/**
 * Minified by jsDelivr using Terser v5.37.0.
 * Original file: /npm/client-oauth2@4.3.3/src/client-oauth2.js
 *
 * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files
 */
var Buffer=require("safe-buffer").Buffer,Querystring=require("querystring"),defaultRequest=require("./request");const DEFAULT_URL_BASE="https://example.org/";var btoa;btoa="function"==typeof Buffer?btoaBuffer:window.btoa.bind(window),module.exports=ClientOAuth2;var DEFAULT_HEADERS={Accept:"application/json, application/x-www-form-urlencoded","Content-Type":"application/x-www-form-urlencoded"},ERROR_RESPONSES={invalid_request:["The request is missing a required parameter, includes an","invalid parameter value, includes a parameter more than","once, or is otherwise malformed."].join(" "),invalid_client:["Client authentication failed (e.g., unknown client, no","client authentication included, or unsupported","authentication method)."].join(" "),invalid_grant:["The provided authorization grant (e.g., authorization","code, resource owner credentials) or refresh token is","invalid, expired, revoked, does not match the redirection","URI used in the authorization request, or was issued to","another client."].join(" "),unauthorized_client:["The client is not authorized to request an authorization","code using this method."].join(" "),unsupported_grant_type:["The authorization grant type is not supported by the","authorization server."].join(" "),access_denied:["The resource owner or authorization server denied the request."].join(" "),unsupported_response_type:["The authorization server does not support obtaining","an authorization code using this method."].join(" "),invalid_scope:["The requested scope is invalid, unknown, or malformed."].join(" "),server_error:["The authorization server encountered an unexpected","condition that prevented it from fulfilling the request.","(This error code is needed because a 500 Internal Server","Error HTTP status code cannot be returned to the client","via an HTTP redirect.)"].join(" "),temporarily_unavailable:["The authorization server is currently unable to handle","the request due to a temporary overloading or maintenance","of the server."].join(" ")};function btoaBuffer(e){return Buffer.from(e).toString("base64")}function expects(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];if(null==e[r])throw new TypeError('Expected "'+r+'" to exist')}}function getAuthError(e){var t=ERROR_RESPONSES[e.error]||e.error_description||e.error;if(t){var r=new Error(t);return r.body=e,r.code="EAUTH",r}}function parseResponseBody(e){try{return JSON.parse(e)}catch(t){return Querystring.parse(e)}}function sanitizeScope(e){return Array.isArray(e)?e.join(" "):toString(e)}function createUri(e,t){expects(e,"clientId","authorizationUri");const r={client_id:e.clientId,redirect_uri:e.redirectUri,response_type:t,state:e.state};void 0!==e.scopes&&(r.scope=sanitizeScope(e.scopes));const n=e.authorizationUri.includes("?")?"&":"?";return e.authorizationUri+n+Querystring.stringify(Object.assign(r,e.query))}function auth(e,t){return"Basic "+btoa(toString(e)+":"+toString(t))}function toString(e){return null==e?"":String(e)}function requestOptions(e,t){return{url:e.url,method:e.method,body:Object.assign({},e.body,t.body),query:Object.assign({},e.query,t.query),headers:Object.assign({},e.headers,t.headers)}}function ClientOAuth2(e,t){this.options=e,this.request=t||defaultRequest,this.code=new CodeFlow(this),this.token=new TokenFlow(this),this.owner=new OwnerFlow(this),this.credentials=new CredentialsFlow(this),this.jwt=new JwtBearerFlow(this)}function ClientOAuth2Token(e,t){this.client=e,this.data=t,this.tokenType=t.token_type&&t.token_type.toLowerCase(),this.accessToken=t.access_token,this.refreshToken=t.refresh_token,this.expiresIn(Number(t.expires_in))}function OwnerFlow(e){this.client=e}function TokenFlow(e){this.client=e}function CredentialsFlow(e){this.client=e}function CodeFlow(e){this.client=e}function JwtBearerFlow(e){this.client=e}ClientOAuth2.Token=ClientOAuth2Token,ClientOAuth2.prototype.createToken=function(e,t,r,n){var i=Object.assign({},n,"string"==typeof e?{access_token:e}:e,"string"==typeof t?{refresh_token:t}:t,"string"==typeof r?{token_type:r}:r);return new ClientOAuth2.Token(this,i)},ClientOAuth2.prototype._request=function(e){var t=e.url,r=Querystring.stringify(e.body),n=Querystring.stringify(e.query);return n&&(t+=(-1===t.indexOf("?")?"?":"&")+n),this.request(e.method,t,r,e.headers).then((function(e){var t=parseResponseBody(e.body),r=getAuthError(t);if(r)return Promise.reject(r);if(e.status<200||e.status>=399){var n=new Error("HTTP status "+e.status);return n.status=e.status,n.body=e.body,n.code="ESTATUS",Promise.reject(n)}return t}))},ClientOAuth2Token.prototype.expiresIn=function(e){if("number"==typeof e)this.expires=new Date,this.expires.setSeconds(this.expires.getSeconds()+e);else{if(!(e instanceof Date))throw new TypeError("Unknown duration: "+e);this.expires=new Date(e.getTime())}return this.expires},ClientOAuth2Token.prototype.sign=function(e){if(!this.accessToken)throw new Error("Unable to sign without access token");if(e.headers=e.headers||{},"bearer"===this.tokenType)e.headers.Authorization="Bearer "+this.accessToken;else{var t=e.url.split("#"),r="access_token="+this.accessToken,n=t[0].replace(/[?&]access_token=[^&#]/,""),i=t[1]?"#"+t[1]:"";e.url=n+(n.indexOf("?")>-1?"&":"?")+r+i,e.headers.Pragma="no-store",e.headers["Cache-Control"]="no-store"}return e},ClientOAuth2Token.prototype.refresh=function(e){var t=this,r=Object.assign({},this.client.options,e);return this.refreshToken?this.client._request(requestOptions({url:r.accessTokenUri,method:"POST",headers:Object.assign({},DEFAULT_HEADERS,{Authorization:auth(r.clientId,r.clientSecret)}),body:{refresh_token:this.refreshToken,grant_type:"refresh_token"}},r)).then((function(e){return t.client.createToken(Object.assign({},t.data,e))})):Promise.reject(new Error("No refresh token"))},ClientOAuth2Token.prototype.expired=function(){return Date.now()>this.expires.getTime()},OwnerFlow.prototype.getToken=function(e,t,r){var n=this,i=Object.assign({},this.client.options,r);const o={username:e,password:t,grant_type:"password"};return void 0!==i.scopes&&(o.scope=sanitizeScope(i.scopes)),this.client._request(requestOptions({url:i.accessTokenUri,method:"POST",headers:Object.assign({},DEFAULT_HEADERS,{Authorization:auth(i.clientId,i.clientSecret)}),body:o},i)).then((function(e){return n.client.createToken(e)}))},TokenFlow.prototype.getUri=function(e){return createUri(Object.assign({},this.client.options,e),"token")},TokenFlow.prototype.getToken=function(e,t){var r=Object.assign({},this.client.options,t),n="object"==typeof e?e:new URL(e,DEFAULT_URL_BASE),i=new URL(r.redirectUri,DEFAULT_URL_BASE);if("string"==typeof n.pathname&&n.pathname!==i.pathname)return Promise.reject(new TypeError("Redirected path should match configured path, but got: "+n.pathname));if(!n.hash&&!n.search)return Promise.reject(new TypeError("Unable to process uri: "+e));var o=Object.assign({},"string"==typeof n.search?Querystring.parse(n.search.substr(1)):n.search||{},"string"==typeof n.hash?Querystring.parse(n.hash.substr(1)):n.hash||{}),s=getAuthError(o);return s?Promise.reject(s):null!=r.state&&o.state!==r.state?Promise.reject(new TypeError("Invalid state: "+o.state)):Promise.resolve(this.client.createToken(o))},CredentialsFlow.prototype.getToken=function(e){var t=this,r=Object.assign({},this.client.options,e);expects(r,"clientId","clientSecret","accessTokenUri");const n={grant_type:"client_credentials"};return void 0!==r.scopes&&(n.scope=sanitizeScope(r.scopes)),this.client._request(requestOptions({url:r.accessTokenUri,method:"POST",headers:Object.assign({},DEFAULT_HEADERS,{Authorization:auth(r.clientId,r.clientSecret)}),body:n},r)).then((function(e){return t.client.createToken(e)}))},CodeFlow.prototype.getUri=function(e){return createUri(Object.assign({},this.client.options,e),"code")},CodeFlow.prototype.getToken=function(e,t){var r=this,n=Object.assign({},this.client.options,t);expects(n,"clientId","accessTokenUri");var i="object"==typeof e?e:new URL(e,DEFAULT_URL_BASE);if("string"==typeof n.redirectUri&&"string"==typeof i.pathname&&i.pathname!==new URL(n.redirectUri,DEFAULT_URL_BASE).pathname)return Promise.reject(new TypeError("Redirected path should match configured path, but got: "+i.pathname));if(!i.search||!i.search.substr(1))return Promise.reject(new TypeError("Unable to process uri: "+e));var o="string"==typeof i.search?Querystring.parse(i.search.substr(1)):i.search||{},s=getAuthError(o);if(s)return Promise.reject(s);if(null!=n.state&&o.state!==n.state)return Promise.reject(new TypeError("Invalid state: "+o.state));if(!o.code)return Promise.reject(new TypeError("Missing code, unable to request token"));var a=Object.assign({},DEFAULT_HEADERS),c={code:o.code,grant_type:"authorization_code",redirect_uri:n.redirectUri};return n.clientSecret?a.Authorization=auth(n.clientId,n.clientSecret):c.client_id=n.clientId,this.client._request(requestOptions({url:n.accessTokenUri,method:"POST",headers:a,body:c},n)).then((function(e){return r.client.createToken(e)}))},JwtBearerFlow.prototype.getToken=function(e,t){var r=this,n=Object.assign({},this.client.options,t),i=Object.assign({},DEFAULT_HEADERS);expects(n,"accessTokenUri"),n.clientId&&(i.Authorization=auth(n.clientId,n.clientSecret));const o={grant_type:"urn:ietf:params:oauth:grant-type:jwt-bearer",assertion:e};return void 0!==n.scopes&&(o.scope=sanitizeScope(n.scopes)),this.client._request(requestOptions({url:n.accessTokenUri,method:"POST",headers:i,body:o},n)).then((function(e){return r.client.createToken(e)}))};
//# sourceMappingURL=/sm/4adab7fb8c6f5eb48ea511541850ec82ff68cd9a41c5256adf178c6901c59c79.map