postex-auth-sdk-stage 1.2.4 → 1.3.0

package/dist/postex-auth-sdk-stage.es.js

@@ -21,9 +21,9 @@ function k(a) {
     throw new Error("Invalid base64: expected non-empty string");
   const e = a.replace(/\s/g, "").replace(/-/g, "+").replace(/_/g, "/"), n = e.length % 4, t = n > 0 ? e + "=".repeat(4 - n) : e;
   try {
-    const o = atob(t), s = new Uint8Array(o.length);
-    for (let r = 0; r < o.length; r++)
-      s[r] = o.charCodeAt(r);
+    const r = atob(t), s = new Uint8Array(r.length);
+    for (let o = 0; o < r.length; o++)
+      s[o] = r.charCodeAt(o);
     return s.buffer;
   } catch {
     throw new Error(
@@ -31,7 +31,7 @@ function k(a) {
     );
   }
 }
-function g(a) {
+function m(a) {
   return y(a).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
 }
 function J(a) {
@@ -81,8 +81,8 @@ async function G(a) {
   try {
     const e = await h();
     return new Promise((n, t) => {
-      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, S);
-      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
+      const r = e.transaction(u, "readwrite"), o = r.objectStore(u).put(a, S);
+      o.onerror = () => t(o.error), o.onsuccess = () => n(), r.oncomplete = () => e.close();
     });
   } catch {
   }
@@ -112,8 +112,8 @@ async function X(a) {
   try {
     const e = await h();
     return new Promise((n, t) => {
-      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, E);
-      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
+      const r = e.transaction(u, "readwrite"), o = r.objectStore(u).put(a, E);
+      o.onerror = () => t(o.error), o.onsuccess = () => n(), r.oncomplete = () => e.close();
     });
   } catch {
   }
@@ -137,7 +137,7 @@ function D(a) {
     y: a.y
   };
 }
-async function B(a) {
+async function q(a) {
   const e = JSON.stringify({
     crv: a.crv,
     kty: a.kty,
@@ -147,14 +147,14 @@ async function B(a) {
     "SHA-256",
     new TextEncoder().encode(e)
   );
-  return g(n);
+  return m(n);
 }
-async function q(a) {
+async function B(a) {
   try {
     const e = await h();
     return new Promise((n, t) => {
-      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, x);
-      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
+      const r = e.transaction(u, "readwrite"), o = r.objectStore(u).put(a, x);
+      o.onerror = () => t(o.error), o.onsuccess = () => n(), r.oncomplete = () => e.close();
     });
   } catch (e) {
     console.error("Failed to store DPoP private key:", e);
@@ -164,8 +164,8 @@ async function Z(a) {
   try {
     const e = await h();
     return new Promise((n, t) => {
-      const o = e.transaction(u, "readwrite"), r = o.objectStore(u).put(a, I);
-      r.onerror = () => t(r.error), r.onsuccess = () => n(), o.oncomplete = () => e.close();
+      const r = e.transaction(u, "readwrite"), o = r.objectStore(u).put(a, I);
+      o.onerror = () => t(o.error), o.onsuccess = () => n(), r.oncomplete = () => e.close();
     });
   } catch (e) {
     console.error("Failed to store DPoP public key JWK:", e);
@@ -193,19 +193,19 @@ async function R() {
     return null;
   }
 }
-async function U() {
+async function N() {
   try {
     const a = await h();
     return new Promise((e, n) => {
-      const t = a.transaction(u, "readwrite"), o = t.objectStore(u);
-      o.delete(x), o.delete(I), t.onerror = () => n(t.error), t.oncomplete = () => {
+      const t = a.transaction(u, "readwrite"), r = t.objectStore(u);
+      r.delete(x), r.delete(I), t.onerror = () => n(t.error), t.oncomplete = () => {
         a.close(), e();
       };
     });
   } catch {
   }
 }
-async function T() {
+async function g() {
   const a = await crypto.subtle.generateKey(
     {
       name: "ECDSA",
@@ -214,44 +214,44 @@ async function T() {
     !1,
     // Private key is non-extractable
     ["sign", "verify"]
-  ), e = await crypto.subtle.exportKey("jwk", a.publicKey), n = D(e), t = await B(n);
-  return await q(a.privateKey), await Z(n), { publicKey: n, thumbprint: t };
+  ), e = await crypto.subtle.exportKey("jwk", a.publicKey), n = D(e), t = await q(n);
+  return await B(a.privateKey), await Z(n), { publicKey: n, thumbprint: t };
 }
 async function w(a, e, n) {
   try {
-    const t = await A(), o = await R();
-    if (!t || !o) return null;
+    const t = await A(), r = await R();
+    if (!t || !r) return null;
     const s = {
       typ: "dpop+jwt",
       alg: "ES256",
-      jwk: o
+      jwk: r
       // Public key in JWK format
-    }, r = new URL(
+    }, o = new URL(
       e,
       typeof window < "u" ? window.location.origin : void 0
-    ), i = `${r.origin}${r.pathname}`, d = {
+    ), c = `${o.origin}${o.pathname}`, d = {
       jti: crypto.randomUUID(),
       htm: a.toUpperCase(),
-      htu: i,
+      htu: c,
       iat: Math.floor(Date.now() / 1e3)
     };
     if (n) {
       const P = new TextEncoder().encode(n), $ = await crypto.subtle.digest("SHA-256", P);
-      d.ath = g($);
+      d.ath = m($);
     }
-    const l = g(
+    const l = m(
       new TextEncoder().encode(JSON.stringify(s)).buffer
-    ), c = g(
+    ), i = m(
       new TextEncoder().encode(JSON.stringify(d)).buffer
-    ), p = `${l}.${c}`, f = await crypto.subtle.sign(
+    ), p = `${l}.${i}`, f = await crypto.subtle.sign(
       {
         name: "ECDSA",
         hash: { name: "SHA-256" }
       },
       t,
       new TextEncoder().encode(p)
-    ), b = g(f);
-    return `${l}.${c}.${b}`;
+    ), b = m(f);
+    return `${l}.${i}.${b}`;
   } catch (t) {
     return console.error("Failed to generate DPoP proof:", t), null;
   }
@@ -259,12 +259,12 @@ async function w(a, e, n) {
 async function ee() {
   return await A() !== null;
 }
-const te = q, N = {
+const te = B, U = {
   isWebAuthnSupported: K,
   isConditionalUISupported: j,
   arrayBufferToBase64: y,
   base64ToArrayBuffer: k,
-  arrayBufferToBase64url: g,
+  arrayBufferToBase64url: m,
   base64urlToArrayBuffer: M,
   stringToArrayBuffer: _,
   uint8ArrayToString: W,
@@ -275,25 +275,26 @@ const te = q, N = {
   setPasskeyMobileNumber: X,
   clearPasskeyMobileNumber: Q,
   toMinimalJWK: D,
-  calculateThumbprint: B,
+  calculateThumbprint: q,
   getDPoPKey: A,
   getDPoPPublicKeyJWK: R,
-  clearDPoPKey: U,
-  generateDPoPKeyPair: T,
+  clearDPoPKey: N,
+  generateDPoPKeyPair: g,
   generateDPoPProof: w,
   isDPoPEnabled: ee,
   storeDPoPKey: te
 };
-typeof window < "u" && (window.WebAuthn = N);
+typeof window < "u" && (window.WebAuthn = U);
 const ne = typeof window < "u" ? window : globalThis;
-ne.WebAuthn = N;
-const m = "postex-auth-token", se = "postexglobal", oe = {
+ne.WebAuthn = U;
+const T = "postex-auth-token", se = "postexglobal", re = {
   xstak: "https://auth-stage.xstak.com/public/v1",
   postex: "https://auth-stage.postex.pk/public/v1",
   callcourier: "https://auth-stage.callcourier.com.pk/public/v1",
-  postexglobal: "https://auth-stage.postexglobal.com/public/v1"
+  postexglobal: "https://auth-stage.postexglobal.com/public/v1",
+  postexsa: "https://auth-stage.postex.sa/public/v1"
 };
-class re extends Error {
+class oe extends Error {
   constructor(e, n, t) {
     super(t ?? `Request failed with status ${e}`), this.response = { status: e, data: n }, this.name = "AuthSDKFetchError";
   }
@@ -305,7 +306,7 @@ class C {
   }
   getBaseUrl() {
     const e = this.config.appId ?? se;
-    return oe[e];
+    return re[e];
   }
   normalizeAuthIdentifier(e) {
     return typeof e == "string" ? { email: e } : {
@@ -314,35 +315,35 @@ class C {
     };
   }
   buildUrl(e, n) {
-    const t = this.getBaseUrl().replace(/\/$/, ""), o = e.startsWith("/") ? e : `/${e}`, s = `${t}${o}`;
+    const t = this.getBaseUrl().replace(/\/$/, ""), r = e.startsWith("/") ? e : `/${e}`, s = `${t}${r}`;
     if (!n || Object.keys(n).length === 0) return s;
-    const r = new URLSearchParams(n).toString();
-    return `${s}?${r}`;
+    const o = new URLSearchParams(n).toString();
+    return `${s}?${o}`;
   }
   async request(e, n, t) {
-    const o = this.buildUrl(n, t?.params), s = {
+    const r = this.buildUrl(n, t?.params), s = {
       "Content-Type": "application/json",
       Accept: "application/json",
       "X-API-Key": this.config.apiKey ?? "",
       ...t?.headers
-    }, r = {
+    }, o = {
       method: e,
       credentials: "include",
       headers: s
     };
-    t?.body !== void 0 && t?.body !== null && (r.body = JSON.stringify(t.body));
-    const i = await fetch(o, r);
-    if (!i.ok) {
-      let c;
+    t?.body !== void 0 && t?.body !== null && (o.body = JSON.stringify(t.body));
+    const c = await fetch(r, o);
+    if (!c.ok) {
+      let i;
       try {
-        const p = await i.text();
-        c = p ? JSON.parse(p) : void 0;
+        const p = await c.text();
+        i = p ? JSON.parse(p) : void 0;
       } catch {
-        c = void 0;
+        i = void 0;
       }
-      throw i.status === 401 && await this.clearTokens(), new re(i.status, c);
+      throw c.status === 401 && await this.clearTokens(), new oe(c.status, i);
     }
-    const d = await i.text();
+    const d = await c.text();
     return { data: d ? JSON.parse(d) : {} };
   }
   /**
@@ -352,16 +353,16 @@ class C {
    * @param url - Full request URL
    */
   async getRequestAuthHeaders(e, n) {
-    const t = localStorage.getItem(m);
+    const t = localStorage.getItem(T);
     if (!t) return {};
-    const o = n.startsWith("http") ? n : `${this.getBaseUrl()}${n}`, s = await w(
+    const r = n.startsWith("http") ? n : `${this.getBaseUrl()}${n}`, s = await w(
       e.toUpperCase(),
-      o,
+      r,
       t
-    ), r = {
+    ), o = {
       Authorization: `Bearer ${t}`
     };
-    return s && (r.DPoP = s), r;
+    return s && (o.DPoP = s), o;
   }
   /**
    * GET /auth/status - Check if client has trusted device session and what auth method is available.
@@ -382,12 +383,29 @@ class C {
   async initiateAuth(e) {
     const n = this.normalizeAuthIdentifier(e), t = await this.request("POST", "/auth/initiate", {
       body: n
-    }), o = t.data.data ?? t.data;
+    }), r = t.data.data ?? t.data;
     return {
-      status: o.status,
-      challenge: o.challenge,
-      credentialIds: o.credentialIds,
-      rp: o.rp
+      status: r.status,
+      challenge: r.challenge,
+      credentialIds: r.credentialIds,
+      rp: r.rp
+    };
+  }
+  /**
+   * POST /otp/initiate - Direct OTP initiation using email or mobile number.
+   * Requires at least one identifier: email or mobileNumber.
+   */
+  async initiateOTP(e) {
+    const n = this.normalizeAuthIdentifier(e), t = n.email?.trim(), r = n.mobileNumber?.trim();
+    if (!t && !r)
+      throw new Error("Either mobileNumber or email is required");
+    const s = {};
+    t && (s.email = t), r && (s.mobileNumber = r);
+    const c = (await this.request("POST", "/otp/initiate", {
+      body: s
+    })).data;
+    return {
+      message: c.message ?? c.data?.message
     };
   }
   /**
@@ -395,26 +413,26 @@ class C {
    * Stores tokens from the response.
    */
   async verifyOTP(e) {
-    await T();
+    await g();
     const n = await w(
       "POST",
       `${this.getBaseUrl()}/otp/verify`
     ), t = await this.request("POST", "/otp/verify", {
       body: { otp: e },
       headers: n ? { DPoP: n } : {}
-    }), o = t.data.data ?? t.data, s = o.AuthenticationResult ?? o, r = s.access_token ?? s.accessToken ?? s.AccessToken, i = s.refresh_token ?? s.refreshToken ?? s.RefreshToken, d = s.id_token ?? s.idToken ?? s.IdToken, l = s.expires_in ?? s.expiresIn ?? s.ExpiresIn ?? 3600, c = s.token_type ?? s.tokenType ?? s.TokenType ?? "Bearer";
-    return r && await this.storeTokens({
-      accessToken: r,
-      refreshToken: i ?? "",
+    }), r = t.data.data ?? t.data, s = r.AuthenticationResult ?? r, o = s.access_token ?? s.accessToken ?? s.AccessToken, c = s.refresh_token ?? s.refreshToken ?? s.RefreshToken, d = s.id_token ?? s.idToken ?? s.IdToken, l = s.expires_in ?? s.expiresIn ?? s.ExpiresIn ?? 3600, i = s.token_type ?? s.tokenType ?? s.TokenType ?? "Bearer";
+    return o && await this.storeTokens({
+      accessToken: o,
+      refreshToken: c ?? "",
       idToken: d ?? "",
       expiresIn: l ?? 3600,
-      tokenType: c ?? "Bearer"
+      tokenType: i ?? "Bearer"
     }), {
-      access_token: r,
-      refresh_token: i ?? "",
+      access_token: o,
+      refresh_token: c ?? "",
       id_token: d ?? "",
       expires_in: l,
-      token_type: c,
+      token_type: i,
       verified: s.verified ?? s.Verified ?? !0,
       email: s.email ?? s.Email ?? "",
       ...s
@@ -440,29 +458,29 @@ class C {
     mobileNumber: e,
     otp: n
   }) {
-    await T();
+    await g();
     const t = await w(
       "POST",
       `${this.getBaseUrl()}/otp/signup/verify`
-    ), o = await this.request("POST", "/otp/signup/verify", {
+    ), r = await this.request("POST", "/otp/signup/verify", {
       body: { mobileNumber: e, otp: n },
       headers: t ? { DPoP: t } : {}
-    }), s = o.data.data ?? o.data, r = s.AuthenticationResult ?? s, i = r.access_token ?? r.accessToken ?? r.AccessToken, d = r.refresh_token ?? r.refreshToken ?? r.RefreshToken, l = r.id_token ?? r.idToken ?? r.IdToken, c = r.expires_in ?? r.expiresIn ?? r.ExpiresIn ?? 3600, p = r.token_type ?? r.tokenType ?? r.TokenType ?? "Bearer";
-    return i && await this.storeTokens({
-      accessToken: i,
+    }), s = r.data.data ?? r.data, o = s.AuthenticationResult ?? s, c = o.access_token ?? o.accessToken ?? o.AccessToken, d = o.refresh_token ?? o.refreshToken ?? o.RefreshToken, l = o.id_token ?? o.idToken ?? o.IdToken, i = o.expires_in ?? o.expiresIn ?? o.ExpiresIn ?? 3600, p = o.token_type ?? o.tokenType ?? o.TokenType ?? "Bearer";
+    return c && await this.storeTokens({
+      accessToken: c,
       refreshToken: d ?? "",
       idToken: l ?? "",
-      expiresIn: c ?? 3600,
+      expiresIn: i ?? 3600,
       tokenType: p ?? "Bearer"
     }), {
-      access_token: i,
+      access_token: c,
       refresh_token: d ?? "",
       id_token: l ?? "",
-      expires_in: c,
+      expires_in: i,
       token_type: p,
-      verified: r.verified ?? r.Verified ?? !0,
-      email: r.email ?? r.Email ?? "",
-      ...r
+      verified: o.verified ?? o.Verified ?? !0,
+      email: o.email ?? o.Email ?? "",
+      ...o
     };
   }
   /**
@@ -474,11 +492,11 @@ class C {
   }) {
     const t = await this.request("POST", "/otp/signup/resend", {
       body: { email: n, mobileNumber: e }
-    }), o = t.data.data ?? t.data;
+    }), r = t.data.data ?? t.data;
     return {
-      success: o.success ?? !0,
-      message: o.message,
-      ...o
+      success: r.success ?? !0,
+      message: r.message,
+      ...r
     };
   }
   /**
@@ -502,18 +520,18 @@ class C {
       {
         body: {}
       }
-    ), n = e.data.data ?? e.data, t = n.AuthenticationResult ?? n, o = t.access_token ?? t.accessToken ?? t.AccessToken, s = t.refresh_token ?? t.refreshToken ?? t.RefreshToken, r = t.id_token ?? t.idToken ?? t.IdToken, i = t.expires_in ?? t.expiresIn ?? t.ExpiresIn ?? 3600, d = t.token_type ?? t.tokenType ?? t.TokenType ?? "Bearer";
-    return o && await this.storeTokens({
-      accessToken: o,
+    ), n = e.data.data ?? e.data, t = n.AuthenticationResult ?? n, r = t.access_token ?? t.accessToken ?? t.AccessToken, s = t.refresh_token ?? t.refreshToken ?? t.RefreshToken, o = t.id_token ?? t.idToken ?? t.IdToken, c = t.expires_in ?? t.expiresIn ?? t.ExpiresIn ?? 3600, d = t.token_type ?? t.tokenType ?? t.TokenType ?? "Bearer";
+    return r && await this.storeTokens({
+      accessToken: r,
       refreshToken: s ?? "",
-      idToken: r ?? "",
-      expiresIn: i ?? 3600,
+      idToken: o ?? "",
+      expiresIn: c ?? 3600,
       tokenType: d ?? "Bearer"
     }), {
-      access_token: o,
+      access_token: r,
       refresh_token: s ?? "",
-      id_token: r ?? "",
-      expires_in: i,
+      id_token: o ?? "",
+      expires_in: c,
       token_type: d,
       verified: t.verified ?? t.Verified ?? !0,
       email: t.email ?? t.Email ?? "",
@@ -541,7 +559,7 @@ class C {
       }
     else
       t = _(e);
-    const o = (n.pubKeyCredParams ?? [
+    const r = (n.pubKeyCredParams ?? [
       { type: "public-key", alg: -7 },
       { type: "public-key", alg: -257 }
     ]).map((f) => ({
@@ -550,7 +568,7 @@ class C {
     })), s = n.excludeCredentials?.map((f) => ({
       type: "public-key",
       id: k(f.id)
-    })), r = {
+    })), o = {
       challenge: k(n.challenge),
       rp: {
         name: n.rp?.name ?? "XPay",
@@ -561,7 +579,7 @@ class C {
         name: n.user?.name ?? e,
         displayName: n.user?.displayName ?? e
       },
-      pubKeyCredParams: o,
+      pubKeyCredParams: r,
       excludeCredentials: s,
       timeout: n.timeout ?? 6e4,
       attestation: n.attestation ?? "none",
@@ -569,18 +587,18 @@ class C {
         residentKey: "required",
         userVerification: "required"
       }
-    }, i = await navigator.credentials.create({
-      publicKey: r
+    }, c = await navigator.credentials.create({
+      publicKey: o
     });
-    if (!i) throw new Error("Credential creation failed");
-    const d = i.response, l = {
+    if (!c) throw new Error("Credential creation failed");
+    const d = c.response, l = {
       clientDataJSON: y(d.clientDataJSON),
       attestationObject: y(d.attestationObject),
-      rawId: y(i.rawId)
+      rawId: y(c.rawId)
     };
     if (!l.rawId) throw new Error("Raw ID is required");
-    await T();
-    const c = await w(
+    await g();
+    const i = await w(
       "POST",
       `${this.getBaseUrl()}/webauthn/register/challenge`
     ), p = await this.request(
@@ -588,7 +606,7 @@ class C {
       "/webauthn/register/challenge",
       {
         body: l,
-        headers: c ? { DPoP: c } : {}
+        headers: i ? { DPoP: i } : {}
       }
     );
     return p.data.data ?? p.data;
@@ -601,7 +619,7 @@ class C {
     rp: n,
     credentialIds: t
   }) {
-    const o = await navigator.credentials.get({
+    const r = await navigator.credentials.get({
       publicKey: {
         challenge: k(e),
         rpId: n?.host ?? void 0,
@@ -615,78 +633,78 @@ class C {
         userVerification: "required"
       }
     });
-    if (!o) throw new Error("Authentication failed");
-    const s = o.response, r = {
+    if (!r) throw new Error("Authentication failed");
+    const s = r.response, o = {
       clientDataJSON: y(s.clientDataJSON),
       authenticatorData: y(
         s.authenticatorData
       ),
       signature: y(s.signature),
-      rawId: y(o.rawId),
+      rawId: y(r.rawId),
       userHandle: s.userHandle ? y(s.userHandle) : ""
     };
-    await T();
-    const i = await w(
+    await g();
+    const c = await w(
       "POST",
       `${this.getBaseUrl()}/webauthn/authenticate/challenge`
     ), d = await this.request(
       "POST",
       "/webauthn/authenticate/challenge",
       {
-        body: r,
-        headers: i ? { DPoP: i } : {}
+        body: o,
+        headers: c ? { DPoP: c } : {}
       }
-    ), l = d.data.data ?? d.data, c = l.AuthenticationResult ?? l, p = c.AccessToken ?? c.accessToken ?? c.access_token, f = c.RefreshToken ?? c.refreshToken ?? c.refresh_token, b = c.IdToken ?? c.idToken ?? c.id_token;
+    ), l = d.data.data ?? d.data, i = l.AuthenticationResult ?? l, p = i.AccessToken ?? i.accessToken ?? i.access_token, f = i.RefreshToken ?? i.refreshToken ?? i.refresh_token, b = i.IdToken ?? i.idToken ?? i.id_token;
     return p && await this.storeTokens({
       accessToken: p,
       refreshToken: f ?? "",
       idToken: b ?? "",
-      expiresIn: c.expiresIn ?? c.ExpiresIn ?? 3600,
-      tokenType: c.tokenType ?? c.token_type ?? "Bearer"
+      expiresIn: i.expiresIn ?? i.ExpiresIn ?? 3600,
+      tokenType: i.tokenType ?? i.token_type ?? "Bearer"
     }), {
       access_token: p,
       refresh_token: f ?? "",
       id_token: b,
-      email: c.email,
-      name: c.name ?? c.userName,
-      expiresIn: c.expiresIn ?? c.ExpiresIn,
-      tokenType: c.tokenType ?? c.token_type,
-      ...c
+      email: i.email,
+      name: i.name ?? i.userName,
+      expiresIn: i.expiresIn ?? i.ExpiresIn,
+      tokenType: i.tokenType ?? i.token_type,
+      ...i
     };
   }
   /**
    * GET /webauthn/credentials/:username - Get user's passkey status.
    */
   async getPasskeyStatus(e) {
-    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, o = await this.signRequest("GET", t), s = await this.request("GET", t, {
-      headers: o.headers
-    }), r = s.data.data ?? s.data;
+    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, r = await this.signRequest("GET", t), s = await this.request("GET", t, {
+      headers: r.headers
+    }), o = s.data.data ?? s.data;
     return {
-      ...r,
-      hasCredentials: !!(r.hasCredentials ?? r.credentialId)
+      ...o,
+      hasCredentials: !!(o.hasCredentials ?? o.credentialId)
     };
   }
   /**
    * DELETE /webauthn/credentials/:username - Remove passkey.
    */
   async removePasskey(e) {
-    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, o = await this.signRequest("DELETE", t);
+    const t = `/webauthn/credentials/${encodeURIComponent(e)}`, r = await this.signRequest("DELETE", t);
     await this.request("DELETE", t, {
-      headers: o.headers
+      headers: r.headers
     });
   }
   /**
    * Signs a request with DPoP and Authorization headers (internal use).
    */
   async signRequest(e, n, t = {}) {
-    const o = n.startsWith("http") ? n : `${this.getBaseUrl()}${n}`, s = await this.getRequestAuthHeaders(e, o);
+    const r = n.startsWith("http") ? n : `${this.getBaseUrl()}${n}`, s = await this.getRequestAuthHeaders(e, r);
     return { ...t, headers: { ...t.headers, ...s } };
   }
   /**
    * Replaces native fetch or Axios with a DPoP-signed version.
    */
   async authenticatedFetch(e, n) {
-    const t = typeof e == "string" ? e : e instanceof URL ? e.toString() : e.url, o = n?.method || "GET", s = await this.signRequest(o, t, {
+    const t = typeof e == "string" ? e : e instanceof URL ? e.toString() : e.url, r = n?.method || "GET", s = await this.signRequest(r, t, {
       headers: n?.headers
     });
     return fetch(e, { ...n, headers: s.headers });
@@ -695,13 +713,13 @@ class C {
    * Store tokens from /webauthn/authenticate (per spec: sessionStorage preferred).
    */
   async storeTokens(e) {
-    localStorage.setItem(m, e.accessToken), e.refreshToken && localStorage.setItem(v, e.refreshToken), e.idToken && localStorage.setItem(O, e.idToken);
+    localStorage.setItem(T, e.accessToken), e.refreshToken && localStorage.setItem(v, e.refreshToken), e.idToken && localStorage.setItem(O, e.idToken);
   }
   /**
    * Clear stored tokens (call on logout).
    */
   async clearTokens() {
-    localStorage.removeItem(m), localStorage.removeItem(O), localStorage.removeItem(v);
+    localStorage.removeItem(T), localStorage.removeItem(O), localStorage.removeItem(v);
   }
   /**
    * POST /auth/refresh - Refresh access token using server-stored refresh token.
@@ -711,17 +729,17 @@ class C {
   async refreshToken() {
     const e = await this.request("POST", "/auth/refresh", {
       body: {}
-    }), n = e.data.data ?? e.data, t = n.access_token, o = n.id_token ?? "", s = n.token_type ?? "Bearer", r = n.expires_in ?? 3600;
+    }), n = e.data.data ?? e.data, t = n.access_token, r = n.id_token ?? "", s = n.token_type ?? "Bearer", o = n.expires_in ?? 3600;
     return t && await this.storeTokens({
       accessToken: t,
-      idToken: o,
-      expiresIn: r,
+      idToken: r,
+      expiresIn: o,
       tokenType: s
     }), {
       access_token: t,
-      id_token: o,
+      id_token: r,
       token_type: s,
-      expires_in: r
+      expires_in: o
     };
   }
   /**
@@ -731,13 +749,13 @@ class C {
   async logout() {
     try {
       const e = await this.getAccessToken(), n = {};
-      e && (n.Authorization = `Bearer ${e}`), await this.request("POST", "/auth/logout", { body: {}, headers: n }), U();
+      e && (n.Authorization = `Bearer ${e}`), await this.request("POST", "/auth/logout", { body: {}, headers: n }), N();
     } catch {
     }
     await this.clearTokens();
   }
   async getAccessToken() {
-    return localStorage.getItem(m);
+    return localStorage.getItem(T);
   }
 }
 typeof window < "u" && (window.AuthSDK = C);
@@ -745,16 +763,16 @@ const ae = typeof window < "u" ? window : globalThis;
 ae.AuthSDK = C;
 export {
   C as AuthSDK,
-  re as AuthSDKFetchError,
+  oe as AuthSDKFetchError,
   y as arrayBufferToBase64,
-  g as arrayBufferToBase64url,
+  m as arrayBufferToBase64url,
   k as base64ToArrayBuffer,
   M as base64urlToArrayBuffer,
-  B as calculateThumbprint,
-  U as clearDPoPKey,
+  q as calculateThumbprint,
+  N as clearDPoPKey,
   V as clearPasskeyEmail,
   Q as clearPasskeyMobileNumber,
-  T as generateDPoPKeyPair,
+  g as generateDPoPKeyPair,
   w as generateDPoPProof,
   A as getDPoPKey,
   R as getDPoPPublicKeyJWK,