gemi 0.4.61 → 0.4.63

package/dist/auth/adapters/prisma.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prisma.d.ts","sourceRoot":"","sources":["../../../auth/adapters/prisma.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,IAAI,EACJ,iBAAiB,EACjB,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,0BAA0B,EAC1B,4BAA4B,EAC7B,MAAM,SAAS,CAAC;AAEjB,qBAAa,2BAA4B,YAAW,sBAAsB;IAC5D,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,GAAG;IAEzB,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAOhE,UAAU,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMrD,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpD,WAAW,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAqCnE,aAAa,CACjB,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAmB5B,kBAAkB,CAAC,IAAI,EAAE;QAC7B,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,IAAI,CAAC;IAOX,wBAAwB,CAAC,IAAI,EAAE,4BAA4B;IAS3D,sBAAsB,CAC1B,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAQ/B,qBAAqB,CAAC,MAAM,EAAE,MAAM;IAIpC,wBAAwB,CAAC,IAAI,EAAE,4BAA4B;CAIlE"}
+{"version":3,"file":"prisma.d.ts","sourceRoot":"","sources":["../../../auth/adapters/prisma.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,IAAI,EACJ,iBAAiB,EACjB,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,0BAA0B,EAC1B,4BAA4B,EAC7B,MAAM,SAAS,CAAC;AAEjB,qBAAa,2BAA4B,YAAW,sBAAsB;IAC5D,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,GAAG;IAEzB,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAOhE,UAAU,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,aAAa,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMrD,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpD,WAAW,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAsCnE,aAAa,CACjB,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IA2B5B,kBAAkB,CAAC,IAAI,EAAE;QAC7B,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,IAAI,CAAC;IAOX,wBAAwB,CAAC,IAAI,EAAE,4BAA4B;IAS3D,sBAAsB,CAC1B,IAAI,EAAE,0BAA0B,GAC/B,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAQ/B,qBAAqB,CAAC,MAAM,EAAE,MAAM;IAIpC,wBAAwB,CAAC,IAAI,EAAE,4BAA4B;CAIlE"}

package/dist/chunk-00cb9f80352454dd.js

@@ -0,0 +1 @@
+import{y as h,z as G} from"./chunk-7ce930fe69575c87.js";import{lb as I} from"./chunk-c72bfaa252a03f6f.js";import{ob as H,sb as K} from"./chunk-ffe161a589b4c44b.js";var t=G((r,j)=>{var T=function(c){const i={};if(c=c.replace(/^\?/,""),c)for(let n of c.split("&")){let[F,f=null]=n.split("=");if(F=decodeURIComponent(F),f)f=decodeURIComponent(f);if(!(F in i))i[F]=f;else if(Array.isArray(i[F]))i[F].push(f);else i[F]=[i[F],f]}return i},o=Object.defineProperty,M=Object.getOwnPropertyDescriptor,Q=Object.getOwnPropertyNames,U=Object.prototype.hasOwnProperty,O=(c,i)=>o(c,"name",{value:i,configurable:!0}),d=(c,i)=>{for(var n in i)o(c,n,{get:i[n],enumerable:!0})},v=(c,i,n,F)=>{if(i&&typeof i==="object"||typeof i==="function"){for(let f of Q(i))if(!U.call(c,f)&&f!==n)o(c,f,{get:()=>i[f],enumerable:!(F=M(i,f))||F.enumerable})}return c},J=(c)=>v(o({},"__esModule",{value:!0}),c),S={};d(S,{parseQueryString:()=>T});j.exports=J(S);O(T,"parseQueryString")});var a=G((y,Z)=>{var{defineProperty:w,getOwnPropertyDescriptor:x,getOwnPropertyNames:P}=Object,s=Object.prototype.hasOwnProperty,l=(c,i)=>w(c,"name",{value:i,configurable:!0}),m=(c,i)=>{for(var n in i)w(c,n,{get:i[n],enumerable:!0})},k=(c,i,n,F)=>{if(i&&typeof i==="object"||typeof i==="function"){for(let f of P(i))if(!s.call(c,f)&&f!==n)w(c,f,{get:()=>i[f],enumerable:!(F=x(i,f))||F.enumerable})}return c},q=(c)=>k(w({},"__esModule",{value:!0}),c),z={};m(z,{parseUrl:()=>X});Z.exports=q(z);var p=t(),X=l((c)=>{if(typeof c==="string")return X(new URL(c));const{hostname:i,pathname:n,port:F,protocol:f,search:E}=c;let N;if(E)N=p.parseQueryString(E);return{hostname:i,port:F?parseInt(F):void 0,protocol:f,path:n,query:N}},"parseUrl")});var R=h(I(),1);var b=h(I(),1);function C(c){try{const i=new Set(Array.from(c.match(/([A-Z_]){3,}/g)??[]));return i.delete("CONFIG"),i.delete("CONFIG_PREFIX_SEPARATOR"),i.delete("ENV"),[...i].join(", ")}catch(i){return c}}var B=(c,i)=>async()=>{try{const n=c(process.env);if(n===void 0)throw new Error;return n}catch(n){throw new b.CredentialsProviderError(n.message||`Not found in ENV: ${C(c.toString())}`,{logger:i})}};var L=h(I(),1);var V=(c,{preferredFile:i="config",...n}={})=>async()=>{const F=H(n),{configFile:f,credentialsFile:E}=await K(n),N=E[F]||{},$=f[F]||{},D=i==="config"?{...N,...$}:{...$,...N};try{const A=c(D,i==="config"?f:E);if(A===void 0)throw new Error;return A}catch(g){throw new L.CredentialsProviderError(g.message||`Not found in config files w/ profile [${F}]: ${C(c.toString())}`,{logger:n.logger})}};var W=h(I(),1),u=(c)=>typeof c==="function",Y=(c)=>u(c)?async()=>await c():W.fromStatic(c);var wi=({environmentVariableSelector:c,configFileSelector:i,default:n},F={})=>R.memoize(R.chain(B(c),V(i,F),Y(n)));export{a as jb,wi as kb};

package/dist/chunk-03c8e645c994d40a.js

@@ -1,2 +1,2 @@
 // @bun
-import"./chunk-7ce930fe69575c87.js";import"./chunk-a0003b7feea6fae6.js";import{lb as c,nb as m} from"./chunk-ff086fe014985526.js";import{sb as l,yb as S} from"./chunk-d26ffb7722e6df54.js";var w=(e,s,r)=>{const i={EcsContainer:async(t)=>{const{fromHttp:n}=await import("./chunk-d5709251a0493152.js"),{fromContainerMetadata:d}=await import("./chunk-01052ff9d1c07ef8.js");return r?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),m(n(t??{}),d(t))},Ec2InstanceMetadata:async(t)=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");const{fromInstanceMetadata:n}=await import("./chunk-01052ff9d1c07ef8.js");return n(t)},Environment:async(t)=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");const{fromEnv:n}=await import("./chunk-c1813278ccdc04b8.js");return n(t)}};if(e in i)return i[e];else throw new c(`Unsupported credential source in profile ${s}. Got ${e}, `+"expected EcsContainer or Ec2InstanceMetadata or Environment.",{logger:r})};var y=(e,{profile:s="default",logger:r}={})=>{return Boolean(e)&&typeof e==="object"&&typeof e.role_arn==="string"&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(h(e,{profile:s,logger:r})||D(e,{profile:s,logger:r}))},h=(e,{profile:s,logger:r})=>{const i=typeof e.source_profile==="string"&&typeof e.credential_source==="undefined";if(i)r?.debug?.(`    ${s} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`);return i},D=(e,{profile:s,logger:r})=>{const i=typeof e.credential_source==="string"&&typeof e.source_profile==="undefined";if(i)r?.debug?.(`    ${s} isCredentialSourceProfile credential_source=${e.credential_source}`);return i},C=async(e,s,r,i={})=>{r.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");const t=s[e];if(!r.roleAssumer){const{getDefaultRoleAssumer:R}=await import("./chunk-60d70dcbf4e79276.js");r.roleAssumer=R({...r.clientConfig,credentialProviderLogger:r.logger,parentClientConfig:r?.parentClientConfig},r.clientPlugins)}const{source_profile:n}=t;if(n&&n in i)throw new c("Detected a cycle attempting to resolve credentials for profile"+` ${l(r)}. Profiles visited: `+Object.keys(i).join(", "),{logger:r.logger});r.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${n?`source_profile=[${n}]`:`profile=[${e}]`}`);const d=n?o(n,{...s,[n]:{...s[n],role_arn:t.role_arn??s[n].role_arn}},r,{...i,[n]:!0}):(await w(t.credential_source,e,r.logger)(r))(),u={RoleArn:t.role_arn,RoleSessionName:t.role_session_name||`aws-sdk-js-${Date.now()}`,ExternalId:t.external_id,DurationSeconds:parseInt(t.duration_seconds||"3600",10)},{mfa_serial:f}=t;if(f){if(!r.mfaCodeProvider)throw new c(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:r.logger,tryNextLink:!1});u.SerialNumber=f,u.TokenCode=await r.mfaCodeProvider(f)}const $=await d;return r.roleAssumer($,u)};var P=(e)=>Boolean(e)&&typeof e==="object"&&typeof e.credential_process==="string",v=async(e,s)=>import("./chunk-dc7b0cf226ba3afa.js").then(({fromProcess:r})=>r({...e,profile:s})());var x=async(e,s={})=>{const{fromSSO:r}=await import("./chunk-c609d06153ed09ce.js");return r({profile:e,logger:s.logger})()},b=(e)=>e&&(typeof e.sso_start_url==="string"||typeof e.sso_account_id==="string"||typeof e.sso_session==="string"||typeof e.sso_region==="string"||typeof e.sso_role_name==="string");var _=(e)=>Boolean(e)&&typeof e==="object"&&typeof e.aws_access_key_id==="string"&&typeof e.aws_secret_access_key==="string"&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,a=(e,s)=>{return s?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"),Promise.resolve({accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}})};var A=(e)=>Boolean(e)&&typeof e==="object"&&typeof e.web_identity_token_file==="string"&&typeof e.role_arn==="string"&&["undefined","string"].indexOf(typeof e.role_session_name)>-1,k=async(e,s)=>import("./chunk-1900e90c372bb1d6.js").then(({fromTokenFile:r})=>r({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:s.roleAssumerWithWebIdentity,logger:s.logger,parentClientConfig:s.parentClientConfig})());var o=async(e,s,r,i={})=>{const t=s[e];if(Object.keys(i).length>0&&_(t))return a(t,r);if(y(t,{profile:e,logger:r.logger}))return C(e,s,r,i);if(_(t))return a(t,r);if(A(t))return k(t,r);if(P(t))return v(r,e);if(b(t))return await x(e,r);throw new c(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:r.logger})};var H=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");const s=await S(e);return o(l(e),s,e)};export{H as fromIni};
+import"./chunk-7ce930fe69575c87.js";import"./chunk-a0003b7feea6fae6.js";import{lb as c,nb as m} from"./chunk-ff086fe014985526.js";import{sb as l,yb as S} from"./chunk-d26ffb7722e6df54.js";var w=(e,s,r)=>{const i={EcsContainer:async(t)=>{const{fromHttp:n}=await import("./chunk-d5ddfacbfc84a47d.js"),{fromContainerMetadata:d}=await import("./chunk-01052ff9d1c07ef8.js");return r?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer"),m(n(t??{}),d(t))},Ec2InstanceMetadata:async(t)=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");const{fromInstanceMetadata:n}=await import("./chunk-01052ff9d1c07ef8.js");return n(t)},Environment:async(t)=>{r?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");const{fromEnv:n}=await import("./chunk-c1813278ccdc04b8.js");return n(t)}};if(e in i)return i[e];else throw new c(`Unsupported credential source in profile ${s}. Got ${e}, `+"expected EcsContainer or Ec2InstanceMetadata or Environment.",{logger:r})};var y=(e,{profile:s="default",logger:r}={})=>{return Boolean(e)&&typeof e==="object"&&typeof e.role_arn==="string"&&["undefined","string"].indexOf(typeof e.role_session_name)>-1&&["undefined","string"].indexOf(typeof e.external_id)>-1&&["undefined","string"].indexOf(typeof e.mfa_serial)>-1&&(h(e,{profile:s,logger:r})||D(e,{profile:s,logger:r}))},h=(e,{profile:s,logger:r})=>{const i=typeof e.source_profile==="string"&&typeof e.credential_source==="undefined";if(i)r?.debug?.(`    ${s} isAssumeRoleWithSourceProfile source_profile=${e.source_profile}`);return i},D=(e,{profile:s,logger:r})=>{const i=typeof e.credential_source==="string"&&typeof e.source_profile==="undefined";if(i)r?.debug?.(`    ${s} isCredentialSourceProfile credential_source=${e.credential_source}`);return i},C=async(e,s,r,i={})=>{r.logger?.debug("@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)");const t=s[e];if(!r.roleAssumer){const{getDefaultRoleAssumer:R}=await import("./chunk-f9e6a0a946ebb032.js");r.roleAssumer=R({...r.clientConfig,credentialProviderLogger:r.logger,parentClientConfig:r?.parentClientConfig},r.clientPlugins)}const{source_profile:n}=t;if(n&&n in i)throw new c("Detected a cycle attempting to resolve credentials for profile"+` ${l(r)}. Profiles visited: `+Object.keys(i).join(", "),{logger:r.logger});r.logger?.debug(`@aws-sdk/credential-provider-ini - finding credential resolver using ${n?`source_profile=[${n}]`:`profile=[${e}]`}`);const d=n?o(n,{...s,[n]:{...s[n],role_arn:t.role_arn??s[n].role_arn}},r,{...i,[n]:!0}):(await w(t.credential_source,e,r.logger)(r))(),u={RoleArn:t.role_arn,RoleSessionName:t.role_session_name||`aws-sdk-js-${Date.now()}`,ExternalId:t.external_id,DurationSeconds:parseInt(t.duration_seconds||"3600",10)},{mfa_serial:f}=t;if(f){if(!r.mfaCodeProvider)throw new c(`Profile ${e} requires multi-factor authentication, but no MFA code callback was provided.`,{logger:r.logger,tryNextLink:!1});u.SerialNumber=f,u.TokenCode=await r.mfaCodeProvider(f)}const $=await d;return r.roleAssumer($,u)};var P=(e)=>Boolean(e)&&typeof e==="object"&&typeof e.credential_process==="string",v=async(e,s)=>import("./chunk-dc7b0cf226ba3afa.js").then(({fromProcess:r})=>r({...e,profile:s})());var x=async(e,s={})=>{const{fromSSO:r}=await import("./chunk-c609d06153ed09ce.js");return r({profile:e,logger:s.logger})()},b=(e)=>e&&(typeof e.sso_start_url==="string"||typeof e.sso_account_id==="string"||typeof e.sso_session==="string"||typeof e.sso_region==="string"||typeof e.sso_role_name==="string");var _=(e)=>Boolean(e)&&typeof e==="object"&&typeof e.aws_access_key_id==="string"&&typeof e.aws_secret_access_key==="string"&&["undefined","string"].indexOf(typeof e.aws_session_token)>-1&&["undefined","string"].indexOf(typeof e.aws_account_id)>-1,a=(e,s)=>{return s?.logger?.debug("@aws-sdk/credential-provider-ini - resolveStaticCredentials"),Promise.resolve({accessKeyId:e.aws_access_key_id,secretAccessKey:e.aws_secret_access_key,sessionToken:e.aws_session_token,...e.aws_credential_scope&&{credentialScope:e.aws_credential_scope},...e.aws_account_id&&{accountId:e.aws_account_id}})};var A=(e)=>Boolean(e)&&typeof e==="object"&&typeof e.web_identity_token_file==="string"&&typeof e.role_arn==="string"&&["undefined","string"].indexOf(typeof e.role_session_name)>-1,k=async(e,s)=>import("./chunk-1900e90c372bb1d6.js").then(({fromTokenFile:r})=>r({webIdentityTokenFile:e.web_identity_token_file,roleArn:e.role_arn,roleSessionName:e.role_session_name,roleAssumerWithWebIdentity:s.roleAssumerWithWebIdentity,logger:s.logger,parentClientConfig:s.parentClientConfig})());var o=async(e,s,r,i={})=>{const t=s[e];if(Object.keys(i).length>0&&_(t))return a(t,r);if(y(t,{profile:e,logger:r.logger}))return C(e,s,r,i);if(_(t))return a(t,r);if(A(t))return k(t,r);if(P(t))return v(r,e);if(b(t))return await x(e,r);throw new c(`Could not resolve credentials using profile: [${e}] in configuration/credentials file(s).`,{logger:r.logger})};var H=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-ini - fromIni");const s=await S(e);return o(l(e),s,e)};export{H as fromIni};

package/dist/chunk-0a9ae42aae6f406e.js

@@ -0,0 +1,2 @@
+// @bun
+import{y as J} from"./chunk-7ce930fe69575c87.js";import"./chunk-09dd89e1046786a5.js";import{jb as cc,kb as z} from"./chunk-00cb9f80352454dd.js";import{lb as _} from"./chunk-c72bfaa252a03f6f.js";import"./chunk-ffe161a589b4c44b.js";var v=J(_(),1);import{parse as o} from"url";var K=J(_(),1);import{Buffer as a} from"buffer";import{request as n} from"http";function f(c){return new Promise((I,x)=>{const T=n({method:"GET",...c,hostname:c.hostname?.replace(/^\[(.+)\]$/,"$1")});T.on("error",(N)=>{x(Object.assign(new K.ProviderError("Unable to connect to instance metadata service"),N)),T.destroy()}),T.on("timeout",()=>{x(new K.ProviderError("TimeoutError from instance metadata service")),T.destroy()}),T.on("response",(N)=>{const{statusCode:O=400}=N;if(O<200||300<=O)x(Object.assign(new K.ProviderError("Error response received from instance metadata service"),{statusCode:O})),T.destroy();const u=[];N.on("data",(y)=>{u.push(y)}),N.on("end",()=>{I(a.concat(u)),T.destroy()})}),T.end()})}var D=(c)=>Boolean(c)&&typeof c==="object"&&typeof c.AccessKeyId==="string"&&typeof c.SecretAccessKey==="string"&&typeof c.Token==="string"&&typeof c.Expiration==="string",G=(c)=>({accessKeyId:c.AccessKeyId,secretAccessKey:c.SecretAccessKey,sessionToken:c.Token,expiration:new Date(c.Expiration),...c.AccountId&&{accountId:c.AccountId}});var uc=1000,Ec=0,Q=({maxRetries:c=0,timeout:I=1000})=>({maxRetries:c,timeout:I});var m=(c,I)=>{let x=c();for(let T=0;T<I;T++)x=x.catch(c);return x};var Z="AWS_CONTAINER_CREDENTIALS_FULL_URI",L="AWS_CONTAINER_CREDENTIALS_RELATIVE_URI",B="AWS_CONTAINER_AUTHORIZATION_TOKEN",Kc=(c={})=>{const{timeout:I,maxRetries:x}=Q(c);return()=>m(async()=>{const T=await d({logger:c.logger}),N=JSON.parse(await s(I,T));if(!D(N))throw new v.CredentialsProviderError("Invalid response received from instance metadata service.",{logger:c.logger});return G(N)},x)},s=async(c,I)=>{if(process.env[B])I.headers={...I.headers,Authorization:process.env[B]};return(await f({...I,timeout:c})).toString()},g="169.254.170.2",l={localhost:!0,"127.0.0.1":!0},r={"http:":!0,"https:":!0},d=async({logger:c})=>{if(process.env[L])return{hostname:g,path:process.env[L]};if(process.env[Z]){const I=o(process.env[Z]);if(!I.hostname||!(I.hostname in l))throw new v.CredentialsProviderError(`${I.hostname} is not a valid container metadata service hostname`,{tryNextLink:!1,logger:c});if(!I.protocol||!(I.protocol in r))throw new v.CredentialsProviderError(`${I.protocol} is not a valid container metadata service protocol`,{tryNextLink:!1,logger:c});return{...I,port:I.port?parseInt(I.port,10):void 0}}throw new v.CredentialsProviderError("The container metadata credential provider cannot be used unless"+` the ${L} or ${Z} environment`+" variable is set",{tryNextLink:!1,logger:c})};var q=J(_(),1);var U=J(_(),1);class X extends U.CredentialsProviderError{constructor(c,I=!0){super(c,I);this.tryNextLink=I,this.name="InstanceMetadataV1FallbackError",Object.setPrototypeOf(this,X.prototype)}}var P=J(cc(),1);var j;(function(c){c.IPv4="http://169.254.169.254",c.IPv6="http://[fd00:ec2::254]"})(j||(j={}));var t={environmentVariableSelector:(c)=>c["AWS_EC2_METADATA_SERVICE_ENDPOINT"],configFileSelector:(c)=>c["ec2_metadata_service_endpoint"],default:void 0};var S;(function(c){c.IPv4="IPv4",c.IPv6="IPv6"})(S||(S={}));var e="AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",i="ec2_metadata_service_endpoint_mode",F={environmentVariableSelector:(c)=>c[e],configFileSelector:(c)=>c[i],default:S.IPv4};var W=async()=>P.parseUrl(await Ic()||await Tc()),Ic=async()=>z(t)(),Tc=async()=>{const c=await z(F)();switch(c){case S.IPv4:return j.IPv4;case S.IPv6:return j.IPv6;default:throw new Error(`Unsupported endpoint mode: ${c}.`+` Select from ${Object.values(S)}`)}};var b=(c,I)=>{const x=300+Math.floor(Math.random()*300),T=new Date(Date.now()+x*1000);I.warn("Attempting credential expiration extension due to a credential service availability issue. A refresh of these "+`credentials will be attempted after ${new Date(T)}.\nFor more information, please visit: `+"https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html");const N=c.originalExpiration??c.expiration;return{...c,...N?{originalExpiration:N}:{},expiration:T}};var V=(c,I={})=>{const x=I?.logger||console;let T;return async()=>{let N;try{if(N=await c(),N.expiration&&N.expiration.getTime()<Date.now())N=b(N,x)}catch(O){if(T)x.warn("Credential renew failed: ",O),N=b(T,x);else throw O}return T=N,N}};var k="/latest/meta-data/iam/security-credentials/",Nc="/latest/api/token",H="AWS_EC2_METADATA_V1_DISABLED",R="ec2_metadata_v1_disabled",M="x-aws-ec2-metadata-token",oc=(c={})=>V(xc(c),{logger:c.logger}),xc=(c={})=>{let I=!1;const{logger:x,profile:T}=c,{timeout:N,maxRetries:O}=Q(c),u=async(y,E)=>{if(I||E.headers?.[M]==null){let w=!1,h=!1;const C=await z({environmentVariableSelector:(Y)=>{const $=Y[H];if(h=!!$&&$!=="false",$===void 0)throw new q.CredentialsProviderError(`${H} not set in env, checking config file next.`,{logger:c.logger});return h},configFileSelector:(Y)=>{const $=Y[R];return w=!!$&&$!=="false",w},default:!1},{profile:T})();if(c.ec2MetadataV1Disabled||C){const Y=[];if(c.ec2MetadataV1Disabled)Y.push("credential provider initialization (runtime option ec2MetadataV1Disabled)");if(w)Y.push(`config file profile (${R})`);if(h)Y.push(`process environment variable (${H})`);throw new X(`AWS EC2 Metadata v1 fallback has been blocked by AWS SDK configuration in the following: [${Y.join(", ")}].`)}}const p=(await m(async()=>{let w;try{w=await yc(E)}catch(h){if(h.statusCode===401)I=!1;throw h}return w},y)).trim();return m(async()=>{let w;try{w=await wc(p,E,c)}catch(h){if(h.statusCode===401)I=!1;throw h}return w},y)};return async()=>{const y=await W();if(I)return x?.debug("AWS SDK Instance Metadata","using v1 fallback (no token fetch)"),u(O,{...y,timeout:N});else{let E;try{E=(await Oc({...y,timeout:N})).toString()}catch(A){if(A?.statusCode===400)throw Object.assign(A,{message:"EC2 Metadata token request returned error"});else if(A.message==="TimeoutError"||[403,404,405].includes(A.statusCode))I=!0;return x?.debug("AWS SDK Instance Metadata","using v1 fallback (initial)"),u(O,{...y,timeout:N})}return u(O,{...y,headers:{[M]:E},timeout:N})}}},Oc=async(c)=>f({...c,path:Nc,method:"PUT",headers:{"x-aws-ec2-metadata-token-ttl-seconds":"21600"}}),yc=async(c)=>(await f({...c,path:k})).toString(),wc=async(c,I,x)=>{const T=JSON.parse((await f({...I,path:k+c})).toString());if(!D(T))throw new q.CredentialsProviderError("Invalid response received from instance metadata service.",{logger:x.logger});return G(T)};export{Q as providerConfigFromInit,f as httpRequest,W as getInstanceMetadataEndpoint,oc as fromInstanceMetadata,Kc as fromContainerMetadata,j as Endpoint,L as ENV_CMDS_RELATIVE_URI,Z as ENV_CMDS_FULL_URI,B as ENV_CMDS_AUTH_TOKEN,uc as DEFAULT_TIMEOUT,Ec as DEFAULT_MAX_RETRIES};

package/dist/chunk-1084614a350762fb.js

@@ -0,0 +1,2 @@
+// @bun
+import"./chunk-81f5123a24c19089.js";import{y as w} from"./chunk-7ce930fe69575c87.js";import{$ as _,A as ue,B as er,E as be,F as cr,J as je,K as Fe,M as De,N as qe,Q as Je,R as Ve,X as E,Y as t,Z as Kr,aa as T,ba as b,ca as j,da as h,ka as Sr,la as a,ma as jr,na as We,oa as fe,pa as rr,qa as sr,sa as d,ta as o,va as $} from"./chunk-f5200f44395bf49d.js";import{Aa as yr,Ba as ee,Ca as re,Fa as Y,Ga as H,Ha as tr,Ia as Ie,Ja as Re,Ka as Pe,La as ar,Ma as Ae,Na as Ke,Oa as Me,Pa as Be,Qa as mr,Ra as wr,Ta as S,Ua as kr,Va as Le,Xa as Qe,Ya as vr,Za as Xe,_a as Er,ab as D,bb as Ye,cb as Ze,db as He,eb as Ne,fb as ir,gb as lr,xa as nr,ya as or,za as dr} from"./chunk-38fc9d258dbe62fd.js";import"./chunk-a0003b7feea6fae6.js";import{ib as I,jb as Ue} from"./chunk-a7a144f5e4772c35.js";import"./chunk-3cbc1c9cdc091b43.js";import{lb as Ce} from"./chunk-b9f4c1fce7152fc8.js";import"./chunk-934ebff128f86ef1.js";var R=w(H(),1);var se=w(D(),1);var Xr=function(e){return{schemeId:"aws.auth#sigv4",signingProperties:{name:"sso-oauth",region:e.region},propertiesExtractor:(s,r)=>({signingProperties:{config:s,context:r}})}},Z=function(e){return{schemeId:"smithy.api#noAuth"}},ie=async(e,s,r)=>{return{operation:ee(s).operation,region:await re(e.region)()||(()=>{throw new Error("expected `region` to be configured for `aws.auth#sigv4`")})()}},le=(e)=>{const s=[];switch(e.operation){case"CreateToken":{s.push(Z(e));break}case"RegisterClient":{s.push(Z(e));break}case"StartDeviceAuthorization":{s.push(Z(e));break}default:s.push(Xr(e))}return s},he=(e)=>{return{...se.resolveAwsSdkSigV4Config(e)}};var ne=(e)=>{return{...e,useDualstackEndpoint:e.useDualstackEndpoint??!1,useFipsEndpoint:e.useFipsEndpoint??!1,defaultSigningName:"sso-oauth"}},v={UseFIPS:{type:"builtInParams",name:"useFipsEndpoint"},Endpoint:{type:"builtInParams",name:"endpoint"},Region:{type:"builtInParams",name:"region"},UseDualStack:{type:"builtInParams",name:"useDualstackEndpoint"}};var oe={name:"@aws-sdk/client-sso-oidc",description:"AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native",version:"3.629.0",scripts:{build:"concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'","build:cjs":"node ../../scripts/compilation/inline client-sso-oidc","build:es":"tsc -p tsconfig.es.json","build:include:deps":"lerna run --scope $npm_package_name --include-dependencies build","build:types":"tsc -p tsconfig.types.json","build:types:downlevel":"downlevel-dts dist-types dist-types/ts3.4",clean:"rimraf ./dist-* && rimraf *.tsbuildinfo","extract:docs":"api-extractor run --local","generate:client":"node ../../scripts/generate-clients/single-service --solo sso-oidc"},main:"./dist-cjs/index.js",types:"./dist-types/index.d.ts",module:"./dist-es/index.js",sideEffects:!1,dependencies:{"@aws-crypto/sha256-browser":"5.2.0","@aws-crypto/sha256-js":"5.2.0","@aws-sdk/core":"3.629.0","@aws-sdk/credential-provider-node":"3.629.0","@aws-sdk/middleware-host-header":"3.620.0","@aws-sdk/middleware-logger":"3.609.0","@aws-sdk/middleware-recursion-detection":"3.620.0","@aws-sdk/middleware-user-agent":"3.620.0","@aws-sdk/region-config-resolver":"3.614.0","@aws-sdk/types":"3.609.0","@aws-sdk/util-endpoints":"3.614.0","@aws-sdk/util-user-agent-browser":"3.609.0","@aws-sdk/util-user-agent-node":"3.614.0","@smithy/config-resolver":"^3.0.5","@smithy/core":"^2.3.2","@smithy/fetch-http-handler":"^3.2.4","@smithy/hash-node":"^3.0.3","@smithy/invalid-dependency":"^3.0.3","@smithy/middleware-content-length":"^3.0.5","@smithy/middleware-endpoint":"^3.1.0","@smithy/middleware-retry":"^3.0.14","@smithy/middleware-serde":"^3.0.3","@smithy/middleware-stack":"^3.0.3","@smithy/node-config-provider":"^3.1.4","@smithy/node-http-handler":"^3.1.4","@smithy/protocol-http":"^4.1.0","@smithy/smithy-client":"^3.1.12","@smithy/types":"^3.3.0","@smithy/url-parser":"^3.0.3","@smithy/util-base64":"^3.0.0","@smithy/util-body-length-browser":"^3.0.0","@smithy/util-body-length-node":"^3.0.0","@smithy/util-defaults-mode-browser":"^3.0.14","@smithy/util-defaults-mode-node":"^3.0.14","@smithy/util-endpoints":"^2.0.5","@smithy/util-middleware":"^3.0.3","@smithy/util-retry":"^3.0.3","@smithy/util-utf8":"^3.0.0",tslib:"^2.6.2"},devDependencies:{"@tsconfig/node16":"16.1.3","@types/node":"^16.18.96",concurrently:"7.0.0","downlevel-dts":"0.10.1",rimraf:"3.0.2",typescript:"~4.9.5"},engines:{node:">=16.0.0"},typesVersions:{"<4.0":{"dist-types/*":["dist-types/ts3.4/*"]}},files:["dist-*/**"],author:{name:"AWS SDK for JavaScript Team",url:"https://aws.amazon.com/javascript/"},license:"Apache-2.0",peerDependencies:{"@aws-sdk/client-sts":"^3.629.0"},browser:{"./dist-es/runtimeConfig":"./dist-es/runtimeConfig.browser"},"react-native":{"./dist-es/runtimeConfig":"./dist-es/runtimeConfig.native"},homepage:"https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc",repository:{type:"git",url:"https://github.com/aws/aws-sdk-js-v3.git",directory:"clients/client-sso-oidc"}};var _e=w(D(),1);var xe=w(D(),1),ze=w(H(),1);var de={["required"]:!1,type:"String"},ye={["required"]:!0,default:!1,type:"Boolean"},ce={["ref"]:"Endpoint"},ve={["fn"]:"booleanEquals",["argv"]:[{["ref"]:"UseFIPS"},!0]},Ee={["fn"]:"booleanEquals",["argv"]:[{["ref"]:"UseDualStack"},!0]},m={},te={["fn"]:"getAttr",["argv"]:[{["ref"]:"PartitionResult"},"supportsFIPS"]},Se={["ref"]:"PartitionResult"},ae={["fn"]:"booleanEquals",["argv"]:[!0,{["fn"]:"getAttr",["argv"]:[Se,"supportsDualStack"]}]},me=[ve],we=[Ee],ke=[{["ref"]:"Region"}],Zr={version:"1.0",parameters:{Region:de,UseDualStack:ye,UseFIPS:ye,Endpoint:de},rules:[{conditions:[{["fn"]:"isSet",["argv"]:[ce]}],rules:[{conditions:me,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:"error"},{conditions:we,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:"error"},{endpoint:{url:ce,properties:m,headers:m},type:"endpoint"}],type:"tree"},{conditions:[{["fn"]:"isSet",["argv"]:ke}],rules:[{conditions:[{["fn"]:"aws.partition",["argv"]:ke,assign:"PartitionResult"}],rules:[{conditions:[ve,Ee],rules:[{conditions:[{["fn"]:"booleanEquals",["argv"]:[!0,te]},ae],rules:[{endpoint:{url:"https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:"error"}],type:"tree"},{conditions:me,rules:[{conditions:[{["fn"]:"booleanEquals",["argv"]:[te,!0]}],rules:[{conditions:[{["fn"]:"stringEquals",["argv"]:[{["fn"]:"getAttr",["argv"]:[Se,"name"]},"aws-us-gov"]}],endpoint:{url:"https://oidc.{Region}.amazonaws.com",properties:m,headers:m},type:"endpoint"},{endpoint:{url:"https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"},{error:"FIPS is enabled but this partition does not support FIPS",type:"error"}],type:"tree"},{conditions:we,rules:[{conditions:[ae],rules:[{endpoint:{url:"https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"},{error:"DualStack is enabled but this partition does not support DualStack",type:"error"}],type:"tree"},{endpoint:{url:"https://oidc.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"}],type:"tree"},{error:"Invalid Configuration: Missing Region",type:"error"}]},$e=Zr;var Te=(e,s={})=>{return Re($e,{endpointParams:e,logger:s.logger})};Ie.aws=Pe;var Ge=(e)=>{return{apiVersion:"2019-06-10",base64Decoder:e?.base64Decoder??je,base64Encoder:e?.base64Encoder??qe,disableHostPrefix:e?.disableHostPrefix??!1,endpointProvider:e?.endpointProvider??Te,extensions:e?.extensions??[],httpAuthSchemeProvider:e?.httpAuthSchemeProvider??le,httpAuthSchemes:e?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:(s)=>s.getIdentityProvider("aws.auth#sigv4"),signer:new xe.AwsSdkSigV4Signer},{schemeId:"smithy.api#noAuth",identityProvider:(s)=>s.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new ze.NoAuthSigner}],logger:e?.logger??new be,serviceId:e?.serviceId??"SSO OIDC",urlParser:e?.urlParser??Ue,utf8Decoder:e?.utf8Decoder??Fe,utf8Encoder:e?.utf8Encoder??De}};var pe=(e)=>{fe(process.version);const s=Ne(e),r=()=>s().then(We),i=Ge(e);return _e.emitWarningIfUnsupportedVersion(process.version),{...i,...e,runtime:"node",defaultsMode:s,bodyLengthChecker:e?.bodyLengthChecker??He,credentialDefaultProvider:e?.credentialDefaultProvider??Ce,defaultUserAgentProvider:e?.defaultUserAgentProvider??Ye({serviceId:i.serviceId,clientVersion:oe.version}),maxAttempts:e?.maxAttempts??I(Qe),region:e?.region??I(Me,Be),requestHandler:Je.create(e?.requestHandler??r),retryMode:e?.retryMode??I({...Xe,default:async()=>(await r()).retryMode||Le}),sha256:e?.sha256??Ze.bind(null,"sha256"),streamCollector:e?.streamCollector??Ve,useDualstackEndpoint:e?.useDualstackEndpoint??I(Ae),useFipsEndpoint:e?.useFipsEndpoint??I(Ke)}};var ge=(e)=>{const s=e.httpAuthSchemes;let{httpAuthSchemeProvider:r,credentials:i}=e;return{setHttpAuthScheme(l){const n=s.findIndex((P)=>P.schemeId===l.schemeId);if(n===-1)s.push(l);else s.splice(n,1,l)},httpAuthSchemes(){return s},setHttpAuthSchemeProvider(l){r=l},httpAuthSchemeProvider(){return r},setCredentials(l){i=l},credentials(){return i}}},Oe=(e)=>{return{httpAuthSchemes:e.httpAuthSchemes(),httpAuthSchemeProvider:e.httpAuthSchemeProvider(),credentials:e.credentials()}};var q=(e)=>e,hr=(e,s)=>{const r={...q(ir(e)),...q(rr(e)),...q(ue(e)),...q(ge(e))};return s.forEach((i)=>i.configure(r)),{...e,...lr(r),...sr(r),...er(r),...Oe(r)}};class N extends cr{constructor(...[e]){const s=pe(e||{}),r=ne(s),i=tr(r),l=vr(i),n=mr(l),P=nr(n),Br=kr(P),Lr=he(Br),u=hr(Lr,e?.extensions||[]);super(u);this.config=u,this.middlewareStack.use(ar(this.config)),this.middlewareStack.use(Er(this.config)),this.middlewareStack.use(wr(this.config)),this.middlewareStack.use(or(this.config)),this.middlewareStack.use(dr(this.config)),this.middlewareStack.use(yr(this.config)),this.middlewareStack.use(R.getHttpAuthSchemeEndpointRuleSetPlugin(this.config,{httpAuthSchemeParametersProvider:ie,identityProviderConfigProvider:async(Qr)=>new R.DefaultIdentityProviderConfig({"aws.auth#sigv4":Qr.credentials})})),this.middlewareStack.use(R.getHttpSigningPlugin(this.config))}destroy(){super.destroy()}}var Vr=w(Y(),1);class y extends Sr{constructor(e){super(e);Object.setPrototypeOf(this,y.prototype)}}class U extends y{constructor(e){super({name:"AccessDeniedException",$fault:"client",...e});this.name="AccessDeniedException",this.$fault="client",Object.setPrototypeOf(this,U.prototype),this.error=e.error,this.error_description=e.error_description}}class x extends y{constructor(e){super({name:"AuthorizationPendingException",$fault:"client",...e});this.name="AuthorizationPendingException",this.$fault="client",Object.setPrototypeOf(this,x.prototype),this.error=e.error,this.error_description=e.error_description}}class z extends y{constructor(e){super({name:"ExpiredTokenException",$fault:"client",...e});this.name="ExpiredTokenException",this.$fault="client",Object.setPrototypeOf(this,z.prototype),this.error=e.error,this.error_description=e.error_description}}class G extends y{constructor(e){super({name:"InternalServerException",$fault:"server",...e});this.name="InternalServerException",this.$fault="server",Object.setPrototypeOf(this,G.prototype),this.error=e.error,this.error_description=e.error_description}}class J extends y{constructor(e){super({name:"InvalidClientException",$fault:"client",...e});this.name="InvalidClientException",this.$fault="client",Object.setPrototypeOf(this,J.prototype),this.error=e.error,this.error_description=e.error_description}}class V extends y{constructor(e){super({name:"InvalidGrantException",$fault:"client",...e});this.name="InvalidGrantException",this.$fault="client",Object.setPrototypeOf(this,V.prototype),this.error=e.error,this.error_description=e.error_description}}class W extends y{constructor(e){super({name:"InvalidRequestException",$fault:"client",...e});this.name="InvalidRequestException",this.$fault="client",Object.setPrototypeOf(this,W.prototype),this.error=e.error,this.error_description=e.error_description}}class f extends y{constructor(e){super({name:"InvalidScopeException",$fault:"client",...e});this.name="InvalidScopeException",this.$fault="client",Object.setPrototypeOf(this,f.prototype),this.error=e.error,this.error_description=e.error_description}}class A extends y{constructor(e){super({name:"SlowDownException",$fault:"client",...e});this.name="SlowDownException",this.$fault="client",Object.setPrototypeOf(this,A.prototype),this.error=e.error,this.error_description=e.error_description}}class K extends y{constructor(e){super({name:"UnauthorizedClientException",$fault:"client",...e});this.name="UnauthorizedClientException",this.$fault="client",Object.setPrototypeOf(this,K.prototype),this.error=e.error,this.error_description=e.error_description}}class M extends y{constructor(e){super({name:"UnsupportedGrantTypeException",$fault:"client",...e});this.name="UnsupportedGrantTypeException",this.$fault="client",Object.setPrototypeOf(this,M.prototype),this.error=e.error,this.error_description=e.error_description}}class B extends y{constructor(e){super({name:"InvalidRequestRegionException",$fault:"client",...e});this.name="InvalidRequestRegionException",this.$fault="client",Object.setPrototypeOf(this,B.prototype),this.error=e.error,this.error_description=e.error_description,this.endpoint=e.endpoint,this.region=e.region}}class L extends y{constructor(e){super({name:"InvalidClientMetadataException",$fault:"client",...e});this.name="InvalidClientMetadataException",this.$fault="client",Object.setPrototypeOf(this,L.prototype),this.error=e.error,this.error_description=e.error_description}}class Q extends y{constructor(e){super({name:"InvalidRedirectUriException",$fault:"client",...e});this.name="InvalidRedirectUriException",this.$fault="client",Object.setPrototypeOf(this,Q.prototype),this.error=e.error,this.error_description=e.error_description}}var $r=(e)=>({...e,...e.clientSecret&&{clientSecret:t},...e.refreshToken&&{refreshToken:t},...e.codeVerifier&&{codeVerifier:t}}),Ir=(e)=>({...e,...e.accessToken&&{accessToken:t},...e.refreshToken&&{refreshToken:t},...e.idToken&&{idToken:t}}),Rr=(e)=>({...e,...e.refreshToken&&{refreshToken:t},...e.assertion&&{assertion:t},...e.subjectToken&&{subjectToken:t},...e.codeVerifier&&{codeVerifier:t}}),Pr=(e)=>({...e,...e.accessToken&&{accessToken:t},...e.refreshToken&&{refreshToken:t},...e.idToken&&{idToken:t}}),Tr=(e)=>({...e,...e.clientSecret&&{clientSecret:t}}),br=(e)=>({...e,...e.clientSecret&&{clientSecret:t}});var k=w(D(),1),F=w(H(),1);var Fr=async(e,s)=>{const r=F.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/token");let l;return l=JSON.stringify(o(e,{clientId:[],clientSecret:[],code:[],codeVerifier:[],deviceCode:[],grantType:[],redirectUri:[],refreshToken:[],scope:(n)=>$(n)})),r.m("POST").h(i).b(l),r.build()},Dr=async(e,s)=>{const r=F.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/token");const l=d({[os]:[,"t"]});let n;return n=JSON.stringify(o(e,{assertion:[],clientId:[],code:[],codeVerifier:[],grantType:[],redirectUri:[],refreshToken:[],requestedTokenType:[],scope:(P)=>$(P),subjectToken:[],subjectTokenType:[]})),r.m("POST").h(i).q(l).b(n),r.build()},qr=async(e,s)=>{const r=F.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/client/register");let l;return l=JSON.stringify(o(e,{clientName:[],clientType:[],entitledApplicationArn:[],grantTypes:(n)=>$(n),issuerUrl:[],redirectUris:(n)=>$(n),scopes:(n)=>$(n)})),r.m("POST").h(i).b(l),r.build()},Ur=async(e,s)=>{const r=F.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/device_authorization");let l;return l=JSON.stringify(o(e,{clientId:[],clientSecret:[],startUrl:[]})),r.m("POST").h(i).b(l),r.build()},xr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return X(e,s);const r=d({$metadata:c(e)}),i=b(j(await k.parseJsonBody(e.body,s)),"body"),l=o(i,{accessToken:h,expiresIn:T,idToken:h,refreshToken:h,tokenType:h});return Object.assign(r,l),r},zr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return X(e,s);const r=d({$metadata:c(e)}),i=b(j(await k.parseJsonBody(e.body,s)),"body"),l=o(i,{accessToken:h,expiresIn:T,idToken:h,issuedTokenType:h,refreshToken:h,scope:$,tokenType:h});return Object.assign(r,l),r},Gr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return X(e,s);const r=d({$metadata:c(e)}),i=b(j(await k.parseJsonBody(e.body,s)),"body"),l=o(i,{authorizationEndpoint:h,clientId:h,clientIdIssuedAt:_,clientSecret:h,clientSecretExpiresAt:_,tokenEndpoint:h});return Object.assign(r,l),r},Jr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return X(e,s);const r=d({$metadata:c(e)}),i=b(j(await k.parseJsonBody(e.body,s)),"body"),l=o(i,{deviceCode:h,expiresIn:T,interval:T,userCode:h,verificationUri:h,verificationUriComplete:h});return Object.assign(r,l),r},X=async(e,s)=>{const r={...e,body:await k.parseJsonErrorBody(e.body,s)},i=k.loadRestJsonErrorCode(e,r.body);switch(i){case"AccessDeniedException":case"com.amazonaws.ssooidc#AccessDeniedException":throw await Nr(r,s);case"AuthorizationPendingException":case"com.amazonaws.ssooidc#AuthorizationPendingException":throw await _r(r,s);case"ExpiredTokenException":case"com.amazonaws.ssooidc#ExpiredTokenException":throw await pr(r,s);case"InternalServerException":case"com.amazonaws.ssooidc#InternalServerException":throw await Cr(r,s);case"InvalidClientException":case"com.amazonaws.ssooidc#InvalidClientException":throw await gr(r,s);case"InvalidGrantException":case"com.amazonaws.ssooidc#InvalidGrantException":throw await ur(r,s);case"InvalidRequestException":case"com.amazonaws.ssooidc#InvalidRequestException":throw await rs(r,s);case"InvalidScopeException":case"com.amazonaws.ssooidc#InvalidScopeException":throw await is(r,s);case"SlowDownException":case"com.amazonaws.ssooidc#SlowDownException":throw await ls(r,s);case"UnauthorizedClientException":case"com.amazonaws.ssooidc#UnauthorizedClientException":throw await hs(r,s);case"UnsupportedGrantTypeException":case"com.amazonaws.ssooidc#UnsupportedGrantTypeException":throw await ns(r,s);case"InvalidRequestRegionException":case"com.amazonaws.ssooidc#InvalidRequestRegionException":throw await ss(r,s);case"InvalidClientMetadataException":case"com.amazonaws.ssooidc#InvalidClientMetadataException":throw await Or(r,s);case"InvalidRedirectUriException":case"com.amazonaws.ssooidc#InvalidRedirectUriException":throw await es(r,s);default:const l=r.body;return Hr({output:e,parsedBody:l,errorCode:i})}},Hr=jr(y),Nr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new U({$metadata:c(e),...r});return a(n,e.body)},_r=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new x({$metadata:c(e),...r});return a(n,e.body)},pr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new z({$metadata:c(e),...r});return a(n,e.body)},Cr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new G({$metadata:c(e),...r});return a(n,e.body)},gr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new J({$metadata:c(e),...r});return a(n,e.body)},Or=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new L({$metadata:c(e),...r});return a(n,e.body)},ur=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new V({$metadata:c(e),...r});return a(n,e.body)},es=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new Q({$metadata:c(e),...r});return a(n,e.body)},rs=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new W({$metadata:c(e),...r});return a(n,e.body)},ss=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{endpoint:h,error:h,error_description:h,region:h});Object.assign(r,l);const n=new B({$metadata:c(e),...r});return a(n,e.body)},is=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new f({$metadata:c(e),...r});return a(n,e.body)},ls=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new A({$metadata:c(e),...r});return a(n,e.body)},hs=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new K({$metadata:c(e),...r});return a(n,e.body)},ns=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new M({$metadata:c(e),...r});return a(n,e.body)},c=(e)=>({httpStatusCode:e.statusCode,requestId:e.headers["x-amzn-requestid"]??e.headers["x-amzn-request-id"]??e.headers["x-amz-request-id"],extendedRequestId:e.headers["x-amz-id-2"],cfId:e.headers["x-amz-cf-id"]});var os="aws_iam";class p extends E.classBuilder().ep({...v}).m(function(e,s,r,i){return[Vr.getSerdePlugin(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","CreateToken",{}).n("SSOOIDCClient","CreateTokenCommand").f($r,Ir).ser(Fr).de(xr).build(){}var Wr=w(Y(),1);class C extends E.classBuilder().ep({...v}).m(function(e,s,r,i){return[Wr.getSerdePlugin(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","CreateTokenWithIAM",{}).n("SSOOIDCClient","CreateTokenWithIAMCommand").f(Rr,Pr).ser(Dr).de(zr).build(){}var fr=w(Y(),1);class g extends E.classBuilder().ep({...v}).m(function(e,s,r,i){return[fr.getSerdePlugin(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","RegisterClient",{}).n("SSOOIDCClient","RegisterClientCommand").f(void 0,Tr).ser(qr).de(Gr).build(){}var Ar=w(Y(),1);class O extends E.classBuilder().ep({...v}).m(function(e,s,r,i){return[Ar.getSerdePlugin(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","StartDeviceAuthorization",{}).n("SSOOIDCClient","StartDeviceAuthorizationCommand").f(br,void 0).ser(Ur).de(Jr).build(){}var ds={CreateTokenCommand:p,CreateTokenWithIAMCommand:C,RegisterClientCommand:g,StartDeviceAuthorizationCommand:O};class Mr extends N{}Kr(ds,Mr);export{cr as __Client,M as UnsupportedGrantTypeException,K as UnauthorizedClientException,br as StartDeviceAuthorizationRequestFilterSensitiveLog,O as StartDeviceAuthorizationCommand,A as SlowDownException,y as SSOOIDCServiceException,N as SSOOIDCClient,Mr as SSOOIDC,Tr as RegisterClientResponseFilterSensitiveLog,g as RegisterClientCommand,f as InvalidScopeException,B as InvalidRequestRegionException,W as InvalidRequestException,Q as InvalidRedirectUriException,V as InvalidGrantException,L as InvalidClientMetadataException,J as InvalidClientException,G as InternalServerException,z as ExpiredTokenException,Pr as CreateTokenWithIAMResponseFilterSensitiveLog,Rr as CreateTokenWithIAMRequestFilterSensitiveLog,C as CreateTokenWithIAMCommand,Ir as CreateTokenResponseFilterSensitiveLog,$r as CreateTokenRequestFilterSensitiveLog,p as CreateTokenCommand,x as AuthorizationPendingException,U as AccessDeniedException,E as $Command};

package/dist/chunk-132c71db605759c9.js

@@ -1,2 +1,2 @@
 // @bun
-import{y as h} from"./chunk-7ce930fe69575c87.js";import"./chunk-a0003b7feea6fae6.js";import{kb as _} from"./chunk-3cbc1c9cdc091b43.js";import{nb as N,ob as W,pb as I,sb as v,tb as P} from"./chunk-934ebff128f86ef1.js";var T=h(_(),1);var H=(e)=>e&&(typeof e.sso_start_url==="string"||typeof e.sso_account_id==="string"||typeof e.sso_session==="string"||typeof e.sso_region==="string"||typeof e.sso_role_name==="string");var u=h(_(),1);var K=300000,g="To refresh this SSO session run 'aws sso login' with the corresponding profile.";var R={},b=async(e)=>{const{SSOOIDCClient:r}=await import("./chunk-3bedef94ef8dba4a.js");if(R[e])return R[e];const s=new r({region:e});return R[e]=s,s};var G=async(e,r)=>{const{CreateTokenCommand:s}=await import("./chunk-3bedef94ef8dba4a.js");return(await b(r)).send(new s({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))};var U=h(_(),1);var D=(e)=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new U.TokenProviderError(`Token is expired. ${g}`,!1)};var q=h(_(),1);var p=(e,r,s=!1)=>{if(typeof r==="undefined")throw new q.TokenProviderError(`Value not present for '${e}' in SSO Token${s?". Cannot refresh":""}. ${g}`,!1)};import{promises as B} from"fs";var{writeFile:Q}=B,j=(e,r)=>{const s=W(e),t=JSON.stringify(r,null,2);return Q(s,t)};var X=new Date(0),z=(e={})=>async()=>{e.logger?.debug("@aws-sdk/token-providers - fromSso");const r=await P(e),s=N(e),t=r[s];if(!t)throw new u.TokenProviderError(`Profile '${s}' could not be found in shared credentials file.`,!1);else if(!t.sso_session)throw new u.TokenProviderError(`Profile '${s}' is missing required property 'sso_session'.`);const i=t.sso_session,a=(await v(e))[i];if(!a)throw new u.TokenProviderError(`Sso session '${i}' could not be found in shared credentials file.`,!1);for(let n of["sso_start_url","sso_region"])if(!a[n])throw new u.TokenProviderError(`Sso session '${i}' is missing required property '${n}'.`,!1);const{sso_start_url:l,sso_region:f}=a;let o;try{o=await I(i)}catch(n){throw new u.TokenProviderError(`The SSO session token associated with profile=${s} was not found or is invalid. ${g}`,!1)}p("accessToken",o.accessToken),p("expiresAt",o.expiresAt);const{accessToken:E,expiresAt:x}=o,c={token:E,expiration:new Date(x)};if(c.expiration.getTime()-Date.now()>K)return c;if(Date.now()-X.getTime()<30000)return D(c),c;p("clientId",o.clientId,!0),p("clientSecret",o.clientSecret,!0),p("refreshToken",o.refreshToken,!0);try{X.setTime(Date.now());const n=await G(o,f);p("accessToken",n.accessToken),p("expiresIn",n.expiresIn);const w=new Date(Date.now()+n.expiresIn*1000);try{await j(i,{...o,accessToken:n.accessToken,expiresAt:w.toISOString(),refreshToken:n.refreshToken})}catch(C){}return{token:n.accessToken,expiration:w}}catch(n){return D(c),c}};var k=h(_(),1);var y=!1,A=async({ssoStartUrl:e,ssoSession:r,ssoAccountId:s,ssoRegion:t,ssoRoleName:i,ssoClient:S,clientConfig:a,profile:l,logger:f})=>{let o;const E="To refresh this SSO session run aws sso login with the corresponding profile.";if(r)try{const d=await z({profile:l})();o={accessToken:d.token,expiresAt:new Date(d.expiration).toISOString()}}catch(d){throw new k.CredentialsProviderError(d.message,{tryNextLink:y,logger:f})}else try{o=await I(e)}catch(d){throw new k.CredentialsProviderError("The SSO session associated with this profile is invalid. To refresh this SSO session run aws sso login with the corresponding profile.",{tryNextLink:y,logger:f})}if(new Date(o.expiresAt).getTime()-Date.now()<=0)throw new k.CredentialsProviderError("The SSO session associated with this profile has expired. To refresh this SSO session run aws sso login with the corresponding profile.",{tryNextLink:y,logger:f});const{accessToken:x}=o,{SSOClient:c,GetRoleCredentialsCommand:n}=await import("./chunk-2a328e3beda74e4f.js"),w=S||new c(Object.assign({},a??{},{region:a?.region??t}));let C;try{C=await w.send(new n({accountId:s,roleName:i,accessToken:x}))}catch(d){throw new k.CredentialsProviderError(d,{tryNextLink:y,logger:f})}const{roleCredentials:{accessKeyId:m,secretAccessKey:O,sessionToken:$,expiration:F,credentialScope:L,accountId:M}={}}=C;if(!m||!O||!$||!F)throw new k.CredentialsProviderError("SSO returns an invalid temporary credential.",{tryNextLink:y,logger:f});return{accessKeyId:m,secretAccessKey:O,sessionToken:$,expiration:new Date(F),...L&&{credentialScope:L},...M&&{accountId:M}}};var J=h(_(),1),V=(e,r)=>{const{sso_start_url:s,sso_account_id:t,sso_region:i,sso_role_name:S}=e;if(!s||!t||!i||!S)throw new J.CredentialsProviderError('Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", '+`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:r});return e};var Ee=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:r,ssoAccountId:s,ssoRegion:t,ssoRoleName:i,ssoSession:S}=e,{ssoClient:a}=e,l=N(e);if(!r&&!s&&!t&&!i&&!S){const o=(await P(e))[l];if(!o)throw new T.CredentialsProviderError(`Profile ${l} was not found.`,{logger:e.logger});if(!H(o))throw new T.CredentialsProviderError(`Profile ${l} is not configured with SSO credentials.`,{logger:e.logger});if(o?.sso_session){const m=(await v(e))[o.sso_session],O=` configurations in profile ${l} and sso-session ${o.sso_session}`;if(t&&t!==m.sso_region)throw new T.CredentialsProviderError("Conflicting SSO region"+O,{tryNextLink:!1,logger:e.logger});if(r&&r!==m.sso_start_url)throw new T.CredentialsProviderError("Conflicting SSO start_url"+O,{tryNextLink:!1,logger:e.logger});o.sso_region=m.sso_region,o.sso_start_url=m.sso_start_url}const{sso_start_url:E,sso_account_id:x,sso_region:c,sso_role_name:n,sso_session:w}=V(o,e.logger);return A({ssoStartUrl:E,ssoSession:w,ssoAccountId:x,ssoRegion:c,ssoRoleName:n,ssoClient:a,clientConfig:e.clientConfig,profile:l})}else if(!r||!s||!t||!i)throw new T.CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});else return A({ssoStartUrl:r,ssoSession:S,ssoAccountId:s,ssoRegion:t,ssoRoleName:i,ssoClient:a,clientConfig:e.clientConfig,profile:l})};export{V as validateSsoProfile,H as isSsoProfile,Ee as fromSSO};
+import{y as h} from"./chunk-7ce930fe69575c87.js";import"./chunk-a0003b7feea6fae6.js";import{kb as _} from"./chunk-3cbc1c9cdc091b43.js";import{nb as N,ob as W,pb as I,sb as v,tb as P} from"./chunk-934ebff128f86ef1.js";var T=h(_(),1);var H=(e)=>e&&(typeof e.sso_start_url==="string"||typeof e.sso_account_id==="string"||typeof e.sso_session==="string"||typeof e.sso_region==="string"||typeof e.sso_role_name==="string");var u=h(_(),1);var K=300000,g="To refresh this SSO session run 'aws sso login' with the corresponding profile.";var R={},b=async(e)=>{const{SSOOIDCClient:r}=await import("./chunk-1084614a350762fb.js");if(R[e])return R[e];const s=new r({region:e});return R[e]=s,s};var G=async(e,r)=>{const{CreateTokenCommand:s}=await import("./chunk-1084614a350762fb.js");return(await b(r)).send(new s({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))};var U=h(_(),1);var D=(e)=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new U.TokenProviderError(`Token is expired. ${g}`,!1)};var q=h(_(),1);var p=(e,r,s=!1)=>{if(typeof r==="undefined")throw new q.TokenProviderError(`Value not present for '${e}' in SSO Token${s?". Cannot refresh":""}. ${g}`,!1)};import{promises as B} from"fs";var{writeFile:Q}=B,j=(e,r)=>{const s=W(e),t=JSON.stringify(r,null,2);return Q(s,t)};var X=new Date(0),z=(e={})=>async()=>{e.logger?.debug("@aws-sdk/token-providers - fromSso");const r=await P(e),s=N(e),t=r[s];if(!t)throw new u.TokenProviderError(`Profile '${s}' could not be found in shared credentials file.`,!1);else if(!t.sso_session)throw new u.TokenProviderError(`Profile '${s}' is missing required property 'sso_session'.`);const i=t.sso_session,a=(await v(e))[i];if(!a)throw new u.TokenProviderError(`Sso session '${i}' could not be found in shared credentials file.`,!1);for(let n of["sso_start_url","sso_region"])if(!a[n])throw new u.TokenProviderError(`Sso session '${i}' is missing required property '${n}'.`,!1);const{sso_start_url:l,sso_region:f}=a;let o;try{o=await I(i)}catch(n){throw new u.TokenProviderError(`The SSO session token associated with profile=${s} was not found or is invalid. ${g}`,!1)}p("accessToken",o.accessToken),p("expiresAt",o.expiresAt);const{accessToken:E,expiresAt:x}=o,c={token:E,expiration:new Date(x)};if(c.expiration.getTime()-Date.now()>K)return c;if(Date.now()-X.getTime()<30000)return D(c),c;p("clientId",o.clientId,!0),p("clientSecret",o.clientSecret,!0),p("refreshToken",o.refreshToken,!0);try{X.setTime(Date.now());const n=await G(o,f);p("accessToken",n.accessToken),p("expiresIn",n.expiresIn);const w=new Date(Date.now()+n.expiresIn*1000);try{await j(i,{...o,accessToken:n.accessToken,expiresAt:w.toISOString(),refreshToken:n.refreshToken})}catch(C){}return{token:n.accessToken,expiration:w}}catch(n){return D(c),c}};var k=h(_(),1);var y=!1,A=async({ssoStartUrl:e,ssoSession:r,ssoAccountId:s,ssoRegion:t,ssoRoleName:i,ssoClient:S,clientConfig:a,profile:l,logger:f})=>{let o;const E="To refresh this SSO session run aws sso login with the corresponding profile.";if(r)try{const d=await z({profile:l})();o={accessToken:d.token,expiresAt:new Date(d.expiration).toISOString()}}catch(d){throw new k.CredentialsProviderError(d.message,{tryNextLink:y,logger:f})}else try{o=await I(e)}catch(d){throw new k.CredentialsProviderError("The SSO session associated with this profile is invalid. To refresh this SSO session run aws sso login with the corresponding profile.",{tryNextLink:y,logger:f})}if(new Date(o.expiresAt).getTime()-Date.now()<=0)throw new k.CredentialsProviderError("The SSO session associated with this profile has expired. To refresh this SSO session run aws sso login with the corresponding profile.",{tryNextLink:y,logger:f});const{accessToken:x}=o,{SSOClient:c,GetRoleCredentialsCommand:n}=await import("./chunk-897773d66a89947a.js"),w=S||new c(Object.assign({},a??{},{region:a?.region??t}));let C;try{C=await w.send(new n({accountId:s,roleName:i,accessToken:x}))}catch(d){throw new k.CredentialsProviderError(d,{tryNextLink:y,logger:f})}const{roleCredentials:{accessKeyId:m,secretAccessKey:O,sessionToken:$,expiration:F,credentialScope:L,accountId:M}={}}=C;if(!m||!O||!$||!F)throw new k.CredentialsProviderError("SSO returns an invalid temporary credential.",{tryNextLink:y,logger:f});return{accessKeyId:m,secretAccessKey:O,sessionToken:$,expiration:new Date(F),...L&&{credentialScope:L},...M&&{accountId:M}}};var J=h(_(),1),V=(e,r)=>{const{sso_start_url:s,sso_account_id:t,sso_region:i,sso_role_name:S}=e;if(!s||!t||!i||!S)throw new J.CredentialsProviderError('Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", '+`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:r});return e};var Ee=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:r,ssoAccountId:s,ssoRegion:t,ssoRoleName:i,ssoSession:S}=e,{ssoClient:a}=e,l=N(e);if(!r&&!s&&!t&&!i&&!S){const o=(await P(e))[l];if(!o)throw new T.CredentialsProviderError(`Profile ${l} was not found.`,{logger:e.logger});if(!H(o))throw new T.CredentialsProviderError(`Profile ${l} is not configured with SSO credentials.`,{logger:e.logger});if(o?.sso_session){const m=(await v(e))[o.sso_session],O=` configurations in profile ${l} and sso-session ${o.sso_session}`;if(t&&t!==m.sso_region)throw new T.CredentialsProviderError("Conflicting SSO region"+O,{tryNextLink:!1,logger:e.logger});if(r&&r!==m.sso_start_url)throw new T.CredentialsProviderError("Conflicting SSO start_url"+O,{tryNextLink:!1,logger:e.logger});o.sso_region=m.sso_region,o.sso_start_url=m.sso_start_url}const{sso_start_url:E,sso_account_id:x,sso_region:c,sso_role_name:n,sso_session:w}=V(o,e.logger);return A({ssoStartUrl:E,ssoSession:w,ssoAccountId:x,ssoRegion:c,ssoRoleName:n,ssoClient:a,clientConfig:e.clientConfig,profile:l})}else if(!r||!s||!t||!i)throw new T.CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});else return A({ssoStartUrl:r,ssoSession:S,ssoAccountId:s,ssoRegion:t,ssoRoleName:i,ssoClient:a,clientConfig:e.clientConfig,profile:l})};export{V as validateSsoProfile,H as isSsoProfile,Ee as fromSSO};

package/dist/chunk-18c32b54097c580e.js

@@ -0,0 +1,2 @@
+// @bun
+import"./chunk-293d8be91a9ad4f9.js";import{y as $} from"./chunk-7ce930fe69575c87.js";import{A as ue,B as er,E as be,G as cr,K as je,L as Fe,N as De,O as qe,R as Je,S as Ve,Y as v,Z as t,_ as Vr,aa as _,ba as b,ca as j,da as F,ea as h,la as Sr,ma as a,na as jr,oa as We,pa as fe,qa as rr,ra as sr,ta as d,ua as o,wa as I} from"./chunk-ed21fb7d8c4b675e.js";import{$a as Xe,Aa as dr,Ba as yr,Fa as H,Ga as ee,Ha as re,Ia as tr,Ja as Ie,Ka as Re,La as Pe,Ma as ar,Na as Ae,Oa as Ke,Pa as Me,Qa as Be,Ra as mr,Sa as wr,Ua as E,Va as S,Wa as kr,Xa as Le,Za as Qe,_a as vr,ab as Er,cb as q,db as Ye,eb as Ze,fb as He,gb as Ne,hb as ir,ib as lr,ya as nr,za as or} from"./chunk-ff9a2d6d503e6db6.js";import"./chunk-2665dffd37ead1d9.js";import{kb as R,lb as Ue} from"./chunk-b031077f0a783b82.js";import"./chunk-5fb9d31b7b4629e9.js";import{sb as Ce} from"./chunk-597d5c6772b14a85.js";import"./chunk-51e930ef29de215b.js";var P=$(H(),1);var se=$(q(),1);var Mr=function(e){return{schemeId:"aws.auth#sigv4",signingProperties:{name:"sso-oauth",region:e.region},propertiesExtractor:(s,r)=>({signingProperties:{config:s,context:r}})}},Z=function(e){return{schemeId:"smithy.api#noAuth"}},ie=async(e,s,r)=>{return{operation:ee(s).operation,region:await re(e.region)()||(()=>{throw new Error("expected `region` to be configured for `aws.auth#sigv4`")})()}},le=(e)=>{const s=[];switch(e.operation){case"CreateToken":{s.push(Z(e));break}case"RegisterClient":{s.push(Z(e));break}case"StartDeviceAuthorization":{s.push(Z(e));break}default:s.push(Mr(e))}return s},he=(e)=>{return{...se.resolveAwsSdkSigV4Config(e)}};var ne=(e)=>{return{...e,useDualstackEndpoint:e.useDualstackEndpoint??!1,useFipsEndpoint:e.useFipsEndpoint??!1,defaultSigningName:"sso-oauth"}},k={UseFIPS:{type:"builtInParams",name:"useFipsEndpoint"},Endpoint:{type:"builtInParams",name:"endpoint"},Region:{type:"builtInParams",name:"region"},UseDualStack:{type:"builtInParams",name:"useDualstackEndpoint"}};var oe={name:"@aws-sdk/client-sso-oidc",description:"AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native",version:"3.629.0",scripts:{build:"concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'","build:cjs":"node ../../scripts/compilation/inline client-sso-oidc","build:es":"tsc -p tsconfig.es.json","build:include:deps":"lerna run --scope $npm_package_name --include-dependencies build","build:types":"tsc -p tsconfig.types.json","build:types:downlevel":"downlevel-dts dist-types dist-types/ts3.4",clean:"rimraf ./dist-* && rimraf *.tsbuildinfo","extract:docs":"api-extractor run --local","generate:client":"node ../../scripts/generate-clients/single-service --solo sso-oidc"},main:"./dist-cjs/index.js",types:"./dist-types/index.d.ts",module:"./dist-es/index.js",sideEffects:!1,dependencies:{"@aws-crypto/sha256-browser":"5.2.0","@aws-crypto/sha256-js":"5.2.0","@aws-sdk/core":"3.629.0","@aws-sdk/credential-provider-node":"3.629.0","@aws-sdk/middleware-host-header":"3.620.0","@aws-sdk/middleware-logger":"3.609.0","@aws-sdk/middleware-recursion-detection":"3.620.0","@aws-sdk/middleware-user-agent":"3.620.0","@aws-sdk/region-config-resolver":"3.614.0","@aws-sdk/types":"3.609.0","@aws-sdk/util-endpoints":"3.614.0","@aws-sdk/util-user-agent-browser":"3.609.0","@aws-sdk/util-user-agent-node":"3.614.0","@smithy/config-resolver":"^3.0.5","@smithy/core":"^2.3.2","@smithy/fetch-http-handler":"^3.2.4","@smithy/hash-node":"^3.0.3","@smithy/invalid-dependency":"^3.0.3","@smithy/middleware-content-length":"^3.0.5","@smithy/middleware-endpoint":"^3.1.0","@smithy/middleware-retry":"^3.0.14","@smithy/middleware-serde":"^3.0.3","@smithy/middleware-stack":"^3.0.3","@smithy/node-config-provider":"^3.1.4","@smithy/node-http-handler":"^3.1.4","@smithy/protocol-http":"^4.1.0","@smithy/smithy-client":"^3.1.12","@smithy/types":"^3.3.0","@smithy/url-parser":"^3.0.3","@smithy/util-base64":"^3.0.0","@smithy/util-body-length-browser":"^3.0.0","@smithy/util-body-length-node":"^3.0.0","@smithy/util-defaults-mode-browser":"^3.0.14","@smithy/util-defaults-mode-node":"^3.0.14","@smithy/util-endpoints":"^2.0.5","@smithy/util-middleware":"^3.0.3","@smithy/util-retry":"^3.0.3","@smithy/util-utf8":"^3.0.0",tslib:"^2.6.2"},devDependencies:{"@tsconfig/node16":"16.1.3","@types/node":"^16.18.96",concurrently:"7.0.0","downlevel-dts":"0.10.1",rimraf:"3.0.2",typescript:"~4.9.5"},engines:{node:">=16.0.0"},typesVersions:{"<4.0":{"dist-types/*":["dist-types/ts3.4/*"]}},files:["dist-*/**"],author:{name:"AWS SDK for JavaScript Team",url:"https://aws.amazon.com/javascript/"},license:"Apache-2.0",peerDependencies:{"@aws-sdk/client-sts":"^3.629.0"},browser:{"./dist-es/runtimeConfig":"./dist-es/runtimeConfig.browser"},"react-native":{"./dist-es/runtimeConfig":"./dist-es/runtimeConfig.native"},homepage:"https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc",repository:{type:"git",url:"https://github.com/aws/aws-sdk-js-v3.git",directory:"clients/client-sso-oidc"}};var _e=$(q(),1);var xe=$(q(),1),ze=$(H(),1);var de={["required"]:!1,type:"String"},ye={["required"]:!0,default:!1,type:"Boolean"},ce={["ref"]:"Endpoint"},ve={["fn"]:"booleanEquals",["argv"]:[{["ref"]:"UseFIPS"},!0]},Ee={["fn"]:"booleanEquals",["argv"]:[{["ref"]:"UseDualStack"},!0]},m={},te={["fn"]:"getAttr",["argv"]:[{["ref"]:"PartitionResult"},"supportsFIPS"]},Se={["ref"]:"PartitionResult"},ae={["fn"]:"booleanEquals",["argv"]:[!0,{["fn"]:"getAttr",["argv"]:[Se,"supportsDualStack"]}]},me=[ve],we=[Ee],ke=[{["ref"]:"Region"}],Lr={version:"1.0",parameters:{Region:de,UseDualStack:ye,UseFIPS:ye,Endpoint:de},rules:[{conditions:[{["fn"]:"isSet",["argv"]:[ce]}],rules:[{conditions:me,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:"error"},{conditions:we,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:"error"},{endpoint:{url:ce,properties:m,headers:m},type:"endpoint"}],type:"tree"},{conditions:[{["fn"]:"isSet",["argv"]:ke}],rules:[{conditions:[{["fn"]:"aws.partition",["argv"]:ke,assign:"PartitionResult"}],rules:[{conditions:[ve,Ee],rules:[{conditions:[{["fn"]:"booleanEquals",["argv"]:[!0,te]},ae],rules:[{endpoint:{url:"https://oidc-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:"error"}],type:"tree"},{conditions:me,rules:[{conditions:[{["fn"]:"booleanEquals",["argv"]:[te,!0]}],rules:[{conditions:[{["fn"]:"stringEquals",["argv"]:[{["fn"]:"getAttr",["argv"]:[Se,"name"]},"aws-us-gov"]}],endpoint:{url:"https://oidc.{Region}.amazonaws.com",properties:m,headers:m},type:"endpoint"},{endpoint:{url:"https://oidc-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"},{error:"FIPS is enabled but this partition does not support FIPS",type:"error"}],type:"tree"},{conditions:we,rules:[{conditions:[ae],rules:[{endpoint:{url:"https://oidc.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"},{error:"DualStack is enabled but this partition does not support DualStack",type:"error"}],type:"tree"},{endpoint:{url:"https://oidc.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:"endpoint"}],type:"tree"}],type:"tree"},{error:"Invalid Configuration: Missing Region",type:"error"}]},$e=Lr;var Te=(e,s={})=>{return Re($e,{endpointParams:e,logger:s.logger})};Ie.aws=Pe;var Ge=(e)=>{return{apiVersion:"2019-06-10",base64Decoder:e?.base64Decoder??je,base64Encoder:e?.base64Encoder??qe,disableHostPrefix:e?.disableHostPrefix??!1,endpointProvider:e?.endpointProvider??Te,extensions:e?.extensions??[],httpAuthSchemeProvider:e?.httpAuthSchemeProvider??le,httpAuthSchemes:e?.httpAuthSchemes??[{schemeId:"aws.auth#sigv4",identityProvider:(s)=>s.getIdentityProvider("aws.auth#sigv4"),signer:new xe.AwsSdkSigV4Signer},{schemeId:"smithy.api#noAuth",identityProvider:(s)=>s.getIdentityProvider("smithy.api#noAuth")||(async()=>({})),signer:new ze.NoAuthSigner}],logger:e?.logger??new be,serviceId:e?.serviceId??"SSO OIDC",urlParser:e?.urlParser??Ue,utf8Decoder:e?.utf8Decoder??Fe,utf8Encoder:e?.utf8Encoder??De}};var pe=(e)=>{fe(process.version);const s=Ne(e),r=()=>s().then(We),i=Ge(e);return _e.emitWarningIfUnsupportedVersion(process.version),{...i,...e,runtime:"node",defaultsMode:s,bodyLengthChecker:e?.bodyLengthChecker??He,credentialDefaultProvider:e?.credentialDefaultProvider??Ce,defaultUserAgentProvider:e?.defaultUserAgentProvider??Ye({serviceId:i.serviceId,clientVersion:oe.version}),maxAttempts:e?.maxAttempts??R(Qe),region:e?.region??R(Me,Be),requestHandler:Je.create(e?.requestHandler??r),retryMode:e?.retryMode??R({...Xe,default:async()=>(await r()).retryMode||Le}),sha256:e?.sha256??Ze.bind(null,"sha256"),streamCollector:e?.streamCollector??Ve,useDualstackEndpoint:e?.useDualstackEndpoint??R(Ae),useFipsEndpoint:e?.useFipsEndpoint??R(Ke)}};var ge=(e)=>{const s=e.httpAuthSchemes;let{httpAuthSchemeProvider:r,credentials:i}=e;return{setHttpAuthScheme(l){const n=s.findIndex((T)=>T.schemeId===l.schemeId);if(n===-1)s.push(l);else s.splice(n,1,l)},httpAuthSchemes(){return s},setHttpAuthSchemeProvider(l){r=l},httpAuthSchemeProvider(){return r},setCredentials(l){i=l},credentials(){return i}}},Oe=(e)=>{return{httpAuthSchemes:e.httpAuthSchemes(),httpAuthSchemeProvider:e.httpAuthSchemeProvider(),credentials:e.credentials()}};var U=(e)=>e,hr=(e,s)=>{const r={...U(ir(e)),...U(rr(e)),...U(ue(e)),...U(ge(e))};return s.forEach((i)=>i.configure(r)),{...e,...lr(r),...sr(r),...er(r),...Oe(r)}};class N extends cr{constructor(...[e]){const s=pe(e||{}),r=ne(s),i=tr(r),l=vr(i),n=mr(l),T=nr(n),fr=kr(T),Ar=he(fr),u=hr(Ar,e?.extensions||[]);super(u);this.config=u,this.middlewareStack.use(ar(this.config)),this.middlewareStack.use(Er(this.config)),this.middlewareStack.use(wr(this.config)),this.middlewareStack.use(or(this.config)),this.middlewareStack.use(dr(this.config)),this.middlewareStack.use(yr(this.config)),this.middlewareStack.use(P.getHttpAuthSchemeEndpointRuleSetPlugin(this.config,{httpAuthSchemeParametersProvider:ie,identityProviderConfigProvider:async(Kr)=>new P.DefaultIdentityProviderConfig({"aws.auth#sigv4":Kr.credentials})})),this.middlewareStack.use(P.getHttpSigningPlugin(this.config))}destroy(){super.destroy()}}class y extends Sr{constructor(e){super(e);Object.setPrototypeOf(this,y.prototype)}}class x extends y{constructor(e){super({name:"AccessDeniedException",$fault:"client",...e});this.name="AccessDeniedException",this.$fault="client",Object.setPrototypeOf(this,x.prototype),this.error=e.error,this.error_description=e.error_description}}class z extends y{constructor(e){super({name:"AuthorizationPendingException",$fault:"client",...e});this.name="AuthorizationPendingException",this.$fault="client",Object.setPrototypeOf(this,z.prototype),this.error=e.error,this.error_description=e.error_description}}class G extends y{constructor(e){super({name:"ExpiredTokenException",$fault:"client",...e});this.name="ExpiredTokenException",this.$fault="client",Object.setPrototypeOf(this,G.prototype),this.error=e.error,this.error_description=e.error_description}}class J extends y{constructor(e){super({name:"InternalServerException",$fault:"server",...e});this.name="InternalServerException",this.$fault="server",Object.setPrototypeOf(this,J.prototype),this.error=e.error,this.error_description=e.error_description}}class V extends y{constructor(e){super({name:"InvalidClientException",$fault:"client",...e});this.name="InvalidClientException",this.$fault="client",Object.setPrototypeOf(this,V.prototype),this.error=e.error,this.error_description=e.error_description}}class W extends y{constructor(e){super({name:"InvalidGrantException",$fault:"client",...e});this.name="InvalidGrantException",this.$fault="client",Object.setPrototypeOf(this,W.prototype),this.error=e.error,this.error_description=e.error_description}}class f extends y{constructor(e){super({name:"InvalidRequestException",$fault:"client",...e});this.name="InvalidRequestException",this.$fault="client",Object.setPrototypeOf(this,f.prototype),this.error=e.error,this.error_description=e.error_description}}class A extends y{constructor(e){super({name:"InvalidScopeException",$fault:"client",...e});this.name="InvalidScopeException",this.$fault="client",Object.setPrototypeOf(this,A.prototype),this.error=e.error,this.error_description=e.error_description}}class K extends y{constructor(e){super({name:"SlowDownException",$fault:"client",...e});this.name="SlowDownException",this.$fault="client",Object.setPrototypeOf(this,K.prototype),this.error=e.error,this.error_description=e.error_description}}class M extends y{constructor(e){super({name:"UnauthorizedClientException",$fault:"client",...e});this.name="UnauthorizedClientException",this.$fault="client",Object.setPrototypeOf(this,M.prototype),this.error=e.error,this.error_description=e.error_description}}class B extends y{constructor(e){super({name:"UnsupportedGrantTypeException",$fault:"client",...e});this.name="UnsupportedGrantTypeException",this.$fault="client",Object.setPrototypeOf(this,B.prototype),this.error=e.error,this.error_description=e.error_description}}class L extends y{constructor(e){super({name:"InvalidRequestRegionException",$fault:"client",...e});this.name="InvalidRequestRegionException",this.$fault="client",Object.setPrototypeOf(this,L.prototype),this.error=e.error,this.error_description=e.error_description,this.endpoint=e.endpoint,this.region=e.region}}class Q extends y{constructor(e){super({name:"InvalidClientMetadataException",$fault:"client",...e});this.name="InvalidClientMetadataException",this.$fault="client",Object.setPrototypeOf(this,Q.prototype),this.error=e.error,this.error_description=e.error_description}}class X extends y{constructor(e){super({name:"InvalidRedirectUriException",$fault:"client",...e});this.name="InvalidRedirectUriException",this.$fault="client",Object.setPrototypeOf(this,X.prototype),this.error=e.error,this.error_description=e.error_description}}var $r=(e)=>({...e,...e.clientSecret&&{clientSecret:t},...e.refreshToken&&{refreshToken:t},...e.codeVerifier&&{codeVerifier:t}}),Ir=(e)=>({...e,...e.accessToken&&{accessToken:t},...e.refreshToken&&{refreshToken:t},...e.idToken&&{idToken:t}}),Rr=(e)=>({...e,...e.refreshToken&&{refreshToken:t},...e.assertion&&{assertion:t},...e.subjectToken&&{subjectToken:t},...e.codeVerifier&&{codeVerifier:t}}),Pr=(e)=>({...e,...e.accessToken&&{accessToken:t},...e.refreshToken&&{refreshToken:t},...e.idToken&&{idToken:t}}),Tr=(e)=>({...e,...e.clientSecret&&{clientSecret:t}}),br=(e)=>({...e,...e.clientSecret&&{clientSecret:t}});var w=$(q(),1),D=$(H(),1);var Fr=async(e,s)=>{const r=D.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/token");let l;return l=JSON.stringify(o(e,{clientId:[],clientSecret:[],code:[],codeVerifier:[],deviceCode:[],grantType:[],redirectUri:[],refreshToken:[],scope:(n)=>I(n)})),r.m("POST").h(i).b(l),r.build()},Dr=async(e,s)=>{const r=D.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/token");const l=d({[is]:[,"t"]});let n;return n=JSON.stringify(o(e,{assertion:[],clientId:[],code:[],codeVerifier:[],grantType:[],redirectUri:[],refreshToken:[],requestedTokenType:[],scope:(T)=>I(T),subjectToken:[],subjectTokenType:[]})),r.m("POST").h(i).q(l).b(n),r.build()},qr=async(e,s)=>{const r=D.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/client/register");let l;return l=JSON.stringify(o(e,{clientName:[],clientType:[],entitledApplicationArn:[],grantTypes:(n)=>I(n),issuerUrl:[],redirectUris:(n)=>I(n),scopes:(n)=>I(n)})),r.m("POST").h(i).b(l),r.build()},Ur=async(e,s)=>{const r=D.requestBuilder(e,s),i={"content-type":"application/json"};r.bp("/device_authorization");let l;return l=JSON.stringify(o(e,{clientId:[],clientSecret:[],startUrl:[]})),r.m("POST").h(i).b(l),r.build()},xr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return Y(e,s);const r=d({$metadata:c(e)}),i=j(F(await w.parseJsonBody(e.body,s)),"body"),l=o(i,{accessToken:h,expiresIn:b,idToken:h,refreshToken:h,tokenType:h});return Object.assign(r,l),r},zr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return Y(e,s);const r=d({$metadata:c(e)}),i=j(F(await w.parseJsonBody(e.body,s)),"body"),l=o(i,{accessToken:h,expiresIn:b,idToken:h,issuedTokenType:h,refreshToken:h,scope:I,tokenType:h});return Object.assign(r,l),r},Gr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return Y(e,s);const r=d({$metadata:c(e)}),i=j(F(await w.parseJsonBody(e.body,s)),"body"),l=o(i,{authorizationEndpoint:h,clientId:h,clientIdIssuedAt:_,clientSecret:h,clientSecretExpiresAt:_,tokenEndpoint:h});return Object.assign(r,l),r},Jr=async(e,s)=>{if(e.statusCode!==200&&e.statusCode>=300)return Y(e,s);const r=d({$metadata:c(e)}),i=j(F(await w.parseJsonBody(e.body,s)),"body"),l=o(i,{deviceCode:h,expiresIn:b,interval:b,userCode:h,verificationUri:h,verificationUriComplete:h});return Object.assign(r,l),r},Y=async(e,s)=>{const r={...e,body:await w.parseJsonErrorBody(e.body,s)},i=w.loadRestJsonErrorCode(e,r.body);switch(i){case"AccessDeniedException":case"com.amazonaws.ssooidc#AccessDeniedException":throw await Xr(r,s);case"AuthorizationPendingException":case"com.amazonaws.ssooidc#AuthorizationPendingException":throw await Yr(r,s);case"ExpiredTokenException":case"com.amazonaws.ssooidc#ExpiredTokenException":throw await Zr(r,s);case"InternalServerException":case"com.amazonaws.ssooidc#InternalServerException":throw await Hr(r,s);case"InvalidClientException":case"com.amazonaws.ssooidc#InvalidClientException":throw await Nr(r,s);case"InvalidGrantException":case"com.amazonaws.ssooidc#InvalidGrantException":throw await pr(r,s);case"InvalidRequestException":case"com.amazonaws.ssooidc#InvalidRequestException":throw await gr(r,s);case"InvalidScopeException":case"com.amazonaws.ssooidc#InvalidScopeException":throw await ur(r,s);case"SlowDownException":case"com.amazonaws.ssooidc#SlowDownException":throw await es(r,s);case"UnauthorizedClientException":case"com.amazonaws.ssooidc#UnauthorizedClientException":throw await rs(r,s);case"UnsupportedGrantTypeException":case"com.amazonaws.ssooidc#UnsupportedGrantTypeException":throw await ss(r,s);case"InvalidRequestRegionException":case"com.amazonaws.ssooidc#InvalidRequestRegionException":throw await Or(r,s);case"InvalidClientMetadataException":case"com.amazonaws.ssooidc#InvalidClientMetadataException":throw await _r(r,s);case"InvalidRedirectUriException":case"com.amazonaws.ssooidc#InvalidRedirectUriException":throw await Cr(r,s);default:const l=r.body;return Qr({output:e,parsedBody:l,errorCode:i})}},Qr=jr(y),Xr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new x({$metadata:c(e),...r});return a(n,e.body)},Yr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new z({$metadata:c(e),...r});return a(n,e.body)},Zr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new G({$metadata:c(e),...r});return a(n,e.body)},Hr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new J({$metadata:c(e),...r});return a(n,e.body)},Nr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new V({$metadata:c(e),...r});return a(n,e.body)},_r=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new Q({$metadata:c(e),...r});return a(n,e.body)},pr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new W({$metadata:c(e),...r});return a(n,e.body)},Cr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new X({$metadata:c(e),...r});return a(n,e.body)},gr=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new f({$metadata:c(e),...r});return a(n,e.body)},Or=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{endpoint:h,error:h,error_description:h,region:h});Object.assign(r,l);const n=new L({$metadata:c(e),...r});return a(n,e.body)},ur=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new A({$metadata:c(e),...r});return a(n,e.body)},es=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new K({$metadata:c(e),...r});return a(n,e.body)},rs=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new M({$metadata:c(e),...r});return a(n,e.body)},ss=async(e,s)=>{const r=d({}),i=e.body,l=o(i,{error:h,error_description:h});Object.assign(r,l);const n=new B({$metadata:c(e),...r});return a(n,e.body)},c=(e)=>({httpStatusCode:e.statusCode,requestId:e.headers["x-amzn-requestid"]??e.headers["x-amzn-request-id"]??e.headers["x-amz-request-id"],extendedRequestId:e.headers["x-amz-id-2"],cfId:e.headers["x-amz-cf-id"]});var is="aws_iam";class p extends v.classBuilder().ep({...k}).m(function(e,s,r,i){return[E(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","CreateToken",{}).n("SSOOIDCClient","CreateTokenCommand").f($r,Ir).ser(Fr).de(xr).build(){}class C extends v.classBuilder().ep({...k}).m(function(e,s,r,i){return[E(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","CreateTokenWithIAM",{}).n("SSOOIDCClient","CreateTokenWithIAMCommand").f(Rr,Pr).ser(Dr).de(zr).build(){}class g extends v.classBuilder().ep({...k}).m(function(e,s,r,i){return[E(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","RegisterClient",{}).n("SSOOIDCClient","RegisterClientCommand").f(void 0,Tr).ser(qr).de(Gr).build(){}class O extends v.classBuilder().ep({...k}).m(function(e,s,r,i){return[E(r,this.serialize,this.deserialize),S(r,e.getEndpointParameterInstructions())]}).s("AWSSSOOIDCService","StartDeviceAuthorization",{}).n("SSOOIDCClient","StartDeviceAuthorizationCommand").f(br,void 0).ser(Ur).de(Jr).build(){}var ls={CreateTokenCommand:p,CreateTokenWithIAMCommand:C,RegisterClientCommand:g,StartDeviceAuthorizationCommand:O};class Wr extends N{}Vr(ls,Wr);export{cr as __Client,B as UnsupportedGrantTypeException,M as UnauthorizedClientException,br as StartDeviceAuthorizationRequestFilterSensitiveLog,O as StartDeviceAuthorizationCommand,K as SlowDownException,y as SSOOIDCServiceException,N as SSOOIDCClient,Wr as SSOOIDC,Tr as RegisterClientResponseFilterSensitiveLog,g as RegisterClientCommand,A as InvalidScopeException,L as InvalidRequestRegionException,f as InvalidRequestException,X as InvalidRedirectUriException,W as InvalidGrantException,Q as InvalidClientMetadataException,V as InvalidClientException,J as InternalServerException,G as ExpiredTokenException,Pr as CreateTokenWithIAMResponseFilterSensitiveLog,Rr as CreateTokenWithIAMRequestFilterSensitiveLog,C as CreateTokenWithIAMCommand,Ir as CreateTokenResponseFilterSensitiveLog,$r as CreateTokenRequestFilterSensitiveLog,p as CreateTokenCommand,z as AuthorizationPendingException,x as AccessDeniedException,v as $Command};

package/dist/chunk-1900e90c372bb1d6.js

@@ -1,2 +1,2 @@
 // @bun
-import"./chunk-7ce930fe69575c87.js";import{lb as E} from"./chunk-ff086fe014985526.js";import{readFileSync as l} from"fs";var t=(e)=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken");const{roleArn:o,roleSessionName:r,webIdentityToken:n,providerId:c,policyArns:i,policy:_,durationSeconds:N}=e;let{roleAssumerWithWebIdentity:s}=e;if(!s){const{getDefaultRoleAssumerWithWebIdentity:d}=await import("./chunk-60d70dcbf4e79276.js");s=d({...e.clientConfig,credentialProviderLogger:e.logger,parentClientConfig:e.parentClientConfig},e.clientPlugins)}return s({RoleArn:o,RoleSessionName:r??`aws-sdk-js-session-${Date.now()}`,WebIdentityToken:n,ProviderId:c,PolicyArns:i,Policy:_,DurationSeconds:N})};var m="AWS_WEB_IDENTITY_TOKEN_FILE",S="AWS_ROLE_ARN",p="AWS_ROLE_SESSION_NAME",A=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile");const o=e?.webIdentityTokenFile??process.env[m],r=e?.roleArn??process.env[S],n=e?.roleSessionName??process.env[p];if(!o||!r)throw new E("Web identity configuration not specified",{logger:e.logger});return t({...e,webIdentityToken:l(o,{encoding:"ascii"}),roleArn:r,roleSessionName:n})()};export{t as fromWebToken,A as fromTokenFile};
+import"./chunk-7ce930fe69575c87.js";import{lb as E} from"./chunk-ff086fe014985526.js";import{readFileSync as l} from"fs";var t=(e)=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken");const{roleArn:o,roleSessionName:r,webIdentityToken:n,providerId:c,policyArns:i,policy:_,durationSeconds:N}=e;let{roleAssumerWithWebIdentity:s}=e;if(!s){const{getDefaultRoleAssumerWithWebIdentity:d}=await import("./chunk-f9e6a0a946ebb032.js");s=d({...e.clientConfig,credentialProviderLogger:e.logger,parentClientConfig:e.parentClientConfig},e.clientPlugins)}return s({RoleArn:o,RoleSessionName:r??`aws-sdk-js-session-${Date.now()}`,WebIdentityToken:n,ProviderId:c,PolicyArns:i,Policy:_,DurationSeconds:N})};var m="AWS_WEB_IDENTITY_TOKEN_FILE",S="AWS_ROLE_ARN",p="AWS_ROLE_SESSION_NAME",A=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile");const o=e?.webIdentityTokenFile??process.env[m],r=e?.roleArn??process.env[S],n=e?.roleSessionName??process.env[p];if(!o||!r)throw new E("Web identity configuration not specified",{logger:e.logger});return t({...e,webIdentityToken:l(o,{encoding:"ascii"}),roleArn:r,roleSessionName:n})()};export{t as fromWebToken,A as fromTokenFile};

package/dist/chunk-269dd2cd89aa1c32.js

@@ -0,0 +1,2 @@
+// @bun
+import"./chunk-7ce930fe69575c87.js";import{nb as E} from"./chunk-5fb9d31b7b4629e9.js";import{readFileSync as l} from"fs";var t=(e)=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromWebToken");const{roleArn:o,roleSessionName:r,webIdentityToken:n,providerId:c,policyArns:i,policy:_,durationSeconds:N}=e;let{roleAssumerWithWebIdentity:s}=e;if(!s){const{getDefaultRoleAssumerWithWebIdentity:d}=await import("./chunk-4e9d5acfa5541d1b.js");s=d({...e.clientConfig,credentialProviderLogger:e.logger,parentClientConfig:e.parentClientConfig},e.clientPlugins)}return s({RoleArn:o,RoleSessionName:r??`aws-sdk-js-session-${Date.now()}`,WebIdentityToken:n,ProviderId:c,PolicyArns:i,Policy:_,DurationSeconds:N})};var m="AWS_WEB_IDENTITY_TOKEN_FILE",S="AWS_ROLE_ARN",p="AWS_ROLE_SESSION_NAME",A=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-web-identity - fromTokenFile");const o=e?.webIdentityTokenFile??process.env[m],r=e?.roleArn??process.env[S],n=e?.roleSessionName??process.env[p];if(!o||!r)throw new E("Web identity configuration not specified",{logger:e.logger});return t({...e,webIdentityToken:l(o,{encoding:"ascii"}),roleArn:r,roleSessionName:n})()};export{t as fromWebToken,A as fromTokenFile};

package/dist/chunk-293d8be91a9ad4f9.js

@@ -0,0 +1,2 @@
+// @bun
+import"./chunk-7ce930fe69575c87.js";import{nb as E} from"./chunk-5fb9d31b7b4629e9.js";var _="AWS_ACCESS_KEY_ID",S="AWS_SECRET_ACCESS_KEY",p="AWS_SESSION_TOKEN",A="AWS_CREDENTIAL_EXPIRATION",C="AWS_CREDENTIAL_SCOPE",N="AWS_ACCOUNT_ID",a=(e)=>async()=>{e?.logger?.debug("@aws-sdk/credential-provider-env - fromEnv");const o=process.env[_],r=process.env[S],n=process.env[p],s=process.env[A],t=process.env[C],c=process.env[N];if(o&&r)return{accessKeyId:o,secretAccessKey:r,...n&&{sessionToken:n},...s&&{expiration:new Date(s)},...t&&{credentialScope:t},...c&&{accountId:c}};throw new E("Unable to find environment variable credentials.",{logger:e?.logger})};export{a as fromEnv,p as ENV_SESSION,S as ENV_SECRET,_ as ENV_KEY,A as ENV_EXPIRATION,C as ENV_CREDENTIAL_SCOPE,N as ENV_ACCOUNT_ID};export{_ as t,S as u,a as v};

package/dist/chunk-32f3d5e11b4bc87d.js

@@ -0,0 +1,2 @@
+// @bun
+import"./chunk-7ce930fe69575c87.js";import"./chunk-2665dffd37ead1d9.js";import{nb as i,ob as f} from"./chunk-5fb9d31b7b4629e9.js";import{Ab as N,ub as y,vb as K,wb as E,zb as C} from"./chunk-51e930ef29de215b.js";var F=(e)=>e&&(typeof e.sso_start_url==="string"||typeof e.sso_account_id==="string"||typeof e.sso_session==="string"||typeof e.sso_region==="string"||typeof e.sso_role_name==="string");var L=300000,_="To refresh this SSO session run 'aws sso login' with the corresponding profile.";var I={},M=async(e)=>{const{SSOOIDCClient:r}=await import("./chunk-18c32b54097c580e.js");if(I[e])return I[e];const s=new r({region:e});return I[e]=s,s};var H=async(e,r)=>{const{CreateTokenCommand:s}=await import("./chunk-18c32b54097c580e.js");return(await M(r)).send(new s({clientId:e.clientId,clientSecret:e.clientSecret,refreshToken:e.refreshToken,grantType:"refresh_token"}))};var v=(e)=>{if(e.expiration&&e.expiration.getTime()<Date.now())throw new f(`Token is expired. ${_}`,!1)};var m=(e,r,s=!1)=>{if(typeof r==="undefined")throw new f(`Value not present for '${e}' in SSO Token${s?". Cannot refresh":""}. ${_}`,!1)};import{promises as W} from"fs";var{writeFile:j}=W,b=(e,r)=>{const s=K(e),t=JSON.stringify(r,null,2);return j(s,t)};var G=new Date(0),U=(e={})=>async()=>{e.logger?.debug("@aws-sdk/token-providers - fromSso");const r=await N(e),s=y(e),t=r[s];if(!t)throw new f(`Profile '${s}' could not be found in shared credentials file.`,!1);else if(!t.sso_session)throw new f(`Profile '${s}' is missing required property 'sso_session'.`);const a=t.sso_session,c=(await C(e))[a];if(!c)throw new f(`Sso session '${a}' could not be found in shared credentials file.`,!1);for(let n of["sso_start_url","sso_region"])if(!c[n])throw new f(`Sso session '${a}' is missing required property '${n}'.`,!1);const{sso_start_url:p,sso_region:S}=c;let o;try{o=await E(a)}catch(n){throw new f(`The SSO session token associated with profile=${s} was not found or is invalid. ${_}`,!1)}m("accessToken",o.accessToken),m("expiresAt",o.expiresAt);const{accessToken:x,expiresAt:u}=o,l={token:x,expiration:new Date(u)};if(l.expiration.getTime()-Date.now()>L)return l;if(Date.now()-G.getTime()<30000)return v(l),l;m("clientId",o.clientId,!0),m("clientSecret",o.clientSecret,!0),m("refreshToken",o.refreshToken,!0);try{G.setTime(Date.now());const n=await H(o,S);m("accessToken",n.accessToken),m("expiresIn",n.expiresIn);const h=new Date(Date.now()+n.expiresIn*1000);try{await b(a,{...o,accessToken:n.accessToken,expiresAt:h.toISOString(),refreshToken:n.refreshToken})}catch(O){}return{token:n.accessToken,expiration:h}}catch(n){return v(l),l}};var T=!1,P=async({ssoStartUrl:e,ssoSession:r,ssoAccountId:s,ssoRegion:t,ssoRoleName:a,ssoClient:d,clientConfig:c,profile:p,logger:S})=>{let o;const x="To refresh this SSO session run aws sso login with the corresponding profile.";if(r)try{const g=await U({profile:p})();o={accessToken:g.token,expiresAt:new Date(g.expiration).toISOString()}}catch(g){throw new i(g.message,{tryNextLink:T,logger:S})}else try{o=await E(e)}catch(g){throw new i("The SSO session associated with this profile is invalid. To refresh this SSO session run aws sso login with the corresponding profile.",{tryNextLink:T,logger:S})}if(new Date(o.expiresAt).getTime()-Date.now()<=0)throw new i("The SSO session associated with this profile has expired. To refresh this SSO session run aws sso login with the corresponding profile.",{tryNextLink:T,logger:S});const{accessToken:u}=o,{SSOClient:l,GetRoleCredentialsCommand:n}=await import("./chunk-85d5e5d7ff832255.js"),h=d||new l(Object.assign({},c??{},{region:c?.region??t}));let O;try{O=await h.send(new n({accountId:s,roleName:a,accessToken:u}))}catch(g){throw new i(g,{tryNextLink:T,logger:S})}const{roleCredentials:{accessKeyId:w,secretAccessKey:k,sessionToken:R,expiration:D,credentialScope:A,accountId:$}={}}=O;if(!w||!k||!R||!D)throw new i("SSO returns an invalid temporary credential.",{tryNextLink:T,logger:S});return{accessKeyId:w,secretAccessKey:k,sessionToken:R,expiration:new Date(D),...A&&{credentialScope:A},...$&&{accountId:$}}};var q=(e,r)=>{const{sso_start_url:s,sso_account_id:t,sso_region:a,sso_role_name:d}=e;if(!s||!t||!a||!d)throw new i('Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", '+`"sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(e).join(", ")}\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`,{tryNextLink:!1,logger:r});return e};var Ee=(e={})=>async()=>{e.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");const{ssoStartUrl:r,ssoAccountId:s,ssoRegion:t,ssoRoleName:a,ssoSession:d}=e,{ssoClient:c}=e,p=y(e);if(!r&&!s&&!t&&!a&&!d){const o=(await N(e))[p];if(!o)throw new i(`Profile ${p} was not found.`,{logger:e.logger});if(!F(o))throw new i(`Profile ${p} is not configured with SSO credentials.`,{logger:e.logger});if(o?.sso_session){const w=(await C(e))[o.sso_session],k=` configurations in profile ${p} and sso-session ${o.sso_session}`;if(t&&t!==w.sso_region)throw new i("Conflicting SSO region"+k,{tryNextLink:!1,logger:e.logger});if(r&&r!==w.sso_start_url)throw new i("Conflicting SSO start_url"+k,{tryNextLink:!1,logger:e.logger});o.sso_region=w.sso_region,o.sso_start_url=w.sso_start_url}const{sso_start_url:x,sso_account_id:u,sso_region:l,sso_role_name:n,sso_session:h}=q(o,e.logger);return P({ssoStartUrl:x,ssoSession:h,ssoAccountId:u,ssoRegion:l,ssoRoleName:n,ssoClient:c,clientConfig:e.clientConfig,profile:p})}else if(!r||!s||!t||!a)throw new i('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"',{tryNextLink:!1,logger:e.logger});else return P({ssoStartUrl:r,ssoSession:d,ssoAccountId:s,ssoRegion:t,ssoRoleName:a,ssoClient:c,clientConfig:e.clientConfig,profile:p})};export{q as validateSsoProfile,F as isSsoProfile,Ee as fromSSO};