UNPKG

@unqtech/age-verification-mitid

Version:

Frontend SDK for age verification via UNQVerify using MitID

2 lines (1 loc) 39.7 kB
"use strict";var UnqVerify=(()=>{var ue=Object.defineProperty,_t=Object.defineProperties,Pt=Object.getOwnPropertyDescriptor,vt=Object.getOwnPropertyDescriptors,It=Object.getOwnPropertyNames,Ve=Object.getOwnPropertySymbols;var ke=Object.prototype.hasOwnProperty,Ot=Object.prototype.propertyIsEnumerable;var Ut=(e,t)=>(t=Symbol[e])?t:Symbol.for("Symbol."+e),Je=Math.pow,we=(e,t,r)=>t in e?ue(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,w=(e,t)=>{for(var r in t||(t={}))ke.call(t,r)&&we(e,r,t[r]);if(Ve)for(var r of Ve(t))Ot.call(t,r)&&we(e,r,t[r]);return e},R=(e,t)=>_t(e,vt(t));var Nt=(e,t)=>{for(var r in t)ue(e,r,{get:t[r],enumerable:!0})},Wt=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of It(t))!ke.call(e,i)&&i!==r&&ue(e,i,{get:()=>t[i],enumerable:!(o=Pt(t,i))||o.enumerable});return e};var Dt=e=>Wt(ue({},"__esModule",{value:!0}),e);var l=(e,t,r)=>(we(e,typeof t!="symbol"?t+"":t,r),r),Le=(e,t,r)=>{if(!t.has(e))throw TypeError("Cannot "+r)};var p=(e,t,r)=>(Le(e,t,"read from private field"),r?r.call(e):t.get(e)),K=(e,t,r)=>{if(t.has(e))throw TypeError("Cannot add the same private member more than once");t instanceof WeakSet?t.add(e):t.set(e,r)},S=(e,t,r,o)=>(Le(e,t,"write to private field"),o?o.call(e,r):t.set(e,r),r);var u=(e,t,r)=>new Promise((o,i)=>{var n=a=>{try{c(r.next(a))}catch(f){i(f)}},s=a=>{try{c(r.throw(a))}catch(f){i(f)}},c=a=>a.done?o(a.value):Promise.resolve(a.value).then(n,s);c((r=r.apply(e,t)).next())}),ge=function(e,t){this[0]=e,this[1]=t},Me=(e,t,r)=>{var o=(s,c,a,f)=>{try{var d=r[s](c),h=(c=d.value)instanceof ge,y=d.done;Promise.resolve(h?c[0]:c).then(m=>h?o(s==="return"?s:"next",c[1]?{done:m.done,value:m.value}:m,a,f):a({value:m,done:y})).catch(m=>o("throw",m,a,f))}catch(m){f(m)}},i=s=>n[s]=c=>new Promise((a,f)=>o(s,c,a,f)),n={};return r=r.apply(e,t),n[Ut("asyncIterator")]=()=>n,i("next"),i("throw"),i("return"),n};var ur={};Nt(ur,{getVerifiedAge:()=>xt,handleRedirectResult:()=>Rt,init:()=>pr,isVerified:()=>le,resetVerification:()=>Tt,startVerificationWithPopup:()=>Qe,startVerificationWithRedirect:()=>Be});var Ee=null;function He(e){if(!e.publicKey||typeof e.publicKey!="string")throw new Error("[UNQVerify] publicKey is required and must be a string");if(!e.publicKey.startsWith("pk_test_")&&!e.publicKey.startsWith("pk_live_"))throw new Error("[UNQVerify] publicKey must start with 'pk_test_' or 'pk_live_'");if(!e.redirectUri||typeof e.redirectUri!="string")throw new Error("[UNQVerify] redirectUri is required and must be a string");if(!e.redirectUri.startsWith("https://")&&!e.redirectUri.startsWith("http://localhost"))throw new Error("[UNQVerify] redirectUri must be a valid HTTPS URL (or http://localhost for development)");if(typeof e.ageToVerify!="number"||e.ageToVerify<1||e.ageToVerify>150)throw new Error("[UNQVerify] ageToVerify must be a number between 1 and 150");if(typeof e.onVerified!="function")throw new Error("[UNQVerify] onVerified callback is required and must be a function");Ee=e}function Se(){if(!Ee)throw new Error("[UNQVerify] SDK not initialized");return Ee}function be(e){let r=e.publicKey.startsWith("pk_test_")?"https://test.api.aldersverificering.dk":"https://api.aldersverificering.dk",o=new URLSearchParams({RedirectUri:e.redirectUri,AgeToVerify:e.ageToVerify.toString()});return`${r}/api/v1/oidc/create?${o.toString()}`}function Ae(e,t){return u(this,null,function*(){let r=yield fetch(e,{method:"POST",headers:{"Content-Type":"application/json","x-public-key":t}});if(!r.ok){let i=yield r.text().catch(()=>"Unable to read error response");throw new Error(`API error: ${r.status} - ${i}`)}let o=yield r.text();if(!o.startsWith("https://")&&!o.startsWith("http://localhost"))throw new Error("Invalid redirect URL returned from API");return o})}function B(e){let r=`; ${document.cookie}`.split(`; ${e}=`);return r.length===2&&r.pop().split(";").shift()||null}function $e(e,t,r){let o=`${e}=${t}; path=/; SameSite=Lax; Secure`;if(r){let i=new Date(Date.now()+r*1e3);o+=`; expires=${i.toUTCString()}`}document.cookie=o}function Fe(e){document.cookie=`${e}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; SameSite=Lax; Secure`}var v="unqverify_token";var M=class extends Error{};M.prototype.name="InvalidTokenError";function Vt(e){return decodeURIComponent(atob(e).replace(/(.)/g,(t,r)=>{let o=r.charCodeAt(0).toString(16).toUpperCase();return o.length<2&&(o="0"+o),"%"+o}))}function kt(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return Vt(t)}catch(r){return atob(t)}}function I(e,t){if(typeof e!="string")throw new M("Invalid token specified: must be a string");t||(t={});let r=t.header===!0?0:1,o=e.split(".")[r];if(typeof o!="string")throw new M(`Invalid token specified: missing part #${r+1}`);let i;try{i=kt(o)}catch(n){throw new M(`Invalid token specified: invalid base64 for part #${r+1} (${n.message})`)}try{return JSON.parse(i)}catch(n){throw new M(`Invalid token specified: invalid json for part #${r+1} (${n.message})`)}}function le(){try{let e=B(v);if(!e)return!1;let t=I(e);if(!t.aldersverificeringdk_verification_result||typeof t.exp!="number"||!Number.isFinite(t.exp))return!1;let r=Math.floor(Date.now()/1e3);return!(t.exp<=r)}catch(e){return console.warn("[UNQVerify] Failed to parse verification token:",e),!1}}function Ke(e,...t){e.debug&&console.debug("[UNQVerify debug]",...t)}function H(e,t,r){var o,i,n,s;t==="denied"?(o=e.onDenied)==null||o.call(e,r):t==="cancelled"?(i=e.onCancelled)==null||i.call(e,r):(n=e.onError)==null||n.call(e,r),(s=e.onFailure)==null||s.call(e,new Error(r.message))}var Mt=new Set(["UNDER_AGE","POPUP_CLOSED","USER_CANCELLED","POPUP_BLOCKED","POPUP_TIMEOUT","UNTRUSTED_ORIGIN","NETWORK_ERROR","TOKEN_INVALID","UNKNOWN_ERROR"]);function Ht(e){return typeof e=="string"&&Mt.has(e)?e:"UNKNOWN_ERROR"}var ee=!1;function Be(){return u(this,null,function*(){let e=null;try{e=Se()}catch(t){throw console.error("[UNQVerify] Failed to retrieve configuration:",t),t}if(le()){let t=B(v);if(t){let r={};try{r=I(t)}catch(o){console.warn("[UNQVerify] Failed to decode token claims for onVerified payload")}e.onVerified(w({token:t},r))}else console.warn("[UNQVerify] Token missing even though isVerified() was true."),H(e,"error",{code:"TOKEN_INVALID",message:"User appears verified, but token cookie is missing."});return}try{let t=be(e),r=yield Ae(t,e.publicKey);if(!r||typeof r!="string")throw new Error("Invalid redirect URL returned from verification API.");window.location.href=r}catch(t){console.error("[UNQVerify] Failed to start verification:",t),H(e,"error",{code:"NETWORK_ERROR",message:t instanceof Error?t.message:String(t),raw:t})}})}function Qe(e){return u(this,null,function*(){if(ee){console.warn("[UNQVerify] Popup verification already in progress \u2014 ignoring duplicate call.");return}ee=!0;let t=Se(),r=null,o=!1,i=!1,n=null,s=()=>{},a=t.publicKey.startsWith("pk_test_")?"https://test.aldersverificering.dk":"https://aldersverificering.dk",f=null;try{f=new URL(t.redirectUri).origin}catch(y){}let d=[a];f&&d.push(f);function h(y){if(!i){if(i=!0,ee=!1,n!==null&&clearInterval(n),window.removeEventListener("message",s),o&&r)try{r.close()}catch(m){}y()}}s=y=>{var C,_;let m=y.data,E=m==null?void 0:m.type;if(E!=="UNQVERIFY_RESULT"&&E!=="UNQVERIFY_FAILURE"){Ke(t,"Ignored non-SDK message \u2014 type:",E,"origin:",y.origin);return}if(!d.includes(y.origin)){console.warn("[UNQVerify] Received message from untrusted origin:",y.origin),Ke(t,"Trusted origins:",d);return}if(i){Ke(t,"Ignored duplicate/late message:",E);return}if(E==="UNQVERIFY_RESULT"){let P=(C=m==null?void 0:m.payload)!=null?C:{};h(()=>{try{t.onVerified(P),window.dispatchEvent(new CustomEvent("unqverify:updated"))}catch(W){H(t,"error",{code:"UNKNOWN_ERROR",message:W instanceof Error?W.message:String(W),raw:W})}})}else{let P=m,W=Ht(P==null?void 0:P.code),Ct=(_=P==null?void 0:P.error)!=null?_:"Verification failed in popup";h(()=>{H(t,W==="UNDER_AGE"?"denied":"error",{code:W,message:Ct,raw:y.data})})}};try{let y=be(t),m=yield Ae(y,t.publicKey);if(e&&!e.closed)r=e,r.location.href=m,o=!1;else if(r=window.open(m,"unqverify-popup","width=500,height=650"),o=!0,!r){ee=!1,console.warn("[UNQVerify] Popup blocked"),H(t,"error",{code:"POPUP_BLOCKED",message:"Popup blocked by browser. Please allow popups and try again."});return}window.addEventListener("message",s);let E=3e5,C=Date.now();n=setInterval(()=>{let _=Date.now()-C>E;if(r!=null&&r.closed||_){let P=_?"POPUP_TIMEOUT":"POPUP_CLOSED",W=_?"Verification timed out.":"User closed the popup before completing verification.";h(()=>{H(t,"cancelled",{code:P,message:W})})}},1e3)}catch(y){if(ee=!1,o&&r)try{r.close()}catch(m){}console.error("[UNQVerify] Failed to initiate popup verification:",y),H(t,"error",{code:"NETWORK_ERROR",message:y instanceof Error?y.message:String(y),raw:y})}})}var te=new TextEncoder,D=new TextDecoder,Nr=Je(2,32);function Ge(...e){let t=e.reduce((i,{length:n})=>i+n,0),r=new Uint8Array(t),o=0;for(let i of e)r.set(i,o),o+=i.length;return r}function me(e){let t=new Uint8Array(e.length);for(let r=0;r<e.length;r++){let o=e.charCodeAt(r);if(o>127)throw new TypeError("non-ASCII string encountered in encode()");t[r]=o}return t}function qe(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let o=0;o<t.length;o++)r[o]=t.charCodeAt(o);return r}function L(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:D.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=D.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/");try{return qe(t)}catch(r){throw new TypeError("The input to be decoded is not correctly encoded.")}}var A=class extends Error{constructor(r,o){var i;super(r,o);l(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,(i=Error.captureStackTrace)==null||i.call(Error,this,this.constructor)}};l(A,"code","ERR_JOSE_GENERIC");var x=class extends A{constructor(r,o,i="unspecified",n="unspecified"){super(r,{cause:{claim:i,reason:n,payload:o}});l(this,"code","ERR_JWT_CLAIM_VALIDATION_FAILED");l(this,"claim");l(this,"reason");l(this,"payload");this.claim=i,this.reason=n,this.payload=o}};l(x,"code","ERR_JWT_CLAIM_VALIDATION_FAILED");var Q=class extends A{constructor(r,o,i="unspecified",n="unspecified"){super(r,{cause:{claim:i,reason:n,payload:o}});l(this,"code","ERR_JWT_EXPIRED");l(this,"claim");l(this,"reason");l(this,"payload");this.claim=i,this.reason=n,this.payload=o}};l(Q,"code","ERR_JWT_EXPIRED");var re=class extends A{constructor(){super(...arguments);l(this,"code","ERR_JOSE_ALG_NOT_ALLOWED")}};l(re,"code","ERR_JOSE_ALG_NOT_ALLOWED");var b=class extends A{constructor(){super(...arguments);l(this,"code","ERR_JOSE_NOT_SUPPORTED")}};l(b,"code","ERR_JOSE_NOT_SUPPORTED");var g=class extends A{constructor(){super(...arguments);l(this,"code","ERR_JWS_INVALID")}};l(g,"code","ERR_JWS_INVALID");var $=class extends A{constructor(){super(...arguments);l(this,"code","ERR_JWT_INVALID")}};l($,"code","ERR_JWT_INVALID");var G=class extends A{constructor(){super(...arguments);l(this,"code","ERR_JWKS_INVALID")}};l(G,"code","ERR_JWKS_INVALID");var F=class extends A{constructor(r="no applicable key found in the JSON Web Key Set",o){super(r,o);l(this,"code","ERR_JWKS_NO_MATCHING_KEY")}};l(F,"code","ERR_JWKS_NO_MATCHING_KEY");var $t,oe=class extends A{constructor(r="multiple matching keys found in the JSON Web Key Set",o){super(r,o);l(this,$t);l(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS")}};$t=Symbol.asyncIterator,l(oe,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");var ie=class extends A{constructor(r="request timed out",o){super(r,o);l(this,"code","ERR_JWKS_TIMEOUT")}};l(ie,"code","ERR_JWKS_TIMEOUT");var ne=class extends A{constructor(r="signature verification failed",o){super(r,o);l(this,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED")}};l(ne,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED");var O=(e,t="algorithm.name")=>new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`),q=(e,t)=>e.name===t;function Re(e){return parseInt(e.name.slice(4),10)}function Ft(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function Bt(e,t){if(t&&!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function Ye(e,t,r){switch(t){case"HS256":case"HS384":case"HS512":{if(!q(e.algorithm,"HMAC"))throw O("HMAC");let o=parseInt(t.slice(2),10);if(Re(e.algorithm.hash)!==o)throw O(`SHA-${o}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!q(e.algorithm,"RSASSA-PKCS1-v1_5"))throw O("RSASSA-PKCS1-v1_5");let o=parseInt(t.slice(2),10);if(Re(e.algorithm.hash)!==o)throw O(`SHA-${o}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!q(e.algorithm,"RSA-PSS"))throw O("RSA-PSS");let o=parseInt(t.slice(2),10);if(Re(e.algorithm.hash)!==o)throw O(`SHA-${o}`,"algorithm.hash");break}case"Ed25519":case"EdDSA":{if(!q(e.algorithm,"Ed25519"))throw O("Ed25519");break}case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":{if(!q(e.algorithm,t))throw O(t);break}case"ES256":case"ES384":case"ES512":{if(!q(e.algorithm,"ECDSA"))throw O("ECDSA");let o=Ft(t);if(e.algorithm.namedCurve!==o)throw O(o,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}Bt(e,r)}function Xe(e,t,...r){var o;if(r=r.filter(Boolean),r.length>2){let i=r.pop();e+=`one of type ${r.join(", ")}, or ${i}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&(o=t.constructor)!=null&&o.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var ze=(e,...t)=>Xe("Key must be ",e,...t),xe=(e,t,...r)=>Xe(`Key for the ${e} algorithm must be `,t,...r);var Te=e=>{if((e==null?void 0:e[Symbol.toStringTag])==="CryptoKey")return!0;try{return e instanceof CryptoKey}catch(t){return!1}},Ce=e=>(e==null?void 0:e[Symbol.toStringTag])==="KeyObject",_e=e=>Te(e)||Ce(e);function Ze(...e){let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let o of t){let i=Object.keys(o);if(!r||r.size===0){r=new Set(i);continue}for(let n of i){if(r.has(n))return!1;r.add(n)}}return!0}var Qt=e=>typeof e=="object"&&e!==null;function T(e){if(!Qt(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}function je(e,t){if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}}function Gt(e){let t,r;switch(e.kty){case"AKP":{switch(e.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"RSA":{switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"EC":{switch(e.alg){case"ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case"ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case"ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"OKP":{switch(e.alg){case"Ed25519":case"EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new b('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}function Y(e){return u(this,null,function*(){var i,n;if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=Gt(e),o=w({},e);return o.kty!=="AKP"&&delete o.alg,delete o.use,crypto.subtle.importKey("jwk",o,t,(i=e.ext)!=null?i:!(e.d||e.priv),(n=e.key_ops)!=null?n:r)})}function et(e,t,r){return u(this,null,function*(){var i;if(!T(e))throw new TypeError("JWK must be an object");let o;switch(t!=null||(t=e.alg),o!=null||(o=(i=r==null?void 0:r.extractable)!=null?i:e.ext),e.kty){case"oct":if(typeof e.k!="string"||!e.k)throw new TypeError('missing "k" (Key Value) Parameter value');return L(e.k);case"RSA":if("oth"in e&&e.oth!==void 0)throw new b('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');return Y(R(w({},e),{alg:t,ext:o}));case"AKP":{if(typeof e.alg!="string"||!e.alg)throw new TypeError('missing "alg" (Algorithm) Parameter value');if(t!==void 0&&t!==e.alg)throw new TypeError("JWK alg and alg option value mismatch");return Y(R(w({},e),{ext:o}))}case"EC":case"OKP":return Y(R(w({},e),{alg:t,ext:o}));default:throw new b('Unsupported "kty" (Key Type) Parameter value')}})}function tt(e,t,r,o,i){if(i.crit!==void 0&&(o==null?void 0:o.crit)===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!o||o.crit===void 0)return new Set;if(!Array.isArray(o.crit)||o.crit.length===0||o.crit.some(s=>typeof s!="string"||s.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let n;r!==void 0?n=new Map([...Object.entries(r),...t.entries()]):n=t;for(let s of o.crit){if(!n.has(s))throw new b(`Extension Header Parameter "${s}" is not recognized`);if(i[s]===void 0)throw new e(`Extension Header Parameter "${s}" is missing`);if(n.get(s)&&o[s]===void 0)throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`)}return new Set(o.crit)}function rt(e,t){if(t!==void 0&&(!Array.isArray(t)||t.some(r=>typeof r!="string")))throw new TypeError(`"${e}" option must be an array of strings`);if(t)return new Set(t)}var se=e=>T(e)&&typeof e.kty=="string",ot=e=>e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string"),it=e=>e.kty!=="oct"&&e.d===void 0&&e.priv===void 0,nt=e=>e.kty==="oct"&&typeof e.k=="string";var X,st=(e,t,r,o=!1)=>u(void 0,null,function*(){X||(X=new WeakMap);let i=X.get(e);if(i!=null&&i[r])return i[r];let n=yield Y(R(w({},t),{alg:r}));return o&&Object.freeze(e),i?i[r]=n:X.set(e,{[r]:n}),n}),Yt=(e,t)=>{var s;X||(X=new WeakMap);let r=X.get(e);if(r!=null&&r[t])return r[t];let o=e.type==="public",i=!!o,n;if(e.asymmetricKeyType==="x25519"){switch(t){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}n=e.toCryptoKey(e.asymmetricKeyType,i,o?[]:["deriveBits"])}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");n=e.toCryptoKey(e.asymmetricKeyType,i,[o?"verify":"sign"])}switch(e.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");n=e.toCryptoKey(e.asymmetricKeyType,i,[o?"verify":"sign"])}}if(e.asymmetricKeyType==="rsa"){let c;switch(t){case"RSA-OAEP":c="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":c="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":c="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":c="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:c},i,o?["encrypt"]:["decrypt"]);n=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:c},i,[o?"verify":"sign"])}if(e.asymmetricKeyType==="ec"){let a=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get((s=e.asymmetricKeyDetails)==null?void 0:s.namedCurve);if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&a==="P-256"&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:a},i,[o?"verify":"sign"])),t==="ES384"&&a==="P-384"&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:a},i,[o?"verify":"sign"])),t==="ES512"&&a==="P-521"&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:a},i,[o?"verify":"sign"])),t.startsWith("ECDH-ES")&&(n=e.toCryptoKey({name:"ECDH",namedCurve:a},i,o?[]:["deriveBits"]))}if(!n)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=n:X.set(e,{[t]:n}),n};function at(e,t){return u(this,null,function*(){if(e instanceof Uint8Array||Te(e))return e;if(Ce(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return Yt(e,t)}catch(o){if(o instanceof TypeError)throw o}let r=e.export({format:"jwk"});return st(e,r,t)}if(se(e))return e.k?L(e.k):st(e,e,t,!0);throw new Error("unreachable")})}var z=e=>e==null?void 0:e[Symbol.toStringTag],Pe=(e,t,r)=>{var o,i;if(t.use!==void 0){let n;switch(r){case"sign":case"verify":n="sig";break;case"encrypt":case"decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(!0){case(r==="sign"||r==="verify"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n=r==="encrypt"?"wrapKey":"unwrapKey":n=r;break;case(r==="encrypt"&&e.startsWith("RSA")):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&((i=(o=t.key_ops)==null?void 0:o.includes)==null?void 0:i.call(o,n))===!1)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return!0},Xt=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(se(t)){if(nt(t)&&Pe(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!_e(t))throw new TypeError(xe(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${z(t)} instances for symmetric algorithms must be of type "secret"`)}},zt=(e,t,r)=>{if(se(t))switch(r){case"decrypt":case"sign":if(ot(t)&&Pe(e,t,r))return;throw new TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if(it(t)&&Pe(e,t,r))return;throw new TypeError("JSON Web Key for this operation must be a public JWK")}if(!_e(t))throw new TypeError(xe(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${z(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case"sign":throw new TypeError(`${z(t)} instances for asymmetric algorithm signing must be of type "private"`);case"decrypt":throw new TypeError(`${z(t)} instances for asymmetric algorithm decryption must be of type "private"`)}if(t.type==="private")switch(r){case"verify":throw new TypeError(`${z(t)} instances for asymmetric algorithm verifying must be of type "public"`);case"encrypt":throw new TypeError(`${z(t)} instances for asymmetric algorithm encryption must be of type "public"`)}};function ct(e,t,r){switch(e.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":Xt(e,t,r);break;default:zt(e,t,r)}}function ft(e,t){let r=`SHA-${e.slice(-3)}`;switch(e){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:t.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:e};default:throw new b(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}function dt(e,t,r){return u(this,null,function*(){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(ze(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},!1,[r])}return Ye(t,e,r),t})}function pt(e,t,r,o){return u(this,null,function*(){let i=yield dt(e,t,"verify");je(e,i);let n=ft(e,i.algorithm);try{return yield crypto.subtle.verify(n,i,r,o)}catch(s){return!1}})}function ut(e,t,r){return u(this,null,function*(){if(!T(e))throw new g("Flattened JWS must be an object");if(e.protected===void 0&&e.header===void 0)throw new g('Flattened JWS must have either of the "protected" or "header" members');if(e.protected!==void 0&&typeof e.protected!="string")throw new g("JWS Protected Header incorrect type");if(e.payload===void 0)throw new g("JWS Payload missing");if(typeof e.signature!="string")throw new g("JWS Signature missing or incorrect type");if(e.header!==void 0&&!T(e.header))throw new g("JWS Unprotected Header incorrect type");let o={};if(e.protected)try{let _=L(e.protected);o=JSON.parse(D.decode(_))}catch(_){throw new g("JWS Protected Header is invalid")}if(!Ze(o,e.header))throw new g("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let i=w(w({},o),e.header),n=tt(g,new Map([["b64",!0]]),r==null?void 0:r.crit,o,i),s=!0;if(n.has("b64")&&(s=o.b64,typeof s!="boolean"))throw new g('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:c}=i;if(typeof c!="string"||!c)throw new g('JWS "alg" (Algorithm) Header Parameter missing or invalid');let a=r&&rt("algorithms",r.algorithms);if(a&&!a.has(c))throw new re('"alg" (Algorithm) Header Parameter value not allowed');if(s){if(typeof e.payload!="string")throw new g("JWS Payload must be a string")}else if(typeof e.payload!="string"&&!(e.payload instanceof Uint8Array))throw new g("JWS Payload must be a string or an Uint8Array instance");let f=!1;typeof t=="function"&&(t=yield t(o,e),f=!0),ct(c,t,"verify");let d=Ge(e.protected!==void 0?me(e.protected):new Uint8Array,me("."),typeof e.payload=="string"?s?me(e.payload):te.encode(e.payload):e.payload),h;try{h=L(e.signature)}catch(_){throw new g("Failed to base64url decode the signature")}let y=yield at(t,c);if(!(yield pt(c,y,h,d)))throw new ne;let E;if(s)try{E=L(e.payload)}catch(_){throw new g("Failed to base64url decode the payload")}else typeof e.payload=="string"?E=te.encode(e.payload):E=e.payload;let C={payload:E};return e.protected!==void 0&&(C.protectedHeader=o),e.header!==void 0&&(C.unprotectedHeader=e.header),f?R(w({},C),{key:y}):C})}function lt(e,t,r){return u(this,null,function*(){if(e instanceof Uint8Array&&(e=D.decode(e)),typeof e!="string")throw new g("Compact JWS must be a string or Uint8Array");let{0:o,1:i,2:n,length:s}=e.split(".");if(s!==3)throw new g("Invalid Compact JWS");let c=yield ut({payload:i,protected:o,signature:n},t,r),a={payload:c.payload,protectedHeader:c.protectedHeader};return typeof t=="function"?R(w({},a),{key:c.key}):a})}var Zt=e=>Math.floor(e.getTime()/1e3),yt=60,wt=yt*60,ve=wt*24,jt=ve*7,er=ve*365.25,tr=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function mt(e){let t=tr.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),o=t[3].toLowerCase(),i;switch(o){case"sec":case"secs":case"second":case"seconds":case"s":i=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":i=Math.round(r*yt);break;case"hour":case"hours":case"hr":case"hrs":case"h":i=Math.round(r*wt);break;case"day":case"days":case"d":i=Math.round(r*ve);break;case"week":case"weeks":case"w":i=Math.round(r*jt);break;default:i=Math.round(r*er);break}return t[1]==="-"||t[4]==="ago"?-i:i}var ht=e=>e.includes("/")?e.toLowerCase():`application/${e.toLowerCase()}`,rr=(e,t)=>typeof e=="string"?t.includes(e):Array.isArray(e)?t.some(Set.prototype.has.bind(new Set(e))):!1;function gt(e,t,r={}){let o;try{o=JSON.parse(D.decode(t))}catch(E){}if(!T(o))throw new $("JWT Claims Set must be a top-level JSON object");let{typ:i}=r;if(i&&(typeof e.typ!="string"||ht(e.typ)!==ht(i)))throw new x('unexpected "typ" JWT header value',o,"typ","check_failed");let{requiredClaims:n=[],issuer:s,subject:c,audience:a,maxTokenAge:f}=r,d=[...n];f!==void 0&&d.push("iat"),a!==void 0&&d.push("aud"),c!==void 0&&d.push("sub"),s!==void 0&&d.push("iss");for(let E of new Set(d.reverse()))if(!(E in o))throw new x(`missing required "${E}" claim`,o,E,"missing");if(s&&!(Array.isArray(s)?s:[s]).includes(o.iss))throw new x('unexpected "iss" claim value',o,"iss","check_failed");if(c&&o.sub!==c)throw new x('unexpected "sub" claim value',o,"sub","check_failed");if(a&&!rr(o.aud,typeof a=="string"?[a]:a))throw new x('unexpected "aud" claim value',o,"aud","check_failed");let h;switch(typeof r.clockTolerance){case"string":h=mt(r.clockTolerance);break;case"number":h=r.clockTolerance;break;case"undefined":h=0;break;default:throw new TypeError("Invalid clockTolerance option type")}let{currentDate:y}=r,m=Zt(y||new Date);if((o.iat!==void 0||f)&&typeof o.iat!="number")throw new x('"iat" claim must be a number',o,"iat","invalid");if(o.nbf!==void 0){if(typeof o.nbf!="number")throw new x('"nbf" claim must be a number',o,"nbf","invalid");if(o.nbf>m+h)throw new x('"nbf" claim timestamp check failed',o,"nbf","check_failed")}if(o.exp!==void 0){if(typeof o.exp!="number")throw new x('"exp" claim must be a number',o,"exp","invalid");if(o.exp<=m-h)throw new Q('"exp" claim timestamp check failed',o,"exp","check_failed")}if(f){let E=m-o.iat,C=typeof f=="number"?f:mt(f);if(E-h>C)throw new Q('"iat" claim timestamp check failed (too far in the past)',o,"iat","check_failed");if(E<0-h)throw new x('"iat" claim timestamp check failed (it should be in the past)',o,"iat","check_failed")}return o}function Ie(e,t,r){return u(this,null,function*(){var s;let o=yield lt(e,t,r);if((s=o.protectedHeader.crit)!=null&&s.includes("b64")&&o.protectedHeader.b64===!1)throw new $("JWTs MUST NOT use unencoded payload");let n={payload:gt(o.protectedHeader,o.payload,r),protectedHeader:o.protectedHeader};return typeof t=="function"?R(w({},n),{key:o.key}):n})}function or(e){switch(typeof e=="string"&&e.slice(0,2)){case"RS":case"PS":return"RSA";case"ES":return"EC";case"Ed":return"OKP";case"ML":return"AKP";default:throw new b('Unsupported "alg" value for a JSON Web Key Set')}}function ir(e){return e&&typeof e=="object"&&Array.isArray(e.keys)&&e.keys.every(nr)}function nr(e){return T(e)}var Z,ae,Oe=class{constructor(t){K(this,Z,void 0);K(this,ae,new WeakMap);if(!ir(t))throw new G("JSON Web Key Set malformed");S(this,Z,structuredClone(t))}jwks(){return p(this,Z)}getKey(t,r){return u(this,null,function*(){let{alg:o,kid:i}=w(w({},t),r==null?void 0:r.header),n=or(o),s=p(this,Z).keys.filter(f=>{let d=n===f.kty;if(d&&typeof i=="string"&&(d=i===f.kid),d&&(typeof f.alg=="string"||n==="AKP")&&(d=o===f.alg),d&&typeof f.use=="string"&&(d=f.use==="sig"),d&&Array.isArray(f.key_ops)&&(d=f.key_ops.includes("verify")),d)switch(o){case"ES256":d=f.crv==="P-256";break;case"ES384":d=f.crv==="P-384";break;case"ES512":d=f.crv==="P-521";break;case"Ed25519":case"EdDSA":d=f.crv==="Ed25519";break}return d}),{0:c,length:a}=s;if(a===0)throw new F;if(a!==1){let f=new oe,d=p(this,ae);throw f[Symbol.asyncIterator]=function(){return Me(this,null,function*(){for(let h of s)try{yield yield new ge(Et(d,h,o))}catch(y){}})},f}return Et(p(this,ae),c,o)})}};Z=new WeakMap,ae=new WeakMap;function Et(e,t,r){return u(this,null,function*(){let o=e.get(t)||e.set(t,{}).get(t);if(o[r]===void 0){let i=yield et(R(w({},t),{ext:!0}),r);if(i instanceof Uint8Array||i.type!=="public")throw new G("JSON Web Key Set members must be public keys");o[r]=i}return o[r]})}function Ue(e){let t=new Oe(e),r=(o,i)=>u(this,null,function*(){return t.getKey(o,i)});return Object.defineProperties(r,{jwks:{value:()=>structuredClone(t.jwks()),enumerable:!1,configurable:!1,writable:!1}}),r}function sr(){return typeof WebSocketPair!="undefined"||typeof navigator!="undefined"&&navigator.userAgent==="Cloudflare-Workers"||typeof EdgeRuntime!="undefined"&&EdgeRuntime==="vercel"}var Ne,he,St;(typeof navigator=="undefined"||!((St=(he=navigator.userAgent)==null?void 0:he.startsWith)!=null&&St.call(he,"Mozilla/5.0 ")))&&(Ne="jose/v6.1.3");var bt=Symbol();function ar(i,n,s){return u(this,arguments,function*(e,t,r,o=fetch){let c=yield o(e,{method:"GET",signal:r,redirect:"manual",headers:t}).catch(a=>{throw a.name==="TimeoutError"?new ie:a});if(c.status!==200)throw new A("Expected 200 OK from the JSON Web Key Set HTTP response");try{return yield c.json()}catch(a){throw new A("Failed to parse the JSON Web Key Set HTTP response as JSON")}})}var ye=Symbol();function cr(e,t){return!(typeof e!="object"||e===null||!("uat"in e)||typeof e.uat!="number"||Date.now()-e.uat>=t||!("jwks"in e)||!T(e.jwks)||!Array.isArray(e.jwks.keys)||!Array.prototype.every.call(e.jwks.keys,T))}var ce,fe,de,j,V,U,N,pe,k,J,We=class{constructor(t,r){K(this,ce,void 0);K(this,fe,void 0);K(this,de,void 0);K(this,j,void 0);K(this,V,void 0);K(this,U,void 0);K(this,N,void 0);K(this,pe,void 0);K(this,k,void 0);K(this,J,void 0);if(!(t instanceof URL))throw new TypeError("url must be an instance of URL");S(this,ce,new URL(t.href)),S(this,fe,typeof(r==null?void 0:r.timeoutDuration)=="number"?r==null?void 0:r.timeoutDuration:5e3),S(this,de,typeof(r==null?void 0:r.cooldownDuration)=="number"?r==null?void 0:r.cooldownDuration:3e4),S(this,j,typeof(r==null?void 0:r.cacheMaxAge)=="number"?r==null?void 0:r.cacheMaxAge:6e5),S(this,N,new Headers(r==null?void 0:r.headers)),Ne&&!p(this,N).has("User-Agent")&&p(this,N).set("User-Agent",Ne),p(this,N).has("accept")||(p(this,N).set("accept","application/json"),p(this,N).append("accept","application/jwk-set+json")),S(this,pe,r==null?void 0:r[bt]),(r==null?void 0:r[ye])!==void 0&&(S(this,J,r==null?void 0:r[ye]),cr(r==null?void 0:r[ye],p(this,j))&&(S(this,V,p(this,J).uat),S(this,k,Ue(p(this,J).jwks))))}pendingFetch(){return!!p(this,U)}coolingDown(){return typeof p(this,V)=="number"?Date.now()<p(this,V)+p(this,de):!1}fresh(){return typeof p(this,V)=="number"?Date.now()<p(this,V)+p(this,j):!1}jwks(){var t;return(t=p(this,k))==null?void 0:t.jwks()}getKey(t,r){return u(this,null,function*(){(!p(this,k)||!this.fresh())&&(yield this.reload());try{return yield p(this,k).call(this,t,r)}catch(o){if(o instanceof F&&this.coolingDown()===!1)return yield this.reload(),p(this,k).call(this,t,r);throw o}})}reload(){return u(this,null,function*(){p(this,U)&&sr()&&S(this,U,void 0),p(this,U)||S(this,U,ar(p(this,ce).href,p(this,N),AbortSignal.timeout(p(this,fe)),p(this,pe)).then(t=>{S(this,k,Ue(t)),p(this,J)&&(p(this,J).uat=Date.now(),p(this,J).jwks=t),S(this,V,Date.now()),S(this,U,void 0)}).catch(t=>{throw S(this,U,void 0),t})),yield p(this,U)})}};ce=new WeakMap,fe=new WeakMap,de=new WeakMap,j=new WeakMap,V=new WeakMap,U=new WeakMap,N=new WeakMap,pe=new WeakMap,k=new WeakMap,J=new WeakMap;function De(e,t){let r=new We(e,t),o=(i,n)=>u(this,null,function*(){return r.getKey(i,n)});return Object.defineProperties(o,{coolingDown:{get:()=>r.coolingDown(),enumerable:!0,configurable:!1},fresh:{get:()=>r.fresh(),enumerable:!0,configurable:!1},reload:{value:()=>r.reload(),enumerable:!0,configurable:!1,writable:!1},reloading:{get:()=>r.pendingFetch(),enumerable:!0,configurable:!1},jwks:{value:()=>r.jwks(),enumerable:!0,configurable:!1,writable:!1}}),o}function dr(e){return e==="https://test.aldersverificering.dk"?"https://test.api.aldersverificering.dk/well-known/openid-configuration/jwks":e==="https://aldersverificering.dk"?"https://api.aldersverificering.dk/well-known/openid-configuration/jwks":null}function At(e){return u(this,null,function*(){try{let t=I(e),r=dr(t.iss);if(!r)return console.warn("[UNQVerify] Unknown issuer:",t.iss),{ok:!1,code:"TOKEN_INVALID",message:`Unknown issuer: ${t.iss}`};let o;try{let a=De(new URL(r)),{payload:f}=yield Ie(e,a,{algorithms:["RS256"]});o=f}catch(a){return console.error("[UNQVerify] Failed to verify JWT with JWKS:",a),{ok:!1,code:"TOKEN_INVALID",message:"JWT cryptographic verification failed",raw:a}}if(o.iss!==t.iss)return console.warn("[UNQVerify] Issuer mismatch after verification"),{ok:!1,code:"TOKEN_INVALID",message:"Issuer mismatch after verification"};let{aldersverificeringdk_verification_result:i,exp:n}=o;if(typeof n!="number")return console.warn("[UNQVerify] Missing or invalid exp claim"),{ok:!1,code:"TOKEN_INVALID",message:"Missing or invalid exp claim"};if(!i)return console.warn("[UNQVerify] Token is valid but user did not meet the age requirement"),{ok:!1,code:"UNDER_AGE",message:"User does not meet the age requirement"};let s=n-Math.floor(Date.now()/1e3);if(s<=0)return console.warn("[UNQVerify] Token has expired"),{ok:!1,code:"TOKEN_INVALID",message:"Token has expired"};let c=Math.max(s,3600);return $e(v,e,c),{ok:!0}}catch(t){return console.error("[UNQVerify] Unexpected error in decodeAndStoreToken:",t),{ok:!1,code:"UNKNOWN_ERROR",message:"Unexpected error during token verification",raw:t}}})}function Kt(e,t){if(e)return e;try{return t.location.origin}catch(r){return console.warn("[UNQVerify] Could not determine opener origin and no targetOrigin was provided. Skipping postMessage to avoid broadcasting to '*'. Pass targetOrigin to handleRedirectResult to fix this."),null}}function Rt(n){return u(this,arguments,function*({onVerified:e,onFailure:t,onDenied:r,onError:o,targetOrigin:i}){let s="UNKNOWN_ERROR";try{let c=new URL(window.location.href),a=c.searchParams.get("jwt");if(!a)throw s="TOKEN_INVALID",new Error("No JWT found in URL");let f=yield At(a);if(!f.ok)throw s=f.code,new Error(f.message);c.searchParams.delete("jwt"),window.history.replaceState({},document.title,c.toString());let d=I(a);if(window.opener)try{let h=Kt(i,window.opener);h&&window.opener.postMessage({type:"UNQVERIFY_RESULT",payload:d},h)}catch(h){console.warn("[UNQVerify] Failed to post result to opener:",h)}e(d)}catch(c){console.error("[UNQVerify] handleRedirectResult failed:",c);let a=c instanceof Error?c.message:String(c);if(window.opener)try{let d=Kt(i,window.opener);d&&window.opener.postMessage({type:"UNQVERIFY_FAILURE",error:a,code:s},d)}catch(d){console.warn("[UNQVerify] Failed to post failure to opener:",d)}let f={code:s,message:a,raw:c};s==="UNDER_AGE"?r==null||r(f):o==null||o(f),t==null||t(c)}})}function xt(){try{let e=B(v);if(!e)return null;let t=I(e),r=Math.floor(Date.now()/1e3),o=t.exp>=r,i=t.aldersverificeringdk_verification_result;return o&&i?t.aldersverificeringdk_verification_age:null}catch(e){return console.warn("[UNQVerify] Failed to extract verified age from token:",e),null}}function Tt(){Fe(v),console.info("[UNQVerify] Verification token cleared")}function pr(e){He(e)}return Dt(ur);})();