UNPKG

@descope/web-js-sdk

Version:

Descope JavaScript web SDK

github.com/descope/descope-js

descope/descope-js

3 lines (2 loc) 24.2 kB
1
2
3
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var s=r(n),a=r(o);const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;const f=["/v1/auth/refresh","/v1/auth/try-refresh","/v1/auth/me","/v1/auth/me/tenants","/v1/auth/me/history"];let g;const w=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},v=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:w(n)},h=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?w(o):void 0)},y=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||h(t),cookieExpiration:t.cookieExpiration||v(t)},s)},m=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},b=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return y(n)},k=()=>c&&!!window.descopeBridge,S=(e,t)=>{if(!((null==t?void 0:t.status)>=400&&(null==t?void 0:t.status)<500))return!1;const n=(null==e?void 0:e.path)||"";return f.includes(n)},_=void 0!==g||c&&void 0!==window.localStorage,I=(e,t)=>{var n,o;return null===(o=null===(n=g||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},O=e=>{var t,n;return null===(n=null===(t=g||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},x=e=>{var t,n;return null===(n=null===(t=g||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},D=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==g?void 0:g.key)||void 0===t?void 0:t.call(g,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},T=(...e)=>{console.debug(...e)},j=(...e)=>{console.warn(...e)},U=(e,t)=>{let n;var o;return t>0?(n=1e3*t,T(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(T(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},C="DS",R="DSR",E="DSI";function $(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:s,cookieSecure:l}=n,c=new Date(1e3*s),d=A(o);a.default.set(e,t,{path:i,domain:d?o:void 0,expires:c,sameSite:r,secure:l})}}function A(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const N=e=>(null==e?void 0:e.cookieName)||C,J=e=>(null==e?void 0:e.cookieName)||R;function P(e="",t){return a.default.get(J(t))||O(`${e}${R}`)||""}function q(e="",t){return a.default.get(N(t))||O(`${e}${C}`)||""}function K(e=""){return O(`${e}${E}`)||""}function L(e="",t,n,o){x(`${e}${R}`),x(`${e}${C}`),x(`${e}${E}`);const i=N(t);a.default.remove(i,null==o?void 0:o.session);const r=J(n);a.default.remove(r,null==o?void 0:o.refresh)}const V=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||P(e,t)}),i=function(e=""){return O(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},F=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",M="vsid",W="vrid",H="fp",B=(e=!1)=>{const t=O(H);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},G=async(e,t=F)=>{try{if(B())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const s=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",a=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[s,i.defaultScriptUrlPattern]}),l=await a,{requestId:c}=await l.get({linkedId:n}),d=((e,t)=>({[M]:e,[W]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};I(H,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},X=e=>{const t=B(!0);return t&&e.body&&(e.body.fpData=t),e},Z="descopeFlowNonce",Y="X-Descope-Flow-Nonce",z="/v1/flow/start",Q="/v1/flow/next",ee=(e,t=Z)=>`${t}${e}`,te=(e,t=Z)=>{try{const n=ee(e,t);x(n)}catch(e){console.error("Error removing flow nonce:",e)}},ne=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},oe=e=>{var t;return e.path===Q&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?ne(e.body.executionId):null},ie="dls_last_user_login_id",re="dls_last_user_display_name",se=e=>I(ie,e),ae=()=>O(ie),le=()=>O(re),ce=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=ae(),r=le();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},de=e=>t=>async(...n)=>{const o=await t(...n);return e||(x(ie),x(re)),o};function ue(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const pe=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return L(e,t,n,null==o?void 0:o()),s};async function fe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=me(n.publicKey.challenge),n.publicKey.user.id=me(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=me(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:be(o.rawId),type:o.type,response:{attestationObject:be(o.response.attestationObject),clientDataJSON:be(o.response.clientDataJSON)}});var o}async function ge(e){const t=he(e);return ye(await navigator.credentials.get(t))}async function we(e,t){const n=he(e);n.signal=t.signal,n.mediation="conditional";return ye(await navigator.credentials.get(n))}async function ve(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(k()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function he(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=me(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=me(e.id)})),n}function ye(e){return JSON.stringify({id:e.id,rawId:be(e.rawId),type:e.type,response:{authenticatorData:be(e.response.authenticatorData),clientDataJSON:be(e.response.clientDataJSON),signature:be(e.response.signature),userHandle:e.response.userHandle?be(e.response.userHandle):void 0}})}function me(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function be(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ke,Se=(ke=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await fe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ge(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await fe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ge(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await fe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:fe,get:ge,isSupported:ve,conditional:we}}),(...e)=>{const t=ke(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const _e={config:"/fedcm/config"},Ie=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Oe(e,t){var n;try{await xe(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function xe(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=Ie(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var De=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ve(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Te=()=>window.location.search.includes("code")&&window.location.search.includes("state");let je;const Ue=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Ue(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Ce=async(e,t,n)=>{je||(je=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ue([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await je;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Re=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Ce(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),I(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Te())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=O(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||K(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return x(i),t||window.location.replace(s),r}}},Ee=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,g=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return c?(o&&i&&G(o).catch((()=>null)),t(m(r,{beforeRequest:X}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,s=e.__rest(i,["autoRefresh"]);if(!r||k())return o(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(T("Expiration time passed, refreshing session"),p.refresh(P()||u))}));const p=o(m(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await b(n);if(S(e,n))T("Session invalidated, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);T("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void T("Could not extract expiration time from session token");u=i;const e=U(d,s);if(a(),e<=2e4)return void T("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});T(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?T("Skipping refresh due to timer - document is hidden"):(T("Refreshing session due to timer"),p.refresh(P()||i))}),e)}}}));return n.wrapWith(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return T("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.45.0"},t.baseHeaders)}))),(e=>t=>{const o=ue(),i=ue(),r=ue(),s=ue(),a=e(m(t,{afterRequest:async(e,t)=>{if(S(e,t))T("Session invalidated, notifying subscribers with empty values"),i.pub(null),r.pub(null),o.pub(null),s.pub(null);else{const e=await(async e=>{const t=await b(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:a,claims:l}=await b(t);n&&i.pub(n),l&&s.pub(l),(a||n)&&o.pub(a||42)}}})),l=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),s.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=Z}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=Z)=>{try{if(!_)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==g?void 0:g.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=D(i);if(t&&t.startsWith(e)){const e=O(t);if(e)try{JSON.parse(e).expiry<Date.now()&&x(t)}catch(e){x(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(m(r,{afterRequest:async(e,t)=>{if(e.path!==z&&e.path!==Q)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(Y);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=oe(e)),{nonce:n,executionId:ne(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=Z)=>{try{const i=ee(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};I(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===z,i)}},beforeRequest:e=>{if(e.path===Q){const t=oe(e);if(t){const n=((e,t=Z)=>{try{const n=ee(e,t),o=O(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(te(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[Y]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,s=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:ae,getLastUserDisplayName:le});const a=t(m(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=y((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(se(r),(e=>{I(re,e)})(s)):(null==i?void 0:i.loginId)&&se(i.loginId)}}));let l=n.wrapWith(a,["flow.start"],ce);return l=n.wrapWith(l,["logout","logoutAll"],de(r)),Object.assign(l,{getLastUserLoginId:ae,getLastUserDisplayName:le})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,refreshTokenViaCookie:s,storagePrefix:l}=o,d=e.__rest(o,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!i||!c)return t(d);let u;const p=t(m(d,{beforeRequest:V(l,s),afterRequest:async(e,t)=>{if(S(e,t))T("Session invalidated, clearing persisted tokens"),L(l,r,s,u);else{const e=((e={},t=!1,n="",o=!1)=>{var i,r,s,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){x(`${n}${R}`);const t=o.sameSite||"Strict",s=null===(i=o.secure)||void 0===i||i,a=null!==(r=o.domain)&&void 0!==r?r:e.cookieDomain,l=J(o);s&&"https:"!==window.location.protocol&&j("Refresh token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass refreshTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});$(l,d,c);const u=A(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=J(o);a.default.remove(e),I(`${n}${R}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=N(t);o&&"https:"!==window.location.protocol&&j("Session token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass sessionTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const a=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});$(r,c,a);const d=A(i);p=Object.assign(Object.assign({},p),{session:{path:a.cookiePath,domain:d?i:void 0}})}else I(`${n}${C}`,c);return e.idToken&&I(`${n}${E}`,e.idToken),u&&I(`${n}DTD`,u),p})(await b(t),r,l,s);e&&(u=e)}}})),f=n.wrapWith(p,["logout","logoutAll","oidc.logout"],pe(l,r,s,(()=>u)));return Object.assign(f,{getRefreshToken:()=>P(l,s),getSessionToken:()=>q(l,r),getIdToken:()=>K(l)})}))((e=>{const t=s.default(e),n=Re(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(k())return T(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=q(),a=P();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){T("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:De(t),webauthn:Se(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){Oe(o,e)},requestAuthentication(e){Oe(o,e)}},async oneTap(e,t,n,i,r){await xe(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+_e.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+_e.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=R,exports.SESSION_TOKEN_KEY=C,exports.clearFingerprintData=()=>{x(H)},exports.createSdk=Ee,exports.default=Ee,exports.ensureFingerprintIds=G,exports.getSessionToken=q,exports.hasOidcParamsInUrl=Te; //# sourceMappingURL=index.cjs.js.map