@openpass/openpass-js-sdk/dist/browser/openpass-js-sdk.min.js

OpenPass SSO JavaScript SDK

!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.openpass=t():e.openpass=t()}(self,(()=>(()=>{"use strict";var e={d:(t,i)=>{for(var n in i)e.o(i,n)&&!e.o(t,n)&&Object.defineProperty(t,n,{enumerable:!0,get:i[n]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.d(t,{default:()=>fe});var i={};e.r(i),e.d(i,{AuthError:()=>s,OpenPassClient:()=>ce,SdkError:()=>n});class n extends Error{constructor(e){super(e),Object.setPrototypeOf(this,new.target.prototype)}}class s extends n{constructor(e,t,i,n){super(t||e),this.error=e,this.errorDescription=t,this.errorUri=i,this.clientState=n}}class o extends n{constructor(e){super(e)}}function r(e,t,i){const n=e.split("."),s=n.pop();if(void 0===s)throw Error("Function name not provided");for(let e=0;e<n.length;e++)t=t[n[e]];const o=t[s];if(void 0===o)throw Error(`Function '${s}' not found`);return o.apply(t,i)}function a(e){return e.map((e=>{const t=e.endsWith("/")?e.substring(0,e.length-1):e;return t.startsWith("/")?t.substring(1):t})).join("/")}const d="openpass-js-sdk",l="OpenPass-SDK-Name",p="OpenPass-SDK-Version",c="state",u="S256",h="post_message",g="openpass-silent-auth-sign-in-completion",w="https://auth.myopenpass.com",m="/v1/api/authorize",v=e=>e||w,f=async(e,t)=>{if(t.timeout)return await b(e,t);const i=await fetch(e,t);return{status:i.status,json:await I(i)}},b=async(e,t)=>{let i;try{const n=new AbortController;i=setTimeout((()=>n.abort()),t.timeout);const s=await fetch(e,{...t,signal:n.signal});return{status:s.status,json:await I(s)}}finally{i&&clearTimeout(i)}},k=e=>{const t=[];return Object.keys(e).forEach((i=>{if(e[i]){const n=encodeURIComponent(i),s=encodeURIComponent(e[i]);t.push(n+"="+s)}})),t.length>0?t.join("&"):""},I=async e=>{var t;return(null===(t=e.headers.get("content-type"))||void 0===t?void 0:t.toLowerCase().includes("application/json"))?await e.json():null},y="invalid_redirect",_="invalid_redirect";function P(e){this.message=e}P.prototype=new Error,P.prototype.name="InvalidCharacterError";var A="undefined"!=typeof window&&window.atob&&window.atob.bind(window)||function(e){var t=String(e).replace(/=+$/,"");if(t.length%4==1)throw new P("'atob' failed: The string to be decoded is not correctly encoded.");for(var i,n,s=0,o=0,r="";n=t.charAt(o++);~n&&(i=s%4?64*i+n:n,s++%4)?r+=String.fromCharCode(255&i>>(-2*s&6)):0)n="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(n);return r};function x(e){var t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw"Illegal base64url string!"}try{return function(e){return decodeURIComponent(A(e).replace(/(.)/g,(function(e,t){var i=t.charCodeAt(0).toString(16).toUpperCase();return i.length<2&&(i="0"+i),"%"+i})))}(t)}catch(e){return A(t)}}function S(e){this.message=e}S.prototype=new Error,S.prototype.name="InvalidTokenError";const C=e=>function(e,t){if("string"!=typeof e)throw new S("Invalid token specified");var i=!0===(t=t||{}).header?0:1;try{return JSON.parse(x(e.split(".")[i]))}catch(e){throw new S("Invalid token specified: "+e.message)}}(e),E=JSON.parse('{"rE":"4.13.0-pre-release"}');class O{constructor(e){this.options=e,this.validateOptions(e)}async exchangeAuthCodeForTokens(e,t){var i,n,o;const r={grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUrl,code:e,code_verifier:t.codeVerifier},a={};a[l]=d,a[p]=E.rE,a["Content-Type"]="application/x-www-form-urlencoded; charset=UTF-8";const c=(await f(this.resolveUri("/v1/api/token"),{method:"POST",headers:a,body:k(r),timeout:6e4})).json;if(this.isErrorResponse(c))throw new s(null!==(i=c.error)&&void 0!==i?i:"token_oidc_id_request_failed",null!==(n=c.error_description)&&void 0!==n?n:"Error retrieving token",null!==(o=c.error_uri)&&void 0!==o?o:"",t.clientState);const u=c.id_token,h=C(u);if(!h)throw new s("decode_jwt","Unable to decode jwt","",t.clientState);const g=c.access_token,w=c.refresh_token;if(!g)throw new s("no_access_token","No access token was returned","",t.clientState);return{idToken:h,rawIdToken:u,accessToken:g,refreshToken:w,rawAccessToken:g,tokenType:c.token_type,expiresIn:c.expires_in}}async authorizeDevice(e,t,i){var n,o,r;const a={scope:"openid",client_id:e};t&&(a.login_hint=t),i&&(a.disable_login_hint_editing=i);const c={};c[l]=d,c[p]=E.rE,c["Content-Type"]="application/x-www-form-urlencoded; charset=UTF-8";const u=(await f(this.resolveUri("/v1/api/authorize-device"),{method:"POST",headers:c,body:k(a),timeout:6e4})).json;if(this.isErrorResponse(u))throw new s(null!==(n=u.error)&&void 0!==n?n:"authorize_device_request_failed",null!==(o=u.error_description)&&void 0!==o?o:"Error authorizing device",null!==(r=u.error_uri)&&void 0!==r?r:"");return u}async deviceToken(e,t){var i,n,o;const r={client_id:e,grant_type:"urn:ietf:params:oauth:grant-type:device_code",device_code:t},a={};a[l]=d,a[p]=E.rE,a["Content-Type"]="application/x-www-form-urlencoded; charset=UTF-8";const c=(await f(this.resolveUri("/v1/api/device-token"),{method:"POST",headers:a,body:k(r),timeout:6e4})).json;if(this.isErrorResponse(c)){if("authorization_pending"===c.error)return{status:"authorization_pending"};if("slow_down"===c.error)return{status:"slow_down"};throw new s(null!==(i=c.error)&&void 0!==i?i:"device_token_request_failed",null!==(n=c.error_description)&&void 0!==n?n:"Error getting device token",null!==(o=c.error_uri)&&void 0!==o?o:"")}return{status:"ok",tokensResponse:c}}async sendClientTelemetryEvent(e){const t={};t[l]=d,t[p]=E.rE,t["Content-Type"]="application/json";const i={client_id:this.options.clientId,event_type:e};await f(this.resolveUri("/v1/api/telemetry/event"),{method:"POST",headers:t,body:JSON.stringify(i),timeout:6e4})}async sendSdkTelemetryEvent(e,t,i,n){const s={};s[l]=d,s[p]=E.rE,s["Content-Type"]="application/json";const o={client_id:this.options.clientId,event_type:e,event_name:t,message:i,stack_trace:n};await f(this.resolveUri("/v1/api/telemetry/sdk-event"),{method:"POST",headers:s,body:JSON.stringify(o),timeout:6e4})}resolveUri(e){return a([this.options.baseUrl||w,e])}isErrorResponse(e){return void 0!==e.error}validateOptions(e){if(!e.clientId)throw new n("Error clientId is invalid. Please use a valid clientId")}}const U="__openpass__client_session";class T{constructor(e){this.signInStateStorage=e}add(e){this.signInStateStorage.set(U,JSON.stringify(e))}get(){const e=this.signInStateStorage.get(U,"");return e?JSON.parse(e):null}remove(){this.signInStateStorage.remove(U)}}class R{set(e,t){sessionStorage.setItem(e,t)}get(e,t){return sessionStorage.getItem(e)||t}remove(e){sessionStorage.removeItem(e)}}const q=e=>{const t=new URLSearchParams(e);return{code:L("code",t),state:L(c,t),error:L("error",t),errorDescription:L("error_description",t),errorUri:L("error_uri",t)}},F=e=>{const t=null!==e.state&&null!==e.code,i=null!==e.error;return t||i},j=(e,t)=>{var i,n,s,o,r,a,d,l;const p=new URL(e),c=new URL(t),u=null===(i=p.origin)||void 0===i?void 0:i.toLowerCase(),h=null===(s=null===(n=p.pathname)||void 0===n?void 0:n.replace(/\/+$/,""))||void 0===s?void 0:s.toLowerCase(),g=null===(o=p.protocol)||void 0===o?void 0:o.toLowerCase(),w=null===(r=c.origin)||void 0===r?void 0:r.toLowerCase(),m=null===(d=null===(a=c.pathname)||void 0===a?void 0:a.replace(/\/+$/,""))||void 0===d?void 0:d.toLowerCase(),v=null===(l=c.protocol)||void 0===l?void 0:l.toLowerCase();return u===w&&h===m&&g===v},z=(e,t,i,n,s)=>{const o=new URLSearchParams;if(o.set("response_type","code"),o.set("client_id",i.clientId),o.set("scope","openid"),o.set(c,i.state),o.set("sdk_name",d),o.set("sdk_version",E.rE),o.set("op_auth_session_source",n),i.redirectUrl&&o.set("redirect_uri",i.redirectUrl),i.codeChallengeMethod&&o.set("code_challenge_method",i.codeChallengeMethod),i.codeChallenge&&o.set("code_challenge",i.codeChallenge),i.responseMode&&o.set("response_mode",i.responseMode),i.useSilentAuth&&o.set("use_silent_auth",i.useSilentAuth?"true":"false"),i.loginHint&&o.set("login_hint",i.loginHint),i.disableLoginHintEditing&&o.set("disable_login_hint_editing",i.disableLoginHintEditing?"true":"false"),o.set("allow_unverified_email",i.allowUnverifiedEmail?"true":"false"),s)for(let e=0;e<s.length;e++){const t=s[e];D(t),o.set(t.name,t.value)}return`${a([e,t])}?${o.toString()}`},D=e=>{if(!e.name||!e.value)throw new n("Custom query parameters must have both name and value");if(e.name.length>100||e.value.length>100)throw new n("Custom query parameters' name and value must be under 100 characters");if(!/^[\x20-\x7E]*$/.test(e.name)||!/^[\x20-\x7E]*$/.test(e.value))throw new n("Custom query parameter contains invalid characters. Only printable ASCII characters are allowed")},L=(e,t)=>{const i=t.get(e);return i?decodeURIComponent(i):null},M=(e,t)=>e===t||!!(t.endsWith("/")&&t.length>1)&&e===t.substring(0,t.length-1);function H(){window.gamera=window.gamera||{},window.gamera.cmd=window.gamera.cmd||[]}function W(e,t={}){H(),window.gamera.cmd.push((()=>{var i,n;null===(n=null===(i=window.gamera)||void 0===i?void 0:i.event)||void 0===n||n.call(i,e,t)}))}function $(e,t){H(),window.gamera.cmd.push((()=>{var i,n;null===(n=null===(i=window.gamera)||void 0===i?void 0:i.addDimensions)||void 0===n||n.call(i,{[e]:t})}))}class N{constructor(e,t,i,n,s){this.isRedirectingForAuth=!1,this.silentAuth=s,this.openPassOptions=e,this.popupAuth=i,this.redirectAuth=t,this.apiClient=n}renderInlineSignInForm(e){var t;if(!e.parentContainerElementId)throw new n("inlineSignInOptions.parentContainerElementId is required for inline sign-in method.");e.signinButtonTextOption=null!==(t=e.signinButtonTextOption)&&void 0!==t?t:"continue";const i=document.getElementById(e.parentContainerElementId),s=e.authenticationMode,o=e.signinButtonBorderRadiusInPixels;if(!i)throw new n(`Cannot locate parent container element "${e.parentContainerElementId}" for inline sign-in form.`);if("popup"!=s&&"redirect"!=s)throw new n(`Invalid authentication mode: ${s}.`);if("redirect"==s&&!e.redirectUrl)throw new n("Must provide redirectUrl for inline sign-in form when authentication mode is redirect.");if("popup"==s&&!e.popupSuccessCallback)throw new n("Must provide popupSuccessCallback for inline sign-in form when authentication mode is popup.");if(e.widthInPixels&&e.widthInPixels<250)throw new n("Inline sign-in form width must be at least 250 pixels.");if(e.heightInPixels&&e.heightInPixels<500)throw new n("Inline sign-in form width must be at least 500 pixels.");if(!["boolean","undefined"].includes(typeof e.darkModeEnabled))throw new n("Invalid darkModeEnabled value. Must be true or false.");if(void 0!==o){if(!/^[0-9]+$/.test(String(o)))throw new n("Invalid signinButtonBorderRadiusInPixels value. Must be an integer number greater than or equal to 0.");if(o>2147483647)throw new n("Invalid signinButtonBorderRadiusInPixels value. Must be less than or equal to 2147483647.")}const r=e.popupSuccessCallback,a=e.popupFailureCallback,d=e.popupSignInInitiatedCallback;window.addEventListener("message",(async t=>{var o,p,c,u;const h=v(this.openPassOptions.baseUrl);if(!M(t.origin,h)||!t.data||"inline-sign-in-message"!=t.data.type)return;const w=t.data,m=w.authenticationPredictionId,f=null!==(p=null===(o=e.customQueryParameters)||void 0===o?void 0:o.slice())&&void 0!==p?p:[];m&&f.push({name:"authentication_prediction_id",value:m});let b=e.clientState;void 0!==w.additionalClientState&&(b={...b,...w.additionalClientState});const k={clientState:b,disableLoginHintEditing:!1,loginHint:w.loginHint,customQueryParameters:f,allowUnverifiedEmail:e.allowUnverifiedEmail,trySilentAuth:w.trySilentAuth};switch(s){case"popup":try{let t;if(w.trySilentAuth){const n=await this.silentAuth.handleSilentAuthWithPopupFallback(i,{...k,redirectUrl:e.redirectUrl,source:"SignInWithOpenPassInlineForm",customQueryParameters:f},h,l,(async()=>this.handlePopupFlow(w,k,e,f,d)));if(!n)break;t=n}else{if(this.currentLoginHint===w.loginHint&&this.popupAuth.refocusIfPopupExists())break;t=await this.handlePopupFlow(w,k,e,f,d)}w.trySilentAuth&&(null===(c=l.contentWindow)||void 0===c||c.postMessage({type:g},h)),r&&r(t)}catch(e){e instanceof n?a&&a(e):console.error(e)}break;case"redirect":if(this.isRedirectingForAuth)break;this.isRedirectingForAuth=!0;try{await this.redirectAuth.signIn({...k,redirectUrl:e.redirectUrl,source:"SignInWithOpenPassInlineForm",customQueryParameters:f})}catch(e){null===(u=l.contentWindow)||void 0===u||u.postMessage({type:"openpass-redirect-sign-in-failure"},h),console.error(e)}finally{this.isRedirectingForAuth=!1}break;default:console.log("Invalid authentication mode: "+s)}}));const l=this.createIframeElement(this.openPassOptions.clientId,e);i.appendChild(l),W("inline-sign-in-rendered"),this.apiClient.sendClientTelemetryEvent("SignInWithOpenPassInlineFormShown")}async handlePopupFlow(e,t,i,n,s){if(s)try{s()}catch(e){console.error("Error handling sign-in initiated callback.",e)}return this.currentLoginHint=e.loginHint,await this.popupAuth.signInWithPopup({...t,redirectUrl:i.redirectUrl,source:"SignInWithOpenPassInlineForm",customQueryParameters:n})}createIframeElement(e,t){var i,n,s,o,r,a;const d=document.createElement("iframe"),l=v(this.openPassOptions.baseUrl),p=new URL("/inline-sign-in-v2",l);return p.searchParams.append("client_id",e),p.searchParams.append("submit_button_text",null!==(n=null===(i=t.signinButtonTextOption)||void 0===i?void 0:i.toString())&&void 0!==n?n:"continue"),p.searchParams.append("auth_mode",t.authenticationMode),t.hideSignInFormApplicationLogo&&p.searchParams.append("hide_client_application_logo",t.hideSignInFormApplicationLogo.toString()),t.hideSignInFormHeaderText&&p.searchParams.append("hide_header_text",t.hideSignInFormHeaderText.toString()),t.signinButtonBackgroundColorHex&&p.searchParams.append("sign_in_button_background_hex_colour",t.signinButtonBackgroundColorHex),void 0!==t.signinButtonBorderRadiusInPixels&&p.searchParams.append("sign_in_button_border_radius_px",String(t.signinButtonBorderRadiusInPixels)),t.darkModeEnabled&&p.searchParams.append("dark_mode_enabled",t.darkModeEnabled.toString()),d.src=p.toString(),d.width=null!==(o=null===(s=t.widthInPixels)||void 0===s?void 0:s.toString())&&void 0!==o?o:"100%",d.height=null!==(a=null===(r=t.heightInPixels)||void 0===r?void 0:r.toString())&&void 0!==a?a:"100%",d}}const B="openPassQuickAuthDismissalData";class Q{constructor(e,t,i,s,o){this.quickAuthSignInOptions=null,this.isInitialized=!1,this.showInstantly=(e=!1)=>{var t;if(!this.isInitialized)throw new n("Quick Auth is not initialized. Call `render` first.");(e||!0!==this.isVisible)&&(this.isVisible=!0,this.quickAuthDialogIFrame.style.display="block",(null===(t=this.quickAuthSignInOptions)||void 0===t?void 0:t.visibilityChangedCallback)&&(W("quick-auth-visibility-updated",{visibility:"visible"}),this.quickAuthSignInOptions.visibilityChangedCallback({visibility:"visible"})),this.apiClient.sendClientTelemetryEvent("SignInWithOpenPassQuickSignShown"))},this.hideInstantly=()=>{var e;if(!this.isInitialized)throw new n("Quick Auth is not initialized. Call `render` first.");!1!==this.isVisible&&(this.isVisible=!1,this.quickAuthDialogIFrame.style.display="none",(null===(e=this.quickAuthSignInOptions)||void 0===e?void 0:e.visibilityChangedCallback)&&(W("quick-auth-visibility-updated",{visibility:"hidden"}),this.quickAuthSignInOptions.visibilityChangedCallback({visibility:"hidden"})))},this.openPassOptions=e,this.popupAuth=i,this.redirectAuth=t,this.apiClient=s,this.silentAuth=o}render(e){this.quickAuthSignInOptions=e;const{redirectUrl:t,show:i,visibility:s,parentContainerElementId:o,authenticationMode:r,popupSuccessCallback:a}=e;if(void 0===s&&(this.quickAuthSignInOptions.visibility=void 0===i||!0===i?"displayOnInit":"hideOnInit"),!o)throw new n("parentContainerElementId is required for quick-auth sign-in method.");const d=document.getElementById(o);if(!d)throw new n(`Cannot locate parent container element "${o}" for quick-auth`);if(this.parentContainer=d,"popup"!==r&&"redirect"!==r)throw new n(`Invalid authentication mode: ${r}.`);if("popup"===r&&!a)throw new n("Must provide popupSuccessCallback for quick-auth when authentication mode is popup.");if("redirect"===r&&!t)throw new n("Must provide redirectUrl for quick-auth when authentication mode is redirect.");this.quickAuthDialogIFrame=this.createHiddenQuickAuthIframe(this.openPassOptions.clientId,this.parentContainer),window.addEventListener("message",(t=>this.messageHandler(t,e,this.quickAuthDialogIFrame))),this.parentContainer.appendChild(this.quickAuthDialogIFrame),W("quick-auth-rendered")}showWithDelay(){var e,t;if(!this.isInitialized)throw new n("Quick Auth is not initialized. Call `render` first.");if(!0===this.isVisible)return;this.isVisible=!0;const i=setTimeout((()=>{this.showInstantly(!0),clearTimeout(i)}),null!==(t=null===(e=this.quickAuthSignInOptions)||void 0===e?void 0:e.delayMs)&&void 0!==t?t:1e3)}messageHandler(e,t,i){if(M(e.origin,v(this.openPassOptions.baseUrl))&&e.data&&e.data.type)switch(e.data.type){case"openpass-quick-auth-initialized-message":this.handleInitializedMessage(e,t);break;case"openpass-quick-auth-continue-button-message":this.handleContinueButtonMessage(e,t);break;case"openpass-quick-auth-close-button-message":this.handleCloseButtonMessage(i)}}handleInitializedMessage(e,t){const{data:{hasSession:i,popupWidth:n,popupHeight:s}}=e;switch(this.setupQuickAuthIframeHeight({width:n,height:s}),this.isInitialized=!0,t.visibility){case"displayOnInit":this.showWithDelay();break;case"displayOnInitIfSessionActive":i?this.showWithDelay():this.hideInstantly();break;case"hideOnInit":this.hideInstantly()}i&&$("is_op_session_detected","true")}async handleContinueButtonMessage(e,t){var i,s;const{data:o}=e,r=t.popupSuccessCallback,a=t.popupFailureCallback,d=t.authenticationMode;this.clearDismissalData();const l={clientState:t.clientState,disableLoginHintEditing:!1,loginHint:o.loginHint,trySilentAuth:o.trySilentAuth,customQueryParameters:t.customQueryParameters,allowUnverifiedEmail:t.allowUnverifiedEmail};switch(d){case"popup":try{const e={...l,redirectUrl:t.redirectUrl,source:"SignInWithOpenPassQuickAuth"};var p;const n=v(this.openPassOptions.baseUrl);if(o.trySilentAuth){let t=await this.silentAuth.handleSilentAuthWithPopupFallback(this.parentContainer,e,n,this.quickAuthDialogIFrame);if(!t)break;p=t}else{if(this.popupAuth.refocusIfPopupExists())break;p=await this.popupAuth.signInWithPopup(e)}o.trySilentAuth&&(null===(s=null===(i=this.quickAuthDialogIFrame)||void 0===i?void 0:i.contentWindow)||void 0===s||s.postMessage({type:g},n)),r&&(this.hideInstantly(),r(p))}catch(e){e instanceof n?a&&a(e):console.error(e)}break;case"redirect":this.redirectAuth.signIn({...l,redirectUrl:t.redirectUrl,source:"SignInWithOpenPassQuickAuth"});break;default:console.error("Invalid authentication mode: "+d)}}handleCloseButtonMessage(e){this.incrementDismissalData(),this.hideInstantly(),this.apiClient.sendClientTelemetryEvent("SignInWithOpenPassQuickSignDismissed")}createHiddenQuickAuthIframe(e,t){const i=document.createElement("iframe"),n=v(this.openPassOptions.baseUrl),s=new URL("/quick-auth",n);s.searchParams.append("client_id",e);const o=this.getDismissalData();return o&&(s.searchParams.append("last_dismissed_utc",o.lastDismissedUtc),s.searchParams.append("times_dismissed",o.timesDismissed.toString())),t.style.zIndex="9999",i.src=s.toString(),i.width="100%",i.style.display="none",i.style.border="none",i.style.overflow="hidden",window.innerWidth>640?(t.style.position="fixed",t.style.top="120px",t.style.right="20px"):(t.style.width="100%",t.style.position="fixed",t.style.bottom="0px",t.style.left="0px"),i}setupQuickAuthIframeHeight({width:e,height:t}){if(!this.quickAuthDialogIFrame||!this.parentContainer)throw new n("Quick Auth is not rendered. Call `render` first.");this.quickAuthDialogIFrame.height=`${t}px`,this.parentContainer.style.height=`${t}px`,this.quickAuthDialogIFrame.style.minWidth=`${e}px`}getDismissalData(){const e=localStorage.getItem(B);if(null==e)return null;try{const t=JSON.parse(e);if(!Number.isFinite(t.timesDismissed)||t.timesDismissed<0)throw new Error("Invalid quick auth dismissal data");if(!Date.parse(t.lastDismissedUtc))throw new Error("Invalid quick auth dismissal data");return t}catch(e){return this.clearDismissalData(),null}}clearDismissalData(){localStorage.removeItem(B)}incrementDismissalData(){const e=this.getDismissalData(),t=(new Date).toISOString(),i=((null==e?void 0:e.timesDismissed)||0)+1;localStorage.setItem(B,JSON.stringify({timesDismissed:i,lastDismissedUtc:t}))}}const V=()=>window.crypto||window.msCrypto,J=(e=43)=>{const t=new Uint32Array(e);return V().getRandomValues(t),Array.from(t,(e=>`0${e.toString(16)}`.slice(-2))).join("")},K=(e=43)=>J(e),Z=async e=>{const t=await(async e=>{const t=(new TextEncoder).encode(e);return await(()=>{const e=V();return e.subtle||e.webkitSubtle})().digest("SHA-256",t)})(e);return n=t,i=String.fromCharCode.apply(null,new Uint8Array(n)),btoa(i).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"");var i,n},G=(e=16)=>J(e),X=(e,t,i)=>{let n="",s="";t instanceof Error?(n=t.message,s=t.stack||"",s.length>1e4&&(s=s.substring(0,1e4))):n="An error occurred",i.sendSdkTelemetryEvent("Error",e,n,s).catch((e=>{console.error(`Error sending OpenPass SDK telemetry event, error: ${e}`)}))},Y=(e,t,i)=>{i.sendSdkTelemetryEvent("Info",e,t,null).catch((e=>{console.error(`Error sending OpenPass SDK telemetry event, error: ${e}`)}))};class ee{constructor(e,t,i){this.openPassOptions=e,this.openPassApiClient=i,this.signInStateRepository=t}async signIn(e){var t,i;if(!e.redirectUrl)throw new n("Error redirectUrl is invalid. Please use a valid redirectUrl");W("sign-in-with-redirect-started",{source:e.source});try{const n=K(),s={clientState:e.clientState,clientId:this.openPassOptions.clientId,redirectUrl:e.redirectUrl,codeVerifier:n,codeChallenge:await Z(n),codeChallengeMethod:u,state:G(),loginHint:e.loginHint,disableLoginHintEditing:e.disableLoginHintEditing,originatingUri:null===(t=null===window||void 0===window?void 0:window.location)||void 0===t?void 0:t.href,allowUnverifiedEmail:null!==(i=e.allowUnverifiedEmail)&&void 0!==i&&i};this.signInStateRepository.add(s);const o=z(v(this.openPassOptions.baseUrl),m,s,e.source,e.customQueryParameters);window.location.href=o}catch(e){throw console.error("Unable to start a sign-in session",e),X("RedirectAuth.signIn",e,this.openPassApiClient),e}}isAuthenticationRedirect(){try{const e=q(window.location.search);if(!F(e))return!1;const t=this.signInStateRepository.get();if(!t)return console.warn("No authentication session found when checking authentication redirect, ensure a call to signIn via redirect has been made first"),Y("RedirectAuth.isAuthenticationRedirect","No auth session found",this.openPassApiClient),!1;if(!t.redirectUrl)return console.warn("No redirect url found in the auth session, ensure a call to signIn via redirect has been made first"),Y("RedirectAuth.isAuthenticationRedirect","Auth session found, but redirect url was not set",this.openPassApiClient),!1;const i=j(window.location.href,t.redirectUrl);return Y("RedirectAuth.isAuthenticationRedirect",`validAuthenticationRedirectUrl is ${i}`,this.openPassApiClient),i}catch(e){throw console.error("Unable to check if the current URL is a valid redirect URL for the current auth session",e),X("RedirectAuth.isAuthenticationRedirect",e,this.openPassApiClient),e}}async handleAuthenticationRedirect(){try{const e=q(window.location.search);if(!F(e))throw new s(y,"The current URL does not contain expected state and code or error parameters, cannot handle redirect","");const t=this.signInStateRepository.get();if(!t)throw console.error("No auth session found, cannot handle redirect. Ensure a call to signIn via redirect has been made first"),new s(y,"No auth session found, cannot handle redirect. Ensure a call to signIn via redirect has been made first","");if(!t.redirectUrl)throw console.error("No redirect url found in the auth session, ensure a call to signIn via redirect has been made first"),new s(y,"No redirect url found in the auth session, ensure a call to signIn via redirect has been made first","");if(!j(window.location.href,t.redirectUrl))throw console.error("The current URL does not match the expected redirect URL, cannot handle redirect"),new s(y,"The current URL does not match the expected redirect URL, cannot handle redirect","");if(this.signInStateRepository.remove(),e.error)throw new s(e.error,e.errorDescription?e.errorDescription:"",e.errorUri?e.errorUri:"",t.clientState);if(e.state!==t.state)throw console.error("The state parameter in the redirect URL does not match the state in the auth session, cannot complete the redirect flow"),new s("invalid_auth_session","The state parameter in the redirect URL does not match the state in the auth session","",t.clientState);const i=await this.openPassApiClient.exchangeAuthCodeForTokens(e.code,t),{idToken:n,rawIdToken:o,accessToken:r,refreshToken:a,tokenType:d,expiresIn:l}=i,p={clientState:t.clientState,originatingUri:t.originatingUri,idToken:n,rawIdToken:o,accessToken:r,rawAccessToken:r,refreshToken:a,tokenType:d,expiresIn:l};return p.idToken&&(W("authentication-completed",{method:"redirect"}),$("is_authenticated","true"),$("op_user_id",p.idToken.sub||"")),p}catch(e){throw X("RedirectAuth.handleAuthenticationRedirect",e,this.openPassApiClient),e}}}const te=(e,t,i,n)=>{const s=(window.outerWidth-i)/2+window.screenX,o=`scrollbars=yes,resizable=yes,toolbar=no,top=${(window.outerHeight-n)/2+window.screenY},left=${s},width=${i},height=${n}`;return window.open(e,t,o)};class ie extends Promise{constructor(e){let t;super(((i,n)=>e(i,n,(e=>t=e)))),this.onAbort=t}abort(){this.onAbort&&this.onAbort()}}function ne(e,t){return!(!e.code||!e.state)&&t.state===e.state}const se="openpass:popup:login";class oe{constructor(e,t,i){this.openPassOptions=e,this.openPassApiClient=i,this.redirectApi=t}refocusIfPopupExists(){return!(!this.popupWindow||this.popupWindow.window.closed||(this.popupWindow.window.focus(),0))}async signInWithPopup(e){let t;W("sign-in-with-pop-up-started",{source:e.source}),this.closePopupIfExists(this.popupWindow);let i=null;try{t=this.openPopup()}catch(e){t=null,i=null==e?void 0:e.message}if(!t){if(e.redirectUrl)throw Y("PopupAuth.signInWithPopup","Popup failed to open, falling back to redirect",this.openPassApiClient),this.redirectApi.signIn({...e,redirectUrl:e.redirectUrl}),new n("Using redirect instead of popup. This error should not be thrown because the redirect happens first.");let t="Popup window did not open correctly.";throw i&&(t+=` Error: ${i}`),new n(t)}const s={window:t};return this.popupWindow=s,this.doLogin(s,e)}async doLogin(e,t){var i,n;const s=()=>{this.closePopupIfExists(e)};window.addEventListener("beforeunload",s);const r=setInterval((()=>{if(e.window&&!e.window.closed){const t={source:"openpass-popup-ping"};e.window.postMessage(t,v(this.openPassOptions.baseUrl))}}),500);try{const s=K(),o={clientState:null==t?void 0:t.clientState,clientId:this.openPassOptions.clientId,redirectUrl:null==t?void 0:t.redirectUrl,codeVerifier:s,codeChallenge:await Z(s),codeChallengeMethod:u,state:G(),responseMode:h,loginHint:null==t?void 0:t.loginHint,disableLoginHintEditing:null==t?void 0:t.disableLoginHintEditing,originatingUri:null===(i=null===window||void 0===window?void 0:window.location)||void 0===i?void 0:i.href,allowUnverifiedEmail:null!==(n=null==t?void 0:t.allowUnverifiedEmail)&&void 0!==n&&n},r=t?t.source:"Custom",a=z(v(this.openPassOptions.baseUrl),m,o,r,null==t?void 0:t.customQueryParameters);try{e.window.location.replace(a)}catch(t){e.window.location.href=a}return await this.waitForPopupResponse(e,o)}catch(t){throw t instanceof o||(X("PopupAuth.doLogin",t,this.openPassApiClient),this.closePopupIfExists(e)),t}finally{window.removeEventListener("beforeunload",s),clearInterval(r)}}async waitForPopupResponse(e,t){const i=await this.listenForPopupResponse(e);if(!ne(i,t)||!i.code){const e=new s(i.error?i.error:_,i.errorDescription?i.errorDescription:"Error, invalid authorization code response",i.errorUri?i.errorUri:"",t.clientState);throw X("PopupAuth.waitForPopupResponse",e,this.openPassApiClient),e}const n=await this.openPassApiClient.exchangeAuthCodeForTokens(i.code,t);return await this.completeAuthentication(e,n,t)}async completeAuthentication(e,t,i){const{idToken:s,rawIdToken:o,rawAccessToken:r,refreshToken:a,expiresIn:d,tokenType:l}=t;return new Promise(((t,p)=>{setTimeout((()=>{p(new n("No Response received from popup"))}),1e4),(async()=>{try{this.closePopupIfExists(e);const n={clientState:i.clientState,originatingUri:i.originatingUri,idToken:s,rawIdToken:o,accessToken:r,rawAccessToken:r,refreshToken:a,expiresIn:d,tokenType:l};n.idToken&&(W("authentication-completed",{method:"popup"}),$("is_authenticated","true"),$("op_user_id",n.idToken.sub||"")),t(n)}catch(t){this.closePopupIfExists(e),p(t)}})()}))}async listenForPopupResponse(e){let t,i,s;const r=new ie(((r,a,d)=>{let l=null;t=setInterval((()=>{e.window&&e.window.closed&&(l?r(l):(clearInterval(t),window.removeEventListener("message",s),this.closePopupIfExists(e),Y("PopupAuth.listenForPopupResponse","Popup window closed, aborting sign-in",this.openPassApiClient),a(new n("Popup closed, authentication response not available"))))}),100),s=e=>{if(!M(e.origin,v(this.openPassOptions.baseUrl)))return;if(Y("PopupAuth.listenForPopupResponse",`Popup message received. Has Data: ${!!e.data}`,this.openPassApiClient),!e.data)return;const{data:t}=e;t.source&&"openpass-authorize-message"===t.source?r(t):"openpass-advance-authorize-message"==t.source&&(l=t)},window.addEventListener("message",s,!1),i=setInterval((()=>{clearInterval(i),a(new n("No Response received from popup")),Y("PopupAuth.listenForPopupResponse","No Response received from popup after maximum timeout",this.openPassApiClient)}),6e5),d((()=>{clearInterval(t),clearTimeout(i),window.removeEventListener("message",s),a(new o("Popup window was closed"))}))}));return e.listener=r,r.finally((()=>{clearInterval(t),clearTimeout(i),window.removeEventListener("message",s)}))}openPopup(){return"undefined"!=typeof window&&"undefined"!=typeof document&&void 0!==typeof window.postMessage&&null!==window.postMessage?window.matchMedia("screen and (min-width:960px)").matches?te("",se,428,586):((e,t)=>{{const e=`scrollbars=yes,resizable=yes,toolbar=no,top=${window.screenY},left=${window.screenX},width=${window.outerWidth},height=${window.outerHeight}`;return window.open("",t,e)}})(0,se):null}closePopupIfExists(e){if(e){if(e.window&&!e.window.closed)try{e.window.close()}catch(e){console.warn("Error closing the openpass popup window",e)}if(e.listener)try{e.listener.abort(),e.listener=void 0}catch(e){console.warn("Error aborting the openpass popup listener",e)}e==this.popupWindow&&(this.popupWindow=void 0)}}}const re=e=>{switch(e){case"x-large":return 22;case"large":return 18;case"medium":return 14;case"small":return 10}},ae="openpass-sign-in-button-stylesheet";class de{constructor(e,t,i){this.popupAuth=t,this.redirectAuth=e,this.apiClient=i}renderSignInButton(e){if(!e.parentContainerElementId)throw new n("No parent container element id provided for OpenPass sign-in button");if(e.authenticationMode&&"redirect"!==e.authenticationMode&&"popup"!==e.authenticationMode)throw new n("Invalid authentication mode provided for OpenPass sign-in button, please choose either 'redirect' or 'popup'");if("redirect"==e.authenticationMode&&!e.redirectUrl)throw new n("No redirect url provided for OpenPass sign-in button");if("popup"==e.authenticationMode&&!e.popupSuccessCallback)throw new n("No popup success callback provided for OpenPass sign-in button");if(e.shape&&"standard"!==e.shape&&"icon"!==e.shape)throw new n("Invalid shape provided for OpenPass sign-in button, please choose either 'standard' or 'icon'");if(e.shapeVariant&&"pill"!==e.shapeVariant&&"rectangle"!==e.shapeVariant&&"circle"!==e.shapeVariant&&"square"!==e.shapeVariant)throw new n("Invalid shape variant provided for OpenPass sign-in button, please choose either 'pill', 'rectangle', 'circle' or 'square'");if("standard"==e.shape&&void 0!==e.shapeVariant&&"pill"!==e.shapeVariant&&"rectangle"!==e.shapeVariant)throw new n("Invalid shape variant provided for OpenPass sign-in button, please choose either 'pill' or 'rectangle'");if("icon"==e.shape&&void 0!==e.shapeVariant&&"circle"!==e.shapeVariant&&"square"!==e.shapeVariant)throw new n("Invalid shape variant provided for OpenPass sign-in button, please choose either 'circle' or 'square'");if(e.additionalWidth&&e.additionalWidth<0)throw new n("Invalid width override provided for OpenPass sign-in button, please provide a positive number");if(e.size&&"x-large"!==e.size&&"large"!==e.size&&"medium"!==e.size&&"small"!==e.size)throw new n("Invalid size provided for OpenPass sign-in button, please choose either 'x-large', 'large', 'medium' or 'small'");if(e.theme&&"openpass"!==e.theme&&"light"!==e.theme&&"dark"!==e.theme)throw new n("Invalid theme provided for OpenPass sign-in button, please choose either 'openpass', 'light' or 'dark'");if(e.text&&"signin"!==e.text&&"signin_with"!==e.text&&"continue_with"!==e.text)throw new n("Invalid text type provided for OpenPass sign-in button, please choose either 'signin', 'signin_with' or 'continue_with'");const t=document.getElementById(e.parentContainerElementId);if(!t)throw new n(`No button container found with id '${e.parentContainerElementId}' for OpenPass sign-in button`);var i;i=ae,null===document.querySelector(`style[id=${i}]`)&&((e,t)=>{const i=document.createElement("style");i.innerHTML=e,i.id=t,document.getElementsByTagName("head")[0].appendChild(i)})("\n    .op-js-sdk-siwopb__root {\n      border: none;\n      cursor: pointer;\n      display: flex;\n      font-family: Poppins, sans-serif;\n      text-align: center;\n      align-items: center;\n      justify-content: center;\n      vertical-align: middle;\n      white-space: nowrap;\n    }\n    \n    .op-js-sdk-siwopb__inner {\n      display: flex;\n      align-items: center;\n    }\n    \n    .op-js-sdk-siwopb__inner > svg {\n      flex-shrink: 0;\n    }\n\n    .op-js-sdk-siwopb__theme-openpass {\n      background-color: #012359;\n      color: #FFFFFF;\n    }\n\n    .op-js-sdk-siwopb__theme-light {\n      background-color: #FFFFFF;\n      color: #3C4043;\n\n      border-style: solid;\n      border-color: #DADCE0;\n      border-width: 1px;\n    }\n\n    .op-js-sdk-siwopb__theme-dark {\n      background-color: #202124;\n      color: #FFFFFF;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-x-large {\n      font-weight: 400;\n      font-size: 16px;\n      \n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 16px;\n      padding-right: 16px;\n\n      height: 48px;\n      min-height: 48px;\n      max-height: 48px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-pill-x-large {\n      border-radius: 100px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-rectangle-x-large {\n      border-radius: 4px;\n    }\n    \n    .op-js-sdk-siwopb__size-shape-standard-large {\n      font-weight: 400;\n      font-size: 14px;\n      \n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 12px;\n      padding-right: 12px;\n\n      height: 40px;\n      min-height: 40px;\n      max-height: 40px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-pill-large {\n      border-radius: 20px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-rectangle-large {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-medium {\n      font-weight: 400;\n      font-size: 12px;\n\n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 12px;\n      padding-right: 12px;\n      \n      height: 32px;\n      min-height: 32px;\n      max-height: 32px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-pill-medium {\n      border-radius: 16px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-rectangle-medium {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-small {\n      font-weight: 300;\n      font-size: 11px;\n\n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 8px;\n      padding-right: 8px;\n      \n      height: 20px;\n      min-height: 20px;\n      max-height: 20px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-pill-small {\n      border-radius: 10px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-standard-rectangle-small {\n      border-radius: 4px;\n    }\n\n\n    .op-js-sdk-siwopb__size-shape-icon-x-large {\n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 12px;\n      padding-right: 12px;\n\n      height: 48px;\n      min-height: 48px;\n      max-height: 48px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-square-x-large {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-circle-x-large {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-large {\n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 10px;\n      padding-right: 10px;\n\n      height: 40px;\n      min-height: 40px;\n      max-height: 40px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-square-large {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-circle-large {\n      border-radius: 20px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-medium {\n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 8px;\n      padding-right: 8px;\n\n      height: 32px;\n      min-height: 32px;\n      max-height: 32px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-square-medium {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-circle-medium {\n      border-radius: 16px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-small {\n      padding-top: 0px;\n      padding-bottom: 0px;\n      padding-left: 4px;\n      padding-right: 4px;\n      \n      height: 20px;\n      min-height: 20px;\n      max-height: 20px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-square-small {\n      border-radius: 4px;\n    }\n\n    .op-js-sdk-siwopb__size-shape-icon-circle-small {\n      border-radius: 10px;\n    }\n\n    .op-js-sdk-siwopb__logo-x-large {\n      height: 22px;\n      width: 22px;\n    }\n\n    .op-js-sdk-siwopb__logo-large {\n      height: 18px;\n      width: 18px;\n    }\n\n    .op-js-sdk-siwopb__logo-medium {\n      height: 14px;\n      width: 14px;\n    }\n\n    .op-js-sdk-siwopb__logo-small {\n      height: 10px;\n      width: 10px;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-standard-x-large {\n      margin-right: 10px;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-standard-large {\n      margin-right: 10px;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-standard-medium {\n      margin-right: 10px;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-standard-small {\n      margin-right: 10px;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-icon-x-large {\n      margin-left: auto;\n      margin-right: auto;\n      vertical-align: middle;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-icon-large {\n      margin-left: auto;\n      margin-right: auto;\n      vertical-align: middle;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-icon-medium {\n      margin-left: auto;\n      margin-right: auto;\n      vertical-align: middle;\n    }\n\n    .op-js-sdk-siwopb__logo-shape-icon-small {\n      margin-left: auto;\n      margin-right: auto;\n      vertical-align: middle;\n    }\n  ",ae),(()=>{const e=document.getElementsByTagName("head")[0].getElementsByTagName("link");for(let t=0;t<e.length;t++)if(e[t].href.includes("Poppins"))return!0;return!1})()||(()=>{const e=document.createElement("link");e.href="https://fonts.googleapis.com/css?family=Poppins",e.rel="stylesheet",document.getElementsByTagName("head")[0].appendChild(e)})();const s=(e=>{var t,i,n,s,o;const r=null!==(t=e.text)&&void 0!==t?t:"signin_with",a=null!==(i=e.size)&&void 0!==i?i:"large",d=null!==(n=e.theme)&&void 0!==n?n:"openpass",l=null!==(s=e.shape)&&void 0!==s?s:"standard",p=null!==(o=e.shapeVariant)&&void 0!==o?o:"pill",c=document.createElement("button");c.setAttribute("type","button"),c.setAttribute("aria-label","Sign in with OpenPass Button"),c.classList.add("op-js-sdk-siwopb__root"),c.classList.add(`op-js-sdk-siwopb__size-shape-${l}-${a}`),c.classList.add(`op-js-sdk-siwopb__size-shape-${l}-${p}-${a}`),c.classList.add(`op-js-sdk-siwopb__theme-${d}`);const u=document.createElement("div");if(u.classList.add("op-js-sdk-siwopb__inner"),c.appendChild(u),e.additionalWidth&&e.additionalWidth>0){const t=e.additionalWidth/2;u.style.marginLeft=`${t}px`,u.style.marginRight=`${t}px`}const h="light"===d?(e=>{const t=re(e),i=document.createElementNS("http://www.w3.org/2000/svg","svg");return i.setAttribute("role","img"),i.setAttribute("title","OpenPass Logo"),i.setAttribute("fill","none"),i.setAttribute("width",`${t}`),i.setAttribute("height",`${t}`),i.setAttribute("viewBox","5 4 40 40"),i.setAttribute("xmlns","http://www.w3.org/2000/svg"),i.innerHTML='\n<path d="M21.97 44c.95 0 1.87-.09 2.78-.26l.37-.08.12-.03.23-.05.19-.05.15-.04.23-.06.11-.03.24-.07.1-.03.25-.08c.03 0 .05-.02.08-.03a4.7 4.7 0 0 0 .33-.12l.28-.1h.02a17.05 17.05 0 0 0 1.51-.7h.02l.27-.14.03-.01.26-.15a.21.21 0 0 0 .05-.03l.23-.14a.2.2 0 0 0 .06-.04l.24-.14.03-.02c.37-.24.74-.5 1.09-.76l.24-.18.02-.02.22-.18c.02 0 .03-.03.05-.04l.2-.17.07-.05.2-.18.05-.04c.41-.37.8-.77 1.2-1.18a23.3 23.3 0 0 0 2.63-3.61c-.02.02.01-.02 0 0-.02.03 0 .02 0 0 .22-.39.41-.77.6-1.17l.54-1.23c-.01.01 0 0 0 0 1.1-2.7 1.58-5.65 1.58-8.56 0-7.58-5.53-15.41-14.35-13.13 5.05 1.45 8.8 6.77 8.8 13.13 0 6.35-3.74 11.7-8.8 13.15-8.13 1.57-14.32-4.59-14.32-13.47 0-5.73 1.81-11.28 6.19-15.13.5-.4.95-.85 1.47-1.24l.23-.17.08-.06.17-.11.03-.02.12-.08.13-.09.04-.03.15-.1.1-.07.2-.12.34-.2.32-.19c.03 0 .05-.03.08-.04.05-.01.09-.04.14-.06l.07-.04a3.02 3.02 0 0 1 .28-.15l.1-.06.42-.2.1-.03.1-.05c.02 0 .04-.02.05-.03l.08-.04.27-.12.36-.14c.17-.07.34-.12.51-.17l.67-.22.64-.18c1.32-.3 2.53-.77 3.9-.77h-5.55C12.51 4 4.84 12.96 4.84 24s7.67 20 17.12 20h.01Z" fill="#00A997"/>\n<path d="M27.82 44c9.4 0 17.02-8.95 17.02-20S37.22 4 27.82 4c-3.4 0-6.86 1.43-9.59 3.45-.8.66-1.55 1.36-2.24 2.15a21.2 21.2 0 0 0-5.09 12.6 25 25 0 0 0-.06 1.73c0 7.47 5.04 15.01 14.25 13.1-5.02-1.44-8.75-6.77-8.75-13.12 0-6.59 4.64-13.52 11.52-13.52 6.3 0 10 5.06 11.08 9.88.45 2.03.51 4.1.29 6.16-.07.66-.16 1.33-.29 1.98a20.25 20.25 0 0 1-8.71 13.27c-1.6.9-3.25 1.6-5.05 1.95-.9.17-1.82.37-2.76.37h5.4Z" fill="#030A40"/>\n',i})(a):(e=>{const t=re(e),i=document.createElementNS("http://www.w3.org/2000/svg","svg");return i.setAttribute("role","img"),i.setAttribute("title","OpenPass Logo"),i.setAttribute("fill","none"),i.setAttribute("width",`${t}`),i.setAttribute("height",`${t}`),i.setAttribute("viewBox","5 4 40 40"),i.setAttribute("xmlns","http://www.w3.org/2000/svg"),i.innerHTML='\n<path d="M21.97 44c.95 0 1.87-.09 2.78-.26l.37-.08.12-.03.23-.05.19-.05.15-.04.23-.06.11-.03.24-.07.1-.03.25-.08c.03 0 .05-.02.08-.03a4.7 4.7 0 0 0 .33-.12l.28-.1h.02a17.05 17.05 0 0 0 1.51-.7h.02l.27-.14.03-.01.26-.15a.21.21 0 0 0 .05-.03l.23-.14a.2.2 0 0 0 .06-.04l.24-.14.03-.02c.37-.24.74-.5 1.09-.76l.24-.18.02-.02.22-.18c.02 0 .03-.03.05-.04l.2-.17.07-.05.2-.18.05-.04c.41-.37.8-.77 1.2-1.18a23.3 23.3 0 0 0 2.63-3.61c-.02.02.01-.02 0 0-.02.03 0 .02 0 0 .22-.39.41-.77.6-1.17l.54-1.23c-.01.01 0 0 0 0 1.1-2.7 1.58-5.65 1.58-8.56 0-7.58-5.53-15.41-14.35-13.13 5.05 1.45 8.8 6.77 8.8 13.13 0 6.35-3.74 11.7-8.8 13.15-8.13 1.57-14.32-4.59-14.32-13.47 0-5.73 1.81-11.28 6.19-15.13.5-.4.95-.85 1.47-1.24l.23-.17.08-.06.17-.11.03-.02.12-.08.13-.09.04-.03.15-.1.1-.07.2-.12.34-.2.32-.19c.03 0 .05-.03.08-.04.05-.01.09-.04.14-.06l.07-.04a3.02 3.02 0 0 1 .28-.15l.1-.06.42-.2.1-.03.1-.05c.02 0 .04-.02.05-.03l.08-.04.27-.12.36-.14c.17-.07.34-.12.51-.17l.67-.22.64-.18c1.32-.3 2.53-.77 3.9-.77h-5.55C12.51 4 4.84 12.96 4.84 24s7.67 20 17.12 20h.01Z" fill="#00A997"/>\n<path d="M27.82 44c9.4 0 17.02-8.95 17.02-20S37.22 4 27.82 4c-3.4 0-6.86 1.43-9.59 3.45-.8.66-1.55 1.36-2.24 2.15a21.2 21.2 0 0 0-5.09 12.6 25 25 0 0 0-.06 1.73c0 7.47 5.04 15.01 14.25 13.1-5.02-1.44-8.75-6.77-8.75-13.12 0-6.59 4.64-13.52 11.52-13.52 6.3 0 10 5.06 11.08 9.88.45 2.03.51 4.1.29 6.16-.07.66-.16 1.33-.29 1.98a20.25 20.25 0 0 1-8.71 13.27c-1.6.9-3.25 1.6-5.05 1.95-.9.17-1.82.37-2.76.37h5.4Z" fill="#fff"/>\n  ',i})(a);if(h.classList.add(`op-js-sdk-siwopb__logo-${a}`),h.classList.add(`op-js-sdk-siwopb__logo-shape-${l}-${a}`),u.appendChild(h),"standard"===l){const e=document.createElement("span");e.innerText=(e=>{switch(e){case"signin":return"Sign in";case"continue_with":return"Continue with OpenPass";default:return"Sign in with OpenPass"}})(r),u.appendChild(e)}return c})(e);s.addEventListener("click",(async t=>{var i;if(t.preventDefault(),"redirect"==e.authenticationMode)await this.redirectAuth.signIn({redirectUrl:e.redirectUrl,source:"SignInWithOpenPassButton",clientState:e.clientState,loginHint:e.loginHint,customQueryParameters:e.customQueryParameters,allowUnverifiedEmail:e.allowUnverifiedEmail});else if("popup"==e.authenticationMode)try{const t=await this.popupAuth.signInWithPopup({redirectUrl:e.redirectUrl,source:"SignInWithOpenPassButton",clientState:e.clientState,loginHint:e.loginHint,customQueryParameters:e.customQueryParameters,allowUnverifiedEmail:e.allowUnverifiedEmail});try{null===(i=e.popupSuccessCallback)||void 0===i||i.call(e,t)}catch(e){console.error(`Error executing popup success callback, error: ${e}`)}}catch(t){if(e.popupFailedCallback)try{e.popupFailedCallback(t)}catch(e){console.error(`Error executing popup failed callback, error: ${e}`)}}})),t.appendChild(s),W("sign-in-button-rendered"),this.apiClient.sendClientTelemetryEvent("SignInWithOpenPassButtonShown")}}class le{constructor(e,t){this.openPassOptions=e,this.openPassApiClient=t}async authorizeDevice(e){const t=await this.openPassApiClient.authorizeDevice(this.openPassOptions.clientId,e.loginHint,e.disableLoginHintEditing);return{deviceCode:t.device_code,userCode:t.user_code,verificationUri:t.verification_uri,verificationUriComplete:t.verification_uri_complete,expiresIn:t.expires_in,interval:t.interval}}async deviceToken(e){const t=await this.openPassApiClient.deviceToken(this.openPassOptions.clientId,e),i={status:t.status};if(t.tokensResponse){const e=C(t.tokensResponse.id_token);i.tokens={idToken:e,rawIdToken:t.tokensResponse.id_token,accessToken:t.tokensResponse.access_token,rawAccessToken:t.tokensResponse.access_token,refreshToken:t.tokensResponse.refresh_token,tokenType:t.tokensResponse.token_type,expiresIn:t.tokensResponse.expires_in}}return i}}class pe{constructor(e,t,i){this.popup=i,this.openPassOptions=e,this.openPassApiClient=t}async handleSilentAuthWithPopupFallback(e,t,i,n,s){var o;let r;try{r=await this.silentAuth(e,t)}catch(e){if(null===(o=null==n?void 0:n.contentWindow)||void 0===o||o.postMessage({type:g},i),this.popup.refocusIfPopupExists())return;r=s?await s():await this.popup.signInWithPopup(t)}return r}async silentAuth(e,t,i){var n;const s=this.createHiddenSilentAuthIframe(e),o=K(),r={clientState:null==t?void 0:t.clientState,clientId:this.openPassOptions.clientId,redirectUrl:null==t?void 0:t.redirectUrl,codeVerifier:o,codeChallenge:await Z(o),codeChallengeMethod:u,state:G(),responseMode:h,loginHint:null==t?void 0:t.loginHint,disableLoginHintEditing:null==t?void 0:t.disableLoginHintEditing,originatingUri:null===(n=null===window||void 0===window?void 0:window.location)||void 0===n?void 0:n.href,useSilentAuth:!0,allowUnverifiedEmail:t.allowUnverifiedEmail},a=t?t.source:"Custom",d=z(v(this.openPassOptions.baseUrl),m,r,a,null==t?void 0:t.customQueryParameters);return s.src=d,W("silent-auth-started",{source:a}),await this.waitForIframeResponse(s,r,e,t)}async waitForIframeResponse(e,t,i,o,r){const a=await this.listenForIframeResponse(e);if(W("silent-auth-iframe-response-received"),!ne(a,t)||!a.code){const n=new s(a.error?a.error:_,a.errorDescription?a.errorDescription:"Error, invalid authorization code response",a.errorUri?a.errorUri:"",t.clientState);throw X("SilentAuth:WaitForIframeResponse",n,this.openPassApiClient),i.removeChild(e),n}$("is_op_session_detected","true");const d=await this.openPassApiClient.exchangeAuthCodeForTokens(a.code,t);try{const{idToken:e,rawIdToken:i,rawAccessToken:n,refreshToken:s,expiresIn:o,tokenType:r}=d;return $("is_authenticated","true"),$("op_user_id",e.sub||""),{clientState:t.clientState,originatingUri:t.originatingUri,idToken:e,rawIdToken:i,accessToken:n,rawAccessToken:n,refreshToken:s,expiresIn:o,tokenType:r}}catch(e){throw new n("Error retrieving tokens from iframe response: "+e)}finally{i.removeChild(e)}}createHiddenSilentAuthIframe(e){const t=document.createElement("iframe");if(t.style.setProperty("display","none","important"),!e)throw new n("Parent container is not defined: unable to create hidden iframe");return e.appendChild(t),t}async listenForIframeResponse(e){let t,i;return new Promise(((e,s)=>{i=t=>{if(!M(t.origin,v(this.openPassOptions.baseUrl)))return;if(Y("IframeAuth.listenForIframeResponse",`Iframe message received. Has Data: ${!!t.data}`,this.openPassApiClient),!t.data)return;const{data:i}=t;i.source&&"openpass-iframe-message"===i.source?e(i):console.warn("Received message from unexpected source:",i.source)},window.addEventListener("message",i,!1),t=window.setTimeout((()=>{s(new n("No Response received from iframe")),Y("IframeAuth.listenForIframeResponse","No Response received from iframe after maximum timeout",this.openPassApiClient)}),6e5)})).finally((()=>{clearTimeout(t),window.removeEventListener("message",i)}))}}class ce{constructor(e){this.showQuickAuthSignIn=()=>this.quickAuth.showInstantly(),this.hideQuickAuthSignIn=()=>this.quickAuth.hideInstantly(