zudoku 0.1.1-dev.51 → 0.1.1-dev.53

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/lib/plugins/openapi/MakeRequest.js +9 -4
  2. package/dist/lib/plugins/openapi/MakeRequest.js.map +1 -1
  3. package/dist/lib/plugins/openapi/playground/Playground.d.ts +2 -1
  4. package/dist/lib/plugins/openapi/playground/Playground.js +1 -3
  5. package/dist/lib/plugins/openapi/playground/Playground.js.map +1 -1
  6. package/dist/lib/plugins/openapi/playground/QueryParams.js +7 -19
  7. package/dist/lib/plugins/openapi/playground/QueryParams.js.map +1 -1
  8. package/lib/{DevPortalProvider-yBHPOS9_.js → DevPortalProvider-Dn9HNUG9.js} +7 -7
  9. package/lib/{Spinner-Daa7xsri.js → Spinner-D8DBhJkj.js} +1 -1
  10. package/lib/zudoku.auth-auth0.js +609 -462
  11. package/lib/zudoku.components.js +3 -3
  12. package/lib/zudoku.plugins.js +2720 -2724
  13. package/package.json +1 -1
  14. package/src/lib/plugins/openapi/MakeRequest.tsx +9 -4
  15. package/src/lib/plugins/openapi/playground/Playground.tsx +3 -4
  16. package/src/lib/plugins/openapi/playground/QueryParams.tsx +19 -39
  17. package/lib/loglevel-D-4S8up4.js +0 -152
package/lib/zudoku.auth-auth0.js CHANGED
@@ -1,12 +1,159 @@
1
- import { w as ie, x as ce, u as ue, k as T, N as de } from "./DevPortalProvider-yBHPOS9_.js";
2
- import { l as M } from "./loglevel-D-4S8up4.js";
3
- function he(e, t) {
4
- return ie(e, ce);
5
- }
6
- let K;
7
- var v, Z;
8
- (typeof navigator > "u" || !((Z = (v = navigator.userAgent) == null ? void 0 : v.startsWith) != null && Z.call(v, "Mozilla/5.0 "))) && (K = "oauth4webapi/v2.11.1");
9
- function N(e, t) {
1
+ import { w as Se, x as Ee, y as Te, j as Ae, u as Re, k as j, N as ke } from "./DevPortalProvider-Dn9HNUG9.js";
2
+ function Le(e, t) {
3
+ return Se(e, Ee);
4
+ }
5
+ var ue = { exports: {} };
6
+ (function(e) {
7
+ (function(t, n) {
8
+ e.exports ? e.exports = n() : t.log = n();
9
+ })(Te, function() {
10
+ var t = function() {
11
+ }, n = "undefined", i = typeof window !== n && typeof window.navigator !== n && /Trident\/|MSIE /.test(window.navigator.userAgent), s = [
12
+ "trace",
13
+ "debug",
14
+ "info",
15
+ "warn",
16
+ "error"
17
+ ], r = {}, o = null;
18
+ function d(u, w) {
19
+ var c = u[w];
20
+ if (typeof c.bind == "function")
21
+ return c.bind(u);
22
+ try {
23
+ return Function.prototype.bind.call(c, u);
24
+ } catch {
25
+ return function() {
26
+ return Function.prototype.apply.apply(c, [u, arguments]);
27
+ };
28
+ }
29
+ }
30
+ function p() {
31
+ console.log && (console.log.apply ? console.log.apply(console, arguments) : Function.prototype.apply.apply(console.log, [console, arguments])), console.trace && console.trace();
32
+ }
33
+ function g(u) {
34
+ return u === "debug" && (u = "log"), typeof console === n ? !1 : u === "trace" && i ? p : console[u] !== void 0 ? d(console, u) : console.log !== void 0 ? d(console, "log") : t;
35
+ }
36
+ function m() {
37
+ for (var u = this.getLevel(), w = 0; w < s.length; w++) {
38
+ var c = s[w];
39
+ this[c] = w < u ? t : this.methodFactory(c, u, this.name);
40
+ }
41
+ if (this.log = this.debug, typeof console === n && u < this.levels.SILENT)
42
+ return "No console available for logging";
43
+ }
44
+ function h(u) {
45
+ return function() {
46
+ typeof console !== n && (m.call(this), this[u].apply(this, arguments));
47
+ };
48
+ }
49
+ function l(u, w, c) {
50
+ return g(u) || h.apply(this, arguments);
51
+ }
52
+ function _(u, w) {
53
+ var c = this, k, H, L, S = "loglevel";
54
+ typeof u == "string" ? S += ":" + u : typeof u == "symbol" && (S = void 0);
55
+ function be(f) {
56
+ var y = (s[f] || "silent").toUpperCase();
57
+ if (!(typeof window === n || !S)) {
58
+ try {
59
+ window.localStorage[S] = y;
60
+ return;
61
+ } catch {
62
+ }
63
+ try {
64
+ window.document.cookie = encodeURIComponent(S) + "=" + y + ";";
65
+ } catch {
66
+ }
67
+ }
68
+ }
69
+ function Z() {
70
+ var f;
71
+ if (!(typeof window === n || !S)) {
72
+ try {
73
+ f = window.localStorage[S];
74
+ } catch {
75
+ }
76
+ if (typeof f === n)
77
+ try {
78
+ var y = window.document.cookie, C = encodeURIComponent(S), ee = y.indexOf(C + "=");
79
+ ee !== -1 && (f = /^([^;]+)/.exec(
80
+ y.slice(ee + C.length + 1)
81
+ )[1]);
82
+ } catch {
83
+ }
84
+ return c.levels[f] === void 0 && (f = void 0), f;
85
+ }
86
+ }
87
+ function _e() {
88
+ if (!(typeof window === n || !S)) {
89
+ try {
90
+ window.localStorage.removeItem(S);
91
+ } catch {
92
+ }
93
+ try {
94
+ window.document.cookie = encodeURIComponent(S) + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
95
+ } catch {
96
+ }
97
+ }
98
+ }
99
+ function P(f) {
100
+ var y = f;
101
+ if (typeof y == "string" && c.levels[y.toUpperCase()] !== void 0 && (y = c.levels[y.toUpperCase()]), typeof y == "number" && y >= 0 && y <= c.levels.SILENT)
102
+ return y;
103
+ throw new TypeError("log.setLevel() called with invalid level: " + f);
104
+ }
105
+ c.name = u, c.levels = {
106
+ TRACE: 0,
107
+ DEBUG: 1,
108
+ INFO: 2,
109
+ WARN: 3,
110
+ ERROR: 4,
111
+ SILENT: 5
112
+ }, c.methodFactory = w || l, c.getLevel = function() {
113
+ return L ?? H ?? k;
114
+ }, c.setLevel = function(f, y) {
115
+ return L = P(f), y !== !1 && be(L), m.call(c);
116
+ }, c.setDefaultLevel = function(f) {
117
+ H = P(f), Z() || c.setLevel(f, !1);
118
+ }, c.resetLevel = function() {
119
+ L = null, _e(), m.call(c);
120
+ }, c.enableAll = function(f) {
121
+ c.setLevel(c.levels.TRACE, f);
122
+ }, c.disableAll = function(f) {
123
+ c.setLevel(c.levels.SILENT, f);
124
+ }, c.rebuild = function() {
125
+ if (o !== c && (k = P(o.getLevel())), m.call(c), o === c)
126
+ for (var f in r)
127
+ r[f].rebuild();
128
+ }, k = P(
129
+ o ? o.getLevel() : "WARN"
130
+ );
131
+ var X = Z();
132
+ X != null && (L = P(X)), m.call(c);
133
+ }
134
+ o = new _(), o.getLogger = function(w) {
135
+ if (typeof w != "symbol" && typeof w != "string" || w === "")
136
+ throw new TypeError("You must supply a name when creating a logger.");
137
+ var c = r[w];
138
+ return c || (c = r[w] = new _(
139
+ w,
140
+ o.methodFactory
141
+ )), c;
142
+ };
143
+ var v = typeof window !== n ? window.log : void 0;
144
+ return o.noConflict = function() {
145
+ return typeof window !== n && window.log === o && (window.log = v), o;
146
+ }, o.getLoggers = function() {
147
+ return r;
148
+ }, o.default = o, o;
149
+ });
150
+ })(ue);
151
+ var Pe = ue.exports;
152
+ const te = /* @__PURE__ */ Ae(Pe);
153
+ let M;
154
+ var U, ce;
155
+ (typeof navigator > "u" || !((ce = (U = navigator.userAgent) == null ? void 0 : U.startsWith) != null && ce.call(U, "Mozilla/5.0 "))) && (M = "oauth4webapi/v2.11.1");
156
+ function B(e, t) {
10
157
  if (e == null)
11
158
  return !1;
12
159
  try {
@@ -15,183 +162,183 @@ function N(e, t) {
15
162
  return !1;
16
163
  }
17
164
  }
18
- const R = Symbol(), fe = Symbol(), W = Symbol(), le = new TextEncoder(), pe = new TextDecoder();
19
- function b(e) {
20
- return typeof e == "string" ? le.encode(e) : pe.decode(e);
165
+ const I = Symbol(), xe = Symbol(), q = Symbol(), Ce = new TextEncoder(), Ue = new TextDecoder();
166
+ function R(e) {
167
+ return typeof e == "string" ? Ce.encode(e) : Ue.decode(e);
21
168
  }
22
- const B = 32768;
23
- function we(e) {
169
+ const ne = 32768;
170
+ function je(e) {
24
171
  e instanceof ArrayBuffer && (e = new Uint8Array(e));
25
172
  const t = [];
26
- for (let r = 0; r < e.byteLength; r += B)
27
- t.push(String.fromCharCode.apply(null, e.subarray(r, r + B)));
173
+ for (let n = 0; n < e.byteLength; n += ne)
174
+ t.push(String.fromCharCode.apply(null, e.subarray(n, n + ne)));
28
175
  return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
29
176
  }
30
- function me(e) {
177
+ function Je(e) {
31
178
  try {
32
- const t = atob(e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), r = new Uint8Array(t.length);
33
- for (let a = 0; a < t.length; a++)
34
- r[a] = t.charCodeAt(a);
35
- return r;
179
+ const t = atob(e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")), n = new Uint8Array(t.length);
180
+ for (let i = 0; i < t.length; i++)
181
+ n[i] = t.charCodeAt(i);
182
+ return n;
36
183
  } catch (t) {
37
- throw new o("The input to be decoded is not correctly encoded.", { cause: t });
184
+ throw new a("The input to be decoded is not correctly encoded.", { cause: t });
38
185
  }
39
186
  }
40
- function _(e) {
41
- return typeof e == "string" ? me(e) : we(e);
187
+ function A(e) {
188
+ return typeof e == "string" ? Je(e) : je(e);
42
189
  }
43
- class ye {
190
+ class Ie {
44
191
  constructor(t) {
45
192
  this.cache = /* @__PURE__ */ new Map(), this._cache = /* @__PURE__ */ new Map(), this.maxSize = t;
46
193
  }
47
194
  get(t) {
48
- let r = this.cache.get(t);
49
- if (r)
50
- return r;
51
- if (r = this._cache.get(t))
52
- return this.update(t, r), r;
195
+ let n = this.cache.get(t);
196
+ if (n)
197
+ return n;
198
+ if (n = this._cache.get(t))
199
+ return this.update(t, n), n;
53
200
  }
54
201
  has(t) {
55
202
  return this.cache.has(t) || this._cache.has(t);
56
203
  }
57
- set(t, r) {
58
- return this.cache.has(t) ? this.cache.set(t, r) : this.update(t, r), this;
204
+ set(t, n) {
205
+ return this.cache.has(t) ? this.cache.set(t, n) : this.update(t, n), this;
59
206
  }
60
207
  delete(t) {
61
208
  return this.cache.has(t) ? this.cache.delete(t) : this._cache.has(t) ? this._cache.delete(t) : !1;
62
209
  }
63
- update(t, r) {
64
- this.cache.set(t, r), this.cache.size >= this.maxSize && (this._cache = this.cache, this.cache = /* @__PURE__ */ new Map());
210
+ update(t, n) {
211
+ this.cache.set(t, n), this.cache.size >= this.maxSize && (this._cache = this.cache, this.cache = /* @__PURE__ */ new Map());
65
212
  }
66
213
  }
67
- class p extends Error {
214
+ class E extends Error {
68
215
  constructor(t) {
69
- var r;
70
- super(t ?? "operation not supported"), this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
216
+ var n;
217
+ super(t ?? "operation not supported"), this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
71
218
  }
72
219
  }
73
- class ge extends Error {
74
- constructor(t, r) {
75
- var a;
76
- super(t, r), this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
220
+ class Ne extends Error {
221
+ constructor(t, n) {
222
+ var i;
223
+ super(t, n), this.name = this.constructor.name, (i = Error.captureStackTrace) == null || i.call(Error, this, this.constructor);
77
224
  }
78
225
  }
79
- const o = ge, X = new ye(100);
80
- function Y(e) {
226
+ const a = Ne, le = new Ie(100);
227
+ function de(e) {
81
228
  return e instanceof CryptoKey;
82
229
  }
83
- function ee(e) {
84
- return Y(e) && e.type === "private";
230
+ function fe(e) {
231
+ return de(e) && e.type === "private";
85
232
  }
86
- function _e(e) {
87
- return Y(e) && e.type === "public";
233
+ function Oe(e) {
234
+ return de(e) && e.type === "public";
88
235
  }
89
- function z(e) {
236
+ function G(e) {
90
237
  try {
91
238
  const t = e.headers.get("dpop-nonce");
92
- t && X.set(new URL(e.url).origin, t);
239
+ t && le.set(new URL(e.url).origin, t);
93
240
  } catch {
94
241
  }
95
242
  return e;
96
243
  }
97
- function A(e) {
244
+ function x(e) {
98
245
  return !(e === null || typeof e != "object" || Array.isArray(e));
99
246
  }
100
- function P(e) {
101
- N(e, Headers) && (e = Object.fromEntries(e.entries()));
247
+ function N(e) {
248
+ B(e, Headers) && (e = Object.fromEntries(e.entries()));
102
249
  const t = new Headers(e);
103
- if (K && !t.has("user-agent") && t.set("user-agent", K), t.has("authorization"))
250
+ if (M && !t.has("user-agent") && t.set("user-agent", M), t.has("authorization"))
104
251
  throw new TypeError('"options.headers" must not include the "authorization" header name');
105
252
  if (t.has("dpop"))
106
253
  throw new TypeError('"options.headers" must not include the "dpop" header name');
107
254
  return t;
108
255
  }
109
- function H(e) {
256
+ function V(e) {
110
257
  if (typeof e == "function" && (e = e()), !(e instanceof AbortSignal))
111
258
  throw new TypeError('"options.signal" must return or be an instance of AbortSignal');
112
259
  return e;
113
260
  }
114
- async function be(e, t) {
261
+ async function Ke(e, t) {
115
262
  if (!(e instanceof URL))
116
263
  throw new TypeError('"issuerIdentifier" must be an instance of URL');
117
264
  if (e.protocol !== "https:" && e.protocol !== "http:")
118
265
  throw new TypeError('"issuer.protocol" must be "https:" or "http:"');
119
- const r = new URL(e.href);
266
+ const n = new URL(e.href);
120
267
  switch (t == null ? void 0 : t.algorithm) {
121
268
  case void 0:
122
269
  case "oidc":
123
- r.pathname = `${r.pathname}/.well-known/openid-configuration`.replace("//", "/");
270
+ n.pathname = `${n.pathname}/.well-known/openid-configuration`.replace("//", "/");
124
271
  break;
125
272
  case "oauth2":
126
- r.pathname === "/" ? r.pathname = ".well-known/oauth-authorization-server" : r.pathname = `.well-known/oauth-authorization-server/${r.pathname}`.replace("//", "/");
273
+ n.pathname === "/" ? n.pathname = ".well-known/oauth-authorization-server" : n.pathname = `.well-known/oauth-authorization-server/${n.pathname}`.replace("//", "/");
127
274
  break;
128
275
  default:
129
276
  throw new TypeError('"options.algorithm" must be "oidc" (default), or "oauth2"');
130
277
  }
131
- const a = P(t == null ? void 0 : t.headers);
132
- return a.set("accept", "application/json"), ((t == null ? void 0 : t[W]) || fetch)(r.href, {
133
- headers: Object.fromEntries(a.entries()),
278
+ const i = N(t == null ? void 0 : t.headers);
279
+ return i.set("accept", "application/json"), ((t == null ? void 0 : t[q]) || fetch)(n.href, {
280
+ headers: Object.fromEntries(i.entries()),
134
281
  method: "GET",
135
282
  redirect: "manual",
136
- signal: t != null && t.signal ? H(t.signal) : null
137
- }).then(z);
283
+ signal: t != null && t.signal ? V(t.signal) : null
284
+ }).then(G);
138
285
  }
139
- function f(e) {
286
+ function b(e) {
140
287
  return typeof e == "string" && e.length !== 0;
141
288
  }
142
- async function Se(e, t) {
289
+ async function We(e, t) {
143
290
  if (!(e instanceof URL))
144
291
  throw new TypeError('"expectedIssuer" must be an instance of URL');
145
- if (!N(t, Response))
292
+ if (!B(t, Response))
146
293
  throw new TypeError('"response" must be an instance of Response');
147
294
  if (t.status !== 200)
148
- throw new o('"response" is not a conform Authorization Server Metadata response');
149
- D(t);
150
- let r;
295
+ throw new a('"response" is not a conform Authorization Server Metadata response');
296
+ Y(t);
297
+ let n;
151
298
  try {
152
- r = await t.json();
153
- } catch (a) {
154
- throw new o('failed to parse "response" body as JSON', { cause: a });
155
- }
156
- if (!A(r))
157
- throw new o('"response" body must be a top level object');
158
- if (!f(r.issuer))
159
- throw new o('"response" body "issuer" property must be a non-empty string');
160
- if (new URL(r.issuer).href !== e.href)
161
- throw new o('"response" body "issuer" does not match "expectedIssuer"');
162
- return r;
299
+ n = await t.json();
300
+ } catch (i) {
301
+ throw new a('failed to parse "response" body as JSON', { cause: i });
302
+ }
303
+ if (!x(n))
304
+ throw new a('"response" body must be a top level object');
305
+ if (!b(n.issuer))
306
+ throw new a('"response" body "issuer" property must be a non-empty string');
307
+ if (new URL(n.issuer).href !== e.href)
308
+ throw new a('"response" body "issuer" does not match "expectedIssuer"');
309
+ return n;
163
310
  }
164
- function x() {
165
- return _(crypto.getRandomValues(new Uint8Array(32)));
311
+ function O() {
312
+ return A(crypto.getRandomValues(new Uint8Array(32)));
166
313
  }
167
- function Ee() {
168
- return x();
314
+ function ze() {
315
+ return O();
169
316
  }
170
- function Ae() {
171
- return x();
317
+ function He() {
318
+ return O();
172
319
  }
173
- async function ve(e) {
174
- if (!f(e))
320
+ async function $e(e) {
321
+ if (!b(e))
175
322
  throw new TypeError('"codeVerifier" must be a non-empty string');
176
- return _(await crypto.subtle.digest("SHA-256", b(e)));
323
+ return A(await crypto.subtle.digest("SHA-256", R(e)));
177
324
  }
178
- function Te(e) {
325
+ function De(e) {
179
326
  if (e instanceof CryptoKey)
180
327
  return { key: e };
181
328
  if (!((e == null ? void 0 : e.key) instanceof CryptoKey))
182
329
  return {};
183
- if (e.kid !== void 0 && !f(e.kid))
330
+ if (e.kid !== void 0 && !b(e.kid))
184
331
  throw new TypeError('"kid" must be a non-empty string');
185
332
  return { key: e.key, kid: e.kid };
186
333
  }
187
- function q(e) {
334
+ function re(e) {
188
335
  return encodeURIComponent(e).replace(/%20/g, "+");
189
336
  }
190
- function ke(e, t) {
191
- const r = q(e), a = q(t);
192
- return `Basic ${btoa(`${r}:${a}`)}`;
337
+ function Me(e, t) {
338
+ const n = re(e), i = re(t);
339
+ return `Basic ${btoa(`${n}:${i}`)}`;
193
340
  }
194
- function Re(e) {
341
+ function Fe(e) {
195
342
  switch (e.algorithm.hash.name) {
196
343
  case "SHA-256":
197
344
  return "PS256";
@@ -200,10 +347,10 @@ function Re(e) {
200
347
  case "SHA-512":
201
348
  return "PS512";
202
349
  default:
203
- throw new p("unsupported RsaHashedKeyAlgorithm hash name");
350
+ throw new E("unsupported RsaHashedKeyAlgorithm hash name");
204
351
  }
205
352
  }
206
- function Pe(e) {
353
+ function Be(e) {
207
354
  switch (e.algorithm.hash.name) {
208
355
  case "SHA-256":
209
356
  return "RS256";
@@ -212,10 +359,10 @@ function Pe(e) {
212
359
  case "SHA-512":
213
360
  return "RS512";
214
361
  default:
215
- throw new p("unsupported RsaHashedKeyAlgorithm hash name");
362
+ throw new E("unsupported RsaHashedKeyAlgorithm hash name");
216
363
  }
217
364
  }
218
- function xe(e) {
365
+ function qe(e) {
219
366
  switch (e.algorithm.namedCurve) {
220
367
  case "P-256":
221
368
  return "ES256";
@@ -224,272 +371,272 @@ function xe(e) {
224
371
  case "P-521":
225
372
  return "ES512";
226
373
  default:
227
- throw new p("unsupported EcKeyAlgorithm namedCurve");
374
+ throw new E("unsupported EcKeyAlgorithm namedCurve");
228
375
  }
229
376
  }
230
- function te(e) {
377
+ function he(e) {
231
378
  switch (e.algorithm.name) {
232
379
  case "RSA-PSS":
233
- return Re(e);
380
+ return Fe(e);
234
381
  case "RSASSA-PKCS1-v1_5":
235
- return Pe(e);
382
+ return Be(e);
236
383
  case "ECDSA":
237
- return xe(e);
384
+ return qe(e);
238
385
  case "Ed25519":
239
386
  case "Ed448":
240
387
  return "EdDSA";
241
388
  default:
242
- throw new p("unsupported CryptoKey algorithm name");
389
+ throw new E("unsupported CryptoKey algorithm name");
243
390
  }
244
391
  }
245
- function j(e) {
246
- const t = e == null ? void 0 : e[R];
392
+ function K(e) {
393
+ const t = e == null ? void 0 : e[I];
247
394
  return typeof t == "number" && Number.isFinite(t) ? t : 0;
248
395
  }
249
- function je(e) {
250
- const t = e == null ? void 0 : e[fe];
396
+ function Ge(e) {
397
+ const t = e == null ? void 0 : e[xe];
251
398
  return typeof t == "number" && Number.isFinite(t) && Math.sign(t) !== -1 ? t : 30;
252
399
  }
253
- function $() {
400
+ function Q() {
254
401
  return Math.floor(Date.now() / 1e3);
255
402
  }
256
- function Ce(e, t) {
257
- const r = $() + j(t);
403
+ function Ve(e, t) {
404
+ const n = Q() + K(t);
258
405
  return {
259
- jti: x(),
406
+ jti: O(),
260
407
  aud: [e.issuer, e.token_endpoint],
261
- exp: r + 60,
262
- iat: r,
263
- nbf: r,
408
+ exp: n + 60,
409
+ iat: n,
410
+ nbf: n,
264
411
  iss: t.client_id,
265
412
  sub: t.client_id
266
413
  };
267
414
  }
268
- async function Ue(e, t, r, a) {
269
- return re({
270
- alg: te(r),
271
- kid: a
272
- }, Ce(e, t), r);
415
+ async function Qe(e, t, n, i) {
416
+ return pe({
417
+ alg: he(n),
418
+ kid: i
419
+ }, Ve(e, t), n);
273
420
  }
274
- function C(e) {
421
+ function W(e) {
275
422
  if (typeof e != "object" || e === null)
276
423
  throw new TypeError('"as" must be an object');
277
- if (!f(e.issuer))
424
+ if (!b(e.issuer))
278
425
  throw new TypeError('"as.issuer" property must be a non-empty string');
279
426
  return !0;
280
427
  }
281
- function U(e) {
428
+ function z(e) {
282
429
  if (typeof e != "object" || e === null)
283
430
  throw new TypeError('"client" must be an object');
284
- if (!f(e.client_id))
431
+ if (!b(e.client_id))
285
432
  throw new TypeError('"client.client_id" property must be a non-empty string');
286
433
  return !0;
287
434
  }
288
- function V(e) {
289
- if (!f(e))
435
+ function oe(e) {
436
+ if (!b(e))
290
437
  throw new TypeError('"client.client_secret" property must be a non-empty string');
291
438
  return e;
292
439
  }
293
- function J(e, t) {
440
+ function $(e, t) {
294
441
  if (t !== void 0)
295
442
  throw new TypeError(`"options.clientPrivateKey" property must not be provided when ${e} client authentication method is used.`);
296
443
  }
297
- function F(e, t) {
444
+ function ie(e, t) {
298
445
  if (t !== void 0)
299
446
  throw new TypeError(`"client.client_secret" property must not be provided when ${e} client authentication method is used.`);
300
447
  }
301
- async function Je(e, t, r, a, i) {
302
- switch (r.delete("client_secret"), r.delete("client_assertion_type"), r.delete("client_assertion"), t.token_endpoint_auth_method) {
448
+ async function Ye(e, t, n, i, s) {
449
+ switch (n.delete("client_secret"), n.delete("client_assertion_type"), n.delete("client_assertion"), t.token_endpoint_auth_method) {
303
450
  case void 0:
304
451
  case "client_secret_basic": {
305
- J("client_secret_basic", i), a.set("authorization", ke(t.client_id, V(t.client_secret)));
452
+ $("client_secret_basic", s), i.set("authorization", Me(t.client_id, oe(t.client_secret)));
306
453
  break;
307
454
  }
308
455
  case "client_secret_post": {
309
- J("client_secret_post", i), r.set("client_id", t.client_id), r.set("client_secret", V(t.client_secret));
456
+ $("client_secret_post", s), n.set("client_id", t.client_id), n.set("client_secret", oe(t.client_secret));
310
457
  break;
311
458
  }
312
459
  case "private_key_jwt": {
313
- if (F("private_key_jwt", t.client_secret), i === void 0)
460
+ if (ie("private_key_jwt", t.client_secret), s === void 0)
314
461
  throw new TypeError('"options.clientPrivateKey" must be provided when "client.token_endpoint_auth_method" is "private_key_jwt"');
315
- const { key: n, kid: s } = Te(i);
316
- if (!ee(n))
462
+ const { key: r, kid: o } = De(s);
463
+ if (!fe(r))
317
464
  throw new TypeError('"options.clientPrivateKey.key" must be a private CryptoKey');
318
- r.set("client_id", t.client_id), r.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), r.set("client_assertion", await Ue(e, t, n, s));
465
+ n.set("client_id", t.client_id), n.set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), n.set("client_assertion", await Qe(e, t, r, o));
319
466
  break;
320
467
  }
321
468
  case "tls_client_auth":
322
469
  case "self_signed_tls_client_auth":
323
470
  case "none": {
324
- F(t.token_endpoint_auth_method, t.client_secret), J(t.token_endpoint_auth_method, i), r.set("client_id", t.client_id);
471
+ ie(t.token_endpoint_auth_method, t.client_secret), $(t.token_endpoint_auth_method, s), n.set("client_id", t.client_id);
325
472
  break;
326
473
  }
327
474
  default:
328
- throw new p("unsupported client token_endpoint_auth_method");
475
+ throw new E("unsupported client token_endpoint_auth_method");
329
476
  }
330
477
  }
331
- async function re(e, t, r) {
332
- if (!r.usages.includes("sign"))
478
+ async function pe(e, t, n) {
479
+ if (!n.usages.includes("sign"))
333
480
  throw new TypeError('CryptoKey instances used for signing assertions must include "sign" in their "usages"');
334
- const a = `${_(b(JSON.stringify(e)))}.${_(b(JSON.stringify(t)))}`, i = _(await crypto.subtle.sign(se(r), r, b(a)));
335
- return `${a}.${i}`;
481
+ const i = `${A(R(JSON.stringify(e)))}.${A(R(JSON.stringify(t)))}`, s = A(await crypto.subtle.sign(ge(n), n, R(i)));
482
+ return `${i}.${s}`;
336
483
  }
337
- async function Le(e, t, r, a, i, n) {
338
- const { privateKey: s, publicKey: u, nonce: h = X.get(r.origin) } = t;
339
- if (!ee(s))
484
+ async function Ze(e, t, n, i, s, r) {
485
+ const { privateKey: o, publicKey: d, nonce: p = le.get(n.origin) } = t;
486
+ if (!fe(o))
340
487
  throw new TypeError('"DPoP.privateKey" must be a private CryptoKey');
341
- if (!_e(u))
488
+ if (!Oe(d))
342
489
  throw new TypeError('"DPoP.publicKey" must be a public CryptoKey');
343
- if (h !== void 0 && !f(h))
490
+ if (p !== void 0 && !b(p))
344
491
  throw new TypeError('"DPoP.nonce" must be a non-empty string or undefined');
345
- if (!u.extractable)
492
+ if (!d.extractable)
346
493
  throw new TypeError('"DPoP.publicKey.extractable" must be true');
347
- const l = $() + i, w = await re({
348
- alg: te(s),
494
+ const g = Q() + s, m = await pe({
495
+ alg: he(o),
349
496
  typ: "dpop+jwt",
350
- jwk: await Oe(u)
497
+ jwk: await et(d)
351
498
  }, {
352
- iat: l,
353
- jti: x(),
354
- htm: a,
355
- nonce: h,
356
- htu: `${r.origin}${r.pathname}`,
357
- ath: n ? _(await crypto.subtle.digest("SHA-256", b(n))) : void 0
358
- }, s);
359
- e.set("dpop", w);
360
- }
361
- let k;
362
- async function Ke(e) {
363
- const { kty: t, e: r, n: a, x: i, y: n, crv: s } = await crypto.subtle.exportKey("jwk", e), u = { kty: t, e: r, n: a, x: i, y: n, crv: s };
364
- return k.set(e, u), u;
365
- }
366
- async function Oe(e) {
367
- return k || (k = /* @__PURE__ */ new WeakMap()), k.get(e) || Ke(e);
368
- }
369
- function Ne(e, t, r) {
499
+ iat: g,
500
+ jti: O(),
501
+ htm: i,
502
+ nonce: p,
503
+ htu: `${n.origin}${n.pathname}`,
504
+ ath: r ? A(await crypto.subtle.digest("SHA-256", R(r))) : void 0
505
+ }, o);
506
+ e.set("dpop", m);
507
+ }
508
+ let J;
509
+ async function Xe(e) {
510
+ const { kty: t, e: n, n: i, x: s, y: r, crv: o } = await crypto.subtle.exportKey("jwk", e), d = { kty: t, e: n, n: i, x: s, y: r, crv: o };
511
+ return J.set(e, d), d;
512
+ }
513
+ async function et(e) {
514
+ return J || (J = /* @__PURE__ */ new WeakMap()), J.get(e) || Xe(e);
515
+ }
516
+ function tt(e, t, n) {
370
517
  if (typeof e != "string")
371
518
  throw new TypeError(`"as.${t}" must be a string`);
372
519
  return new URL(e);
373
520
  }
374
- function ne(e, t, r) {
375
- return Ne(e[t], t);
521
+ function we(e, t, n) {
522
+ return tt(e[t], t);
376
523
  }
377
- function O(e) {
524
+ function F(e) {
378
525
  const t = e;
379
526
  return typeof t != "object" || Array.isArray(t) || t === null ? !1 : t.error !== void 0;
380
527
  }
381
- async function We(e, t, r, a, i, n) {
382
- if (!f(e))
528
+ async function nt(e, t, n, i, s, r) {
529
+ if (!b(e))
383
530
  throw new TypeError('"accessToken" must be a non-empty string');
384
- if (!(r instanceof URL))
531
+ if (!(n instanceof URL))
385
532
  throw new TypeError('"url" must be an instance of URL');
386
- return a = P(a), (n == null ? void 0 : n.DPoP) === void 0 ? a.set("authorization", `Bearer ${e}`) : (await Le(a, n.DPoP, r, "GET", j({ [R]: n == null ? void 0 : n[R] }), e), a.set("authorization", `DPoP ${e}`)), ((n == null ? void 0 : n[W]) || fetch)(r.href, {
387
- body: i,
388
- headers: Object.fromEntries(a.entries()),
533
+ return i = N(i), (r == null ? void 0 : r.DPoP) === void 0 ? i.set("authorization", `Bearer ${e}`) : (await Ze(i, r.DPoP, n, "GET", K({ [I]: r == null ? void 0 : r[I] }), e), i.set("authorization", `DPoP ${e}`)), ((r == null ? void 0 : r[q]) || fetch)(n.href, {
534
+ body: s,
535
+ headers: Object.fromEntries(i.entries()),
389
536
  method: t,
390
537
  redirect: "manual",
391
- signal: n != null && n.signal ? H(n.signal) : null
392
- }).then(z);
393
- }
394
- async function ze(e, t, r, a) {
395
- C(e), U(t);
396
- const i = ne(e, "userinfo_endpoint"), n = P(a == null ? void 0 : a.headers);
397
- return t.userinfo_signed_response_alg ? n.set("accept", "application/jwt") : (n.set("accept", "application/json"), n.append("accept", "application/jwt")), We(r, "GET", i, n, null, {
398
- ...a,
399
- [R]: j(t)
538
+ signal: r != null && r.signal ? V(r.signal) : null
539
+ }).then(G);
540
+ }
541
+ async function rt(e, t, n, i) {
542
+ W(e), z(t);
543
+ const s = we(e, "userinfo_endpoint"), r = N(i == null ? void 0 : i.headers);
544
+ return t.userinfo_signed_response_alg ? r.set("accept", "application/jwt") : (r.set("accept", "application/json"), r.append("accept", "application/jwt")), nt(n, "GET", s, r, null, {
545
+ ...i,
546
+ [I]: K(t)
400
547
  });
401
548
  }
402
- async function He(e, t, r, a, i, n, s) {
403
- return await Je(e, t, i, n, s == null ? void 0 : s.clientPrivateKey), n.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((s == null ? void 0 : s[W]) || fetch)(a.href, {
404
- body: i,
405
- headers: Object.fromEntries(n.entries()),
406
- method: r,
549
+ async function ot(e, t, n, i, s, r, o) {
550
+ return await Ye(e, t, s, r, o == null ? void 0 : o.clientPrivateKey), r.set("content-type", "application/x-www-form-urlencoded;charset=UTF-8"), ((o == null ? void 0 : o[q]) || fetch)(i.href, {
551
+ body: s,
552
+ headers: Object.fromEntries(r.entries()),
553
+ method: n,
407
554
  redirect: "manual",
408
- signal: s != null && s.signal ? H(s.signal) : null
409
- }).then(z);
410
- }
411
- async function $e(e, t, r, a, i) {
412
- const n = ne(e, "token_endpoint");
413
- a.set("grant_type", r);
414
- const s = P(i == null ? void 0 : i.headers);
415
- return s.set("accept", "application/json"), He(e, t, "POST", n, a, s, i);
416
- }
417
- const De = /* @__PURE__ */ new WeakMap();
418
- async function Ie(e, t, r, a = !1, i = !1) {
419
- if (C(e), U(t), !N(r, Response))
555
+ signal: o != null && o.signal ? V(o.signal) : null
556
+ }).then(G);
557
+ }
558
+ async function it(e, t, n, i, s) {
559
+ const r = we(e, "token_endpoint");
560
+ i.set("grant_type", n);
561
+ const o = N(s == null ? void 0 : s.headers);
562
+ return o.set("accept", "application/json"), ot(e, t, "POST", r, i, o, s);
563
+ }
564
+ const at = /* @__PURE__ */ new WeakMap();
565
+ async function st(e, t, n, i = !1, s = !1) {
566
+ if (W(e), z(t), !B(n, Response))
420
567
  throw new TypeError('"response" must be an instance of Response');
421
- if (r.status !== 200) {
422
- let s;
423
- if (s = await Ze(r))
424
- return s;
425
- throw new o('"response" is not a conform Token Endpoint response');
568
+ if (n.status !== 200) {
569
+ let o;
570
+ if (o = await wt(n))
571
+ return o;
572
+ throw new a('"response" is not a conform Token Endpoint response');
426
573
  }
427
- D(r);
428
- let n;
574
+ Y(n);
575
+ let r;
429
576
  try {
430
- n = await r.json();
431
- } catch (s) {
432
- throw new o('failed to parse "response" body as JSON', { cause: s });
433
- }
434
- if (!A(n))
435
- throw new o('"response" body must be a top level object');
436
- if (!f(n.access_token))
437
- throw new o('"response" body "access_token" property must be a non-empty string');
438
- if (!f(n.token_type))
439
- throw new o('"response" body "token_type" property must be a non-empty string');
440
- if (n.token_type = n.token_type.toLowerCase(), n.token_type !== "dpop" && n.token_type !== "bearer")
441
- throw new p("unsupported `token_type` value");
442
- if (n.expires_in !== void 0 && (typeof n.expires_in != "number" || n.expires_in <= 0))
443
- throw new o('"response" body "expires_in" property must be a positive number');
444
- if (!i && n.refresh_token !== void 0 && !f(n.refresh_token))
445
- throw new o('"response" body "refresh_token" property must be a non-empty string');
446
- if (n.scope !== void 0 && typeof n.scope != "string")
447
- throw new o('"response" body "scope" property must be a string');
448
- if (!a) {
449
- if (n.id_token !== void 0 && !f(n.id_token))
450
- throw new o('"response" body "id_token" property must be a non-empty string');
451
- if (n.id_token) {
452
- const { claims: s } = await Ye(n.id_token, et.bind(void 0, t.id_token_signed_response_alg, e.id_token_signing_alg_values_supported), oe, j(t), je(t)).then(Ge.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(Be.bind(void 0, e.issuer)).then(Me.bind(void 0, t.client_id));
453
- if (Array.isArray(s.aud) && s.aud.length !== 1 && s.azp !== t.client_id)
454
- throw new o('unexpected ID Token "azp" (authorized party) claim value');
455
- if (s.auth_time !== void 0 && (!Number.isFinite(s.auth_time) || Math.sign(s.auth_time) !== 1))
456
- throw new o('ID Token "auth_time" (authentication time) must be a positive number');
457
- De.set(n, s);
577
+ r = await n.json();
578
+ } catch (o) {
579
+ throw new a('failed to parse "response" body as JSON', { cause: o });
580
+ }
581
+ if (!x(r))
582
+ throw new a('"response" body must be a top level object');
583
+ if (!b(r.access_token))
584
+ throw new a('"response" body "access_token" property must be a non-empty string');
585
+ if (!b(r.token_type))
586
+ throw new a('"response" body "token_type" property must be a non-empty string');
587
+ if (r.token_type = r.token_type.toLowerCase(), r.token_type !== "dpop" && r.token_type !== "bearer")
588
+ throw new E("unsupported `token_type` value");
589
+ if (r.expires_in !== void 0 && (typeof r.expires_in != "number" || r.expires_in <= 0))
590
+ throw new a('"response" body "expires_in" property must be a positive number');
591
+ if (!s && r.refresh_token !== void 0 && !b(r.refresh_token))
592
+ throw new a('"response" body "refresh_token" property must be a non-empty string');
593
+ if (r.scope !== void 0 && typeof r.scope != "string")
594
+ throw new a('"response" body "scope" property must be a string');
595
+ if (!i) {
596
+ if (r.id_token !== void 0 && !b(r.id_token))
597
+ throw new a('"response" body "id_token" property must be a non-empty string');
598
+ if (r.id_token) {
599
+ const { claims: o } = await gt(r.id_token, mt.bind(void 0, t.id_token_signed_response_alg, e.id_token_signing_alg_values_supported), me, K(t), Ge(t)).then(ht.bind(void 0, ["aud", "exp", "iat", "iss", "sub"])).then(ut.bind(void 0, e.issuer)).then(ct.bind(void 0, t.client_id));
600
+ if (Array.isArray(o.aud) && o.aud.length !== 1 && o.azp !== t.client_id)
601
+ throw new a('unexpected ID Token "azp" (authorized party) claim value');
602
+ if (o.auth_time !== void 0 && (!Number.isFinite(o.auth_time) || Math.sign(o.auth_time) !== 1))
603
+ throw new a('ID Token "auth_time" (authentication time) must be a positive number');
604
+ at.set(r, o);
458
605
  }
459
606
  }
460
- return n;
607
+ return r;
461
608
  }
462
- function Me(e, t) {
609
+ function ct(e, t) {
463
610
  if (Array.isArray(t.claims.aud)) {
464
611
  if (!t.claims.aud.includes(e))
465
- throw new o('unexpected JWT "aud" (audience) claim value');
612
+ throw new a('unexpected JWT "aud" (audience) claim value');
466
613
  } else if (t.claims.aud !== e)
467
- throw new o('unexpected JWT "aud" (audience) claim value');
614
+ throw new a('unexpected JWT "aud" (audience) claim value');
468
615
  return t;
469
616
  }
470
- function Be(e, t) {
617
+ function ut(e, t) {
471
618
  if (t.claims.iss !== e)
472
- throw new o('unexpected JWT "iss" (issuer) claim value');
619
+ throw new a('unexpected JWT "iss" (issuer) claim value');
473
620
  return t;
474
621
  }
475
- const ae = /* @__PURE__ */ new WeakSet();
476
- function qe(e) {
477
- return ae.add(e), e;
622
+ const ye = /* @__PURE__ */ new WeakSet();
623
+ function lt(e) {
624
+ return ye.add(e), e;
478
625
  }
479
- async function Ve(e, t, r, a, i, n) {
480
- if (C(e), U(t), !ae.has(r))
626
+ async function dt(e, t, n, i, s, r) {
627
+ if (W(e), z(t), !ye.has(n))
481
628
  throw new TypeError('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()');
482
- if (!f(a))
629
+ if (!b(i))
483
630
  throw new TypeError('"redirectUri" must be a non-empty string');
484
- if (!f(i))
631
+ if (!b(s))
485
632
  throw new TypeError('"codeVerifier" must be a non-empty string');
486
- const s = g(r, "code");
487
- if (!s)
488
- throw new o('no authorization code in "callbackParameters"');
489
- const u = new URLSearchParams(n == null ? void 0 : n.additionalParameters);
490
- return u.set("redirect_uri", a), u.set("code_verifier", i), u.set("code", s), $e(e, t, "authorization_code", u, n);
633
+ const o = T(n, "code");
634
+ if (!o)
635
+ throw new a('no authorization code in "callbackParameters"');
636
+ const d = new URLSearchParams(r == null ? void 0 : r.additionalParameters);
637
+ return d.set("redirect_uri", i), d.set("code_verifier", s), d.set("code", o), it(e, t, "authorization_code", d, r);
491
638
  }
492
- const Fe = {
639
+ const ft = {
493
640
  aud: "audience",
494
641
  c_hash: "code hash",
495
642
  client_id: "client id",
@@ -505,43 +652,43 @@ const Fe = {
505
652
  htu: "http uri",
506
653
  cnf: "confirmation"
507
654
  };
508
- function Ge(e, t) {
509
- for (const r of e)
510
- if (t.claims[r] === void 0)
511
- throw new o(`JWT "${r}" (${Fe[r]}) claim missing`);
655
+ function ht(e, t) {
656
+ for (const n of e)
657
+ if (t.claims[n] === void 0)
658
+ throw new a(`JWT "${n}" (${ft[n]}) claim missing`);
512
659
  return t;
513
660
  }
514
- async function Qe(e, t, r) {
515
- const a = await Ie(e, t, r, !0);
516
- if (O(a))
517
- return a;
518
- if (a.id_token !== void 0) {
519
- if (typeof a.id_token == "string" && a.id_token.length)
520
- throw new o("Unexpected ID Token returned, use processAuthorizationCodeOpenIDResponse() for OpenID Connect callback processing");
521
- delete a.id_token;
661
+ async function pt(e, t, n) {
662
+ const i = await st(e, t, n, !0);
663
+ if (F(i))
664
+ return i;
665
+ if (i.id_token !== void 0) {
666
+ if (typeof i.id_token == "string" && i.id_token.length)
667
+ throw new a("Unexpected ID Token returned, use processAuthorizationCodeOpenIDResponse() for OpenID Connect callback processing");
668
+ delete i.id_token;
522
669
  }
523
- return a;
670
+ return i;
524
671
  }
525
- function D(e) {
672
+ function Y(e) {
526
673
  if (e.bodyUsed)
527
674
  throw new TypeError('"response" body has been used already');
528
675
  }
529
- async function Ze(e) {
676
+ async function wt(e) {
530
677
  if (e.status > 399 && e.status < 500) {
531
- D(e);
678
+ Y(e);
532
679
  try {
533
680
  const t = await e.json();
534
- if (A(t) && typeof t.error == "string" && t.error.length)
681
+ if (x(t) && typeof t.error == "string" && t.error.length)
535
682
  return t.error_description !== void 0 && typeof t.error_description != "string" && delete t.error_description, t.error_uri !== void 0 && typeof t.error_uri != "string" && delete t.error_uri, t.algs !== void 0 && typeof t.algs != "string" && delete t.algs, t.scope !== void 0 && typeof t.scope != "string" && delete t.scope, t;
536
683
  } catch {
537
684
  }
538
685
  }
539
686
  }
540
- function G(e) {
687
+ function ae(e) {
541
688
  if (typeof e.modulusLength != "number" || e.modulusLength < 2048)
542
- throw new o(`${e.name} modulusLength must be at least 2048 bits`);
689
+ throw new a(`${e.name} modulusLength must be at least 2048 bits`);
543
690
  }
544
- function Xe(e) {
691
+ function yt(e) {
545
692
  switch (e) {
546
693
  case "P-256":
547
694
  return "SHA-256";
@@ -550,18 +697,18 @@ function Xe(e) {
550
697
  case "P-521":
551
698
  return "SHA-512";
552
699
  default:
553
- throw new p();
700
+ throw new E();
554
701
  }
555
702
  }
556
- function se(e) {
703
+ function ge(e) {
557
704
  switch (e.algorithm.name) {
558
705
  case "ECDSA":
559
706
  return {
560
707
  name: e.algorithm.name,
561
- hash: Xe(e.algorithm.namedCurve)
708
+ hash: yt(e.algorithm.namedCurve)
562
709
  };
563
710
  case "RSA-PSS":
564
- switch (G(e.algorithm), e.algorithm.hash.name) {
711
+ switch (ae(e.algorithm), e.algorithm.hash.name) {
565
712
  case "SHA-256":
566
713
  case "SHA-384":
567
714
  case "SHA-512":
@@ -570,260 +717,260 @@ function se(e) {
570
717
  saltLength: parseInt(e.algorithm.hash.name.slice(-3), 10) >> 3
571
718
  };
572
719
  default:
573
- throw new p();
720
+ throw new E();
574
721
  }
575
722
  case "RSASSA-PKCS1-v1_5":
576
- return G(e.algorithm), e.algorithm.name;
723
+ return ae(e.algorithm), e.algorithm.name;
577
724
  case "Ed448":
578
725
  case "Ed25519":
579
726
  return e.algorithm.name;
580
727
  }
581
- throw new p();
728
+ throw new E();
582
729
  }
583
- const oe = Symbol();
584
- async function Ye(e, t, r, a, i) {
585
- const { 0: n, 1: s, 2: u, length: h } = e.split(".");
586
- if (h === 5)
587
- throw new p("JWE structure JWTs are not supported");
588
- if (h !== 3)
589
- throw new o("Invalid JWT");
590
- let l;
730
+ const me = Symbol();
731
+ async function gt(e, t, n, i, s) {
732
+ const { 0: r, 1: o, 2: d, length: p } = e.split(".");
733
+ if (p === 5)
734
+ throw new E("JWE structure JWTs are not supported");
735
+ if (p !== 3)
736
+ throw new a("Invalid JWT");
737
+ let g;
591
738
  try {
592
- l = JSON.parse(b(_(n)));
593
- } catch (y) {
594
- throw new o("failed to parse JWT Header body as base64url encoded JSON", { cause: y });
595
- }
596
- if (!A(l))
597
- throw new o("JWT Header must be a top level object");
598
- if (t(l), l.crit !== void 0)
599
- throw new o('unexpected JWT "crit" header parameter');
600
- const w = _(u);
601
- let d;
602
- if (r !== oe) {
603
- d = await r(l);
604
- const y = `${n}.${s}`;
605
- if (!await crypto.subtle.verify(se(d), d, w, b(y)))
606
- throw new o("JWT signature verification failed");
607
- }
608
- let c;
739
+ g = JSON.parse(R(A(r)));
740
+ } catch (v) {
741
+ throw new a("failed to parse JWT Header body as base64url encoded JSON", { cause: v });
742
+ }
743
+ if (!x(g))
744
+ throw new a("JWT Header must be a top level object");
745
+ if (t(g), g.crit !== void 0)
746
+ throw new a('unexpected JWT "crit" header parameter');
747
+ const m = A(d);
748
+ let h;
749
+ if (n !== me) {
750
+ h = await n(g);
751
+ const v = `${r}.${o}`;
752
+ if (!await crypto.subtle.verify(ge(h), h, m, R(v)))
753
+ throw new a("JWT signature verification failed");
754
+ }
755
+ let l;
609
756
  try {
610
- c = JSON.parse(b(_(s)));
611
- } catch (y) {
612
- throw new o("failed to parse JWT Payload body as base64url encoded JSON", { cause: y });
613
- }
614
- if (!A(c))
615
- throw new o("JWT Payload must be a top level object");
616
- const m = $() + a;
617
- if (c.exp !== void 0) {
618
- if (typeof c.exp != "number")
619
- throw new o('unexpected JWT "exp" (expiration time) claim type');
620
- if (c.exp <= m - i)
621
- throw new o('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
622
- }
623
- if (c.iat !== void 0 && typeof c.iat != "number")
624
- throw new o('unexpected JWT "iat" (issued at) claim type');
625
- if (c.iss !== void 0 && typeof c.iss != "string")
626
- throw new o('unexpected JWT "iss" (issuer) claim type');
627
- if (c.nbf !== void 0) {
628
- if (typeof c.nbf != "number")
629
- throw new o('unexpected JWT "nbf" (not before) claim type');
630
- if (c.nbf > m + i)
631
- throw new o('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
632
- }
633
- if (c.aud !== void 0 && typeof c.aud != "string" && !Array.isArray(c.aud))
634
- throw new o('unexpected JWT "aud" (audience) claim type');
635
- return { header: l, claims: c, signature: w, key: d };
636
- }
637
- function et(e, t, r) {
757
+ l = JSON.parse(R(A(o)));
758
+ } catch (v) {
759
+ throw new a("failed to parse JWT Payload body as base64url encoded JSON", { cause: v });
760
+ }
761
+ if (!x(l))
762
+ throw new a("JWT Payload must be a top level object");
763
+ const _ = Q() + i;
764
+ if (l.exp !== void 0) {
765
+ if (typeof l.exp != "number")
766
+ throw new a('unexpected JWT "exp" (expiration time) claim type');
767
+ if (l.exp <= _ - s)
768
+ throw new a('unexpected JWT "exp" (expiration time) claim value, timestamp is <= now()');
769
+ }
770
+ if (l.iat !== void 0 && typeof l.iat != "number")
771
+ throw new a('unexpected JWT "iat" (issued at) claim type');
772
+ if (l.iss !== void 0 && typeof l.iss != "string")
773
+ throw new a('unexpected JWT "iss" (issuer) claim type');
774
+ if (l.nbf !== void 0) {
775
+ if (typeof l.nbf != "number")
776
+ throw new a('unexpected JWT "nbf" (not before) claim type');
777
+ if (l.nbf > _ + s)
778
+ throw new a('unexpected JWT "nbf" (not before) claim value, timestamp is > now()');
779
+ }
780
+ if (l.aud !== void 0 && typeof l.aud != "string" && !Array.isArray(l.aud))
781
+ throw new a('unexpected JWT "aud" (audience) claim type');
782
+ return { header: g, claims: l, signature: m, key: h };
783
+ }
784
+ function mt(e, t, n) {
638
785
  if (e !== void 0) {
639
- if (r.alg !== e)
640
- throw new o('unexpected JWT "alg" header parameter');
786
+ if (n.alg !== e)
787
+ throw new a('unexpected JWT "alg" header parameter');
641
788
  return;
642
789
  }
643
790
  if (Array.isArray(t)) {
644
- if (!t.includes(r.alg))
645
- throw new o('unexpected JWT "alg" header parameter');
791
+ if (!t.includes(n.alg))
792
+ throw new a('unexpected JWT "alg" header parameter');
646
793
  return;
647
794
  }
648
- if (r.alg !== "RS256")
649
- throw new o('unexpected JWT "alg" header parameter');
795
+ if (n.alg !== "RS256")
796
+ throw new a('unexpected JWT "alg" header parameter');
650
797
  }
651
- function g(e, t) {
652
- const { 0: r, length: a } = e.getAll(t);
653
- if (a > 1)
654
- throw new o(`"${t}" parameter must be provided only once`);
655
- return r;
798
+ function T(e, t) {
799
+ const { 0: n, length: i } = e.getAll(t);
800
+ if (i > 1)
801
+ throw new a(`"${t}" parameter must be provided only once`);
802
+ return n;
656
803
  }
657
- const tt = Symbol(), rt = Symbol();
658
- function nt(e, t, r, a) {
659
- if (C(e), U(t), r instanceof URL && (r = r.searchParams), !(r instanceof URLSearchParams))
804
+ const bt = Symbol(), _t = Symbol();
805
+ function vt(e, t, n, i) {
806
+ if (W(e), z(t), n instanceof URL && (n = n.searchParams), !(n instanceof URLSearchParams))
660
807
  throw new TypeError('"parameters" must be an instance of URLSearchParams, or URL');
661
- if (g(r, "response"))
662
- throw new o('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
663
- const i = g(r, "iss"), n = g(r, "state");
664
- if (!i && e.authorization_response_iss_parameter_supported)
665
- throw new o('response parameter "iss" (issuer) missing');
666
- if (i && i !== e.issuer)
667
- throw new o('unexpected "iss" (issuer) response parameter value');
668
- switch (a) {
808
+ if (T(n, "response"))
809
+ throw new a('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()');
810
+ const s = T(n, "iss"), r = T(n, "state");
811
+ if (!s && e.authorization_response_iss_parameter_supported)
812
+ throw new a('response parameter "iss" (issuer) missing');
813
+ if (s && s !== e.issuer)
814
+ throw new a('unexpected "iss" (issuer) response parameter value');
815
+ switch (i) {
669
816
  case void 0:
670
- case rt:
671
- if (n !== void 0)
672
- throw new o('unexpected "state" response parameter encountered');
817
+ case _t:
818
+ if (r !== void 0)
819
+ throw new a('unexpected "state" response parameter encountered');
673
820
  break;
674
- case tt:
821
+ case bt:
675
822
  break;
676
823
  default:
677
- if (!f(a))
678
- throw new o('"expectedState" must be a non-empty string');
679
- if (n === void 0)
680
- throw new o('response parameter "state" missing');
681
- if (n !== a)
682
- throw new o('unexpected "state" response parameter value');
683
- }
684
- const s = g(r, "error");
685
- if (s)
824
+ if (!b(i))
825
+ throw new a('"expectedState" must be a non-empty string');
826
+ if (r === void 0)
827
+ throw new a('response parameter "state" missing');
828
+ if (r !== i)
829
+ throw new a('unexpected "state" response parameter value');
830
+ }
831
+ const o = T(n, "error");
832
+ if (o)
686
833
  return {
687
- error: s,
688
- error_description: g(r, "error_description"),
689
- error_uri: g(r, "error_uri")
834
+ error: o,
835
+ error_description: T(n, "error_description"),
836
+ error_uri: T(n, "error_uri")
690
837
  };
691
- const u = g(r, "id_token"), h = g(r, "token");
692
- if (u !== void 0 || h !== void 0)
693
- throw new p("implicit and hybrid flows are not supported");
694
- return qe(new URLSearchParams(r));
838
+ const d = T(n, "id_token"), p = T(n, "token");
839
+ if (d !== void 0 || p !== void 0)
840
+ throw new E("implicit and hybrid flows are not supported");
841
+ return lt(new URLSearchParams(n));
695
842
  }
696
- function at({
843
+ function St({
697
844
  handleCallback: e
698
845
  }) {
699
- const t = ue(), r = he({
846
+ const t = Re(), n = Le({
700
847
  queryFn: () => e(new URL(window.location.href), t),
701
848
  retry: 0,
702
849
  queryKey: ["auth-callback"]
703
850
  });
704
- return r.isPending ? /* @__PURE__ */ T.jsx("div", { children: "Loading..." }) : r.error ? /* @__PURE__ */ T.jsxs("div", { children: [
851
+ return n.isPending ? /* @__PURE__ */ j.jsx("div", { children: "Loading..." }) : n.error ? /* @__PURE__ */ j.jsxs("div", { children: [
705
852
  "Error: ",
706
- JSON.stringify(r.error)
707
- ] }) : /* @__PURE__ */ T.jsx(de, { to: "/", replace: !0 });
853
+ JSON.stringify(n.error)
854
+ ] }) : /* @__PURE__ */ j.jsx(ke, { to: "/", replace: !0 });
708
855
  }
709
- const L = "/oauth/callback";
710
- async function st(e) {
711
- const t = typeof e == "string" ? new URL(e) : e, r = await be(t);
712
- return await Se(t, r);
856
+ const D = "/oauth/callback";
857
+ async function Et(e) {
858
+ const t = typeof e == "string" ? new URL(e) : e, n = await Ke(t);
859
+ return await We(t, n);
713
860
  }
714
- async function Q({
861
+ async function se({
715
862
  issuer: e,
716
863
  authorizationEndpoint: t,
717
- tokenEndpoint: r
864
+ tokenEndpoint: n
718
865
  }) {
719
- return await st(e);
866
+ return await Et(e);
720
867
  }
721
- const ot = ({
868
+ const Tt = ({
722
869
  issuer: e,
723
870
  authorizationEndpoint: t,
724
- tokenEndpoint: r,
725
- clientId: a
871
+ tokenEndpoint: n,
872
+ clientId: i
726
873
  }) => {
727
- const i = {
728
- client_id: a,
874
+ const s = {
875
+ client_id: i,
729
876
  token_endpoint_auth_method: "none"
730
877
  };
731
- async function n(s, u) {
732
- const h = s.searchParams, l = h.get("state"), w = await u.sessionStorage.get("codeVerifier");
733
- if (!w)
878
+ async function r(o, d) {
879
+ const p = o.searchParams, g = p.get("state"), m = await d.sessionStorage.get("codeVerifier");
880
+ if (!m)
734
881
  return {
735
882
  isLoggedIn: !1
736
883
  };
737
- const d = await Q({
884
+ const h = await se({
738
885
  issuer: e,
739
886
  authorizationEndpoint: t,
740
- tokenEndpoint: r
741
- }), c = nt(
742
- d,
743
- i,
887
+ tokenEndpoint: n
888
+ }), l = vt(
744
889
  h,
745
- l ?? void 0
890
+ s,
891
+ p,
892
+ g ?? void 0
746
893
  );
747
- if (O(c))
748
- throw M.error("Error Response", c), new Error();
749
- const m = new URL(s);
750
- m.pathname = L, m.search = "";
751
- const y = await Ve(
752
- d,
753
- i,
754
- c,
755
- m.toString(),
756
- w
757
- ), S = await Qe(
758
- d,
759
- i,
760
- y
894
+ if (F(l))
895
+ throw te.error("Error Response", l), new Error();
896
+ const _ = new URL(o);
897
+ _.pathname = D, _.search = "";
898
+ const v = await dt(
899
+ h,
900
+ s,
901
+ l,
902
+ _.toString(),
903
+ m
904
+ ), u = await pt(
905
+ h,
906
+ s,
907
+ v
761
908
  );
762
- if (O(S))
763
- throw M.error("Error Response", S), new Error(S.error);
764
- const E = await (await ze(
765
- d,
766
- i,
767
- S.access_token
768
- )).json(), I = {
769
- sub: E.sub,
770
- email: E.email,
771
- name: E.name,
772
- email_verified: E.email_verified ?? !1,
773
- picture: E.picture,
909
+ if (F(u))
910
+ throw te.error("Error Response", u), new Error(u.error);
911
+ const c = await (await rt(
912
+ h,
913
+ s,
914
+ u.access_token
915
+ )).json(), k = {
916
+ sub: c.sub,
917
+ email: c.email,
918
+ name: c.name,
919
+ email_verified: c.email_verified ?? !1,
920
+ picture: c.picture,
774
921
  isLoggedIn: !0
775
922
  };
776
- return u.setUserProfile(I), I;
923
+ return d.setUserProfile(k), k;
777
924
  }
778
925
  return {
779
- logout: async (s) => {
780
- await s.setUserProfile({ isLoggedIn: !1 });
926
+ logout: async (o) => {
927
+ await o.setUserProfile({ isLoggedIn: !1 });
781
928
  },
782
- login: async (s) => {
783
- var m;
784
- const u = "S256", h = await Q({
929
+ login: async (o) => {
930
+ var _;
931
+ const d = "S256", p = await se({
785
932
  issuer: e,
786
933
  authorizationEndpoint: t,
787
- tokenEndpoint: r
934
+ tokenEndpoint: n
788
935
  });
789
- if (!h.authorization_endpoint)
936
+ if (!p.authorization_endpoint)
790
937
  throw new Error("No authorization endpoint");
791
- const l = Ee(), w = await ve(l);
792
- await s.sessionStorage.set("codeVerifier", l);
793
- const d = new URL(
794
- h.authorization_endpoint
795
- ), c = new URL(s.url);
796
- if (c.pathname = L, c.search = "", d.searchParams.set("client_id", i.client_id), d.searchParams.set("redirect_uri", c.toString()), d.searchParams.set("response_type", "code"), d.searchParams.set("scope", "openid+profile+email"), d.searchParams.set("code_challenge", w), d.searchParams.set(
938
+ const g = ze(), m = await $e(g);
939
+ await o.sessionStorage.set("codeVerifier", g);
940
+ const h = new URL(
941
+ p.authorization_endpoint
942
+ ), l = new URL(o.url);
943
+ if (l.pathname = D, l.search = "", h.searchParams.set("client_id", s.client_id), h.searchParams.set("redirect_uri", l.toString()), h.searchParams.set("response_type", "code"), h.searchParams.set("scope", "openid+profile+email"), h.searchParams.set("code_challenge", m), h.searchParams.set(
797
944
  "code_challenge_method",
798
- u
799
- ), ((m = h.code_challenge_methods_supported) == null ? void 0 : m.includes(
945
+ d
946
+ ), ((_ = p.code_challenge_methods_supported) == null ? void 0 : _.includes(
800
947
  "S256"
801
948
  )) !== !0) {
802
- const y = Ae();
803
- d.searchParams.set("state", y);
949
+ const v = He();
950
+ h.searchParams.set("state", v);
804
951
  }
805
- location.href = d.href;
952
+ location.href = h.href;
806
953
  },
807
- signRequest(s, u) {
808
- return Promise.resolve(s);
954
+ signRequest(o, d) {
955
+ return Promise.resolve(o);
809
956
  },
810
957
  getRoutes: () => [
811
958
  {
812
- path: L,
813
- element: /* @__PURE__ */ T.jsx(at, { handleCallback: n })
959
+ path: D,
960
+ element: /* @__PURE__ */ j.jsx(St, { handleCallback: r })
814
961
  }
815
962
  ]
816
963
  };
817
- }, dt = ({
964
+ }, Rt = ({
818
965
  domain: e,
819
966
  clientId: t,
820
- audience: r
821
- }) => ot({
967
+ audience: n
968
+ }) => Tt({
822
969
  type: "openid",
823
970
  issuer: `https://${e}`,
824
971
  clientId: t,
825
- audience: r
972
+ audience: n
826
973
  });
827
974
  export {
828
- dt as default
975
+ Rt as default
829
976
  };