alepha 0.19.4 → 0.19.5

package/dist/server/auth/index.d.ts

@@ -6,6 +6,7 @@ import { DateTimeProvider } from "alepha/datetime";
 import { AccessTokenResponse, IssuerPrimitive, SecurityProvider, UserAccount } from "alepha/security";
 import * as _$alepha_logger0 from "alepha/logger";
 import * as _$alepha_server0 from "alepha/server";
+import { ServerRawRequest, ServerReply } from "alepha/server";
 import { ServerLinksProvider } from "alepha/server/links";
 
 //#region ../../src/server/auth/constants/routes.d.ts
@@ -1135,6 +1136,11 @@ declare class ServerAuthProvider {
   protected readonly serverCookiesProvider: ServerCookiesProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly serverLinksProvider: ServerLinksProvider;
+  /**
+   * Validates that a redirect URI is a safe relative path.
+   * Prevents open redirect attacks by rejecting absolute URLs and protocol-relative URLs.
+   */
+  protected validateRedirectUri(uri: string): string;
   get identities(): Array<AuthPrimitive>;
   protected readonly authorizationCode: _$alepha_server_cookies0.AbstractCookiePrimitive<_$alepha.TObject<{
     provider: _$alepha.TString;
@@ -1269,11 +1275,29 @@ declare class ServerAuthProvider {
       redirect_uri: _$alepha.TOptional<_$alepha.TString>;
     }>;
   }>;
+  /**
+   * Extracts provider-specific extra profile fields delivered via the
+   * authorization callback form body rather than the ID token or userinfo
+   * endpoint. Currently handles Apple Sign In's `user` field, which is sent
+   * only on the user's first authorization and contains their name.
+   */
+  protected extractFormPostProfile(req: Request): Promise<Record<string, unknown> | undefined>;
+  /**
+   * Shared callback logic for both GET and POST OAuth2/OIDC callbacks.
+   * For form_post response mode (e.g. Apple Sign In), the raw Request object
+   * is passed so openid-client can read the authorization code from the POST body.
+   */
+  protected handleCallback(url: URL, reply: ServerReply, cookies: Cookies, raw?: ServerRawRequest): Promise<void>;
   /**
    * Callback for OAuth2/OIDC providers.
    * It handles the authorization code flow and retrieves the access token.
    */
   readonly callback: _$alepha_server0.RoutePrimitive<_$alepha_server0.RequestConfigSchema>;
+  /**
+   * POST callback for OAuth2/OIDC providers using form_post response mode.
+   * Apple Sign In sends the authorization code via POST body instead of URL query parameters.
+   */
+  readonly callbackPost: _$alepha_server0.RoutePrimitive<_$alepha_server0.RequestConfigSchema>;
   /**
    * Logout route for OAuth2/OIDC providers.
    */
@@ -1488,6 +1512,17 @@ interface OidcOptions {
    */
   scope?: string;
   account?: LinkAccountFn;
+  /**
+   * OAuth2 response mode.
+   * Apple requires "form_post" which sends the authorization code via POST body
+   * instead of URL query parameters.
+   */
+  responseMode?: "query" | "fragment" | "form_post";
+  /**
+   * Additional parameters to include in the authorization URL.
+   * Useful for provider-specific parameters.
+   */
+  authorizationParameters?: Record<string, string>;
 }
 interface LinkAccountOptions {
   access_token: string;
@@ -1551,8 +1586,13 @@ declare class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
   /**
    * Extracts user information from the access token.
    * This is used to create a user account from the access token.
+   *
+   * `externalProfile` carries extra profile fields that cannot be derived from the
+   * ID token or userinfo endpoint — e.g. Apple's `user` form field that is only
+   * delivered once, on first authorization. ID token / userinfo fields take
+   * precedence; externalProfile only fills gaps.
    */
-  user(tokens: Tokens): Promise<UserAccount>;
+  user(tokens: Tokens, externalProfile?: Record<string, unknown>): Promise<UserAccount>;
   protected getUserFromIdToken(idToken: string): OAuth2Profile;
   prepare(): Promise<void>;
 }
@@ -1566,6 +1606,38 @@ interface WithLoginFn {
   login?: (provider: string) => (creds: Credentials) => Async<UserAccount | undefined>;
 }
 //#endregion
+//#region ../../src/server/auth/primitives/$authApple.d.ts
+/**
+ * Already configured Apple authentication primitive.
+ *
+ * Uses OpenID Connect (OIDC) to authenticate users via their Apple accounts.
+ * Upon successful authentication, it links the Apple account to a user session.
+ *
+ * Apple-specific behavior:
+ * - `response_mode=form_post` (required by Apple when requesting `email`/`name`).
+ * - Scope: `name email` (Apple does not support the standard `profile` scope).
+ * - The user's name is only provided on the first authorization, as a `user`
+ *   form field on the POST callback. The framework extracts it and injects
+ *   `given_name` / `family_name` / `name` into the profile before linking.
+ *   Subsequent logins only return `sub` and `email` in the ID token.
+ * - `email_verified` and `is_private_email` are normalized from Apple's
+ *   string ("true"/"false") representation to booleans.
+ *
+ * Client secret:
+ * Apple requires the client secret to be a signed ES256 JWT generated from
+ * your Apple private key, team ID, and key ID. This JWT is valid for up to 6
+ * months; you must rotate it before expiration. Generate it out of band and
+ * set it via `APPLE_CLIENT_SECRET`.
+ *
+ * See: https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret
+ *
+ * Environment Variables:
+ * - `APPLE_CLIENT_ID`: The Service ID obtained from the Apple Developer Console.
+ * - `APPLE_CLIENT_SECRET`: The signed ES256 JWT client secret generated from your
+ *   Apple private key.
+ */
+declare const $authApple: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
+//#endregion
 //#region ../../src/server/auth/primitives/$authCredentials.d.ts
 /**
  * Already configured Credentials authentication primitive.
@@ -1574,6 +1646,49 @@ interface WithLoginFn {
  */
 declare const $authCredentials: (realm: IssuerPrimitive & WithLoginFn, options?: Partial<CredentialsOptions>) => AuthPrimitive;
 //#endregion
+//#region ../../src/server/auth/primitives/$authFacebook.d.ts
+/**
+ * Already configured Facebook authentication primitive.
+ *
+ * Uses OAuth2 to authenticate users via their Facebook accounts.
+ * Upon successful authentication, it links the Facebook account to a user session.
+ *
+ * Environment Variables:
+ * - `FACEBOOK_CLIENT_ID`: The App ID obtained from the Meta Developer Console.
+ * - `FACEBOOK_CLIENT_SECRET`: The App Secret obtained from the Meta Developer Console.
+ */
+declare const $authFacebook: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
+//#endregion
+//#region ../../src/server/auth/primitives/$authFranceConnect.d.ts
+/**
+ * Creates an authentication provider primitive for France Connect.
+ *
+ * Uses OpenID Connect (OIDC) to authenticate users via France Connect,
+ * the French government's identity federation system. It provides verified
+ * identity data (name, email, birthdate) sourced directly from government
+ * databases.
+ *
+ * **France Connect-specific behaviour**:
+ * - Scopes use individual claim names (`given_name`, `family_name`) rather
+ *   than the standard grouped `profile` scope.
+ * - The `acr_values=eidas1` authorization parameter is mandatory and is
+ *   included automatically.
+ * - Logout is mandatory in France Connect integrations. Store the `id_token`
+ *   returned at login and pass it to the logout endpoint when the session ends.
+ *
+ * **Environment Variables** (obtain from partenaires.franceconnect.gouv.fr):
+ * - `FRANCECONNECT_CLIENT_ID` — OAuth 2.0 client ID for your France Connect service provider.
+ * - `FRANCECONNECT_CLIENT_SECRET` — OAuth 2.0 client secret for your France Connect service provider.
+ *
+ * @example
+ * ```ts
+ * class AuthProviders {
+ *   franceconnect = $authFranceConnect(this.userRealm);
+ * }
+ * ```
+ */
+declare const $authFranceConnect: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
+//#endregion
 //#region ../../src/server/auth/primitives/$authGithub.d.ts
 /**
  * Already configured GitHub authentication primitive.
@@ -1600,6 +1715,31 @@ declare const $authGithub: (realm: IssuerPrimitive & WithLinkFn, options?: Parti
  */
 declare const $authGoogle: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
 //#endregion
+//#region ../../src/server/auth/primitives/$authMicrosoft.d.ts
+/**
+ * Already configured Microsoft Entra ID (Azure AD) authentication primitive.
+ *
+ * Uses OpenID Connect (OIDC) to authenticate users via their Microsoft accounts.
+ * Supports personal Microsoft accounts, work/school (Azure AD) accounts, and
+ * multi-tenant applications.
+ *
+ * The tenant ID defaults to `"common"`, which allows all Microsoft account types
+ * (personal, work, school). To restrict to a specific Azure AD tenant, set
+ * `MICROSOFT_TENANT_ID` to your tenant's GUID or domain.
+ *
+ * **Note on multi-tenant issuer validation**: Microsoft's OIDC discovery document
+ * for the `common` endpoint returns `{tenantid}` as a literal placeholder in the
+ * `issuer` field. This is expected behavior for multi-tenant endpoints. The
+ * openid-client library handles this during token validation automatically.
+ *
+ * Environment Variables:
+ * - `MICROSOFT_CLIENT_ID`: The application (client) ID from the Azure Portal.
+ * - `MICROSOFT_CLIENT_SECRET`: The client secret value from the Azure Portal.
+ * - `MICROSOFT_TENANT_ID`: (Optional) Azure AD tenant ID or `"common"` for
+ *   multi-tenant. Defaults to `"common"`.
+ */
+declare const $authMicrosoft: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
+//#endregion
 //#region ../../src/server/auth/index.d.ts
 /**
  * OAuth2/OIDC authentication with social login providers.
@@ -1610,6 +1750,9 @@ declare const $authGoogle: (realm: IssuerPrimitive & WithLinkFn, options?: Parti
  * - Google OAuth integration
  * - GitHub OAuth integration
  * - Apple OAuth integration
+ * - Facebook OAuth integration
+ * - Microsoft Entra ID (Azure AD) integration
+ * - France Connect integration
  * - Cookie-based, SSR-friendly authentication
  * - Token management and refresh
  *
@@ -1617,5 +1760,5 @@ declare const $authGoogle: (realm: IssuerPrimitive & WithLinkFn, options?: Parti
  */
 declare const AlephaServerAuth: _$alepha.Service<_$alepha.Module>;
 //#endregion
-export { $auth, $authCredentials, $authGithub, $authGoogle, AccessToken, AlephaServerAuth, AuthExternal, AuthInternal, AuthPrimitive, AuthPrimitiveOptions, AuthenticationProvider, Credentials, CredentialsFn, CredentialsOptions, LinkAccountFn, LinkAccountOptions, OAuth2Options, OAuth2Profile, OidcOptions, ServerAuthProvider, TokenResponse, Tokens, UserinfoResponse, WithLinkFn, WithLoginFn, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
+export { $auth, $authApple, $authCredentials, $authFacebook, $authFranceConnect, $authGithub, $authGoogle, $authMicrosoft, AccessToken, AlephaServerAuth, AuthExternal, AuthInternal, AuthPrimitive, AuthPrimitiveOptions, AuthenticationProvider, Credentials, CredentialsFn, CredentialsOptions, LinkAccountFn, LinkAccountOptions, OAuth2Options, OAuth2Profile, OidcOptions, ServerAuthProvider, TokenResponse, Tokens, UserinfoResponse, WithLinkFn, WithLoginFn, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
 //# sourceMappingURL=index.d.ts.map

package/dist/server/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,WAA4B,OAAA;QAYxC,QAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,WAAmB,OAAA;YAG9B,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,WAAY,OAAA;YAevB,QAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,WAAsB,OAAA;;QAGjC,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;AJT7C;;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;AJrBZ;KIyBYH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;;;cC8PqBC,aAAAA;;;AAjIrB;;;;;UA+QiBI,mBAAAA;EA9I8B;;;EAAA,SAkJlCE,MAAAA;EAJIF;;;EAAAA,SAQJG,sBAAAA;EAJAD;;;EAAAA,SAQAE,cAAAA;EAQAE;;;EAAAA,SAJAD,QAAAA;EAuBAK;;;EAAAA,SAnBAJ,qBAAAA;EAsCAQ;;;EAAAA,SAlCAP,gBAAAA;EAsDAW;;;;EAAAA,SAjDAV,wBAAAA;EAyEAe;;;;EAAAA,SApEAd,wBAAAA;EAqFwBR;;;;EAAAA,SAhFxBS,qBAAAA;EAwGAsB;;;EAAAA,SApGArB,qCAAAA;EAqHAyB;;;;EAAAA,SAhHAxB,gDAAAA;EAwIA6B;;;;EAAAA,SAnIA5B,qBAAAA;EA4JAiC;;;;EAAAA,SAvJAhC,oBAAAA;EA8KAqC;;;;;EAAAA,SAxKApC,aAAAA;EAsMA0C;;;;EAAAA,SAjMAzC,UAAAA;EAuNA8C;;;EAAAA,SAnNA7C,mBAAAA;EAsOAiD;;;;EAAAA,SAjOAhD,0CAAAA;EA+OoBjD;;;AAEjC;EAFiCA,SA1OpBkD,qDAAAA;;;;WAIAC,sBAAAA;EAyOCkD;;;AAOd;EAPcA,SApODjD,6CAAAA;;;;;;WAMAC,wDAAAA;EAyOTmD;;;EAAAA,SArOSlD,gCAAAA;EA+PTsD;;;EAAAA,SA3PSrD,eAAAA;EAmUR9B;;;EAAAA,SA/TQ+B,6BAAAA;EAoUoB;;AAoqDjC;EApqDiC,SAhUpBC,0CAAAA;EAo+DmB2T;;;;EAAAA,SA/9DnB1T,qBAAAA,GAAwB1B,mBAAAA;EAg+DiBqV;;;EAAAA,SA59DzC1T,iBAAAA;EA49DR0T;;;;EAAAA,SAv9DQzT,oBAAAA;EAu9DyCyT;;;;EAAAA,SAl9DzCxT,uBAAAA;;ACxfb;;;WD6faC,qCAAAA;EC7fyCsX;;;;EAAAA,SDkgBzCrX,wCAAAA;EClgBiBoX;;;;EAAAA,SDugBjBnX,wCAAAA;ECvgByDyX;;;EAAAA,SD2gBzDxX,qCAAAA;EC3gBgG;AA0c7G;;EA1c6G,SD+gBhGC,wCAAAA;ECrE4BwU;;AAwFzC;EAxFyCA,SDyE5BvU,wCAAAA;;;;;WAKAC,2CAAAA;ECUkG;;;;EAAA,SDLlGC,8CAAAA;ECKmFgX;;;AAgBhG;EAhBgGA,SDAnF/W,8CAAAA;;;;;WAKAC,wBAAAA;ECmET0Y;;;EAAAA,SD/DSzY,qBAAAA;ECwEkB;;;;EAAA,SDnElBC,gBAAAA;ECiVyB;;;;EAAA,SD5UzBC,wBAAAA;ECwVwB;;;;EAAA,SDnVxBC,0BAAAA;EC2V6CyW;;;;EAAAA,SDtV7CxW,2BAAAA;ECkVTgb;;;;EAAAA,SD7US/a,+BAAAA;ECiVS8a;;;;EAAAA,SD5UT7a,gCAAAA;EC4U2D;AAExE;;;EAFwE,SDvU3DC,6BAAAA;ECiVAgb;;;EAAAA,SD7UA/a,qCAAAA;ECyUTyW;;;EAAAA,SDrUSxW,qCAAAA;EC8UTwa;;;;EAAAA,SDzUSva,0CAAAA;ECkVW;AAKxB;;;EALwB,SD7UXC,6CAAAA;EC2V2Bgb;;;;EAAAA,SDtV3B/a,6CAAAA;ECsVJ0a;;;;EAAAA,SDjVIza,8CAAAA;ECiVmC;AAIhD;;;EAJgD,SD5UnCC,0CAAAA;ECuVRgX;;;;EAAAA,SDlVQ/W,6CAAAA;ECkYQyY;;;;EAAAA,SD7XRxY,6CAAAA;ECuYwDmZ;;;EAAAA,SDnYxDlZ,mCAAAA;ECuYoC8Z;;;;EAAAA,SDlYpC7Z,+DAAAA;ECkZJ4W;;;EAAAA,SD9YI3W,0CAAAA;ECgXuD0a;;;EAAAA,SD5WvDza,yCAAAA;EC4WuDya;;;;EAAAA,SDvWvDxa,oBAAAA;ECiXwD8Y;;;EAAAA,SD7WxD7Y,iCAAAA;EC6W0FgZ;;;;EAAAA,SDxW1F/Y,oBAAAA;ECgXT8Z;;;;;EAAAA,SD1WS7Z,qCAAAA;ECkXLqY;;;EAAAA,SD9WKpY,6BAAAA;ECsXJqW;;;;EAAAA,SDjXIpW,oCAAAA;;;;WAIAC,4BAAAA;EE1qBkB;;;EAAA,SF8qBlBC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;;;;;;;;;;;;;;;AJr+EtD;;;KK2BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;;;;;cCxOqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;AAiFhG;;;;;AA8QA;;AA9QA,UAjEiBD,cAAAA,SAAuB1C,MAAAA;EAsVpC8G;;AAKJ;EAvVIxC,aAAAA;;;;;;;;;;;;;;;;;;;;;AAiWJ;;;;;;;;;;;;;;;;;;AA2BA;;;;;;;;;;;;;EAxUIC,yBAAAA;AAAAA;AAqVJ;;;;;;;AAAA,UA5UiB9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;;;;;;;EAObC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;ECp3BzB;;;EDw3BpBM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;;;;;EAKTN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;;;;OAIhBzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cCvhChB,kBAAA;EAAA,mBACQ,GAAA,EADU,gBAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;EAAA,IAE3B,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,wBAAA,CAAA,uBAAA,UAAA,OAAA;cANN,QAAA,CAAA,OAAA;;;;;;;;WAqBd,MAAA,EAAM,wBAAA,CAAA,uBAAA,UAAA,OAAA;cAfc,QAAA,CAAA,OAAA;;;;;;;;;;qBAwBjB,SAAA,EATG,QAAA,CASM,aAAA;;;;qBAYT,SAAA,EAZS,QAAA,CAYA,aAAA;;;AN/D9B;WMoGkB,QAAA,mBAAQ,cAAA;;;YArCI,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,mBAAO,cAAA;;gBAtCC,QAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,mBAAK,cAAA;;gBAvCE,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,mBAAK,cAAA;;gBA7EA,QAAA,CAAA,OAAA;;;;;;;;;WA6KL,QAAA,EAAQ,gBAAA,CAAA,cAAA,CAhGH,gBAAA,CAgGG,mBAAA;;;;WAkFR,MAAA,mBAAM,cAAA;;mDAlFE,QAAA,CAAA,OAAA;IAAA;EAAA;EA0JjB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;;;;;;YAwCO,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;;;;YA6Ba,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UA8BD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UAqDxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;APruBH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPhDyB;;;;EOqDnC,IAAA;EN9DA;;;EMmEA,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;EN7HmB;;;;;;;;;EMyI1B,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;AAAA;AAAA,UAGK,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;;EAKA,aAAA;;;;EAKA,KAAA;;;;EAKA,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;ENpOa;;;EMyOvB,WAAA;;;;EAKA,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;;;;;EAyCE,IAAA,CAAK,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,WAAA;EAAA,UAyCjC,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;cC1dxB,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;AThBlB;cUoBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;AVtBlB;cWmBa,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;AXrBlB;;;;;;;;;cY8Ba,gBAAA,EAAgB,QAAA,CAAA,OAAA,CAI3B,QAAA,CAJ2B,MAAA"}
+{"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authApple.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authFacebook.ts","../../../src/server/auth/primitives/$authFranceConnect.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/primitives/$authMicrosoft.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,WAA4B,OAAA;QAYxC,QAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,WAAmB,OAAA;YAG9B,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,WAAY,OAAA;YAevB,QAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,WAAsB,OAAA;;QAGjC,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;;AJT7C;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;;KAIAH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;;cC8PqBC,aAAAA;;;;AAjIrB;;;;UA+QiBI,mBAAAA;EA9IIJ;;;EAAAA,SAkJRM,MAAAA;EAlJkC;AA8I/C;;EA9I+C,SAsJlCC,sBAAAA;EAqT6B;;;EAAA,SAjT7BC,cAAAA;EAIAC;;;EAAAA,SAAAA,QAAAA;EAkBAI;;;EAAAA,SAdAH,qBAAAA;EAiCAO;;;EAAAA,SA7BAN,gBAAAA;EAiDAU;;;;EAAAA,SA5CAT,wBAAAA;EAqEAc;;;;EAAAA,SAhEAb,wBAAAA;EAqFAkB;;;;EAAAA,SAhFAjB,qBAAAA;EAmGAqB;;;EAAAA,SA/FApB,qCAAAA;EAiHAwB;;;;EAAAA,SA5GAvB,gDAAAA;EAoIA4B;;;;EAAAA,SA/HA3B,qBAAAA;EAuJAgC;;;;EAAAA,SAlJA/B,oBAAAA;EAyKAoC;;;;;EAAAA,SAnKAnC,aAAAA;EAiMAyC;;;;EAAAA,SA5LAxC,UAAAA;EAkNA6C;;;EAAAA,SA9MA5C,mBAAAA;EAkOAgD;;;;EAAAA,SA7NA/C,0CAAAA;EA+OCoD;;;;EAAAA,SA1ODnD,qDAAAA;EA4OuB;;;EAAA,SAxOvBC,sBAAAA;EAwOqCpB;;;;EAAAA,SAnOrCqB,6CAAAA;EA2OU;;;;;EAAA,SArOVC,wDAAAA;EAgVoB;;;EAAA,SA5UpBC,gCAAAA;EAwPTqD;;;EAAAA,SApPSpD,eAAAA;EA+TTwD;;;EAAAA,SA3TSvD,6BAAAA;EAoUWxD;;;EAAAA,SAhUXyD,0CAAAA;EAo+DmB;;;;EAAA,SA/9DnBC,qBAAAA,GAAwB1B,mBAAAA;EAg+DeoV;;;EAAAA,SA59DvCzT,iBAAAA;EA29DoByT;;;;EAAAA,SAt9DpBxT,oBAAAA;EAu9DuCwT;;;;EAAAA,SAl9DvCvT,uBAAAA;;;ACxfb;;WD6faC,qCAAAA;EC7fiBqX;;;;EAAAA,SDkgBjBpX,wCAAAA;EClgBgG;;;;EAAA,SDugBhGC,wCAAAA;ECvgB+DqX;;;EAAAA,SD2gB/DpX,qCAAAA;EC3gBgG;;AA0c7G;EA1c6G,SD+gBhGC,wCAAAA;;;;WAIAC,wCAAAA;ECeQ;;;;EAAA,SDVRC,2CAAAA;ECUmFiX;;;;EAAAA,SDLnFhX,8CAAAA;ECK0DwY;;;;EAAAA,SDA1DvY,8CAAAA;ECgBkB;;;;EAAA,SDXlBC,wBAAAA;ECeTyY;;;EAAAA,SDXSxY,qBAAAA;ECwEI2W;;;;EAAAA,SDnEJ1W,gBAAAA;ECiVI8a;;;;EAAAA,SD5UJ7a,wBAAAA;ECwVIgb;;;;EAAAA,SDnVJ/a,0BAAAA;ECuVoC4a;;;;EAAAA,SDlVpC3a,2BAAAA;ECsViB;;;;EAAA,SDjVjBC,+BAAAA;ECiVTgb;;;;EAAAA,SD5US/a,gCAAAA;EC4U2D;;AAExE;;EAFwE,SDvU3DC,6BAAAA;EC6UH2X;;;EAAAA,SDzUG1X,qCAAAA;EC2VW;;;EAAA,SDvVXC,qCAAAA;ECyUA8a;;;;EAAAA,SDpUA7a,0CAAAA;ECkVW;;AAKxB;;EALwB,SD7UXC,6CAAAA;EC2VJ2a;;;;EAAAA,SDtVI1a,6CAAAA;ECkVbgb;;;;EAAAA,SD7Ua/a,8CAAAA;ECiVmC;;AAIhD;;EAJgD,SD5UnCC,0CAAAA;ECuVG;;;;EAAA,SDlVHC,6CAAAA;ECuVF;AA2CX;;;EA3CW,SDlVEC,6CAAAA;ECuYgE4V;;;EAAAA,SDnYhE3V,mCAAAA;ECuYSka;;;;EAAAA,SDlYTja,+DAAAA;ECkZYqY;;;EAAAA,SD9YZpY,0CAAAA;ECgXiC+Z;;;EAAAA,SD5WjC9Z,yCAAAA;EC4WiC8Z;;;;EAAAA,SDvWjC7Z,oBAAAA;ECiX2BmZ;;;EAAAA,SD7W3BlZ,iCAAAA;EC6WiHoV;;;;EAAAA,SDxWjHnV,oBAAAA;EC4WoCwZ;;;;;EAAAA,SDtWpCvZ,qCAAAA;EC8WLqY;;;EAAAA,SD1WKpY,6BAAAA;ECkXY8X;;;;EAAAA,SD7WZ7X,oCAAAA;ECiX2B;;;EAAA,SD7W3BC,4BAAAA;EErqBA;;;EAAA,SFyqBAC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;ALv+EtD;;;;;;;;;;;;;;;ACEA;;ADFA,KM6BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;;;;cCxOqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;;AAiFhG;;;;;AA8QA;UA/UiBD,cAAAA,SAAuB1C,MAAAA;;;;EAIpCsE,aAAAA;EAuViC;;;;;;;;;;;;;;;;;;;;;AAUrC;;;;;;;;;;;;;;;;;;AA2BA;;;;;;;;;;;;EAxUIC,yBAAAA;AAAAA;;AAqVJ;;;;;;UA5UiB9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;ECh3BL;;;;;;EDu3BRC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;ECj3BW;;;;EDs3BpBN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;;;;OAIhBzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cClhChB,kBAAA;EAAA,mBACQ,GAAA,EADU,gBAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;;;;;YAM5B,mBAAA,CAAoB,GAAA;EAAA,IAOnB,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,wBAAA,CAAA,uBAAA,UAAA,OAAA;cANN,QAAA,CAAA,OAAA;;;;;;;;WAsBd,MAAA,EAAM,wBAAA,CAAA,uBAAA,UAAA,OAAA;cAhBc,QAAA,CAAA,OAAA;;;;;;;;;;qBAyBjB,SAAA,EATG,QAAA,CASM,aAAA;;ANpE9B;;qBMgFqB,SAAA,EAZS,QAAA,CAYA,aAAA;ENhFO;;;EAAA,SMqHnB,QAAA,mBAAQ,cAAA;;;YArCI,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,mBAAO,cAAA;;gBAtCC,QAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,mBAAK,cAAA;;gBAvCE,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,mBAAK,cAAA;;gBA7EA,QAAA,CAAA,OAAA;;;;;;;;;;;YAuML,sBAAA,CACd,GAAA,EAAK,OAAA,GACJ,OAAA,CAAQ,MAAA;;;;;;YAsCK,cAAA,CACd,GAAA,EAAK,GAAA,EACL,KAAA,EAAO,WAAA,EACP,OAAA,EAAS,OAAA,EACT,GAAA,GAAM,gBAAA,GAAgB,OAAA;;;;;WA8FR,QAAA,EAAQ,gBAAA,CAAA,cAAA,CA9FA,gBAAA,CA8FA,mBAAA;;;;;WAWR,YAAA,EAAY,gBAAA,CAAA,cAAA,CAXJ,gBAAA,CAWI,mBAAA;;;;WAWZ,MAAA,mBAAM,cAAA;;mDAXM,QAAA,CAAA,OAAA;IAAA;EAAA;EAqFrB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;;;AL3nBL;;;YKmqBY,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;AJ5qBL;;;YIysBkB,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UAgCD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UAqDxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;;APl2BH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPjDyB;;;;EOsDnC,IAAA;ENjEW;;;EMsEX,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;EN7HmB;;;;;;;;;EMyI1B,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;;;;;;EAOV,YAAA;;;;;EAMA,uBAAA,GAA0B,MAAA;AAAA;AAAA,UAGX,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;ANhOF;EMqOE,aAAA;;;;EAKA,KAAA;;;ALjPF;EKsPE,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;ELzOV;;;EK8OA,WAAA;;;;EAKA,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;;;;;;;;;;EA8CE,IAAA,CACX,MAAA,EAAQ,MAAA,EACR,eAAA,GAAkB,MAAA,oBACjB,OAAA,CAAQ,WAAA;EAAA,UAsDD,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;;;;;;AR1gBrC;;;;;;;;;;;;;;;ACEA;;;;cQsCa,UAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;cC5BL,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;;cCIL,aAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;AXtBlB;;;;;;;;;;;;;;;ACEA;;cWkCa,kBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;cClBL,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;cCHL,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;AdrBlB;;;;;;;;;;;;ce+Ba,cAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;AfjClB;;;;;;;;;;;;;;;cgBqCa,gBAAA,EAAgB,QAAA,CAAA,OAAA,CAI3B,QAAA,CAJ2B,MAAA"}