piral-oauth2 1.5.3-beta.6948 → 1.5.3-beta.6960

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/esm/client-oauth2.d.ts +140 -0
  2. package/esm/client-oauth2.js +528 -0
  3. package/esm/client-oauth2.js.map +1 -0
  4. package/esm/setup.js +2 -2
  5. package/esm/setup.js.map +1 -1
  6. package/esm/types.d.ts +1 -2
  7. package/lib/client-oauth2.d.ts +140 -0
  8. package/lib/client-oauth2.js +533 -0
  9. package/lib/client-oauth2.js.map +1 -0
  10. package/lib/setup.js +3 -4
  11. package/lib/setup.js.map +1 -1
  12. package/lib/types.d.ts +1 -2
  13. package/package.json +3 -6
  14. package/piral-oauth2.min.js +1 -1
  15. package/src/client-oauth2.ts +684 -0
  16. package/src/setup.ts +7 -7
  17. package/src/types.ts +1 -3
package/piral-oauth2.min.js CHANGED
@@ -1 +1 @@
1
- var piralOAuth2=(()=>{var ce=Object.create;var x=Object.defineProperty;var ue=Object.getOwnPropertyDescriptor;var he=Object.getOwnPropertyNames;var de=Object.getPrototypeOf,le=Object.prototype.hasOwnProperty;var $=e=>x(e,"__esModule",{value:!0});var y=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),fe=(e,t)=>{$(e);for(var n in t)x(e,n,{get:t[n],enumerable:!0})},pe=(e,t,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of he(t))!le.call(e,r)&&r!=="default"&&x(e,r,{get:()=>t[r],enumerable:!(n=ue(t,r))||n.enumerable});return e},ge=e=>pe($(x(e!=null?ce(de(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var X=y(()=>{});var Q=y((Se,K)=>{"use strict";function me(e,t){return Object.prototype.hasOwnProperty.call(e,t)}K.exports=function(e,t,n,r){t=t||"&",n=n||"=";var o={};if(typeof e!="string"||e.length===0)return o;var i=/\+/g;e=e.split(t);var s=1e3;r&&typeof r.maxKeys=="number"&&(s=r.maxKeys);var a=e.length;s>0&&a>s&&(a=s);for(var d=0;d<a;++d){var p=e[d].replace(i,"%20"),m=p.indexOf(n),T,w,l,h;m>=0?(T=p.substr(0,m),w=p.substr(m+1)):(T=p,w=""),l=decodeURIComponent(T),h=decodeURIComponent(w),me(o,l)?Array.isArray(o[l])?o[l].push(h):o[l]=[o[l],h]:o[l]=h}return o}});var V=y((Ce,G)=>{"use strict";var v=function(e){switch(typeof e){case"string":return e;case"boolean":return e?"true":"false";case"number":return isFinite(e)?e:"";default:return""}};G.exports=function(e,t,n,r){return t=t||"&",n=n||"=",e===null&&(e=void 0),typeof e=="object"?Object.keys(e).map(function(o){var i=encodeURIComponent(v(o))+n;return Array.isArray(e[o])?e[o].map(function(s){return i+encodeURIComponent(v(s))}).join(t):i+encodeURIComponent(v(e[o]))}).filter(Boolean).join(t):r?encodeURIComponent(v(r))+n+encodeURIComponent(v(e)):""}});var W=y(k=>{"use strict";k.decode=k.parse=Q();k.encode=k.stringify=V()});var Z=y((ze,Y)=>{Y.exports=function(t,n,r,o){return new Promise(function(i,s){var a=new window.XMLHttpRequest;a.open(t,n),a.onload=function(){return i({status:a.status,body:a.responseText})},a.onerror=a.onabort=function(){return s(new Error(a.statusText||"XHR aborted: "+n))},Object.keys(o).forEach(function(d){a.setRequestHeader(d,o[d])}),a.send(r)})}});var se=y((Ee,ie)=>{var ee=X().Buffer,g=W(),Te=Z(),S="https://example.org/",R;typeof ee=="function"?R=ve:R=window.btoa.bind(window);ie.exports=_;var b={Accept:"application/json, application/x-www-form-urlencoded","Content-Type":"application/x-www-form-urlencoded"},we={invalid_request:["The request is missing a required parameter, includes an","invalid parameter value, includes a parameter more than","once, or is otherwise malformed."].join(" "),invalid_client:["Client authentication failed (e.g., unknown client, no","client authentication included, or unsupported","authentication method)."].join(" "),invalid_grant:["The provided authorization grant (e.g., authorization","code, resource owner credentials) or refresh token is","invalid, expired, revoked, does not match the redirection","URI used in the authorization request, or was issued to","another client."].join(" "),unauthorized_client:["The client is not authorized to request an authorization","code using this method."].join(" "),unsupported_grant_type:["The authorization grant type is not supported by the","authorization server."].join(" "),access_denied:["The resource owner or authorization server denied the request."].join(" "),unsupported_response_type:["The authorization server does not support obtaining","an authorization code using this method."].join(" "),invalid_scope:["The requested scope is invalid, unknown, or malformed."].join(" "),server_error:["The authorization server encountered an unexpected","condition that prevented it from fulfilling the request.","(This error code is needed because a 500 Internal Server","Error HTTP status code cannot be returned to the client","via an HTTP redirect.)"].join(" "),temporarily_unavailable:["The authorization server is currently unable to handle","the request due to a temporary overloading or maintenance","of the server."].join(" ")};function ve(e){return ee.from(e).toString("base64")}function C(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];if(e[n]==null)throw new TypeError('Expected "'+n+'" to exist')}}function q(e){var t=we[e.error]||e.error_description||e.error;if(t){var n=new Error(t);return n.body=e,n.code="EAUTH",n}}function ke(e){try{return JSON.parse(e)}catch{return g.parse(e)}}function I(e){return Array.isArray(e)?e.join(" "):B(e)}function te(e,t){C(e,"clientId","authorizationUri");let n={client_id:e.clientId,redirect_uri:e.redirectUri,response_type:t,state:e.state};e.scopes!==void 0&&(n.scope=I(e.scopes));let r=e.authorizationUri.includes("?")?"&":"?";return e.authorizationUri+r+g.stringify(Object.assign(n,e.query))}function O(e,t){return"Basic "+R(B(e)+":"+B(t))}function B(e){return e==null?"":String(e)}function A(e,t){return{url:e.url,method:e.method,body:Object.assign({},e.body,t.body),query:Object.assign({},e.query,t.query),headers:Object.assign({},e.headers,t.headers)}}function _(e,t){this.options=e,this.request=t||Te,this.code=new F(this),this.token=new H(this),this.owner=new re(this),this.credentials=new ne(this),this.jwt=new oe(this)}_.Token=P;_.prototype.createToken=function(e,t,n,r){var o=Object.assign({},r,typeof e=="string"?{access_token:e}:e,typeof t=="string"?{refresh_token:t}:t,typeof n=="string"?{token_type:n}:n);return new _.Token(this,o)};_.prototype._request=function(e){var t=e.url,n=g.stringify(e.body),r=g.stringify(e.query);return r&&(t+=(t.indexOf("?")===-1?"?":"&")+r),this.request(e.method,t,n,e.headers).then(function(o){var i=ke(o.body),s=q(i);if(s)return Promise.reject(s);if(o.status<200||o.status>=399){var a=new Error("HTTP status "+o.status);return a.status=o.status,a.body=o.body,a.code="ESTATUS",Promise.reject(a)}return i})};function P(e,t){this.client=e,this.data=t,this.tokenType=t.token_type&&t.token_type.toLowerCase(),this.accessToken=t.access_token,this.refreshToken=t.refresh_token,this.expiresIn(Number(t.expires_in))}P.prototype.expiresIn=function(e){if(typeof e=="number")this.expires=new Date,this.expires.setSeconds(this.expires.getSeconds()+e);else if(e instanceof Date)this.expires=new Date(e.getTime());else throw new TypeError("Unknown duration: "+e);return this.expires};P.prototype.sign=function(e){if(!this.accessToken)throw new Error("Unable to sign without access token");if(e.headers=e.headers||{},this.tokenType==="bearer")e.headers.Authorization="Bearer "+this.accessToken;else{var t=e.url.split("#"),n="access_token="+this.accessToken,r=t[0].replace(/[?&]access_token=[^&#]/,""),o=t[1]?"#"+t[1]:"";e.url=r+(r.indexOf("?")>-1?"&":"?")+n+o,e.headers.Pragma="no-store",e.headers["Cache-Control"]="no-store"}return e};P.prototype.refresh=function(e){var t=this,n=Object.assign({},this.client.options,e);return this.refreshToken?this.client._request(A({url:n.accessTokenUri,method:"POST",headers:Object.assign({},b,{Authorization:O(n.clientId,n.clientSecret)}),body:{refresh_token:this.refreshToken,grant_type:"refresh_token"}},n)).then(function(r){return t.client.createToken(Object.assign({},t.data,r))}):Promise.reject(new Error("No refresh token"))};P.prototype.expired=function(){return Date.now()>this.expires.getTime()};function re(e){this.client=e}re.prototype.getToken=function(e,t,n){var r=this,o=Object.assign({},this.client.options,n);let i={username:e,password:t,grant_type:"password"};return o.scopes!==void 0&&(i.scope=I(o.scopes)),this.client._request(A({url:o.accessTokenUri,method:"POST",headers:Object.assign({},b,{Authorization:O(o.clientId,o.clientSecret)}),body:i},o)).then(function(s){return r.client.createToken(s)})};function H(e){this.client=e}H.prototype.getUri=function(e){var t=Object.assign({},this.client.options,e);return te(t,"token")};H.prototype.getToken=function(e,t){var n=Object.assign({},this.client.options,t),r=typeof e=="object"?e:new URL(e,S),o=new URL(n.redirectUri,S);if(typeof r.pathname=="string"&&r.pathname!==o.pathname)return Promise.reject(new TypeError("Redirected path should match configured path, but got: "+r.pathname));if(!r.hash&&!r.search)return Promise.reject(new TypeError("Unable to process uri: "+e));var i=Object.assign({},typeof r.search=="string"?g.parse(r.search.substr(1)):r.search||{},typeof r.hash=="string"?g.parse(r.hash.substr(1)):r.hash||{}),s=q(i);return s?Promise.reject(s):n.state!=null&&i.state!==n.state?Promise.reject(new TypeError("Invalid state: "+i.state)):Promise.resolve(this.client.createToken(i))};function ne(e){this.client=e}ne.prototype.getToken=function(e){var t=this,n=Object.assign({},this.client.options,e);C(n,"clientId","clientSecret","accessTokenUri");let r={grant_type:"client_credentials"};return n.scopes!==void 0&&(r.scope=I(n.scopes)),this.client._request(A({url:n.accessTokenUri,method:"POST",headers:Object.assign({},b,{Authorization:O(n.clientId,n.clientSecret)}),body:r},n)).then(function(o){return t.client.createToken(o)})};function F(e){this.client=e}F.prototype.getUri=function(e){var t=Object.assign({},this.client.options,e);return te(t,"code")};F.prototype.getToken=function(e,t){var n=this,r=Object.assign({},this.client.options,t);C(r,"clientId","accessTokenUri");var o=typeof e=="object"?e:new URL(e,S);if(typeof r.redirectUri=="string"&&typeof o.pathname=="string"&&o.pathname!==new URL(r.redirectUri,S).pathname)return Promise.reject(new TypeError("Redirected path should match configured path, but got: "+o.pathname));if(!o.search||!o.search.substr(1))return Promise.reject(new TypeError("Unable to process uri: "+e));var i=typeof o.search=="string"?g.parse(o.search.substr(1)):o.search||{},s=q(i);if(s)return Promise.reject(s);if(r.state!=null&&i.state!==r.state)return Promise.reject(new TypeError("Invalid state: "+i.state));if(!i.code)return Promise.reject(new TypeError("Missing code, unable to request token"));var a=Object.assign({},b),d={code:i.code,grant_type:"authorization_code",redirect_uri:r.redirectUri};return r.clientSecret?a.Authorization=O(r.clientId,r.clientSecret):d.client_id=r.clientId,this.client._request(A({url:r.accessTokenUri,method:"POST",headers:a,body:d},r)).then(function(p){return n.client.createToken(p)})};function oe(e){this.client=e}oe.prototype.getToken=function(e,t){var n=this,r=Object.assign({},this.client.options,t),o=Object.assign({},b);C(r,"accessTokenUri"),r.clientId&&(o.Authorization=O(r.clientId,r.clientSecret));let i={grant_type:"urn:ietf:params:oauth:grant-type:jwt-bearer",assertion:e};return r.scopes!==void 0&&(i.scope=I(r.scopes)),this.client._request(A({url:r.accessTokenUri,method:"POST",headers:o,body:i},r)).then(function(s){return n.client.createToken(s)})}});var _e={};fe(_e,{createOAuth2Api:()=>ye,createOAuth2BrowserPersistence:()=>Oe,createOAuth2MemoryPersistence:()=>L,createOAuth2SessionPersistence:()=>be,setupOAuth2Client:()=>Ae});function ye(e){return t=>(t.on("before-fetch",e.extendHeaders),{getAccessToken(){return e.token()}})}var ae=ge(se());function L(){return{load(){},save(){}}}function be(e="$piral_oauth2_info"){return{load(){let t=sessionStorage.getItem(e);if(typeof t=="string")try{return JSON.parse(t)}catch{console.error("Found invalid data in the OAuth 2 session storage key. Skipped.")}},save(t){sessionStorage.setItem(e,JSON.stringify(t))}}}function Oe(e="$piral_oauth2_info"){return{load(){let t=localStorage.getItem(e);if(typeof t=="string")try{return JSON.parse(t)}catch{console.error("Found invalid data in the OAuth 2 local storage key. Skipped.")}},save(t){localStorage.setItem(e,JSON.stringify(t))}}}var N="oauth2Cb";function Ae(e){let{clientId:t,clientSecret:n,authorizationUri:r,accessTokenUri:o,redirectUri:i=`${location.origin}/auth`,scopes:s=[],flow:a,headers:d,query:p,state:m,restrict:T=!1,returnPath:w="/",persist:l=L()}=e,h=new ae.default({clientId:t,clientSecret:n,redirectUri:i,authorizationUri:r,accessTokenUri:o,scopes:s,headers:d,query:p,state:m}),f,U,z,D=c=>{l.save({accessToken:c.accessToken,data:c.data,refreshToken:c.refreshToken}),f=c},J=(c,u)=>c.then(()=>f?f.expired()?u().then(j=>(D(j),f.accessToken)):f.accessToken:Promise.reject("Not logged in. Please call `login()` to retrieve a token.")),M=c=>{let u=l.load();return u?(f=h.createToken(u.accessToken,u.refreshToken,u.data),Promise.resolve()):c().then(j=>{let E=window.opener;D(j),E&&typeof E[N]=="function"&&(E[N](j),window.close())},()=>{})};if(a==="code"){let c=M(()=>{let u=location.href;return history.replaceState(void 0,void 0,w),h.code.getToken(u)});U=()=>J(c,()=>f.refresh()),z=()=>h.code.getUri()}else{let c=M(()=>h.token.getToken(location.href));U=()=>J(c,()=>new Promise(u=>{window[N]=u,window.open(h.token.getUri())})),z=()=>h.token.getUri()}return{_:h,login(){window.location.href=z()},logout(){f=void 0},extendHeaders(c){T||c.setHeaders(U().then(u=>u&&{Authorization:`Bearer ${u}`},()=>{}))},account(){return!!f},token:U}}return _e;})();
1
+ var piralOAuth2=(()=>{var I=Object.defineProperty;var Q=t=>I(t,"__esModule",{value:!0});var G=(t,e)=>{Q(t);for(var r in e)I(t,r,{get:e[r],enumerable:!0})};var te={};G(te,{createOAuth2Api:()=>V,createOAuth2BrowserPersistence:()=>K,createOAuth2MemoryPersistence:()=>x,createOAuth2SessionPersistence:()=>Z,setupOAuth2Client:()=>ee});function V(t){return e=>(e.on("before-fetch",t.extendHeaders),{getAccessToken(){return t.token()}})}var k=location.origin;function W(t,e,r,i){return fetch(e,{body:r,method:t,headers:i}).then(n=>n.text().then(s=>({status:n.status,body:s})))}var g={Accept:"application/json, application/x-www-form-urlencoded","Content-Type":"application/x-www-form-urlencoded"},X={invalid_request:["The request is missing a required parameter, includes an","invalid parameter value, includes a parameter more than","once, or is otherwise malformed."].join(" "),invalid_client:["Client authentication failed (e.g., unknown client, no","client authentication included, or unsupported","authentication method)."].join(" "),invalid_grant:["The provided authorization grant (e.g., authorization","code, resource owner credentials) or refresh token is","invalid, expired, revoked, does not match the redirection","URI used in the authorization request, or was issued to","another client."].join(" "),unauthorized_client:["The client is not authorized to request an authorization","code using this method."].join(" "),unsupported_grant_type:["The authorization grant type is not supported by the","authorization server."].join(" "),access_denied:["The resource owner or authorization server denied the request."].join(" "),unsupported_response_type:["The authorization server does not support obtaining","an authorization code using this method."].join(" "),invalid_scope:["The requested scope is invalid, unknown, or malformed."].join(" "),server_error:["The authorization server encountered an unexpected","condition that prevented it from fulfilling the request.","(This error code is needed because a 500 Internal Server","Error HTTP status code cannot be returned to the client","via an HTTP redirect.)"].join(" "),temporarily_unavailable:["The authorization server is currently unable to handle","the request due to a temporary overloading or maintenance","of the server."].join(" ")};function w(t,...e){for(let i=0;i<e.length;i++){var r=e[i];if(t[r]==null)throw new TypeError('Expected "'+r+'" to exist')}}function P(t){var e=X[t.error]||t.error_description||t.error;if(e){let r=new Error(e);return r.body=t,r.code="EAUTH",r}}function O(t){let e=new URLSearchParams(t);return Object.fromEntries(e.entries())}function j(t){return new URLSearchParams(t).toString()}function Y(t){try{return JSON.parse(t)}catch{return O(t)}}function v(t){return Array.isArray(t)?t.join(" "):U(t)}function L(t,e){w(t,"clientId","authorizationUri");let r={client_id:t.clientId,redirect_uri:t.redirectUri,response_type:e,state:t.state};t.scopes!==void 0&&(r.scope=v(t.scopes));let i=t.authorizationUri.includes("?")?"&":"?";return t.authorizationUri+i+j(Object.assign(r,t.query))}function p(t,e){return"Basic "+btoa(U(t)+":"+U(e))}function U(t){return t==null?"":String(t)}function f(t,e){return{url:t.url,method:t.method,body:Object.assign({},t.body,e.body),query:Object.assign({},t.query,e.query),headers:Object.assign({},t.headers,e.headers)}}var S=class{constructor(e,r=W){this.options=e;this.request=r;this.code=new B(this),this.token=new F(this),this.owner=new D(this),this.credentials=new H(this),this.jwt=new J(this)}createToken(e,r,i,n){var s=Object.assign({},n,typeof e=="string"?{access_token:e}:e,typeof r=="string"?{refresh_token:r}:r,typeof i=="string"?{token_type:i}:i);return new N(this,s)}_request(e){let r=e.url,i=j(e.body),n=j(e.query);return n&&(r+=(r.indexOf("?")===-1?"?":"&")+n),this.request(e.method,r,i,e.headers).then(s=>{let o=Y(s.body),a=P(o);if(a)return Promise.reject(a);if(s.status<200||s.status>=399){let d=new Error("HTTP status "+s.status);return d.status=s.status,d.body=s.body,d.code="ESTATUS",Promise.reject(d)}return o})}},N=class{constructor(e,r){this.client=e,this.data=r,this.tokenType=r.token_type&&r.token_type.toLowerCase(),this.accessToken=r.access_token,this.refreshToken=r.refresh_token,this.expiresIn(Number(r.expires_in))}expiresIn(e){if(typeof e=="number")this.expires=new Date,this.expires.setSeconds(this.expires.getSeconds()+e);else if(e instanceof Date)this.expires=new Date(e.getTime());else throw new TypeError("Unknown duration: "+e);return this.expires}sign(e){if(!this.accessToken)throw new Error("Unable to sign without access token");if(e.headers=e.headers||{},this.tokenType==="bearer")e.headers.Authorization="Bearer "+this.accessToken;else{var r=e.url.split("#"),i="access_token="+this.accessToken,n=r[0].replace(/[?&]access_token=[^&#]/,""),s=r[1]?"#"+r[1]:"";e.url=n+(n.indexOf("?")>-1?"&":"?")+i+s,e.headers.Pragma="no-store",e.headers["Cache-Control"]="no-store"}return e}refresh(e){var r=this,i=Object.assign({},this.client.options,e);return this.refreshToken?this.client._request(f({url:i.accessTokenUri,method:"POST",headers:Object.assign({},g,{Authorization:p(i.clientId,i.clientSecret)}),body:{refresh_token:this.refreshToken,grant_type:"refresh_token"}},i)).then(n=>r.client.createToken(void 0,void 0,void 0,Object.assign({},r.data,n))):Promise.reject(new Error("No refresh token"))}expired(){return Date.now()>this.expires.getTime()}},D=class{constructor(e){this.client=e}getToken(e,r,i){var n=this,s=Object.assign({},this.client.options,i);let o={username:e,password:r,grant_type:"password"};return s.scopes!==void 0&&(o.scope=v(s.scopes)),this.client._request(f({url:s.accessTokenUri,method:"POST",headers:Object.assign({},g,{Authorization:p(s.clientId,s.clientSecret)}),body:o},s)).then(a=>n.client.createToken(void 0,void 0,void 0,a))}},F=class{constructor(e){this.client=e}getUri(e){var r=Object.assign({},this.client.options,e);return L(r,"token")}getToken(e,r){var i=Object.assign({},this.client.options,r),n=typeof e=="object"?e:new URL(e,k),s=new URL(i.redirectUri,k);if(typeof n.pathname=="string"&&n.pathname!==s.pathname)return Promise.reject(new TypeError("Redirected path should match configured path, but got: "+n.pathname));if(!n.hash&&!n.search)return Promise.reject(new TypeError("Unable to process uri: "+e));var o=Object.assign({},typeof n.search=="string"?O(n.search.substr(1)):n.search||{},typeof n.hash=="string"?O(n.hash.substr(1)):n.hash||{}),a=P(o);return a?Promise.reject(a):i.state!=null&&o.state!==i.state?Promise.reject(new TypeError("Invalid state: "+o.state)):Promise.resolve(this.client.createToken(void 0,void 0,void 0,o))}},H=class{constructor(e){this.client=e}getToken(e){var r=this,i=Object.assign({},this.client.options,e);w(i,"clientId","clientSecret","accessTokenUri");let n={grant_type:"client_credentials"};return i.scopes!==void 0&&(n.scope=v(i.scopes)),this.client._request(f({url:i.accessTokenUri,method:"POST",headers:Object.assign({},g,{Authorization:p(i.clientId,i.clientSecret)}),body:n},i)).then(s=>r.client.createToken(void 0,void 0,void 0,s))}},B=class{constructor(e){this.client=e}getUri(e){var r=Object.assign({},this.client.options,e);return L(r,"code")}getToken(e,r){var i=this,n=Object.assign({},this.client.options,r);w(n,"clientId","accessTokenUri");var s=typeof e=="object"?e:new URL(e,k);if(typeof n.redirectUri=="string"&&typeof s.pathname=="string"&&s.pathname!==new URL(n.redirectUri,k).pathname)return Promise.reject(new TypeError("Redirected path should match configured path, but got: "+s.pathname));if(!s.search||!s.search.substr(1))return Promise.reject(new TypeError("Unable to process uri: "+e));var o=typeof s.search=="string"?O(s.search.substr(1)):s.search||{},a=P(o);if(a)return Promise.reject(a);if(n.state!=null&&o.state!==n.state)return Promise.reject(new TypeError("Invalid state: "+o.state));if(!o.code)return Promise.reject(new TypeError("Missing code, unable to request token"));let d=Object.assign({},g),y={code:o.code,grant_type:"authorization_code",redirect_uri:n.redirectUri};return n.clientSecret?d.Authorization=p(n.clientId,n.clientSecret):y.client_id=n.clientId,this.client._request(f({url:n.accessTokenUri,method:"POST",headers:d,body:y},n)).then(b=>i.client.createToken(void 0,void 0,void 0,b))}},J=class{constructor(e){this.client=e}getToken(e,r){let i=this,n=Object.assign({},this.client.options,r),s=Object.assign({},g);w(n,"accessTokenUri"),n.clientId&&(s.Authorization=p(n.clientId,n.clientSecret));let o={grant_type:"urn:ietf:params:oauth:grant-type:jwt-bearer",assertion:e};return n.scopes!==void 0&&(o.scope=v(n.scopes)),this.client._request(f({url:n.accessTokenUri,method:"POST",headers:s,body:o},n)).then(a=>i.client.createToken(void 0,void 0,void 0,a))}};function x(){return{load(){},save(){}}}function Z(t="$piral_oauth2_info"){return{load(){let e=sessionStorage.getItem(t);if(typeof e=="string")try{return JSON.parse(e)}catch{console.error("Found invalid data in the OAuth 2 session storage key. Skipped.")}},save(e){sessionStorage.setItem(t,JSON.stringify(e))}}}function K(t="$piral_oauth2_info"){return{load(){let e=localStorage.getItem(t);if(typeof e=="string")try{return JSON.parse(e)}catch{console.error("Found invalid data in the OAuth 2 local storage key. Skipped.")}},save(e){localStorage.setItem(t,JSON.stringify(e))}}}var C="oauth2Cb";function ee(t){let{clientId:e,clientSecret:r,authorizationUri:i,accessTokenUri:n,redirectUri:s=`${location.origin}/auth`,scopes:o=[],flow:a,headers:d,query:y,state:b,restrict:$=!1,returnPath:M="/",persist:R=x()}=t,l=new S({clientId:e,clientSecret:r,redirectUri:s,authorizationUri:i,accessTokenUri:n,scopes:o,headers:d,query:y,state:b}),h,m,A,E=c=>{R.save({accessToken:c.accessToken,data:c.data,refreshToken:c.refreshToken}),h=c},z=(c,u)=>c.then(()=>h?h.expired()?u().then(T=>(E(T),h.accessToken)):h.accessToken:Promise.reject("Not logged in. Please call `login()` to retrieve a token.")),q=c=>{let u=R.load();return u?(h=l.createToken(u.accessToken,u.refreshToken,void 0,u.data),Promise.resolve()):c().then(T=>{let _=window.opener;E(T),_&&typeof _[C]=="function"&&(_[C](T),window.close())},()=>{})};if(a==="code"){let c=q(()=>{let u=location.href;return history.replaceState(void 0,void 0,M),l.code.getToken(u)});m=()=>z(c,()=>h.refresh()),A=()=>l.code.getUri()}else{let c=q(()=>l.token.getToken(location.href));m=()=>z(c,()=>new Promise(u=>{window[C]=u,window.open(l.token.getUri())})),A=()=>l.token.getUri()}return{_:l,login(){window.location.href=A()},logout(){h=void 0},extendHeaders(c){$||c.setHeaders(m().then(u=>u&&{Authorization:`Bearer ${u}`},()=>{}))},account(){return!!h},token:m}}return te;})();