAAA,EAAQ;AAAE,MAAA,QAAA,CAAS,EAAE,OAAO,CAAA;AAAA,IAAE;AACvC,IAAA,UAAA,CAAW,KAAK,CAAA;AAAA,EAClB,CAAA;AAEA,EAAAC,gBAAU,MAAM;AAAE,IAAA,IAAI,OAAA,CAAQ,SAAA,KAAc,KAAA,EAAO,OAAA,EAAQ;AAAA,EAAE,CAAA,EAAG,CAAC,OAAO,CAAC,CAAA;AAEzE,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,MAAA,CAAO,CAAA,CAAA,KAAK,EAAE,QAAQ,CAAA;AAC3C,EAAA,MAAM,gBAAgC,EAAC;AACvC,EAAA,MAAM,QAAgB,EAAC;AAEvB,EAAA,MAAM,UAAA,GAAa,OAAO,IAAA,KAAiF;AACzG,IAAA,IAAI;AAAE,MAAA,MAAM,IAAI,MAAM,SAAA,CAAU,OAAA,CAAQ,KAAA,CAAM,WAAW,IAAI,CAAA;AAAG,MAAA,QAAA,CAAS,CAAA,IAAA,KAAQ,CAAC,GAAG,IAAA,EAAM,CAAC,CAAC,CAAA;AAAG,MAAA,OAAO,CAAA;AAAA,IAAE,SAAS,CAAA,EAAQ;AAAE,MAAA,QAAA,CAAS,EAAE,OAAO,CAAA;AAAG,MAAA,OAAO,IAAA;AAAA,IAAK;AAAA,EAC/J,CAAA;AAEA,EAAA,MAAM,eAAA,GAAkB,OAAO,OAAA,KAA8E;AAC3G,IAAA,OAAO,SAAA,CAAU,OAAA,CAAQ,KAAA,CAAM,eAAA,CAAgB,OAAO,CAAA;AAAA,EACxD,CAAA;AAEA,EAAA,OAAO,EAAE,OAAO,MAAA,EAAQ,aAAA,EAAe,OAAO,OAAA,EAAS,KAAA,EAAO,OAAA,EAAS,UAAA,EAAY,eAAA,EAAgB;AACrG","file":"index.js","sourcesContent":["/**\n * OAuth2 Authentication Module\n *\n * Handles OAuth2 authorization code flow, client credentials, and token refresh\n */\n\nimport type {\n ThalamusConfig,\n TokenResponse,\n AuthorizationUrlOptions,\n TokenExchangeOptions,\n ClientCredentialsOptions,\n RefreshTokenOptions,\n ThalamusError,\n} from '../types'\n\nexport class OAuth2 {\n constructor(private config: ThalamusConfig) {}\n\n /**\n * Generate OAuth2 authorization URL for user login\n *\n * @example\n * ```ts\n * const authUrl = thalamus.auth.getAuthorizationUrl({\n * scope: ['openid', 'profile', 'email'],\n * state: 'random-state-string'\n * })\n * // Redirect user to authUrl\n * ```\n */\n getAuthorizationUrl(options?: AuthorizationUrlOptions): string {\n const {\n scope = this.config.defaultScopes || ['openid', 'profile', 'email'],\n state = this.generateState(),\n responseType = 'code',\n codeChallenge,\n codeChallengeMethod,\n } = options || {}\n\n const params = new URLSearchParams({\n response_type: responseType,\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n scope: Array.isArray(scope) ? scope.join(' ') : scope,\n state,\n })\n\n // PKCE support (RFC 7636)\n if (codeChallenge) {\n params.set('code_challenge', codeChallenge)\n params.set('code_challenge_method', codeChallengeMethod || 'S256')\n }\n\n return `${this.config.baseUrl}/oauth/authorize?${params.toString()}`\n }\n\n /**\n * Exchange authorization code for access token\n *\n * @example\n * ```ts\n * const tokens = await thalamus.auth.exchangeCode('authorization_code_here')\n * console.log(tokens.access_token)\n * ```\n */\n async exchangeCode(\n codeOrOptions: string | TokenExchangeOptions\n ): Promise<TokenResponse> {\n const code = typeof codeOrOptions === 'string' ? codeOrOptions : codeOrOptions.code\n const codeVerifier = typeof codeOrOptions === 'string' ? undefined : codeOrOptions.codeVerifier\n\n const body: Record<string, any> = {\n grant_type: 'authorization_code',\n code,\n client_id: this.config.clientId,\n client_secret: this.config.clientSecret,\n redirect_uri: this.config.redirectUri,\n }\n\n // PKCE code verifier (RFC 7636)\n if (codeVerifier) {\n body.code_verifier = codeVerifier\n }\n\n return this.requestToken(body)\n }\n\n /**\n * Get access token using client credentials (M2M)\n *\n * @example\n * ```ts\n * const tokens = await thalamus.auth.getClientCredentialsToken({\n * scope: ['api:read', 'api:write']\n * })\n * ```\n */\n async getClientCredentialsToken(\n options?: ClientCredentialsOptions\n ): Promise<TokenResponse> {\n const { scope = this.config.defaultScopes || [] } = options || {}\n\n const body: Record<string, any> = {\n grant_type: 'client_credentials',\n client_id: this.config.clientId,\n client_secret: this.config.clientSecret,\n }\n\n if (scope.length > 0) {\n body.scope = Array.isArray(scope) ? scope.join(' ') : scope\n }\n\n return this.requestToken(body)\n }\n\n /**\n * Refresh access token using refresh token\n *\n * @example\n * ```ts\n * const newTokens = await thalamus.auth.refreshToken({\n * refreshToken: 'rt_...'\n * })\n * ```\n */\n async refreshToken(options: RefreshTokenOptions): Promise<TokenResponse> {\n const body = {\n grant_type: 'refresh_token',\n refresh_token: options.refreshToken,\n client_id: this.config.clientId,\n client_secret: this.config.clientSecret,\n }\n\n return this.requestToken(body)\n }\n\n /**\n * Revoke a token (access or refresh token)\n *\n * @example\n * ```ts\n * await thalamus.auth.revokeToken('at_...')\n * ```\n */\n async revokeToken(token: string, tokenTypeHint?: 'access_token' | 'refresh_token'): Promise<void> {\n const body: Record<string, string> = {\n token,\n }\n\n if (tokenTypeHint) {\n body.token_type_hint = tokenTypeHint\n }\n\n const response = await fetch(`${this.config.baseUrl}/oauth/revoke`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify(body),\n })\n\n if (!response.ok) {\n throw await this.handleError(response)\n }\n }\n\n /**\n * Generate random state for CSRF protection\n */\n public generateState(length: number = 32): string {\n const array = new Uint8Array(32)\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(array)\n } else {\n // Fallback for Node.js\n const cryptoModule = require('crypto')\n cryptoModule.randomFillSync(array)\n }\n return Array.from(array, (byte) => byte.toString(16).padStart(2, '0')).join('')\n }\n\n /**\n * Make token request to /oauth/token\n */\n private async requestToken(body: Record<string, any>): Promise<TokenResponse> {\n const response = await fetch(`${this.config.baseUrl}/oauth/token`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify(body),\n })\n\n if (!response.ok) {\n throw await this.handleError(response)\n }\n\n return response.json() as Promise<TokenResponse>\n }\n\n /**\n * Handle API errors\n */\n private async handleError(response: Response): Promise<ThalamusError> {\n let errorData: any = {}\n try {\n errorData = await response.json()\n } catch {\n // Ignore JSON parse errors\n }\n\n const error: ThalamusError = new Error(\n errorData.error_description || errorData.message || `HTTP ${response.status}`\n )\n error.statusCode = response.status\n error.error = errorData.error\n error.error_description = errorData.error_description\n\n return error\n }\n}\n","/**\n * Token Management Module\n *\n * Handles token introspection and validation\n */\n\nimport type {\n ThalamusConfig,\n IntrospectionResponse,\n UserInfo,\n ThalamusError,\n} from '../types'\n\nexport class TokenManager {\n constructor(private config: ThalamusConfig) {}\n\n /**\n * Introspect a token to check if it's valid and get metadata\n *\n * @example\n * ```ts\n * const tokenInfo = await thalamus.tokens.introspect('at_...')\n * if (tokenInfo.active) {\n * console.log(tokenInfo.user_id)\n * console.log(tokenInfo.scope)\n * }\n * ```\n */\n async introspect(token: string): Promise<IntrospectionResponse> {\n const response = await fetch(`${this.config.baseUrl}/oauth/introspect`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({ token }),\n })\n\n if (!response.ok) {\n throw await this.handleError(response)\n }\n\n return response.json() as Promise<IntrospectionResponse>\n }\n\n /**\n * Get user information from OpenID Connect userinfo endpoint\n *\n * @example\n * ```ts\n * const user = await thalamus.tokens.getUserInfo('at_...')\n * console.log(user.email)\n * console.log(user.name)\n * ```\n */\n async getUserInfo(accessToken: string): Promise<UserInfo> {\n const response = await fetch(`${this.config.baseUrl}/oauth/userinfo`, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n if (!response.ok) {\n throw await this.handleError(response)\n }\n\n return response.json() as Promise<UserInfo>\n }\n\n /**\n * Validate token and return true if active, false otherwise\n *\n * @example\n * ```ts\n * const isValid = await thalamus.tokens.validate('at_...')\n * if (isValid) {\n * // Token is valid\n * }\n * ```\n */\n async validate(token: string): Promise<boolean> {\n try {\n const result = await this.introspect(token)\n return result.active === true\n } catch {\n return false\n }\n }\n\n /**\n * Handle API errors\n */\n private async handleError(response: Response): Promise<ThalamusError> {\n let errorData: any = {}\n try {\n errorData = await response.json()\n } catch {\n // Ignore JSON parse errors\n }\n\n const error: ThalamusError = new Error(\n errorData.error_description || errorData.message || `HTTP ${response.status}`\n )\n error.statusCode = response.status\n error.error = errorData.error\n error.error_description = errorData.error_description\n\n return error\n }\n}\n","/**\n * Admin API Module\n *\n * User, organization, role, and domain management endpoints.\n * Requires JWT Bearer token authentication.\n */\n\nimport type { ThalamusConfig, ThalamusError, AgentConfig, MCPServerConfig } from '../types'\n\n// ── Types ────────────────────────────────────────────────────────────────────\n\nexport interface User {\n id: string\n name: string\n email: string\n status: string\n organization_id?: string\n is_agent: boolean\n agent_config?: AgentConfig\n}\n\nexport interface AdminOrganization {\n id: string\n name: string\n domains?: string[]\n}\n\nexport interface AdminRole {\n id: string\n organization_id: string\n name: string\n description?: string\n scopes: string[]\n}\n\nexport interface DomainRole {\n id: string\n user_id: string\n organization_id: string\n domain: string\n role: string\n scopes: string[]\n}\n\nexport interface EffectiveScopes {\n user_id: string\n scopes: string[]\n}\n\n// ── AdminAPI ─────────────────────────────────────────────────────────────────\n\nexport class AdminAPI {\n constructor(private config: ThalamusConfig) {}\n\n private get baseUrl(): string {\n return this.config.baseUrl\n }\n\n // ── Users ────────────────────────────────────────────────────────────────\n\n /** List all users */\n async listUsers(): Promise<User[]> {\n const res = await this.request(`${this.baseUrl}/api/users`)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** List all agents (users with is_agent === true) */\n async listAgents(): Promise<User[]> {\n const users = await this.listUsers()\n return users.filter((u) => u.is_agent === true)\n }\n\n /** Get a single user */\n async getUser(id: string): Promise<User> {\n const res = await this.request(`${this.baseUrl}/api/users/${id}`)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** Add a member to an organization */\n async addOrgMember(orgId: string, userId: string): Promise<{ message: string }> {\n const res = await this.request(`${this.baseUrl}/api/organizations/${orgId}/members`, {\n method: 'POST',\n body: JSON.stringify({ user_id: userId }),\n })\n return res.json() as Promise<{ message: string }>\n }\n\n /** Update a user (only name and agent_config are writable) */\n async updateUser(id: string, data: Partial<Pick<User, 'name' | 'agent_config'>>): Promise<User> {\n const res = await this.request(`${this.baseUrl}/api/users/${id}`, {\n method: 'PATCH',\n body: JSON.stringify({ user: data }),\n })\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** Create a user */\n async createUser(data: {\n email: string\n password: string\n name?: string\n is_agent?: boolean\n agent_config?: AgentConfig\n }): Promise<User> {\n const res = await this.request(`${this.baseUrl}/api/users`, {\n method: 'POST',\n body: JSON.stringify({ user: data }),\n })\n const json: any = await res.json()\n return json.data ?? json\n }\n\n // ── Organizations ─────────────────────────────────────────────────────────\n\n /** Get an organization */\n async getOrganization(id: string): Promise<AdminOrganization> {\n const res = await this.request(`${this.baseUrl}/api/organizations/${id}`)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** List all organizations */\n async listOrganizations(): Promise<AdminOrganization[]> {\n const res = await this.request(`${this.baseUrl}/api/organizations`)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n // ── Domain Roles ──────────────────────────────────────────────────────────\n\n /** List domain roles (optionally filtered) */\n async listDomainRoles(filters?: {\n user_id?: string\n organization_id?: string\n domain?: string\n }): Promise<DomainRole[]> {\n const params = new URLSearchParams()\n if (filters?.user_id) params.set('user_id', filters.user_id)\n if (filters?.organization_id) params.set('organization_id', filters.organization_id)\n if (filters?.domain) params.set('domain', filters.domain)\n\n const qs = params.toString()\n const url = `${this.baseUrl}/api/domains/roles${qs ? `?${qs}` : ''}`\n const res = await this.request(url)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** Grant a domain role to a user */\n async grantDomainRole(params: {\n user_id: string\n organization_id: string\n domain: string\n role: string\n scopes?: string[]\n entity_id?: string\n }): Promise<{ message: string }> {\n const res = await this.request(`${this.baseUrl}/api/domains/roles/grant`, {\n method: 'POST',\n body: JSON.stringify(params),\n })\n return res.json() as Promise<{ message: string }>\n }\n\n /** Revoke a domain role from a user */\n async revokeDomainRole(params: {\n user_id: string\n organization_id: string\n domain: string\n role: string\n }): Promise<{ message: string }> {\n const res = await this.request(`${this.baseUrl}/api/domains/roles/revoke`, {\n method: 'DELETE',\n body: JSON.stringify(params),\n })\n return res.json() as Promise<{ message: string }>\n }\n\n // ── Roles (RBAC) ──────────────────────────────────────────────────────────\n\n /** List all roles */\n async listRoles(): Promise<AdminRole[]> {\n const res = await this.request(`${this.baseUrl}/api/roles`)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** Create a role */\n async createRole(params: {\n organization_id: string\n name: string\n description?: string\n scopes: string[]\n }): Promise<AdminRole> {\n const res = await this.request(`${this.baseUrl}/api/roles`, {\n method: 'POST',\n body: JSON.stringify(params),\n })\n const json: any = await res.json()\n return json.data ?? json\n }\n\n /** Delete a role */\n async deleteRole(id: string): Promise<void> {\n await this.request(`${this.baseUrl}/api/roles/${id}`, { method: 'DELETE' })\n }\n\n // ── User Roles ────────────────────────────────────────────────────────────\n\n /** Get user's effective scopes */\n async getEffectiveScopes(userId: string): Promise<EffectiveScopes> {\n const res = await this.request(`${this.baseUrl}/api/users/${userId}/effective-scopes`)\n const json: any = await res.json()\n return json.data ?? json\n }\n\n // ── Internal ──────────────────────────────────────────────────────────────\n\n private getAccessToken(): string | null {\n if (typeof globalThis !== 'undefined' && 'localStorage' in globalThis) {\n const storageKey = (this.config as any).storageKey || 'thalamus_auth'\n const saved = (globalThis as any).localStorage.getItem(storageKey)\n if (saved) {\n try {\n return JSON.parse(saved).accessToken\n } catch {\n return null\n }\n }\n }\n return null\n }\n\n private async request(url: string, options: RequestInit = {}): Promise<Response> {\n const token = this.getAccessToken()\n\n const res = await fetch(url, {\n ...options,\n headers: {\n 'Content-Type': 'application/json',\n ...(token ? { Authorization: `Bearer ${token}` } : {}),\n ...options.headers,\n },\n })\n\n if (!res.ok) {\n throw await this.toError(res)\n }\n\n return res\n }\n\n private async toError(response: Response): Promise<ThalamusError> {\n let body: any = {}\n try {\n body = await response.json()\n } catch {\n // ignore\n }\n\n const error: ThalamusError = new Error(\n body.error_description || body.error || `HTTP ${response.status}`\n ) as ThalamusError\n error.statusCode = response.status\n error.error = body.error\n error.error_description = body.error_description\n\n return error\n }\n}\n","/**\n * ZEA Thalamus OAuth2 Client\n *\n * Official JavaScript/TypeScript SDK for Thalamus OAuth2 Server\n *\n * @example\n * ```ts\n * import ThalamusClient from '@zea/thalamus-js'\n *\n * const thalamus = new ThalamusClient({\n * clientId: process.env.THALAMUS_CLIENT_ID,\n * clientSecret: process.env.THALAMUS_CLIENT_SECRET,\n * redirectUri: 'https://yourapp.com/auth/callback',\n * baseUrl: 'https://auth.example.com'\n * })\n *\n * // Get authorization URL\n * const authUrl = thalamus.auth.getAuthorizationUrl()\n *\n * // Exchange code for tokens\n * const tokens = await thalamus.auth.exchangeCode(code)\n *\n * // Introspect token\n * const tokenInfo = await thalamus.tokens.introspect(accessToken)\n * ```\n */\n\nimport { OAuth2 } from './auth/OAuth2'\nimport { TokenManager } from './tokens/TokenManager'\nimport { AdminAPI } from './admin/AdminAPI'\nimport type { ThalamusConfig } from './types'\n\nexport class ThalamusClient {\n /** OAuth2 authentication methods */\n public readonly auth: OAuth2\n\n /** Token management and introspection */\n public readonly tokens: TokenManager\n\n /** Admin API — users, orgs, roles, domain management */\n public readonly admin: AdminAPI\n\n private readonly config: ThalamusConfig\n\n /**\n * Create a new Thalamus client\n *\n * @param config - Client configuration\n */\n constructor(config: ThalamusConfig) {\n // Validate required config\n if (!config.clientId) {\n throw new Error('clientId is required')\n }\n if (!config.redirectUri) {\n throw new Error('redirectUri is required')\n }\n if (!config.baseUrl) {\n throw new Error('baseUrl is required')\n }\n\n // Remove trailing slash from baseUrl\n config.baseUrl = config.baseUrl.replace(/\\/$/, '')\n\n this.config = config\n this.auth = new OAuth2(config)\n this.tokens = new TokenManager(config)\n this.admin = new AdminAPI(config)\n }\n\n /**\n * Get the current configuration\n */\n getConfig(): Readonly<ThalamusConfig> {\n return Object.freeze({ ...this.config })\n }\n}\n\nexport default ThalamusClient\n","'use client'\n\nimport { useState, useEffect, useCallback, useRef } from 'react'\nimport type { ThalamusConfig, TokenResponse, UserInfo } from '../types'\nimport { ThalamusClient } from '../client/ThalamusClient'\n\nexport interface UseThalamusOptions extends ThalamusConfig {\n /** Storage key for persisting auth (default: 'thalamus_auth') */\n storageKey?: string\n}\n\nexport interface UseThalamusReturn {\n /** Start OAuth2 PKCE login flow (redirects browser) */\n login: (options?: { scope?: string[] }) => Promise<void>\n /** Clear stored token and reset state */\n logout: () => void\n /** Raw access token */\n token: string | null\n /** Decoded user info */\n user: UserInfo | null\n /** Whether authenticated */\n isAuthenticated: boolean\n /** Whether loading auth state */\n isLoading: boolean\n /** Refresh the access token */\n refreshToken: () => Promise<void>\n /** ThalamusClient instance for direct API calls */\n client: ThalamusClient\n /** Error message if any */\n error: string | null\n}\n\nexport function useThalamus(options: UseThalamusOptions): UseThalamusReturn {\n const storageKey = options.storageKey || 'thalamus_auth'\n const clientRef = useRef(new ThalamusClient(options))\n const client = clientRef.current\n\n const [token, setToken] = useState<string | null>(null)\n const [user, setUser] = useState<UserInfo | null>(null)\n const [isLoading, setIsLoading] = useState(true)\n const [error, setError] = useState<string | null>(null)\n\n // ── Load stored auth on mount ──\n useEffect(() => {\n try {\n const saved = localStorage.getItem(storageKey)\n if (saved) {\n const { accessToken, refreshToken: rt } = JSON.parse(saved)\n setToken(accessToken)\n client.tokens.getUserInfo(accessToken).then(u => setUser(u)).catch(() => {})\n }\n } catch {} finally {\n setIsLoading(false)\n }\n }, [storageKey])\n\n // ── Handle OAuth callback ──\n useEffect(() => {\n const params = new URLSearchParams(window.location.search)\n const code = params.get('code')\n const state = params.get('state')\n if (!code || !state) return\n\n // Immediately remove code from URL to prevent React 18 Strict Mode double-fetching\n window.history.replaceState({}, '', window.location.pathname)\n\n const savedState = sessionStorage.getItem(`${storageKey}_state`)\n if (state !== savedState) {\n setError('State mismatch — possible CSRF attack')\n return\n }\n\n const verifier = sessionStorage.getItem(`${storageKey}_verifier`)\n if (!verifier) { setError('Missing code verifier'); return }\n\n client.auth.exchangeCode({ code, codeVerifier: verifier })\n .then(data => {\n persistAuth(data)\n setToken(data.access_token)\n client.tokens.getUserInfo(data.access_token).then(u => setUser(u)).catch(() => {})\n })\n .catch(err => setError(err.message))\n }, [storageKey])\n\n // ── Persist auth ──\n const persistAuth = (data: TokenResponse) => {\n localStorage.setItem(storageKey, JSON.stringify({ accessToken: data.access_token, refreshToken: data.refresh_token || null, expiresAt: Date.now() + data.expires_in * 1000 }))\n }\n\n // ── Login: PKCE + redirect ──\n const login = useCallback(async (opts?: { scope?: string[] }) => {\n setError(null)\n const verifier = client.auth.generateState()\n const challenge = await pkceChallenge(verifier)\n sessionStorage.setItem(`${storageKey}_verifier`, verifier)\n const url = client.auth.getAuthorizationUrl({ scope: opts?.scope, codeChallenge: challenge, codeChallengeMethod: 'S256' })\n sessionStorage.setItem(`${storageKey}_state`, new URL(url).searchParams.get('state') || '')\n window.location.href = url\n }, [storageKey])\n\n // ── Logout ──\n const logout = useCallback(() => {\n localStorage.removeItem(storageKey)\n setToken(null)\n setUser(null)\n }, [storageKey])\n\n // ── Refresh token ──\n const refreshToken = useCallback(async () => {\n try {\n const saved = localStorage.getItem(storageKey)\n if (!saved) return\n const { refreshToken: rt } = JSON.parse(saved)\n if (!rt) return\n const data = await client.auth.refreshToken({ refreshToken: rt })\n persistAuth(data)\n setToken(data.access_token)\n } catch {}\n }, [storageKey])\n\n return {\n login, logout, token, user,\n isAuthenticated: !!token,\n isLoading, refreshToken,\n client, error,\n }\n}\n\n// ── PKCE helper ──\nasync function pkceChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder()\n const hash = await crypto.subtle.digest('SHA-256', encoder.encode(verifier))\n return btoa(String.fromCharCode(...new Uint8Array(hash)))\n .replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n","'use client'\n\nimport { useState, useEffect, useRef } from 'react'\nimport { ThalamusClient } from '../client/ThalamusClient'\nimport type { User, Organization, Role, DomainRole, ThalamusConfig } from '../types'\n\nexport interface UseAdminOptions {\n baseUrl: string\n /** If true, auto-fetches on mount */\n autoFetch?: boolean\n}\n\nexport interface UseAdminReturn {\n users: User[]\n agents: User[]\n organizations: Organization[]\n roles: Role[]\n loading: boolean\n error: string | null\n refresh: () => Promise<void>\n createUser: (data: { email: string; password: string; name?: string; is_agent?: boolean }) => Promise<User | null>\n listDomainRoles: (filters?: { user_id?: string; organization_id?: string; domain?: string }) => Promise<DomainRole[]>\n}\n\nexport function useAdmin(options: UseAdminOptions): UseAdminReturn {\n const { baseUrl } = options\n const clientRef = useRef(new ThalamusClient({ clientId: 'admin', redirectUri: typeof window !== 'undefined' ? window.location.origin : 'http://localhost', baseUrl }))\n const [users, setUsers] = useState<User[]>([])\n const [loading, setLoading] = useState(false)\n const [error, setError] = useState<string | null>(null)\n\n const refresh = async () => {\n setLoading(true); setError(null)\n try {\n const u = await clientRef.current.admin.listUsers()\n setUsers(u)\n } catch (e: any) { setError(e.message) }\n setLoading(false)\n }\n\n useEffect(() => { if (options.autoFetch !== false) refresh() }, [baseUrl])\n\n const agents = users.filter(u => u.is_agent)\n const organizations: Organization[] = []\n const roles: Role[] = []\n\n const createUser = async (data: { email: string; password: string; name?: string; is_agent?: boolean }) => {\n try { const u = await clientRef.current.admin.createUser(data); setUsers(prev => [...prev, u]); return u } catch (e: any) { setError(e.message); return null }\n }\n\n const listDomainRoles = async (filters?: { user_id?: string; organization_id?: string; domain?: string }) => {\n return clientRef.current.admin.listDomainRoles(filters)\n }\n\n return { users, agents, organizations, roles, loading, error, refresh, createUser, listDomainRoles }\n}\n"]}