postex-auth-sdk-stage 1.2.3 → 1.2.5

package/dist/postex-auth-sdk-stage.es.js

@@ -1,135 +1,135 @@
-function D() {
+function K() {
   return typeof window < "u" && typeof window.PublicKeyCredential < "u" && typeof navigator < "u" && typeof navigator.credentials < "u";
 }
-async function J() {
-  if (!D()) return !1;
+async function j() {
+  if (!K()) return !1;
   try {
     return await PublicKeyCredential.isConditionalMediationAvailable?.() ?? !1;
   } catch {
     return !1;
   }
 }
-function h(a) {
+function y(a) {
   const e = new Uint8Array(a);
   let n = "";
   for (let t = 0; t < e.byteLength; t++)
     n += String.fromCharCode(e[t]);
   return btoa(n);
 }
-function w(a) {
+function k(a) {
   if (typeof a != "string" || !a)
     throw new Error("Invalid base64: expected non-empty string");
   const e = a.replace(/\s/g, "").replace(/-/g, "+").replace(/_/g, "/"), n = e.length % 4, t = n > 0 ? e + "=".repeat(4 - n) : e;
   try {
-    const r = atob(t), o = new Uint8Array(r.length);
-    for (let s = 0; s < r.length; s++)
-      o[s] = r.charCodeAt(s);
-    return o.buffer;
+    const o = atob(t), s = new Uint8Array(o.length);
+    for (let r = 0; r < o.length; r++)
+      s[r] = o.charCodeAt(r);
+    return s.buffer;
   } catch {
     throw new Error(
       "Invalid base64: string is not correctly encoded. Check challenge/credentialId from server."
     );
   }
 }
-function b(a) {
-  return h(a).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+function g(a) {
+  return y(a).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
 }
-function L(a) {
+function J(a) {
   return /^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$/i.test(
     a
   );
 }
-function M(a) {
+function L(a) {
   const e = a.replace(/-/g, ""), n = new Uint8Array(e.length / 2);
   for (let t = 0; t < n.length; t++)
     n[t] = parseInt(e.substr(t * 2, 2), 16);
   return n.buffer;
 }
-function W(a) {
+function M(a) {
   if (!a || typeof a != "string")
     throw new Error("Invalid input: expected non-empty string");
-  return L(a) ? M(a) : w(a);
+  return J(a) ? L(a) : k(a);
 }
-function S(a) {
+function _(a) {
   return new TextEncoder().encode(a).buffer;
 }
-function H(a) {
+function W(a) {
   return String.fromCharCode(...a);
 }
-const Y = "xpay_webauthn", F = 1, d = "passkey_data", E = "passkey_email", x = "passkey_mobile_number";
-function p() {
+const H = "xpay_webauthn", Y = 1, u = "passkey_data", S = "passkey_email", E = "passkey_mobile_number";
+function h() {
   return new Promise((a, e) => {
-    const n = indexedDB.open(Y, F);
+    const n = indexedDB.open(H, Y);
     n.onerror = () => e(n.error), n.onsuccess = () => a(n.result), n.onupgradeneeded = () => {
       const t = n.result;
-      t.objectStoreNames.contains(d) || t.createObjectStore(d);
+      t.objectStoreNames.contains(u) || t.createObjectStore(u);
     };
   });
 }
-async function G() {
+async function F() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readonly"), o = t.objectStore(d).get(E);
-      o.onerror = () => n(o.error), o.onsuccess = () => e(o.result ?? null), t.oncomplete = () => a.close();
+      const t = a.transaction(u, "readonly"), s = t.objectStore(u).get(S);
+      s.onerror = () => n(s.error), s.onsuccess = () => e(s.result ?? null), t.oncomplete = () => a.close();
     });
   } catch {
     return null;
   }
 }
-async function V(a) {
+async function G(a) {
   try {
-    const e = await p();
+    const e = await h();
     return new Promise((n, t) => {
-      const r = e.transaction(d, "readwrite"), s = r.objectStore(d).put(a, E);
-      s.onerror = () => t(s.error), s.onsuccess = () => n(), r.oncomplete = () => e.close();
+      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, S);
+      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
     });
   } catch {
   }
 }
-async function z() {
+async function V() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readwrite"), o = t.objectStore(d).delete(E);
-      o.onerror = () => n(o.error), o.onsuccess = () => e(), t.oncomplete = () => a.close();
+      const t = a.transaction(u, "readwrite"), s = t.objectStore(u).delete(S);
+      s.onerror = () => n(s.error), s.onsuccess = () => e(), t.oncomplete = () => a.close();
     });
   } catch {
   }
 }
-async function X() {
+async function z() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readonly"), o = t.objectStore(d).get(x);
-      o.onerror = () => n(o.error), o.onsuccess = () => e(o.result ?? null), t.oncomplete = () => a.close();
+      const t = a.transaction(u, "readonly"), s = t.objectStore(u).get(E);
+      s.onerror = () => n(s.error), s.onsuccess = () => e(s.result ?? null), t.oncomplete = () => a.close();
     });
   } catch {
     return null;
   }
 }
-async function Q(a) {
+async function X(a) {
   try {
-    const e = await p();
+    const e = await h();
     return new Promise((n, t) => {
-      const r = e.transaction(d, "readwrite"), s = r.objectStore(d).put(a, x);
-      s.onerror = () => t(s.error), s.onsuccess = () => n(), r.oncomplete = () => e.close();
+      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, E);
+      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
     });
   } catch {
   }
 }
-async function Z() {
+async function Q() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readwrite"), o = t.objectStore(d).delete(x);
-      o.onerror = () => n(o.error), o.onsuccess = () => e(), t.oncomplete = () => a.close();
+      const t = a.transaction(u, "readwrite"), s = t.objectStore(u).delete(E);
+      s.onerror = () => n(s.error), s.onsuccess = () => e(), t.oncomplete = () => a.close();
     });
   } catch {
   }
 }
-const I = "dpop_private_key", A = "dpop_public_key_jwk";
-function q(a) {
+const x = "dpop_private_key", I = "dpop_public_key_jwk";
+function D(a) {
   return {
     kty: "EC",
     crv: "P-256",
@@ -137,7 +137,7 @@ function q(a) {
     y: a.y
   };
 }
-async function R(a) {
+async function B(a) {
   const e = JSON.stringify({
     crv: a.crv,
     kty: a.kty,
@@ -147,65 +147,65 @@ async function R(a) {
     "SHA-256",
     new TextEncoder().encode(e)
   );
-  return b(n);
+  return g(n);
 }
-async function B(a) {
+async function q(a) {
   try {
-    const e = await p();
+    const e = await h();
     return new Promise((n, t) => {
-      const r = e.transaction(d, "readwrite"), s = r.objectStore(d).put(a, I);
-      s.onerror = () => t(s.error), s.onsuccess = () => n(), r.oncomplete = () => e.close();
+      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, x);
+      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
     });
   } catch (e) {
     console.error("Failed to store DPoP private key:", e);
   }
 }
-async function ee(a) {
+async function Z(a) {
   try {
-    const e = await p();
+    const e = await h();
     return new Promise((n, t) => {
-      const r = e.transaction(d, "readwrite"), s = r.objectStore(d).put(a, A);
-      s.onerror = () => t(s.error), s.onsuccess = () => n(), r.oncomplete = () => e.close();
+      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, I);
+      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
     });
   } catch (e) {
     console.error("Failed to store DPoP public key JWK:", e);
   }
 }
-async function O() {
+async function A() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readonly"), o = t.objectStore(d).get(I);
-      o.onerror = () => n(o.error), o.onsuccess = () => e(o.result ?? null), t.oncomplete = () => a.close();
+      const t = a.transaction(u, "readonly"), s = t.objectStore(u).get(x);
+      s.onerror = () => n(s.error), s.onsuccess = () => e(s.result ?? null), t.oncomplete = () => a.close();
     });
   } catch {
     return null;
   }
 }
-async function N() {
+async function R() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readonly"), o = t.objectStore(d).get(A);
-      o.onerror = () => n(o.error), o.onsuccess = () => e(o.result ?? null), t.oncomplete = () => a.close();
+      const t = a.transaction(u, "readonly"), s = t.objectStore(u).get(I);
+      s.onerror = () => n(s.error), s.onsuccess = () => e(s.result ?? null), t.oncomplete = () => a.close();
     });
   } catch {
     return null;
   }
 }
-async function C() {
+async function U() {
   try {
-    const a = await p();
+    const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(d, "readwrite"), r = t.objectStore(d);
-      r.delete(I), r.delete(A), t.onerror = () => n(t.error), t.oncomplete = () => {
+      const t = a.transaction(u, "readwrite"), o = t.objectStore(u);
+      o.delete(x), o.delete(I), t.onerror = () => n(t.error), t.oncomplete = () => {
         a.close(), e();
       };
     });
   } catch {
   }
 }
-async function g() {
+async function T() {
   const a = await crypto.subtle.generateKey(
     {
       name: "ECDSA",
@@ -214,90 +214,99 @@ async function g() {
     !1,
     // Private key is non-extractable
     ["sign", "verify"]
-  ), e = await crypto.subtle.exportKey("jwk", a.publicKey), n = q(e), t = await R(n);
-  return await B(a.privateKey), await ee(n), { publicKey: n, thumbprint: t };
+  ), e = await crypto.subtle.exportKey("jwk", a.publicKey), n = D(e), t = await B(n);
+  return await q(a.privateKey), await Z(n), { publicKey: n, thumbprint: t };
 }
-async function T(a, e, n) {
+async function w(a, e, n) {
   try {
-    const t = await O(), r = await N();
-    if (!t || !r) return null;
-    const o = {
+    const t = await A(), o = await R();
+    if (!t || !o) return null;
+    const s = {
       typ: "dpop+jwt",
       alg: "ES256",
-      jwk: r
+      jwk: o
       // Public key in JWK format
-    }, s = new URL(
+    }, r = new URL(
       e,
       typeof window < "u" ? window.location.origin : void 0
-    ), i = `${s.origin}${s.pathname}`, u = {
+    ), i = `${r.origin}${r.pathname}`, d = {
       jti: crypto.randomUUID(),
       htm: a.toUpperCase(),
       htu: i,
       iat: Math.floor(Date.now() / 1e3)
     };
     if (n) {
-      const _ = new TextEncoder().encode(n), j = await crypto.subtle.digest("SHA-256", _);
-      u.ath = b(j);
+      const P = new TextEncoder().encode(n), $ = await crypto.subtle.digest("SHA-256", P);
+      d.ath = g($);
     }
-    const l = b(
-      new TextEncoder().encode(JSON.stringify(o)).buffer
-    ), c = b(
-      new TextEncoder().encode(JSON.stringify(u)).buffer
-    ), y = `${l}.${c}`, f = await crypto.subtle.sign(
+    const l = g(
+      new TextEncoder().encode(JSON.stringify(s)).buffer
+    ), c = g(
+      new TextEncoder().encode(JSON.stringify(d)).buffer
+    ), p = `${l}.${c}`, f = await crypto.subtle.sign(
       {
         name: "ECDSA",
         hash: { name: "SHA-256" }
       },
       t,
-      new TextEncoder().encode(y)
-    ), m = b(f);
-    return `${l}.${c}.${m}`;
+      new TextEncoder().encode(p)
+    ), b = g(f);
+    return `${l}.${c}.${b}`;
   } catch (t) {
     return console.error("Failed to generate DPoP proof:", t), null;
   }
 }
-async function te() {
-  return await O() !== null;
+async function ee() {
+  return await A() !== null;
 }
-const ne = B, $ = {
-  isWebAuthnSupported: D,
-  isConditionalUISupported: J,
-  arrayBufferToBase64: h,
-  base64ToArrayBuffer: w,
-  arrayBufferToBase64url: b,
-  base64urlToArrayBuffer: W,
-  stringToArrayBuffer: S,
-  uint8ArrayToString: H,
-  getPasskeyEmail: G,
-  setPasskeyEmail: V,
-  clearPasskeyEmail: z,
-  getPasskeyMobileNumber: X,
-  setPasskeyMobileNumber: Q,
-  clearPasskeyMobileNumber: Z,
-  toMinimalJWK: q,
-  calculateThumbprint: R,
-  getDPoPKey: O,
-  getDPoPPublicKeyJWK: N,
-  clearDPoPKey: C,
-  generateDPoPKeyPair: g,
-  generateDPoPProof: T,
-  isDPoPEnabled: te,
-  storeDPoPKey: ne
+const te = q, N = {
+  isWebAuthnSupported: K,
+  isConditionalUISupported: j,
+  arrayBufferToBase64: y,
+  base64ToArrayBuffer: k,
+  arrayBufferToBase64url: g,
+  base64urlToArrayBuffer: M,
+  stringToArrayBuffer: _,
+  uint8ArrayToString: W,
+  getPasskeyEmail: F,
+  setPasskeyEmail: G,
+  clearPasskeyEmail: V,
+  getPasskeyMobileNumber: z,
+  setPasskeyMobileNumber: X,
+  clearPasskeyMobileNumber: Q,
+  toMinimalJWK: D,
+  calculateThumbprint: B,
+  getDPoPKey: A,
+  getDPoPPublicKeyJWK: R,
+  clearDPoPKey: U,
+  generateDPoPKeyPair: T,
+  generateDPoPProof: w,
+  isDPoPEnabled: ee,
+  storeDPoPKey: te
+};
+typeof window < "u" && (window.WebAuthn = N);
+const ne = typeof window < "u" ? window : globalThis;
+ne.WebAuthn = N;
+const m = "postex-auth-token", se = "postexglobal", oe = {
+  xstak: "https://auth-stage.xstak.com/public/v1",
+  postex: "https://auth-stage.postex.pk/public/v1",
+  callcourier: "https://auth-stage.callcourier.com.pk/public/v1",
+  postexglobal: "https://auth-stage.postexglobal.com/public/v1"
 };
-typeof window < "u" && (window.WebAuthn = $);
-const oe = typeof window < "u" ? window : globalThis;
-oe.WebAuthn = $;
-const P = "postex-auth-token", k = "https://auth-stage.postexglobal.com/public/v1";
 class re extends Error {
   constructor(e, n, t) {
     super(t ?? `Request failed with status ${e}`), this.response = { status: e, data: n }, this.name = "AuthSDKFetchError";
   }
 }
-const K = "auth_sdk_id_token", v = "auth_sdk_refresh_token";
-class U {
+const O = "auth_sdk_id_token", v = "auth_sdk_refresh_token";
+class C {
   constructor(e) {
     this.config = e;
   }
+  getBaseUrl() {
+    const e = this.config.appId ?? se;
+    return oe[e];
+  }
   normalizeAuthIdentifier(e) {
     return typeof e == "string" ? { email: e } : {
       email: e.email,
@@ -305,36 +314,36 @@ class U {
     };
   }
   buildUrl(e, n) {
-    const t = k.replace(/\/$/, ""), r = e.startsWith("/") ? e : `/${e}`, o = `${t}${r}`;
-    if (!n || Object.keys(n).length === 0) return o;
-    const s = new URLSearchParams(n).toString();
-    return `${o}?${s}`;
+    const t = this.getBaseUrl().replace(/\/$/, ""), o = e.startsWith("/") ? e : `/${e}`, s = `${t}${o}`;
+    if (!n || Object.keys(n).length === 0) return s;
+    const r = new URLSearchParams(n).toString();
+    return `${s}?${r}`;
   }
   async request(e, n, t) {
-    const r = this.buildUrl(n, t?.params), o = {
+    const o = this.buildUrl(n, t?.params), s = {
       "Content-Type": "application/json",
       Accept: "application/json",
       "X-API-Key": this.config.apiKey ?? "",
       ...t?.headers
-    }, s = {
+    }, r = {
       method: e,
       credentials: "include",
-      headers: o
+      headers: s
     };
-    t?.body !== void 0 && t?.body !== null && (s.body = JSON.stringify(t.body));
-    const i = await fetch(r, s);
+    t?.body !== void 0 && t?.body !== null && (r.body = JSON.stringify(t.body));
+    const i = await fetch(o, r);
     if (!i.ok) {
       let c;
       try {
-        const y = await i.text();
-        c = y ? JSON.parse(y) : void 0;
+        const p = await i.text();
+        c = p ? JSON.parse(p) : void 0;
       } catch {
         c = void 0;
       }
       throw i.status === 401 && await this.clearTokens(), new re(i.status, c);
     }
-    const u = await i.text();
-    return { data: u ? JSON.parse(u) : {} };
+    const d = await i.text();
+    return { data: d ? JSON.parse(d) : {} };
   }
   /**
    * Returns auth headers (Authorization + DPoP) for the given request.
@@ -343,16 +352,16 @@ class U {
    * @param url - Full request URL
    */
   async getRequestAuthHeaders(e, n) {
-    const t = localStorage.getItem(P);
+    const t = localStorage.getItem(m);
     if (!t) return {};
-    const r = n.startsWith("http") ? n : `${k}${n}`, o = await T(
+    const o = n.startsWith("http") ? n : `${this.getBaseUrl()}${n}`, s = await w(
       e.toUpperCase(),
-      r,
+      o,
       t
-    ), s = {
+    ), r = {
       Authorization: `Bearer ${t}`
     };
-    return o && (s.DPoP = o), s;
+    return s && (r.DPoP = s), r;
   }
   /**
    * GET /auth/status - Check if client has trusted device session and what auth method is available.
@@ -373,12 +382,12 @@ class U {
   async initiateAuth(e) {
     const n = this.normalizeAuthIdentifier(e), t = await this.request("POST", "/auth/initiate", {
       body: n
-    }), r = t.data.data ?? t.data;
+    }), o = t.data.data ?? t.data;
     return {
-      status: r.status,
-      challenge: r.challenge,
-      credentialIds: r.credentialIds,
-      rp: r.rp
+      status: o.status,
+      challenge: o.challenge,
+      credentialIds: o.credentialIds,
+      rp: o.rp
     };
   }
   /**
@@ -386,29 +395,29 @@ class U {
    * Stores tokens from the response.
    */
   async verifyOTP(e) {
-    await g();
-    const n = await T(
+    await T();
+    const n = await w(
       "POST",
-      `${k}/otp/verify`
+      `${this.getBaseUrl()}/otp/verify`
     ), t = await this.request("POST", "/otp/verify", {
       body: { otp: e },
       headers: n ? { DPoP: n } : {}
-    }), r = t.data.data ?? t.data, o = r.AuthenticationResult ?? r, s = o.access_token ?? o.accessToken ?? o.AccessToken, i = o.refresh_token ?? o.refreshToken ?? o.RefreshToken, u = o.id_token ?? o.idToken ?? o.IdToken, l = o.expires_in ?? o.expiresIn ?? o.ExpiresIn ?? 3600, c = o.token_type ?? o.tokenType ?? o.TokenType ?? "Bearer";
-    return s && await this.storeTokens({
-      accessToken: s,
+    }), o = t.data.data ?? t.data, s = o.AuthenticationResult ?? o, r = s.access_token ?? s.accessToken ?? s.AccessToken, i = s.refresh_token ?? s.refreshToken ?? s.RefreshToken, d = s.id_token ?? s.idToken ?? s.IdToken, l = s.expires_in ?? s.expiresIn ?? s.ExpiresIn ?? 3600, c = s.token_type ?? s.tokenType ?? s.TokenType ?? "Bearer";
+    return r && await this.storeTokens({
+      accessToken: r,
       refreshToken: i ?? "",
-      idToken: u ?? "",
+      idToken: d ?? "",
       expiresIn: l ?? 3600,
       tokenType: c ?? "Bearer"
     }), {
-      access_token: s,
+      access_token: r,
       refresh_token: i ?? "",
-      id_token: u ?? "",
+      id_token: d ?? "",
       expires_in: l,
       token_type: c,
-      verified: o.verified ?? o.Verified ?? !0,
-      email: o.email ?? o.Email ?? "",
-      ...o
+      verified: s.verified ?? s.Verified ?? !0,
+      email: s.email ?? s.Email ?? "",
+      ...s
     };
   }
   /**
@@ -431,29 +440,29 @@ class U {
     mobileNumber: e,
     otp: n
   }) {
-    await g();
-    const t = await T(
+    await T();
+    const t = await w(
       "POST",
-      `${k}/otp/signup/verify`
-    ), r = await this.request("POST", "/otp/signup/verify", {
+      `${this.getBaseUrl()}/otp/signup/verify`
+    ), o = await this.request("POST", "/otp/signup/verify", {
       body: { mobileNumber: e, otp: n },
       headers: t ? { DPoP: t } : {}
-    }), o = r.data.data ?? r.data, s = o.AuthenticationResult ?? o, i = s.access_token ?? s.accessToken ?? s.AccessToken, u = s.refresh_token ?? s.refreshToken ?? s.RefreshToken, l = s.id_token ?? s.idToken ?? s.IdToken, c = s.expires_in ?? s.expiresIn ?? s.ExpiresIn ?? 3600, y = s.token_type ?? s.tokenType ?? s.TokenType ?? "Bearer";
+    }), s = o.data.data ?? o.data, r = s.AuthenticationResult ?? s, i = r.access_token ?? r.accessToken ?? r.AccessToken, d = r.refresh_token ?? r.refreshToken ?? r.RefreshToken, l = r.id_token ?? r.idToken ?? r.IdToken, c = r.expires_in ?? r.expiresIn ?? r.ExpiresIn ?? 3600, p = r.token_type ?? r.tokenType ?? r.TokenType ?? "Bearer";
     return i && await this.storeTokens({
       accessToken: i,
-      refreshToken: u ?? "",
+      refreshToken: d ?? "",
       idToken: l ?? "",
       expiresIn: c ?? 3600,
-      tokenType: y ?? "Bearer"
+      tokenType: p ?? "Bearer"
     }), {
       access_token: i,
-      refresh_token: u ?? "",
+      refresh_token: d ?? "",
       id_token: l ?? "",
       expires_in: c,
-      token_type: y,
-      verified: s.verified ?? s.Verified ?? !0,
-      email: s.email ?? s.Email ?? "",
-      ...s
+      token_type: p,
+      verified: r.verified ?? r.Verified ?? !0,
+      email: r.email ?? r.Email ?? "",
+      ...r
     };
   }
   /**
@@ -465,11 +474,11 @@ class U {
   }) {
     const t = await this.request("POST", "/otp/signup/resend", {
       body: { email: n, mobileNumber: e }
-    }), r = t.data.data ?? t.data;
+    }), o = t.data.data ?? t.data;
     return {
-      success: r.success ?? !0,
-      message: r.message,
-      ...r
+      success: o.success ?? !0,
+      message: o.message,
+      ...o
     };
   }
   /**
@@ -493,19 +502,19 @@ class U {
       {
         body: {}
       }
-    ), n = e.data.data ?? e.data, t = n.AuthenticationResult ?? n, r = t.access_token ?? t.accessToken ?? t.AccessToken, o = t.refresh_token ?? t.refreshToken ?? t.RefreshToken, s = t.id_token ?? t.idToken ?? t.IdToken, i = t.expires_in ?? t.expiresIn ?? t.ExpiresIn ?? 3600, u = t.token_type ?? t.tokenType ?? t.TokenType ?? "Bearer";
-    return r && await this.storeTokens({
-      accessToken: r,
-      refreshToken: o ?? "",
-      idToken: s ?? "",
+    ), n = e.data.data ?? e.data, t = n.AuthenticationResult ?? n, o = t.access_token ?? t.accessToken ?? t.AccessToken, s = t.refresh_token ?? t.refreshToken ?? t.RefreshToken, r = t.id_token ?? t.idToken ?? t.IdToken, i = t.expires_in ?? t.expiresIn ?? t.ExpiresIn ?? 3600, d = t.token_type ?? t.tokenType ?? t.TokenType ?? "Bearer";
+    return o && await this.storeTokens({
+      accessToken: o,
+      refreshToken: s ?? "",
+      idToken: r ?? "",
       expiresIn: i ?? 3600,
-      tokenType: u ?? "Bearer"
+      tokenType: d ?? "Bearer"
     }), {
-      access_token: r,
-      refresh_token: o ?? "",
-      id_token: s ?? "",
+      access_token: o,
+      refresh_token: s ?? "",
+      id_token: r ?? "",
       expires_in: i,
-      token_type: u,
+      token_type: d,
       verified: t.verified ?? t.Verified ?? !0,
       email: t.email ?? t.Email ?? "",
       ...t
@@ -526,23 +535,23 @@ class U {
     let t;
     if (n?.user?.id)
       try {
-        t = w(n.user.id);
+        t = k(n.user.id);
       } catch {
-        t = S(n.user.id);
+        t = _(n.user.id);
       }
     else
-      t = S(e);
-    const r = (n.pubKeyCredParams ?? [
+      t = _(e);
+    const o = (n.pubKeyCredParams ?? [
       { type: "public-key", alg: -7 },
       { type: "public-key", alg: -257 }
     ]).map((f) => ({
       type: "public-key",
       alg: f.alg
-    })), o = n.excludeCredentials?.map((f) => ({
+    })), s = n.excludeCredentials?.map((f) => ({
       type: "public-key",
-      id: w(f.id)
-    })), s = {
-      challenge: w(n.challenge),
+      id: k(f.id)
+    })), r = {
+      challenge: k(n.challenge),
       rp: {
         name: n.rp?.name ?? "XPay",
         id: n.rp?.id ?? window.location.hostname
@@ -552,8 +561,8 @@ class U {
         name: n.user?.name ?? e,
         displayName: n.user?.displayName ?? e
       },
-      pubKeyCredParams: r,
-      excludeCredentials: o,
+      pubKeyCredParams: o,
+      excludeCredentials: s,
       timeout: n.timeout ?? 6e4,
       attestation: n.attestation ?? "none",
       authenticatorSelection: n.authenticatorSelection ?? {
@@ -561,20 +570,20 @@ class U {
         userVerification: "required"
       }
     }, i = await navigator.credentials.create({
-      publicKey: s
+      publicKey: r
     });
     if (!i) throw new Error("Credential creation failed");
-    const u = i.response, l = {
-      clientDataJSON: h(u.clientDataJSON),
-      attestationObject: h(u.attestationObject),
-      rawId: h(i.rawId)
+    const d = i.response, l = {
+      clientDataJSON: y(d.clientDataJSON),
+      attestationObject: y(d.attestationObject),
+      rawId: y(i.rawId)
     };
     if (!l.rawId) throw new Error("Raw ID is required");
-    await g();
-    const c = await T(
+    await T();
+    const c = await w(
       "POST",
-      `${k}/webauthn/register/challenge`
-    ), y = await this.request(
+      `${this.getBaseUrl()}/webauthn/register/challenge`
+    ), p = await this.request(
       "POST",
       "/webauthn/register/challenge",
       {
@@ -582,7 +591,7 @@ class U {
         headers: c ? { DPoP: c } : {}
       }
     );
-    return y.data.data ?? y.data;
+    return p.data.data ?? p.data;
   }
   /**
    * POST /webauthn/authenticate/challenge - Authenticate with passkey.
@@ -592,13 +601,13 @@ class U {
     rp: n,
     credentialIds: t
   }) {
-    const r = await navigator.credentials.get({
+    const o = await navigator.credentials.get({
       publicKey: {
-        challenge: w(e),
+        challenge: k(e),
         rpId: n?.host ?? void 0,
-        allowCredentials: t.map((_) => ({
+        allowCredentials: t.map((P) => ({
           type: "public-key",
-          id: w(_)
+          id: k(P)
           // Hint browser about possible transports for faster authenticator discovery
           // transports: ["internal", "hybrid"] as AuthenticatorTransport[],
         })),
@@ -606,38 +615,38 @@ class U {
         userVerification: "required"
       }
     });
-    if (!r) throw new Error("Authentication failed");
-    const o = r.response, s = {
-      clientDataJSON: h(o.clientDataJSON),
-      authenticatorData: h(
-        o.authenticatorData
+    if (!o) throw new Error("Authentication failed");
+    const s = o.response, r = {
+      clientDataJSON: y(s.clientDataJSON),
+      authenticatorData: y(
+        s.authenticatorData
       ),
-      signature: h(o.signature),
-      rawId: h(r.rawId),
-      userHandle: o.userHandle ? h(o.userHandle) : ""
+      signature: y(s.signature),
+      rawId: y(o.rawId),
+      userHandle: s.userHandle ? y(s.userHandle) : ""
     };
-    await g();
-    const i = await T(
+    await T();
+    const i = await w(
       "POST",
-      `${k}/webauthn/authenticate/challenge`
-    ), u = await this.request(
+      `${this.getBaseUrl()}/webauthn/authenticate/challenge`
+    ), d = await this.request(
       "POST",
       "/webauthn/authenticate/challenge",
       {
-        body: s,
+        body: r,
         headers: i ? { DPoP: i } : {}
       }
-    ), l = u.data.data ?? u.data, c = l.AuthenticationResult ?? l, y = c.AccessToken ?? c.accessToken ?? c.access_token, f = c.RefreshToken ?? c.refreshToken ?? c.refresh_token, m = c.IdToken ?? c.idToken ?? c.id_token;
-    return y && await this.storeTokens({
-      accessToken: y,
+    ), l = d.data.data ?? d.data, c = l.AuthenticationResult ?? l, p = c.AccessToken ?? c.accessToken ?? c.access_token, f = c.RefreshToken ?? c.refreshToken ?? c.refresh_token, b = c.IdToken ?? c.idToken ?? c.id_token;
+    return p && await this.storeTokens({
+      accessToken: p,
       refreshToken: f ?? "",
-      idToken: m ?? "",
+      idToken: b ?? "",
       expiresIn: c.expiresIn ?? c.ExpiresIn ?? 3600,
       tokenType: c.tokenType ?? c.token_type ?? "Bearer"
     }), {
-      access_token: y,
+      access_token: p,
       refresh_token: f ?? "",
-      id_token: m,
+      id_token: b,
       email: c.email,
       name: c.name ?? c.userName,
       expiresIn: c.expiresIn ?? c.ExpiresIn,
@@ -649,50 +658,50 @@ class U {
    * GET /webauthn/credentials/:username - Get user's passkey status.
    */
   async getPasskeyStatus(e) {
-    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, r = await this.signRequest("GET", t), o = await this.request("GET", t, {
-      headers: r.headers
-    }), s = o.data.data ?? o.data;
+    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, o = await this.signRequest("GET", t), s = await this.request("GET", t, {
+      headers: o.headers
+    }), r = s.data.data ?? s.data;
     return {
-      ...s,
-      hasCredentials: !!(s.hasCredentials ?? s.credentialId)
+      ...r,
+      hasCredentials: !!(r.hasCredentials ?? r.credentialId)
     };
   }
   /**
    * DELETE /webauthn/credentials/:username - Remove passkey.
    */
   async removePasskey(e) {
-    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, r = await this.signRequest("DELETE", t);
+    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, o = await this.signRequest("DELETE", t);
     await this.request("DELETE", t, {
-      headers: r.headers
+      headers: o.headers
     });
   }
   /**
    * Signs a request with DPoP and Authorization headers (internal use).
    */
   async signRequest(e, n, t = {}) {
-    const r = n.startsWith("http") ? n : `${k}${n}`, o = await this.getRequestAuthHeaders(e, r);
-    return { ...t, headers: { ...t.headers, ...o } };
+    const o = n.startsWith("http") ? n : `${this.getBaseUrl()}${n}`, s = await this.getRequestAuthHeaders(e, o);
+    return { ...t, headers: { ...t.headers, ...s } };
   }
   /**
    * Replaces native fetch or Axios with a DPoP-signed version.
    */
   async authenticatedFetch(e, n) {
-    const t = typeof e == "string" ? e : e instanceof URL ? e.toString() : e.url, r = n?.method || "GET", o = await this.signRequest(r, t, {
+    const t = typeof e == "string" ? e : e instanceof URL ? e.toString() : e.url, o = n?.method || "GET", s = await this.signRequest(o, t, {
       headers: n?.headers
     });
-    return fetch(e, { ...n, headers: o.headers });
+    return fetch(e, { ...n, headers: s.headers });
   }
   /**
    * Store tokens from /webauthn/authenticate (per spec: sessionStorage preferred).
    */
   async storeTokens(e) {
-    localStorage.setItem(P, e.accessToken), e.refreshToken && localStorage.setItem(v, e.refreshToken), e.idToken && localStorage.setItem(K, e.idToken);
+    localStorage.setItem(m, e.accessToken), e.refreshToken && localStorage.setItem(v, e.refreshToken), e.idToken && localStorage.setItem(O, e.idToken);
   }
   /**
    * Clear stored tokens (call on logout).
    */
   async clearTokens() {
-    localStorage.removeItem(P), localStorage.removeItem(K), localStorage.removeItem(v);
+    localStorage.removeItem(m), localStorage.removeItem(O), localStorage.removeItem(v);
   }
   /**
    * POST /auth/refresh - Refresh access token using server-stored refresh token.
@@ -702,17 +711,17 @@ class U {
   async refreshToken() {
     const e = await this.request("POST", "/auth/refresh", {
       body: {}
-    }), n = e.data.data ?? e.data, t = n.access_token, r = n.id_token ?? "", o = n.token_type ?? "Bearer", s = n.expires_in ?? 3600;
+    }), n = e.data.data ?? e.data, t = n.access_token, o = n.id_token ?? "", s = n.token_type ?? "Bearer", r = n.expires_in ?? 3600;
     return t && await this.storeTokens({
       accessToken: t,
-      idToken: r,
-      expiresIn: s,
-      tokenType: o
+      idToken: o,
+      expiresIn: r,
+      tokenType: s
     }), {
       access_token: t,
-      id_token: r,
-      token_type: o,
-      expires_in: s
+      id_token: o,
+      token_type: s,
+      expires_in: r
     };
   }
   /**
@@ -722,43 +731,43 @@ class U {
   async logout() {
     try {
       const e = await this.getAccessToken(), n = {};
-      e && (n.Authorization = `Bearer ${e}`), await this.request("POST", "/auth/logout", { body: {}, headers: n }), C();
+      e && (n.Authorization = `Bearer ${e}`), await this.request("POST", "/auth/logout", { body: {}, headers: n }), U();
     } catch {
     }
     await this.clearTokens();
   }
   async getAccessToken() {
-    return localStorage.getItem(P);
+    return localStorage.getItem(m);
   }
 }
-typeof window < "u" && (window.AuthSDK = U);
-const se = typeof window < "u" ? window : globalThis;
-se.AuthSDK = U;
+typeof window < "u" && (window.AuthSDK = C);
+const ae = typeof window < "u" ? window : globalThis;
+ae.AuthSDK = C;
 export {
-  U as AuthSDK,
+  C as AuthSDK,
   re as AuthSDKFetchError,
-  h as arrayBufferToBase64,
-  b as arrayBufferToBase64url,
-  w as base64ToArrayBuffer,
-  W as base64urlToArrayBuffer,
-  R as calculateThumbprint,
-  C as clearDPoPKey,
-  z as clearPasskeyEmail,
-  Z as clearPasskeyMobileNumber,
-  g as generateDPoPKeyPair,
-  T as generateDPoPProof,
-  O as getDPoPKey,
-  N as getDPoPPublicKeyJWK,
-  G as getPasskeyEmail,
-  X as getPasskeyMobileNumber,
-  J as isConditionalUISupported,
-  te as isDPoPEnabled,
-  D as isWebAuthnSupported,
-  V as setPasskeyEmail,
-  Q as setPasskeyMobileNumber,
-  ne as storeDPoPKey,
-  S as stringToArrayBuffer,
-  q as toMinimalJWK,
-  H as uint8ArrayToString
+  y as arrayBufferToBase64,
+  g as arrayBufferToBase64url,
+  k as base64ToArrayBuffer,
+  M as base64urlToArrayBuffer,
+  B as calculateThumbprint,
+  U as clearDPoPKey,
+  V as clearPasskeyEmail,
+  Q as clearPasskeyMobileNumber,
+  T as generateDPoPKeyPair,
+  w as generateDPoPProof,
+  A as getDPoPKey,
+  R as getDPoPPublicKeyJWK,
+  F as getPasskeyEmail,
+  z as getPasskeyMobileNumber,
+  j as isConditionalUISupported,
+  ee as isDPoPEnabled,
+  K as isWebAuthnSupported,
+  G as setPasskeyEmail,
+  X as setPasskeyMobileNumber,
+  te as storeDPoPKey,
+  _ as stringToArrayBuffer,
+  D as toMinimalJWK,
+  W as uint8ArrayToString
 };
 //# sourceMappingURL=postex-auth-sdk-stage.es.js.map