alepha 0.18.2 → 0.18.3

package/dist/server/auth/index.d.ts

@@ -49,13 +49,11 @@ declare const tokenResponseSchema: alepha.TObject<{
   }>;
   api: alepha.TObject<{
     prefix: alepha.TOptional<alepha.TString>;
-    definitions: alepha.TOptional<alepha.TRecord<"^.*$", alepha.TString>>;
     actions: alepha.TRecord<"^.*$", alepha.TObject<{
       path: alepha.TString;
       method: alepha.TOptional<alepha.TString>;
-      body: alepha.TOptional<alepha.TString>;
-      response: alepha.TOptional<alepha.TString>;
       contentType: alepha.TOptional<alepha.TString>;
+      kind: alepha.TOptional<alepha.TString>;
       service: alepha.TOptional<alepha.TString>;
     }>>;
     permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
@@ -92,13 +90,11 @@ declare const userinfoResponseSchema: alepha.TObject<{
   }>>;
   api: alepha.TObject<{
     prefix: alepha.TOptional<alepha.TString>;
-    definitions: alepha.TOptional<alepha.TRecord<"^.*$", alepha.TString>>;
     actions: alepha.TRecord<"^.*$", alepha.TObject<{
       path: alepha.TString;
       method: alepha.TOptional<alepha.TString>;
-      body: alepha.TOptional<alepha.TString>;
-      response: alepha.TOptional<alepha.TString>;
       contentType: alepha.TOptional<alepha.TString>;
+      kind: alepha.TOptional<alepha.TString>;
       service: alepha.TOptional<alepha.TString>;
     }>>;
     permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
@@ -1139,6 +1135,7 @@ declare class ServerAuthProvider {
   protected readonly serverCookiesProvider: ServerCookiesProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly serverLinksProvider: ServerLinksProvider;
+  get identities(): Array<AuthPrimitive>;
   protected readonly authorizationCode: alepha_server_cookies0.AbstractCookiePrimitive<alepha.TObject<{
     provider: alepha.TString;
     realm: alepha.TOptional<alepha.TString>;
@@ -1158,22 +1155,11 @@ declare class ServerAuthProvider {
     id_token: alepha.TOptional<alepha.TString>;
     scope: alepha.TOptional<alepha.TString>;
   }>>;
-  get identities(): Array<AuthPrimitive>;
-  getAuthenticationProviders(filters?: {
-    realmName?: string;
-  }): AuthenticationProvider[];
   protected readonly configure: alepha.HookPrimitive<"configure">;
-  protected getAccessTokens(tokens: Tokens): string | undefined;
   /**
    * Fill request headers with access token from cookies or fallback to provider's fallback function.
    */
   protected readonly onRequest: alepha.HookPrimitive<"server:onRequest">;
-  /**
-   * Convert cookies to tokens.
-   * If the tokens are expired, try to refresh them using the refresh token.
-   */
-  protected cookiesToTokens(cookies: Cookies): Promise<Tokens | undefined>;
-  protected refreshTokens(tokens: Tokens): Promise<Tokens | undefined>;
   /**
    * Get user information.
    */
@@ -1192,13 +1178,11 @@ declare class ServerAuthProvider {
       }>>;
       api: alepha.TObject<{
         prefix: alepha.TOptional<alepha.TString>;
-        definitions: alepha.TOptional<alepha.TRecord<"^.*$", alepha.TString>>;
         actions: alepha.TRecord<"^.*$", alepha.TObject<{
           path: alepha.TString;
           method: alepha.TOptional<alepha.TString>;
-          body: alepha.TOptional<alepha.TString>;
-          response: alepha.TOptional<alepha.TString>;
           contentType: alepha.TOptional<alepha.TString>;
+          kind: alepha.TOptional<alepha.TString>;
           service: alepha.TOptional<alepha.TString>;
         }>>;
         permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
@@ -1263,13 +1247,11 @@ declare class ServerAuthProvider {
       }>;
       api: alepha.TObject<{
         prefix: alepha.TOptional<alepha.TString>;
-        definitions: alepha.TOptional<alepha.TRecord<"^.*$", alepha.TString>>;
         actions: alepha.TRecord<"^.*$", alepha.TObject<{
           path: alepha.TString;
           method: alepha.TOptional<alepha.TString>;
-          body: alepha.TOptional<alepha.TString>;
-          response: alepha.TOptional<alepha.TString>;
           contentType: alepha.TOptional<alepha.TString>;
+          kind: alepha.TOptional<alepha.TString>;
           service: alepha.TOptional<alepha.TString>;
         }>>;
         permissions: alepha.TOptional<alepha.TArray<alepha.TString>>;
@@ -1299,6 +1281,9 @@ declare class ServerAuthProvider {
       post_logout_redirect_uri: alepha.TOptional<alepha.TString>;
     }>;
   }>;
+  getAuthenticationProviders(filters?: {
+    realmName?: string;
+  }): AuthenticationProvider[];
   /**
    * Find an auth provider by name and optionally by realm.
    * When realm is specified, it filters providers by both name and realm.
@@ -1308,8 +1293,15 @@ declare class ServerAuthProvider {
     provider: string;
     realm?: string;
   }): AuthPrimitive;
+  /**
+   * Convert cookies to tokens.
+   * If the tokens are expired, try to refresh them using the refresh token.
+   */
+  protected cookiesToTokens(cookies: Cookies): Promise<Tokens | undefined>;
   protected getTokens(cookies?: Cookies): Tokens | undefined;
   protected setTokens(tokens: Tokens, cookies?: Cookies): void;
+  protected extractAccessToken(tokens: Tokens): string | undefined;
+  protected refreshTokens(tokens: Tokens): Promise<Tokens | undefined>;
 }
 interface OAuth2Profile {
   sub: string;
@@ -1538,7 +1530,13 @@ interface OAuth2Options {
 declare class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
   protected readonly securityProvider: SecurityProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
-  oauth?: Configuration;
+  protected oauthConfig?: Configuration;
+  protected oauthInitializer?: () => Promise<Configuration>;
+  get oauth(): Configuration | undefined;
+  /**
+   * Get the OAuth2/OIDC configuration, initializing lazily if needed (serverless mode).
+   */
+  getOAuth(): Promise<Configuration | undefined>;
   get name(): string;
   get issuer(): IssuerPrimitive | undefined;
   get jwks_uri(): string;

package/dist/server/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,SAA4B,OAAA;QAYxC,MAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,SAAmB,OAAA;YAG9B,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,SAAY,OAAA;YAevB,MAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,SAAsB,OAAA;;QAGjC,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;AJT7C;;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;AJrBZ;KIyBYH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cE+PqBC,aAAAA;;;AA/OrB;;;;;UA6XiBI,mBAAAA;EAzXQ;;;EAAA,SA6XZE,MAAAA;EAzXDjC;;;EAAAA,SA6XCkC,sBAAAA;EA7X2BnC;;;EAAAA,SAiY3BoC,cAAAA;EAjYWhC;;;EAAAA,SAqYXiC,QAAAA;EArYiD;AAqF9D;;EArF8D,SAyYjDC,qBAAAA;EApTgC;;AAiB7C;EAjB6C,SAwThCC,gBAAAA;;;;AAtKb;WA2KaC,wBAAAA;;;;AA7Bb;WAkCaC,wBAAAA;;;;;WAKAC,qBAAAA;EAvBAL;;;EAAAA,SA2BAM,qCAAAA;EATAF;;;;EAAAA,SAcAG,gDAAAA;EAUAE;;;;EAAAA,SALAD,qBAAAA;EA8BAM;;;;EAAAA,SAzBAL,oBAAAA;EAgDAU;;;;;EAAAA,SA1CAT,aAAAA;EAgEAc;;;;EAAAA,SA3DAb,UAAAA;EAmFAkB;;;EAAAA,SA/EAjB,mBAAAA;EAiGAqB;;;;EAAAA,SA5FApB,0CAAAA;EAoHAyB;;;;EAAAA,SA/GAxB,qDAAAA;EAwIA6B;;;EAAAA,SApIA5B,sBAAAA;EAsJAgC;;;;EAAAA,SAjJA/B,6CAAAA;EA0KAoC;;;;;EAAAA,SApKAnC,wDAAAA;EA8LAyC;;;EAAAA,SA1LAxC,gCAAAA;EA8MA4C;;;EAAAA,SA1MA3C,eAAAA;EAmNoBvD;;;EAAAA,SA/MpBwD,6BAAAA;EAiNuB;;;EAAA,SA7MvBC,0CAAAA;EA6MqC1B;;;;EAAAA,SAxMrC2B,qBAAAA,GAAwB1B,mBAAAA;EAgNd;;;EAAA,SA5MV2B,iBAAAA;EAuTW3D;;;;EAAAA,SAlTX4D,oBAAAA;EAyNT8C;;;;EAAAA,SApNS7C,uBAAAA;EAoSTkD;;;;EAAAA,SA/RSjD,qCAAAA;EAwSoB;;AAoqDjC;;EApqDiC,SAnSpBC,wCAAAA;EAw8DGqT;;;;EAAAA,SAn8DHpT,wCAAAA;EAm8D0C;;;EAAA,SA/7D1CC,qCAAAA;EA+7DGmT;;;EAAAA,SA37DHlT,wCAAAA;EA27DyCmT;;;EAAAA,SAv7DzClT,wCAAAA;;;ACnhBb;;WDwhBaC,2CAAAA;ECxhBiB+W;;;;EAAAA,SD6hBjB9W,8CAAAA;EC7hBgG;;;;EAAA,SDkiBhGC,8CAAAA;ECliB+D+W;;;;EAAAA,SDuiB/D9W,wBAAAA;ECviBgG;AA0c7G;;EA1c6G,SD2iBhGC,qBAAAA;ECjG4BkU;;AAwFzC;;EAxFyCA,SDsG5BjU,gBAAAA;ECdWkY;;;;EAAAA,SDmBXjY,wBAAAA;ECnBkG;;;;EAAA,SDwBlGC,0BAAAA;ECxBkG;;AAgB/G;;EAhB+G,SD6BlGC,2BAAAA;ECbuC;;;;EAAA,SDkBvCC,+BAAAA;ECsCgB;;AAS7B;;EAT6B,SDjChBC,gCAAAA;EC0C2B4T;;AA8QxC;;EA9QwCA,SDrC3B3T,6BAAAA;EC0TTya;;AAKJ;EALIA,SDtTSxa,qCAAAA;;;;WAIAC,qCAAAA;EC+T6CmW;;;;EAAAA,SD1T7ClW,0CAAAA;ECsTT0a;;;;EAAAA,SDjTSza,6CAAAA;ECqTSwa;;;;EAAAA,SDhTTva,6CAAAA;ECgT2D;AAExE;;;EAFwE,SD3S3DC,8CAAAA;ECqTA0a;;;;EAAAA,SDhTAza,0CAAAA;EC4SHoX;;;;EAAAA,SDvSGnX,6CAAAA;ECyTT2a;;;;EAAAA,SDpTS1a,6CAAAA;ECyTU;;;EAAA,SDrTVC,mCAAAA;EC8TmB2X;;;;EAAAA,SDzTnB1X,+DAAAA;ECyTbqW;;;EAAAA,SDrTapW,0CAAAA;ECqTmC;AAIhD;;EAJgD,SDjTnCC,yCAAAA;EC4TG;;;;EAAA,SDvTHC,oBAAAA;EC4TF;AA2CX;;EA3CW,SDxTEC,iCAAAA;EC6WWqV;;;;EAAAA,SDxWXpV,oBAAAA;EC4WS4Z;;;;;EAAAA,SDtWT3Z,qCAAAA;ECsXJsW;;;EAAAA,SDlXIrW,6BAAAA;ECoVuDoa;;;;EAAAA,SD/UvDna,oCAAAA;ECyVToa;;;EAAAA,SDrVSna,4BAAAA;ECqVwDwY;;;EAAAA,SDjVxDvY,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;ECsVT8X;;;EDlVJ7X,SAAAA;EC0VK8V;;;;;;EDnVL7V,4BAAAA;;AEpsBJ;;;;;EF2sBIC,iCAAAA;EEvsBiC;;;;EF4sBjCC,iBAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;;;;;;;;;;;;;;;AJr+EtD;;;KK2BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cCuFqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;;;;AAAhG;;;;UAgBiBD,cAAAA,SAAuB1C,MAAAA;EAhB+BmE;;;EAoBnEG,aAAAA;EApBoBL;;;;;;AAgBxB;;;;;;;;;;AAiEA;;;;;AA8QA;;;;;AAYA;;;;;;;;;;;;;;;;;;;;;;AAUA;;;EA7SIM,yBAAAA;AAAAA;;;;;;;;UASa9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;;;;;;;EAObC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;ECzRyB;;;ED6RtCE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;ECzRM;;;ED6RnDM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;ECn5ByB;;;EDu5BtCrE,IAAAA,EAAMiB,SAAAA;ECr5B8B;;;EDy5BpChB,OAAAA,EAASqE,MAAAA;;;;;EAKTN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;;;;OAIhBzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cCvhChB,kBAAA;EAAA,mBACQ,GAAA,EADU,cAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;EAAA,mBAEnB,iBAAA,EAAiB,sBAAA,CAAA,uBAAA,QAAA,OAAA;cAFE,MAAA,CAAA,OAAA;;;;;;;WAgBtB,MAAA,EAAM,sBAAA,CAAA,uBAAA,QAAA,OAAA;cAdc,MAAA,CAAA,OAAA;;;;;;;;;;MAuBzB,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAMxB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;EAAA,mBAiCgB,SAAA,EAjCM,MAAA,CAiCG,aAAA;EAAA,UASlB,eAAA,CAAgB,MAAA,EAAQ,MAAA;;;;qBAiBf,SAAA,EAjBqB,MAAA,CAiBZ,aAAA;EN/GI;;;;EAAA,UMmJhB,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UA8BK,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;;AL9LzD;;WK+OkB,QAAA,iBAAQ,cAAA;;;YAjD8B,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAuFtC,OAAA,iBAAO,cAAA;;gBAtCC,MAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,iBAAK,cAAA;;gBAvCE,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,iBAAK,cAAA;;gBA7EA,MAAA,CAAA,OAAA;;;;;;;;;WAuKL,QAAA,EAAQ,cAAA,CAAA,cAAA,CA1FH,cAAA,CA0FG,mBAAA;;;;WAmER,MAAA,iBAAM,cAAA;;iDAnEE,MAAA,CAAA,OAAA;IAAA;EAAA;;;;;;YA8Id,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;EAAA,UAyBO,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;AAAA;AAAA,UAiB/B,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;APnsBH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPhDyB;;;;EOqDnC,IAAA;EN9DA;;;EMmEA,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;;;;;;;;;;EAYP,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;AAAA;AAAA,UAGK,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;;EAKA,aAAA;;;;EAKA,KAAA;;;;EAKA,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;;;;EAKV,WAAA;;;;EAKA,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAE5B,KAAA,GAAQ,aAAA;EAAA,IAEJ,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;AL/Rb;EK+Se,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;;;;;EAsCE,IAAA,CAAK,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,WAAA;EAAA,UAyCjC,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KA8CV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;cCzbxB,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;AThBlB;cUoBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;AVtBlB;cWmBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;AXrBlB;;;;;;;;;cY8Ba,gBAAA,EAAgB,MAAA,CAAA,OAAA,CAI3B,MAAA,CAJ2B,MAAA"}
+{"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,SAA4B,OAAA;QAYxC,MAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,SAAmB,OAAA;YAG9B,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,SAAY,OAAA;YAevB,MAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,SAAsB,OAAA;;QAGjC,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;AJT7C;;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;AJrBZ;KIyBYH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;cC8PqBC,aAAAA;;AAlJrB;;;;;AAiBA;UA+QiBI,mBAAAA;;;;WAIJE,MAAAA;EAlJkC;;;EAAA,SAsJlCC,sBAAAA;EARIH;;;EAAAA,SAYJI,cAAAA;EARAF;;;EAAAA,SAYAG,QAAAA;EAIAC;;;EAAAA,SAAAA,qBAAAA;EAmBAI;;;EAAAA,SAfAH,gBAAAA;EAkCAO;;;;EAAAA,SA7BAN,wBAAAA;EAsDAW;;;;EAAAA,SAjDAV,wBAAAA;EAwEAe;;;;EAAAA,SAnEAd,qBAAAA;EAoFAkB;;;EAAAA,SAhFAjB,qCAAAA;EAoGAqB;;;;EAAAA,SA/FApB,gDAAAA;EAqHAyB;;;;EAAAA,SAhHAxB,qBAAAA;EAwIA6B;;;;EAAAA,SAnIA5B,oBAAAA;EA4JAiC;;;;;EAAAA,SAtJAhC,aAAAA;EAkLAsC;;;;EAAAA,SA7KArC,UAAAA;EAqMA0C;;;EAAAA,SAjMAzC,mBAAAA;EAmNA6C;;;;EAAAA,SA9MA5C,0CAAAA;EAsOAiD;;;;EAAAA,SAjOAhD,qDAAAA;EA0O6B;;AAE1C;EAF0C,SAtO7BC,sBAAAA;;;;;WAKAC,6CAAAA;EAoOiB;;AAO9B;;;EAP8B,SA9NjBC,wDAAAA;EA+UR3B;;;EAAAA,SA3UQ4B,gCAAAA;EAqOTkD;;;EAAAA,SAjOSjD,eAAAA;EA2PTqD;;;EAAAA,SAvPSpD,6BAAAA;EA+TR/B;;;EAAAA,SA3TQgC,0CAAAA;EAgUoB;;AAoqDjC;;EApqDiC,SA3TpBC,qBAAAA,GAAwB1B,mBAAAA;EAg+DrBoV;;;EAAAA,SA59DHzT,iBAAAA;EA49DyC0T;;;;EAAAA,SAv9DzCzT,oBAAAA;EAu9DGwT;;;;EAAAA,SAl9DHvT,uBAAAA;EAk9D0C;;;;EAAA,SA78D1CC,qCAAAA;EC7fDoX;;;;EAAAA,SDkgBCnX,wCAAAA;EClgB+DsX;;;;EAAAA,SDugB/DrX,wCAAAA;ECvgBauX;;;EAAAA,SD2gBbtX,qCAAAA;EC3gByDwX;;;EAAAA,SD+gBzDvX,wCAAAA;EC/gBgG;AA0c7G;;EA1c6G,SDmhBhGC,wCAAAA;ECzE4BuU;;AAwFzC;;EAxFyCA,SD8E5BtU,2CAAAA;ECUWuY;;;;EAAAA,SDLXtY,8CAAAA;ECKkG;;;;EAAA,SDAlGC,8CAAAA;ECAkG;;AAgB/G;;EAhB+G,SDKlGC,wBAAAA;ECWuC;;;EAAA,SDPvCC,qBAAAA;EC+DTyY;;;AASJ;EATIA,SD1DSxY,gBAAAA;;;;ACiVb;WD5UaC,wBAAAA;;;;ACwVb;WDnVaC,0BAAAA;;;;;WAKAC,2BAAAA;ECsVkB8T;;;;EAAAA,SDjVlB7T,+BAAAA;EC6US8a;;;;EAAAA,SDxUT7a,gCAAAA;EC4UkB4T;;;;EAAAA,SDvUlB3T,6BAAAA;ECyUI+a;;;EAAAA,SDrUJ9a,qCAAAA;EC6UA+a;;;EAAAA,SDzUA9a,qCAAAA;ECqUTwW;;;;EAAAA,SDhUSvW,0CAAAA;EC6UT+a;;;;EAAAA,SDxUS9a,6CAAAA;ECkVD4Y;;;;EAAAA,SD7UC3Y,6CAAAA;ECsVmBgY;;;;EAAAA,SDjVnB/X,8CAAAA;ECiVb0W;;;;EAAAA,SD5UazW,0CAAAA;ECgVI+a;;;;EAAAA,SD3UJ9a,6CAAAA;ECkVOwY;;;;EAAAA,SD7UPvY,6CAAAA;EC6XqB;;;EAAA,SDzXrBC,mCAAAA;ECmYwDkZ;;;;EAAAA,SD9XxDjZ,+DAAAA;ECsY6C0V;;;EAAAA,SDlY7CzV,0CAAAA;EC8YJ2W;;;EAAAA,SD1YI1W,yCAAAA;EC4WuDya;;;;EAAAA,SDvWvDxa,oBAAAA;ECiXTya;;;EAAAA,SD7WSxa,iCAAAA;EC6WwD6Y;;;;EAAAA,SDxWxD5Y,oBAAAA;EC4WT6Z;;;;;EAAAA,SDtWS5Z,qCAAAA;EC0WkB0S;;;EAAAA,SDtWlBzS,6BAAAA;EC8WLoY;;;;EAAAA,SDzWKnY,oCAAAA;ECiXgB6X;;;EAAAA,SD7WhB5X,4BAAAA;;;;WAIAC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;EEvrBkC;;;;;;EF8rBlCC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;EEvqB0B;;;;;;EF8qB1BC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;;;;;;;;;;;;;;;AJr+EtD;;;KK2BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;cCxOqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;;;;;AAiFhG;;;UAjEiBD,cAAAA,SAAuB1C,MAAAA;EAiEyB;AA8QjE;;EA3UIsE,aAAAA;EAkVAwC;;AAKJ;;;;;;;;;;;;;;;;;;;;;;AAUA;;;;;;;;;;;;;;;;;;AA2BA;;;;;;;;;EAxUIvC,yBAAAA;AAAAA;;;;;AAqVJ;;;UA5UiB9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;;;;;;;EAObC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;ECr3B/B;;;EDy3BdM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;;;;;EAKTN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;ECj3BP;;;EAAA,KDq3BTzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cCvhChB,kBAAA;EAAA,mBACQ,GAAA,EADU,cAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;EAAA,IAE3B,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,sBAAA,CAAA,uBAAA,QAAA,OAAA;cANN,MAAA,CAAA,OAAA;;;;;;;WAoBd,MAAA,EAAM,sBAAA,CAAA,uBAAA,QAAA,OAAA;cAdc,MAAA,CAAA,OAAA;;;;;;;;;;qBAuBjB,SAAA,EATG,MAAA,CASM,aAAA;ENhEW;;;EAAA,mBM4EpB,SAAA,EAZS,MAAA,CAYA,aAAA;;;;WAqCZ,QAAA,iBAAQ,cAAA;;;YArCI,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,iBAAO,cAAA;;gBAtCC,MAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,iBAAK,cAAA;;gBAvCE,MAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,iBAAK,cAAA;;gBA7EA,MAAA,CAAA,OAAA;;;;;;;;;WAuKL,QAAA,EAAQ,cAAA,CAAA,cAAA,CA1FH,cAAA,CA0FG,mBAAA;;;;WAmER,MAAA,iBAAM,cAAA;;iDAnEE,MAAA,CAAA,OAAA;IAAA;EAAA;EA2IjB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;;;;;;YAwCO,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;;;;YA6Ba,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UA8BD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UA+CxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;APzsBH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPhDyB;;;;EOqDnC,IAAA;EN9DA;;;EMmEA,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;EN7HmB;;;;;;;;;EMyI1B,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;AAAA;AAAA,UAGK,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;;EAKA,aAAA;;;;EAKA,KAAA;;;;EAKA,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;;ANpOZ;;EMyOE,WAAA;ENzO0B;;;EM8O1B,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;ELxUY;;;;EKiXV,IAAA,CAAK,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,WAAA;EAAA,UAyCjC,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;cC1dxB,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;AThBlB;cUoBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;AVtBlB;cWmBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;AXrBlB;;;;;;;;;cY8Ba,gBAAA,EAAgB,MAAA,CAAA,OAAA,CAI3B,MAAA,CAJ2B,MAAA"}

package/dist/server/auth/index.js

@@ -8,7 +8,7 @@ import { ServerLinksProvider, apiRegistryResponseSchema } from "alepha/server/li
 
 //#region ../../../../node_modules/oauth4webapi/build/index.js
 let USER_AGENT$1;
-if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) USER_AGENT$1 = `oauth4webapi/v3.8.4`;
+if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) USER_AGENT$1 = `oauth4webapi/v3.8.5`;
 function looseInstanceOf(input, expected) {
 	if (input == null) return false;
 	try {
@@ -1279,7 +1279,22 @@ const $auth = (options) => {
 var AuthPrimitive = class extends Primitive {
 	securityProvider = $inject(SecurityProvider);
 	dateTimeProvider = $inject(DateTimeProvider);
-	oauth;
+	oauthConfig;
+	oauthInitializer;
+	get oauth() {
+		return this.oauthConfig;
+	}
+	/**
+	* Get the OAuth2/OIDC configuration, initializing lazily if needed (serverless mode).
+	*/
+	async getOAuth() {
+		if (this.oauthConfig) return this.oauthConfig;
+		if (this.oauthInitializer) {
+			this.oauthConfig = await this.oauthInitializer();
+			this.oauthInitializer = void 0;
+			return this.oauthConfig;
+		}
+	}
 	get name() {
 		return this.options.name ?? this.config.propertyKey;
 	}
@@ -1309,9 +1324,10 @@ var AuthPrimitive = class extends Primitive {
 		if ("issuer" in this.options) return this.options.issuer.refreshToken(refreshToken, accessToken).then((it) => it.tokens).catch((error) => {
 			throw new SecurityError("Failed to refresh access token using the refresh token (issuer)", { cause: error });
 		});
-		else if (this.oauth) try {
+		const oauth = await this.getOAuth();
+		if (oauth) try {
 			return {
-				...await refreshTokenGrant(this.oauth, refreshToken),
+				...await refreshTokenGrant(oauth, refreshToken),
 				issued_at: this.dateTimeProvider.now().unix()
 			};
 		} catch (error) {
@@ -1354,15 +1370,19 @@ var AuthPrimitive = class extends Primitive {
 		}
 	}
 	async prepare() {
-		const addons = [];
-		addons.push(allowInsecureRequests);
 		if ("oidc" in this.options) {
 			const { oidc } = this.options;
-			this.oauth = await discovery(new URL(oidc.issuer), oidc.clientId, { client_secret: oidc.clientSecret }, void 0, { execute: addons });
+			const discoverOidc = async () => {
+				const execute = [];
+				execute.push(allowInsecureRequests);
+				return discovery(new URL(oidc.issuer), oidc.clientId, { client_secret: oidc.clientSecret }, void 0, { execute });
+			};
+			if (this.alepha.isServerless() || !this.alepha.isProduction()) this.oauthInitializer = discoverOidc;
+			else this.oauthConfig = await discoverOidc();
 		}
 		if ("oauth" in this.options) {
 			const { oauth } = this.options;
-			this.oauth = new Configuration({
+			this.oauthConfig = new Configuration({
 				authorization_endpoint: oauth.authorization,
 				token_endpoint: oauth.token,
 				issuer: oauth.authorization,
@@ -1421,6 +1441,9 @@ var ServerAuthProvider = class {
 	serverCookiesProvider = $inject(ServerCookiesProvider);
 	dateTimeProvider = $inject(DateTimeProvider);
 	serverLinksProvider = $inject(ServerLinksProvider);
+	get identities() {
+		return this.alepha.primitives($auth).filter((auth) => !auth.options.disabled);
+	}
 	authorizationCode = $cookie({
 		name: "authorizationCode",
 		ttl: [15, "minutes"],
@@ -1442,36 +1465,12 @@ var ServerAuthProvider = class {
 		encrypt: true,
 		schema: tokensSchema
 	});
-	get identities() {
-		return this.alepha.primitives($auth).filter((auth) => !auth.options.disabled);
-	}
-	getAuthenticationProviders(filters = {}) {
-		const providers = [];
-		for (const identity of this.identities) {
-			if (filters.realmName) {
-				const issuer = identity.issuer;
-				if (!issuer || issuer.name !== filters.realmName) continue;
-			}
-			const type = "oidc" in identity.options ? "OIDC" : "oauth" in identity.options ? "OAUTH2" : "credentials" in identity.options ? "CREDENTIALS" : void 0;
-			if (!type) continue;
-			providers.push({
-				name: identity.name,
-				type
-			});
-		}
-		return providers;
-	}
 	configure = $hook({
 		on: "configure",
 		handler: async () => {
 			for (const identity of this.identities) await identity.prepare();
 		}
 	});
-	getAccessTokens(tokens) {
-		const idp = this.provider(tokens.provider);
-		if ("oidc" in idp.options && !("realm" in idp.options) && idp.options.oidc?.useIdToken) return tokens.id_token;
-		return tokens.access_token;
-	}
 	/**
 	* Fill request headers with access token from cookies or fallback to provider's fallback function.
 	*/
@@ -1483,7 +1482,7 @@ var ServerAuthProvider = class {
 			if (cookies) {
 				const tokens = await this.cookiesToTokens(cookies);
 				if (tokens) {
-					request.headers.authorization = `Bearer ${this.getAccessTokens(tokens)}`;
+					request.headers.authorization = `Bearer ${this.extractAccessToken(tokens)}`;
 					this.log.trace("Access token set in request headers", { provider: tokens.provider });
 				}
 			}
@@ -1499,52 +1498,6 @@ var ServerAuthProvider = class {
 		}
 	});
 	/**
-	* Convert cookies to tokens.
-	* If the tokens are expired, try to refresh them using the refresh token.
-	*/
-	async cookiesToTokens(cookies) {
-		const tokens = this.getTokens(cookies);
-		if (!tokens) {
-			this.log.trace("No tokens found in cookies");
-			return;
-		}
-		this.log.trace("Tokens found in cookies", {
-			expires_in: tokens.expires_in,
-			issued_at: tokens.issued_at
-		});
-		const refreshedTokens = await this.refreshTokens(tokens);
-		if (!refreshedTokens) {
-			this.tokens.del({ cookies });
-			return;
-		}
-		if (refreshedTokens.access_token !== tokens.access_token) this.setTokens(refreshedTokens, cookies);
-		return refreshedTokens;
-	}
-	async refreshTokens(tokens) {
-		if (tokens.expires_in && tokens.issued_at) {
-			if (tokens.issued_at + (tokens.expires_in - 10) < this.dateTimeProvider.now().unix()) {
-				this.log.trace("Tokens are expired");
-				if (tokens.refresh_token) {
-					this.log.trace("Trying to refresh tokens using refresh token");
-					try {
-						const newTokens = {
-							...await this.provider(tokens).refresh(tokens.refresh_token, tokens.access_token),
-							provider: tokens.provider,
-							issued_at: this.dateTimeProvider.now().unix()
-						};
-						this.log.debug("Tokens refreshed successfully");
-						return newTokens;
-					} catch (e) {
-						this.log.warn("Failed to refresh token", e);
-					}
-				}
-				return;
-			}
-		}
-		if (!tokens.issued_at && tokens.access_token) return;
-		return tokens;
-	}
-	/**
 	* Get user information.
 	*/
 	userinfo = $route({
@@ -1665,7 +1618,7 @@ var ServerAuthProvider = class {
 				provider: query.provider,
 				realm: query.realm
 			});
-			const oauth = provider.oauth;
+			const oauth = await provider.getOAuth();
 			if (!oauth) throw new SecurityError(`Auth provider '${query.provider}' does not support OAuth2`);
 			const scope = provider.scope;
 			let redirect_uri = provider.redirect_uri || alephaServerAuthRoutes.callback;
@@ -1716,7 +1669,7 @@ var ServerAuthProvider = class {
 			const authorizationCode = this.authorizationCode.get({ cookies });
 			if (!authorizationCode) throw new BadRequestError("Missing code verifier");
 			const provider = this.provider(authorizationCode);
-			const oauth = provider.oauth;
+			const oauth = await provider.getOAuth();
 			if (!oauth) throw new SecurityError(`Auth provider '${provider.name}' does not support OAuth2`);
 			const redirectUri = authorizationCode.redirectUri ?? "/";
 			const externalTokens = await authorizationCodeGrant(oauth, url, {
@@ -1772,7 +1725,7 @@ var ServerAuthProvider = class {
 					this.log.error("Failed to delete session", e);
 				}
 			}
-			const oauth = provider.oauth;
+			const oauth = await provider.getOAuth();
 			if (!oauth) {
 				reply.redirect(redirect, 302);
 				return;
@@ -1793,6 +1746,22 @@ var ServerAuthProvider = class {
 			reply.redirect(buildEndSessionUrl(oauth, params).toString(), 302);
 		}
 	});
+	getAuthenticationProviders(filters = {}) {
+		const providers = [];
+		for (const identity of this.identities) {
+			if (filters.realmName) {
+				const issuer = identity.issuer;
+				if (!issuer || issuer.name !== filters.realmName) continue;
+			}
+			const type = "oidc" in identity.options ? "OIDC" : "oauth" in identity.options ? "OAUTH2" : "credentials" in identity.options ? "CREDENTIALS" : void 0;
+			if (!type) continue;
+			providers.push({
+				name: identity.name,
+				type
+			});
+		}
+		return providers;
+	}
 	/**
 	* Find an auth provider by name and optionally by realm.
 	* When realm is specified, it filters providers by both name and realm.
@@ -1809,6 +1778,28 @@ var ServerAuthProvider = class {
 		if (!identity) throw new SecurityError(`Auth provider '${name}'${realmName ? ` for realm '${realmName}'` : ""} not found`);
 		return identity;
 	}
+	/**
+	* Convert cookies to tokens.
+	* If the tokens are expired, try to refresh them using the refresh token.
+	*/
+	async cookiesToTokens(cookies) {
+		const tokens = this.getTokens(cookies);
+		if (!tokens) {
+			this.log.trace("No tokens found in cookies");
+			return;
+		}
+		this.log.trace("Tokens found in cookies", {
+			expires_in: tokens.expires_in,
+			issued_at: tokens.issued_at
+		});
+		const refreshedTokens = await this.refreshTokens(tokens);
+		if (!refreshedTokens) {
+			this.tokens.del({ cookies });
+			return;
+		}
+		if (refreshedTokens.access_token !== tokens.access_token) this.setTokens(refreshedTokens, cookies);
+		return refreshedTokens;
+	}
 	getTokens(cookies) {
 		return this.tokens.get({ cookies });
 	}
@@ -1820,6 +1811,35 @@ var ServerAuthProvider = class {
 			ttl
 		});
 	}
+	extractAccessToken(tokens) {
+		const idp = this.provider(tokens.provider);
+		if ("oidc" in idp.options && !("realm" in idp.options) && idp.options.oidc?.useIdToken) return tokens.id_token;
+		return tokens.access_token;
+	}
+	async refreshTokens(tokens) {
+		if (tokens.expires_in && tokens.issued_at) {
+			if (tokens.issued_at + (tokens.expires_in - 10) < this.dateTimeProvider.now().unix()) {
+				this.log.trace("Tokens are expired");
+				if (tokens.refresh_token) {
+					this.log.trace("Trying to refresh tokens using refresh token");
+					try {
+						const newTokens = {
+							...await this.provider(tokens).refresh(tokens.refresh_token, tokens.access_token),
+							provider: tokens.provider,
+							issued_at: this.dateTimeProvider.now().unix()
+						};
+						this.log.debug("Tokens refreshed successfully");
+						return newTokens;
+					} catch (e) {
+						this.log.warn("Failed to refresh token", e);
+					}
+				}
+				return;
+			}
+		}
+		if (!tokens.issued_at && tokens.access_token) return;
+		return tokens;
+	}
 };
 
 //#endregion