postex-auth-sdk-stage 1.0.3 → 1.0.4

package/dist/postex-auth-sdk-stage.es.js

@@ -1,8 +1,8 @@
-function q() {
+function O() {
   return typeof window < "u" && typeof window.PublicKeyCredential < "u" && typeof navigator < "u" && typeof navigator.credentials < "u";
 }
-async function W() {
-  if (!q()) return !1;
+async function j() {
+  if (!O()) return !1;
   try {
     return await PublicKeyCredential.isConditionalMediationAvailable?.() ?? !1;
   } catch {
@@ -16,14 +16,14 @@ function h(o) {
     t += String.fromCharCode(n[e]);
   return btoa(t);
 }
-function k(o) {
+function f(o) {
   if (typeof o != "string" || !o)
     throw new Error("Invalid base64: expected non-empty string");
   const n = o.replace(/\s/g, "").replace(/-/g, "+").replace(/_/g, "/"), t = n.length % 4, e = t > 0 ? n + "=".repeat(4 - t) : n;
   try {
-    const a = atob(e), r = new Uint8Array(a.length);
-    for (let s = 0; s < a.length; s++)
-      r[s] = a.charCodeAt(s);
+    const s = atob(e), r = new Uint8Array(s.length);
+    for (let a = 0; a < s.length; a++)
+      r[a] = s.charCodeAt(a);
     return r.buffer;
   } catch {
     throw new Error(
@@ -31,35 +31,35 @@ function k(o) {
     );
   }
 }
-function w(o) {
+function k(o) {
   return h(o).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
 }
-function R(o) {
+function J(o) {
   return /^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$/i.test(
     o
   );
 }
-function C(o) {
+function L(o) {
   const n = o.replace(/-/g, ""), t = new Uint8Array(n.length / 2);
   for (let e = 0; e < t.length; e++)
     t[e] = parseInt(n.substr(e * 2, 2), 16);
   return t.buffer;
 }
-function Y(o) {
+function W(o) {
   if (!o || typeof o != "string")
     throw new Error("Invalid input: expected non-empty string");
-  return R(o) ? C(o) : k(o);
+  return J(o) ? L(o) : f(o);
 }
-function x(o) {
+function S(o) {
   return new TextEncoder().encode(o).buffer;
 }
-function F(o) {
+function H(o) {
   return String.fromCharCode(...o);
 }
-const B = "xpay_webauthn", $ = 1, d = "passkey_data", S = "passkey_email";
+const Y = "xpay_webauthn", F = 1, d = "passkey_data", E = "passkey_email";
 function p() {
   return new Promise((o, n) => {
-    const t = indexedDB.open(B, $);
+    const t = indexedDB.open(Y, F);
     t.onerror = () => n(t.error), t.onsuccess = () => o(t.result), t.onupgradeneeded = () => {
       const e = t.result;
       e.objectStoreNames.contains(d) || e.createObjectStore(d);
@@ -70,7 +70,7 @@ async function G() {
   try {
     const o = await p();
     return new Promise((n, t) => {
-      const e = o.transaction(d, "readonly"), r = e.objectStore(d).get(S);
+      const e = o.transaction(d, "readonly"), r = e.objectStore(d).get(E);
       r.onerror = () => t(r.error), r.onsuccess = () => n(r.result ?? null), e.oncomplete = () => o.close();
     });
   } catch {
@@ -81,8 +81,8 @@ async function M(o) {
   try {
     const n = await p();
     return new Promise((t, e) => {
-      const a = n.transaction(d, "readwrite"), s = a.objectStore(d).put(o, S);
-      s.onerror = () => e(s.error), s.onsuccess = () => t(), a.oncomplete = () => n.close();
+      const s = n.transaction(d, "readwrite"), a = s.objectStore(d).put(o, E);
+      a.onerror = () => e(a.error), a.onsuccess = () => t(), s.oncomplete = () => n.close();
     });
   } catch {
   }
@@ -91,14 +91,14 @@ async function V() {
   try {
     const o = await p();
     return new Promise((n, t) => {
-      const e = o.transaction(d, "readwrite"), r = e.objectStore(d).delete(S);
+      const e = o.transaction(d, "readwrite"), r = e.objectStore(d).delete(E);
       r.onerror = () => t(r.error), r.onsuccess = () => n(), e.oncomplete = () => o.close();
     });
   } catch {
   }
 }
-const E = "dpop_private_key", I = "dpop_public_key_jwk";
-function U(o) {
+const I = "dpop_private_key", x = "dpop_public_key_jwk";
+function v(o) {
   return {
     kty: "EC",
     crv: "P-256",
@@ -106,7 +106,7 @@ function U(o) {
     y: o.y
   };
 }
-async function N(o) {
+async function q(o) {
   const n = JSON.stringify({
     crv: o.crv,
     kty: o.kty,
@@ -116,65 +116,65 @@ async function N(o) {
     "SHA-256",
     new TextEncoder().encode(n)
   );
-  return w(t);
+  return k(t);
 }
-async function D(o) {
+async function R(o) {
   try {
     const n = await p();
     return new Promise((t, e) => {
-      const a = n.transaction(d, "readwrite"), s = a.objectStore(d).put(o, E);
-      s.onerror = () => e(s.error), s.onsuccess = () => t(), a.oncomplete = () => n.close();
+      const s = n.transaction(d, "readwrite"), a = s.objectStore(d).put(o, I);
+      a.onerror = () => e(a.error), a.onsuccess = () => t(), s.oncomplete = () => n.close();
     });
   } catch (n) {
     console.error("Failed to store DPoP private key:", n);
   }
 }
-async function J(o) {
+async function z(o) {
   try {
     const n = await p();
     return new Promise((t, e) => {
-      const a = n.transaction(d, "readwrite"), s = a.objectStore(d).put(o, I);
-      s.onerror = () => e(s.error), s.onsuccess = () => t(), a.oncomplete = () => n.close();
+      const s = n.transaction(d, "readwrite"), a = s.objectStore(d).put(o, x);
+      a.onerror = () => e(a.error), a.onsuccess = () => t(), s.oncomplete = () => n.close();
     });
   } catch (n) {
     console.error("Failed to store DPoP public key JWK:", n);
   }
 }
-async function v() {
+async function A() {
   try {
     const o = await p();
     return new Promise((n, t) => {
-      const e = o.transaction(d, "readonly"), r = e.objectStore(d).get(E);
+      const e = o.transaction(d, "readonly"), r = e.objectStore(d).get(I);
       r.onerror = () => t(r.error), r.onsuccess = () => n(r.result ?? null), e.oncomplete = () => o.close();
     });
   } catch {
     return null;
   }
 }
-async function j() {
+async function C() {
   try {
     const o = await p();
     return new Promise((n, t) => {
-      const e = o.transaction(d, "readonly"), r = e.objectStore(d).get(I);
+      const e = o.transaction(d, "readonly"), r = e.objectStore(d).get(x);
       r.onerror = () => t(r.error), r.onsuccess = () => n(r.result ?? null), e.oncomplete = () => o.close();
     });
   } catch {
     return null;
   }
 }
-async function L() {
+async function $() {
   try {
     const o = await p();
     return new Promise((n, t) => {
-      const e = o.transaction(d, "readwrite"), a = e.objectStore(d);
-      a.delete(E), a.delete(I), e.onerror = () => t(e.error), e.oncomplete = () => {
+      const e = o.transaction(d, "readwrite"), s = e.objectStore(d);
+      s.delete(I), s.delete(x), e.onerror = () => t(e.error), e.oncomplete = () => {
         o.close(), n();
       };
     });
   } catch {
   }
 }
-async function _() {
+async function P() {
   const o = await crypto.subtle.generateKey(
     {
       name: "ECDSA",
@@ -183,81 +183,106 @@ async function _() {
     !1,
     // Private key is non-extractable
     ["sign", "verify"]
-  ), n = await crypto.subtle.exportKey("jwk", o.publicKey), t = U(n), e = await N(t);
-  return await D(o.privateKey), await J(t), { publicKey: t, thumbprint: e };
+  ), n = await crypto.subtle.exportKey("jwk", o.publicKey), t = v(n), e = await q(t);
+  return await R(o.privateKey), await z(t), { publicKey: t, thumbprint: e };
 }
-async function b(o, n, t) {
+async function g(o, n, t) {
   try {
-    const e = await v(), a = await j();
-    if (!e || !a) return null;
+    const e = await A(), s = await C();
+    if (!e || !s) return null;
     const r = {
       typ: "dpop+jwt",
       alg: "ES256",
-      jwk: a
+      jwk: s
       // Public key in JWK format
-    }, s = new URL(
+    }, a = new URL(
       n,
       typeof window < "u" ? window.location.origin : void 0
-    ), i = `${s.origin}${s.pathname}`, u = {
+    ), i = `${a.origin}${a.pathname}`, u = {
       jti: crypto.randomUUID(),
       htm: o.toUpperCase(),
       htu: i,
       iat: Math.floor(Date.now() / 1e3)
     };
     if (t) {
-      const P = new TextEncoder().encode(t), O = await crypto.subtle.digest("SHA-256", P);
-      u.ath = w(O);
+      const _ = new TextEncoder().encode(t), N = await crypto.subtle.digest("SHA-256", _);
+      u.ath = k(N);
     }
-    const y = w(
+    const y = k(
       new TextEncoder().encode(JSON.stringify(r)).buffer
-    ), c = w(
+    ), c = k(
       new TextEncoder().encode(JSON.stringify(u)).buffer
-    ), l = `${y}.${c}`, g = await crypto.subtle.sign(
+    ), l = `${y}.${c}`, T = await crypto.subtle.sign(
       {
         name: "ECDSA",
         hash: { name: "SHA-256" }
       },
       e,
       new TextEncoder().encode(l)
-    ), T = w(g);
-    return `${y}.${c}.${T}`;
+    ), b = k(T);
+    return `${y}.${c}.${b}`;
   } catch (e) {
     return console.error("Failed to generate DPoP proof:", e), null;
   }
 }
-async function z() {
-  return await v() !== null;
+async function X() {
+  return await A() !== null;
 }
-const X = D, m = "postex-auth-token", f = "https://auth-stage.postexglobal.com/public/v1";
-class H extends Error {
+const Q = R, B = {
+  isWebAuthnSupported: O,
+  isConditionalUISupported: j,
+  arrayBufferToBase64: h,
+  base64ToArrayBuffer: f,
+  arrayBufferToBase64url: k,
+  base64urlToArrayBuffer: W,
+  stringToArrayBuffer: S,
+  uint8ArrayToString: H,
+  getPasskeyEmail: G,
+  setPasskeyEmail: M,
+  clearPasskeyEmail: V,
+  toMinimalJWK: v,
+  calculateThumbprint: q,
+  getDPoPKey: A,
+  getDPoPPublicKeyJWK: C,
+  clearDPoPKey: $,
+  generateDPoPKeyPair: P,
+  generateDPoPProof: g,
+  isDPoPEnabled: X,
+  storeDPoPKey: Q
+};
+typeof window < "u" && (window.WebAuthn = B);
+const Z = typeof window < "u" ? window : globalThis;
+Z.WebAuthn = B;
+const m = "postex-auth-token", w = "https://auth-stage.postexglobal.com/public/v1";
+class ee extends Error {
   constructor(n, t, e) {
     super(e ?? `Request failed with status ${n}`), this.response = { status: n, data: t }, this.name = "AuthSDKFetchError";
   }
 }
-const A = "auth_sdk_id_token", K = "auth_sdk_refresh_token";
-class Q {
+const K = "auth_sdk_id_token", D = "auth_sdk_refresh_token";
+class U {
   constructor(n) {
     this.config = n;
   }
   buildUrl(n, t) {
-    const e = f.replace(/\/$/, ""), a = n.startsWith("/") ? n : `/${n}`, r = `${e}${a}`;
+    const e = w.replace(/\/$/, ""), s = n.startsWith("/") ? n : `/${n}`, r = `${e}${s}`;
     if (!t || Object.keys(t).length === 0) return r;
-    const s = new URLSearchParams(t).toString();
-    return `${r}?${s}`;
+    const a = new URLSearchParams(t).toString();
+    return `${r}?${a}`;
   }
   async request(n, t, e) {
-    const a = this.buildUrl(t, e?.params), r = {
+    const s = this.buildUrl(t, e?.params), r = {
       "Content-Type": "application/json",
       Accept: "application/json",
       "X-API-Key": this.config.apiKey ?? "",
       ...e?.headers
-    }, s = {
+    }, a = {
       method: n,
       credentials: "include",
       headers: r
     };
-    e?.body !== void 0 && e?.body !== null && (s.body = JSON.stringify(e.body));
-    const i = await fetch(a, s);
+    e?.body !== void 0 && e?.body !== null && (a.body = JSON.stringify(e.body));
+    const i = await fetch(s, a);
     if (!i.ok) {
       let c;
       try {
@@ -266,7 +291,7 @@ class Q {
       } catch {
         c = void 0;
       }
-      throw i.status === 401 && await this.clearTokens(), new H(i.status, c);
+      throw i.status === 401 && await this.clearTokens(), new ee(i.status, c);
     }
     const u = await i.text();
     return { data: u ? JSON.parse(u) : {} };
@@ -280,14 +305,14 @@ class Q {
   async getRequestAuthHeaders(n, t) {
     const e = localStorage.getItem(m);
     if (!e) return {};
-    const a = t.startsWith("http") ? t : `${f}${t}`, r = await b(
+    const s = t.startsWith("http") ? t : `${w}${t}`, r = await g(
       n.toUpperCase(),
-      a,
+      s,
       e
-    ), s = {
+    ), a = {
       Authorization: `Bearer ${e}`
     };
-    return r && (s.DPoP = r), s;
+    return r && (a.DPoP = r), a;
   }
   /**
    * GET /auth/status - Check if client has trusted device session and what auth method is available.
@@ -319,22 +344,22 @@ class Q {
    * Stores tokens from the response.
    */
   async verifyOTP(n) {
-    await _();
-    const t = await b(
+    await P();
+    const t = await g(
       "POST",
-      `${f}/otp/verify`
+      `${w}/otp/verify`
     ), e = await this.request("POST", "/otp/verify", {
       body: { otp: n },
       headers: t ? { DPoP: t } : {}
-    }), a = e.data.data ?? e.data, r = a.AuthenticationResult ?? a, s = r.access_token ?? r.accessToken ?? r.AccessToken, i = r.refresh_token ?? r.refreshToken ?? r.RefreshToken, u = r.id_token ?? r.idToken ?? r.IdToken, y = r.expires_in ?? r.expiresIn ?? r.ExpiresIn ?? 3600, c = r.token_type ?? r.tokenType ?? r.TokenType ?? "Bearer";
-    return s && await this.storeTokens({
-      accessToken: s,
+    }), s = e.data.data ?? e.data, r = s.AuthenticationResult ?? s, a = r.access_token ?? r.accessToken ?? r.AccessToken, i = r.refresh_token ?? r.refreshToken ?? r.RefreshToken, u = r.id_token ?? r.idToken ?? r.IdToken, y = r.expires_in ?? r.expiresIn ?? r.ExpiresIn ?? 3600, c = r.token_type ?? r.tokenType ?? r.TokenType ?? "Bearer";
+    return a && await this.storeTokens({
+      accessToken: a,
       refreshToken: i ?? "",
       idToken: u ?? "",
       expiresIn: y ?? 3600,
       tokenType: c ?? "Bearer"
     }), {
-      access_token: s,
+      access_token: a,
       refresh_token: i ?? "",
       id_token: u ?? "",
       expires_in: y,
@@ -365,17 +390,17 @@ class Q {
       {
         body: {}
       }
-    ), t = n.data.data ?? n.data, e = t.AuthenticationResult ?? t, a = e.access_token ?? e.accessToken ?? e.AccessToken, r = e.refresh_token ?? e.refreshToken ?? e.RefreshToken, s = e.id_token ?? e.idToken ?? e.IdToken, i = e.expires_in ?? e.expiresIn ?? e.ExpiresIn ?? 3600, u = e.token_type ?? e.tokenType ?? e.TokenType ?? "Bearer";
-    return a && await this.storeTokens({
-      accessToken: a,
+    ), t = n.data.data ?? n.data, e = t.AuthenticationResult ?? t, s = e.access_token ?? e.accessToken ?? e.AccessToken, r = e.refresh_token ?? e.refreshToken ?? e.RefreshToken, a = e.id_token ?? e.idToken ?? e.IdToken, i = e.expires_in ?? e.expiresIn ?? e.ExpiresIn ?? 3600, u = e.token_type ?? e.tokenType ?? e.TokenType ?? "Bearer";
+    return s && await this.storeTokens({
+      accessToken: s,
       refreshToken: r ?? "",
-      idToken: s ?? "",
+      idToken: a ?? "",
       expiresIn: i ?? 3600,
       tokenType: u ?? "Bearer"
     }), {
-      access_token: a,
+      access_token: s,
       refresh_token: r ?? "",
-      id_token: s ?? "",
+      id_token: a ?? "",
       expires_in: i,
       token_type: u,
       verified: e.verified ?? e.Verified ?? !0,
@@ -398,13 +423,13 @@ class Q {
     let e;
     if (t?.user?.id)
       try {
-        e = k(t.user.id);
+        e = f(t.user.id);
       } catch {
-        e = x(t.user.id);
+        e = S(t.user.id);
       }
     else
-      e = x(n);
-    const a = (t.pubKeyCredParams ?? [
+      e = S(n);
+    const s = (t.pubKeyCredParams ?? [
       { type: "public-key", alg: -7 },
       { type: "public-key", alg: -257 }
     ]).map((l) => ({
@@ -413,11 +438,11 @@ class Q {
     }));
     t.excludeCredentials?.map((l) => ({
       type: "public-key",
-      id: k(l.id),
+      id: f(l.id),
       transports: l.transports
     }));
     const r = {
-      challenge: k(t.challenge),
+      challenge: f(t.challenge),
       rp: {
         name: t.rp?.name ?? "XPay",
         id: t.rp?.id ?? window.location.hostname
@@ -427,27 +452,27 @@ class Q {
         name: t.user?.name ?? n,
         displayName: t.user?.displayName ?? n
       },
-      pubKeyCredParams: a,
+      pubKeyCredParams: s,
       timeout: t.timeout ?? 6e4,
       attestation: t.attestation ?? "none",
       authenticatorSelection: t.authenticatorSelection ?? {
         residentKey: "required",
         userVerification: "required"
       }
-    }, s = await navigator.credentials.create({
+    }, a = await navigator.credentials.create({
       publicKey: r
     });
-    if (!s) throw new Error("Credential creation failed");
-    const i = s.response, u = {
+    if (!a) throw new Error("Credential creation failed");
+    const i = a.response, u = {
       clientDataJSON: h(i.clientDataJSON),
       attestationObject: h(i.attestationObject),
-      rawId: h(s.rawId)
+      rawId: h(a.rawId)
     };
     if (!u.rawId) throw new Error("Raw ID is required");
-    await _();
-    const y = await b(
+    await P();
+    const y = await g(
       "POST",
-      `${f}/webauthn/register/challenge`
+      `${w}/webauthn/register/challenge`
     ), c = await this.request(
       "POST",
       "/webauthn/register/challenge",
@@ -466,13 +491,13 @@ class Q {
     rp: t,
     credentialIds: e
   }) {
-    const a = await navigator.credentials.get({
+    const s = await navigator.credentials.get({
       publicKey: {
-        challenge: k(n),
+        challenge: f(n),
         rpId: t?.host ?? void 0,
-        allowCredentials: e.map((P) => ({
+        allowCredentials: e.map((_) => ({
           type: "public-key",
-          id: k(P)
+          id: f(_)
           // Hint browser about possible transports for faster authenticator discovery
           // transports: ["internal", "hybrid"] as AuthenticatorTransport[],
         })),
@@ -480,38 +505,38 @@ class Q {
         userVerification: "required"
       }
     });
-    if (!a) throw new Error("Authentication failed");
-    const r = a.response, s = {
+    if (!s) throw new Error("Authentication failed");
+    const r = s.response, a = {
       clientDataJSON: h(r.clientDataJSON),
       authenticatorData: h(
         r.authenticatorData
       ),
       signature: h(r.signature),
-      rawId: h(a.rawId),
+      rawId: h(s.rawId),
       userHandle: r.userHandle ? h(r.userHandle) : ""
     };
-    await _();
-    const i = await b(
+    await P();
+    const i = await g(
       "POST",
-      `${f}/webauthn/authenticate/challenge`
+      `${w}/webauthn/authenticate/challenge`
     ), u = await this.request(
       "POST",
       "/webauthn/authenticate/challenge",
       {
-        body: s,
+        body: a,
         headers: i ? { DPoP: i } : {}
       }
-    ), y = u.data.data ?? u.data, c = y.AuthenticationResult ?? y, l = c.AccessToken ?? c.accessToken ?? c.access_token, g = c.RefreshToken ?? c.refreshToken ?? c.refresh_token, T = c.IdToken ?? c.idToken ?? c.id_token;
+    ), y = u.data.data ?? u.data, c = y.AuthenticationResult ?? y, l = c.AccessToken ?? c.accessToken ?? c.access_token, T = c.RefreshToken ?? c.refreshToken ?? c.refresh_token, b = c.IdToken ?? c.idToken ?? c.id_token;
     return l && await this.storeTokens({
       accessToken: l,
-      refreshToken: g ?? "",
-      idToken: T ?? "",
+      refreshToken: T ?? "",
+      idToken: b ?? "",
       expiresIn: c.expiresIn ?? c.ExpiresIn ?? 3600,
       tokenType: c.tokenType ?? c.token_type ?? "Bearer"
     }), {
       access_token: l,
-      refresh_token: g ?? "",
-      id_token: T,
+      refresh_token: T ?? "",
+      id_token: b,
       email: c.email,
       name: c.name ?? c.userName,
       expiresIn: c.expiresIn ?? c.ExpiresIn,
@@ -523,35 +548,35 @@ class Q {
    * GET /webauthn/credentials/:username - Get user's passkey status.
    */
   async getPasskeyStatus(n) {
-    const e = `/webauthn/credentials/${encodeURIComponent(n)}`, a = await this.signRequest("GET", e), r = await this.request("GET", e, {
-      headers: a.headers
-    }), s = r.data.data ?? r.data;
+    const e = `/webauthn/credentials/${encodeURIComponent(n)}`, s = await this.signRequest("GET", e), r = await this.request("GET", e, {
+      headers: s.headers
+    }), a = r.data.data ?? r.data;
     return {
-      ...s,
-      hasCredentials: !!(s.hasCredentials ?? s.credentialId)
+      ...a,
+      hasCredentials: !!(a.hasCredentials ?? a.credentialId)
     };
   }
   /**
    * DELETE /webauthn/credentials/:username - Remove passkey.
    */
   async removePasskey(n) {
-    const e = `/webauthn/credentials/${encodeURIComponent(n)}`, a = await this.signRequest("DELETE", e);
+    const e = `/webauthn/credentials/${encodeURIComponent(n)}`, s = await this.signRequest("DELETE", e);
     await this.request("DELETE", e, {
-      headers: a.headers
+      headers: s.headers
     });
   }
   /**
    * Signs a request with DPoP and Authorization headers (internal use).
    */
   async signRequest(n, t, e = {}) {
-    const a = t.startsWith("http") ? t : `${f}${t}`, r = await this.getRequestAuthHeaders(n, a);
+    const s = t.startsWith("http") ? t : `${w}${t}`, r = await this.getRequestAuthHeaders(n, s);
     return { ...e, headers: { ...e.headers, ...r } };
   }
   /**
    * Replaces native fetch or Axios with a DPoP-signed version.
    */
   async authenticatedFetch(n, t) {
-    const e = typeof n == "string" ? n : n instanceof URL ? n.toString() : n.url, a = t?.method || "GET", r = await this.signRequest(a, e, {
+    const e = typeof n == "string" ? n : n instanceof URL ? n.toString() : n.url, s = t?.method || "GET", r = await this.signRequest(s, e, {
       headers: t?.headers
     });
     return fetch(n, { ...t, headers: r.headers });
@@ -560,13 +585,13 @@ class Q {
    * Store tokens from /webauthn/authenticate (per spec: sessionStorage preferred).
    */
   async storeTokens(n) {
-    localStorage.setItem(m, n.accessToken), n.refreshToken && localStorage.setItem(K, n.refreshToken), n.idToken && localStorage.setItem(A, n.idToken);
+    localStorage.setItem(m, n.accessToken), n.refreshToken && localStorage.setItem(D, n.refreshToken), n.idToken && localStorage.setItem(K, n.idToken);
   }
   /**
    * Clear stored tokens (call on logout).
    */
   async clearTokens() {
-    localStorage.removeItem(m), localStorage.removeItem(A), localStorage.removeItem(K);
+    localStorage.removeItem(m), localStorage.removeItem(K), localStorage.removeItem(D);
   }
   /**
    * POST /auth/refresh - Refresh access token using server-stored refresh token.
@@ -576,17 +601,17 @@ class Q {
   async refreshToken() {
     const n = await this.request("POST", "/auth/refresh", {
       body: {}
-    }), t = n.data.data ?? n.data, e = t.access_token, a = t.id_token ?? "", r = t.token_type ?? "Bearer", s = t.expires_in ?? 3600;
+    }), t = n.data.data ?? n.data, e = t.access_token, s = t.id_token ?? "", r = t.token_type ?? "Bearer", a = t.expires_in ?? 3600;
     return e && await this.storeTokens({
       accessToken: e,
-      idToken: a,
-      expiresIn: s,
+      idToken: s,
+      expiresIn: a,
       tokenType: r
     }), {
       access_token: e,
-      id_token: a,
+      id_token: s,
       token_type: r,
-      expires_in: s
+      expires_in: a
     };
   }
   /**
@@ -596,7 +621,7 @@ class Q {
   async logout() {
     try {
       const n = await this.getAccessToken(), t = {};
-      n && (t.Authorization = `Bearer ${n}`), await this.request("POST", "/auth/logout", { body: {}, headers: t }), L();
+      n && (t.Authorization = `Bearer ${n}`), await this.request("POST", "/auth/logout", { body: {}, headers: t }), $();
     } catch {
     }
     await this.clearTokens();
@@ -605,28 +630,31 @@ class Q {
     return localStorage.getItem(m);
   }
 }
+typeof window < "u" && (window.AuthSDK = U);
+const te = typeof window < "u" ? window : globalThis;
+te.AuthSDK = U;
 export {
-  Q as AuthSDK,
-  H as AuthSDKFetchError,
+  U as AuthSDK,
+  ee as AuthSDKFetchError,
   h as arrayBufferToBase64,
-  w as arrayBufferToBase64url,
-  k as base64ToArrayBuffer,
-  Y as base64urlToArrayBuffer,
-  N as calculateThumbprint,
-  L as clearDPoPKey,
+  k as arrayBufferToBase64url,
+  f as base64ToArrayBuffer,
+  W as base64urlToArrayBuffer,
+  q as calculateThumbprint,
+  $ as clearDPoPKey,
   V as clearPasskeyEmail,
-  _ as generateDPoPKeyPair,
-  b as generateDPoPProof,
-  v as getDPoPKey,
-  j as getDPoPPublicKeyJWK,
+  P as generateDPoPKeyPair,
+  g as generateDPoPProof,
+  A as getDPoPKey,
+  C as getDPoPPublicKeyJWK,
   G as getPasskeyEmail,
-  W as isConditionalUISupported,
-  z as isDPoPEnabled,
-  q as isWebAuthnSupported,
+  j as isConditionalUISupported,
+  X as isDPoPEnabled,
+  O as isWebAuthnSupported,
   M as setPasskeyEmail,
-  X as storeDPoPKey,
-  x as stringToArrayBuffer,
-  U as toMinimalJWK,
-  F as uint8ArrayToString
+  Q as storeDPoPKey,
+  S as stringToArrayBuffer,
+  v as toMinimalJWK,
+  H as uint8ArrayToString
 };
 //# sourceMappingURL=postex-auth-sdk-stage.es.js.map