alepha 0.21.2 → 0.23.0

package/dist/server/auth/index.js

@@ -28,11 +28,11 @@ const clockSkew = Symbol();
 const clockTolerance = Symbol();
 const customFetch$1 = Symbol();
 const jweDecrypt = Symbol();
-const encoder = new TextEncoder();
-const decoder$1 = new TextDecoder();
+const encoder$1 = new TextEncoder();
+const decoder$2 = new TextDecoder();
 function buf(input) {
-	if (typeof input === "string") return encoder.encode(input);
-	return decoder$1.decode(input);
+	if (typeof input === "string") return encoder$1.encode(input);
+	return decoder$2.decode(input);
 }
 let encodeBase64Url;
 if (Uint8Array.prototype.toBase64) encodeBase64Url = (input) => {
@@ -336,14 +336,10 @@ var WWWAuthenticateChallengeError = class extends Error {
 		Error.captureStackTrace?.(this, this.constructor);
 	}
 };
-const tokenMatch = "[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+";
-const token68Match = "[a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2}";
-const quotedParamMatcher = "(" + tokenMatch + ")\\s*=\\s*\"((?:[^\"\\\\]|\\\\[\\s\\S])*)\"";
-const paramMatcher = "(" + tokenMatch + ")\\s*=\\s*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)";
-const schemeRE = new RegExp("^[,\\s]*(" + tokenMatch + ")");
-const quotedParamRE = new RegExp("^[,\\s]*" + quotedParamMatcher + "[,\\s]*(.*)");
-const unquotedParamRE = new RegExp("^[,\\s]*" + paramMatcher + "[,\\s]*(.*)");
-const token68ParamRE = new RegExp("^(" + token68Match + ")(?:$|[,\\s])(.*)");
+const schemeRE = /* @__PURE__ */ new RegExp("^[,\\s]*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)");
+const quotedParamRE = /* @__PURE__ */ new RegExp("^[,\\s]*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)\\s*=\\s*\"((?:[^\"\\\\]|\\\\[\\s\\S])*)\"[,\\s]*(.*)");
+const unquotedParamRE = /* @__PURE__ */ new RegExp("^[,\\s]*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)\\s*=\\s*([a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+)[,\\s]*(.*)");
+const token68ParamRE = /* @__PURE__ */ new RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");
 function parseWwwAuthenticateChallenges(response) {
 	if (!looseInstanceOf(response, Response)) throw CodedTypeError$1("\"response\" must be an instance of Response", ERR_INVALID_ARG_TYPE$1);
 	const header = response.headers.get("www-authenticate");
@@ -1755,13 +1751,21 @@ var ServerAuthProvider = class {
 			reply.redirect(errorUrl.pathname + errorUrl.search, 302);
 			return;
 		}
+		await this.establishSession(user, issuer, provider.name, cookies);
+		reply.redirect(redirectUri, 302);
+	}
+	/**
+	* Establish a local session for an already-resolved user: mint realm tokens
+	* and write the `tokens` cookie. Used by the OAuth callback and by federated
+	* (broker) login. `issuer` is the realm issuer (provider.issuer / realm).
+	*/
+	async establishSession(user, issuer, providerName, cookies) {
 		const tokens = await issuer.createToken(user);
 		this.setTokens({
 			...tokens,
 			issued_at: this.dateTimeProvider.now().unix(),
-			provider: provider.name
+			provider: providerName
 		}, cookies);
-		reply.redirect(redirectUri, 302);
 	}
 	/**
 	* Callback for OAuth2/OIDC providers.
@@ -1925,6 +1929,1341 @@ var ServerAuthProvider = class {
 	}
 };
 //#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/buffer_utils.js
+const encoder = new TextEncoder();
+const decoder = new TextDecoder();
+function concat(...buffers) {
+	const size = buffers.reduce((acc, { length }) => acc + length, 0);
+	const buf = new Uint8Array(size);
+	let i = 0;
+	for (const buffer of buffers) {
+		buf.set(buffer, i);
+		i += buffer.length;
+	}
+	return buf;
+}
+function encode$1(string) {
+	const bytes = new Uint8Array(string.length);
+	for (let i = 0; i < string.length; i++) {
+		const code = string.charCodeAt(i);
+		if (code > 127) throw new TypeError("non-ASCII string encountered in encode()");
+		bytes[i] = code;
+	}
+	return bytes;
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/base64.js
+function encodeBase64(input) {
+	if (Uint8Array.prototype.toBase64) return input.toBase64();
+	const CHUNK_SIZE = 32768;
+	const arr = [];
+	for (let i = 0; i < input.length; i += CHUNK_SIZE) arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));
+	return btoa(arr.join(""));
+}
+function decodeBase64(encoded) {
+	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(encoded);
+	const binary = atob(encoded);
+	const bytes = new Uint8Array(binary.length);
+	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+	return bytes;
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/util/base64url.js
+function decode(input) {
+	if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof input === "string" ? input : decoder.decode(input), { alphabet: "base64url" });
+	let encoded = input;
+	if (encoded instanceof Uint8Array) encoded = decoder.decode(encoded);
+	encoded = encoded.replace(/-/g, "+").replace(/_/g, "/");
+	try {
+		return decodeBase64(encoded);
+	} catch {
+		throw new TypeError("The input to be decoded is not correctly encoded.");
+	}
+}
+function encode(input) {
+	let unencoded = input;
+	if (typeof unencoded === "string") unencoded = encoder.encode(unencoded);
+	if (Uint8Array.prototype.toBase64) return unencoded.toBase64({
+		alphabet: "base64url",
+		omitPadding: true
+	});
+	return encodeBase64(unencoded).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/crypto_key.js
+const unusable = (name, prop = "algorithm.name") => /* @__PURE__ */ new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);
+const isAlgorithm = (algorithm, name) => algorithm.name === name;
+function getHashLength(hash) {
+	return parseInt(hash.name.slice(4), 10);
+}
+function checkHashLength(algorithm, expected) {
+	if (getHashLength(algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+}
+function getNamedCurve(alg) {
+	switch (alg) {
+		case "ES256": return "P-256";
+		case "ES384": return "P-384";
+		case "ES512": return "P-521";
+		default: throw new Error("unreachable");
+	}
+}
+function checkUsage(key, usage) {
+	if (usage && !key.usages.includes(usage)) throw new TypeError(`CryptoKey does not support this operation, its usages must include ${usage}.`);
+}
+function checkSigCryptoKey(key, alg, usage) {
+	switch (alg) {
+		case "HS256":
+		case "HS384":
+		case "HS512":
+			if (!isAlgorithm(key.algorithm, "HMAC")) throw unusable("HMAC");
+			checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
+			break;
+		case "RS256":
+		case "RS384":
+		case "RS512":
+			if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5")) throw unusable("RSASSA-PKCS1-v1_5");
+			checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
+			break;
+		case "PS256":
+		case "PS384":
+		case "PS512":
+			if (!isAlgorithm(key.algorithm, "RSA-PSS")) throw unusable("RSA-PSS");
+			checkHashLength(key.algorithm, parseInt(alg.slice(2), 10));
+			break;
+		case "Ed25519":
+		case "EdDSA":
+			if (!isAlgorithm(key.algorithm, "Ed25519")) throw unusable("Ed25519");
+			break;
+		case "ML-DSA-44":
+		case "ML-DSA-65":
+		case "ML-DSA-87":
+			if (!isAlgorithm(key.algorithm, alg)) throw unusable(alg);
+			break;
+		case "ES256":
+		case "ES384":
+		case "ES512": {
+			if (!isAlgorithm(key.algorithm, "ECDSA")) throw unusable("ECDSA");
+			const expected = getNamedCurve(alg);
+			if (key.algorithm.namedCurve !== expected) throw unusable(expected, "algorithm.namedCurve");
+			break;
+		}
+		default: throw new TypeError("CryptoKey does not support this operation");
+	}
+	checkUsage(key, usage);
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/invalid_key_input.js
+function message(msg, actual, ...types) {
+	types = types.filter(Boolean);
+	if (types.length > 2) {
+		const last = types.pop();
+		msg += `one of type ${types.join(", ")}, or ${last}.`;
+	} else if (types.length === 2) msg += `one of type ${types[0]} or ${types[1]}.`;
+	else msg += `of type ${types[0]}.`;
+	if (actual == null) msg += ` Received ${actual}`;
+	else if (typeof actual === "function" && actual.name) msg += ` Received function ${actual.name}`;
+	else if (typeof actual === "object" && actual != null) {
+		if (actual.constructor?.name) msg += ` Received an instance of ${actual.constructor.name}`;
+	}
+	return msg;
+}
+const invalidKeyInput = (actual, ...types) => message("Key must be ", actual, ...types);
+const withAlg = (alg, actual, ...types) => message(`Key for the ${alg} algorithm must be `, actual, ...types);
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/util/errors.js
+var JOSEError = class extends Error {
+	static code = "ERR_JOSE_GENERIC";
+	code = "ERR_JOSE_GENERIC";
+	constructor(message, options) {
+		super(message, options);
+		this.name = this.constructor.name;
+		Error.captureStackTrace?.(this, this.constructor);
+	}
+};
+var JWTClaimValidationFailed = class extends JOSEError {
+	static code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
+	code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
+	claim;
+	reason;
+	payload;
+	constructor(message, payload, claim = "unspecified", reason = "unspecified") {
+		super(message, { cause: {
+			claim,
+			reason,
+			payload
+		} });
+		this.claim = claim;
+		this.reason = reason;
+		this.payload = payload;
+	}
+};
+var JWTExpired = class extends JOSEError {
+	static code = "ERR_JWT_EXPIRED";
+	code = "ERR_JWT_EXPIRED";
+	claim;
+	reason;
+	payload;
+	constructor(message, payload, claim = "unspecified", reason = "unspecified") {
+		super(message, { cause: {
+			claim,
+			reason,
+			payload
+		} });
+		this.claim = claim;
+		this.reason = reason;
+		this.payload = payload;
+	}
+};
+var JOSEAlgNotAllowed = class extends JOSEError {
+	static code = "ERR_JOSE_ALG_NOT_ALLOWED";
+	code = "ERR_JOSE_ALG_NOT_ALLOWED";
+};
+var JOSENotSupported = class extends JOSEError {
+	static code = "ERR_JOSE_NOT_SUPPORTED";
+	code = "ERR_JOSE_NOT_SUPPORTED";
+};
+var JWSInvalid = class extends JOSEError {
+	static code = "ERR_JWS_INVALID";
+	code = "ERR_JWS_INVALID";
+};
+var JWTInvalid = class extends JOSEError {
+	static code = "ERR_JWT_INVALID";
+	code = "ERR_JWT_INVALID";
+};
+var JWSSignatureVerificationFailed = class extends JOSEError {
+	static code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
+	code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
+	constructor(message = "signature verification failed", options) {
+		super(message, options);
+	}
+};
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/is_key_like.js
+const isCryptoKey = (key) => {
+	if (key?.[Symbol.toStringTag] === "CryptoKey") return true;
+	try {
+		return key instanceof CryptoKey;
+	} catch {
+		return false;
+	}
+};
+const isKeyObject = (key) => key?.[Symbol.toStringTag] === "KeyObject";
+const isKeyLike = (key) => isCryptoKey(key) || isKeyObject(key);
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/helpers.js
+function assertNotSet(value, name) {
+	if (value) throw new TypeError(`${name} can only be called once`);
+}
+function decodeBase64url(value, label, ErrorClass) {
+	try {
+		return decode(value);
+	} catch {
+		throw new ErrorClass(`Failed to base64url decode the ${label}`);
+	}
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/type_checks.js
+const isObjectLike = (value) => typeof value === "object" && value !== null;
+function isObject(input) {
+	if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") return false;
+	if (Object.getPrototypeOf(input) === null) return true;
+	let proto = input;
+	while (Object.getPrototypeOf(proto) !== null) proto = Object.getPrototypeOf(proto);
+	return Object.getPrototypeOf(input) === proto;
+}
+function isDisjoint(...headers) {
+	const sources = headers.filter(Boolean);
+	if (sources.length === 0 || sources.length === 1) return true;
+	let acc;
+	for (const header of sources) {
+		const parameters = Object.keys(header);
+		if (!acc || acc.size === 0) {
+			acc = new Set(parameters);
+			continue;
+		}
+		for (const parameter of parameters) {
+			if (acc.has(parameter)) return false;
+			acc.add(parameter);
+		}
+	}
+	return true;
+}
+const isJWK = (key) => isObject(key) && typeof key.kty === "string";
+const isPrivateJWK = (key) => key.kty !== "oct" && (key.kty === "AKP" && typeof key.priv === "string" || typeof key.d === "string");
+const isPublicJWK = (key) => key.kty !== "oct" && key.d === void 0 && key.priv === void 0;
+const isSecretJWK = (key) => key.kty === "oct" && typeof key.k === "string";
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/signing.js
+function checkKeyLength(alg, key) {
+	if (alg.startsWith("RS") || alg.startsWith("PS")) {
+		const { modulusLength } = key.algorithm;
+		if (typeof modulusLength !== "number" || modulusLength < 2048) throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
+	}
+}
+function subtleAlgorithm(alg, algorithm) {
+	const hash = `SHA-${alg.slice(-3)}`;
+	switch (alg) {
+		case "HS256":
+		case "HS384":
+		case "HS512": return {
+			hash,
+			name: "HMAC"
+		};
+		case "PS256":
+		case "PS384":
+		case "PS512": return {
+			hash,
+			name: "RSA-PSS",
+			saltLength: parseInt(alg.slice(-3), 10) >> 3
+		};
+		case "RS256":
+		case "RS384":
+		case "RS512": return {
+			hash,
+			name: "RSASSA-PKCS1-v1_5"
+		};
+		case "ES256":
+		case "ES384":
+		case "ES512": return {
+			hash,
+			name: "ECDSA",
+			namedCurve: algorithm.namedCurve
+		};
+		case "Ed25519":
+		case "EdDSA": return { name: "Ed25519" };
+		case "ML-DSA-44":
+		case "ML-DSA-65":
+		case "ML-DSA-87": return { name: alg };
+		default: throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+	}
+}
+async function getSigKey(alg, key, usage) {
+	if (key instanceof Uint8Array) {
+		if (!alg.startsWith("HS")) throw new TypeError(invalidKeyInput(key, "CryptoKey", "KeyObject", "JSON Web Key"));
+		return crypto.subtle.importKey("raw", key, {
+			hash: `SHA-${alg.slice(-3)}`,
+			name: "HMAC"
+		}, false, [usage]);
+	}
+	checkSigCryptoKey(key, alg, usage);
+	return key;
+}
+async function sign(alg, key, data) {
+	const cryptoKey = await getSigKey(alg, key, "sign");
+	checkKeyLength(alg, cryptoKey);
+	const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data);
+	return new Uint8Array(signature);
+}
+async function verify(alg, key, signature, data) {
+	const cryptoKey = await getSigKey(alg, key, "verify");
+	checkKeyLength(alg, cryptoKey);
+	const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm);
+	try {
+		return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);
+	} catch {
+		return false;
+	}
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/jwk_to_key.js
+const unsupportedAlg = "Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value";
+function subtleMapping(jwk) {
+	let algorithm;
+	let keyUsages;
+	switch (jwk.kty) {
+		case "AKP":
+			switch (jwk.alg) {
+				case "ML-DSA-44":
+				case "ML-DSA-65":
+				case "ML-DSA-87":
+					algorithm = { name: jwk.alg };
+					keyUsages = jwk.priv ? ["sign"] : ["verify"];
+					break;
+				default: throw new JOSENotSupported(unsupportedAlg);
+			}
+			break;
+		case "RSA":
+			switch (jwk.alg) {
+				case "PS256":
+				case "PS384":
+				case "PS512":
+					algorithm = {
+						name: "RSA-PSS",
+						hash: `SHA-${jwk.alg.slice(-3)}`
+					};
+					keyUsages = jwk.d ? ["sign"] : ["verify"];
+					break;
+				case "RS256":
+				case "RS384":
+				case "RS512":
+					algorithm = {
+						name: "RSASSA-PKCS1-v1_5",
+						hash: `SHA-${jwk.alg.slice(-3)}`
+					};
+					keyUsages = jwk.d ? ["sign"] : ["verify"];
+					break;
+				case "RSA-OAEP":
+				case "RSA-OAEP-256":
+				case "RSA-OAEP-384":
+				case "RSA-OAEP-512":
+					algorithm = {
+						name: "RSA-OAEP",
+						hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`
+					};
+					keyUsages = jwk.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
+					break;
+				default: throw new JOSENotSupported(unsupportedAlg);
+			}
+			break;
+		case "EC":
+			switch (jwk.alg) {
+				case "ES256":
+				case "ES384":
+				case "ES512":
+					algorithm = {
+						name: "ECDSA",
+						namedCurve: {
+							ES256: "P-256",
+							ES384: "P-384",
+							ES512: "P-521"
+						}[jwk.alg]
+					};
+					keyUsages = jwk.d ? ["sign"] : ["verify"];
+					break;
+				case "ECDH-ES":
+				case "ECDH-ES+A128KW":
+				case "ECDH-ES+A192KW":
+				case "ECDH-ES+A256KW":
+					algorithm = {
+						name: "ECDH",
+						namedCurve: jwk.crv
+					};
+					keyUsages = jwk.d ? ["deriveBits"] : [];
+					break;
+				default: throw new JOSENotSupported(unsupportedAlg);
+			}
+			break;
+		case "OKP":
+			switch (jwk.alg) {
+				case "Ed25519":
+				case "EdDSA":
+					algorithm = { name: "Ed25519" };
+					keyUsages = jwk.d ? ["sign"] : ["verify"];
+					break;
+				case "ECDH-ES":
+				case "ECDH-ES+A128KW":
+				case "ECDH-ES+A192KW":
+				case "ECDH-ES+A256KW":
+					algorithm = { name: jwk.crv };
+					keyUsages = jwk.d ? ["deriveBits"] : [];
+					break;
+				default: throw new JOSENotSupported(unsupportedAlg);
+			}
+			break;
+		default: throw new JOSENotSupported("Invalid or unsupported JWK \"kty\" (Key Type) Parameter value");
+	}
+	return {
+		algorithm,
+		keyUsages
+	};
+}
+async function jwkToKey(jwk) {
+	if (!jwk.alg) throw new TypeError("\"alg\" argument is required when \"jwk.alg\" is not present");
+	const { algorithm, keyUsages } = subtleMapping(jwk);
+	const keyData = { ...jwk };
+	if (keyData.kty !== "AKP") delete keyData.alg;
+	delete keyData.use;
+	return crypto.subtle.importKey("jwk", keyData, algorithm, jwk.ext ?? (jwk.d || jwk.priv ? false : true), jwk.key_ops ?? keyUsages);
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/normalize_key.js
+const unusableForAlg = "given KeyObject instance cannot be used for this algorithm";
+let cache;
+const handleJWK = async (key, jwk, alg, freeze = false) => {
+	cache ||= /* @__PURE__ */ new WeakMap();
+	let cached = cache.get(key);
+	if (cached?.[alg]) return cached[alg];
+	const cryptoKey = await jwkToKey({
+		...jwk,
+		alg
+	});
+	if (freeze) Object.freeze(key);
+	if (!cached) cache.set(key, { [alg]: cryptoKey });
+	else cached[alg] = cryptoKey;
+	return cryptoKey;
+};
+const handleKeyObject = (keyObject, alg) => {
+	cache ||= /* @__PURE__ */ new WeakMap();
+	let cached = cache.get(keyObject);
+	if (cached?.[alg]) return cached[alg];
+	const isPublic = keyObject.type === "public";
+	const extractable = isPublic ? true : false;
+	let cryptoKey;
+	if (keyObject.asymmetricKeyType === "x25519") {
+		switch (alg) {
+			case "ECDH-ES":
+			case "ECDH-ES+A128KW":
+			case "ECDH-ES+A192KW":
+			case "ECDH-ES+A256KW": break;
+			default: throw new TypeError(unusableForAlg);
+		}
+		cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, isPublic ? [] : ["deriveBits"]);
+	}
+	if (keyObject.asymmetricKeyType === "ed25519") {
+		if (alg !== "EdDSA" && alg !== "Ed25519") throw new TypeError(unusableForAlg);
+		cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [isPublic ? "verify" : "sign"]);
+	}
+	switch (keyObject.asymmetricKeyType) {
+		case "ml-dsa-44":
+		case "ml-dsa-65":
+		case "ml-dsa-87":
+			if (alg !== keyObject.asymmetricKeyType.toUpperCase()) throw new TypeError(unusableForAlg);
+			cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [isPublic ? "verify" : "sign"]);
+	}
+	if (keyObject.asymmetricKeyType === "rsa") {
+		let hash;
+		switch (alg) {
+			case "RSA-OAEP":
+				hash = "SHA-1";
+				break;
+			case "RS256":
+			case "PS256":
+			case "RSA-OAEP-256":
+				hash = "SHA-256";
+				break;
+			case "RS384":
+			case "PS384":
+			case "RSA-OAEP-384":
+				hash = "SHA-384";
+				break;
+			case "RS512":
+			case "PS512":
+			case "RSA-OAEP-512":
+				hash = "SHA-512";
+				break;
+			default: throw new TypeError(unusableForAlg);
+		}
+		if (alg.startsWith("RSA-OAEP")) return keyObject.toCryptoKey({
+			name: "RSA-OAEP",
+			hash
+		}, extractable, isPublic ? ["encrypt"] : ["decrypt"]);
+		cryptoKey = keyObject.toCryptoKey({
+			name: alg.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
+			hash
+		}, extractable, [isPublic ? "verify" : "sign"]);
+	}
+	if (keyObject.asymmetricKeyType === "ec") {
+		const namedCurve = new Map([
+			["prime256v1", "P-256"],
+			["secp384r1", "P-384"],
+			["secp521r1", "P-521"]
+		]).get(keyObject.asymmetricKeyDetails?.namedCurve);
+		if (!namedCurve) throw new TypeError(unusableForAlg);
+		const expectedCurve = {
+			ES256: "P-256",
+			ES384: "P-384",
+			ES512: "P-521"
+		};
+		if (expectedCurve[alg] && namedCurve === expectedCurve[alg]) cryptoKey = keyObject.toCryptoKey({
+			name: "ECDSA",
+			namedCurve
+		}, extractable, [isPublic ? "verify" : "sign"]);
+		if (alg.startsWith("ECDH-ES")) cryptoKey = keyObject.toCryptoKey({
+			name: "ECDH",
+			namedCurve
+		}, extractable, isPublic ? [] : ["deriveBits"]);
+	}
+	if (!cryptoKey) throw new TypeError(unusableForAlg);
+	if (!cached) cache.set(keyObject, { [alg]: cryptoKey });
+	else cached[alg] = cryptoKey;
+	return cryptoKey;
+};
+async function normalizeKey(key, alg) {
+	if (key instanceof Uint8Array) return key;
+	if (isCryptoKey(key)) return key;
+	if (isKeyObject(key)) {
+		if (key.type === "secret") return key.export();
+		if ("toCryptoKey" in key && typeof key.toCryptoKey === "function") try {
+			return handleKeyObject(key, alg);
+		} catch (err) {
+			if (err instanceof TypeError) throw err;
+		}
+		return handleJWK(key, key.export({ format: "jwk" }), alg);
+	}
+	if (isJWK(key)) {
+		if (key.k) return decode(key.k);
+		return handleJWK(key, key, alg, true);
+	}
+	throw new Error("unreachable");
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/asn1.js
+const bytesEqual = (a, b) => {
+	if (a.byteLength !== b.length) return false;
+	for (let i = 0; i < a.byteLength; i++) if (a[i] !== b[i]) return false;
+	return true;
+};
+const createASN1State = (data) => ({
+	data,
+	pos: 0
+});
+const parseLength = (state) => {
+	const first = state.data[state.pos++];
+	if (first & 128) {
+		const lengthOfLen = first & 127;
+		let length = 0;
+		for (let i = 0; i < lengthOfLen; i++) length = length << 8 | state.data[state.pos++];
+		return length;
+	}
+	return first;
+};
+const expectTag = (state, expectedTag, errorMessage) => {
+	if (state.data[state.pos++] !== expectedTag) throw new Error(errorMessage);
+};
+const getSubarray = (state, length) => {
+	const result = state.data.subarray(state.pos, state.pos + length);
+	state.pos += length;
+	return result;
+};
+const parseAlgorithmOID = (state) => {
+	expectTag(state, 6, "Expected algorithm OID");
+	return getSubarray(state, parseLength(state));
+};
+function parsePKCS8Header(state) {
+	expectTag(state, 48, "Invalid PKCS#8 structure");
+	parseLength(state);
+	expectTag(state, 2, "Expected version field");
+	const verLen = parseLength(state);
+	state.pos += verLen;
+	expectTag(state, 48, "Expected algorithm identifier");
+	const algIdLen = parseLength(state);
+	return {
+		algIdStart: state.pos,
+		algIdLength: algIdLen
+	};
+}
+function parseSPKIHeader(state) {
+	expectTag(state, 48, "Invalid SPKI structure");
+	parseLength(state);
+	expectTag(state, 48, "Expected algorithm identifier");
+	const algIdLen = parseLength(state);
+	return {
+		algIdStart: state.pos,
+		algIdLength: algIdLen
+	};
+}
+const parseECAlgorithmIdentifier = (state) => {
+	const algOid = parseAlgorithmOID(state);
+	if (bytesEqual(algOid, [
+		43,
+		101,
+		110
+	])) return "X25519";
+	if (!bytesEqual(algOid, [
+		42,
+		134,
+		72,
+		206,
+		61,
+		2,
+		1
+	])) throw new Error("Unsupported key algorithm");
+	expectTag(state, 6, "Expected curve OID");
+	const curveOid = getSubarray(state, parseLength(state));
+	for (const { name, oid } of [
+		{
+			name: "P-256",
+			oid: [
+				42,
+				134,
+				72,
+				206,
+				61,
+				3,
+				1,
+				7
+			]
+		},
+		{
+			name: "P-384",
+			oid: [
+				43,
+				129,
+				4,
+				0,
+				34
+			]
+		},
+		{
+			name: "P-521",
+			oid: [
+				43,
+				129,
+				4,
+				0,
+				35
+			]
+		}
+	]) if (bytesEqual(curveOid, oid)) return name;
+	throw new Error("Unsupported named curve");
+};
+const genericImport = async (keyFormat, keyData, alg, options) => {
+	let algorithm;
+	let keyUsages;
+	const isPublic = keyFormat === "spki";
+	const getSigUsages = () => isPublic ? ["verify"] : ["sign"];
+	const getEncUsages = () => isPublic ? ["encrypt", "wrapKey"] : ["decrypt", "unwrapKey"];
+	switch (alg) {
+		case "PS256":
+		case "PS384":
+		case "PS512":
+			algorithm = {
+				name: "RSA-PSS",
+				hash: `SHA-${alg.slice(-3)}`
+			};
+			keyUsages = getSigUsages();
+			break;
+		case "RS256":
+		case "RS384":
+		case "RS512":
+			algorithm = {
+				name: "RSASSA-PKCS1-v1_5",
+				hash: `SHA-${alg.slice(-3)}`
+			};
+			keyUsages = getSigUsages();
+			break;
+		case "RSA-OAEP":
+		case "RSA-OAEP-256":
+		case "RSA-OAEP-384":
+		case "RSA-OAEP-512":
+			algorithm = {
+				name: "RSA-OAEP",
+				hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`
+			};
+			keyUsages = getEncUsages();
+			break;
+		case "ES256":
+		case "ES384":
+		case "ES512":
+			algorithm = {
+				name: "ECDSA",
+				namedCurve: {
+					ES256: "P-256",
+					ES384: "P-384",
+					ES512: "P-521"
+				}[alg]
+			};
+			keyUsages = getSigUsages();
+			break;
+		case "ECDH-ES":
+		case "ECDH-ES+A128KW":
+		case "ECDH-ES+A192KW":
+		case "ECDH-ES+A256KW":
+			try {
+				const namedCurve = options.getNamedCurve(keyData);
+				algorithm = namedCurve === "X25519" ? { name: "X25519" } : {
+					name: "ECDH",
+					namedCurve
+				};
+			} catch (cause) {
+				throw new JOSENotSupported("Invalid or unsupported key format");
+			}
+			keyUsages = isPublic ? [] : ["deriveBits"];
+			break;
+		case "Ed25519":
+		case "EdDSA":
+			algorithm = { name: "Ed25519" };
+			keyUsages = getSigUsages();
+			break;
+		case "ML-DSA-44":
+		case "ML-DSA-65":
+		case "ML-DSA-87":
+			algorithm = { name: alg };
+			keyUsages = getSigUsages();
+			break;
+		default: throw new JOSENotSupported("Invalid or unsupported \"alg\" (Algorithm) value");
+	}
+	return crypto.subtle.importKey(keyFormat, keyData, algorithm, options?.extractable ?? (isPublic ? true : false), keyUsages);
+};
+const processPEMData = (pem, pattern) => {
+	return decodeBase64(pem.replace(pattern, ""));
+};
+const fromPKCS8 = (pem, alg, options) => {
+	const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);
+	let opts = options;
+	if (alg?.startsWith?.("ECDH-ES")) {
+		opts ||= {};
+		opts.getNamedCurve = (keyData) => {
+			const state = createASN1State(keyData);
+			parsePKCS8Header(state);
+			return parseECAlgorithmIdentifier(state);
+		};
+	}
+	return genericImport("pkcs8", keyData, alg, opts);
+};
+const fromSPKI = (pem, alg, options) => {
+	const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
+	let opts = options;
+	if (alg?.startsWith?.("ECDH-ES")) {
+		opts ||= {};
+		opts.getNamedCurve = (keyData) => {
+			const state = createASN1State(keyData);
+			parseSPKIHeader(state);
+			return parseECAlgorithmIdentifier(state);
+		};
+	}
+	return genericImport("spki", keyData, alg, opts);
+};
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/key/import.js
+async function importSPKI(spki, alg, options) {
+	if (typeof spki !== "string" || spki.indexOf("-----BEGIN PUBLIC KEY-----") !== 0) throw new TypeError("\"spki\" must be SPKI formatted string");
+	return fromSPKI(spki, alg, options);
+}
+async function importPKCS8(pkcs8, alg, options) {
+	if (typeof pkcs8 !== "string" || pkcs8.indexOf("-----BEGIN PRIVATE KEY-----") !== 0) throw new TypeError("\"pkcs8\" must be PKCS#8 formatted string");
+	return fromPKCS8(pkcs8, alg, options);
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/validate_crit.js
+function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
+	if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) throw new Err("\"crit\" (Critical) Header Parameter MUST be integrity protected");
+	if (!protectedHeader || protectedHeader.crit === void 0) return /* @__PURE__ */ new Set();
+	if (!Array.isArray(protectedHeader.crit) || protectedHeader.crit.length === 0 || protectedHeader.crit.some((input) => typeof input !== "string" || input.length === 0)) throw new Err("\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present");
+	let recognized;
+	if (recognizedOption !== void 0) recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);
+	else recognized = recognizedDefault;
+	for (const parameter of protectedHeader.crit) {
+		if (!recognized.has(parameter)) throw new JOSENotSupported(`Extension Header Parameter "${parameter}" is not recognized`);
+		if (joseHeader[parameter] === void 0) throw new Err(`Extension Header Parameter "${parameter}" is missing`);
+		if (recognized.get(parameter) && protectedHeader[parameter] === void 0) throw new Err(`Extension Header Parameter "${parameter}" MUST be integrity protected`);
+	}
+	return new Set(protectedHeader.crit);
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/validate_algorithms.js
+function validateAlgorithms(option, algorithms) {
+	if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) throw new TypeError(`"${option}" option must be an array of strings`);
+	if (!algorithms) return;
+	return new Set(algorithms);
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/check_key_type.js
+const tag = (key) => key?.[Symbol.toStringTag];
+const jwkMatchesOp = (alg, key, usage) => {
+	if (key.use !== void 0) {
+		let expected;
+		switch (usage) {
+			case "sign":
+			case "verify":
+				expected = "sig";
+				break;
+			case "encrypt":
+			case "decrypt":
+				expected = "enc";
+				break;
+		}
+		if (key.use !== expected) throw new TypeError(`Invalid key for this operation, its "use" must be "${expected}" when present`);
+	}
+	if (key.alg !== void 0 && key.alg !== alg) throw new TypeError(`Invalid key for this operation, its "alg" must be "${alg}" when present`);
+	if (Array.isArray(key.key_ops)) {
+		let expectedKeyOp;
+		switch (true) {
+			case usage === "sign" || usage === "verify":
+			case alg === "dir":
+			case alg.includes("CBC-HS"):
+				expectedKeyOp = usage;
+				break;
+			case alg.startsWith("PBES2"):
+				expectedKeyOp = "deriveBits";
+				break;
+			case /^A\d{3}(?:GCM)?(?:KW)?$/.test(alg):
+				if (!alg.includes("GCM") && alg.endsWith("KW")) expectedKeyOp = usage === "encrypt" ? "wrapKey" : "unwrapKey";
+				else expectedKeyOp = usage;
+				break;
+			case usage === "encrypt" && alg.startsWith("RSA"):
+				expectedKeyOp = "wrapKey";
+				break;
+			case usage === "decrypt":
+				expectedKeyOp = alg.startsWith("RSA") ? "unwrapKey" : "deriveBits";
+				break;
+		}
+		if (expectedKeyOp && key.key_ops?.includes?.(expectedKeyOp) === false) throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${expectedKeyOp}" when present`);
+	}
+	return true;
+};
+const symmetricTypeCheck = (alg, key, usage) => {
+	if (key instanceof Uint8Array) return;
+	if (isJWK(key)) {
+		if (isSecretJWK(key) && jwkMatchesOp(alg, key, usage)) return;
+		throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present`);
+	}
+	if (!isKeyLike(key)) throw new TypeError(withAlg(alg, key, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+	if (key.type !== "secret") throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type "secret"`);
+};
+const asymmetricTypeCheck = (alg, key, usage) => {
+	if (isJWK(key)) switch (usage) {
+		case "decrypt":
+		case "sign":
+			if (isPrivateJWK(key) && jwkMatchesOp(alg, key, usage)) return;
+			throw new TypeError(`JSON Web Key for this operation must be a private JWK`);
+		case "encrypt":
+		case "verify":
+			if (isPublicJWK(key) && jwkMatchesOp(alg, key, usage)) return;
+			throw new TypeError(`JSON Web Key for this operation must be a public JWK`);
+	}
+	if (!isKeyLike(key)) throw new TypeError(withAlg(alg, key, "CryptoKey", "KeyObject", "JSON Web Key"));
+	if (key.type === "secret") throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type "secret"`);
+	if (key.type === "public") switch (usage) {
+		case "sign": throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type "private"`);
+		case "decrypt": throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type "private"`);
+	}
+	if (key.type === "private") switch (usage) {
+		case "verify": throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type "public"`);
+		case "encrypt": throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type "public"`);
+	}
+};
+function checkKeyType(alg, key, usage) {
+	switch (alg.substring(0, 2)) {
+		case "A1":
+		case "A2":
+		case "di":
+		case "HS":
+		case "PB":
+			symmetricTypeCheck(alg, key, usage);
+			break;
+		default: asymmetricTypeCheck(alg, key, usage);
+	}
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/jws/flattened/verify.js
+async function flattenedVerify(jws, key, options) {
+	if (!isObject(jws)) throw new JWSInvalid("Flattened JWS must be an object");
+	if (jws.protected === void 0 && jws.header === void 0) throw new JWSInvalid("Flattened JWS must have either of the \"protected\" or \"header\" members");
+	if (jws.protected !== void 0 && typeof jws.protected !== "string") throw new JWSInvalid("JWS Protected Header incorrect type");
+	if (jws.payload === void 0) throw new JWSInvalid("JWS Payload missing");
+	if (typeof jws.signature !== "string") throw new JWSInvalid("JWS Signature missing or incorrect type");
+	if (jws.header !== void 0 && !isObject(jws.header)) throw new JWSInvalid("JWS Unprotected Header incorrect type");
+	let parsedProt = {};
+	if (jws.protected) try {
+		const protectedHeader = decode(jws.protected);
+		parsedProt = JSON.parse(decoder.decode(protectedHeader));
+	} catch {
+		throw new JWSInvalid("JWS Protected Header is invalid");
+	}
+	if (!isDisjoint(parsedProt, jws.header)) throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+	const joseHeader = {
+		...parsedProt,
+		...jws.header
+	};
+	const extensions = validateCrit(JWSInvalid, new Map([["b64", true]]), options?.crit, parsedProt, joseHeader);
+	let b64 = true;
+	if (extensions.has("b64")) {
+		b64 = parsedProt.b64;
+		if (typeof b64 !== "boolean") throw new JWSInvalid("The \"b64\" (base64url-encode payload) Header Parameter must be a boolean");
+	}
+	const { alg } = joseHeader;
+	if (typeof alg !== "string" || !alg) throw new JWSInvalid("JWS \"alg\" (Algorithm) Header Parameter missing or invalid");
+	const algorithms = options && validateAlgorithms("algorithms", options.algorithms);
+	if (algorithms && !algorithms.has(alg)) throw new JOSEAlgNotAllowed("\"alg\" (Algorithm) Header Parameter value not allowed");
+	if (b64) {
+		if (typeof jws.payload !== "string") throw new JWSInvalid("JWS Payload must be a string");
+	} else if (typeof jws.payload !== "string" && !(jws.payload instanceof Uint8Array)) throw new JWSInvalid("JWS Payload must be a string or an Uint8Array instance");
+	let resolvedKey = false;
+	if (typeof key === "function") {
+		key = await key(parsedProt, jws);
+		resolvedKey = true;
+	}
+	checkKeyType(alg, key, "verify");
+	const data = concat(jws.protected !== void 0 ? encode$1(jws.protected) : new Uint8Array(), encode$1("."), typeof jws.payload === "string" ? b64 ? encode$1(jws.payload) : encoder.encode(jws.payload) : jws.payload);
+	const signature = decodeBase64url(jws.signature, "signature", JWSInvalid);
+	const k = await normalizeKey(key, alg);
+	if (!await verify(alg, k, signature, data)) throw new JWSSignatureVerificationFailed();
+	let payload;
+	if (b64) payload = decodeBase64url(jws.payload, "payload", JWSInvalid);
+	else if (typeof jws.payload === "string") payload = encoder.encode(jws.payload);
+	else payload = jws.payload;
+	const result = { payload };
+	if (jws.protected !== void 0) result.protectedHeader = parsedProt;
+	if (jws.header !== void 0) result.unprotectedHeader = jws.header;
+	if (resolvedKey) return {
+		...result,
+		key: k
+	};
+	return result;
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/jws/compact/verify.js
+async function compactVerify(jws, key, options) {
+	if (jws instanceof Uint8Array) jws = decoder.decode(jws);
+	if (typeof jws !== "string") throw new JWSInvalid("Compact JWS must be a string or Uint8Array");
+	const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split(".");
+	if (length !== 3) throw new JWSInvalid("Invalid Compact JWS");
+	const verified = await flattenedVerify({
+		payload,
+		protected: protectedHeader,
+		signature
+	}, key, options);
+	const result = {
+		payload: verified.payload,
+		protectedHeader: verified.protectedHeader
+	};
+	if (typeof key === "function") return {
+		...result,
+		key: verified.key
+	};
+	return result;
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/lib/jwt_claims_set.js
+const epoch = (date) => Math.floor(date.getTime() / 1e3);
+const minute = 60;
+const hour = minute * 60;
+const day = hour * 24;
+const week = day * 7;
+const year = day * 365.25;
+const REGEX = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+function secs(str) {
+	const matched = REGEX.exec(str);
+	if (!matched || matched[4] && matched[1]) throw new TypeError("Invalid time period format");
+	const value = parseFloat(matched[2]);
+	const unit = matched[3].toLowerCase();
+	let numericDate;
+	switch (unit) {
+		case "sec":
+		case "secs":
+		case "second":
+		case "seconds":
+		case "s":
+			numericDate = Math.round(value);
+			break;
+		case "minute":
+		case "minutes":
+		case "min":
+		case "mins":
+		case "m":
+			numericDate = Math.round(value * minute);
+			break;
+		case "hour":
+		case "hours":
+		case "hr":
+		case "hrs":
+		case "h":
+			numericDate = Math.round(value * hour);
+			break;
+		case "day":
+		case "days":
+		case "d":
+			numericDate = Math.round(value * day);
+			break;
+		case "week":
+		case "weeks":
+		case "w":
+			numericDate = Math.round(value * week);
+			break;
+		default:
+			numericDate = Math.round(value * year);
+			break;
+	}
+	if (matched[1] === "-" || matched[4] === "ago") return -numericDate;
+	return numericDate;
+}
+function validateInput(label, input) {
+	if (!Number.isFinite(input)) throw new TypeError(`Invalid ${label} input`);
+	return input;
+}
+const normalizeTyp = (value) => {
+	if (value.includes("/")) return value.toLowerCase();
+	return `application/${value.toLowerCase()}`;
+};
+const checkAudiencePresence = (audPayload, audOption) => {
+	if (typeof audPayload === "string") return audOption.includes(audPayload);
+	if (Array.isArray(audPayload)) return audOption.some(Set.prototype.has.bind(new Set(audPayload)));
+	return false;
+};
+function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
+	let payload;
+	try {
+		payload = JSON.parse(decoder.decode(encodedPayload));
+	} catch {}
+	if (!isObject(payload)) throw new JWTInvalid("JWT Claims Set must be a top-level JSON object");
+	const { typ } = options;
+	if (typ && (typeof protectedHeader.typ !== "string" || normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) throw new JWTClaimValidationFailed("unexpected \"typ\" JWT header value", payload, "typ", "check_failed");
+	const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;
+	const presenceCheck = [...requiredClaims];
+	if (maxTokenAge !== void 0) presenceCheck.push("iat");
+	if (audience !== void 0) presenceCheck.push("aud");
+	if (subject !== void 0) presenceCheck.push("sub");
+	if (issuer !== void 0) presenceCheck.push("iss");
+	for (const claim of new Set(presenceCheck.reverse())) if (!(claim in payload)) throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, payload, claim, "missing");
+	if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) throw new JWTClaimValidationFailed("unexpected \"iss\" claim value", payload, "iss", "check_failed");
+	if (subject && payload.sub !== subject) throw new JWTClaimValidationFailed("unexpected \"sub\" claim value", payload, "sub", "check_failed");
+	if (audience && !checkAudiencePresence(payload.aud, typeof audience === "string" ? [audience] : audience)) throw new JWTClaimValidationFailed("unexpected \"aud\" claim value", payload, "aud", "check_failed");
+	let tolerance;
+	switch (typeof options.clockTolerance) {
+		case "string":
+			tolerance = secs(options.clockTolerance);
+			break;
+		case "number":
+			tolerance = options.clockTolerance;
+			break;
+		case "undefined":
+			tolerance = 0;
+			break;
+		default: throw new TypeError("Invalid clockTolerance option type");
+	}
+	const { currentDate } = options;
+	const now = epoch(currentDate || /* @__PURE__ */ new Date());
+	if ((payload.iat !== void 0 || maxTokenAge) && typeof payload.iat !== "number") throw new JWTClaimValidationFailed("\"iat\" claim must be a number", payload, "iat", "invalid");
+	if (payload.nbf !== void 0) {
+		if (typeof payload.nbf !== "number") throw new JWTClaimValidationFailed("\"nbf\" claim must be a number", payload, "nbf", "invalid");
+		if (payload.nbf > now + tolerance) throw new JWTClaimValidationFailed("\"nbf\" claim timestamp check failed", payload, "nbf", "check_failed");
+	}
+	if (payload.exp !== void 0) {
+		if (typeof payload.exp !== "number") throw new JWTClaimValidationFailed("\"exp\" claim must be a number", payload, "exp", "invalid");
+		if (payload.exp <= now - tolerance) throw new JWTExpired("\"exp\" claim timestamp check failed", payload, "exp", "check_failed");
+	}
+	if (maxTokenAge) {
+		const age = now - payload.iat;
+		const max = typeof maxTokenAge === "number" ? maxTokenAge : secs(maxTokenAge);
+		if (age - tolerance > max) throw new JWTExpired("\"iat\" claim timestamp check failed (too far in the past)", payload, "iat", "check_failed");
+		if (age < 0 - tolerance) throw new JWTClaimValidationFailed("\"iat\" claim timestamp check failed (it should be in the past)", payload, "iat", "check_failed");
+	}
+	return payload;
+}
+var JWTClaimsBuilder = class {
+	#payload;
+	constructor(payload) {
+		if (!isObject(payload)) throw new TypeError("JWT Claims Set MUST be an object");
+		this.#payload = structuredClone(payload);
+	}
+	data() {
+		return encoder.encode(JSON.stringify(this.#payload));
+	}
+	get iss() {
+		return this.#payload.iss;
+	}
+	set iss(value) {
+		this.#payload.iss = value;
+	}
+	get sub() {
+		return this.#payload.sub;
+	}
+	set sub(value) {
+		this.#payload.sub = value;
+	}
+	get aud() {
+		return this.#payload.aud;
+	}
+	set aud(value) {
+		this.#payload.aud = value;
+	}
+	set jti(value) {
+		this.#payload.jti = value;
+	}
+	set nbf(value) {
+		if (typeof value === "number") this.#payload.nbf = validateInput("setNotBefore", value);
+		else if (value instanceof Date) this.#payload.nbf = validateInput("setNotBefore", epoch(value));
+		else this.#payload.nbf = epoch(/* @__PURE__ */ new Date()) + secs(value);
+	}
+	set exp(value) {
+		if (typeof value === "number") this.#payload.exp = validateInput("setExpirationTime", value);
+		else if (value instanceof Date) this.#payload.exp = validateInput("setExpirationTime", epoch(value));
+		else this.#payload.exp = epoch(/* @__PURE__ */ new Date()) + secs(value);
+	}
+	set iat(value) {
+		if (value === void 0) this.#payload.iat = epoch(/* @__PURE__ */ new Date());
+		else if (value instanceof Date) this.#payload.iat = validateInput("setIssuedAt", epoch(value));
+		else if (typeof value === "string") this.#payload.iat = validateInput("setIssuedAt", epoch(/* @__PURE__ */ new Date()) + secs(value));
+		else this.#payload.iat = validateInput("setIssuedAt", value);
+	}
+};
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/jwt/verify.js
+async function jwtVerify(jwt, key, options) {
+	const verified = await compactVerify(jwt, key, options);
+	if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
+	const result = {
+		payload: validateClaimsSet(verified.protectedHeader, verified.payload, options),
+		protectedHeader: verified.protectedHeader
+	};
+	if (typeof key === "function") return {
+		...result,
+		key: verified.key
+	};
+	return result;
+}
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/jws/flattened/sign.js
+var FlattenedSign = class {
+	#payload;
+	#protectedHeader;
+	#unprotectedHeader;
+	constructor(payload) {
+		if (!(payload instanceof Uint8Array)) throw new TypeError("payload must be an instance of Uint8Array");
+		this.#payload = payload;
+	}
+	setProtectedHeader(protectedHeader) {
+		assertNotSet(this.#protectedHeader, "setProtectedHeader");
+		this.#protectedHeader = protectedHeader;
+		return this;
+	}
+	setUnprotectedHeader(unprotectedHeader) {
+		assertNotSet(this.#unprotectedHeader, "setUnprotectedHeader");
+		this.#unprotectedHeader = unprotectedHeader;
+		return this;
+	}
+	async sign(key, options) {
+		if (!this.#protectedHeader && !this.#unprotectedHeader) throw new JWSInvalid("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");
+		if (!isDisjoint(this.#protectedHeader, this.#unprotectedHeader)) throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
+		const joseHeader = {
+			...this.#protectedHeader,
+			...this.#unprotectedHeader
+		};
+		const extensions = validateCrit(JWSInvalid, new Map([["b64", true]]), options?.crit, this.#protectedHeader, joseHeader);
+		let b64 = true;
+		if (extensions.has("b64")) {
+			b64 = this.#protectedHeader.b64;
+			if (typeof b64 !== "boolean") throw new JWSInvalid("The \"b64\" (base64url-encode payload) Header Parameter must be a boolean");
+		}
+		const { alg } = joseHeader;
+		if (typeof alg !== "string" || !alg) throw new JWSInvalid("JWS \"alg\" (Algorithm) Header Parameter missing or invalid");
+		checkKeyType(alg, key, "sign");
+		let payloadS;
+		let payloadB;
+		if (b64) {
+			payloadS = encode(this.#payload);
+			payloadB = encode$1(payloadS);
+		} else {
+			payloadB = this.#payload;
+			payloadS = "";
+		}
+		let protectedHeaderString;
+		let protectedHeaderBytes;
+		if (this.#protectedHeader) {
+			protectedHeaderString = encode(JSON.stringify(this.#protectedHeader));
+			protectedHeaderBytes = encode$1(protectedHeaderString);
+		} else {
+			protectedHeaderString = "";
+			protectedHeaderBytes = new Uint8Array();
+		}
+		const data = concat(protectedHeaderBytes, encode$1("."), payloadB);
+		const jws = {
+			signature: encode(await sign(alg, await normalizeKey(key, alg), data)),
+			payload: payloadS
+		};
+		if (this.#unprotectedHeader) jws.header = this.#unprotectedHeader;
+		if (this.#protectedHeader) jws.protected = protectedHeaderString;
+		return jws;
+	}
+};
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/jws/compact/sign.js
+var CompactSign = class {
+	#flattened;
+	constructor(payload) {
+		this.#flattened = new FlattenedSign(payload);
+	}
+	setProtectedHeader(protectedHeader) {
+		this.#flattened.setProtectedHeader(protectedHeader);
+		return this;
+	}
+	async sign(key, options) {
+		const jws = await this.#flattened.sign(key, options);
+		if (jws.payload === void 0) throw new TypeError("use the flattened module for creating JWS with b64: false");
+		return `${jws.protected}.${jws.payload}.${jws.signature}`;
+	}
+};
+//#endregion
+//#region ../../../../node_modules/jose/dist/webapi/jwt/sign.js
+var SignJWT = class {
+	#protectedHeader;
+	#jwt;
+	constructor(payload = {}) {
+		this.#jwt = new JWTClaimsBuilder(payload);
+	}
+	setIssuer(issuer) {
+		this.#jwt.iss = issuer;
+		return this;
+	}
+	setSubject(subject) {
+		this.#jwt.sub = subject;
+		return this;
+	}
+	setAudience(audience) {
+		this.#jwt.aud = audience;
+		return this;
+	}
+	setJti(jwtId) {
+		this.#jwt.jti = jwtId;
+		return this;
+	}
+	setNotBefore(input) {
+		this.#jwt.nbf = input;
+		return this;
+	}
+	setExpirationTime(input) {
+		this.#jwt.exp = input;
+		return this;
+	}
+	setIssuedAt(input) {
+		this.#jwt.iat = input;
+		return this;
+	}
+	setProtectedHeader(protectedHeader) {
+		this.#protectedHeader = protectedHeader;
+		return this;
+	}
+	async sign(key, options) {
+		const sig = new CompactSign(this.#jwt.data());
+		sig.setProtectedHeader(this.#protectedHeader);
+		if (Array.isArray(this.#protectedHeader?.crit) && this.#protectedHeader.crit.includes("b64") && this.#protectedHeader.b64 === false) throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
+		return sig.sign(key, options);
+	}
+};
+//#endregion
+//#region ../../src/server/auth/helpers/appleClientSecret.ts
+/** Signs Apple's short-lived ES256 client_secret JWT on demand (no rotation job). */
+async function signAppleClientSecret(opts) {
+	const key = await importPKCS8(opts.privateKeyPem, "ES256");
+	return new SignJWT({}).setProtectedHeader({
+		alg: "ES256",
+		kid: opts.keyId,
+		typ: "JWT"
+	}).setIssuer(opts.teamId).setSubject(opts.serviceId).setAudience("https://appleid.apple.com").setIssuedAt().setExpirationTime(`${opts.ttlSeconds ?? 300}s`).sign(key);
+}
+//#endregion
+//#region ../../src/server/auth/helpers/federationAssertion.ts
+const ALG = "EdDSA";
+async function signFederationAssertion(profile, opts) {
+	const key = await importPKCS8(opts.privateKeyPem, ALG);
+	const jti = opts.jti ?? crypto.randomUUID();
+	const ttl = opts.ttlSeconds ?? 60;
+	return new SignJWT({ profile }).setProtectedHeader({
+		alg: ALG,
+		typ: "JWT"
+	}).setIssuer(opts.issuer).setAudience(opts.audience).setJti(jti).setIssuedAt().setExpirationTime(`${ttl}s`).sign(key);
+}
+async function verifyFederationAssertion(token, opts) {
+	const { payload } = await jwtVerify(token, await importSPKI(opts.publicKeyPem, ALG), {
+		issuer: opts.issuer,
+		audience: opts.audience,
+		algorithms: [ALG],
+		requiredClaims: [
+			"exp",
+			"iat",
+			"jti"
+		]
+	});
+	const profile = payload.profile;
+	if (!profile?.sub || !profile.provider) throw new Error("Federation assertion missing profile.sub/provider");
+	if (!payload.jti) throw new Error("Federation assertion missing jti");
+	return {
+		profile,
+		jti: String(payload.jti)
+	};
+}
+//#endregion
 //#region ../../src/server/auth/schemas/authenticationProviderSchema.ts
 const authenticationProviderSchema = t.object({
 	name: t.text({ description: "Name of the authentication provider." }),
@@ -2075,6 +3414,260 @@ const $authFacebook = (realm, options = {}) => {
 	});
 };
 //#endregion
+//#region ../../src/server/auth/helpers/safeRedirectPath.ts
+/**
+* Returns a safe in-app redirect target: a single absolute path on the current
+* origin. Rejects protocol-relative (`//host`), absolute URLs, and backslash
+* tricks so a crafted `redirect` query can't become a post-auth open redirect.
+*/
+function safeRedirectPath(redirect, fallback = "/") {
+	if (typeof redirect === "string" && redirect.startsWith("/") && !redirect.startsWith("//") && !redirect.includes("\\")) return redirect;
+	return fallback;
+}
+//#endregion
+//#region ../../src/server/auth/primitives/$authFederationBroker.ts
+const ISSUERS = {
+	google: "https://accounts.google.com",
+	apple: "https://appleid.apple.com"
+};
+const $authFederationBroker = (options) => {
+	const callbackPath = "/auth/federated/callback";
+	if (!options.signingKeyPem) throw new AlephaError("$authFederationBroker requires signingKeyPem");
+	const flow = $cookie({
+		name: "federationFlow",
+		ttl: [15, "minutes"],
+		httpOnly: true,
+		encrypt: true,
+		schema: t.object({
+			provider: t.text(),
+			tenantOrigin: t.text({ size: "long" }),
+			redirectPath: t.text({ size: "long" }),
+			codeVerifier: t.optional(t.text({ size: "long" })),
+			state: t.optional(t.text()),
+			nonce: t.optional(t.text())
+		})
+	});
+	const callbackUri = `${options.issuer}${callbackPath}`;
+	const getConfig = async (provider) => {
+		if (provider === "google") {
+			const g = options.providers.google;
+			if (!g) throw new SecurityError("google federation not configured");
+			return discovery(new URL(ISSUERS.google), g.clientId, g.clientSecret);
+		}
+		const a = options.providers.apple;
+		if (!a) throw new SecurityError("apple federation not configured");
+		const clientSecret = await signAppleClientSecret({
+			privateKeyPem: a.privateKeyPem,
+			teamId: a.teamId,
+			serviceId: a.serviceId,
+			keyId: a.keyId
+		});
+		return discovery(new URL(ISSUERS.apple), a.serviceId, clientSecret);
+	};
+	const scopeFor = (provider) => provider === "apple" ? "name email" : "openid email profile";
+	const start = $route({
+		path: "/auth/federated/start",
+		schema: { query: t.object({
+			provider: t.text(),
+			tenant: t.text(),
+			redirect: t.optional(t.text({ size: "long" }))
+		}) },
+		handler: async ({ query, reply, cookies }) => {
+			if (query.provider !== "google" && query.provider !== "apple") throw new BadRequestError(`Unsupported provider '${query.provider}'`);
+			const tenantOrigin = await options.resolveTenant(query.tenant);
+			if (!tenantOrigin) throw new BadRequestError("Unknown or inactive tenant");
+			const config = await getConfig(query.provider);
+			const codeVerifier = randomPKCECodeVerifier();
+			const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
+			const parameters = {
+				redirect_uri: callbackUri,
+				scope: scopeFor(query.provider),
+				code_challenge: codeChallenge,
+				code_challenge_method: "S256"
+			};
+			if (query.provider === "apple") parameters.response_mode = "form_post";
+			const usePkce = config.serverMetadata().supportsPKCE();
+			let state;
+			let nonce;
+			if (!usePkce) {
+				state = randomState();
+				nonce = randomState();
+				parameters.state = state;
+				parameters.nonce = nonce;
+				delete parameters.code_challenge;
+				delete parameters.code_challenge_method;
+			}
+			flow.set({
+				provider: query.provider,
+				tenantOrigin,
+				redirectPath: safeRedirectPath(query.redirect),
+				codeVerifier: usePkce ? codeVerifier : void 0,
+				state,
+				nonce
+			}, { cookies });
+			reply.redirect(buildAuthorizationUrl(config, parameters).toString(), 302);
+		}
+	});
+	const handle = async (urlOrReq, cookies, reply, rawProfile) => {
+		const ctx = flow.get({ cookies });
+		if (!ctx) throw new BadRequestError("Missing federation flow");
+		flow.del({ cookies });
+		const provider = ctx.provider;
+		let profile;
+		try {
+			const claims = (await authorizationCodeGrant(await getConfig(provider), urlOrReq, {
+				pkceCodeVerifier: ctx.codeVerifier,
+				expectedState: ctx.state,
+				expectedNonce: ctx.nonce
+			})).claims?.() ?? {};
+			const merged = {
+				...rawProfile,
+				...claims
+			};
+			profile = {
+				provider,
+				sub: String(merged.sub),
+				email: merged.email,
+				email_verified: typeof merged.email_verified === "string" ? merged.email_verified === "true" : merged.email_verified,
+				name: merged.name,
+				given_name: merged.given_name,
+				family_name: merged.family_name,
+				picture: merged.picture,
+				is_private_email: typeof merged.is_private_email === "string" ? merged.is_private_email === "true" : merged.is_private_email
+			};
+		} catch {
+			const fail = new URL(`${ctx.tenantOrigin}${ctx.redirectPath}`);
+			fail.searchParams.set("error", "federation_failed");
+			reply.redirect(fail.toString(), 302);
+			return;
+		}
+		const assertion = await signFederationAssertion(profile, {
+			privateKeyPem: options.signingKeyPem,
+			issuer: options.issuer,
+			audience: ctx.tenantOrigin,
+			ttlSeconds: options.assertionTtlSeconds
+		});
+		const dest = new URL(`${ctx.tenantOrigin}/auth/federated/callback`);
+		dest.searchParams.set("token", assertion);
+		dest.searchParams.set("redirect", ctx.redirectPath);
+		reply.redirect(dest.toString(), 302);
+	};
+	return {
+		start,
+		callback: $route({
+			path: callbackPath,
+			handler: async ({ url, reply, cookies }) => handle(url, cookies, reply)
+		}),
+		callbackPost: $route({
+			path: callbackPath,
+			method: "POST",
+			handler: async ({ reply, cookies, raw }) => {
+				let rawProfile;
+				let req = raw?.web?.req;
+				if (raw?.web?.req) {
+					const cloned = raw.web.req.clone();
+					req = raw.web.req;
+					try {
+						const userField = (await cloned.formData()).get("user");
+						if (typeof userField === "string") {
+							const parsed = JSON.parse(userField);
+							rawProfile = {};
+							if (parsed.name?.firstName) rawProfile.given_name = parsed.name.firstName;
+							if (parsed.name?.lastName) rawProfile.family_name = parsed.name.lastName;
+							if (parsed.name?.firstName || parsed.name?.lastName) rawProfile.name = [parsed.name?.firstName, parsed.name?.lastName].filter(Boolean).join(" ");
+							if (parsed.email) rawProfile.email = parsed.email;
+						}
+					} catch {}
+				}
+				await handle(req, cookies, reply, rawProfile);
+			}
+		})
+	};
+};
+//#endregion
+//#region ../../src/server/auth/helpers/jtiReplayGuard.ts
+/**
+* Single-use guard for short-lived assertion `jti`s. Bounded + self-pruning so
+* it can't grow without limit in a long-lived process. Best-effort per-instance
+* (assertions are also `aud`-bound + ~60s TTL, so a cross-isolate replay window
+* is tiny); use a shared store if you need a hard cross-instance guarantee.
+*/
+var JtiReplayGuard = class {
+	ttlMs;
+	maxEntries;
+	seen = /* @__PURE__ */ new Map();
+	constructor(ttlMs = 12e4, maxEntries = 1e4) {
+		this.ttlMs = ttlMs;
+		this.maxEntries = maxEntries;
+	}
+	/** Records `jti` and returns true if fresh; false if already used (replay). */
+	check(jti, now = Date.now()) {
+		this.prune(now);
+		if (this.seen.has(jti)) return false;
+		this.seen.set(jti, now + this.ttlMs);
+		return true;
+	}
+	prune(now) {
+		for (const [k, exp] of this.seen) if (exp <= now) this.seen.delete(k);
+		while (this.seen.size >= this.maxEntries) {
+			const oldest = this.seen.keys().next().value;
+			if (oldest === void 0) break;
+			this.seen.delete(oldest);
+		}
+	}
+};
+//#endregion
+//#region ../../src/server/auth/primitives/$authFederationClient.ts
+async function assertionToProfile(token, opts) {
+	const { profile, jti } = await verifyFederationAssertion(token, opts);
+	return {
+		provider: profile.provider,
+		jti,
+		link: {
+			access_token: "",
+			user: {
+				sub: profile.sub,
+				email: profile.email,
+				email_verified: profile.email_verified,
+				name: profile.name,
+				given_name: profile.given_name,
+				family_name: profile.family_name,
+				picture: profile.picture
+			}
+		}
+	};
+}
+const $authFederationClient = (options) => {
+	const { alepha } = $context();
+	const replay = new JtiReplayGuard();
+	return { callback: $route({
+		path: "/auth/federated/callback",
+		schema: { query: t.object({
+			token: t.text({ size: "rich" }),
+			redirect: t.optional(t.text({ size: "long" }))
+		}) },
+		handler: async ({ query, url, reply, cookies }) => {
+			const serverAuth = alepha.inject(ServerAuthProvider);
+			const audience = options.selfOrigin ?? `${url.protocol}//${url.host}`;
+			try {
+				const { provider, jti, link } = await assertionToProfile(query.token, {
+					publicKeyPem: options.publicKeyPem,
+					issuer: options.brokerUrl,
+					audience
+				});
+				if (!replay.check(jti)) throw new BadRequestError("Assertion already used");
+				if (!options.realm.link) throw new BadRequestError("Realm has no link function");
+				const user = await options.realm.link(provider)(link);
+				await serverAuth.establishSession(user, options.realm, provider, cookies);
+			} catch {
+				reply.redirect("/auth/login?error=federation_failed", 302);
+				return;
+			}
+			reply.redirect(safeRedirectPath(query.redirect), 302);
+		}
+	}) };
+};
+//#endregion
 //#region ../../src/server/auth/primitives/$authFranceConnect.ts
 /**
 * Creates an authentication provider primitive for France Connect.
@@ -2310,6 +3903,6 @@ const AlephaServerAuth = $module({
 	services: [AlephaServerCookies, ServerAuthProvider]
 });
 //#endregion
-export { $auth, $authApple, $authCredentials, $authFacebook, $authFranceConnect, $authGithub, $authGoogle, $authMicrosoft, AlephaServerAuth, AuthPrimitive, ServerAuthProvider, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
+export { $auth, $authApple, $authCredentials, $authFacebook, $authFederationBroker, $authFederationClient, $authFranceConnect, $authGithub, $authGoogle, $authMicrosoft, AlephaServerAuth, AuthPrimitive, ServerAuthProvider, alephaServerAuthRoutes, assertionToProfile, authenticationProviderSchema, signAppleClientSecret, signFederationAssertion, tokenResponseSchema, tokensSchema, userinfoResponseSchema, verifyFederationAssertion };
 
 //# sourceMappingURL=index.js.map