From bcf64b149d2cf09bf8254646eb63db6567675d2f Mon Sep 17 00:00:00 2001 From: lakshayysaini Date: Fri, 20 Feb 2026 15:32:24 +0530 Subject: [PATCH 1/3] js-core sdk --- packages/core/src/types.ts | 7 +- packages/core/src/utils/index.ts | 1 + packages/core/tests/utils.test.ts | 8 +- packages/js-core/example/.gitignore | 24 + packages/js-core/example/index.html | 157 ++ packages/js-core/example/package-lock.json | 1694 +++++++++++++ packages/js-core/example/package.json | 20 + packages/js-core/example/public/favicon.ico | Bin 0 -> 4286 bytes packages/js-core/example/src/main.ts | 168 ++ packages/js-core/example/src/style.css | 1 + packages/js-core/example/src/vite-env.d.ts | 1 + packages/js-core/example/tsconfig.json | 24 + packages/js-core/example/vite.config.ts | 4 + packages/js-core/internal/package.json | 5 + packages/js-core/package.json | 69 + packages/js-core/src/constants.ts | 27 + packages/js-core/src/index.ts | 64 + packages/js-core/src/lock.ts | 48 + .../js-core/src/monocloud-js-core-client.ts | 1272 ++++++++++ packages/js-core/src/monocloud-js-error.ts | 3 + packages/js-core/src/ref.ts | 57 + packages/js-core/src/storage.ts | 80 + packages/js-core/src/types.ts | 483 ++++ packages/js-core/src/utils/index.ts | 1 + packages/js-core/src/utils/internal.ts | 1 + packages/js-core/tests/get-tokens.test.ts | 823 +++++++ packages/js-core/tests/lock.test.ts | 239 ++ .../js-core/tests/refetch-userinfo.test.ts | 160 ++ .../js-core/tests/refresh-session.test.ts | 1493 ++++++++++++ packages/js-core/tests/session.test.ts | 64 + packages/js-core/tests/sign-in.test.ts | 2095 +++++++++++++++++ packages/js-core/tests/sign-out.test.ts | 784 ++++++ packages/js-core/tests/utils.ts | 148 ++ packages/js-core/tsconfig.build.json | 11 + packages/js-core/tsconfig.json | 35 + packages/js-core/tsdown.config.mts | 15 + packages/js-core/utils/package.json | 5 + packages/js-core/vitest.config.mts | 34 + packages/test-utils/src/auth-server-fetch.ts | 5 +- packages/test-utils/src/mock-storage.ts | 12 +- packages/test-utils/src/mock-window.ts | 55 +- pnpm-lock.yaml | 48 +- 42 files changed, 10218 insertions(+), 27 deletions(-) create mode 100644 packages/js-core/example/.gitignore create mode 100644 packages/js-core/example/index.html create mode 100644 packages/js-core/example/package-lock.json create mode 100644 packages/js-core/example/package.json create mode 100644 packages/js-core/example/public/favicon.ico create mode 100644 packages/js-core/example/src/main.ts create mode 100644 packages/js-core/example/src/style.css create mode 100644 packages/js-core/example/src/vite-env.d.ts create mode 100644 packages/js-core/example/tsconfig.json create mode 100644 packages/js-core/example/vite.config.ts create mode 100644 packages/js-core/internal/package.json create mode 100644 packages/js-core/package.json create mode 100644 packages/js-core/src/constants.ts create mode 100644 packages/js-core/src/index.ts create mode 100644 packages/js-core/src/lock.ts create mode 100644 packages/js-core/src/monocloud-js-core-client.ts create mode 100644 packages/js-core/src/monocloud-js-error.ts create mode 100644 packages/js-core/src/ref.ts create mode 100644 packages/js-core/src/storage.ts create mode 100644 packages/js-core/src/types.ts create mode 100644 packages/js-core/src/utils/index.ts create mode 100644 packages/js-core/src/utils/internal.ts create mode 100644 packages/js-core/tests/get-tokens.test.ts create mode 100644 packages/js-core/tests/lock.test.ts create mode 100644 packages/js-core/tests/refetch-userinfo.test.ts create mode 100644 packages/js-core/tests/refresh-session.test.ts create mode 100644 packages/js-core/tests/session.test.ts create mode 100644 packages/js-core/tests/sign-in.test.ts create mode 100644 packages/js-core/tests/sign-out.test.ts create mode 100644 packages/js-core/tests/utils.ts create mode 100644 packages/js-core/tsconfig.build.json create mode 100644 packages/js-core/tsconfig.json create mode 100644 packages/js-core/tsdown.config.mts create mode 100644 packages/js-core/utils/package.json create mode 100644 packages/js-core/vitest.config.mts diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts index 99887ace..17cca737 100644 --- a/packages/core/src/types.ts +++ b/packages/core/src/types.ts @@ -265,10 +265,9 @@ export interface CallbackParams { * Human-readable description providing additional information about the authorization error. */ errorDescription?: string; - - /** - * Authorization code returned when using the Authorization Code Flow. - */ + /** Access token scopes (Implicit Flow) */ + scope?: string; + /** Authorization code received from the callback */ code?: string; /** diff --git a/packages/core/src/utils/index.ts b/packages/core/src/utils/index.ts index 0f544d36..2d702c3d 100644 --- a/packages/core/src/utils/index.ts +++ b/packages/core/src/utils/index.ts @@ -80,6 +80,7 @@ export const parseCallbackParams = ( sessionState: params.get('session_state') ?? undefined, expiresIn: expiresIn ? parseInt(expiresIn, 10) : undefined, code: params.get('code') ?? undefined, + scope: params.get('scope') ?? undefined, error: params.get('error') ?? undefined, errorDescription: params.get('error_description') ?? undefined, }; diff --git a/packages/core/tests/utils.test.ts b/packages/core/tests/utils.test.ts index 91fb2147..1a275a21 100644 --- a/packages/core/tests/utils.test.ts +++ b/packages/core/tests/utils.test.ts @@ -578,7 +578,7 @@ describe('encryptAuthstate and decryptAuthState', () => { describe('parseCallbackParams', () => { it('should give back callback params from a url', () => { const result = parseCallbackParams( - 'https://www.example.com/callback?state=abc123&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9&expires_in=40&id_token=eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ&refresh_token=def456&session_state=ghi789&code=xyz789&error=invalid_url&error_description=theurlparametersareinvalid' + 'https://www.example.com/callback?state=abc123&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9&expires_in=40&id_token=eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ&refresh_token=def456&session_state=ghi789&code=xyz789&error=invalid_url&error_description=theurlparametersareinvalid&scope=openid' ); expect(result).toStrictEqual({ state: 'abc123', @@ -586,6 +586,7 @@ describe('parseCallbackParams', () => { idToken: 'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ', refreshToken: 'def456', + scope: 'openid', sessionState: 'ghi789', expiresIn: 40, code: 'xyz789', @@ -605,6 +606,7 @@ describe('parseCallbackParams', () => { accessToken: undefined, idToken: undefined, refreshToken: undefined, + scope: undefined, sessionState: undefined, expiresIn: undefined, code: 'code', @@ -622,6 +624,7 @@ describe('parseCallbackParams', () => { accessToken: 'at', idToken: undefined, refreshToken: undefined, + scope: undefined, sessionState: undefined, expiresIn: undefined, code: 'code', @@ -637,6 +640,7 @@ describe('parseCallbackParams', () => { accessToken: 'token', idToken: undefined, refreshToken: undefined, + scope: undefined, expiresIn: undefined, sessionState: undefined, code: undefined, @@ -652,6 +656,7 @@ describe('parseCallbackParams', () => { accessToken: undefined, idToken: undefined, refreshToken: undefined, + scope: undefined, sessionState: undefined, expiresIn: undefined, code: undefined, @@ -668,6 +673,7 @@ describe('parseCallbackParams', () => { accessToken: undefined, idToken: undefined, refreshToken: undefined, + scope: undefined, expiresIn: undefined, sessionState: undefined, code: undefined, diff --git a/packages/js-core/example/.gitignore b/packages/js-core/example/.gitignore new file mode 100644 index 00000000..a547bf36 --- /dev/null +++ b/packages/js-core/example/.gitignore @@ -0,0 +1,24 @@ +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* +lerna-debug.log* + +node_modules +dist +dist-ssr +*.local + +# Editor directories and files +.vscode/* +!.vscode/extensions.json +.idea +.DS_Store +*.suo +*.ntvs* +*.njsproj +*.sln +*.sw? diff --git a/packages/js-core/example/index.html b/packages/js-core/example/index.html new file mode 100644 index 00000000..480a9ffb --- /dev/null +++ b/packages/js-core/example/index.html @@ -0,0 +1,157 @@ + + + + + + + + MonoCloud Vanilla JavaScript SDK + + + +

+ MonoCloud Vanilla JavaScript SDK +

+ +
+
+ +

Loading...

+ +
+
+ +
+
+
+
+ + +
+
+ +
+ +
+
+
+ + +
+
+ + +
+
+ +
+ +
+
+
+ + +
+
+ +
+ +
+
+
Refetch Userinfo
+
+ +
+
+ +
+
+

Get Tokens

+

+ IMPORTANT: Ensure all scopes and resources requested here were included in the initial /authorize request. + Update defaultAuthParams or resources in the client configuration accordingly. Example: For 'https://my-api' + with + scope 'read:data', include these in defaultAuthParams or resources. +

+
+
+ + +
+
+ + +
+
+
+
+ + +
+ +
+
+
+ + + + + \ No newline at end of file diff --git a/packages/js-core/example/package-lock.json b/packages/js-core/example/package-lock.json new file mode 100644 index 00000000..771edb85 --- /dev/null +++ b/packages/js-core/example/package-lock.json @@ -0,0 +1,1694 @@ +{ + "name": "example", + "version": "0.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "example", + "version": "0.0.0", + "dependencies": { + "@monocloud/auth-js-core": "file:../", + "@tailwindcss/vite": "^4.0.9", + "tailwindcss": "^4.0.9" + }, + "devDependencies": { + "typescript": "~5.9.3", + "vite": "^7.2.7" + } + }, + "..": { + "name": "@monocloud/auth-js-core", + "version": "0.0.0", + "license": "MIT", + "dependencies": { + "@monocloud/auth-core": "workspace:*", + "browser-tabs-lock": "^1.3.0" + }, + "devDependencies": { + "@monocloud/auth-test-utils": "workspace:*", + "eslint": "9.39.2" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz", + "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==", + "cpu": [ + "ppc64" + ], + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz", + "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz", + "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz", + "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz", + "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz", + "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz", + "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz", + "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz", + "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz", + "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz", + "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==", + "cpu": [ + "ia32" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz", + "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==", + "cpu": [ + "loong64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz", + "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==", + "cpu": [ + "mips64el" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz", + "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==", + "cpu": [ + "ppc64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz", + "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==", + "cpu": [ + "riscv64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz", + "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==", + "cpu": [ + "s390x" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz", + "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz", + "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz", + "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz", + "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz", + "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openharmony-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz", + "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz", + "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz", + "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz", + "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==", + "cpu": [ + "ia32" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz", + "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz", + "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@monocloud/auth-js-core": { + "resolved": "..", + "link": true + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.55.1.tgz", + "integrity": "sha512-9R0DM/ykwfGIlNu6+2U09ga0WXeZ9MRC2Ter8jnz8415VbuIykVuc6bhdrbORFZANDmTDvq26mJrEVTl8TdnDg==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.55.1.tgz", + "integrity": "sha512-eFZCb1YUqhTysgW3sj/55du5cG57S7UTNtdMjCW7LwVcj3dTTcowCsC8p7uBdzKsZYa8J7IDE8lhMI+HX1vQvg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.55.1.tgz", + "integrity": "sha512-p3grE2PHcQm2e8PSGZdzIhCKbMCw/xi9XvMPErPhwO17vxtvCN5FEA2mSLgmKlCjHGMQTP6phuQTYWUnKewwGg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.55.1.tgz", + "integrity": "sha512-rDUjG25C9qoTm+e02Esi+aqTKSBYwVTaoS1wxcN47/Luqef57Vgp96xNANwt5npq9GDxsH7kXxNkJVEsWEOEaQ==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.55.1.tgz", + "integrity": "sha512-+JiU7Jbp5cdxekIgdte0jfcu5oqw4GCKr6i3PJTlXTCU5H5Fvtkpbs4XJHRmWNXF+hKmn4v7ogI5OQPaupJgOg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.55.1.tgz", + "integrity": "sha512-V5xC1tOVWtLLmr3YUk2f6EJK4qksksOYiz/TCsFHu/R+woubcLWdC9nZQmwjOAbmExBIVKsm1/wKmEy4z4u4Bw==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.55.1.tgz", + "integrity": "sha512-Rn3n+FUk2J5VWx+ywrG/HGPTD9jXNbicRtTM11e/uorplArnXZYsVifnPPqNNP5BsO3roI4n8332ukpY/zN7rQ==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.55.1.tgz", + "integrity": "sha512-grPNWydeKtc1aEdrJDWk4opD7nFtQbMmV7769hiAaYyUKCT1faPRm2av8CX1YJsZ4TLAZcg9gTR1KvEzoLjXkg==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.55.1.tgz", + "integrity": "sha512-a59mwd1k6x8tXKcUxSyISiquLwB5pX+fJW9TkWU46lCqD/GRDe9uDN31jrMmVP3feI3mhAdvcCClhV8V5MhJFQ==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.55.1.tgz", + "integrity": "sha512-puS1MEgWX5GsHSoiAsF0TYrpomdvkaXm0CofIMG5uVkP6IBV+ZO9xhC5YEN49nsgYo1DuuMquF9+7EDBVYu4uA==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.55.1.tgz", + "integrity": "sha512-r3Wv40in+lTsULSb6nnoudVbARdOwb2u5fpeoOAZjFLznp6tDU8kd+GTHmJoqZ9lt6/Sys33KdIHUaQihFcu7g==", + "cpu": [ + "loong64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.55.1.tgz", + "integrity": "sha512-MR8c0+UxAlB22Fq4R+aQSPBayvYa3+9DrwG/i1TKQXFYEaoW3B5b/rkSRIypcZDdWjWnpcvxbNaAJDcSbJU3Lw==", + "cpu": [ + "loong64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.55.1.tgz", + "integrity": "sha512-3KhoECe1BRlSYpMTeVrD4sh2Pw2xgt4jzNSZIIPLFEsnQn9gAnZagW9+VqDqAHgm1Xc77LzJOo2LdigS5qZ+gw==", + "cpu": [ + "ppc64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.55.1.tgz", + "integrity": "sha512-ziR1OuZx0vdYZZ30vueNZTg73alF59DicYrPViG0NEgDVN8/Jl87zkAPu4u6VjZST2llgEUjaiNl9JM6HH1Vdw==", + "cpu": [ + "ppc64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.55.1.tgz", + "integrity": "sha512-uW0Y12ih2XJRERZ4jAfKamTyIHVMPQnTZcQjme2HMVDAHY4amf5u414OqNYC+x+LzRdRcnIG1YodLrrtA8xsxw==", + "cpu": [ + "riscv64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.55.1.tgz", + "integrity": "sha512-u9yZ0jUkOED1BFrqu3BwMQoixvGHGZ+JhJNkNKY/hyoEgOwlqKb62qu+7UjbPSHYjiVy8kKJHvXKv5coH4wDeg==", + "cpu": [ + "riscv64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.55.1.tgz", + "integrity": "sha512-/0PenBCmqM4ZUd0190j7J0UsQ/1nsi735iPRakO8iPciE7BQ495Y6msPzaOmvx0/pn+eJVVlZrNrSh4WSYLxNg==", + "cpu": [ + "s390x" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.55.1.tgz", + "integrity": "sha512-a8G4wiQxQG2BAvo+gU6XrReRRqj+pLS2NGXKm8io19goR+K8lw269eTrPkSdDTALwMmJp4th2Uh0D8J9bEV1vg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.55.1.tgz", + "integrity": "sha512-bD+zjpFrMpP/hqkfEcnjXWHMw5BIghGisOKPj+2NaNDuVT+8Ds4mPf3XcPHuat1tz89WRL+1wbcxKY3WSbiT7w==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.55.1.tgz", + "integrity": "sha512-eLXw0dOiqE4QmvikfQ6yjgkg/xDM+MdU9YJuP4ySTibXU0oAvnEWXt7UDJmD4UkYialMfOGFPJnIHSe/kdzPxg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.55.1.tgz", + "integrity": "sha512-xzm44KgEP11te3S2HCSyYf5zIzWmx3n8HDCc7EE59+lTcswEWNpvMLfd9uJvVX8LCg9QWG67Xt75AuHn4vgsXw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.55.1.tgz", + "integrity": "sha512-yR6Bl3tMC/gBok5cz/Qi0xYnVbIxGx5Fcf/ca0eB6/6JwOY+SRUcJfI0OpeTpPls7f194as62thCt/2BjxYN8g==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.55.1.tgz", + "integrity": "sha512-3fZBidchE0eY0oFZBnekYCfg+5wAB0mbpCBuofh5mZuzIU/4jIVkbESmd2dOsFNS78b53CYv3OAtwqkZZmU5nA==", + "cpu": [ + "ia32" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.55.1.tgz", + "integrity": "sha512-xGGY5pXj69IxKb4yv/POoocPy/qmEGhimy/FoTpTSVju3FYXUQQMFCaZZXJVidsmGxRioZAwpThl/4zX41gRKg==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.55.1.tgz", + "integrity": "sha512-SPEpaL6DX4rmcXtnhdrQYgzQ5W2uW3SCJch88lB2zImhJRhIIK44fkUrgIV/Q8yUNfw5oyZ5vkeQsZLhCb06lw==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@tailwindcss/node": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.1.18.tgz", + "integrity": "sha512-DoR7U1P7iYhw16qJ49fgXUlry1t4CpXeErJHnQ44JgTSKMaZUdf17cfn5mHchfJ4KRBZRFA/Coo+MUF5+gOaCQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/remapping": "^2.3.4", + "enhanced-resolve": "^5.18.3", + "jiti": "^2.6.1", + "lightningcss": "1.30.2", + "magic-string": "^0.30.21", + "source-map-js": "^1.2.1", + "tailwindcss": "4.1.18" + } + }, + "node_modules/@tailwindcss/oxide": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.1.18.tgz", + "integrity": "sha512-EgCR5tTS5bUSKQgzeMClT6iCY3ToqE1y+ZB0AKldj809QXk1Y+3jB0upOYZrn9aGIzPtUsP7sX4QQ4XtjBB95A==", + "license": "MIT", + "engines": { + "node": ">= 10" + }, + "optionalDependencies": { + "@tailwindcss/oxide-android-arm64": "4.1.18", + "@tailwindcss/oxide-darwin-arm64": "4.1.18", + "@tailwindcss/oxide-darwin-x64": "4.1.18", + "@tailwindcss/oxide-freebsd-x64": "4.1.18", + "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.18", + "@tailwindcss/oxide-linux-arm64-gnu": "4.1.18", + "@tailwindcss/oxide-linux-arm64-musl": "4.1.18", + "@tailwindcss/oxide-linux-x64-gnu": "4.1.18", + "@tailwindcss/oxide-linux-x64-musl": "4.1.18", + "@tailwindcss/oxide-wasm32-wasi": "4.1.18", + "@tailwindcss/oxide-win32-arm64-msvc": "4.1.18", + "@tailwindcss/oxide-win32-x64-msvc": "4.1.18" + } + }, + "node_modules/@tailwindcss/oxide-android-arm64": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.1.18.tgz", + "integrity": "sha512-dJHz7+Ugr9U/diKJA0W6N/6/cjI+ZTAoxPf9Iz9BFRF2GzEX8IvXxFIi/dZBloVJX/MZGvRuFA9rqwdiIEZQ0Q==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-darwin-arm64": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.1.18.tgz", + "integrity": "sha512-Gc2q4Qhs660bhjyBSKgq6BYvwDz4G+BuyJ5H1xfhmDR3D8HnHCmT/BSkvSL0vQLy/nkMLY20PQ2OoYMO15Jd0A==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-darwin-x64": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.1.18.tgz", + "integrity": "sha512-FL5oxr2xQsFrc3X9o1fjHKBYBMD1QZNyc1Xzw/h5Qu4XnEBi3dZn96HcHm41c/euGV+GRiXFfh2hUCyKi/e+yw==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-freebsd-x64": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.1.18.tgz", + "integrity": "sha512-Fj+RHgu5bDodmV1dM9yAxlfJwkkWvLiRjbhuO2LEtwtlYlBgiAT4x/j5wQr1tC3SANAgD+0YcmWVrj8R9trVMA==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm-gnueabihf": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.1.18.tgz", + "integrity": "sha512-Fp+Wzk/Ws4dZn+LV2Nqx3IilnhH51YZoRaYHQsVq3RQvEl+71VGKFpkfHrLM/Li+kt5c0DJe/bHXK1eHgDmdiA==", + "cpu": [ + "arm" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm64-gnu": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.1.18.tgz", + "integrity": "sha512-S0n3jboLysNbh55Vrt7pk9wgpyTTPD0fdQeh7wQfMqLPM/Hrxi+dVsLsPrycQjGKEQk85Kgbx+6+QnYNiHalnw==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm64-musl": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.1.18.tgz", + "integrity": "sha512-1px92582HkPQlaaCkdRcio71p8bc8i/ap5807tPRDK/uw953cauQBT8c5tVGkOwrHMfc2Yh6UuxaH4vtTjGvHg==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-x64-gnu": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.1.18.tgz", + "integrity": "sha512-v3gyT0ivkfBLoZGF9LyHmts0Isc8jHZyVcbzio6Wpzifg/+5ZJpDiRiUhDLkcr7f/r38SWNe7ucxmGW3j3Kb/g==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-x64-musl": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.1.18.tgz", + "integrity": "sha512-bhJ2y2OQNlcRwwgOAGMY0xTFStt4/wyU6pvI6LSuZpRgKQwxTec0/3Scu91O8ir7qCR3AuepQKLU/kX99FouqQ==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-wasm32-wasi": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.1.18.tgz", + "integrity": "sha512-LffYTvPjODiP6PT16oNeUQJzNVyJl1cjIebq/rWWBF+3eDst5JGEFSc5cWxyRCJ0Mxl+KyIkqRxk1XPEs9x8TA==", + "bundleDependencies": [ + "@napi-rs/wasm-runtime", + "@emnapi/core", + "@emnapi/runtime", + "@tybys/wasm-util", + "@emnapi/wasi-threads", + "tslib" + ], + "cpu": [ + "wasm32" + ], + "license": "MIT", + "optional": true, + "dependencies": { + "@emnapi/core": "^1.7.1", + "@emnapi/runtime": "^1.7.1", + "@emnapi/wasi-threads": "^1.1.0", + "@napi-rs/wasm-runtime": "^1.1.0", + "@tybys/wasm-util": "^0.10.1", + "tslib": "^2.4.0" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@tailwindcss/oxide-win32-arm64-msvc": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.18.tgz", + "integrity": "sha512-HjSA7mr9HmC8fu6bdsZvZ+dhjyGCLdotjVOgLA2vEqxEBZaQo9YTX4kwgEvPCpRh8o4uWc4J/wEoFzhEmjvPbA==", + "cpu": [ + "arm64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-win32-x64-msvc": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.1.18.tgz", + "integrity": "sha512-bJWbyYpUlqamC8dpR7pfjA0I7vdF6t5VpUGMWRkXVE3AXgIZjYUYAK7II1GNaxR8J1SSrSrppRar8G++JekE3Q==", + "cpu": [ + "x64" + ], + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/vite": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/@tailwindcss/vite/-/vite-4.1.18.tgz", + "integrity": "sha512-jVA+/UpKL1vRLg6Hkao5jldawNmRo7mQYrZtNHMIVpLfLhDml5nMRUo/8MwoX2vNXvnaXNNMedrMfMugAVX1nA==", + "license": "MIT", + "dependencies": { + "@tailwindcss/node": "4.1.18", + "@tailwindcss/oxide": "4.1.18", + "tailwindcss": "4.1.18" + }, + "peerDependencies": { + "vite": "^5.2.0 || ^6 || ^7" + } + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "license": "MIT" + }, + "node_modules/detect-libc": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "license": "Apache-2.0", + "engines": { + "node": ">=8" + } + }, + "node_modules/enhanced-resolve": { + "version": "5.18.4", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.4.tgz", + "integrity": "sha512-LgQMM4WXU3QI+SYgEc2liRgznaD5ojbmY3sb8LxyguVkIg5FxdpTkvk72te2R38/TGKxH634oLxXRGY6d7AP+Q==", + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/esbuild": { + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz", + "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==", + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.27.2", + "@esbuild/android-arm": "0.27.2", + "@esbuild/android-arm64": "0.27.2", + "@esbuild/android-x64": "0.27.2", + "@esbuild/darwin-arm64": "0.27.2", + "@esbuild/darwin-x64": "0.27.2", + "@esbuild/freebsd-arm64": "0.27.2", + "@esbuild/freebsd-x64": "0.27.2", + "@esbuild/linux-arm": "0.27.2", + "@esbuild/linux-arm64": "0.27.2", + "@esbuild/linux-ia32": "0.27.2", + "@esbuild/linux-loong64": "0.27.2", + "@esbuild/linux-mips64el": "0.27.2", + "@esbuild/linux-ppc64": "0.27.2", + "@esbuild/linux-riscv64": "0.27.2", + "@esbuild/linux-s390x": "0.27.2", + "@esbuild/linux-x64": "0.27.2", + "@esbuild/netbsd-arm64": "0.27.2", + "@esbuild/netbsd-x64": "0.27.2", + "@esbuild/openbsd-arm64": "0.27.2", + "@esbuild/openbsd-x64": "0.27.2", + "@esbuild/openharmony-arm64": "0.27.2", + "@esbuild/sunos-x64": "0.27.2", + "@esbuild/win32-arm64": "0.27.2", + "@esbuild/win32-ia32": "0.27.2", + "@esbuild/win32-x64": "0.27.2" + } + }, + "node_modules/fdir": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "picomatch": "^3 || ^4" + }, + "peerDependenciesMeta": { + "picomatch": { + "optional": true + } + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "license": "ISC" + }, + "node_modules/jiti": { + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz", + "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==", + "license": "MIT", + "bin": { + "jiti": "lib/jiti-cli.mjs" + } + }, + "node_modules/lightningcss": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.30.2.tgz", + "integrity": "sha512-utfs7Pr5uJyyvDETitgsaqSyjCb2qNRAtuqUeWIAKztsOYdcACf2KtARYXg2pSvhkt+9NfoaNY7fxjl6nuMjIQ==", + "license": "MPL-2.0", + "dependencies": { + "detect-libc": "^2.0.3" + }, + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + }, + "optionalDependencies": { + "lightningcss-android-arm64": "1.30.2", + "lightningcss-darwin-arm64": "1.30.2", + "lightningcss-darwin-x64": "1.30.2", + "lightningcss-freebsd-x64": "1.30.2", + "lightningcss-linux-arm-gnueabihf": "1.30.2", + "lightningcss-linux-arm64-gnu": "1.30.2", + "lightningcss-linux-arm64-musl": "1.30.2", + "lightningcss-linux-x64-gnu": "1.30.2", + "lightningcss-linux-x64-musl": "1.30.2", + "lightningcss-win32-arm64-msvc": "1.30.2", + "lightningcss-win32-x64-msvc": "1.30.2" + } + }, + "node_modules/lightningcss-android-arm64": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-android-arm64/-/lightningcss-android-arm64-1.30.2.tgz", + "integrity": "sha512-BH9sEdOCahSgmkVhBLeU7Hc9DWeZ1Eb6wNS6Da8igvUwAe0sqROHddIlvU06q3WyXVEOYDZ6ykBZQnjTbmo4+A==", + "cpu": [ + "arm64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-darwin-arm64": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.30.2.tgz", + "integrity": "sha512-ylTcDJBN3Hp21TdhRT5zBOIi73P6/W0qwvlFEk22fkdXchtNTOU4Qc37SkzV+EKYxLouZ6M4LG9NfZ1qkhhBWA==", + "cpu": [ + "arm64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-darwin-x64": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.30.2.tgz", + "integrity": "sha512-oBZgKchomuDYxr7ilwLcyms6BCyLn0z8J0+ZZmfpjwg9fRVZIR5/GMXd7r9RH94iDhld3UmSjBM6nXWM2TfZTQ==", + "cpu": [ + "x64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-freebsd-x64": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.30.2.tgz", + "integrity": "sha512-c2bH6xTrf4BDpK8MoGG4Bd6zAMZDAXS569UxCAGcA7IKbHNMlhGQ89eRmvpIUGfKWNVdbhSbkQaWhEoMGmGslA==", + "cpu": [ + "x64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm-gnueabihf": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.30.2.tgz", + "integrity": "sha512-eVdpxh4wYcm0PofJIZVuYuLiqBIakQ9uFZmipf6LF/HRj5Bgm0eb3qL/mr1smyXIS1twwOxNWndd8z0E374hiA==", + "cpu": [ + "arm" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm64-gnu": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.30.2.tgz", + "integrity": "sha512-UK65WJAbwIJbiBFXpxrbTNArtfuznvxAJw4Q2ZGlU8kPeDIWEX1dg3rn2veBVUylA2Ezg89ktszWbaQnxD/e3A==", + "cpu": [ + "arm64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm64-musl": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.30.2.tgz", + "integrity": "sha512-5Vh9dGeblpTxWHpOx8iauV02popZDsCYMPIgiuw97OJ5uaDsL86cnqSFs5LZkG3ghHoX5isLgWzMs+eD1YzrnA==", + "cpu": [ + "arm64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-x64-gnu": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.30.2.tgz", + "integrity": "sha512-Cfd46gdmj1vQ+lR6VRTTadNHu6ALuw2pKR9lYq4FnhvgBc4zWY1EtZcAc6EffShbb1MFrIPfLDXD6Xprbnni4w==", + "cpu": [ + "x64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-x64-musl": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.30.2.tgz", + "integrity": "sha512-XJaLUUFXb6/QG2lGIW6aIk6jKdtjtcffUT0NKvIqhSBY3hh9Ch+1LCeH80dR9q9LBjG3ewbDjnumefsLsP6aiA==", + "cpu": [ + "x64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-win32-arm64-msvc": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.30.2.tgz", + "integrity": "sha512-FZn+vaj7zLv//D/192WFFVA0RgHawIcHqLX9xuWiQt7P0PtdFEVaxgF9rjM/IRYHQXNnk61/H/gb2Ei+kUQ4xQ==", + "cpu": [ + "arm64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-win32-x64-msvc": { + "version": "1.30.2", + "resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.30.2.tgz", + "integrity": "sha512-5g1yc73p+iAkid5phb4oVFMB45417DkRevRbt/El/gKXJk4jid+vPFF/AXbxn05Aky8PapwzZrdJShv5C0avjw==", + "cpu": [ + "x64" + ], + "license": "MPL-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/magic-string": { + "version": "0.30.21", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz", + "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.5" + } + }, + "node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/postcss": { + "version": "8.5.6", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", + "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/rollup": { + "version": "4.55.1", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.55.1.tgz", + "integrity": "sha512-wDv/Ht1BNHB4upNbK74s9usvl7hObDnvVzknxqY/E/O3X6rW1U1rV1aENEfJ54eFZDTNo7zv1f5N4edCluH7+A==", + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.55.1", + "@rollup/rollup-android-arm64": "4.55.1", + "@rollup/rollup-darwin-arm64": "4.55.1", + "@rollup/rollup-darwin-x64": "4.55.1", + "@rollup/rollup-freebsd-arm64": "4.55.1", + "@rollup/rollup-freebsd-x64": "4.55.1", + "@rollup/rollup-linux-arm-gnueabihf": "4.55.1", + "@rollup/rollup-linux-arm-musleabihf": "4.55.1", + "@rollup/rollup-linux-arm64-gnu": "4.55.1", + "@rollup/rollup-linux-arm64-musl": "4.55.1", + "@rollup/rollup-linux-loong64-gnu": "4.55.1", + "@rollup/rollup-linux-loong64-musl": "4.55.1", + "@rollup/rollup-linux-ppc64-gnu": "4.55.1", + "@rollup/rollup-linux-ppc64-musl": "4.55.1", + "@rollup/rollup-linux-riscv64-gnu": "4.55.1", + "@rollup/rollup-linux-riscv64-musl": "4.55.1", + "@rollup/rollup-linux-s390x-gnu": "4.55.1", + "@rollup/rollup-linux-x64-gnu": "4.55.1", + "@rollup/rollup-linux-x64-musl": "4.55.1", + "@rollup/rollup-openbsd-x64": "4.55.1", + "@rollup/rollup-openharmony-arm64": "4.55.1", + "@rollup/rollup-win32-arm64-msvc": "4.55.1", + "@rollup/rollup-win32-ia32-msvc": "4.55.1", + "@rollup/rollup-win32-x64-gnu": "4.55.1", + "@rollup/rollup-win32-x64-msvc": "4.55.1", + "fsevents": "~2.3.2" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/tailwindcss": { + "version": "4.1.18", + "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.18.tgz", + "integrity": "sha512-4+Z+0yiYyEtUVCScyfHCxOYP06L5Ne+JiHhY2IjR2KWMIWhJOYZKLSGZaP5HkZ8+bY0cxfzwDE5uOmzFXyIwxw==", + "license": "MIT" + }, + "node_modules/tapable": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz", + "integrity": "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==", + "license": "MIT", + "engines": { + "node": ">=6" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/tinyglobby": { + "version": "0.2.15", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz", + "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==", + "license": "MIT", + "dependencies": { + "fdir": "^6.5.0", + "picomatch": "^4.0.3" + }, + "engines": { + "node": ">=12.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/SuperchupuDev" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/vite": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.0.tgz", + "integrity": "sha512-dZwN5L1VlUBewiP6H9s2+B3e3Jg96D0vzN+Ry73sOefebhYr9f94wwkMNN/9ouoU8pV1BqA1d1zGk8928cx0rg==", + "license": "MIT", + "dependencies": { + "esbuild": "^0.27.0", + "fdir": "^6.5.0", + "picomatch": "^4.0.3", + "postcss": "^8.5.6", + "rollup": "^4.43.0", + "tinyglobby": "^0.2.15" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^20.19.0 || >=22.12.0", + "jiti": ">=1.21.0", + "less": "^4.0.0", + "lightningcss": "^1.21.0", + "sass": "^1.70.0", + "sass-embedded": "^1.70.0", + "stylus": ">=0.54.8", + "sugarss": "^5.0.0", + "terser": "^5.16.0", + "tsx": "^4.8.1", + "yaml": "^2.4.2" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "jiti": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + }, + "tsx": { + "optional": true + }, + "yaml": { + "optional": true + } + } + } + } +} diff --git a/packages/js-core/example/package.json b/packages/js-core/example/package.json new file mode 100644 index 00000000..4075f511 --- /dev/null +++ b/packages/js-core/example/package.json @@ -0,0 +1,20 @@ +{ + "name": "example", + "private": true, + "version": "0.0.0", + "type": "module", + "scripts": { + "dev": "vite", + "build": "tsc && vite build", + "preview": "vite preview" + }, + "dependencies": { + "@monocloud/auth-js-core": "file:../", + "@tailwindcss/vite": "^4.0.9", + "tailwindcss": "^4.0.9" + }, + "devDependencies": { + "typescript": "~5.9.3", + "vite": "^7.2.7" + } +} diff --git a/packages/js-core/example/public/favicon.ico b/packages/js-core/example/public/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..6bfa839623752356734e8d767fd87091ca19ceb7 GIT binary patch literal 4286 zcmeHLeN0wm6u+*LLL(v9Be0|-GyFhX>olqiT;e!=ns457@zY_3#F8-;;7 zYHgxyC>8`u=9bMbu%MPiuOA5Uk(wZdd~?sQ-{s}?eP5u-hgeV%j9@0|0T z^Ly@4lo9-Ma#FNk*AWT&M*uUih|*5I0Hk;fXGm^2dCTK z1kvY0@-{)Tq9LbJfri?_*&2-2wGycNyrIUAfEsfjYP5Km%1YfHN}z|ugV(JY6}^^m>u zAQ7yQ0Iom95$wwv`n}7B{FuSG?TAhLYw2G!NA^}g)NTyorxSnvD8P;QQHw3@SC<1X zc>q)C!xYB9caK4@`&Z8Hr`<7(ow{0%p0o#!95%_cHbV9x^Wh$zY5v;3}dIw7m2N7?5md0|3;IH_N4zF z^11`D8T)e9Q8?w3m$RRmO>(J8z}9%6z1=ite5$VlR!0E2$BZ*w`IG#&*(0>Mko7U0 z*zS|)|4EaK@k#9f4#q*2QFbZumoN_z6WC9zS>tu9-ZD0jd(HW`rV3~=^S7#yHS0us zwCPW59pg`o13HM+*Hx>B#OWZRlz*B22JxQY#~hmF(_F9OB;@jO^BL1~M>FJ5BxE&f zPK(`>_;XyD=Q5K_A5W6|39(r#!PJ@0UJRtqnY(*SwlqNfJP_(<`uiYYm)8wpc?G zZKU}@Rx$Pk)c0WBht2`6U$d0^x3|;e)u4&w8RGje7hbfna|7$H&7e_F&PZ~Dx|aQ- z<#)4=T&TZeP0l1k-N+gW>;i78q31 zcM#W>@i9k{-L;yY0I00Tn|i1pxa?-d8F{Ph3S61Xxx|bu7Ois ziSNRpV?So{Y{', + clientId: '', + appUrl: 'http://localhost:5173', + callbackPath: '/', + signOutCallbackPath: '/', + federatedSignOut: true, + defaultAuthParams: { + scopes: 'openid profile email offline_access', + // resource: + }, + resources: [ + // { + // resource: '' + // scopes: '', + // }, + ], +}; + +const client = new MonoCloudJSCoreClient(options); + +let processingCallback = true; + +const updateJson = (elementId: string, value: unknown): void => { + const element = document.getElementById(elementId)!; + const newValue = JSON.stringify(value, null, 2); + element.textContent = newValue; +}; + +const updateValue = (elementId: string, value: string): void => { + const element = document.getElementById(elementId)!; + element.textContent = value; +}; + +const noUserMessage = document.getElementById('no-user-message')!; + +const updateUI = async (): Promise => { + const userData = document.getElementById('user-data')!; + const session = await client.getSession(); + + if (session && !processingCallback) { + noUserMessage.classList.add('hidden'); + userData.classList.remove('hidden'); + updateValue('id-token-value', session.idToken ?? 'null'); + updateJson('access-tokens-value', session.accessTokens); + updateValue('refresh-token-value', session.refreshToken ?? 'null'); + updateJson('user-value', session.user); + updateJson('session-value', session); + } else { + if (!processingCallback) { + noUserMessage.classList.remove('hidden'); + } + userData.classList.add('hidden'); + } +}; + +client + .processCallback() + .then(() => { + processingCallback = false; + const processCallbackMessage = document.getElementById('loading')!; + processCallbackMessage.classList.add('hidden'); + noUserMessage.classList.remove('hidden'); + return updateUI(); + }) + .then(); + +document.getElementById('sign-in-btn')!.addEventListener('click', async () => { + const mode = (document.getElementById('sign-in-mode') as HTMLSelectElement) + .value as InteractionMode; + await client.signIn({ mode }); + await updateUI(); +}); + +document.getElementById('sign-out-btn')!.addEventListener('click', async () => { + (document.getElementById('token-resource') as HTMLInputElement).value = ''; + (document.getElementById('token-scopes') as HTMLInputElement).value = ''; + (document.getElementById('force-refresh') as HTMLInputElement).checked = + false; + + const mode = (document.getElementById('sign-out-mode') as HTMLSelectElement) + .value as InteractionMode; + const federated = ( + document.getElementById('federated-signout') as HTMLInputElement + ).checked; + options.federatedSignOut = federated; + await client.signOut({ mode }); + await updateUI(); +}); + +document + .getElementById('refresh-session-btn')! + .addEventListener('click', async () => { + const mode = (document.getElementById('refresh-mode') as HTMLSelectElement) + .value as RefreshMode; + await client.refreshSession({ mode }); + await updateUI(); + }); + +document + .getElementById('refetch-user-btn')! + .addEventListener('click', async () => { + await client.refetchUserInfo(); + await updateUI(); + }); + +document + .getElementById('get-tokens-btn')! + .addEventListener('click', async () => { + const resource = ( + document.getElementById('token-resource') as HTMLInputElement + ).value.trim(); + const scopes = ( + document.getElementById('token-scopes') as HTMLInputElement + ).value.trim(); + const forceRefresh = ( + document.getElementById('force-refresh') as HTMLInputElement + ).checked; + + const getTokensOptions: GetTokensOptions = { + forceRefresh, + }; + + if (resource) { + getTokensOptions.resource = resource; + } + + if (scopes) { + getTokensOptions.scopes = scopes; + } + + try { + const tokens = await client.getTokens(getTokensOptions); + // eslint-disable-next-line no-console + console.log('Tokens received:', tokens); + + await updateUI(); + + alert('Tokens retrieved successfully!'); + } catch (error) { + // eslint-disable-next-line no-console + console.error('Error getting tokens:', error); + } + }); + +await updateUI(); diff --git a/packages/js-core/example/src/style.css b/packages/js-core/example/src/style.css new file mode 100644 index 00000000..d4b50785 --- /dev/null +++ b/packages/js-core/example/src/style.css @@ -0,0 +1 @@ +@import 'tailwindcss'; diff --git a/packages/js-core/example/src/vite-env.d.ts b/packages/js-core/example/src/vite-env.d.ts new file mode 100644 index 00000000..11f02fe2 --- /dev/null +++ b/packages/js-core/example/src/vite-env.d.ts @@ -0,0 +1 @@ +/// diff --git a/packages/js-core/example/tsconfig.json b/packages/js-core/example/tsconfig.json new file mode 100644 index 00000000..a4883f28 --- /dev/null +++ b/packages/js-core/example/tsconfig.json @@ -0,0 +1,24 @@ +{ + "compilerOptions": { + "target": "ES2020", + "useDefineForClassFields": true, + "module": "ESNext", + "lib": ["ES2020", "DOM", "DOM.Iterable"], + "skipLibCheck": true, + + /* Bundler mode */ + "moduleResolution": "bundler", + "allowImportingTsExtensions": true, + "isolatedModules": true, + "moduleDetection": "force", + "noEmit": true, + + /* Linting */ + "strict": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "noFallthroughCasesInSwitch": true, + "noUncheckedSideEffectImports": true + }, + "include": ["src"] +} diff --git a/packages/js-core/example/vite.config.ts b/packages/js-core/example/vite.config.ts new file mode 100644 index 00000000..ad83474a --- /dev/null +++ b/packages/js-core/example/vite.config.ts @@ -0,0 +1,4 @@ +import { defineConfig } from 'vite'; +import tailwindcss from '@tailwindcss/vite'; + +export default defineConfig({ plugins: [tailwindcss()] }); diff --git a/packages/js-core/internal/package.json b/packages/js-core/internal/package.json new file mode 100644 index 00000000..7cad7ff3 --- /dev/null +++ b/packages/js-core/internal/package.json @@ -0,0 +1,5 @@ +{ + "main": "../dist/utils/internal.cjs", + "module": "../dist/utils/internal.mjs", + "types": "../dist/utils/internal.d.mts" +} diff --git a/packages/js-core/package.json b/packages/js-core/package.json new file mode 100644 index 00000000..f6c9dc2f --- /dev/null +++ b/packages/js-core/package.json @@ -0,0 +1,69 @@ +{ + "name": "@monocloud/auth-js-core", + "version": "0.0.0", + "description": "MonoCloud JavaScript Authentication Core SDK", + "keywords": [ + "monocloud", + "authentication", + "auth", + "sdk", + "base", + "core", + "javascript" + ], + "homepage": "https://www.monocloud.com", + "bugs": { + "url": "https://github.com/monocloud/auth-js/issues" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/monocloud/auth-js.git", + "directory": "packages/js-core" + }, + "license": "MIT", + "author": { + "name": "MonoCloud", + "email": "support@monocloud.com" + }, + "main": "./dist/index.cjs", + "module": "./dist/index.mjs", + "types": "./dist/index.d.mts", + "exports": { + ".": { + "types": "./dist/index.d.mts", + "import": "./dist/index.mjs", + "require": "./dist/index.cjs", + "default": "./dist/index.mjs" + }, + "./utils": { + "types": "./dist/utils/index.d.mts", + "import": "./dist/utils/index.mjs", + "require": "./dist/utils/index.cjs", + "default": "./dist/utils/index.mjs" + }, + "./internal": { + "types": "./dist/utils/internal.d.mts", + "import": "./dist/utils/internal.mjs", + "require": "./dist/utils/internal.cjs", + "default": "./dist/utils/internal.mjs" + } + }, + "files": [ + "dist" + ], + "scripts": { + "build": "tsdown", + "lint:es": "eslint src tests", + "lint:ts": "tsc", + "lint": "pnpm run lint:es && pnpm run lint:ts", + "test": "eslint tests && rimraf coverage && vitest" + }, + "dependencies": { + "@monocloud/auth-core": "workspace:*", + "browser-tabs-lock": "1.3.0" + }, + "devDependencies": { + "@monocloud/auth-test-utils": "workspace:*", + "eslint": "9.39.2" + } +} diff --git a/packages/js-core/src/constants.ts b/packages/js-core/src/constants.ts new file mode 100644 index 00000000..3b222491 --- /dev/null +++ b/packages/js-core/src/constants.ts @@ -0,0 +1,27 @@ +export const AUTH_CONSTANTS = { + CALLBACK_KEY: 'mc.state', + SESSION_KEY: 'mc.session', + LOCK_KEY: 'mc.lock', + DEFAULT_TIMEOUT_SECONDS: 600, + DEFAULT_RESPONSE_TYPE: 'code', + DEFAULT_CLOCK_SKEW_SECONDS: 60, + DEFAULT_CLOCK_TOLERANCE_SECONDS: 60, + DEFAULT_VALIDATE_ID_TOKEN: true, + DEFAULT_FEDERATED_SIGNOUT: true, + DEFAULT_FETCH_USERINFO: true, + DEFAULT_SCOPES: 'openid', + POPUP_WINDOW_WIDTH: 375, + POPUP_WINDOW_HEIGHT: 600, + FILTERED_ID_TOKEN_CLAIMS: [ + 'iss', + 'exp', + 'nbf', + 'aud', + 'nonce', + 'iat', + 'auth_time', + 'c_hash', + 'at_hash', + 's_hash', + ], +} as const; diff --git a/packages/js-core/src/index.ts b/packages/js-core/src/index.ts new file mode 100644 index 00000000..4ee61ea5 --- /dev/null +++ b/packages/js-core/src/index.ts @@ -0,0 +1,64 @@ +export { + MonoCloudTokenError, + MonoCloudHttpError, + MonoCloudAuthBaseError, + MonoCloudOPError, + MonoCloudValidationError, +} from '@monocloud/auth-core'; + +export type { + AccessToken, + AuthenticateOptions, + ClientAuthMethod, + MonoCloudClientOptions, + PushedAuthorizationParams, + RefreshSessionOptions, + AuthState, + Authenticators, + AuthorizationParams, + CallbackParams, + JwsHeaderParameters, + EndSessionParameters, + Group, + IdTokenClaims, + IssuerMetadata, + SecurityAlgorithms, + Jwk, + Jwks, + MonoCloudSession, + MonoCloudUser, + Tokens, + UserinfoResponse, + CodeChallengeMethod, + DisplayOptions, + Prompt, + ResponseModes, + ResponseTypes, + RefreshGrantOptions, + RefetchUserInfoOptions, + ParResponse, +} from '@monocloud/auth-core'; + +export { MonoCloudOidcClient } from '@monocloud/auth-core'; + +export { MonoCloudJSCoreClient } from './monocloud-js-core-client'; +export { MonoCloudJsError } from './monocloud-js-error'; +export { localStorage, memoryStorage, sessionStorage } from './storage'; + +export type { + MonoCloudJSCoreClientOptions, + IStorage, + InteractionMode, + ApplicationState, + Indicator, + MonoCloudTokens, + OnSessionCreating, + RefreshMode, + RefreshOptions, + SignInOptions, + SignOutOptions, + CallbackState, + PostCallback, + PostCallbackParams, + GetTokensOptions, +} from './types'; diff --git a/packages/js-core/src/lock.ts b/packages/js-core/src/lock.ts new file mode 100644 index 00000000..f339ddd7 --- /dev/null +++ b/packages/js-core/src/lock.ts @@ -0,0 +1,48 @@ +import TabLock from 'browser-tabs-lock'; +import { MonoCloudJsError } from './monocloud-js-error'; +import { MonoCloudAuthBaseError } from '@monocloud/auth-core'; + +const tabLock = new TabLock(); + +export async function withLock( + key: string, + cb: () => Promise +): Promise { + if (navigator.locks instanceof LockManager && window.isSecureContext) { + const abortController = new AbortController(); + const timeout = setTimeout(() => abortController.abort(), 5000); + try { + return await navigator.locks.request( + key, + { signal: abortController.signal }, + async () => { + clearTimeout(timeout); + return await cb(); + } + ); + } catch (error: any) { + if (error instanceof MonoCloudAuthBaseError) { + throw error; + } + + throw new MonoCloudJsError(`Failed to acquire lock : ${error.message}`); + } + } else { + const acquired = await tabLock.acquireLock(key, 5000); + if (!acquired) { + throw new MonoCloudJsError('Failed to acquire lock.'); + } + + const onPageHide = async (): Promise => { + await tabLock.releaseLock(key); + window.removeEventListener('pagehide', onPageHide); + }; + + try { + window.addEventListener('pagehide', onPageHide); + return await cb(); + } finally { + await tabLock.releaseLock(key); + } + } +} diff --git a/packages/js-core/src/monocloud-js-core-client.ts b/packages/js-core/src/monocloud-js-core-client.ts new file mode 100644 index 00000000..8c902d34 --- /dev/null +++ b/packages/js-core/src/monocloud-js-core-client.ts @@ -0,0 +1,1272 @@ +import { + generateNonce, + generatePKCE, + generateState, + mergeArrays, + parseCallbackParams, +} from '@monocloud/auth-core/utils'; +import type { + AuthorizationParams, + IdTokenClaims, + MonoCloudSession, + ResponseTypes, + UserinfoResponse, +} from '@monocloud/auth-core'; +import { + ensureLeadingSlash, + findToken, + isPresent, + now, + parseSpaceSeparated, + parseSpaceSeparatedSet, + removeTrailingSlash, + setsEqual, +} from '@monocloud/auth-core/internal'; +import type { + CallbackState, + IStorage, + MonoCloudJSCoreClientOptions, + PostCallback, + PostMessageResult, + RefreshOptions, + SignInOptions, + SignOutOptions, + OnSessionCreating, + GetTokensOptions, + MonoCloudTokens, + InteractionMode, +} from './types'; +import { AUTH_CONSTANTS } from './constants'; +import { Ref } from './ref'; +import { localStorage } from './storage'; +import { + MonoCloudOidcClient, + MonoCloudOPError, + MonoCloudValidationError, +} from '@monocloud/auth-core'; +import { MonoCloudJsError } from './monocloud-js-error'; +import { withLock } from './lock'; + +/** + * `MonoCloudJSCoreClient` is the core SDK entry point for integrating MonoCloud authentication into browser-based applications (SPAs) or vanilla JavaScript environments. + * + * It provides: + * - Redirection and popup-based sign-in and sign-out + * - Session and token management + * - Automatic PKCE and state validation + * - Silent and explicit token refreshing + * + * ## Initialization + * + * ```typescript:src/auth.ts + * import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; + * + * export const client = new MonoCloudJSCoreClient({ + * tenantDomain: 'your-tenant.monocloud.com', + * clientId: 'your-client-id', + * appUrl: 'http://localhost:3000', + * callbackPath: '/callback', + * signOutCallbackPath: '/logout' + * }); + * ``` + * + * @category Classes + */ +export class MonoCloudJSCoreClient { + private storage: IStorage; + + /** + * This is intended for advanced scenarios requiring direct control over the authorization or token flow. + * + * @returns Returns the underlying **OIDC client** used for OpenID Connect operations. + */ + oidcClient: MonoCloudOidcClient; + + private options: MonoCloudJSCoreClientOptions; + + /** + * Default post-callback behavior: + * - If `returnUrl` is not set: remove query params from the current URL (no navigation). + * - If `returnUrl` is set: navigate to `returnUrl` (full page reload). + * + * If you use a client-side router, provide a custom `postCallbackFn` to avoid full reload. + */ + private postCallbackFn: PostCallback = state => { + if (!state.returnUrl) { + const url = new URL(window.location.href); + url.search = ''; + history.replaceState({}, document.title, url.href); + } else { + // eslint-disable-next-line no-console + console.warn( + 'Warning: The default behavior for return url is to perform a full page reload, which will reset all data if you are using memoryStorage. To integrate with a client-side router, pass a custom postCallback() function during client initialization.' + ); + window.location.href = state.returnUrl; + } + + return; + }; + + /** + * Optional hook invoked while constructing a new session (e.g., after authenticate/refresh). + * This is useful for mapping app-specific state into your session or running side effects. + */ + private onSessionCreating?: OnSessionCreating; + + private get filteredIdTokenClaims(): string[] { + return ( + this.options.filteredIdTokenClaims ?? [ + ...AUTH_CONSTANTS.FILTERED_ID_TOKEN_CLAIMS, + ] + ); + } + + private get authWindowTimeout(): number { + return ( + this.options.authWindowTimeout ?? AUTH_CONSTANTS.DEFAULT_TIMEOUT_SECONDS + ); + } + + private get clockSkew(): number { + return this.options.clockSkew ?? AUTH_CONSTANTS.DEFAULT_CLOCK_SKEW_SECONDS; + } + + private get clockTolerance(): number { + return ( + this.options.clockTolerance ?? + AUTH_CONSTANTS.DEFAULT_CLOCK_TOLERANCE_SECONDS + ); + } + + private get fetchUserinfo(): boolean { + return this.options.fetchUserinfo ?? AUTH_CONSTANTS.DEFAULT_FETCH_USERINFO; + } + + private get validateIdToken(): boolean { + return ( + this.options.validateIdToken ?? AUTH_CONSTANTS.DEFAULT_VALIDATE_ID_TOKEN + ); + } + + private get responseType(): ResponseTypes { + return this.options.responseType ?? AUTH_CONSTANTS.DEFAULT_RESPONSE_TYPE; + } + + private get federatedSignOut(): boolean { + return ( + this.options.federatedSignOut ?? AUTH_CONSTANTS.DEFAULT_FEDERATED_SIGNOUT + ); + } + + private get redirectUri(): string { + return `${this.options.appUrl}${this.options.callbackPath ? ensureLeadingSlash(this.options.callbackPath) : '/'}`; + } + + private get signOutRedirectUri(): string { + return `${this.options.appUrl}${ensureLeadingSlash( + this.options.signOutCallbackPath ?? '/' + )}`; + } + + private get callbackStateKey(): string { + return `${AUTH_CONSTANTS.CALLBACK_KEY}.${this.options.clientId}`; + } + + private get lockKey(): string { + return `${AUTH_CONSTANTS.LOCK_KEY}.${this.options.clientId}`; + } + + /** + * Persist the callback state in `sessionStorage` for redirect-based flows. + * This state is consumed by `processCallback()` and then cleared. + */ + private set redirectCallbackState(state: CallbackState | undefined) { + if (!state) { + window.sessionStorage.removeItem(this.callbackStateKey); + return; + } + + window.sessionStorage.setItem(this.callbackStateKey, JSON.stringify(state)); + } + + private get redirectCallbackState(): CallbackState | undefined { + try { + const stored = window.sessionStorage.getItem(this.callbackStateKey); + + if (!stored) { + return undefined; + } + + return JSON.parse(stored); + } catch (error) { + window.sessionStorage.removeItem(this.callbackStateKey); + + // eslint-disable-next-line no-console + console.error('Unexpected error reading callback state:'); + + throw error; + } + } + + private get popupWindowWidth(): number { + return this.options.popupWindowWidth ?? AUTH_CONSTANTS.POPUP_WINDOW_WIDTH; + } + + private get popupWindowHeight(): number { + return this.options.popupWindowHeight ?? AUTH_CONSTANTS.POPUP_WINDOW_HEIGHT; + } + + /** + * Storage key used for persisting the current session. + * Includes `clientId` and optional `sessionKey` suffix to avoid collisions. + */ + private get sessionKey(): string { + return `${AUTH_CONSTANTS.SESSION_KEY}.${this.options.clientId}${this.options.sessionKey ? `.${this.options.sessionKey}` : ''}`; + } + + private get appOrigin(): string { + return new URL(this.options.appUrl).origin; + } + + private get isTopLevel(): boolean { + return window.top === window; + } + + private get isSameParent(): boolean { + return window.parent === window; + } + + private get hasOpener(): boolean { + return window.opener !== null; + } + + private get isIframe(): boolean { + return !this.isTopLevel && !this.isSameParent && !this.hasOpener; + } + + private get isPopup(): boolean { + return this.isTopLevel && this.isSameParent && this.hasOpener; + } + + private get mainWindow(): boolean { + return !this.isIframe && !this.isPopup; + } + + /** + * Initializes a new instance of the MonoCloudJSCoreClient. + * + * @example Default Integration + * ```typescript:src/auth.ts tab="Default Integration" tab-group="constructor" + * import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; + * + * const client = new MonoCloudJSCoreClient({ + * tenantDomain: 'your-tenant.monocloud.com', + * clientId: 'your-client-id', + * appUrl: 'http://localhost:3000', + * }); + * ``` + * + * @example Custom Storage & Router + * ```typescript:src/auth.ts tab="Custom Storage & Router" tab-group="constructor" + * import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; + * import { InMemoryStorage } from './storage'; + * import { router } from './router'; + * + * const client = new MonoCloudJSCoreClient( + * options, + * new InMemoryStorage(), + * (state) => { + * // Use router to navigate instead of full page reload + * router.push(state.returnUrl || '/dashboard'); + * } + * ); + * ``` + * + * @param options Configuration options for the client. + * @param storage Custom storage implementation for session persistence. Defaults to `localStorage`. + * @param postCallbackFn A callback function executed after a successful sign-in or sign-out. Useful for client-side routing integration. + * @param onSessionCreating A hook to modify or validate the session during creation. + */ + constructor( + options: MonoCloudJSCoreClientOptions, + storage: IStorage = localStorage(), + postCallbackFn?: PostCallback, + onSessionCreating?: OnSessionCreating + ) { + // eslint-disable-next-line no-param-reassign + options.appUrl = removeTrailingSlash(options.appUrl); + + this.options = options; + this.storage = storage; + if (postCallbackFn) { + this.postCallbackFn = postCallbackFn; + } + + this.onSessionCreating = onSessionCreating; + + this.oidcClient = new MonoCloudOidcClient( + this.options.tenantDomain, + this.options.clientId, + { + clientAuthMethod: this.options.clientAuthMethod, + clientSecret: this.options.clientSecret, + idTokenSigningAlgorithm: this.options.idTokenSigningAlgorithm, + jwksCacheDuration: this.options.jwksCacheDuration, + metadataCacheDuration: this.options.metadataCacheDuration, + } + ); + } + + /** + * Processes the authentication callback. + * + * This method must be called on application startup (usually in the entry point or router) + * to handle the response from the identity provider after a redirect flow. + * + * - **Main Window:** Validates the state and code, exchanges them for tokens, and establishes the session. + * - **Popup/Iframe:** Posts the callback URL back to the parent/opener window to complete the flow. + * + * @example Application Entry + * ```typescript:src/main.ts + * import { client } from './auth'; + * + * async function init() { + * // Process any pending redirect callbacks before rendering + * await client.processCallback(); + * + * // Continue mounting the app + * renderApp(); + * } + * + * init(); + * ``` + * + * @returns A promise that resolves when the callback processing is complete. + */ + async processCallback(): Promise { + const currentUrl = new URL(window.location.href); + + const isSignInPath = + `${currentUrl.origin}${currentUrl.pathname}` === this.redirectUri; + const isSignOutPath = + `${currentUrl.origin}${currentUrl.pathname}` === this.signOutRedirectUri; + + if (this.mainWindow) { + const callbackState = this.redirectCallbackState; + this.redirectCallbackState = undefined; + + if (callbackState) { + if (isSignInPath && !callbackState.signOut) { + await this.processSignInCallback(window.location.href, callbackState); + } else if (isSignOutPath && callbackState.signOut) { + await this.processSignOutCallback( + window.location.href, + callbackState + ); + } + } + } + + if (!this.mainWindow && (isSignInPath || isSignOutPath)) { + const parentWindow = (window.opener ?? window.parent) as Window; + + parentWindow.postMessage( + { + source: 'monocloud-auth-js-core', + url: window.location.href, + }, + this.appOrigin + ); + } + } + + /** + * Initiates the sign-in flow. + * + * @example Redirect Flow + * ```typescript:src/app.ts tab="Redirect Flow" tab-group="signIn" + * document.getElementById('login-btn').addEventListener('click', async () => { + * // Standard top-level redirect to the authorization server + * await client.signIn(); + * }); + * ``` + * + * @example Popup Flow + * ```typescript:src/app.ts tab="Popup Flow" tab-group="signIn" + * document.getElementById('login-popup-btn').addEventListener('click', async () => { + * // Opens a centered popup for authentication + * await client.signIn({ mode: 'popup' }); + * console.log("User finished popup flow!"); + * }); + * ``` + * + * @example Sign Up + * ```typescript:src/app.ts tab="Sign Up" tab-group="signIn" + * document.getElementById('register-btn').addEventListener('click', async () => { + * // Forces the identity provider to show the registration/sign-up screen + * await client.signIn({ signUp: true }); + * }); + * ``` + * + * @param signInOptions Optional configuration for the sign-in request. + * @throws {@link MonoCloudJsError} If called from within a popup or iframe. + */ + async signIn(signInOptions?: SignInOptions): Promise { + if (!this.mainWindow) { + throw new MonoCloudJsError( + 'Initiating an authentication flow in a popup or iframe is not supported' + ); + } + + const mode = signInOptions?.mode ?? 'redirect'; + const ref = this.createRef(mode); + + try { + const { codeChallenge, codeVerifier } = await generatePKCE(); + const state = generateState(); + const nonce = generateNonce(); + + const indicatorResource = this.options.resources + ?.map(x => x.resource) + .filter(x => !!x) + .reduce((acc, x) => `${acc} ${x}`, ''); + const indicatorScopes = this.options.resources + ?.map(x => x.scopes) + .filter(x => !!x) + .reduce((acc, x) => `${acc} ${x}`, ''); + + const mergedScopes = + mergeArrays( + parseSpaceSeparated(signInOptions?.scopes), + parseSpaceSeparated(this.options.defaultAuthParams?.scopes), + parseSpaceSeparated(indicatorScopes) + ) ?? AUTH_CONSTANTS.DEFAULT_SCOPES.split(' '); + + const mergedResources = mergeArrays( + parseSpaceSeparated(signInOptions?.resource), + parseSpaceSeparated(this.options.defaultAuthParams?.resource), + parseSpaceSeparated(indicatorResource) + ); + + const params: AuthorizationParams = { + uiLocales: signInOptions?.uiLocales, + authenticatorHint: signInOptions?.authenticatorHint, + loginHint: signInOptions?.loginHint, + maxAge: signInOptions?.maxAge, + responseType: this.responseType, + scopes: mergedScopes.join(' '), + codeChallenge, + codeChallengeMethod: 'S256', + redirectUri: this.redirectUri, + state, + nonce, + resource: mergedResources?.join(' '), + prompt: signInOptions?.prompt, + display: signInOptions?.display, + acrValues: signInOptions?.acrValues, + }; + + if (signInOptions?.signUp) { + params.prompt = 'create'; + } + + const url = await this.oidcClient.authorizationUrl(params); + + const callbackState: CallbackState = { + state, + codeVerifier, + nonce, + maxAge: signInOptions?.maxAge, + mode, + returnUrl: signInOptions?.returnUrl, + appState: signInOptions?.appState, + scopes: params.scopes, + resource: this.options.defaultAuthParams?.resource, + }; + + if (mode === 'redirect') { + this.redirectCallbackState = callbackState; + window.location.assign(url); + return; + } + + /* v8 ignore if -- @preserve */ + if (!ref) { + throw new MonoCloudJsError('Popup or Iframe creation failed'); + } + + const callbackUrl = await this.authWindow(url, ref); + + await this.processSignInCallback(callbackUrl, callbackState); + } finally { + ref?.close(); + } + } + + /** + * Initiates the sign-out flow. + * + * Clears the local session and optionally redirects the user to the identity provider to end the session there (Federated Sign-Out). + * + * @example Standard Sign Out + * ```typescript:src/app.ts tab="Redirect Flow" tab-group="signOut" + * document.getElementById('logout-btn').addEventListener('click', async () => { + * await client.signOut(); + * }); + * ``` + * + * @example Popup Sign Out + * ```typescript:src/app.ts tab="Popup Flow" tab-group="signOut" + * document.getElementById('logout-popup-btn').addEventListener('click', async () => { + * // Opens a popup to perform the federated sign-out, keeping the user on the current page + * await client.signOut({ mode: 'popup' }); + * }); + * ``` + * + * @param signOutOptions Optional configuration for the sign-out request. + * @throws {@link MonoCloudJsError} If called from within a popup or iframe. + */ + async signOut(signOutOptions?: SignOutOptions): Promise { + if (!this.mainWindow) { + throw new MonoCloudJsError( + 'Initiating an authentication flow in a popup or iframe is not supported' + ); + } + + const mode = signOutOptions?.mode ?? 'redirect'; + const ref = this.createRef(mode); + + try { + const session = await this.getSession(); + + this.redirectCallbackState = undefined; + + if (!this.federatedSignOut) { + await this.setSession(); + return; + } + + const state = generateState(); + + let postLogoutRedirectUri: string | undefined; + + if (this.options.signOutCallbackPath) { + postLogoutRedirectUri = new URL( + this.options.signOutCallbackPath, + this.options.appUrl + ).toString(); + } + + if (signOutOptions?.postLogoutRedirectUri) { + ({ postLogoutRedirectUri } = signOutOptions); + } + + const url = await this.oidcClient.endSessionUrl({ + idToken: session?.idToken, + postLogoutRedirectUri, + state, + }); + + const callbackState = { + mode, + state: new URL(url).searchParams.get('state') ?? undefined, + signOut: true, + returnUrl: signOutOptions?.returnUrl, + }; + + if (mode === 'redirect') { + await this.setSession(); + this.redirectCallbackState = callbackState; + window.location.assign(url); + return; + } + + /* v8 ignore if -- @preserve */ + if (!ref?.getRef()) { + throw new MonoCloudJsError('Popup or Iframe creation failed'); + } + + const callbackUrl = await this.authWindow(url, ref); + + await this.processSignOutCallback(callbackUrl, callbackState); + } finally { + ref?.close(); + } + } + + /** + * Refreshes the user's session. + * + * This method can be used to explicitly refresh tokens using various methods: + * - `silent`: Uses a hidden iframe (requires 3rd party cookies). + * - `refresh_token`: Uses the Refresh Token Grant (requires `offline_access` scope). + * - `popup`: Opens a transient popup to refresh the session interactively. + * + * @example Silent Refresh (Iframe) + * ```typescript:src/app.ts tab="Silent (Iframe)" tab-group="refreshSession" + * await client.refreshSession({ mode: 'silent' }); + * ``` + * + * @example Refresh Token Grant + * ```typescript:src/app.ts tab="Refresh Token" tab-group="refreshSession" + * await client.refreshSession({ mode: 'refresh_token' }); + * ``` + * + * @param refreshOptions Optional configuration for the refresh flow. + * @throws {@link MonoCloudValidationError} If the session is invalid or missing required tokens. + * @throws {@link MonoCloudJsError} If called from within a popup or iframe. + */ + // eslint-disable-next-line consistent-return + async refreshSession(refreshOptions?: RefreshOptions): Promise { + if (!this.mainWindow) { + throw new MonoCloudJsError( + 'Initiating an authentication flow in a popup or iframe is not supported' + ); + } + + const mode = refreshOptions?.mode ?? 'silent'; + + switch (mode) { + case 'refresh_token': { + return await withLock(this.lockKey, async () => { + const session = await this.getSession(); + if (!session) { + throw new MonoCloudValidationError( + 'Ensure the user is authenticated before refreshing the session' + ); + } + + if (!session.refreshToken) { + throw new MonoCloudValidationError( + 'Refresh token not found. Sign in with offline_access scope to get the refresh token.' + ); + } + + const updatedSession = await this.oidcClient.refreshSession(session, { + fetchUserInfo: this.fetchUserinfo, + idTokenClockSkew: this.clockSkew, + idTokenClockTolerance: this.clockTolerance, + validateIdToken: this.validateIdToken, + refreshGrantOptions: refreshOptions?.refreshGrantOptions, + filteredIdTokenClaims: this.filteredIdTokenClaims, + onSessionCreating: this.onSessionCreating, + }); + + return await this.setSession(updatedSession); + }); + } + + case 'popup': + case 'silent': { + const ref = this.createRef(mode); + try { + const { codeChallenge, codeVerifier } = await generatePKCE(); + const state = generateState(); + const nonce = generateNonce(); + + const indicatorResource = this.options.resources + ?.map(x => x.resource) + .filter(x => !!x) + .reduce((acc, x) => `${acc} ${x}`, ''); + const indicatorScopes = this.options.resources + ?.map(x => x.scopes) + .filter(x => !!x) + .reduce((acc, x) => `${acc} ${x}`, ''); + + const mergedScopes = + mergeArrays( + parseSpaceSeparated(this.options.defaultAuthParams?.scopes), + parseSpaceSeparated(indicatorScopes) + ) ?? AUTH_CONSTANTS.DEFAULT_SCOPES.split(' '); + + const mergedResources = mergeArrays( + parseSpaceSeparated(this.options.defaultAuthParams?.resource), + parseSpaceSeparated(indicatorResource) + ); + + const url = await this.oidcClient.authorizationUrl({ + prompt: 'none', + responseType: this.responseType, + scopes: mergedScopes.join(' '), + codeChallenge, + codeChallengeMethod: 'S256', + redirectUri: this.redirectUri, + resource: mergedResources?.join(' '), + state, + nonce, + }); + + /* v8 ignore if -- @preserve */ + if (!ref) { + throw new MonoCloudJsError('Popup or Iframe creation failed'); + } + + const callbackUrl = await this.authWindow(url, ref); + + const callbackState: CallbackState = { + state, + codeVerifier, + nonce, + mode, + appState: refreshOptions?.appState, + scopes: mergedScopes.join(' '), + resource: this.options.defaultAuthParams?.resource, + }; + + return await this.processSignInCallback(callbackUrl, callbackState); + } finally { + ref?.close(); + } + } + } + } + + /** + * Refetches the user information from the userinfo endpoint and updates the local session. + * + * @example Usage + * ```typescript:src/app.ts + * await client.refetchUserInfo(); + * const session = await client.getSession(); + * console.log('Updated user data:', session.user); + * ``` + * + * @throws {@link MonoCloudValidationError} If the session is invalid or the default token is missing. + */ + async refetchUserInfo(): Promise { + let session = await this.getSession(); + + if (!session) { + throw new MonoCloudValidationError( + 'Ensure the user is authenticated before refetching userinfo' + ); + } + + const defaultToken = findToken( + session.accessTokens, + this.options.defaultAuthParams?.resource, + session.authorizedScopes + ); + + if (!defaultToken) { + throw new MonoCloudValidationError('Default token not found'); + } + + session = await this.oidcClient.refetchUserInfo(defaultToken, session, { + onSessionCreating: this.onSessionCreating, + }); + + await this.setSession(session); + } + + /** + * Retrieves the active tokens for the session. + * + * If the tokens are expired or about to expire, this method will attempt to refresh them automatically before returning. + * + * @example Get Default Tokens + * ```typescript:src/app.ts tab="Default Tokens" tab-group="getTokens" + * const tokens = await client.getTokens(); + * console.log(tokens.accessToken); + * ``` + * + * @example Force Refresh + * ```typescript:src/app.ts tab="Force Refresh" tab-group="getTokens" + * const tokens = await client.getTokens({ forceRefresh: true }); + * ``` + * + * @example Specific Resource + * ```typescript:src/app.ts tab="Specific Resource" tab-group="getTokens" + * const tokens = await client.getTokens({ + * resource: '[https://api.example.com](https://api.example.com)', + * scopes: 'read:data' + * }); + * ``` + * + * @param options Options to control token retrieval (e.g., force refresh). + * @returns The active tokens. + * @throws {@link MonoCloudValidationError} If the session does not exist. + */ + async getTokens(options?: GetTokensOptions): Promise { + return await withLock(this.lockKey, async () => { + const session = await this.getSession(); + + if (!session) { + throw new MonoCloudValidationError('Session does not exist'); + } + + let scopes = options?.scopes; + + const resource = + options?.resource ?? this.options.defaultAuthParams?.resource; + + if (isPresent(options?.resource)) { + if (!isPresent(scopes)) { + // Check if there is a resource with undefined scope + const noScopeResource = this.options.resources?.find( + x => + setsEqual( + parseSpaceSeparatedSet(x.resource), + parseSpaceSeparatedSet(resource) + ) && !x.scopes + ); + + // Search for the same resource with scopes defined + if (!noScopeResource) { + scopes = this.options.resources?.find(x => + setsEqual( + parseSpaceSeparatedSet(x.resource), + parseSpaceSeparatedSet(resource) + ) + )?.scopes; + } + } + } + + const findTokenScopes = + !isPresent(options?.resource) && !isPresent(scopes) + ? session.authorizedScopes + : scopes; + + let token = findToken(session.accessTokens, resource, findTokenScopes); + + const tokenExpired = !!token && token.accessTokenExpiration - 30 < now(); + + let { idToken } = session; + let { refreshToken } = session; + + if (options?.forceRefresh || !token || tokenExpired) { + const updatedSession = await this.oidcClient.refreshSession(session, { + fetchUserInfo: options?.refetchUserInfo, + validateIdToken: true, + idTokenClockSkew: this.options.clockSkew, + idTokenClockTolerance: this.clockTolerance, + refreshGrantOptions: { + resource, + scopes, + }, + filteredIdTokenClaims: this.options.filteredIdTokenClaims, + onSessionCreating: this.onSessionCreating, + }); + + await this.setSession(updatedSession); + + token = findToken( + updatedSession?.accessTokens, + resource, + findTokenScopes + ); + + idToken = updatedSession.idToken; + refreshToken = updatedSession.refreshToken; + } + + /* v8 ignore next -- @preserve */ + if (!token) { + throw new MonoCloudValidationError('Access token not found'); + } + + return { + ...token, + idToken, + refreshToken, + isExpired: token.accessTokenExpiration - 30 < now(), + }; + }); + } + + /** + * Retrieves the current session object from local storage. + * + * @example Usage + * ```typescript:src/app.ts + * const session = await client.getSession(); + * if (session) { + * console.log('User is logged in:', session.user); + * } + * ``` + * + * @returns The active session or `undefined` if not authenticated. + */ + async getSession(): Promise { + try { + return JSON.parse((await this.storage.getItem(this.sessionKey)) ?? ''); + } catch { + await this.storage.removeItem(this.sessionKey); + return undefined; + } + } + + /** + * Persist or clear the session in storage. + * + * @param session When provided, the session is serialized to storage. When omitted, the session is removed. + */ + private async setSession(session?: MonoCloudSession): Promise { + if (!session) { + await this.storage.removeItem(this.sessionKey); + return; + } + + await this.storage.setItem(this.sessionKey, JSON.stringify(session)); + } + + /** + * Complete a sign-in flow using a callback URL and the saved callback state. + * + * Validates: + * - Callback URL matches configured `redirectUri` + * - Callback state is present and matches the response (`state`) + * - Authorization response parameters (success or error) + * - ID token (optional, depending on configuration and flow) + * + * On success, creates/updates the session and invokes the configured post-callback handler. + * + * @param callbackUrl Full callback URL received from the OP. + * @param callbackState State captured when initiating the flow. + * + * @throws {@link MonoCloudValidationError} If validation fails. + * @throws {@link MonoCloudOPError} If the OP returned an error response. + */ + private async processSignInCallback( + callbackUrl: string, + callbackState: CallbackState + ): Promise { + const url = new URL(callbackUrl); + + if (this.redirectUri !== `${url.origin}${url.pathname}`) { + throw new MonoCloudValidationError('Incorrect callback url'); + } + + if (callbackState.signOut) { + throw new MonoCloudValidationError('Incorrect callback state'); + } + + if (!isPresent(callbackState.scopes)) { + throw new MonoCloudValidationError('Scopes missing from callback state'); + } + + const callbackParams = parseCallbackParams( + this.responseType === 'code' ? url.search : url.hash + ); + + if ( + !callbackParams.accessToken && + !callbackParams.code && + !callbackParams.idToken && + !callbackParams.error + ) { + throw new MonoCloudValidationError('No parameters found in callback'); + } + + if (callbackState.state && callbackParams.state !== callbackState.state) { + throw new MonoCloudValidationError('Sign in callback states mismatch'); + } + + if (callbackParams.error) { + throw new MonoCloudOPError( + callbackParams.error, + callbackParams.errorDescription + ); + } + + // Implicit/Hybrid + if ( + !callbackParams.code && + (callbackParams.idToken || callbackParams.accessToken) + ) { + let idTokenClaims = {} as IdTokenClaims; + if (callbackParams.idToken) { + if (this.validateIdToken) { + const jwks = await this.oidcClient.getJwks(); + idTokenClaims = await this.oidcClient.validateIdToken( + callbackParams.idToken, + jwks.keys, + this.clockSkew, + this.clockTolerance, + callbackState.maxAge, + callbackState.nonce + ); + } else { + idTokenClaims = MonoCloudOidcClient.decodeJwt(callbackParams.idToken); + } + } + + let userinfo = {} as unknown as UserinfoResponse; + + if ( + callbackParams.accessToken && + this.fetchUserinfo && + callbackParams.scope?.includes('openid') + ) { + userinfo = await this.oidcClient.userinfo(callbackParams.accessToken); + } + + const session: MonoCloudSession = { + user: { + ...idTokenClaims, + ...userinfo, + }, + idToken: callbackParams.idToken, + accessTokenExpiration: callbackParams.expiresIn + ? now() + callbackParams.expiresIn + : undefined, + }; + + if (callbackParams.accessToken) { + session.accessTokens = [ + { + accessToken: callbackParams.accessToken, + scopes: callbackParams.scope ?? '', + accessTokenExpiration: 1, + }, + ]; + } + + await this.setSession(session); + + await this.postCallbackFn({ + type: 'signIn', + returnUrl: callbackState.returnUrl, + mode: callbackState.mode, + }); + return; + } + + // Authorization Code + if (callbackParams.code) { + const session = await this.oidcClient.authenticate( + callbackParams.code, + this.redirectUri, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + callbackState.scopes!, + this.options.defaultAuthParams?.resource, + { + fetchUserInfo: this.fetchUserinfo, + validateIdToken: this.validateIdToken, + idTokenNonce: callbackState.nonce, + codeVerifier: callbackState.codeVerifier, + idTokenMaxAge: callbackState.maxAge, + idTokenClockSkew: this.clockSkew, + idTokenClockTolerance: this.clockTolerance, + filteredIdTokenClaims: this.filteredIdTokenClaims, + onSessionCreating: async (s, i, u) => { + await this.onSessionCreating?.(s, i, u, callbackState.appState); + }, + } + ); + + await this.setSession(session); + + await this.postCallbackFn({ + type: 'signIn', + returnUrl: callbackState.returnUrl, + mode: callbackState.mode, + }); + + return; + } + + /* v8 ignore next -- @preserve */ + throw new MonoCloudValidationError('Invalid sign in callback'); + } + + /** + * Complete a sign-out callback. + * + * Clears the local session and validates that the callback `state` matches the + * stored callback state for the initiated sign-out flow. + * + * @param callbackUrl Full callback URL received from the OP. + * @param callbackState State captured when initiating the sign-out flow. + * + * @throws {@link MonoCloudValidationError} If callback validation fails. + */ + private async processSignOutCallback( + callbackUrl: string, + callbackState: CallbackState + ): Promise { + await this.setSession(); + const url = new URL(callbackUrl); + + if ((this.options.signOutCallbackPath ?? '/') !== url.pathname) { + throw new MonoCloudValidationError('Incorrect callback url'); + } + + if (!callbackState.signOut) { + throw new MonoCloudValidationError('Incorrect callback state'); + } + + const callbackParams = parseCallbackParams(url.search); + + if (callbackParams.state !== callbackState.state) { + throw new MonoCloudValidationError('Sign out states mismatch'); + } + + await this.postCallbackFn({ + type: 'signOut', + returnUrl: callbackState.returnUrl, + mode: callbackState.mode as InteractionMode, + }); + } + + /** + * Run an auth request inside a popup window or hidden iframe and wait for the callback URL. + * + * This method: + * - navigates the popup/iframe to the provided authorization URL + * - waits for a `postMessage` from the popup/iframe containing the callback URL + * - rejects on timeout or if the user closes the popup + * + * It does not parse or validate the callback parameters; the caller does that. + * + * @param url Authorization/end-session URL to load in the auth window. + * @param ref Wrapper around the popup/iframe reference. + * @returns The callback URL received via `postMessage`. + * + * @throws {@link MonoCloudJsError} On timeout or if the user closes the popup. + */ + private async authWindow(url: string, ref: Ref): Promise { + ref.setUrl(url); + return await new Promise((resolve, reject) => { + const controller = new AbortController(); + + // eslint-disable-next-line prefer-const + let timeoutTimer: number | undefined; + // eslint-disable-next-line prefer-const + let intervalTimer: number | undefined; + + const abort = (): void => { + controller.abort(); + clearInterval(intervalTimer); + clearTimeout(timeoutTimer); + ref.close(); + }; + + const listener = (e: MessageEvent): void => { + if (e.origin !== this.appOrigin) { + return; + } + + if (typeof e.data !== 'object' || !isPresent(e.data.url)) { + return; + } + + if (e.source !== ref.getWindow()) { + return; + } + + if (e.data.source !== 'monocloud-auth-js-core') { + return; + } + + if (e.data.url) { + abort(); + resolve(e.data.url); + } + }; + + timeoutTimer = setTimeout(() => { + abort(); + reject(new MonoCloudJsError('Window timed out')); + }, this.authWindowTimeout * 1000) as unknown as number; + + intervalTimer = setInterval(() => { + /* v8 ignore else -- @preserve */ + if (ref.getRef()?.closed) { + abort(); + reject(new MonoCloudJsError('Window closed by user')); + } + }, 100) as unknown as number; + + window.addEventListener('message', listener, { + signal: controller.signal, + }); + }); + } + + /** + * Create a window reference appropriate for the interaction mode. + * + * - `popup` -> opens a popup window + * - `silent` -> creates a hidden iframe + * - other modes do not require a window reference + */ + private createRef( + mode: 'popup' | 'silent' | 'redirect' | 'refresh_token' + ): Ref | undefined { + switch (mode) { + case 'popup': + return this.createPopup(); + + case 'silent': + return this.createIframe(); + + default: + return undefined; + } + } + + /** + * Open a centered popup window for interactive authentication. + * + * @returns A `Ref` bound to the popup window. + * @throws {@link MonoCloudJsError} If the browser blocks the popup. + */ + private createPopup(): Ref { + const { screenLeft, screenTop } = window; + + const screenWidth = window.innerWidth; + const screenHeight = window.innerHeight; + + const windowWidth = this.popupWindowWidth; + const windowHeight = this.popupWindowHeight; + + const defaultLeft = screenLeft + (screenWidth - windowWidth) / 2; + const defaultTop = screenTop + (screenHeight - windowHeight) / 2; + + const maxLeft = screenLeft + (screenWidth - windowWidth); + const maxTop = screenTop + (screenHeight - windowHeight); + + const width = Math.min(windowWidth, screenWidth); + const height = Math.min(windowHeight, screenHeight); + const left = Math.max(0, Math.min(defaultLeft, maxLeft)); + const top = Math.max(0, Math.min(defaultTop, maxTop)); + + const popupWindow = + window.open( + 'about:blank', + 'mc.popup', + `width=${width},height=${height},top=${top},left=${left}` + ) ?? undefined; + + const ref = new Ref('popup', popupWindow); + if (!ref.getRef()) { + throw new MonoCloudJsError('Could not open popup'); + } + + return ref; + } + + /** + * Create a hidden iframe for silent authentication (`prompt=none`). + * + * @returns A `Ref` bound to the iframe element. + * @throws {@link MonoCloudJsError} If the environment is cross-origin isolated. + */ + private createIframe(): Ref { + if (window.crossOriginIsolated) { + throw new MonoCloudJsError('Isolated Cross-Origin. Cannot create iframe'); + } + + const iframe = window.document.createElement('iframe'); + + iframe.setAttribute('width', '0'); + iframe.setAttribute('height', '0'); + iframe.style.display = 'none'; + + const ref = new Ref('silent', iframe); + window.document.body.appendChild(ref.getRef()); + return ref; + } +} diff --git a/packages/js-core/src/monocloud-js-error.ts b/packages/js-core/src/monocloud-js-error.ts new file mode 100644 index 00000000..81732640 --- /dev/null +++ b/packages/js-core/src/monocloud-js-error.ts @@ -0,0 +1,3 @@ +import { MonoCloudAuthBaseError } from '@monocloud/auth-core'; + +export class MonoCloudJsError extends MonoCloudAuthBaseError {} diff --git a/packages/js-core/src/ref.ts b/packages/js-core/src/ref.ts new file mode 100644 index 00000000..1fef2e34 --- /dev/null +++ b/packages/js-core/src/ref.ts @@ -0,0 +1,57 @@ +export class Ref { + constructor( + private readonly mode: 'silent' | 'popup', + private readonly ref: Window | HTMLIFrameElement | undefined + ) {} + + getRef(): T { + return this.ref as T; + } + + setUrl(url: string): void { + switch (this.mode) { + case 'popup': { + this.getRef().location.href = url; + break; + } + + case 'silent': { + this.getRef().setAttribute('src', url); + break; + } + } + } + + // eslint-disable-next-line consistent-return + getWindow(): Window { + switch (this.mode) { + case 'silent': + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + return this.getRef().contentWindow!; + + case 'popup': + return this.getRef(); + } + } + + close(): void { + switch (this.mode) { + case 'silent': { + const iframe = this.getRef(); + if (iframe.isConnected) { + iframe.remove(); + } + break; + } + + case 'popup': { + const popupRef = this.getRef(); + + if (!popupRef.closed) { + popupRef.close(); + } + break; + } + } + } +} diff --git a/packages/js-core/src/storage.ts b/packages/js-core/src/storage.ts new file mode 100644 index 00000000..45db4c97 --- /dev/null +++ b/packages/js-core/src/storage.ts @@ -0,0 +1,80 @@ +import { IStorage } from './types'; + +class MemoryStorage implements IStorage { + private store: Record = {}; + + getItem(key: string): Promise { + return Promise.resolve(this.store[key] ?? null); + } + + removeItem(key: string): Promise { + // eslint-disable-next-line @typescript-eslint/no-dynamic-delete + delete this.store[key]; + return Promise.resolve(); + } + + setItem(key: string, value: string): Promise { + this.store[key] = value; + return Promise.resolve(); + } +} + +class LocalStorage implements IStorage { + getItem(key: string): Promise { + return Promise.resolve(window.localStorage.getItem(key)); + } + + removeItem(key: string): Promise { + window.localStorage.removeItem(key); + return Promise.resolve(); + } + + setItem(key: string, value: string): Promise { + window.localStorage.setItem(key, value); + return Promise.resolve(); + } +} + +class SessionStorage implements IStorage { + getItem(key: string): Promise { + return Promise.resolve(window.sessionStorage.getItem(key)); + } + + removeItem(key: string): Promise { + window.sessionStorage.removeItem(key); + return Promise.resolve(); + } + + setItem(key: string, value: string): Promise { + window.sessionStorage.setItem(key, value); + return Promise.resolve(); + } +} + +/** + * In memory storage for `MonoCloudJsClient` + * + * @example + * + * const monoCloudClient = new MonoCloudJsClient(options, memoryStorage()); + */ +export const memoryStorage = (): IStorage => new MemoryStorage(); + +/** + * LocalStorage for `MonoCloudJsClient`. This is the default storage. + * Same as `window.localStorage`. + * + * @example + * + * const monoCloudClient = new MonoCloudJsClient(options, localStorage()); + */ +export const localStorage = (): IStorage => new LocalStorage(); + +/** + * SessionStorage for `MonoCloudJsClient`. Same as `window.sessionStorage`. + * + * @example + * + * const monoCloudClient = new MonoCloudJsClient(options, sessionStorage()); + */ +export const sessionStorage = (): IStorage => new SessionStorage(); diff --git a/packages/js-core/src/types.ts b/packages/js-core/src/types.ts new file mode 100644 index 00000000..f1db5ed3 --- /dev/null +++ b/packages/js-core/src/types.ts @@ -0,0 +1,483 @@ +import type { + Authenticators, + AuthState, + DisplayOptions, + Jwk, + SecurityAlgorithms, + MonoCloudSession, + Prompt, + RefreshGrantOptions, + ResponseTypes, + ClientAuthMethod, + AuthorizationParams, + IdTokenClaims, + UserinfoResponse, + AccessToken, +} from '@monocloud/auth-core'; + +/** + * Storage interface for storing session data. + * + * @category Types + */ +export interface IStorage { + /** + * Retrieves the value associated with the given key. + * + * @param key - The unique identifier for the stored item + * @returns The stored value as a string, or `null` if the key does not exist + */ + getItem(key: string): Promise; + + /** + * Removes the item associated with the specified key from storage. + * + * @param key - The unique identifier of the item to be removed + */ + removeItem(key: string): Promise; + + /** + * Stores a key-value pair in the storage. + * + * @param key - The unique identifier for the item + * @param value - The string value to be stored + */ + setItem(key: string, value: string): Promise; +} + +/** + * Represents an indicator for additional resources that can be requested. + * + * @category Types + */ +export interface Indicator { + /** + * Space separated list of resources to scope the access token to + */ + resource: string; + /** + * Optional: Space separated list of scopes to request + */ + scopes?: string; +} + +/** + * Configuration options for initializing a MonoCloudJSCoreClient. + * + * @category Types + */ +export interface MonoCloudJSCoreClientOptions { + /** + * Tenant domain. + * + * @example "https://your-domain.as.monocloud.com" + */ + tenantDomain: string; + + /** + * ID of the client. + */ + clientId: string; + + /** + * The base URL of the application implementing authentication. + * + * @example "https://example.com" + */ + appUrl: string; + + /** + * The relative path where MonoCloud redirects the user after sign in. + * This url should be registered in the client's callback urls settings. If callback path is not set + * the callback url is set to `appUrl` with path `/`. + * + * @example "/callback" + */ + callbackPath?: string; + + /** + * Whether the ID token should be validated. + * + * @defaultValue true + */ + validateIdToken?: boolean; + + /** + * Determines whether to fetch from userinfo after authentication. + * + * @defaultValue true + */ + fetchUserinfo?: boolean; + + /** + * When set to `true`, signs user out from the app and MonoCloud globally. + * + * @defaultValue true + */ + federatedSignOut?: boolean; + + /** + * Array of strings representing the filtered ID token claims. + */ + filteredIdTokenClaims?: string[]; + + /** + * Timeout duration (in seconds) for popups and iframes. + * + * @defaultValue 600 + */ + authWindowTimeout?: number; + + /** + * The width of the popup window in pixels. + * + * This value is used to size and center the window when `signIn` or `signOut` + * is called with `mode: 'popup'`. + * + * @defaultValue 375 + */ + popupWindowWidth?: number; + + /** + * The height of the popup window in pixels. + * + * This value is used to size and center the window when `signIn` or `signOut` + * is called with `mode: 'popup'`. + * + * @defaultValue 600 + */ + popupWindowHeight?: number; + + /** + * The maximum allowed clock skew (in seconds) for token validation. + * + * @defaultValue 60 + */ + clockSkew?: number; + + /** + * The maximum allowed clock tolerance (in seconds) for date time based claims. + * + * @defaultValue 60 + */ + clockTolerance?: number; + + /** + * Specifies the OpenId response type for the authentication flow. + * + * @defaultValue "code" + */ + responseType?: ResponseTypes; + + /** + * Path where MonoCloud redirects after the user signs out. + * + * @example "/signout" + */ + signOutCallbackPath?: string | null; + + /** + * Client secret or JSON Web Key for client authentication. + */ + clientSecret?: string | Jwk; + + /** + * Method used for client authentication. + */ + clientAuthMethod?: ClientAuthMethod; + + /** + * Algorithm used for verifying ID token signature. + * + * @defaultValue "RS256" + */ + idTokenSigningAlgorithm?: SecurityAlgorithms; + + /** + * A unique identifier that differentiates sessions when multiple clients are used within the same application. + * This key is concatenated with internal session key to prevent conflicts. + */ + sessionKey?: string; + + /** + * Default authorization parameters to include in authentication requests. + * + * @defaultValue { scope: 'openid', response_type: 'code' } + */ + defaultAuthParams?: AuthorizationParams; + + /** + * Additional resources that can be requested via `getTokens()`. + */ + resources?: Indicator[]; + + /** + * The duration in seconds to cache the JWKS document after it is fetched. + * + * @defaultValue 60 + */ + jwksCacheDuration?: number; + + /** + * Time in seconds to cache the metadata document after it is fetched. + * + * @defaultValue 60 + */ + metadataCacheDuration?: number; +} + +/** + * The custom application state used for preserving context during redirection. + * + * @category Types + */ +export type ApplicationState = Record; + +/** + * Defines a callback function to be executed when a new session is being created or updated. + * + * This function receives parameters related to the session being created, + * including the session object itself, optional ID token and user information claims, + * and the application state. + * + * @category Types (Handler) + * + * @param session - The Session object being created. + * @param idToken - Optional. Claims from the ID token received during authentication. + * @param userInfo - Optional. Claims from the user information received during authentication. + * @param state - Optional. The application state associated with the session. + * @returns A Promise that resolves when the operation is completed, or void. + */ +export type OnSessionCreating = ( + session: MonoCloudSession, + idToken?: Partial, + userInfo?: UserinfoResponse, + state?: ApplicationState +) => Promise | void; + +/** + * Defines the interaction modes supported by the client for sign in and sign out. + * + * @category Types + */ +export type InteractionMode = 'popup' | 'redirect'; + +/** + * Parameters for the post callback function after handling a redirect or popup flow. + * + * @category Types + */ +export type PostCallbackParams = + | { + type: 'signIn'; + mode: InteractionMode | 'silent'; + returnUrl?: string; + } + | { type: 'signOut'; mode: InteractionMode; returnUrl?: string }; + +/** + * A function that is executed after a sign in or sign out callback. + * + * Use this function to navigate to another route or execute business logic instead of triggering a full page reload. + * + * @category Types (Handler) + */ +export type PostCallback = (state: PostCallbackParams) => Promise | void; + +/** + * Options for configuring the `signIn()` method. + * + * @category Types + */ +export interface SignInOptions { + /** + * Specifies the preferred authenticator for sign in. + */ + authenticatorHint?: Authenticators; + + /** + * Maximum allowed time (in seconds) since the user's last authentication. + * Used to force re-authentication if the last login exceeds this time. + */ + maxAge?: number; + + /** + * Provides a hint about the user's login identifier. Used to pre-fill or suggest a username. + * + * @example "user@example.com" + */ + loginHint?: string; + + /** + * Specifies preferred locales for the login pages. + * + * @example "en-US" + */ + uiLocales?: string; + + /** + * Redirects to the sign up page if set to `true`. + */ + signUp?: boolean; + + /** + * The desired authentication behaviour. + */ + prompt?: Prompt; + + /** + * An array of authentication context class references (ACRs). + */ + acrValues?: string[]; + + /** + * The desired user interface mode. + */ + display?: DisplayOptions; + + /** + * Determines the interaction mode for the sign in. + * + * @defaultValue "redirect" + */ + mode?: InteractionMode; + + /** + * The relative path to return to after sign in. + */ + returnUrl?: string; + + /** + * Space-separated scopes requested from the authorization server. + */ + scopes?: string; + + /** + * Space-separated resources the access token should be scoped to. + */ + resource?: string; + + /** + * Additional custom application specific state information. + */ + appState?: ApplicationState; +} + +/** + * Options for configuring the `signOut()` method. + * + * @category Types + */ +export interface SignOutOptions { + /** + * Specifies the URI to redirect to after successful sign out. The URI should be saved in the client's + * sign out uri section. + */ + postLogoutRedirectUri?: string; + + /** + * Determines the interaction mode for the sign-out process. + * + * @defaultValue "redirect" + */ + mode?: InteractionMode; + + /** + * The relative path to return to after sign out. + */ + returnUrl?: string; +} + +/** + * Defines the modes of interaction for refreshing session. + * + * @category Types + */ +export type RefreshMode = 'popup' | 'refresh_token' | 'silent'; + +/** + * Options for configuring the `refreshSession()` method. + * + * @category Types + */ +export interface RefreshOptions { + /** + * Determines the interaction mode for the session refresh process. + * + * > **WARNING**: Using `popup` or `silent` will overwrite the current session since it initiates a fresh authorization request. + * + * @defaultValue "silent" + */ + mode?: RefreshMode; + + /** + * Configuration specifically for the Refresh Token Grant flow. + */ + refreshGrantOptions?: RefreshGrantOptions; + + /** + * Additional custom application specific state information. + */ + appState?: ApplicationState; +} + +/** + * Internal interface used for storing the authentication request state. + * + * @category Types + */ +export interface CallbackState extends Partial { + signOut?: boolean; + mode: 'popup' | 'redirect' | 'silent'; + returnUrl?: string; + appState?: ApplicationState; +} + +/** + * Result structure emitted by the popup or iframe after successfully authenticating. + * + * @category Types + */ +export interface PostMessageResult { + source: 'monocloud-auth-js-core'; + url: string; +} + +/** + * Represents options for the `getTokens()` handler. + * + * @category Types + */ +export interface GetTokensOptions extends RefreshGrantOptions { + /** + * Specifies whether to force the refresh of the access token, bypassing expiration checks. + */ + forceRefresh?: boolean; + + /** + * Determines whether to refetch the user information from the OpenID Provider. + */ + refetchUserInfo?: boolean; +} + +/** + * Represents the tokens obtained during authentication that are available in the session. + * + * @category Types + */ +export interface MonoCloudTokens extends AccessToken { + /** + * The ID token obtained during authentication. + */ + idToken?: string; + + /** + * The refresh token obtained during authentication. + */ + refreshToken?: string; + + /** + * Specifies if the access token has expired. + */ + isExpired: boolean; +} diff --git a/packages/js-core/src/utils/index.ts b/packages/js-core/src/utils/index.ts new file mode 100644 index 00000000..940f13bf --- /dev/null +++ b/packages/js-core/src/utils/index.ts @@ -0,0 +1 @@ +export * from '@monocloud/auth-core/utils'; diff --git a/packages/js-core/src/utils/internal.ts b/packages/js-core/src/utils/internal.ts new file mode 100644 index 00000000..4c537cd8 --- /dev/null +++ b/packages/js-core/src/utils/internal.ts @@ -0,0 +1 @@ +export * from '@monocloud/auth-core/internal'; diff --git a/packages/js-core/tests/get-tokens.test.ts b/packages/js-core/tests/get-tokens.test.ts new file mode 100644 index 00000000..d94badf3 --- /dev/null +++ b/packages/js-core/tests/get-tokens.test.ts @@ -0,0 +1,823 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +/* eslint-disable import/no-extraneous-dependencies */ +/* eslint-disable no-param-reassign */ +/* eslint-disable @typescript-eslint/no-non-null-assertion */ + +import { afterEach, beforeEach, describe, expect, it } from 'vitest'; +import { fetchBuilder, generateIdToken } from '@monocloud/auth-test-utils'; +import { now } from '@monocloud/auth-core/internal'; +import { + MonoCloudHttpError, + MonoCloudValidationError, + type MonoCloudSession, + type MonoCloudUser, +} from '@monocloud/auth-core'; +import { setSession, testInstance, VanillaJsMockStorage } from './utils'; +import { freeze, travel } from 'timekeeper'; + +describe('getTokens() Tests', () => { + let mockStorage: VanillaJsMockStorage; + + beforeEach(() => { + mockStorage = new VanillaJsMockStorage(); + + if (!(globalThis as any).LockManager) { + (globalThis as any).LockManager = class LockManager {}; + } + + (globalThis as any).navigator = (globalThis as any).navigator ?? {}; + }); + + afterEach(() => { + window.localStorage.clear(); + window.sessionStorage.clear(); + }); + + it('should return the tokens', async () => { + const session: MonoCloudSession = { + idToken: 'idToken', + refreshToken: 'rt', + authorizedScopes: 'openid offline_access', + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid offline_access', + }, + ], + }; + + setSession(mockStorage, session); + const instance = testInstance({ storage: mockStorage }); + + const tokens = await instance.getTokens(); + + expect(tokens).toEqual({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + scopes: 'openid offline_access', + requestedScopes: 'openid offline_access', + idToken: 'idToken', + refreshToken: 'rt', + isExpired: false, + }); + }); + + it('should find the token with the resource from session', async () => { + const session: MonoCloudSession = { + idToken: 'idToken', + refreshToken: 'rt', + authorizedScopes: 'openid offline_access', + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid offline_access', + resource: 'https://resource.com', + }, + ], + }; + + setSession(mockStorage, session); + const instance = testInstance({ storage: mockStorage }); + + const tokens = await instance.getTokens({ + resource: 'https://resource.com', + scopes: 'openid offline_access', + }); + + expect(tokens).toEqual({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + scopes: 'openid offline_access', + requestedScopes: 'openid offline_access', + resource: 'https://resource.com', + idToken: 'idToken', + refreshToken: 'rt', + isExpired: false, + }); + }); + + it('should find the token with the undefined scopes', async () => { + const session: MonoCloudSession = { + idToken: 'idToken', + refreshToken: 'rt', + authorizedScopes: 'openid offline_access', + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: undefined, + resource: 'https://resource.com', + }, + ], + }; + + setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + resources: [{ resource: 'https://resource.com' }], + }); + + const tokens = await instance.getTokens({ + resource: 'https://resource.com', + }); + + expect(tokens).toEqual({ + accessToken: 'at', + scopes: 'openid offline_access', + resource: 'https://resource.com', + accessTokenExpiration: expect.any(Number), + idToken: 'idToken', + refreshToken: 'rt', + isExpired: false, + }); + }); + + it('should find the token with scopes defined in indicator options', async () => { + const session: MonoCloudSession = { + user: {} as MonoCloudUser, + authorizedScopes: 'openid abc', + accessTokens: [ + { + scopes: 'openid abc', + requestedScopes: 'openid abc', + accessToken: 'at', + resource: 'https://resource.com', + accessTokenExpiration: now() + 100, + }, + ], + idToken: 'idtoken', + refreshToken: 'rt', + }; + + setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + resources: [{ resource: 'https://resource.com', scopes: 'openid abc' }], + }); + + const tokens = await instance.getTokens({ + resource: 'https://resource.com', + }); + + expect(tokens).toEqual({ + accessToken: 'at', + scopes: 'openid abc', + requestedScopes: 'openid abc', + resource: 'https://resource.com', + accessTokenExpiration: expect.any(Number), + idToken: 'idtoken', + refreshToken: 'rt', + isExpired: false, + }); + }); + + it('should refresh the tokens if forceRefresh is specified', async () => { + const frozenTimeMs = 1330688329321; + freeze(frozenTimeMs); + + const originalIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId', nonce: 'original-nonce' }, + }); + + const newIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: newIdToken, + scope: 'something', + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: originalIdToken, + refreshToken: 'rt', + authorizedScopes: 'something', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 100, + scopes: 'something', + requestedScopes: 'something', + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const newFrozenTime = frozenTimeMs + 2000; + travel(newFrozenTime); + + const tokens = await instance.getTokens({ forceRefresh: true }); + + expect(tokens).toEqual({ + accessToken: 'at1', + accessTokenExpiration: expect.any(Number), + idToken: newIdToken, + refreshToken: 'rt1', + scopes: 'something', + requestedScopes: 'something', + isExpired: false, + }); + + const updatedSession = await instance.getSession(); + + expect(updatedSession).toEqual( + expect.objectContaining({ + user: expect.objectContaining({ sub: 'test-user' }), + idToken: newIdToken, + refreshToken: 'rt1', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at1', + scopes: 'something', + }), + ], + }) + ); + + fetchSpy.assert(); + }); + + it('should not save the new access token in the cookie if RefreshGrantOptions.scopes or RefreshGrantOptions.resource was passed in', async () => { + const frozenTimeMs = 1330688329321; + freeze(frozenTimeMs); + + const originalIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId', nonce: 'original-nonce' }, + }); + + const newIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: newIdToken, + scope: 'something', + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: originalIdToken, + refreshToken: 'rt', + authorizedScopes: 'something', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 100, + scopes: 'abc', + requestedScopes: 'something', + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const newFrozenTime = frozenTimeMs + 2000; + travel(newFrozenTime); + + const tokens = await instance.getTokens({ forceRefresh: true }); + + expect(tokens).toEqual({ + accessToken: 'at1', + accessTokenExpiration: expect.any(Number), + idToken: newIdToken, + refreshToken: 'rt1', + scopes: 'something', + requestedScopes: 'something', + isExpired: false, + }); + + const updatedSession = await instance.getSession(); + + expect(updatedSession).toEqual( + expect.objectContaining({ + user: expect.objectContaining({ sub: 'test-user' }), + idToken: newIdToken, + refreshToken: 'rt1', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at1', + scopes: 'something', + }), + ], + }) + ); + + fetchSpy.assert(); + }); + + it('should throw error if force refresh is true and no refresh token is found', async () => { + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: 'idtoken', + refreshToken: undefined, + authorizedScopes: 'abc', + accessTokens: [ + { + scopes: 'abc', + accessToken: 'at', + accessTokenExpiration: now() + 100, + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const tokensPromise = instance.getTokens({ forceRefresh: true }); + + await expect(tokensPromise).rejects.toBeInstanceOf( + MonoCloudValidationError + ); + + await expect(tokensPromise).rejects.toThrow( + 'Session does not contain refresh token' + ); + }); + + it('should refresh the tokens and fetch from userinfo using the new access token if specified', async () => { + const frozenTimeMs = 1330688329321; + freeze(frozenTimeMs); + + const originalIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId', nonce: 'original-nonce' }, + }); + + const newIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: newIdToken, + scope: 'openid abc', + }) + .configureUserinfo({ + accessToken: 'at1', + claims: { + sub: 'test-user', + username: 'oooooooooosername', + test: '123', + test2: '1234', + }, + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: originalIdToken, + refreshToken: 'rt', + authorizedScopes: 'openid abc', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 100, + scopes: 'openid abc', + requestedScopes: 'openid abc', + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const newFrozenTime = frozenTimeMs + 2000; + travel(newFrozenTime); + + const tokens = await instance.getTokens({ + forceRefresh: true, + refetchUserInfo: true, + }); + + expect(tokens).toEqual({ + accessToken: 'at1', + accessTokenExpiration: expect.any(Number), + idToken: newIdToken, + refreshToken: 'rt1', + scopes: 'openid abc', + requestedScopes: 'openid abc', + isExpired: false, + }); + + const updatedSession = await instance.getSession(); + + expect(updatedSession).toMatchObject({ + user: { + sub: 'test-user', + username: 'oooooooooosername', + test: '123', + test2: '1234', + }, + idToken: newIdToken, + refreshToken: 'rt1', + accessTokens: [ + { + accessToken: 'at1', + scopes: 'openid abc', + }, + ], + }); + + fetchSpy.assert(); + }); + + it('should save with the old refresh token if the updated token response does not have one', async () => { + const frozenTimeMs = 1330688329321; + freeze(frozenTimeMs); + + const originalIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId', nonce: 'original-nonce' }, + }); + + const newIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + idToken: newIdToken, + scope: 'something', + refreshToken: undefined, + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: originalIdToken, + refreshToken: 'rt', + authorizedScopes: 'abc', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 100, + scopes: 'abc', + requestedScopes: 'abc', + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const newFrozenTime = frozenTimeMs + 2000; + travel(newFrozenTime); + + const tokens = await instance.getTokens({ forceRefresh: true }); + + expect(tokens).toEqual({ + accessToken: 'at1', + accessTokenExpiration: expect.any(Number), + idToken: newIdToken, + refreshToken: 'rt', + scopes: 'something', + requestedScopes: 'abc', + resource: undefined, + isExpired: false, + }); + + const updatedSession = await instance.getSession(); + + expect(updatedSession).toEqual( + expect.objectContaining({ + user: expect.objectContaining({ sub: 'test-user' }), + idToken: newIdToken, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at1', + scopes: 'something', + }), + ], + }) + ); + + fetchSpy.assert(); + }); + + it('should be able to customize the session using onSessionCreating', async () => { + const frozenTimeMs = 1330688329321; + freeze(frozenTimeMs); + + const originalIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId', nonce: 'original-nonce' }, + }); + + const newIdToken = await generateIdToken({ + claims: { sub: 'test-user', aud: 'clientId' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: newIdToken, + scope: 'openid something', + }) + .createSpy(); + + const initialSession: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: originalIdToken, + refreshToken: 'rt', + authorizedScopes: 'openid abc', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 100, + scopes: 'openid abc', + requestedScopes: 'openid abc', + }, + ], + }; + + await setSession(mockStorage, initialSession); + + const instance = testInstance({ + storage: mockStorage, + onSessionCreating: async (session, idtoken, userinfo, appState) => { + expect(appState).toBeUndefined(); + expect(userinfo).toBeUndefined(); + expect(idtoken).toBeDefined(); + + (session as any).custom = 1; + }, + }); + + const newFrozenTime = frozenTimeMs + 2000; + travel(newFrozenTime); + + const tokens = await instance.getTokens({ forceRefresh: true }); + + expect(tokens).toEqual({ + accessToken: 'at1', + scopes: 'openid something', + accessTokenExpiration: expect.any(Number), + idToken: newIdToken, + refreshToken: 'rt1', + requestedScopes: 'openid abc', + isExpired: false, + }); + + const updatedSession = await instance.getSession(); + + expect(updatedSession).toEqual( + expect.objectContaining({ + user: expect.objectContaining({ sub: 'test-user' }), + idToken: newIdToken, + refreshToken: 'rt1', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at1', + scopes: 'openid something', + }), + ], + custom: 1, + }) + ); + + fetchSpy.assert(); + }); + + it('should throw if session is not found', async () => { + await mockStorage.clear(); + + const instance = testInstance({ storage: mockStorage }); + + const tokensPromise = instance.getTokens(); + + await expect(tokensPromise).rejects.toBeInstanceOf( + MonoCloudValidationError + ); + await expect(tokensPromise).rejects.toThrow('Session does not exist'); + }); + + it('should throw error if refresh grant fails', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureRefreshToken({ + responseCode: 400, + error: 'some_error_code', + error_description: 'errorDescription', + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + idToken: 'idtoken', + refreshToken: 'rt', + authorizedScopes: 'abc', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 100, + scopes: 'abc', + requestedScopes: 'abc', + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const tokensPromise = instance.getTokens({ forceRefresh: true }); + + await expect(tokensPromise).rejects.toThrow('some_error_code'); + await expect(tokensPromise).rejects.toMatchObject({ + error: 'some_error_code', + errorDescription: 'errorDescription', + }); + + fetchSpy.assert(); + }); + + it('should throw error if userinfo fails', async () => { + const newIdToken = await generateIdToken(); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: newIdToken, + scope: 'openid something', + }) + .configureUserinfo({ + accessToken: 'at1', + responseCode: 400, + claims: { + error: 'error', + error_description: 'errorDescription', + }, + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + scopes: 'openid abc', + accessToken: 'at', + accessTokenExpiration: now() + 100, + }, + ], + idToken: 'idtoken', + refreshToken: 'rt', + authorizedScopes: 'openid abc', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + fetchUserinfo: true, + }); + + const tokensPromise = instance.getTokens({ + forceRefresh: true, + refetchUserInfo: true, + }); + + await expect(tokensPromise).rejects.toThrow(MonoCloudHttpError); + await expect(tokensPromise).rejects.toThrow( + 'Error while fetching userinfo. Unexpected status code: 400' + ); + + fetchSpy.assert(); + }); + + it('should throw error if jwks fetch fails', async () => { + const newIdToken = await generateIdToken(); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: newIdToken, + scope: 'openid something', + }) + .configureJwks({ + responseCode: 400, + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + scopes: 'abc', + accessToken: 'at', + accessTokenExpiration: now() + 100, + }, + ], + idToken: 'idtoken', + refreshToken: 'rt', + authorizedScopes: 'abc', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + fetchUserinfo: false, + }); + + const tokensPromise = instance.getTokens({ forceRefresh: true }); + + await expect(tokensPromise).rejects.toThrow(MonoCloudHttpError); + await expect(tokensPromise).rejects.toThrow( + 'Error while fetching JWKS. Unexpected status code: 400' + ); + + fetchSpy.assert(); + }); + + it('should throw error if id token validation fails', async () => { + const validIdToken = await generateIdToken(); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + body: 'grant_type=refresh_token&refresh_token=rt', + accessToken: 'at1', + refreshToken: 'rt1', + idToken: 'malformed_token_string', + scope: 'openid something', + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'test-user' }, + accessTokens: [ + { + scopes: 'abc', + accessToken: 'at', + accessTokenExpiration: now() + 100, + }, + ], + idToken: validIdToken, + refreshToken: 'rt', + authorizedScopes: 'abc', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const tokensPromise = instance.getTokens({ forceRefresh: true }); + + await expect(tokensPromise).rejects.toThrow( + 'ID Token must have a header, payload and signature' + ); + + fetchSpy.assert(); + }); +}); diff --git a/packages/js-core/tests/lock.test.ts b/packages/js-core/tests/lock.test.ts new file mode 100644 index 00000000..74f3df85 --- /dev/null +++ b/packages/js-core/tests/lock.test.ts @@ -0,0 +1,239 @@ +/* eslint-disable @typescript-eslint/no-non-null-assertion */ +// eslint-disable-next-line import/no-extraneous-dependencies +import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'; +import { withLock } from '../src/lock'; +import { MonoCloudJsError } from '../src/monocloud-js-error'; +import { MonoCloudValidationError } from '@monocloud/auth-core'; + +const tabLockMocks = vi.hoisted(() => ({ + acquireLock: vi.fn(), + + releaseLock: vi.fn(), +})); + +vi.mock('browser-tabs-lock', () => { + return { + default: class { + acquireLock = tabLockMocks.acquireLock; + + releaseLock = tabLockMocks.releaseLock; + }, + }; +}); + +describe('withLock()', () => { + const originalLockManager = (globalThis as any).LockManager; + const originalLocks = (navigator as any).locks; + const originalSecureContext = (window as any).isSecureContext; + + const setSecureContext = (val: boolean): void => { + Object.defineProperty(window, 'isSecureContext', { + value: val, + configurable: true, + }); + }; + + const setWebLocksEnabled = (opts: { + enabled: boolean; + requestImpl?: (key: string, options: any, cb: () => any) => any; + }): void => { + class TestLockManager {} + (globalThis as any).LockManager = TestLockManager; + + if (!opts.enabled) { + Object.defineProperty(navigator, 'locks', { + value: {}, + configurable: true, + }); + return; + } + + const lm = new TestLockManager() as any; + lm.request = vi.fn( + opts.requestImpl ?? ((_k: any, _o: any, cb: any): Promise => cb()) + ); + + Object.defineProperty(navigator, 'locks', { + value: lm, + configurable: true, + }); + }; + + beforeEach(() => { + vi.useFakeTimers(); + vi.spyOn(window, 'addEventListener'); + vi.spyOn(window, 'removeEventListener'); + vi.spyOn(globalThis, 'clearTimeout'); + + tabLockMocks.acquireLock.mockReset(); + tabLockMocks.releaseLock.mockReset(); + }); + + afterEach(() => { + vi.useRealTimers(); + (window.addEventListener as any).mockRestore?.(); + (window.removeEventListener as any).mockRestore?.(); + (globalThis.clearTimeout as any).mockRestore?.(); + + if (originalLockManager) { + (globalThis as any).LockManager = originalLockManager; + } else { + delete (globalThis as any).LockManager; + } + + Object.defineProperty(navigator, 'locks', { + value: originalLocks, + configurable: true, + }); + Object.defineProperty(window, 'isSecureContext', { + value: originalSecureContext, + configurable: true, + }); + + vi.restoreAllMocks(); + }); + + it('web locks - does NOT wrap MonoCloudAuthBaseError (passes through)', async () => { + setSecureContext(true); + setWebLocksEnabled({ + enabled: true, + requestImpl: (_key, _options, innerCb) => innerCb(), + }); + + const validationMsg = 'Ensure the user is authenticated'; + const cb = vi.fn(() => { + throw new MonoCloudValidationError(validationMsg); + }); + + const p = withLock('k_validation', cb); + await expect(p).rejects.not.toBeInstanceOf(MonoCloudJsError); + await expect(p).rejects.toBeInstanceOf(MonoCloudValidationError); + await expect(p).rejects.toThrow(validationMsg); + }); + + it('web locks - successfully acquires lock and returns callback result', async () => { + setSecureContext(true); + setWebLocksEnabled({ enabled: true }); + + const cb = vi.fn(() => Promise.resolve('success_data')); + const result = await withLock('key1', cb); + + expect(result).toBe('success_data'); + expect(cb).toHaveBeenCalled(); + const lm = (navigator as any).locks; + expect(lm.request).toHaveBeenCalledWith( + 'key1', + expect.objectContaining({ signal: expect.any(AbortSignal) }), + expect.any(Function) + ); + }); + + it('web locks - wraps generic errors in MonoCloudJsError', async () => { + setSecureContext(true); + setWebLocksEnabled({ enabled: true }); + const genericError = new Error('Network request failed'); + const cb = vi.fn(() => { + throw genericError; + }); + const p = withLock('k_generic', cb); + await expect(p).rejects.toBeInstanceOf(MonoCloudJsError); + await expect(p).rejects.toThrow( + 'Failed to acquire lock : Network request failed' + ); + }); + + it('tabs lock - successfully acquires, runs, and releases lock', async () => { + setSecureContext(false); + setWebLocksEnabled({ enabled: true }); + + tabLockMocks.acquireLock.mockResolvedValue(true); + tabLockMocks.releaseLock.mockResolvedValue(undefined); + + const cb = vi.fn(() => Promise.resolve('fallback_data')); + const result = await withLock('key_fallback', cb); + + expect(result).toBe('fallback_data'); + expect(tabLockMocks.acquireLock).toHaveBeenCalledWith('key_fallback', 5000); + expect(cb).toHaveBeenCalled(); + expect(tabLockMocks.releaseLock).toHaveBeenCalledWith('key_fallback'); + }); + + it('tabs lock - throws MonoCloudJsError if lock cannot be acquired', async () => { + setSecureContext(false); + setWebLocksEnabled({ enabled: true }); + + tabLockMocks.acquireLock.mockResolvedValue(false); + + const cb = vi.fn(); + const p = withLock('key_busy', cb); + + await expect(p).rejects.toBeInstanceOf(MonoCloudJsError); + await expect(p).rejects.toThrow('Failed to acquire lock.'); + expect(cb).not.toHaveBeenCalled(); + }); + + it('tabs lock - releases lock even if callback crashes', async () => { + setSecureContext(false); + setWebLocksEnabled({ enabled: true }); + + tabLockMocks.acquireLock.mockResolvedValue(true); + const cb = vi.fn(() => { + throw new Error('Business Logic Crash'); + }); + + const p = withLock('key_crash', cb); + + await expect(p).rejects.toThrow('Business Logic Crash'); + expect(tabLockMocks.releaseLock).toHaveBeenCalledWith('key_crash'); + }); + + it('web locks - triggers the abort signal when the 5000ms timeout is reached', () => { + setSecureContext(true); + + let capturedSignal: AbortSignal; + + setWebLocksEnabled({ + enabled: true, + requestImpl: (_k, options, _cb) => { + capturedSignal = options.signal; + return new Promise(() => {}); + }, + }); + + const cb = vi.fn(); + + withLock('k_timer', cb).catch(() => {}); + vi.advanceTimersByTime(5000); + expect(capturedSignal!.aborted).toBe(true); + }); + + it('tabs lock - releases lock immediately when pagehide event fires', async () => { + setSecureContext(false); + setWebLocksEnabled({ enabled: true }); + + tabLockMocks.acquireLock.mockResolvedValue(true); + + let finishCallback: () => void; + const cb = vi.fn( + () => + new Promise(resolve => { + finishCallback = resolve; + }) + ); + + const promise = withLock('k_pagehide_test', cb); + await vi.waitFor(() => { + expect(window.addEventListener).toHaveBeenCalledWith( + 'pagehide', + expect.any(Function) + ); + }); + + window.dispatchEvent(new Event('pagehide')); + + expect(tabLockMocks.releaseLock).toHaveBeenCalledWith('k_pagehide_test'); + + finishCallback!(); + await promise; + }); +}); diff --git a/packages/js-core/tests/refetch-userinfo.test.ts b/packages/js-core/tests/refetch-userinfo.test.ts new file mode 100644 index 00000000..ec476589 --- /dev/null +++ b/packages/js-core/tests/refetch-userinfo.test.ts @@ -0,0 +1,160 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { beforeEach, describe, expect, it } from 'vitest'; +import type { MonoCloudSession } from '@monocloud/auth-core'; +import { now } from '@monocloud/auth-core/internal'; +import { fetchBuilder } from '@monocloud/auth-test-utils'; +import { setSession, testInstance, VanillaJsMockStorage } from './utils'; +import { MonoCloudValidationError } from '@monocloud/auth-core'; + +describe('refetchUserinfo() Tests', () => { + let mockStorage: VanillaJsMockStorage; + + beforeEach(() => { + mockStorage = new VanillaJsMockStorage(); + window.localStorage.clear(); + }); + + it('should throw an error if there is no session', async () => { + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.refetchUserInfo().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe( + 'Ensure the user is authenticated before refetching userinfo' + ); + }); + + it('should throw an error if the openid scope is not present', async () => { + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'token', + refreshToken: 'rt', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + expect(await instance.getSession()).toBeDefined(); + + const error = await instance.refetchUserInfo().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Fetching userinfo requires the openid scope'); + + expect(await instance.getSession()).toEqual({ + user: { sub: 'sub' }, + refreshToken: 'rt', + authorizedScopes: 'token', + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: expect.any(Number), + }, + ], + }); + }); + + it('should refetch userinfo successfully', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureUserinfo({ + claims: { new: 'claim', from: 'userinfo', username: 'username' }, + }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'openid', + requestedScopes: 'openid', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'openid', + refreshToken: 'rt', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + expect(await instance.getSession()).toEqual({ + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'openid', + requestedScopes: 'openid', + accessTokenExpiration: expect.any(Number), + }, + ], + authorizedScopes: 'openid', + refreshToken: 'rt', + }); + + await instance.refetchUserInfo(); + + const sessionNew: MonoCloudSession = { + user: { + sub: 'sub', + new: 'claim', + from: 'userinfo', + username: 'username', + }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'openid', + requestedScopes: 'openid', + accessTokenExpiration: expect.any(Number), + }, + ], + refreshToken: 'rt', + authorizedScopes: 'openid', + }; + + fetchSpy.assert(); + mockStorage.expectSession(sessionNew); + expect(await instance.getSession()).toEqual(sessionNew); + }); + + it('should throw an error if default token is not present', async () => { + const session: MonoCloudSession = { + user: { sub: 'sub' }, + authorizedScopes: 'openid', + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + scopes: 'profile', + requestedScopes: 'profile', + accessTokenExpiration: now() + 1000, + resource: 'some-api', + }, + ], + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.refetchUserInfo().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Default token not found'); + }); +}); diff --git a/packages/js-core/tests/refresh-session.test.ts b/packages/js-core/tests/refresh-session.test.ts new file mode 100644 index 00000000..e3c7be5e --- /dev/null +++ b/packages/js-core/tests/refresh-session.test.ts @@ -0,0 +1,1493 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'; +import { + fetchBuilder, + generateIdToken, + MockWindow, +} from '@monocloud/auth-test-utils'; +import { setSession, testInstance, VanillaJsMockStorage } from './utils'; +import { + MonoCloudHttpError, + MonoCloudOPError, + MonoCloudSession, + MonoCloudValidationError, + ResponseTypes, +} from '@monocloud/auth-core'; +import { now } from '@monocloud/auth-core/internal'; +import { MonoCloudJsError } from '../src'; + +const tabLockMocks = vi.hoisted(() => ({ + acquireLock: vi.fn(() => true), + releaseLock: vi.fn(() => void 0), +})); + +vi.mock('browser-tabs-lock', () => { + return { + default: class TabLockMock { + acquireLock = tabLockMocks.acquireLock; + + releaseLock = tabLockMocks.releaseLock; + }, + }; +}); + +describe('instance.refreshSession() Tests', () => { + let mockWindow: MockWindow; + let mockStorage: VanillaJsMockStorage; + + const urlRegex = + /^https:\/\/example\.com\/connect\/authorize\?client_id=clientId&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=[a-zA-Z0-9+_% -]+&response_type=[a-zA-Z0-9_+]+&nonce=[a-zA-Z0-9_-]+&prompt=[a-zA-Z0-9_-]+&code_challenge=[a-zA-Z0-9_-]+&code_challenge_method=S256&state=[a-zA-Z0-9_-]+$/; + + beforeEach(() => { + mockWindow = new MockWindow(); + mockStorage = new VanillaJsMockStorage(); + + if (!(globalThis as any).LockManager) { + (globalThis as any).LockManager = class LockManager {}; + } + + (globalThis as any).navigator = (globalThis as any).navigator ?? {}; + }); + + afterEach(() => { + mockWindow.restore(); + window.localStorage.clear(); + }); + + it('should throw if no session exists', async () => { + const instance = testInstance({ storage: mockStorage }); + + const error = await instance + .refreshSession({ mode: 'refresh_token' }) + .catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe( + 'Ensure the user is authenticated before refreshing the session' + ); + }); + + it('Refresh Token Mode - should throw an error if there is no refresh token', async () => { + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'token', + }; + + setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + expect(await instance.getSession()).toBeDefined(); + + const error = await instance + .refreshSession({ + mode: 'refresh_token', + }) + .catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe( + 'Refresh token not found. Sign in with offline_access scope to get the refresh token.' + ); + }); + + it('should throw error if the code is not running in the main window', async () => { + vi.spyOn(window, 'opener', 'get').mockReturnValue(null); + vi.spyOn(window, 'parent', 'get').mockReturnValue({} as unknown as Window); + vi.spyOn(window, 'top', 'get').mockReturnValue({} as unknown as Window); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.refreshSession().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe( + 'Initiating an authentication flow in a popup or iframe is not supported' + ); + }); + + it('Refresh Token Mode - should refresh successfully', async () => { + const idToken = await generateIdToken(); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureRefreshToken({ + idToken, + accessToken: 'newAt', + refreshToken: 'newRt', + body: 'grant_type=refresh_token&refresh_token=rt', + }) + .configureUserinfo({ accessToken: 'newAt' }) + .createSpy(); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + refreshToken: 'rt', + authorizedScopes: 'token', + }; + + setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + await instance.refreshSession({ + mode: 'refresh_token', + }); + + const sessionNew = { + user: { + sub: 'sub', + sub_jwk: expect.any(Object), + username: 'username', + }, + accessTokens: [ + { + accessToken: 'newAt', + scopes: 'openid offline_access', + requestedScopes: 'token', + accessTokenExpiration: expect.any(Number), + }, + ], + refreshToken: 'newRt', + idToken, + authorizedScopes: 'token', + }; + + await vi.waitFor(async () => { + fetchSpy.assert(); + mockStorage.expectSession(sessionNew).expectCallbackStateRemoved(); + expect(await instance.getSession()).toEqual(sessionNew); + }); + }); + + it('Refresh Token Mode - should throw an error when refreshing session fails', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureRefreshToken({ + responseCode: 500, + body: 'grant_type=refresh_token&refresh_token=rt', + }) + .createSpy(); + + const storedSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, storedSession); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance + .refreshSession({ mode: 'refresh_token' }) + .catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudHttpError); + expect(error.message).toBe( + 'Error while performing refresh token grant. Unexpected status code: 500' + ); + + fetchSpy.assert(); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + }); + + it.each(['code', 'code id_token'])( + 'Popup Mode - should refresh session through popup and resolve when a session message is received - %s', + async responseType => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + responseType: responseType as ResponseTypes, + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'newAt', + refreshToken: 'newRt', + idToken, + }) + .configureUserinfo({ + accessToken: 'newAt', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = + responseType === 'code' + ? `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + generatedState ?? '' + )}` + : `http://localhost:3000/callback#state=${encodeURIComponent( + generatedState ?? '' + )}&code=auth-code&id_token=${encodeURIComponent('dummy-id-token')}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + refreshToken: 'newRt', + idToken: expect.any(String), + accessTokens: [ + expect.objectContaining({ + accessToken: 'newAt', + accessTokenExpiration: expect.any(Number), + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + + mockStorage.expectCallbackStateRemoved(); + }); + + fetchSpy.assert(); + } + ); + + it('Popup Mode - should reject when redirect has error', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ storage: mockStorage }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + + const errorCallbackUrl = + `http://localhost:3000/callback` + + `?error=some_error` + + `&error_description=${encodeURIComponent('something went wrong')}` + + `&state=${encodeURIComponent(generatedState ?? '')}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: errorCallbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await refreshPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudOPError); + expect(error).toMatchObject({ + error: 'some_error', + errorDescription: 'something went wrong', + }); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + mockStorage.expectCallbackStateRemoved(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + fetchSpy.assert(); + }); + }); + + it('Popup Mode - can timeout', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + authWindowTimeout: 0.1, + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const error = await refreshPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Window timed out'); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + mockStorage.expectCallbackStateRemoved(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + fetchSpy.assert(); + }); + }); + + it('Popup Mode - should throw an error if popup fails to open', async () => { + mockWindow.assert(); + + vi.spyOn(window, 'open').mockReturnValue(null); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ storage: mockStorage }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const error = await instance + .refreshSession({ mode: 'popup' }) + .catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error).toMatchObject({ message: 'Could not open popup' }); + + mockStorage.expectCallbackStateRemoved(); + + expect(await instance.getSession()).toEqual(existingSession); + }); + + it('Silent Mode - should refresh session through iframe and resolve when a session message is received', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const iframe = window.document.createElement('iframe'); + + vi.spyOn(window.document, 'createElement').mockReturnValue(iframe); + + vi.spyOn(iframe, 'contentWindow', 'get').mockReturnValue( + window as unknown as Window + ); + + const appendChildSpy = vi.spyOn(window.document.body, 'appendChild'); + + let iframeSrc = ''; + + vi.spyOn(iframe, 'setAttribute').mockImplementation( + (name: string, value: string) => { + if (name === 'src') iframeSrc = value; + } + ); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ storage: mockStorage }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession(); + + await vi.waitFor(() => { + expect(appendChildSpy).toHaveBeenCalledWith(iframe); + expect(iframeSrc).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(iframeSrc); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'newAt', + refreshToken: 'newRt', + idToken, + }) + .configureUserinfo({ + accessToken: 'newAt', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + generatedState ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: window, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(document.body.contains(iframe)).toBe(false); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + refreshToken: 'newRt', + idToken: expect.any(String), + accessTokens: [ + expect.objectContaining({ + accessToken: 'newAt', + accessTokenExpiration: expect.any(Number), + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + + fetchSpy.assert(); + }); + }); + + it('Silent Mode - should reject when an error callback url is received', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const iframe = window.document.createElement('iframe'); + + vi.spyOn(window.document, 'createElement').mockReturnValue(iframe); + + vi.spyOn(iframe, 'contentWindow', 'get').mockReturnValue( + window as unknown as Window + ); + + const appendChildSpy = vi.spyOn(window.document.body, 'appendChild'); + + let iframeSrc = ''; + + vi.spyOn(iframe, 'setAttribute').mockImplementation( + (name: string, value: string) => { + if (name === 'src') iframeSrc = value; + } + ); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ storage: mockStorage }); + + const refreshPromise = instance.refreshSession({ mode: 'silent' }); + + await vi.waitFor(() => { + expect(appendChildSpy).toHaveBeenCalledWith(iframe); + expect(iframeSrc).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(iframeSrc); + const generatedState = authorizeUrl.searchParams.get('state'); + + const errorCallbackUrl = + `http://localhost:3000/callback` + + `?error=some_error` + + `&error_description=${encodeURIComponent('something went wrong')}` + + `&state=${encodeURIComponent(generatedState ?? '')}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: errorCallbackUrl, + }, + source: window, + origin: 'http://localhost:3000', + }) + ); + + const error = await refreshPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudOPError); + expect(error).toMatchObject({ + error: 'some_error', + errorDescription: 'something went wrong', + }); + + await vi.waitFor(async () => { + expect(document.body.contains(iframe)).toBe(false); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + fetchSpy.assert(); + }); + }); + + it('Silent Mode - can timeout', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const iframe = window.document.createElement('iframe'); + + vi.spyOn(window.document, 'createElement').mockReturnValue(iframe); + + const appendChildSpy = vi.spyOn(window.document.body, 'appendChild'); + + let iframeSrc = ''; + vi.spyOn(iframe, 'setAttribute').mockImplementation( + (name: string, value: string) => { + if (name === 'src') iframeSrc = value; + } + ); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + authWindowTimeout: 0.1, + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'silent' }); + + await vi.waitFor(() => { + expect(appendChildSpy).toHaveBeenCalledWith(iframe); + expect(iframeSrc).toMatch(urlRegex); + }); + + await expect(refreshPromise).rejects.toBeInstanceOf(MonoCloudJsError); + await expect(refreshPromise).rejects.toThrow('Window timed out'); + + await vi.waitFor(async () => { + expect(document.body.contains(iframe)).toBe(false); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + fetchSpy.assert(); + }); + }); + + it('Popup Mode - throws when user closes the window', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + }; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup as unknown as Window); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + setSession(mockStorage, existingSession); + + const instance = testInstance({ storage: mockStorage }); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + mockPopup.closed = true; + + await expect(refreshPromise).rejects.toBeInstanceOf(MonoCloudJsError); + await expect(refreshPromise).rejects.toThrow('Window closed by user'); + + await vi.waitFor(async () => { + mockStorage.expectCallbackStateRemoved(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + fetchSpy.assert(); + }); + }); + + it('should only resolve the promise if the origin is appUrl', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'code', + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'newAt', + refreshToken: 'newRt', + idToken, + }) + .configureUserinfo({ + accessToken: 'newAt', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + generatedState ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'https://yyy.com', + }) + ); + + await vi.waitFor(() => { + expect(mockPopup.close).not.toHaveBeenCalled(); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + refreshToken: 'newRt', + idToken: expect.any(String), + accessTokens: [ + expect.objectContaining({ + accessToken: 'newAt', + accessTokenExpiration: expect.any(Number), + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + + fetchSpy.assert(); + }); + }); + + it('should only resolve the promise if the source is popup window', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'code', + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'newAt', + refreshToken: 'newRt', + idToken, + }) + .configureUserinfo({ + accessToken: 'newAt', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + generatedState ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: {} as unknown as Window, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + expect(mockPopup.close).not.toHaveBeenCalled(); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + refreshToken: 'newRt', + idToken: expect.any(String), + accessTokens: [ + expect.objectContaining({ + accessToken: 'newAt', + accessTokenExpiration: expect.any(Number), + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + + fetchSpy.assert(); + }); + }); + + it('should only resolve the promise if data.source is monocloud-auth-js-core', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid offline_access', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'code', + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'newAt', + refreshToken: 'newRt', + idToken, + }) + .configureUserinfo({ + accessToken: 'newAt', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + generatedState ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'yyy', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + expect(mockPopup.close).not.toHaveBeenCalled(); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + refreshToken: 'newRt', + idToken: expect.any(String), + accessTokens: [ + expect.objectContaining({ + accessToken: 'newAt', + accessTokenExpiration: expect.any(Number), + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + + fetchSpy.assert(); + }); + }); + + it('Silent Mode - should combine multiple resources and scopes from options.resources', async () => { + fetchBuilder() + .configureMetadata() + .configureTokenEndpoint() + .configureUserinfo() + .createSpy(); + + mockWindow.assert(); + + const iframe = window.document.createElement('iframe'); + vi.spyOn(window.document, 'createElement').mockReturnValue(iframe); + vi.spyOn(iframe, 'contentWindow', 'get').mockReturnValue( + window as unknown as Window + ); + + let iframeSrc = ''; + vi.spyOn(iframe, 'setAttribute').mockImplementation((name, value) => { + if (name === 'src') iframeSrc = value; + }); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + resources: [ + { resource: 'api://inventory', scopes: 'inv:read' }, + { resource: 'api://orders', scopes: 'orders:write' }, + ], + }); + + instance.refreshSession({ mode: 'silent' }); + + await vi.waitFor(() => { + expect(iframeSrc).toContain('https://example.com/connect/authorize'); + }); + + const url = new URL(iframeSrc); + + const resources = url.searchParams.getAll('resource'); + expect(resources).toHaveLength(2); + expect(resources).toContain('api://inventory'); + expect(resources).toContain('api://orders'); + + const scopes = url.searchParams.get('scope')?.split(' ') ?? []; + expect(scopes).toContain('inv:read'); + expect(scopes).toContain('orders:write'); + }); + + it('Silent Mode - should filter out invalid resources and scopes from options.resources', async () => { + fetchBuilder().configureMetadata().createSpy(); + mockWindow.assert(); + + const iframe = window.document.createElement('iframe'); + vi.spyOn(window.document, 'createElement').mockReturnValue(iframe); + vi.spyOn(iframe, 'contentWindow', 'get').mockReturnValue( + window as unknown as Window + ); + + let iframeSrc = ''; + vi.spyOn(iframe, 'setAttribute').mockImplementation((name, value) => { + if (name === 'src') iframeSrc = value; + }); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + refreshToken: 'rt', + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'openid', + requestedScopes: 'openid', + }, + ], + authorizedScopes: 'openid', + }; + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + resources: [ + { resource: 'api://valid', scopes: 'scope:valid' }, + { resource: '', scopes: '' }, + { resource: undefined, scopes: undefined }, + {} as any, + ], + }); + + instance.refreshSession({ mode: 'silent' }); + + await vi.waitFor(() => { + expect(iframeSrc).toContain('https://example.com/connect/authorize'); + }); + + const url = new URL(iframeSrc); + + const resources = url.searchParams.getAll('resource'); + expect(resources).toHaveLength(1); + expect(resources).toContain('api://valid'); + expect(resources).not.toContain(''); + expect(resources).not.toContain('undefined'); + + const scopes = url.searchParams.get('scope')?.split(' ') ?? []; + expect(scopes).toContain('scope:valid'); + expect(scopes).not.toContain(''); + expect(scopes).not.toContain('undefined'); + }); + + it('Silent Mode - should throw error if window is crossOriginIsolated', async () => { + const instance = testInstance({ storage: mockStorage }); + + Object.defineProperty(window, 'crossOriginIsolated', { + value: true, + configurable: true, + }); + + const error = await instance + .refreshSession({ mode: 'silent' }) + .catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Isolated Cross-Origin. Cannot create iframe'); + + Object.defineProperty(window, 'crossOriginIsolated', { + value: false, + configurable: true, + }); + }); +}); diff --git a/packages/js-core/tests/session.test.ts b/packages/js-core/tests/session.test.ts new file mode 100644 index 00000000..e50a7920 --- /dev/null +++ b/packages/js-core/tests/session.test.ts @@ -0,0 +1,64 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { describe, it, expect, afterEach } from 'vitest'; +import type { MonoCloudSession } from '@monocloud/auth-core'; +import { now } from '@monocloud/auth-core/internal'; +import { setSession, testInstance } from './utils'; +import { localStorage } from '../src'; + +describe('Session Tests', () => { + afterEach(() => { + window.localStorage.clear(); + }); + + it('should restore valid existing session', async () => { + const validSession: MonoCloudSession = { + idToken: 'idToken', + accessTokens: [ + { + accessToken: 'at', + scopes: 'openid offline_access', + requestedScopes: 'openid offline_access', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'openid offline_access', + refreshToken: 'rt', + user: { sub: 'sub' }, + }; + + await setSession(localStorage(), validSession); + + const instance = testInstance(); + + expect(await instance.getSession()).toEqual(validSession); + }); + + it('should restore valid existing session (custom key)', async () => { + const validSession: MonoCloudSession = { + idToken: 'idToken', + accessTokens: [ + { + accessToken: 'at', + scopes: 'openid offline_access', + requestedScopes: 'openid offline_access', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'openid offline_access', + refreshToken: 'rt', + user: { sub: 'sub' }, + }; + + // @ts-expect-error set custom key + window.sessionKey = 'custom'; + + await setSession(localStorage(), validSession); + + const instance = testInstance({ sessionKey: 'custom' }); + + expect(await instance.getSession()).toEqual(validSession); + + // @ts-expect-error set to undefined + delete window.sessionKey; + }); +}); diff --git a/packages/js-core/tests/sign-in.test.ts b/packages/js-core/tests/sign-in.test.ts new file mode 100644 index 00000000..6076891c --- /dev/null +++ b/packages/js-core/tests/sign-in.test.ts @@ -0,0 +1,2095 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'; +import { + fetchBuilder, + generateIdToken, + MockWindow, +} from '@monocloud/auth-test-utils'; +import { testInstance, VanillaJsMockStorage } from './utils'; +import { + CallbackState, + MonoCloudHttpError, + MonoCloudJsError, + MonoCloudOPError, + MonoCloudTokenError, + MonoCloudValidationError, +} from '../src'; +import { now } from '@monocloud/auth-core/internal'; + +describe('signIn() Tests', () => { + let mockWindow: MockWindow; + let mockStorage: VanillaJsMockStorage; + + const urlRegex = + /^https:\/\/example\.com\/connect\/authorize\?client_id=clientId&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=[a-zA-Z0-9+_% -]+&response_type=[a-zA-Z0-9_]+&nonce=[a-zA-Z0-9_-]+&code_challenge=[a-zA-Z0-9_-]+&code_challenge_method=S256&state=[a-zA-Z0-9_-]+$/; + + beforeEach(() => { + mockStorage = new VanillaJsMockStorage(); + mockWindow = new MockWindow(); + }); + + afterEach(() => { + mockWindow.restore(); + window.localStorage.clear(); + }); + + it('should redirect to the sign in page', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectOrigin('https://example.com/connect/authorize') + .expectQueryKey('state') + .expectQueryKey('code_challenge') + .expectQueryKey('nonce') + .expectQuery('code_challenge_method', 'S256') + .expectQuery('client_id', 'clientId') + .expectQuery('response_type', 'code') + .expectQuery('scope', 'openid') + .expectQuery('redirect_uri', 'http://localhost:3000/callback') + .assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.signIn(); + + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + + it('should throw error if the code is not running in the main window', async () => { + vi.spyOn(window, 'opener', 'get').mockReturnValue(null); + vi.spyOn(window, 'parent', 'get').mockReturnValue({} as unknown as Window); + vi.spyOn(window, 'top', 'get').mockReturnValue({} as unknown as Window); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.signIn().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe( + 'Initiating an authentication flow in a popup or iframe is not supported' + ); + }); + + it('should redirect to the appUrl if callback path is undefined', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectOrigin('https://example.com/connect/authorize') + .expectQuery('redirect_uri', 'http://localhost:3000/') + .assert(); + + const instance = testInstance({ + storage: mockStorage, + callbackPath: undefined, + }); + + await instance.signIn(); + + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + + it('should redirect to sign in page with the preferred authenticator', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.expectQuery('authenticator_hint', 'apple').assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.signIn({ authenticatorHint: 'apple' }); + + expect(window.location.assign).toHaveBeenCalledOnce(); + + fetchSpy.assert(); + }); + + it('should redirect to sign in page with the login hint', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.expectQuery('login_hint', 'username').assert(); + + const instance = testInstance({ + storage: mockStorage, + }); + + await instance.signIn({ loginHint: 'username' }); + + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + + it('should redirect to sign up page', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.expectQuery('prompt', 'create').assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.signIn({ signUp: true }); + + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + + it('should set max age and ui locales', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectQuery('ui_locales', 'en-US') + .expectQuery('max_age', '5') + .assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.signIn({ uiLocales: 'en-US', maxAge: 5 }); + + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + + it('Redirect Mode - should redirect to sign in page', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.signIn(); + + mockStorage + .expectCallbackState() + .expectCallbackStateMode('redirect') + .expectCallbackStateCodeVerifier() + .expectCallbackStateMaxAge(undefined) + .expectCallbackStateNonce() + .expectCallbackStateSignOut(undefined) + .expectCallbackStateState(); + + expect(window.location.assign).toHaveBeenCalledWith( + expect.stringContaining('https://example.com/connect/authorize') + ); + fetchSpy.assert(); + }); + + it('Redirect Mode - should process callback using the default callback state key', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow + .setSearch('?state=state&code=code') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid offline_access', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved().expectSession(); + expect(await instance.getSession()).toBeDefined(); + + fetchSpy.assert(); + }); + + it('Redirect Mode - should not process callback if there is no callback state found', async () => { + mockWindow + .setSearch('?state=state&code=code') + .setPathname('/callback') + .assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved().expectNoSession(); + expect(await instance.getSession()).toBeUndefined(); + }); + + it('Redirect Mode - should process a redirect callback (Authorization Code)', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow + .setSearch('?state=state&code=code') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid offline_access', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved().expectSession(); + + const session = await instance.getSession(); + + expect(session).toBeDefined(); + + expect(session?.user).toEqual( + expect.objectContaining({ + sub: 'sub', + username: 'username', + }) + ); + + expect(session?.refreshToken).toBe('rt'); + expect(session?.authorizedScopes).toBe('openid offline_access'); + expect(session?.idToken).toBe(idToken); + + expect(session?.accessTokens).toHaveLength(1); + expect(session?.accessTokens?.[0].accessToken).toBe('at'); + expect(session?.accessTokens?.[0].scopes).toBe('openid offline_access'); + + const expiration = session?.accessTokens?.[0].accessTokenExpiration; + expect(expiration).toBeDefined(); + expect(expiration).toBeLessThanOrEqual(now() + 1000); + expect(expiration).toBeGreaterThan(now() + 900); + + fetchSpy.assert(); + }); + + it('should execute postCallback function', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow + .setSearch('?state=state&code=code') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid offline_access', + }; + + mockStorage.setCallbackState(state); + + const fn = vi.fn(); + + const instance = testInstance({ storage: mockStorage, postCallback: fn }); + + await instance.processCallback(); + + const session = await instance.getSession(); + + expect(session?.user).toBeDefined(); + expect(fn).toHaveBeenCalledTimes(1); + fetchSpy.assert(); + }); + + it('should set href to returnUrl if set', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow + .setSearch('?state=state&code=code') + .setPathname('/callback') + .expectHrefCalled('/test') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid offline_access', + returnUrl: '/test', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + const session = await instance.getSession(); + + expect(session?.user).toBeDefined(); + fetchSpy.assert(); + }); + + it('should use default path for processing callback if the callback path is undefined', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow.setSearch('?state=state&code=code').setPathname('/').assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid offline_access', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + callbackPath: undefined, + }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + + const session = await instance.getSession(); + expect(session).toBeDefined(); + expect(session?.accessTokens?.[0].accessToken).toBe('at'); + + fetchSpy.assert(); + }); + + it("Redirect Mode - should process a redirect callback (Hybrid - 'code token id_token' response type)", async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow + .setSearch( + '?state=state&code=code&access_token=at&expires_in=600&id_token=idtoken&refresh_token=rt' + ) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + state: 'state', + mode: 'redirect', + codeVerifier: 'codeVerifier', + nonce: 'nonce', + scopes: 'openid offline_access', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + mockStorage.expectCallbackStateRemoved(); + const session = await instance.getSession(); + + expect(session).toBeDefined(); + + expect(session?.user.sub).toBe('sub'); + + expect(session?.refreshToken).toBe('rt'); + expect(session?.authorizedScopes).toBe('openid offline_access'); + expect(session?.idToken).toBe(idToken); + + expect(session?.accessTokens).toHaveLength(1); + expect(session?.accessTokens?.[0].accessToken).toBe('at'); + + expect( + session?.accessTokens?.[0].accessTokenExpiration + ).toBeLessThanOrEqual(now() + 1000); + + fetchSpy.assert(); + }); + + it("Redirect Mode - should process a redirect callback (Implicit - 'token' response type)", async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureUserinfo() + .createSpy(); + + mockWindow + .setSearch('?state=state&access_token=at&expires_in=600&scope=openid') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + state: 'state', + mode: 'redirect', + scopes: 'openid offline_access', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + + const session = await instance.getSession(); + + expect(session).toBeDefined(); + + expect(session?.user).toBeDefined(); + + expect(session?.refreshToken).toBeUndefined(); + expect(session?.idToken).toBeUndefined(); + + expect(session?.accessTokens).toHaveLength(1); + expect(session?.accessTokens?.[0].accessToken).toBe('at'); + expect( + session?.accessTokens?.[0].accessTokenExpiration + ).toBeLessThanOrEqual(now() + 600); + + fetchSpy.assert(); + }); + + it("Redirect Mode - should process a redirect callback (Implicit - 'id_token' response type)", async () => { + const idToken = await generateIdToken({ + nonce: 'nonce', + claims: { sub: 'some' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow + .setSearch(`?state=state&id_token=${idToken}`) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + + const session = await instance.getSession(); + + expect(session).toBeDefined(); + expect(session?.user).toBeDefined(); + expect(session?.user.sub).toBe('some'); + expect(session?.idToken).toBe(idToken); + + expect(session?.refreshToken).toBeUndefined(); + expect(session?.authorizedScopes).toBeUndefined(); + + expect(session?.accessTokens?.[0]?.accessToken).toBeUndefined(); + expect(session?.accessTokens?.[0]?.accessTokenExpiration).toBeUndefined(); + + fetchSpy.assert(); + }); + + it("Redirect Mode - should process a redirect callback (Implicit - 'id_token token' response type)", async () => { + const idToken = await generateIdToken({ + nonce: 'nonce', + claims: { sub: 'some' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureUserinfo({ claims: { sub: 'some' } }) + .createSpy(); + + mockWindow + .setSearch( + `?state=state&id_token=${idToken}&access_token=at&expires_in=600&scope=openid` + ) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + + const session = await instance.getSession(); + + expect(session).toBeDefined(); + expect(session?.user).toBeDefined(); + expect(session?.user.sub).toBe('some'); + + expect(session?.refreshToken).toBeUndefined(); + expect(session?.idToken).toBe(idToken); + + expect(session?.accessTokens).toHaveLength(1); + expect(session?.accessTokens?.[0].accessToken).toBe('at'); + expect( + session?.accessTokens?.[0].accessTokenExpiration + ).toBeLessThanOrEqual(now() + 600); + + fetchSpy.assert(); + }); + + it('Redirect Mode - should throw an error if states mismatch', async () => { + mockWindow + .setSearch('?state=states&code=code') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Sign in callback states mismatch'); + + mockStorage.expectCallbackStateRemoved(); + }); + + it('Redirect Mode - should throw an op error if callback contains error', async () => { + mockWindow + .setSearch( + '?error=some_error&error_description=Bad%20Request&state=state' + ) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudOPError); + expect(error).toMatchObject({ + error: 'some_error', + errorDescription: 'Bad Request', + }); + + mockStorage.expectCallbackStateRemoved(); + }); + + it('Redirect Mode - should throw an error if jwks fetch fails for implicit id token validation', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks({ responseCode: 400 }) + .createSpy(); + + mockWindow + .setSearch(`?state=state&id_token=${idToken}`) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + await expect(instance.processCallback()).rejects.toThrow( + 'Error while fetching JWKS. Unexpected status code: 400' + ); + + mockStorage.expectCallbackStateRemoved(); + fetchSpy.assert(); + }); + + it('Redirect Mode - should throw an error if id token is invalid', async () => { + fetchBuilder().configureMetadata().configureJwks().createSpy(); + + mockWindow + .setSearch('?state=state&id_token=malformed_token_string') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudTokenError); + expect(error.message).toBe( + 'ID Token must have a header, payload and signature' + ); + + mockStorage.expectCallbackStateRemoved(); + }); + + it('Redirect Mode - should extract user from id token even if validate id token is false', async () => { + const idToken = await generateIdToken({ + claims: { + only: 'found in', + decode: true, + }, + }); + + mockWindow + .setSearch(`?state=state&id_token=${idToken}`) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + validateIdToken: false, + }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + + const session = await instance.getSession(); + + expect(session?.user).toEqual({ + aud: 'clientId', + exp: expect.any(Number), + iat: expect.any(Number), + iss: 'https://example.com', + only: 'found in', + sub: 'sub', + decode: true, + sub_jwk: expect.any(Object), + }); + }); + + it('Redirect Mode - should throw an error if id token is invalid and validateIdToken is false', async () => { + mockWindow + .setSearch('?state=state&id_token=id_token') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + validateIdToken: false, + }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudTokenError); + expect(error.message).toBe('JWT does not contain payload'); + + mockStorage.expectCallbackStateRemoved(); + }); + + it('Redirect Mode - should throw an error if userinfo returned an error', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureUserinfo({ responseCode: 400 }) + .createSpy(); + + mockWindow + .setSearch('?state=state&access_token=at&scope=openid') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + validateIdToken: false, + }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudHttpError); + expect(error.message).toBe( + 'Error while fetching userinfo. Unexpected status code: 400' + ); + + mockStorage.expectCallbackStateRemoved(); + fetchSpy.assert(); + }); + + it('Redirect Mode - should throw an error if code exchange fails', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureTokenEndpoint({ + responseCode: 500, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .createSpy(); + + mockWindow + .setSearch('?state=state&code=code') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + codeVerifier: 'codeVerifier', + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudHttpError); + expect(error.message).toBe( + 'Error while performing token grant. Unexpected status code: 500' + ); + + mockStorage.expectCallbackStateRemoved(); + fetchSpy.assert(); + }); + + it('Popup Mode - should send the redirect callback through window.postMessage', async () => { + fetchBuilder().createSpy(); + + mockWindow + .mockPostMessage() + .mockParentSide('popup') + .setSearch('?state=state&code=code') + .setPathname('/callback') + .assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + expect(window.fetch).not.toHaveBeenCalled(); + + await vi.waitFor(() => { + expect(mockWindow.parentPostMessage).toHaveBeenCalledWith( + expect.objectContaining({ + source: 'monocloud-auth-js-core', + url: 'http://localhost:3000/callback?state=state&code=code', + }), + 'http://localhost:3000' + ); + }); + }); + + it('Popup Mode - should throw an error if states mismatch', async () => { + fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + expect(window.open).toHaveBeenCalledWith( + 'about:blank', + 'mc.popup', + expect.any(String) + ); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: 'http://localhost:3000/callback?state=WRONG_STATE&code=code', + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Sign in callback states mismatch'); + + expect(mockPopup.close).toHaveBeenCalled(); + }); + + it('Popup Mode - should throw an error if callback contains error', async () => { + fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const url = new URL(mockPopup.location.href); + const generatedState = url.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?error=access_denied&error_description=User+denied&state=${generatedState}`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudOPError); + expect(error).toMatchObject({ + error: 'access_denied', + errorDescription: 'User denied', + }); + + expect(mockPopup.close).toHaveBeenCalled(); + }); + + it('Popup Mode - should throw an error if jwks fetch fails for implicit id token validation', async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks({ responseCode: 400 }) + .createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const url = new URL(mockPopup.location.href); + const generatedState = url.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?state=${generatedState}&id_token=${idToken}`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudHttpError); + expect(error.message).toBe( + 'Error while fetching JWKS. Unexpected status code: 400' + ); + + expect(mockPopup.close).toHaveBeenCalled(); + fetchSpy.assert(); + }); + + it('Popup Mode - should throw an error if id token is invalid', async () => { + fetchBuilder().configureMetadata().configureJwks().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const url = new URL(mockPopup.location.href); + const generatedState = url.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?state=${generatedState}&id_token=malformed_token_string`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudTokenError); + expect(error.message).toBe( + 'ID Token must have a header, payload and signature' + ); + + expect(mockPopup.close).toHaveBeenCalled(); + }); + + it('Popup Mode - should extract user from id token even if validate id token is false', async () => { + const idToken = await generateIdToken({ + claims: { + only: 'found in', + decode: true, + }, + }); + + const windowFetchSpy = vi.spyOn(window, 'fetch'); + fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + validateIdToken: false, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const url = new URL(mockPopup.location.href); + const generatedState = url.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?state=${generatedState}&id_token=${idToken}`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await signInPromise; + + mockStorage.expectSession( + expect.objectContaining({ + idToken, + user: expect.objectContaining({ + iss: 'https://example.com', + sub: 'sub', + aud: 'clientId', + only: 'found in', + decode: true, + }), + }) + ); + + expect(mockPopup.close).toHaveBeenCalled(); + + expect(windowFetchSpy).toHaveBeenCalledTimes(1); + expect(windowFetchSpy.mock.calls[0][0]).toContain( + '.well-known/openid-configuration' + ); + }); + + it('Popup Mode - should throw an error if id token is invalid and validateIdToken is false', async () => { + fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + validateIdToken: false, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const url = new URL(mockPopup.location.href); + const generatedState = url.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?state=${generatedState}&id_token=malformed_token_string`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudTokenError); + expect(error.message).toBe('JWT does not contain payload'); + + expect(mockPopup.close).toHaveBeenCalled(); + mockStorage.expectNoSession(); + }); + + it('Popup Mode - should throw an error if userinfo returned an error', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureUserinfo({ responseCode: 400 }) + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'token', + }); + + const signInPromise = instance.signIn({ + mode: 'popup', + scopes: 'openid profile', + }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const url = new URL(mockPopup.location.href); + const generatedState = url.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback#state=${generatedState}&access_token=at&token_type=Bearer&expires_in=3600&scope=openid%20profile`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudHttpError); + expect(error.message).toBe( + 'Error while fetching userinfo. Unexpected status code: 400' + ); + + expect(mockPopup.close).toHaveBeenCalled(); + mockStorage.expectNoSession(); + fetchSpy.assert(); + }); + + it('Popup Mode - should throw an error if code exchange fails', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureTokenEndpoint({ + responseCode: 500, + }) + .createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?state=${encodeURIComponent( + generatedState ?? '' + )}&code=test-auth-code`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudHttpError); + expect(error.message).toBe( + 'Error while performing token grant. Unexpected status code: 500' + ); + + await vi.waitFor(() => { + expect(mockPopup.close).toHaveBeenCalled(); + }); + + mockStorage.expectNoSession(); + fetchSpy.assert(); + }); + + it('Popup Mode - should redirect popup to sign in page and resolve when a session message is received', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + validateIdToken: false, + }); + + const signinPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(async () => { + expect(mockPopup.location.href).toMatch(urlRegex); + expect(await instance.getSession()).toBeUndefined(); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'mock-access-token', + idToken, + }) + .configureUserinfo({ + accessToken: 'mock-access-token', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback?code=auth-code&state=${generatedState}`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signinPromise).resolves.toBeUndefined(); + + const expectedSession = expect.objectContaining({ + accessTokens: [ + expect.objectContaining({ + accessToken: 'mock-access-token', + }), + ], + refreshToken: expect.any(String), + idToken: expect.any(String), + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + mockStorage.expectSession(expectedSession); + + const savedSession = await instance.getSession(); + expect(savedSession).toEqual(expectedSession); + }); + + fetchSpy.assert(); + }); + + it('Popup Mode - should redirect popup to sign in page and reject when an error message is received', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + + const callbackUrl = + `http://localhost:3000/callback` + + `?error=some_error` + + `&error_description=${encodeURIComponent('something went wrong')}` + + `&state=${encodeURIComponent(generatedState ?? '')}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signInPromise).rejects.toMatchObject({ + error: 'some_error', + errorDescription: 'something went wrong', + }); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + mockStorage.expectNoSession(); + expect(await instance.getSession()).toBeUndefined(); + + fetchSpy.assert(); + }); + }); + + it('Popup Mode - can timeout', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + authWindowTimeout: 0.1, + }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(async () => { + expect(mockPopup.location.href).toMatch(urlRegex); + expect(await instance.getSession()).toBeUndefined(); + }); + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Window timed out'); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + expect(await instance.getSession()).toBeUndefined(); + fetchSpy.assert(); + }); + }); + + it('Popup Mode - should throw error if popup fails to open', async () => { + vi.spyOn(window, 'open').mockReturnValue(null); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.signIn({ mode: 'popup' }).catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Could not open popup'); + + expect(await instance.getSession()).toBeUndefined(); + }); + + it('Popup Mode - throws when user closes the window', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + }; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup as unknown as Window); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(window.open).toHaveBeenCalled(); + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + mockPopup.closed = true; + + const error = await signInPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Window closed by user'); + + await vi.waitFor(async () => { + expect(await instance.getSession()).toBeUndefined(); + }); + + fetchSpy.assert(); + }); + + it('Popup Mode - should only resolve the promise if the origin is appUrl', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const state = authorizeUrl.searchParams.get('state'); + const nonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: nonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'mock-access-token', + idToken, + }) + .configureUserinfo({ + accessToken: 'mock-access-token', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const goodCallbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + state ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: goodCallbackUrl, + }, + source: mockPopup, + origin: 'https://hackersite.com', + }) + ); + + await vi.waitFor(() => { + expect(mockPopup.close).not.toHaveBeenCalled(); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: goodCallbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signInPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + accessTokens: [ + expect.objectContaining({ + accessToken: 'mock-access-token', + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + }); + + fetchSpy.assert(); + }); + + it('Popup Mode - should only resolve the promise if the source is popup window', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const state = authorizeUrl.searchParams.get('state'); + const nonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: nonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'mock-access-token', + idToken, + }) + .configureUserinfo({ + accessToken: 'mock-access-token', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + state ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: null as unknown as Window, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + expect(mockPopup.close).not.toHaveBeenCalled(); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signInPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + accessTokens: [ + expect.objectContaining({ + accessToken: 'mock-access-token', + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + }); + + fetchSpy.assert(); + }); + + it('Popup Mode - should only resolve the promise if data.source is monocloud-auth-js-core', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const state = authorizeUrl.searchParams.get('state'); + const nonce = authorizeUrl.searchParams.get('nonce'); + + const idToken = await generateIdToken({ + nonce: nonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ + accessToken: 'mock-access-token', + idToken, + }) + .configureUserinfo({ + accessToken: 'mock-access-token', + claims: { sub: 'sub', email: 'test@example.com' }, + }); + + const callbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + state ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'someoneelse', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + expect(mockPopup.close).not.toHaveBeenCalled(); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: callbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signInPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + accessTokens: [ + expect.objectContaining({ + accessToken: 'mock-access-token', + }), + ], + user: expect.objectContaining({ + sub: 'sub', + email: 'test@example.com', + }), + }) + ); + }); + + fetchSpy.assert(); + }); + + it('should throw error when callbackUrl origin/path does not match redirectUri', async () => { + const instance = testInstance({ storage: mockStorage }); + + const callbackState: CallbackState = { + mode: 'popup', + state: 'state', + scopes: 'openid', + }; + + const badCallbackUrl = + 'http://localhost:3000/wrong-callback?code=code&state=state'; + + const error = await (instance as any) + .processSignInCallback(badCallbackUrl, callbackState) + .catch((e: any) => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Incorrect callback url'); + }); + + it('should throw error when callbackState.signOut is true', async () => { + const instance = testInstance({ storage: mockStorage }); + + const callbackState: CallbackState = { + mode: 'popup', + state: 'state', + scopes: 'openid', + signOut: true, + }; + + const callbackUrl = 'http://localhost:3000/callback?code=code&state=state'; + + const error = await (instance as any) + .processSignInCallback(callbackUrl, callbackState) + .catch((e: any) => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Incorrect callback state'); + }); + + it('should throw error when callbackState.scopes is missing', async () => { + const instance = testInstance({ storage: mockStorage }); + + const callbackState = { + mode: 'popup', + state: 'state', + } as unknown as CallbackState; + + const callbackUrl = 'http://localhost:3000/callback?code=code&state=state'; + + const error = await (instance as any) + .processSignInCallback(callbackUrl, callbackState) + .catch((e: any) => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Scopes missing from callback state'); + }); + + it('should throw error when callback contains no code/token/error', async () => { + const instance = testInstance({ storage: mockStorage }); + + const callbackState: CallbackState = { + mode: 'popup', + state: 'state', + scopes: 'openid', + }; + + const callbackUrl = 'http://localhost:3000/callback?state=state'; + + const error = await (instance as any) + .processSignInCallback(callbackUrl, callbackState) + .catch((e: any) => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('No parameters found in callback'); + }); + + it('should combine multiple resources and scopes from options.resources', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + mockWindow.assert(); + + const instance = testInstance({ + storage: mockStorage, + resources: [ + { resource: 'api://inventory', scopes: 'inv:read' }, + { resource: 'api://orders', scopes: 'orders:write' }, + ], + }); + + await instance.signIn(); + + expect(window.location.assign).toHaveBeenCalledOnce(); + + const [calledUrl] = (window.location.assign as any).mock.calls[0]; + const url = new URL(calledUrl); + + const resources = url.searchParams.getAll('resource'); + + expect(resources).toHaveLength(2); + expect(resources).toContain('api://inventory'); + expect(resources).toContain('api://orders'); + + const scopes = url.searchParams.get('scope')?.split(' ') ?? []; + expect(scopes).toContain('inv:read'); + expect(scopes).toContain('orders:write'); + + fetchSpy.assert(); + }); + + it('should filter out invalid resources and scopes from options.resources', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + mockWindow.assert(); + + const instance = testInstance({ + storage: mockStorage, + resources: [ + { resource: 'valid-resource', scopes: 'valid-scope' }, + { resource: '', scopes: '' }, + { resource: undefined, scopes: undefined }, + {} as any, + { resource: null as any, scopes: null as any }, + ], + }); + + await instance.signIn(); + + expect(window.location.assign).toHaveBeenCalledOnce(); + + const [calledUrl] = (window.location.assign as any).mock.calls[0]; + const url = new URL(calledUrl); + + const resources = url.searchParams.get('resource')?.split(' ') ?? []; + expect(resources).toContain('valid-resource'); + expect(resources).not.toContain(''); + expect(resources).not.toContain('undefined'); + expect(resources).not.toContain('null'); + expect(resources.length).toBe(1); + + const scopes = url.searchParams.get('scope')?.split(' ') ?? []; + expect(scopes).toContain('valid-scope'); + expect(scopes).not.toContain(''); + expect(scopes).not.toContain('undefined'); + expect(scopes).not.toContain('null'); + + fetchSpy.assert(); + }); + + it('should handle corrupted/invalid JSON in session mockStorage for callback state', async () => { + const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {}); + + vi.spyOn(window.sessionStorage, 'getItem').mockReturnValue( + '{ malformed_json_string' + ); + + const removeItemSpy = vi.spyOn(window.sessionStorage, 'removeItem'); + + const instance = testInstance({ storage: mockStorage }); + + const processPromise = instance.processCallback(); + + await expect(processPromise).rejects.toThrow(SyntaxError); + + expect(removeItemSpy).toHaveBeenCalled(); + expect(consoleSpy).toHaveBeenCalledWith( + 'Unexpected error reading callback state:' + ); + }); + + it('Popup Mode - should ignore messages with invalid data types or missing URLs', async () => { + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ storage: mockStorage }); + + const signInPromise = instance.signIn({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + const generatedNonce = authorizeUrl.searchParams.get('nonce'); + const idToken = await generateIdToken({ + nonce: generatedNonce ?? undefined, + claims: { email: 'test@example.com' }, + }); + + fetchSpy + .configureTokenEndpoint({ accessToken: 'at', idToken }) + .configureUserinfo({ claims: { sub: 'sub' } }); + + window.dispatchEvent( + new MessageEvent('message', { + data: 'invalid-string-data', + origin: 'http://localhost:3000', + source: mockPopup, + }) + ); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + otherProp: 123, + }, + origin: 'http://localhost:3000', + source: mockPopup, + }) + ); + + const validCallbackUrl = `http://localhost:3000/callback?code=auth-code&state=${encodeURIComponent( + generatedState ?? '' + )}`; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: validCallbackUrl, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signInPromise).resolves.not.toThrow(); + + await vi.waitFor(() => { + expect(mockPopup.close).toHaveBeenCalled(); + fetchSpy.assert(); + }); + }); + + it('should fall back to window.parent when window.opener is null', async () => { + const mockParent = { + postMessage: vi.fn(), + }; + + vi.spyOn(window, 'opener', 'get').mockReturnValue(null); + vi.spyOn(window, 'parent', 'get').mockReturnValue( + mockParent as unknown as Window + ); + vi.spyOn(window, 'top', 'get').mockReturnValue( + mockParent as unknown as Window + ); + + mockWindow.setPathname('/callback').assert(); + + const instance = testInstance({ storage: mockStorage }); + + await instance.processCallback(); + + expect(mockParent.postMessage).toHaveBeenCalledWith( + expect.objectContaining({ + source: 'monocloud-auth-js-core', + url: expect.stringContaining('/callback'), + }), + 'http://localhost:3000' + ); + }); +}); diff --git a/packages/js-core/tests/sign-out.test.ts b/packages/js-core/tests/sign-out.test.ts new file mode 100644 index 00000000..36274e40 --- /dev/null +++ b/packages/js-core/tests/sign-out.test.ts @@ -0,0 +1,784 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'; +import type { MonoCloudSession } from '@monocloud/auth-core'; +import { fetchBuilder, MockWindow } from '@monocloud/auth-test-utils'; +import { now } from '@monocloud/auth-core/internal'; +import { testInstance, setSession, VanillaJsMockStorage } from './utils'; +import { + CallbackState, + MonoCloudJsError, + MonoCloudValidationError, +} from '../src'; + +describe('signOut() Tests', () => { + let mockWindow: MockWindow; + let mockStorage: VanillaJsMockStorage; + + beforeEach(() => { + mockWindow = new MockWindow(); + mockStorage = new VanillaJsMockStorage(); + }); + + afterEach(() => { + mockWindow.restore(); + window.localStorage.clear(); + }); + + it('Redirect Mode - should set custom redirect uri from options', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectQuery( + 'post_logout_redirect_uri', + 'http://localhost:3000/signout/custom' + ) + .assert(); + + const instance = testInstance({ storage: mockStorage }); + + instance.signOut({ + postLogoutRedirectUri: 'http://localhost:3000/signout/custom', + }); + + await vi.waitFor(() => { + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + }); + + it('should throw error if the code is not running in the main window', async () => { + vi.spyOn(window, 'opener', 'get').mockReturnValue(null); + vi.spyOn(window, 'parent', 'get').mockReturnValue({} as unknown as Window); + vi.spyOn(window, 'top', 'get').mockReturnValue({} as unknown as Window); + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.signOut().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe( + 'Initiating an authentication flow in a popup or iframe is not supported' + ); + }); + + it('should redirect to signout without state, logout uri and idToken', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectQuery('client_id', 'clientId') + .doNotExpectQueryKey('state') + .doNotExpectQueryKey('post_logout_redirect_uri') + .doNotExpectQueryKey('id_token_hint') + .assert(); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + instance.signOut(); + + await vi.waitFor(() => { + expect(window.location.assign).toHaveBeenCalledOnce(); + fetchSpy.assert(); + }); + }); + + it('should redirect to signout without state, logout uri and idToken (Session Present)', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectQuery('client_id', 'clientId') + .doNotExpectQueryKey('state') + .doNotExpectQueryKey('post_logout_redirect_uri') + .doNotExpectQueryKey('id_token_hint') + .assert(); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'token', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + expect(await instance.getSession()).toBeDefined(); + + instance.signOut(); + + await vi.waitFor(async () => { + expect(window.location.assign).toHaveBeenCalledOnce(); + expect(await instance.getSession()).toBeUndefined(); + fetchSpy.assert(); + }); + }); + + it('Redirect Mode - should redirect to the sign out page', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow + .expectOrigin('https://example.com/connect/endsession') + .expectQueryKey('state') + .expectQuery('client_id', 'clientId') + .expectQuery('post_logout_redirect_uri', 'http://localhost:3000/signout') + .assert(); + + const instance = testInstance({ storage: mockStorage }); + + instance.signOut(); + + await vi.waitFor(() => { + expect(window.location.assign).toHaveBeenCalledWith( + expect.stringContaining('https://example.com/connect/endsession') + ); + mockStorage + .expectCallbackState() + .expectCallbackStateState() + .expectCallbackStateMode('redirect') + .expectCallbackStateSignOut(true); + fetchSpy.assert(); + }); + }); + + it('Redirect Mode - should process signout callback', async () => { + mockWindow.setSearch('?state=state').setPathname('/signout').assert(); + + const state: CallbackState = { + mode: 'redirect', + signOut: true, + state: 'state', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: '/signout', + }); + + instance.processCallback(); + + await vi.waitFor(() => { + mockStorage.expectCallbackStateRemoved(); + }); + }); + + it('Redirect Mode - should process signout callback even if the signOutCallbackPath is not set', async () => { + mockWindow.setSearch('?state=state').setPathname('/').assert(); + + const state: CallbackState = { + mode: 'redirect', + signOut: true, + state: 'state', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + instance.processCallback(); + + await vi.waitFor(() => { + mockStorage.expectCallbackStateRemoved(); + }); + }); + + it('Redirect Mode - should set an error if states mismatch', async () => { + mockWindow.setSearch('?state=state').setPathname('/signout').assert(); + + const state: CallbackState = { + mode: 'redirect', + signOut: true, + state: 'states', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Sign out states mismatch'); + + await vi.waitFor(() => { + mockStorage.expectCallbackStateRemoved(); + }); + }); + + it('Popup Mode - should process signout callback', async () => { + mockWindow + .mockPostMessage() + .mockParentSide('popup') + .setSearch('?state=state') + .setPathname('/signout') + .assert(); + + const state: CallbackState = { + mode: 'popup', + signOut: true, + state: 'state', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: '/signout', + }); + + instance.processCallback(); + + await vi.waitFor(() => { + expect(mockWindow.parentPostMessage).toHaveBeenCalledWith( + expect.objectContaining({ + source: 'monocloud-auth-js-core', + url: 'http://localhost:3000/signout?state=state', + }), + 'http://localhost:3000' + ); + }); + }); + + it('Popup Mode - should throw error if states mismatch', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: '/signout', + }); + + const signOutPromise = instance.signOut({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + }); + + expect(window.open).toHaveBeenCalledWith( + 'about:blank', + 'mc.popup', + expect.any(String) + ); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: 'http://localhost:3000/signout?state=wrong-state', + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + const error = await signOutPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Sign out states mismatch'); + fetchSpy.assert(); + expect(mockPopup.close).toHaveBeenCalled(); + }); + + it('Popup Mode - should redirect popup to sign out page and resolve when a success message is received', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + instance.signOut({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + }); + + expect(window.open).toHaveBeenCalledWith( + 'about:blank', + 'mc.popup', + expect.any(String) + ); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + fetchSpy.assert(); + expect(mockPopup.close).toHaveBeenCalled(); + mockStorage.expectCallbackStateRemoved(); + }); + }); + + it('Popup Mode - can timeout', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + authWindowTimeout: 0.1, + }); + + const error = await instance.signOut({ mode: 'popup' }).catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Window timed out'); + + expect(mockPopup.close).toHaveBeenCalled(); + + expect(window.open).toHaveBeenCalledWith( + 'about:blank', + 'mc.popup', + expect.any(String) + ); + + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + + fetchSpy.assert(); + }); + + it('Popup Mode - should throw error if popup fails to open', async () => { + const fetchSpy = fetchBuilder().createSpy(); + + vi.spyOn(window, 'open').mockReturnValue(null); + + const instance = testInstance({ storage: mockStorage }); + + const error = await instance.signOut({ mode: 'popup' }).catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Could not open popup'); + + fetchSpy.assert(); + mockStorage.expectCallbackStateRemoved(); + }); + + it('Popup Mode - throws when user closes the window', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + }; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup as unknown as Window); + + const instance = testInstance({ storage: mockStorage }); + + const signOutPromise = instance.signOut({ mode: 'popup' }); + + setTimeout(() => { + mockPopup.closed = true; + }, 200); + + const error = await signOutPromise.catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudJsError); + expect(error.message).toBe('Window closed by user'); + + fetchSpy.assert(); + }); + + it('Popup Mode - should only resolve the promise if the origin is appUrl', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + instance.signOut({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000`, + }, + source: mockPopup, + origin: 'http://yyy.com', + }) + ); + + expect(mockPopup.close).not.toHaveBeenCalled(); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + fetchSpy.assert(); + expect(mockPopup.close).toHaveBeenCalled(); + }); + }); + + it('Popup Mode - should only resolve the promise if the source is the expected popup window', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + }; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup as unknown as Window); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + expect(await instance.getSession()).toBeUndefined(); + + instance.signOut({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + }); + + const randomWindow = {} as Window; + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000`, + }, + source: randomWindow, + origin: 'http://localhost:3000', + }) + ); + + expect(mockPopup.close).not.toHaveBeenCalled(); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000`, + }, + source: mockPopup as unknown as Window, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + fetchSpy.assert(); + expect(mockPopup.close).toHaveBeenCalled(); + }); + }); + + it('Popup Mode - should only resolve the promise if data.source is the expected SDK identifier', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + }; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup as unknown as Window); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: undefined, + }); + + expect(await instance.getSession()).toBeUndefined(); + + instance.signOut({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + }); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'yyy', + url: `http://localhost:3000`, + }, + source: mockPopup as unknown as Window, + origin: 'http://localhost:3000', + }) + ); + + expect(mockPopup.close).not.toHaveBeenCalled(); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000`, + }, + source: mockPopup as unknown as Window, + origin: 'http://localhost:3000', + }) + ); + + await vi.waitFor(() => { + fetchSpy.assert(); + expect(mockPopup.close).toHaveBeenCalled(); + }); + }); + + it('should only clear local session and return if federatedSignOut is false', async () => { + fetchBuilder().createSpy(); + vi.spyOn(window.location, 'assign'); + vi.spyOn(window, 'open'); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'token', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + federatedSignOut: false, + }); + + expect(await instance.getSession()).toBeDefined(); + + await instance.signOut(); + + expect(await instance.getSession()).toBeUndefined(); + mockStorage.expectNoSession(); + + expect(window.fetch).not.toHaveBeenCalled(); + }); + + it('Popup Mode - should clear session immediately even if state validation fails', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'token', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ storage: mockStorage }); + + const signOutPromise = instance.signOut({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toContain( + 'https://example.com/connect/endsession' + ); + }); + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: 'http://localhost:3000/signout?state=wrong-state', + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(signOutPromise).rejects.toThrow('Sign out states mismatch'); + expect(await instance.getSession()).toBeUndefined(); + mockStorage.expectNoSession(); + + fetchSpy.assert(); + expect(mockPopup.close).toHaveBeenCalled(); + }); + + it('Redirect Mode - should clear session immediately even if state validation fails', async () => { + mockWindow.setSearch('?state=wrong-state').setPathname('/signout').assert(); + + const state: CallbackState = { + mode: 'redirect', + signOut: true, + state: 'correct-state', + }; + + mockStorage.setCallbackState(state); + + const session: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + scopes: 'token', + requestedScopes: 'token', + accessTokenExpiration: now() + 1000, + }, + ], + authorizedScopes: 'token', + }; + + await setSession(mockStorage, session); + + const instance = testInstance({ + storage: mockStorage, + signOutCallbackPath: '/signout', + }); + + expect(await instance.getSession()).toBeDefined(); + + const error = await instance.processCallback().catch(e => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Sign out states mismatch'); + + await vi.waitFor(async () => { + expect(await instance.getSession()).toBeUndefined(); + mockStorage.expectNoSession(); + mockStorage.expectCallbackStateRemoved(); + }); + }); + + it('should throw error when callbackUrl origin/path does not match redirectUri', async () => { + const instance = testInstance({ storage: mockStorage }); + + const callbackState: CallbackState = { + mode: 'popup', + state: 'state', + scopes: 'openid', + }; + + const badCallbackUrl = + 'http://localhost:3000/wrong-callback?code=code&state=state'; + + const error = await (instance as any) + .processSignOutCallback(badCallbackUrl, callbackState) + .catch((e: any) => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Incorrect callback url'); + }); + + it('should throw error when callbackState.signOut is false', async () => { + const instance = testInstance({ storage: mockStorage }); + + const callbackState: CallbackState = { + mode: 'popup', + state: 'state', + scopes: 'openid', + signOut: false, + }; + + const callbackUrl = 'http://localhost:3000/signout?code=code&state=state'; + + const error = await (instance as any) + .processSignOutCallback(callbackUrl, callbackState) + .catch((e: any) => e); + + expect(error).toBeInstanceOf(MonoCloudValidationError); + expect(error.message).toBe('Incorrect callback state'); + }); +}); diff --git a/packages/js-core/tests/utils.ts b/packages/js-core/tests/utils.ts new file mode 100644 index 00000000..5aad9fa1 --- /dev/null +++ b/packages/js-core/tests/utils.ts @@ -0,0 +1,148 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { expect } from 'vitest'; +import { MockStorage } from '@monocloud/auth-test-utils'; +import type { + CallbackState, + IStorage, + InteractionMode, + PostCallback, + MonoCloudJSCoreClientOptions, + OnSessionCreating, +} from '../src'; +import { AUTH_CONSTANTS } from '../src/constants'; +import { MonoCloudJSCoreClient } from '../src'; + +export const testInstance = ( + options?: Partial & { + storage?: IStorage; + postCallback?: PostCallback; + onSessionCreating?: OnSessionCreating; + } +): MonoCloudJSCoreClient => { + const deafultOptions = { + appUrl: 'http://localhost:3000', + tenantDomain: 'https://example.com', + callbackPath: '/callback', + signOutCallbackPath: '/signout', + clientId: 'clientId', + }; + + // eslint-disable-next-line no-param-reassign + options = options + ? { + ...deafultOptions, + ...options, + } + : deafultOptions; + + const instance = new MonoCloudJSCoreClient( + options as MonoCloudJSCoreClientOptions, + options.storage, + options.postCallback, + options.onSessionCreating + ); + + return instance; +}; + +export const callbackStateKey = (): string => + // @ts-expect-error We are accessing the custom key from window + `${AUTH_CONSTANTS.CALLBACK_KEY}.clientId${window.callbackStateKey ? `.${window.callbackStateKey}` : ''}`; + +export const sessionKey = (): string => + // @ts-expect-error We are accessing the custom key from window + `${AUTH_CONSTANTS.SESSION_KEY}.clientId${window.sessionKey ? `.${window.sessionKey}` : ''}`; + +export class VanillaJsMockStorage extends MockStorage implements IStorage { + setCallbackState(state: unknown): void { + window.sessionStorage.setItem(callbackStateKey(), JSON.stringify(state)); + } + + expectSession(session?: unknown): VanillaJsMockStorage { + expect(this.store[sessionKey()]).toBeTypeOf('string'); + if (session) { + expect(JSON.parse(this.store[sessionKey()] ?? '')).toEqual(session); + } + return this; + } + + expectCallbackState(): VanillaJsMockStorage { + expect(window.sessionStorage.getItem(callbackStateKey())).toBeTypeOf( + 'string' + ); + return this; + } + + expectNoSession(): VanillaJsMockStorage { + expect(this.store[sessionKey()]).toBeUndefined(); + return this; + } + + expectCallbackStateRemoved(): VanillaJsMockStorage { + expect(window.sessionStorage.getItem(callbackStateKey())).toBe(null); + return this; + } + + expectCallbackStateCodeVerifier(): VanillaJsMockStorage { + const state: CallbackState = JSON.parse( + window.sessionStorage.getItem(callbackStateKey()) ?? '' + ); + + expect(state.codeVerifier).toBeTypeOf('string'); + return this; + } + + expectCallbackStateState(): VanillaJsMockStorage { + const state: CallbackState = JSON.parse( + window.sessionStorage.getItem(callbackStateKey()) ?? '' + ); + + expect(state.state).toBeTypeOf('string'); + return this; + } + + expectCallbackStateMode(mode: InteractionMode): VanillaJsMockStorage { + const state: CallbackState = JSON.parse( + window.sessionStorage.getItem(callbackStateKey()) ?? '' + ); + + expect(state.mode).toBe(mode); + return this; + } + + expectCallbackStateMaxAge(maxAge: number | undefined): VanillaJsMockStorage { + const state: CallbackState = JSON.parse( + window.sessionStorage.getItem(callbackStateKey()) ?? '' + ); + + expect(state.maxAge).toBe(maxAge); + return this; + } + + expectCallbackStateNonce(): VanillaJsMockStorage { + const state: CallbackState = JSON.parse( + window.sessionStorage.getItem(callbackStateKey()) ?? '' + ); + + expect(state.nonce).toBeTypeOf('string'); + return this; + } + + expectCallbackStateSignOut( + signOut: boolean | undefined + ): VanillaJsMockStorage { + const state: CallbackState = JSON.parse( + window.sessionStorage.getItem(callbackStateKey()) ?? '' + ); + + expect(state.signOut).toBe(signOut); + return this; + } +} + +export const setSession = async ( + storage: IStorage, + session: unknown +): Promise => { + await storage.setItem(sessionKey(), JSON.stringify(session)); +}; diff --git a/packages/js-core/tsconfig.build.json b/packages/js-core/tsconfig.build.json new file mode 100644 index 00000000..241ced88 --- /dev/null +++ b/packages/js-core/tsconfig.build.json @@ -0,0 +1,11 @@ +{ + "extends": "./tsconfig.json", + "compilerOptions": { + "outDir": "./dist", + "noEmit": false, + "types": [], + "rootDir": "src", + "declarationMap": false + }, + "include": ["src"] +} diff --git a/packages/js-core/tsconfig.json b/packages/js-core/tsconfig.json new file mode 100644 index 00000000..267ba984 --- /dev/null +++ b/packages/js-core/tsconfig.json @@ -0,0 +1,35 @@ +{ + "$schema": "https://json.schemastore.org/tsconfig", + "display": "Default", + "compilerOptions": { + "declarationMap": false, + "downlevelIteration": true, + "esModuleInterop": true, + "forceConsistentCasingInFileNames": true, + "incremental": true, + "inlineSources": false, + "isolatedModules": true, + "moduleResolution": "bundler", + "noUnusedLocals": true, + "noUnusedParameters": true, + "noImplicitAny": true, + "noImplicitReturns": true, + "noFallthroughCasesInSwitch": true, + "strictNullChecks": true, + "strictFunctionTypes": true, + "strictPropertyInitialization": true, + "emitDecoratorMetadata": true, + "experimentalDecorators": true, + "preserveConstEnums": true, + "preserveWatchOutput": true, + "skipLibCheck": true, + "strict": true, + "target": "ES2020", + "noEmit": true, + "module": "preserve", + "sourceMap": true, + "lib": ["ES2020", "DOM", "DOM.Iterable"] + }, + "exclude": ["dist", ".turbo", "node_modules"], + "include": ["src", "tests"] +} diff --git a/packages/js-core/tsdown.config.mts b/packages/js-core/tsdown.config.mts new file mode 100644 index 00000000..d2225959 --- /dev/null +++ b/packages/js-core/tsdown.config.mts @@ -0,0 +1,15 @@ +import { defineConfig } from 'tsdown'; + +const common = { + tsconfig: './tsconfig.build.json', + entry: ['src/index.ts', 'src/utils/index.ts', 'src/utils/internal.ts'], + sourcemap: true, + minify: true, + noExternal: ['browser-tabs-lock'], + inlineOnly: ['browser-tabs-lock'], +}; + +export default defineConfig([ + { ...common, format: 'cjs', dts: false }, + { ...common, format: 'es', dts: true }, +]); diff --git a/packages/js-core/utils/package.json b/packages/js-core/utils/package.json new file mode 100644 index 00000000..88eb5bb6 --- /dev/null +++ b/packages/js-core/utils/package.json @@ -0,0 +1,5 @@ +{ + "main": "../dist/utils/index.cjs", + "module": "../dist/utils/index.mjs", + "types": "../dist/utils/index.d.mts" +} diff --git a/packages/js-core/vitest.config.mts b/packages/js-core/vitest.config.mts new file mode 100644 index 00000000..7db6d219 --- /dev/null +++ b/packages/js-core/vitest.config.mts @@ -0,0 +1,34 @@ +import { defineConfig } from 'vitest/config'; + +export default defineConfig({ + test: { + name: 'auth-js-core', + include: ['tests/**.test.ts'], + reporters: [ + 'default', + ['junit', { outputFile: 'coverage/junit.xml' }], + ], + coverage: { + provider: 'v8', + include: ['src'], + exclude: [ + 'src/types.ts', + 'src/storage.ts', + 'src/index.ts', + 'src/monocloud-js-error.ts', + 'src/utils' + ], + enabled: true, + reportOnFailure: true, + thresholds: { + branches: 100, + functions: 100, + lines: 100, + statements: 100, + }, + }, + environment: 'happy-dom', + setupFiles: ['@monocloud/auth-test-utils/setup'], + watch: false, + }, +}); diff --git a/packages/test-utils/src/auth-server-fetch.ts b/packages/test-utils/src/auth-server-fetch.ts index c97f8eda..663a446e 100644 --- a/packages/test-utils/src/auth-server-fetch.ts +++ b/packages/test-utils/src/auth-server-fetch.ts @@ -462,7 +462,10 @@ export class AuthorizationServerFetchBuilder { const sameMethod = x.method === (init?.method ?? 'GET').toUpperCase(); - const sameBody = x.body === init?.body?.toString(); + const sameBody = + typeof x.body === 'undefined' + ? true + : x.body === init?.body?.toString(); let headersPresent = true; diff --git a/packages/test-utils/src/mock-storage.ts b/packages/test-utils/src/mock-storage.ts index 5260e53f..a10e1d85 100644 --- a/packages/test-utils/src/mock-storage.ts +++ b/packages/test-utils/src/mock-storage.ts @@ -1,5 +1,5 @@ export class MockStorage { - private store: Record = {}; + protected store: Record = {}; constructor(init?: Record) { if (init) { @@ -7,17 +7,19 @@ export class MockStorage { } } - getItem(key: string): string | null { - return this.store[key] ?? null; + getItem(key: string): Promise { + return Promise.resolve(this.store[key] ?? null); } - removeItem(key: string): void { + removeItem(key: string): Promise { // eslint-disable-next-line @typescript-eslint/no-dynamic-delete delete this.store[key]; + return Promise.resolve(); } - setItem(key: string, value: string): void { + setItem(key: string, value: string): Promise { this.store[key] = value; + return Promise.resolve(); } clear(): void { diff --git a/packages/test-utils/src/mock-window.ts b/packages/test-utils/src/mock-window.ts index e30de4e4..07f14503 100644 --- a/packages/test-utils/src/mock-window.ts +++ b/packages/test-utils/src/mock-window.ts @@ -11,6 +11,8 @@ export class MockWindow { private href = 'http://localhost:3000/'; + private hrefSetCalled = false; + private hrefSet = vi.fn(); private expectedHrefValue?: string; @@ -29,6 +31,8 @@ export class MockWindow { public mockedPostMessage: typeof window.postMessage = vi.fn(); + public parentPostMessage: typeof window.postMessage = vi.fn(); + constructor() { this.location = window.location; this.history = window.history; @@ -38,6 +42,23 @@ export class MockWindow { this.ogPostMessage = postMessage; window.postMessage = this.mockedPostMessage; + return this; + } + + mockParentSide(mode: string): MockWindow { + if (mode === 'popup') { + vi.spyOn(window, 'opener', 'get').mockReturnValue({ + postMessage: this.parentPostMessage, + }); + } + + if (mode === 'silent') { + vi.spyOn(window, 'parent', 'get').mockReturnValue({ + postMessage: this.parentPostMessage, + } as unknown as Window); + + vi.spyOn(window, 'top', 'get').mockReturnValue({} as unknown as Window); + } return this; } @@ -119,16 +140,46 @@ export class MockWindow { search: this.search, pathname: this.pathname, get href() { - return mockWindowInstance.href; + const href = + (mockWindowInstance.href.endsWith('/') + ? mockWindowInstance.href.substring( + 0, + mockWindowInstance.href.length - 1 + ) + : mockWindowInstance.href) ?? ''; + + const path = + (mockWindowInstance.pathname.startsWith('/') + ? mockWindowInstance.pathname + : `/${mockWindowInstance.pathname}`) ?? '/'; + + let query = ''; + if (mockWindowInstance.search !== '') { + query = mockWindowInstance.search.startsWith('?') + ? mockWindowInstance.search + : `?${mockWindowInstance.search}`; + } + + let fragment = ''; + if (mockWindowInstance.hash !== '') { + fragment = mockWindowInstance.hash.startsWith('#') + ? mockWindowInstance.hash + : `#${mockWindowInstance.hash}`; + } + + return mockWindowInstance.hrefSetCalled + ? mockWindowInstance.href + : `${href}${path}${query}${fragment}`; }, set href(href) { + mockWindowInstance.hrefSetCalled = true; mockWindowInstance.hrefSet(href); mockWindowInstance.href = href; }, }, }); - Object.defineProperty(window, 'histroy', { + Object.defineProperty(window, 'history', { writable: true, value: { replaceState: vi.fn(), diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 4336fc51..2322fc11 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -102,6 +102,22 @@ importers: specifier: 10.0.0 version: 10.0.0 + packages/js-core: + dependencies: + '@monocloud/auth-core': + specifier: workspace:* + version: link:../core + browser-tabs-lock: + specifier: 1.3.0 + version: 1.3.0 + devDependencies: + '@monocloud/auth-test-utils': + specifier: workspace:* + version: link:../test-utils + eslint: + specifier: 9.39.2 + version: 9.39.2 + packages/nextjs: dependencies: '@monocloud/auth-core': @@ -1625,6 +1641,9 @@ packages: resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} engines: {node: '>=8'} + browser-tabs-lock@1.3.0: + resolution: {integrity: sha512-g6nHaobTiT0eMZ7jh16YpD2kcjAp+PInbiVq3M1x6KKaEIVhT4v9oURNIpZLOZ3LQbQ3XYfNhMAb/9hzNLIWrw==} + browserslist@4.28.1: resolution: {integrity: sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==} engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7} @@ -2039,10 +2058,6 @@ packages: engines: {node: '>=4'} hasBin: true - esquery@1.6.0: - resolution: {integrity: sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==} - engines: {node: '>=0.10'} - esquery@1.7.0: resolution: {integrity: sha512-Ap6G0WQwcU/LHsvLwON1fAQX9Zp0A2Y6Y/cJBl9r/JbW90Zyg4/zbG6zzKa2OTALELarYHmKu0GhpM5EO+7T0g==} engines: {node: '>=0.10'} @@ -2592,6 +2607,9 @@ packages: lodash.startcase@4.4.0: resolution: {integrity: sha512-+WKqsK294HMSc2jEbNgpHpd0JfIBhp7rEV4aqXWqFr6AlXov+SlcgB1Fv01y2kGe3Gc8nMW7VA0SrGuSkRfIEg==} + lodash@4.17.23: + resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==} + loose-envify@1.4.0: resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==} hasBin: true @@ -4113,14 +4131,14 @@ snapshots: eslint: 10.0.0 eslint-visitor-keys: 3.4.3 - '@eslint-community/eslint-utils@4.9.0(eslint@9.39.2)': + '@eslint-community/eslint-utils@4.9.1(eslint@10.0.0)': dependencies: - eslint: 9.39.2 + eslint: 10.0.0 eslint-visitor-keys: 3.4.3 - '@eslint-community/eslint-utils@4.9.1(eslint@10.0.0)': + '@eslint-community/eslint-utils@4.9.1(eslint@9.39.2)': dependencies: - eslint: 10.0.0 + eslint: 9.39.2 eslint-visitor-keys: 3.4.3 '@eslint-community/regexpp@4.12.2': {} @@ -5096,6 +5114,10 @@ snapshots: dependencies: fill-range: 7.1.1 + browser-tabs-lock@1.3.0: + dependencies: + lodash: 4.17.23 + browserslist@4.28.1: dependencies: baseline-browser-mapping: 2.9.7 @@ -5598,7 +5620,7 @@ snapshots: eslint@9.39.2: dependencies: - '@eslint-community/eslint-utils': 4.9.0(eslint@9.39.2) + '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.2) '@eslint-community/regexpp': 4.12.2 '@eslint/config-array': 0.21.1 '@eslint/config-helpers': 0.4.2 @@ -5618,7 +5640,7 @@ snapshots: eslint-scope: 8.4.0 eslint-visitor-keys: 4.2.1 espree: 10.4.0 - esquery: 1.6.0 + esquery: 1.7.0 esutils: 2.0.3 fast-deep-equal: 3.1.3 file-entry-cache: 8.0.0 @@ -5649,10 +5671,6 @@ snapshots: esprima@4.0.1: {} - esquery@1.6.0: - dependencies: - estraverse: 5.3.0 - esquery@1.7.0: dependencies: estraverse: 5.3.0 @@ -6230,6 +6248,8 @@ snapshots: lodash.startcase@4.4.0: {} + lodash@4.17.23: {} + loose-envify@1.4.0: dependencies: js-tokens: 4.0.0 From 85bc32de2fa1e1d7259014009d89dcf836643291 Mon Sep 17 00:00:00 2001 From: lakshayysaini Date: Wed, 25 Feb 2026 16:47:15 +0530 Subject: [PATCH 2/3] wip --- docs-gen/hook.mjs | 1 + docs-gen/post-generate.mjs | 1 + docs-gen/typedoc.html.mjs | 1 + docs-gen/typedoc.markdown.mjs | 1 + docs/html/assets/hierarchy.js | 2 +- docs/html/assets/navigation.js | 2 +- docs/html/assets/search.js | 2 +- docs/html/modules.html | 2 +- packages/core/src/types.ts | 10 +- packages/core/src/utils/internal.ts | 2 +- packages/js-core/package.json | 2 +- packages/js-core/src/index.ts | 2 +- .../js-core/src/monocloud-js-core-client.ts | 333 ++++++++++++------ packages/js-core/src/storage.ts | 55 ++- packages/js-core/src/types.ts | 181 +++++----- packages/js-core/tests/get-tokens.test.ts | 9 +- .../js-core/tests/refresh-session.test.ts | 207 +++++++++++ packages/js-core/tests/session.test.ts | 6 +- packages/js-core/tests/sign-in.test.ts | 225 +++++++++++- packages/js-core/tsconfig.json | 1 - packages/js-core/tsdown.config.mts | 2 - packages/js-core/typedoc.json | 7 + pnpm-lock.yaml | 17 +- turbo.json | 52 +-- 24 files changed, 800 insertions(+), 323 deletions(-) create mode 100644 packages/js-core/typedoc.json diff --git a/docs-gen/hook.mjs b/docs-gen/hook.mjs index 3e25a7b5..368d091a 100644 --- a/docs-gen/hook.mjs +++ b/docs-gen/hook.mjs @@ -5,6 +5,7 @@ const ROOT_SDK_NAME_REPLACEMENTS = [ ['@monocloud/auth-nextjs', 'Next.js'], ['@monocloud/auth-node-core', 'Node.js Core'], ['@monocloud/auth-core', 'Node.js'], + ['@monocloud/auth-js-core', 'js-core'], ]; const Type = { diff --git a/docs-gen/post-generate.mjs b/docs-gen/post-generate.mjs index 84199964..c1027df0 100644 --- a/docs-gen/post-generate.mjs +++ b/docs-gen/post-generate.mjs @@ -7,6 +7,7 @@ const SDK_SLUGS = { '_monocloud_auth-nextjs': 'nextjs', '_monocloud_auth-node-core': 'nodejs-core', '_monocloud_auth-core': 'nodejs', + '_monocloud_auth-js-core': 'js-core', }; const CATEGORY_MAP = { diff --git a/docs-gen/typedoc.html.mjs b/docs-gen/typedoc.html.mjs index 3fc83950..00b40393 100644 --- a/docs-gen/typedoc.html.mjs +++ b/docs-gen/typedoc.html.mjs @@ -16,6 +16,7 @@ const config = { '../packages/core', '../packages/node-core', '../packages/nextjs', + '../packages/js-core', ], exclude: [ '**/dist/**', diff --git a/docs-gen/typedoc.markdown.mjs b/docs-gen/typedoc.markdown.mjs index 793bb849..b48aab6e 100644 --- a/docs-gen/typedoc.markdown.mjs +++ b/docs-gen/typedoc.markdown.mjs @@ -45,6 +45,7 @@ const config = { '../packages/core', '../packages/node-core', '../packages/nextjs', + '../packages/js-core', ], exclude: [ '**/dist/**', diff --git a/docs/html/assets/hierarchy.js b/docs/html/assets/hierarchy.js index d8219a04..df0fd97d 100644 --- a/docs/html/assets/hierarchy.js +++ b/docs/html/assets/hierarchy.js @@ -1 +1 @@ -window.hierarchyData = "eJytmEFv4zYQhf8Lz4xLcSiK8s0NFmkORYzstpciCASJWauRSVWkgQCL/PeCkpuVVHqXknlK4MPDpxnO8D1+Q53W1qDtXzRNUgyUU0xTkWMAxjDlIDDljGFgKcOUpgmmWSIwMCEwZSTHQCDHlEGCgQiCIaf8CaNOvjSytLVWBm2/IZqkxP1VxVGiLbqvvuhXqW6boj4ahNFrrSq0pSnH6NQ1aItqZWX3UpTS/PJ81EqXjT5Vz8XJHm5K3clNrSr5tpnIbA722CCMyqYwBm2RNdWN07350ELvGLkvGIH8rpW+ddq7kz38Whj5qet090GUUPEfUS/7Yxy/2EWu4QeMykPdVJ1UrgUABFPKE0yBpZhClj710NwL/Zu1bRTgD6GfwDoWAOJjedhHITnLhHCw1MfRn4goKN+VgmhyH80fRnbrz/dEJvB8Q+Yty59FU1eFm8cotZnJBRSIkXGBHuVLJ83hriuUfWiHNbG6TB6xgGJNBg8g4/2kMRhPmqt7rV70ozStVkauZ5wrLQV0C9QthbynTJNxk3dlKY3pj+tCQKUrOaYcKS0GzFMysIlxoz+p6rM0ptZqX3TFUVrZLe30HNInubjfhLOBNocR7Z20/cebdWdyTjqXCxxhTmiku3IOtObC5CDGNB8r4Fbr11o+yn9O0thrufyqi8+g4ICBs6xvLWfsh+CrRvrn5CvnW2Sip84SEdWfzIEjmJRcpJgKQjDNco5pzobVmeU8mkm5SL3EqQgSy6lcxAm3K4KDDybO/MzlAkdbZN6zFmk0/qcXSJUz7zlaZ+wuQi1yd3nqPUnDco9VpkEttEhpLL95kWeB6cxFbNN5kWqx83T5NKrznKNFsJ/Ohjz1rHx8Z32uv6qHUyTMqVhYY12ij2eH50RXe2JOKHaT0JcumaDuO21laW+bWiq7L77KlUWUb/Zvsyl7mc0l0cBiUgKz5t6rfafbtVD62GollTWbkVYoy2SjPcqq7mRpv+iIVM/nqnnFQzE5jRN0BrirUw5kpLdp7nFsnHLebFc4Q9UnkpWVO6ebqdRiQEoAu+4OlBmPmG7GmOuiDcDkorjr9KmNATPSWVwwkRIMgjAMInH/JRyDyAR2C2Uo4iTQXhXHxtArsph7gx2jGLdB71WsMvr0lj+kiP7J0r0Px80xY9LrQwxkDDCkJMPAE4ohI/17gPslXojxIi9IMA4tVoLxsgTHFxeqI8YXL8yi7OIaFjEleIGWRAR3McSLCJdxQjdFlnj7tSYfeGHCw4GbtNjhwIu0PBmIyRk6u7tdW+/aGOvUpxdYMpF4vOyura82snOy5SZWJNyH1sZGa1egpZ6qxWNaCDN5WzlLuG+KW6iZYiBcTnnEWDfGujbTucWFneV6en9//xcD54M/" \ No newline at end of file +window.hierarchyData = "eJytml1P4zgUhv9Lrk03to+/escixLLaFYiZ2ZsRQlFqIEMbZ5NUYjXiv6+cfmySuoud+AZQpb59emwfv+8hP5PamLZJlt8pBoWoVAIBkwJRQgBRJRSiRFD7QyEQkCJIpUJESoYoZRQBJhSBxBTRFCiiXABiKUhEU84QFZghYBwjhlP+iJJaP6913hambJLlz4QICfZ3mW10skxuV1/Nmy6v1lmxaRKUvBXlKlkSxlGyrdfJMinKVtfPWa6bX542pjT52mxXT9m2fb3ITa0XRbnS74uBzOK13awTlOTrrGmSZdI2qwure3HUSj5QYr9QD+RPU5orq325bV9/zRp9XdemPhJhIg9Enez/47jFznLtXkBJ/lqsV7Uuk+V3ojggIhVDpFuRNFWPHbRyQv/WtlUU4KPQJ7CWRXFwsdzdRyHZy/hwCOXi6HZEFJT/lHxoJHXRfGt0PX1/D2T89rfdMi6Qv7J1scrseYxSm5Hc5wWyTaPH9aCfa9283tRZ2d5VuzYxuUwOMY9iDQ4epBg/dpi8f9Js3Yvy2TzopjJlo6czjpVCAW0DRXaXdZQY+ot8mee6abrtGghYmpXuU/aUQgEpk6xjI6TfH67L1RfdNIUp77M62+hW16ErPYZ0SQbTcqX2tLJHe6Pb7ss30/bkmHQs53mECRWR7sox0IQL07qCPs2xBVwZ81boB/33VjftXC63avCqgpIIiCS7pR1cEKcfMelIf04+7XxThndHmzLnRTLZn4yB55sUykmKKFBmf2BEmdy1TqA4mkk5Sx3gVCxiJKdyFsfbrtit6YKJc37Gcp5Hm2HnXot0NE70fKmkcx9NM3ZnoULcnb3bziLN7ckjNd8iKacLn+A3z/IEmE5O0sim8yxVuPPkAqI6zzFaBPtpbUjXQ7nq31lfipfybhsJcyjmubACR7TDY6K5ntgaJWRPQlc6OUC9r02r8/ZqXeiyvc9e9MQi6vf2R7PIO5nFOVHPYkoqR4t7W97XppoKZTaVKXXZNoueli/LoKM96FVR67z9aiJSPe2r5hT3xVQiTtDZwc1OOUBhZ9OG04fr97bOrKHqEsnEyu3TzVAq+ExIKpFdXUtpU23EdNPHnBZtIB1cFDe12VYxYHo6wSsKkiEAqhAA2L8YRsDsmFPifRFJrNHlAHpCFrMj2T5KYzvobRmrjC698EEKSbuqYRI5x/RJ54cYoEIiwEAQEBAIKFU7bCDxQowTOSDBWLRYCcbJ4h1fbKiOGF+cMEHZxS5YxJTgBAqJCPZiiBcRzuP4dgrKnOs1JR84YfzDgT1pscOBEyk4Gdiuf2oZL6visorRTl16niUDcHjZy6qYbWTHZMEm1t6PLrQqNlo1AU06qhaPKQxmOFvZS9jvFLdQI0VfOI4jxro+1txMZxsXsparu42ZjGP/fzS73DnH+Su+s4Ock3ie+gA20U5zgSNZ0wPIFFcqoG/qb7+0ps5eQnfREWD/9uD1EVIgkGmKWMq7YYp9pcf1h8mz9ZjN47I5gPXf73G3yHQwEtMbU/8z49MHAj4f7x7tTrbfR475zltxjEDap0kUcMTSNEUgheiWTLpTwyT7fYIc4rylcDrv35v5GHsNDwgFPJL9P4Hwd/6KRxzHn3AEeWzF443h3SS+LU+JWOP3Ew5/Z22PTmRnfUITbKrtM2FRx+0HpBhPeXDe/WvY3hD9SezuaYIZ3Xmo4FEknPJ4BuxAMdt7cYGR3dqPHx8f/wIQfMHV" \ No newline at end of file diff --git a/docs/html/assets/navigation.js b/docs/html/assets/navigation.js index a2c82ed8..8e2f2ac2 100644 --- a/docs/html/assets/navigation.js +++ b/docs/html/assets/navigation.js @@ -1 +1 @@ -window.navigationData = "eJy9m11z47YVhv+Lrrcf2WnSdq/qKJuskzjWWLu5yex4EPJYQk0BLAh27Xb63zv8kEiAIHAOSGh858F5HxwAAsiDl7/9d6PhRW/ebf5xkkJmhazzzZtNduRFrkBs3v12acBqffxDJhVs3mxKpo+bd5uTzOsCqj89XmIfL63+eNSnYvNm88xFvnn31q3JRQ4vSL22LUr1Jsugqj7KZxCDNhca1BPL/PKjUAv19Tf/ezMQ8lxBVZHVuzCvcq2PIDTPmIb7UnMp6JSpBJIo1QimX0s0Ryob8ee///Wrr99aGKn4f1jToR1T7BSVmCURSmyvmYYYThvoU9+yovidZc9xqZjRXk7BQeimS3egjzInTJAdGpqircxhe2RFAeIAdNo0OgT8jldlwV4n6zzIMgNDmPci30NVnRcNaFDkCXNp+KbtByXrkpBR2z6UyG3e7kzbgnH6kjOCfV2/raoa1B1oljPNyBgj2sf58cszVfzHL88BRfKwNDF+zeoDsBxU/NpxSPiId1LIbSPU/HK/ZRW8V0qqAZoVrKr8RLeECf3q7d9c0G7TiDx63CqoZD9oXS5I9BKOSvKe51nXxTjaEI/D7RZk1gejQP0WFT1tfTxqwtrdZEFeQzwqtU8VqOi8mmBUUr+yguft88WCzCwRX3r3oh/yrQKmuTgQjoxJbOj42DH1AFUpRUV+JBqF+sZxp+Sp1IQcuoBgx+vqCPkKT5CzQr6kHuAJdHZs1tCteJKRW6NbJcBVUB1/UCx6P3ZIIIj9slrGNEX81G5h3ckcKA+BRlxoCZ0bf2xUIyBtXAiyh6xWXL/eFAepuD6eKKRpcAjX7qDk+emifBPSrFEunmTsZmHHT1mfR7Ra82KUhLcG0LZF1QByyNTreCt6qkXWLkWfch9lEr75y6i3fQvHuyUFMPOG6SJNjnQKx3meGxQQMePUR4V1Y8fJDg+T4sbJDPZQDiBAMQ2/SJFRkzFiEYzdT9v3kYgmFEGImRIj1sPgVXfGWW/AKIYR62GUTFUwV4FBkRwKvpyafU+wgrJNPZ6DUPvVExe5VbHE5DFALgLe6de7+veCZ3t++Alev1fy1L2umy/ONLBXdNKZz+3f0KVWVsgckKXlS9M168uDaLois81IUGmeIBDl5rIsmgIulwJfKp1wLJEU9e0JM2WR2wNLWOl2UZOVu10wdM17ycRZGiuX2Odo69fZJ6T0xfYJkl5x30r5zBf98AwF34DSivs25koVfhtLLvOD7t6nlgypLbL4XmECSHO5YGPwNwxDnbhdTQ/wrxoqHQd1a9HwhPfcMD9cJrsVeXeWxBHP0Stf4kw4q9/k2IS1rnMcuknudKacq1zs2Nir3u7MwulXPMsPH7cUEq4Ae+XjwZ5FUKNNuNOaRRIvtrA3TbM8ynXTKlNJmcS+bbPmV4E2QijwkhPKFkECF5xJExUcUtYaFk5mp4HCUe4qZ3mUC8uIa40Ql7J2zZDlS3iqR+nGXhvllgUdaJVwaL3wpd+phEfvmNKcFev1wBRc/dZ8Fk68OifcE/mRuBTRN/WzsHTX9bNI0p39tyx73h6ZEFD8LA+yDt5421iHROj17F40Dx9Et8CU6xAJk63BxbIcI+lSX5wTOZ896PnCJ546EVnbgGFDV3VhTMSvYMWYMK/sx7D51zNlOMjXcWbMgBPZM6a0VB6NORLOqMFOsOcafmVFTUeZ0eubQiY8sjOkn92f+RNoforbbCwN3xLZ84O4XbQqDYUQ6r5e9NMzJXywBQ9OOJfN0v2LsHFFmXpcvNWdPQMkib3Hlk/j8ZmhpDH6zMBWdfvYjDSWnxlKGt/PDCyB+ccmpXIAzXHWtgHNcVb3AtmgxIYgG5fKFWRxElqDZklX8QfN0tcwCcGL/ifmOGnboUY2s+4DApKZo/I/5w4aHCM0a41Bcqj4jvhSSQ2Z7i4oduyA+2kbxImEZ7Xs7LakJxkDOyfly7auoBkfeo59oGPVDeKZPJVSgND4BTeEoFZI98RL6f2g38V6pqZrsFOypM2GjWgVEI/j8Wnc25WvSR73tV6ayFkilMkn3BnlZHzyHU9dg6Vp9Aq+LKg72gXwSNjc+l8r5FGj9Wj+5iEPbzGQb8/hC8ZwAjZF/TWQnCvI9Ee54Gd75ttinvztpitk75R0vcd9Np50cD7aDprQRDsGpHDQGvqp7LMGhOKdLUtsLd5CIGvxN2XZXuCqm5J/YCIvQH0vqKypAgV7L7pp/Q4Eh7yXiO6CU43WnfbNY90+zUmiO7aVov1XzGozFAKrrWvbPI8tSnokgPFOE3zaBo5k0m7i73ieF/CFKcqDcgczwz07ePRNiZ0a4YIkxlo8xsX4iutKy9PlZG3n/Y7p7EhcMx6dUBeIfuMxlWg2ftGKNVMSO52WgG8qD0AqcI0pQ6j/jd8ucuPlXTVuQz3OHT2mrG+NNtQxvui2UXwCo2ivX5fuvh5j8NZrmvXYYGB8x7waf5lDeUPoIFb8qrVFk4MrLN6O20WvApfKKobqMSTgpj6NXcPk8TKiPeMV7XEewxYYnJuImIcVl0BoZzBioteGSyWVndrJpXupKb5mJ5Jmah4etJYnO9FCJfwLvGi0edzJHRRW9nE7aclM3G4aYSRJRmonjeSiJlia3bBEfmYnLLWZ2Qe9hpMZwU9oY/bRU3qY3dyrGZjn8andy05yQuvyPG9t37KTlNC07OQRHMvN4TM6+IyiGOkpyScUelqyYydVsEU9majRuvMAVV2ELbPzPegEwtZjunV8zIzyjdMrxsms2ybkKr5tGxlh2j5AzCCO4jCIFSvgYTlih1apgSM1g13DmdsNMsrZ3lsfyG/GfZzPnNS1uCl5rPhNycO3pDclb656Yh8OXCqBrwz69pHeDxuL9H1cAsp1uCWNC/lNWe5B/bu5ROkvV6mrcU4HsfYX1tejKutmEK20bsUiUUtnFTGd/S+LaJMyfpU4f1TTqjsLxrtd85lCzEDOqyGHdhCY7MDL++SUpHZs4dxbOoif9DniAXStxNJRGFRCiat4V0lHtgUITpLoUZ4R8g2z2U2aXcyVqN8z9mC3XSlV3CcjtK+lTFqyT6VcmBTfSY05yT+SMmDX+ULKRKI/j4r79GYMw3x30/79H/emTh8=" \ No newline at end of file +window.navigationData = "eJy9ndty3DYSht9lrp1s4kqyWV+tMnZiOVY0pbFz43KpEBKaYcQBuCAYS9nad9/imTgQ6AYJlu5U6P/DaUCy8RP89N+dpE9y92r37wtnPMl5le5e7JJzlqeCst2rT0MBUsnzVwkXdPdiVxB53r3aXXha5bT8x/0Qez+U+vosL/nuxe4xY+nu1Uu7ZsZS+gTUa8qCVK+ShJblB/5I2aidMUnFA0nc8pNQDfX9D/97MRLSVNCyRKu3YU7lSp4pk1lCJL0tZMYZnmJKAIlcTGDyuQBzuNAR3/zrn99+/1LDcJH9TeoKHYggl6CGaRK+hh0lkTSE0wS61Pckz/8gyWNYU9RoJyfPKJN1lW6oPPMUMUB6qG+I9jyl+zPJc8pOFE8zo33A11lZ5OTZmOdelhrow7xh6ZGWZT9pqKQCPWA2Ddew/SJ4VSBa1JT3NeQ6bVamfU4y/JRTgl1Vvy7LioobKklKJEFjlGgX592XR6z4uy+PHkV0t9Qxbs3yLSUpFeFzxyLhIt5wxve1UP3L/YmU9I0QXIzQJCdl6SbaJVToty9/tEHbRSPw0mNXATX2rZTFgoYO4aBG3mZp0lYxjDbGw3CHBS3rgkGgbokKHrYuHjRgzWqyoF1jPKhpH0sqgttVB4Ma9TvJs7S5v1jQMk3E1bxb1nX5XlAiM3ZCXDKMWN/l40DEHS0Lzkr0LdEk1NWPB8EvhUS0oQ3wVrwqzzRd4Q5yVsjVqDv6QGVyrufQNXvggUujXcXDFbQ8/yJI8HpskQAQu2m1jKmKuKntxLrhKcXcBCpxvinUF/5QqwZAmjgf5EiTSmTy+So/cZHJ8wVDMoN9uGYFRY9PG+UakHqOZuyBhy4WerzJ+jyhVTLLJ41w5gCasqAcQEoT8Txdih4qljRT0aXcRamEH76b1LYrYXm2xABmnjBtJOOSjuFYr+cKhbKQfuqi/Lqh/aSH+0lh/aQGOygnyqggkv7GWYJtjBILYBx+3b8JRNShAELIkCixDkZWttc47QkYxFBiHYyCiJLOZWBAJIuCq031usdIjlmm7vsg0Hr1kLFUy1hC2jFCBgHn8MtD9UeeJcfs9Ct9/lnwS/u4rj4448BOUaMyn5u/sUqNLOMpBaaWh6Jr5pdH0XhJZp0RIdNsIADp5qLI6wRuxhk8VWpwNJEY+W2DGTPJ7YBFzHTbqNHS3TYYOOe9ZOA0jZVT7HO09fPsBil+st1A4jPue84fs0U/PEXB1aG45L6O2SjDr2PRaX4q2+epJV2qiyzeVzAAcTYXdAx8h2HMEzez6Y7+p6KlDIPatXB4xHOun+9Pk12ztL2WhBH76JU3cQzO6js5OmGt7RyLbpQ9HZOzycaOjt10d2cWjt/iWX7xsUsB4YJCt3wc2F4E1NuIPa1ZJHJjC7rTNMvDbDetMpSYQezK1nN+FWgtBAIvuULpIkDggmuSoQJD8krShYPZaoBwmL3KWR5mwzJgW8PHxcxdNWT5FDb1MNU4SiXdsqACjRIMLRc+9FuV4OgDETIj+Xo1UAVX3zWfhSO3zhH7RG4krIngnfpZWLzt+lkkas/+J5I87s+EMZq/5ydeeXe8daxFwvd4dsvqmw+kW8DkWkT8ZK1zoSxLT9rUF7cJ3Z4jlfOJTzjVEFnbgKFDV3VhGOIbWDEM5sZ+DJ2/nSnDQt7GmTEDjmTPMGmxPBpzJJhRg1zoMZP0d5JXeJQavb4pxOChnSHd6L7PHqjMLmGLjabhmiLH7MSuF81KRcGHuq0W/fRUCRdswY0TzGWzdP1CLFxBph4bb3VnzwiJYu/R5eN4fGYocYw+M7BV3T46I47lZ4YSx/czA4tg/tFJsRxAc5y1bUBznNW9QDoosiFIx8VyBWmciNagWdIm/qBZ+homIfok/4RcTppyoJ5NtP0Aj2RiyfzPuYNGxwjOWqOQLCquS3whuKSJbDcoDuQE+2krREPCMVsOelnUnYyCnZNytbYqad0/+DZ2gZZZN4on/FJwRpmET7gxBDRD2jteTO1H/TbWMTRtgYPgBW40dESjALgdD2/GrZ75MtpxW8mlDeklfC35CLtGWRkfXZentsDSZnQKrlZgV7QBcI9Y3LpfK02Deute/c3T1L/E0HTfhy/oQwOsirpzIGkmaCI/8AU/256viznarxddofVWSdtz3GflTgfmo22hEU20U0AMB62iH8s+q0Aw3tmigObiNQQwF39VFM0GrrgqsreEpTkVPzMsy1TAYG9ZO6yvKcto2kkEV8GqhqtO8+Sxbp3mJMEV23PW/CtktikKntnWlq3vxxY1eiIA8U4jfNoKDmXSruNvsjTN6RciMDfKLUwNd6zgwTsletMQGyQh1uIpLsRXXJWSX4YrazPuN0QmZ+Sccej4qoD0G0+pSLPxkxSkHpLQ4dQEXEN5oqgE15Qyhrqf+PUkN1zeluNW1MPc0VPK+tZoRR3ii24KhTdgEu306+Ld11MM3HqNsx4rDIjvOCunb+ZgnhBaiBa/am5R5cASi9fTcsGzwKayiqF6CvG4qS9T1zC6v5RoR38Fe5ynsAUG5zoi5GbFJuBbGZSY4LlhU4llp7Zy8V5qjK/ZisSZmscbreWNNbRADf6NPkmwedzKHRVW9nFbadFM3HYaoidRRmorDeWiRlia7bBIfmYrLLaZ2QXdwskM4Ee0MbvoMT3Mdu5mBuZ5fGz3spUc0bo8z1vbt2wlRTQtW3kIx3J98Zlc+JSkGOouySXku1vSY40s2KKaGGq46tzRssr9ltn5GrQCfusx3jo+ZQb5xvEZ42jWbRWyiW9bRwaYtk80pBMncRDEihlwvxyyQqvkwIGa3qrBzO0KGeRs76wP6CfjLs5lTmpLXBVZqPhVkfl3Sa+KrN7qCb05sKl43jLoygd6P3Qs0PcxBBTrcAscl6ZXRXGk4q96E6XbXMXOxjkdwNxfmF8PyqyrQbjUuhYLRC0dVcBwdr8spE1K+VXC/FF1qfZaMF3t6tcUQjpyXg3YtaOAsQIvr5NVEluxhWOv6QB+0n3EHZWVYEt7YVTxNVyEu0pasi6AcJIE9/KMkKub1Wri7GK2hro9Y3d62ZWaCntlBPe2lEqL9qqUDRPjPakpJ/pLUgpsmzekVCT49aiwV2+mMMh7N4Zh+s8SeKZiVzCKY6vXhpq1kI93gzzyoS70GMKBF/P4QQsk4rGDU1q04wankBif1un1Eef9dSXxbVAinQjkkYIDIP5RggMq9kd7etBG5/n1uE3O8ethq5tUBuE45/b18pFMI4M86Jy6Woc094D1jQ+0Z7Qwbx/hT8MbSOBT8K7rXSTlcRIi3wWt4QbpNdc6Vm+iF+U4vVEfdYzee56Q3Ojruc2THjKNcm490QsXz2h5JQzsVEEYZAbQlof/GdCo33UyaDibyLsj5ow/AzYNR/MWdapFCNS178rQju0iYf4QxLeyDFCsD2WZoEhfyTJAsT6RZYDi7ZTbUStvkhuQePvjBirmB7h6WPSvb/Ug6KFPvJT9kwm0DdMYb/UnZfUHMzjF+lwWuMc36G9wcNXA2vjAqp673UFVE2LAAVWYe/hJiD/d2RRd0I6oZ2xprEhna42UWIlinRDpo2c9Jjhri747V+Nc1wP87sjAiHiE1ZSx+tFVvXikD8P18rAc9uf/A7bsX5s=" \ No newline at end of file diff --git a/docs/html/assets/search.js b/docs/html/assets/search.js index 23fa556a..f81cea8b 100644 --- a/docs/html/assets/search.js +++ b/docs/html/assets/search.js @@ -1 +1 @@ -window.searchData = "eJzUvVuX2ziStvtfnLfe7sSBANFX2+Pu6cN0ddVX7uqbWrNyqSQ6zbZSUungQ8/a/30vApREBl9QJA6a+u6qkmboDSoEgHgQEf/zar/9cnj1+5//59WnerN69Xv++tVm8VK9+v2r//dlu9ku19vT6neL0/Hj/7Pc7qtXr1+d9utXv3/1sl2d1tXhd0+Xf/R0+UdvPh5f1q9ev1quF4dDdXj1+1ev/r/XQ/v1ZlV9nWbQ/lNg9vWr3WJfbY4+tZ2PLdTlg98ul9Xh8I/tp2pz+fh6c6z2HxbLcQWdO+ercTY6mtgjlxdRi2SiHpypY2tqrsCuvQli//h1V+8Xx3qbUnbVNZrDgX3166k6HKvV++V2Vx1ipV/MHc7m8og+bE/7ZRWv9mInh8xDkkea+kn2BoDVal8dZkt0d6X+4S+3p81x/y1CzMPVxPyH1T4Kj7gP2/3L4nisVjHyukZSC1xvl4t1fYx6fB0bqeXttofjYv203K5m/2q7CvtmUovcV88Bw3dX38VCammH476qjk+L6B/sw8BSAqm9MeV0/FhtjvVycay+3zVT12y5Qwvpx5pV9c9qX3+oq30idQ+Nzc9Xm/MfK3hwvtGoOi4//nSo9n/ZfNim0m+Nng7VvnZGszpQr4/Vvlr9ZWWnp3frRf2SKkwezsbrlV1DLc/GczpUnx3ZLj+9/1R9SeXLxYft8tPB2b2XG//Yrqv9YjN/mTXFl2PH+B0c+m7x9e1zakdeFl8Xz3dy4O/b9F/EZpv/+f/ry6dkv+vWVk6528376nCot5t3+2pxrDfPqbRvNwdneHk1nNORz4t1vVocq3aATeXG2WwbQemd4I9Gs4Kj1cR2f42k47fdZA+2+xTLB7rE2e7rf9sX8x8W+0XQ3EUspN9H2f9zsT7NfwH1SHtYLPefzwaDvnX6yHzCu1/dn+vNMZkDXcMfneGcjjQLwncfF+t1tQmae6ATjdFlx+jdHPiuOn7czn79neTGy9l0TmdW9WG3Xsx+P/Y5cDWXU/R6+1xvUv4GrME7xP5L6IILqo5baU2UvAlcYkHFUWuriYJ3++3LLllkXKzllNy8le2r5fGnfZ1K99nkyZrMK95ubqcTfjZ3B9FJH7i1eI/nHbbN7xcesd0/S/auWe5/F7DXOSLd2nwJ3ficL/8f33bJ5R+dzZzyw6CLT3gEfJkh+bg4JnvUZ2M5BZ/qvzWkIN1jPtXri8HEwul72/vAh23v+41tQ181Jdl8do8m9YKuIzJuGTcqL3Tx1lEXtWQbFRcxkXX0xU5foxKDh82OwLjBclxe9K82bmCk4rqjyrvFev3LYvkpaCOof/Nv5ywN0BV7nIY8p5EhMYHWUEI8TWS132/nDthI5dlOTpl/qA7Lfb0LOJjkVbzqmcwlvjn6VB3+kkS1s1VnlFsHbbQjsRF769Ok7qsP++rwMZXe1lxm0S0+CVm+IdGtueBJYaLoVGqTy6Sc5d26rjbHZqoj+7w3SQu9MwVroeJG9qFv6xvenEHiH9x2MD3wclNd/77EnOqPm1WLM+33Xx2r/dz1CTKRepUSNnR6lcUMoPCJjRxp+9v2eXs6/hi8q+l3orG+ttYjNzjnuBQyXvldCB61bkimv70/7ben3fSfnP3niX9pMeeYevdmoMDRch6ckdlfY/+h+AQGnWhEIsMPNE4T+pLiSb5kfJLHp4+Lw8cEIi+GMgk9zcXISOQpCBhPFHj8+HSsX+YOhVDm1VQmsf/eJZBpjeQR+Eu9P35czZ9YgMyuqTxil4l+Q8u8P6HqZVGv41WezWQU+dTuSif4yQ/sZZL9NcEPyhnJI/DD4qVef3uy/xcttG8sj+DnarOaDTiA1oudTDLrz9Um0WPt2cokt1nHJlg4XezkkVkv5p6YABqdkUwCU6w+64wrT8dG4zVe7OSR+VKvVusq0e+nbyyP4DRK80qsl58SybxayiQ1gMAinaEUdpLI3cftpnranF5+STEfEWv5JSdcTPnMZnKibvavEoTH1VAmofvqQ7XfV6unJhMuzU8P2swlf/uhTjFXXA3lEXpI9J51yPuedTj9kkCjNZJH4GnXvA6vnlIssnq28sj9Uv1yqFPsBFwN5RH67+2mqucn1wKlHUvJpPa2ng+HU7X/rjouVovjYq7e3s3JN5+7J/Oeqs1qt52fygAkPngNz3/C/afn28JaLD8tPy42m2r95KDMUwuQnw6n3W67n18YArk18WPu6GRm5/I7tfxYLT9dnmL9YR8wowNnPGZzOWF//0m/DWAyl/jtqnq6pHo9uVyvxM7c/ohMzq2qz/Wyeso20N2yn8mtarO6BHdCbzxmMznxYb/dHO8wak/9nHu6mdu9/G497xeb45OF+Und8dnN5Ea9erKHUZ4O9fOm3jw/LdbPTy6NOqlbUz8nl5ub43572FXL1AOg13AuR+y/SiH8bCiT0KYYxtNp9oEjJLVjKpPY3enwsVqRaazNI0wZLVM/J5Ob50/a/vKvannM/ZOf92mZXd6dD2plcRFbz+zSaV9ndsv/CRldq/fV09jvZDYM8zg45XOyuenSTZ+adNnUPzqv6dzOpF8LjZjO5szn7TL5WxK2mskFl+WW9HsAJnOJP7nJIn0s+S1ncsUtdxNG0cDgXYRbaVl2RaZ+TiY3z5UkU35FyGY6+d1d9b9++TRT71+/fEq+f76eW3/uLOLB3Tr72TRu+/bx9p9DxbhbU4qZ+/u4SAkK+DEhc88KXpUEHRAck/JrsJRfE0uZu8V+URK0iT4m5OvcYecq5WvQ6DIiJnREefiUWkj17Wk7++jgVc7l9qSi6uAftbs1qZjZhdSvYsLqp4+ImZsZd5ESlAI3ImR7nHti4yLF3ZpSTPDAm3rcDR52U4+6v87dDLwqCdr7G5FyOgRPAe7WlGK+hkr5mlpIsQyWYm9NKyZ4anS3Jhbz8J4XKkLRwd2eVtUpXNApsZjgCSnBdETejAJWDskTWz9V34JlPLQ3hzwV3zGsv345/LlarKp9cKo9sPBbeKHEosJfMIePyfvCWc8foTxqW1s55f4rYMfAo9aZyik2ZLHtERu8+J4s9vht/lrPI9aZSi2Wlxet320323eNjaYgyn8sDtUfe6Wi2k8e044tJK5XcPkQV70lrE8PNpK8RqKvMk20yAdnurkjvAK550mOOvO+Wu6ruWPbbUcOZ7OZnWjrtbx3wPnt+nm7r48fXxL601ZwaZH2ovMJmV1rjkK8Wyw/Vn84BfVyHHOqsb1sbK9O4S0d57nz0m5y53LpbP8ObqEx9s/H4y58fL3cnWLEQvK+r1dL50+QvuvtSepVyavCRacFSwppD8Rg+NffeWQj2i9nCX7ar5Ppvxg97YNKIoz7ULBrvaJlU3duf1oeAwOXqu/by/nwV1Vz1PqvX5IE9IOz9q8vcVPWbdXVpZxUqnipNqv2hG+WYOmr/9ocvn2uemWu33WrpEZ50lrv/QJCi6fO8Oq5OvY2EmJ8eK6Ooa3B5ikeJFlFqn652sup3J3C6sXPj6SVRYwjznwvgCJaW8zwq0mrRX0wY5xpbca0wZznQVM69U/NmfRU8huDz63BO2hvR9aU6g8Xk3n1f95+qvqVJ+PEN/aCK0/OUN4JznjZd4p0Xz/CGOkJmhGOe4BX9T+Ev3K09yZYzyddT3ZUpVtMto/JdzAjyTMML6A+SycqoR4nObKC+oh6uMtHB+mZb/7t7elrk166EwRvPXaldRsUxK0Gz8/rRl57tXof0jbDI/5iNLyPxlQHwiouY90pRt8bciMK1mPNsSXrpwpvJtckgltDSYWiyc0+4vD57Xp7Ll7xU8QTbe5NPoYFlS8eSoopX9x/OD6hs8sXI5Fh5YsnCQwtEwtkRpWJnSQ2pP4qEBpcf3W6yNCSYT61UbXCJskOL28KNEeWN50kOKi8KdAaXt50mszQ8qZIalR502lyQ8qbIqnB5U0nyaxnZwAAjXVYMsAkgUHVQ4HG8Oqhk2SGVw8FWiOrh04SnEZpXolh1UORzIjqoZOkRhTmBHJjC3POlpxwlk1WmHOaE0GFOZHs8MKc04TGFuZEmpMU5pwoP6QwJ9QcXJhzktD5FS+ByMCKl5MEBle8BDrjKl5OkhtW8RJojah4OUloYMVLoDSm4qVXKtqt+KcDAPU2YsuC2Ehy1Kbfnur7Tbv58m5fLY715noE+2arqsGtibdVfljsf2xrQMz82jt3pt5SaZt1PtVz9/qopoeepdmh2H04t0vFxGrtm0oklobiD/vty+44Pf7cv08ddMPjCEGtk7120nOK/T9tQaWkApuuap/PZud/396HOMIs2iN62/2f55djuOVM1/zHwMoMs51adnt7pnWoMb3smL6zM0Fn3ee4FH7ifbZjK9fjNK0zV6P5HVhvn+tN+t+MNXu338rL4uvb1D+Sl8XXxZ1+HSHtRW6oD241Mlv8rj/vJlF/sZlf/j64v+0NHyJb2wY40j/2mMiJ4MOOAQ4ctqd96h9Cx+pdXLDL1O+6R5hTuWEtvwQeXw525R/fdplcOTrL+V05hBxkueFE+DmW+fIDGlffUh/avXq2+FP9N8tWEj/+U72+mM3iRPel7sf+WeywhFJsJPXr3Na7HxOt8qH5zVrby6vt2c/e8yy9D/5yhDz4qVMLqR954LTlUxY1YaEHlnJQ9IoOHw7HJYNoaAM8Kh76NlJHBM7ciBX4EJ28gR+gz4l6faz21arfpimdM6359oTl8mw+r1P12Znt8tP7T9WXdP5c/NguPx2c5fu58o/tutov5r9DTvTn2DGf16l/za+/M+JDaOLcLMkJZlyf/lQT7nRn9qkmXORON39rezGe1yFfak60Mwnyc245QgHHj52Xy+vXcpNz9G7LgAB/7LwoBsiyt2WQ9b5anvb18dulhMcMbcN7E2OioLwQd1OeRJWnY8DPoyPogZiZ/WNon0hqbNqVGEdMxwWeWxRFyOuYSCyuHXijFVI7iWXad4gIeef7E8typeaP87fButp6RuIFdseSn9o3gsDDDvT230YSCVQVk0cyeEqJMzWw4KhkjamSQ/I1sNzglI1ZUkPPk45ojjpLOlV8eO4GVh6ZvjFVdlAGB1YcnsQxWWxoHodHcFQqx2TRIdkcHsHBCR1TxQalTGCx4VkTU8WGJ05gxZG5E1NlJ9ObXWhYEoVHbEQexVTBEakUWHRsNkWI8LQTYLKcismuBKVVeMSHZ1ZMlhubXOFRniS/YroTISkWPuXBWRZT5c5PtMBSA3MtpsoMTrfAauMyLqaKDku6wIoj8i6myg1MvcB6Y7IvRgRfdw1Px3p9Xcm9bFentU+n/afz35Y7H6s6x0ir5f5b5xTdh9PGdoUe/ez2poA3dufmmJLmdMT73sGTOZIud2fRRiv+zFEWXu5nRFe1Cfj22puyKAn89ujdWbQFfXv9e9Pqeq421X5xrP7eO4U7SVbv1jyqfvivd38ME9XcmUdTQGj1bk2rqj64sxZ/at6d56nq3ZpW1W6xP1TvFuv1L4vlJ5IDNEkbMJBAIZnqfmdn481iPWPOezrfk2ry+1BvCJ6d8oCuMi73hz6f61PwhP3xh9Mv63r5vn7+r+rbf+63L67Paq/K7zzNozZT+nH9wul9m+2qct/Kre/+8i+BMPRJDghMt+oWaLOcvorHVOTttf7elJUn1dK5PVDXFOqaTF63OmCo1K7RCbL/2NDUyT0X5jhQdS1nc6XNbJhT5vCmExebM49DBsmffup0gu6ZR04DBE8/b3pTbpan2xs8pjPLgXF3a5ZBY7k9bY77SbmGY7IernYCH2D7eHycbLt/WRwn9nkfFdq1lEWqJRj1tH64o0o7hrII3W0Px8X6aTkxr2hUa99WFrn76jl0YugqvZjJIvJw3FfV8WnGAYVRsQNzqUT3Rqbdbt3kodfbzfupaUGDTyA2Uo1VPZ2dpjkzDpIOpA7NZBpZV9U/HTqZhJWm6rRp6Z+vhgNDAjzMVKkHkz0Jyz6IcSU0AWG6S1E5CBGuhaQhTPYqOBMhkUOzkhGCvJqfjxDv2neTKwzMdWlmnYF4V/4+tdrAXE/m1RyIcGRqmshkB2ZlikQID0oWmexFeL5IhEsBGRaTHQpNspjnDs0ceNst93Mra2Dko7Zze1xPX1oFFJdCQqNqS03e6ZpRYGqqyID6UhNMJy0vNd2V4OpSES7NLi412Z2w2lKpXJleWirMoZmVpSLcmlFYarIrc+tKRcifVVZqsgPzq0pFuDC9qNRk/QnWeqlLSk3WHr+6S15QarL2mfWkIsTPLCc12YOQalJRbkwuJjXDhXm1pOLlp/8SrNm7fQcRiCdZOaw4B2ZVw5rjxPxiWAkcmVoLa7YjsxIDIxyJgHCJCmHFiA/e8E5TBitC+qwqWJPlzy+CNc8F+tYZThzCDhTecfP+qi7dlr17XFkWlx25CZaUo0KjFpIdnfHLx1GZsZNlR2mSKXJUbNww3JGaYPAdF5rmF59goKUyu2PT+ZBkBGgkJrKMU7STQ6S8h+1mXofgG0YzvdFA6SneZibKP0XAUKg9moH6haOgDt/hjTk7fJ9jjEBhkpOM5NmNrBtSqY46TDNNbhU7eHT1phk5JghG7cVTaA9pMh7ohisb9Jd0+p3BGWWIwoTPaIQ9RXYshJsmem477CnKgzpih8lvAWzwmxKS39qMW0NNlJ9Udx7BFNe+W9fVxuasEfgzDdjS25MhWypzBFNNVDq0kIMvv9tuP9Uxh/Z6BnI9zj84lEVlTnuS/ZtzPMQ/bs5d6W38VsdqH/QskZ0sK7mIycKrMXrKgE9x5IT037bP29Pxx7gXFr87zUes7UekeH+Z41zwuOx3Jm50viG++1P4U3V09esihhRqI8tP4MN2v6zaoqzJRD5Yq/uL1bDHPXiG/tVT7AFg7EVrOPrdd7oj4dt5Pg8id/WmSg/f3MPCI/f4RmTTObWfQD1tKg3InJ42g0Yf++4ZyHW0LY2wB2cp7AvuP6j4KpxT5EbmuEyT/JLs6b7kfrrHp4+LsEkDyb1Yyyn5FHRKDsk9hZ+Hmyj1+PHpWE+r2zVJ8NVeTtn/3qUSbC1llDqr6O0EwfPL3gbJXqb81S3v8KObXKl3gt55tXrD5c4qVjhV9/w6hWEOfE31E3SWMkqdWVx4guSQ8sJB0qcXGJ6gemaJ4TDBs4oMTxE9v8xwmPDJhYaniJ5XajhIcD2tsuIEtfWMoophUpOtjuvcK+PpJZwnqJ1ZxDlI8MwyzhNUhxRyDpKeUPMdxM4o5zxF8NyCzmGiQw+YIcVRh8wmyZ1bgXqC6qAa1NHiUy/s4upQh7kzvRL1FAdm1qIOkxxUjXqK+vB61IGOTK5IPUn9vJrUQZIPKd8XD3d4X5xYRnuK2hmFtIOkziulPUFxQDHtIOEzymlPUD23oHaQ5DkltSdonl1Ue6ro3nb+d9vN9l1jwx0P+DE8wcxjKt1JA1l2S3++Xa/d54S9H4yIfXiujov1enmxHvj4PY/W75L7dzncWZ4tZ3NlNKamd0C7/ckh7dAmRtUh7VfQ65iQ4TsY1svvfgmblStdEOTL+eYsfC4GIveVxdPj62NKjo2J1EhejIT2vm9bpfi76rhYLY6LIL09C3nIbDev7anarHbbwFIEQOyD13rgE+8/UR+jWSw/LT8uNptq/eQOIT21B0OfDqfdbrsPLLiJHJz4Wfd29x5u3sm95cdq+enyUOsP+9AXQeCWx3ZWd+zSL/03BOxmdWO7qp4utV6eXLGXHG7d/pycbq6qz/Wyeso7SN76kJwOVpvVJf5T++WxndOdD/vt5nivsX/qh93d4bs4eicHn/eLzdG2g84wuviM53To3Lz86VA/b+rN89Ni/fzkKrSld3Dqh2V1eHPcbw+7apll8PRaz+qS/VfJXDhbyym5qdv5dAo7549Ed+zllL07HT5WKzI3tsWFksfS1A/L6fD547a//KtaHu8ySMz7yHs4vztnSuRzFn/EPZw77et7OOj/mNxO1vvqaeynFLZ143F1yoflddjt+T01Fbay/Di99u/iVqaV14j9vG593i7zvMVh0zmdcduX6b8bYDerGyc372SKNL/5nE65VXfqGBtYvZ8LVmS+fZ6pH5bT4XPKXvKvDRlO7EiXO/z1y6cQ5X/98ikPYVgH1e4/y3lw94c9r+ZR+HYw95+jZLn7k8sK+kVdRIX/RMYkBaUGXDWF5wOMifo1TtSvOUQFgYmLpnD0MCbpa9AwdhX1NXy0GpEVNUI9fMoiqfr2tA3LGbgKu9hIL6+OGxrc/ellhbUEvMqK6AQ4IiuoPMdFVHgdjhFJ22PQgcqLKHd/cllxg3uWsT1uaM8ysv8atHF61RS+Tzoi6hR2gOuiyt2fXNbXKFFfs0gqlnGi7P0ZZMVNzu7+HLIe3vNCxWo7OBsZ9J0ipZ1yyIqbCFNNg+RNMHQ9k6cOyKfqW5ygh9ZC8JPynbr+65fDn6vFqtrHVSEDZn5bL9VYXuRL9vDReV+668ARz6O7NZhd+L9C91Q8up297LKDXxo8suNeIibLPn4LXJV6ZDt7WWTz61n1y2nwpkTmfywOVb+IefvxN73AZnIUjroeX7eVPSOqzmFLWUa+pa+IaRq5D85+c1tkBzvP0x1163213FdBI+Rtlw5n2/dwpy2S+d6dJXi7ft7u6+PHl9SetWUz2yMLi87H3MPJ5gzMu8XyY/WH034RWrd7zL3mA5bNB6yuH3APx15awJDVufOH3MlBPPDFVvDFlrIMfKvty6KO/BYGIh8uVmMfe+9Jelz4eDzuvt+sg16Uxpxo7G6d3Xu4EZqLPuZCVBr6PPm7RdhO5Jj81uZd5Ff7Q304VmF8dtSJruV7uHJYvFTvA1Oqxxxp7EYlV890o1oG1pYYdeJsNZcLaOn+bruv3AwSvm6/2siSEtvkYr1zh/FdFe9kSrtpXuuz6einf3mgHn+WbfuCdG50LOZQX7BrIeBl021if1oeY170Bvp7RrN/AavqcNxvv7VVytO50do9XOxm9+S5GrzERnvxXB23F5v38CD59/BcHe/7Hbgq2kkdOJ5NZtdfH5q9hWpzbHK7Owfcor2oDwti+A6+uPr2/XLlCTxxJ9qeW7M5/Oij83q1TDwrPzQ2l2eb2b+JZofiLwl/027H417Kv0+5yGgM3mlp4SojJR9Qndk7jqmDzozxLsS2p7jx60Vr6z8fj7vILfGLiWQ7LEjo9z9EymwNpBKZfMHZ1Zd2tXl+dL7TiOmea2RjxlmKUWvGBOJTdGYc8QPueKbY68y5y7lYr7df/s+p2n+zvO37z9V+X6/Cyv1AwQ/2E35tPsGmx207nxD7FYxvkyx2u5/2QUXtPY7sdqd9eGH7qbLdIukvcaAN8KgIlDxPegKolhGn3XRhu/z0/lP1JaX+7fLTwZnMLN5uvSV//q4K4H2e/6r65fT8HJbsj+V3LOaW/mFxWltUHt4a2+eDNd3csTubzuvMh2pV7Zv35vfkfSTal4vlZC8mt1yp18dqX62i+3Z5/GnNt2x8eTaf16kB8E/n0ADyZ3cmLdjPjfTvDvPvgfFvOLXd/IcXg0S7tN1kACE3HWq3Kd7tq8Wx3iT8/TR59tb08mo6vzPHt7vdunYZ8cFNvv0OHRdX83ENWqc6laxtLnYqbcvcqU4laIOK3UnVBnW6I67sbMKJtGsyu3hbDeMf9UuVdCQ7Gz5eDGd2ZHs6Jv0Kzvbyyj6QHeJo3cn2hm8JTzuw3mcgPVabxeb4h/jjbD3tzmqq42w3XDgdqh8WCd8JT4dqt8j/RtiMxm+fY09OUeX7xXMSijZBfNo5KufkNLb52hzqT+FFY+f/uk3Yi+j8G7H2OWffjO04lHZDdkx+yk3ZqwPJN2Zvu5Buc5C6kXiDcNyVhJu0XT9Sb9SOOpF4s7bjR44N2zFXUm7aXt1IvnE77kKGzduuL7k2cMecyrGJe/Up20buqEu5NnM7fmXd0B1zLsum7tWxfBu7Y05l2dy9OpVvg3fMqWybvFfH8m70jjmXabP36lrODd9xxzJs+nbdyrXxe8upLJu/fcfybQCPOZdtE/jqXN6N4DHnMmwGX93KtSE87lDCTeGuK6k3hm84kXpzuOdKlg3iUYeSbRJ3/Ei7UTwmP+Fm8VV/6g3jUQfSD8j3G4BTbx5ffciygTzmSrpN5KsTiTeSb8hPt5nc8yDxhvItJ9LPdbknObi5HNEnmNrIkrca3SAYqkzUGXjwFP1OhPej9ToQ2Yd2hni7qZ9U+6+txezSf1x8SR3ijf794sv+Yja9E/iXGt59eWAky291td0kVPfQmot+usP2yr1sx0bnZrF+X+0/V/t+Ck+8D2frB2s9UfLJLZdcCaq/b5uRc/slrN2Cxx9nerM9Li6mMzuz2b7bbqLrdvS92GyXF5vZ5R//c3vapPwONtvjh9ZkZvHnrYSE4jsmM4s/VJvVXw+Rr1y0+ftm9a9Diheu2+LTrBjStq6fI//vW7urnFb/ZrtsjWZwAE668bsOzkSWExf+oi6RQnPUdGkfpY8j03ousR6kK+cyLpzk6MfKTpWif1t0LEmlqu8QJEneu7u6071yD4TD4YQWFQjR39rIc4RruawOB1KJJVbkg7OaqhjL+Rn6XGj7OVar97YjXUI3LpYPZ8t5XWlBejoPWnSeXfi++rCvDh8Tq2+t3seFZmRIJ721llzy2CCTIme/bypPZeb4ZS5Q+ZBqpUsepu/cVYqzE8iNdCcmpjnysvhav5xekpwFQf609u/t1mFdr2IPSiB3rnbv48ZxG1kxEzrRWs3lwoRBKvps+9Dc/x2DFT3umvprGD0smv5H3jkqmukXPnqcLdvg1TnPlncAGyXwyQexDorPM5CNHyhIO5h1zxVkGNCmwNT2jvepPLOG8qCaal1FHucYaHy4GE3z4N1j9KO9xOqfU6QZTJF+SC79kFM6DPTm5E6SF4yOod/sjE01ppuru49xyiP/YbE/1ot1sifft/eb/gKA1LTfA3m2N6o92r2NyIKPVxvJxngUOQm285yJ3FuOqSR2Nxzjg6N9fLfl//Hrrk6w8vQ4UnWtZ3UpxbZj14lku443ZB/sFxB53KEn/FBdLGaVnmy/tKs+7XbpLQfsEaYke+59H1q7qXbcb7nhjugn1H8xmFX4Ie1jz/a04fz0U+xWe2Mgz9y0Wu2rQ9xzvYh7uFqLfKz2gfkkvyR6lg/OUkapv9T748dVbFbBVXDXXkbZ1cuijisBcZV8tpVb7tPnal9/qCPnRqK7azSjAx8WL/X625P9vzTq+xYzSn+uNqtUY9vDxVhOwfXnapPyUfcM5hTeNBVJNVBfjGUUXK+CmhUDtc5SRqnr7XKxThUQF2MZBb/Uq9W6ShnGfYsZpSfUfAex9fJTSsFXcxlF7z5uN9XT5vTyS7KRmZi8k/jUc7rPdk536iZNPVX8XK3llNxkpO/31eqpOdOTMPqh4ayObD/UyYb1q7WMkg+nXxLJdZYySnXNnlZPizjUc1XcM5hR+Jfql0Nsb9mr6qu1jJL/vd1Udeyp4KvmjrnEohFH+OdiXa/stm4kTCCG0lFjo1lx7ST1/UhVneO33QTFwEI+sU2fMV+1nKlygY18gvtRMFVi5q889gne7emN1RCaLnZgIwee+2Gxj8no7dyeZevTkY/DU1i9DKruoWcubFjtPrBxDPF0CquuNFDdt5dSNg3dH/bbl93ckdTdlCU4T4eP1eptm/Bgfwjh9SS9xjLx5P0/F+tTGA0Zl/qwWO4/n20HRoP3wY6ks7Tdf7f7P9dhadC33Op+xsc6Ii16tnvL7ap693GxXleb57BxcNy1xv6yY/9/w63vbM58budezp9yJxdX9WG3XgRVBbnh1tXynVxZb5/rTabflrV939/Uy+Lr2yw/ppfF18U9f0Wb7SaMxd/w42z3Tm7s+nN7Oj8uhu/kyD6ueOUNb1LUrQxwKbg20E134soDBbgSfnjlpi+Rx1hCnLFL5u+2q0wOWfMvzvydnfrHt11Op47O/J2cCj96dMOdyENI8x0JLXB5y4+oKpez3TjVf7OINcdXcqrXF9v53Om+iP7YLy4ccfAdW8ryCpqkQPeI3oQluj3P1/tlNCdK/7RfbI5x3wQ1k+VriJkQfRrjp0L0EJMPrV75kYPquHgQK/G1CKChLPESXcbcL/UhTRVz/FB97qTqMTLmVtImI7Pcq89uRTRRGvHs4lFsM6Vgp/6xXVf7ReAb8ETPjp3PuIN7TZeTxN60Ju8gPtWs7vMk6aQ+3a190kkdOdZ+wnPzCdvLJ9zBtc8OiVd/CU9oGnHrbD02vemWSxQV/dh5Nb5+VdOIUe/eXBj2x85rbqhAe28uge8XL9X7+lgRTjRNYf/mbBKr5WlfH7+9XT9v9/Xx48tsmQMDOThhG7R/qz/YXiAhvzBiIk8OciphD8vgnzl9VD7unkxq+Jw+UeopmdRTBqm9MLU1OiNmt56BPNg6qmXjUJ+FupFNGvuPzbssCq6ZDlRvN3E10idJ3lfP9eEYdvwbaO6Yyyr6eNpvArsPQ9WNvVNE52GfbPrL+/4Us7DsW8j04h/fYBTITNdalDzF9Hn7SH3sunaa6Mjhg4pOMX7cFp2snx9yIW0nv2kOBbMP5EAc8PAK7g4r4SVNslcyeTqG/giHhT+e4n6B4zUD4k54dsUmONx5qyJJmqfasZNDZrvRkUYrNZZDsKUBsULPRnIItM4/HQN5eVdlz1Iiqd0RKQGhvA+aDJ5uPSQybr71g0f0y0om+2ovtWwaEw3viTnnT2381uqcQH3RpU4GTy5HCREsPb6KyFTxwYVEsPC4WiKzREelHo+oj087nupGZFER7EOKuiJTHQgvLYK1R1YXmSw7qsCIR3p8jZHJ8oPLjHikx1UamSo7vIIHlh1ZxGOq7Mg6Hlh7ilIeUx1Iq/w+kiNqenhkx5b1mCo9trIHlp+kuEeICxkm2bQlPiY7FV7lw+NGZKGPycKT1Prw+JCu3Md0d4Irfvh8iCv6MVV4YN0PLDqm9MdUwXHVP7DuBAVApsqPqAGCtceWAZkqPKYSCFYeXQxkRPr1tMfpWK+vq8qX7eq0HlVs/33gTkBHgOpkc1bL/bdOktqH02ZptzZuqmjvDN2XcK6PaWqSBfqVHGaLu5jIp5J2dpytMbKt44jCahP63bZ35tMU891SE/lUhn+3fQMZFD5XG4uY/95LlZ0usHd/Rn0//Ne7P0bIa27PqC40BHv3Z9BXH9xG85+abYIAfb37M+jbLfaH6l3baJmcXpquElhJpZVMsb+z64HNYj13rn0635h00v1Qb8iRjckP7SroYiTqmV2fjOeHcvzh9Mu6Xr6vn/+r+vaf++3LXw6HU7X/a/dEf4D6UcPJPbqGw+Dm6uvxXxOWYPafAV3oM5bruurUlLhh0/3rmS471Zg+vb1WdRnUwhpbF/fkACMhEltzXqgwmUlOEvcwk0neMuo9lnDo/OOJ+zTTHKgPC2I5uyt/2y4mdxec6sT6YjOz/L1LY00o/moxs/TJjaan6Z7XaXqGaNXbSDpWy+M7e9sPi+dJS6feRw0spBlUeiXM6EfMOZnRE+uzlGEgXMw7BT5dZtBx8EnmE6CyGW7MBWYJXLCJs3n8WLam7+HMy+K4/Ph2Pe3AwQxPrN3FOvCHMNuN7eatPRr5h2ozFY3McGa7cQcvV2fr93Fp+pmsWb7ELIPmO2FfMvN+OfZX87/wDc3LvZjhUkASxlxHVG+p0czxs2fr9r5Ec3SnSOLLbrupNsfJ713XOyLfkzoPxWWxzHgmVw3u1rDHcvV9LGXth/123hxKxVkD6RRGVFq9KTCkuuqY0bQVVSfID6+iGuLG8mO9Xu0nnjO/rb5jLqPoOUVDb2ueXSg0RPK84qC3RQcUBA2RPaMI6G3Ncwt/hgieUSXztuC5lTFDBM8qL3Vb8vzCUmGiA1Yyo6pDFzCzZM+ohHVb89waWCGC51Xhu605oPLeRNlkKdRNf527Fvp+diePGYuh70/HyNXQ2UKm5VD8hNwTmGpGvjy3W8nPqXR3DeYUfk3CjRrO+uKvybfxYxpwgPzYfpoEdaHxn+by3Bk/tZ92kb+01sBv972jKzDZe8f5seVa+/ZEp1n73pAcu4jsKU6yiLwhOH5N1pOcaE12U3T0moyoTrMmuyE7dk3W05xkTXZDcII1WU9zqjXZUDbaI/vdzOMElxufkpws6Mxc7aZjZ8UwY/J66u9cVqvISeJ3UyBgtXp3viF8Zhso79tM7ke6xeUU5QmWm78b/xh/KqY7+ZXPtc4n3Ne1+Qx0nmOBNDSNW7O5aIhvYYQ01sEzK/1T5u/vzE7/l77HSGY3z9cU9C7A4c68da7V9I9tOPM5u0ptZZ3F6IfFz2HQYt4ZLO6t7bbwFK9xvxv7lLw8aYqD6QBTkKMxL7AT3It+ow1yKg7vTHArAe8Jcizi3X2CV7Ev80EuRSCiCS7FMqMgl6I2LCY4Fb+DEehWzJbGJL+i9ziCHIvY9JjgVewuSJBLcdsiE7xKsE8y1bHrxomrdzVxs8Sl6iZMvbCL3OnVWLsqOvcGLcgmlKhMI6ytUTmzPqHH4gTBf2yqTNqj6UmlV12zeZxoW0FWq/dzRw+P/IvBsAFjhvDZs5NXcdg8NFnq7IHZIzT9E+0NDDMK7fUsu/vSDwjL7Wlz3M9Z0w8FPVyNhDy09pH4dge3+5fFcR6eBhK7ZtKLtPNbfYx8jB0r6SU2YHuxflpO7afqVdk3lF5oU00/ZIjvarzYSC/vcNxX1fFpTsVMr8yBrSRye+PNbrcOTABtzRMDSUYg2uzm7W73PcmB8DS5IdLau3KJ+nF7Olb7t7v6z4vNal3t/3MzU9/QQHap3/fyY9rPDZUNjd3BhcG2dLQfPotpnOn/4tzHvttujtXXObsVRHdrIP2cv5ubYDgi7CEspxBbnBIfTZJLTDR07s8TyN1N2ptNu3oSe3cmEaf6u9Tf2dKXXxb7GQm7Tlv/7vQ/GtAPenZ4eppWJ35/ng8xxuWFYwuv3Ryg4pYTsWhitjPN+vNdw06rzaxd7huONGaXHbN3dOK76vhxG/CaM8mVl7PxvA7NR0Q3nAiEQrOFh2CgG9KDwc9s8bNRzw3lYXBntuzNdmpz40mqz+byip7NoG6oDqNOs2XvZ/apmqQ9qD9VsAN2yzOl+LPBuwhP/OCtzfs899AtYL/4qK3gWdIvzY6TyrdWX8I3wOa78I+pHZBmuTCvG1KgC6Eb8z7xURv0M2SHbZd5Vc/riRcoOgTl3hAeDG+niKcvz+9G1sMT3qDB7Vne8d+dDsfty+Xsod1Y+K45yjlvT2LETBbZf3BraVoHa4LS/p3JX///+PW4X7wNKX3l5JH7f0uv/Uha7Cs/fVzZXvex+DSv+hOdCH2hhNKjXiYnCg5/kYSSI18iJ4oOfIGEimNeHifKDXwHg3Jj3r8myg1eQkPBccvniZIDF21QcMyCbaLc8HUPVBy55vGL7ldUnlFWvmv+emdqRvBcHUlj5emSgvoq314a/OlseX71TieNGki/OPiw3S+rH2c0KL0p78GanN2jdMzujcK5536mifS3Vk9t75PcLgQOrz7tMePrVNGBAyyWHDPCjgim7w/9LgQTXhtC2g5MGBIaq8HDQefm9EPB7HxPj6jAxM6htbQZnONqg1I1p0sOqF/r0xtasnZUbDdE/+I6MtjnOz8cendneZlNIOnBmQl4fv2H4xMZeL4OCY05XjdN7EuaJ/qS9Ykenz4uAlYoSOjFVDaxp/kgHAk9BSLviSKPH5+O9cSukDelXo1lE/zvXRKp1kwukfNaut+QGtDMfbbgZbLf1TL3z2p6x/kbSmf2mg8TOq8B7hTFAT1v50v/muRH5szkEtnvVB8tNqjx/WzRM1re39A7t9n9fKnz2tzfkhvQ4H6+5LB3FyQ34uVlktR6Yl/dGzrrOa1054tMs3qts65c3T5nCp0XS7mkvtjjx8l+U31zuUSnUptbZr38lEzq1VY2uUEHB5HW8CODk4TuPm431dPm9PJLmnmL2LuH7KSLMJ/hbI7UzeHEJKFyNZVNbLNrvt9Xq6dm3zzVzxFazefC9kOdZj65msol9pDsve2Q+73tcPoliU5rJpfI06550V49pVmc9azlkvyl+uVQp9lpuJrKJfbf201VhzA6oLZjK6Hc3hb4ZuWOCM2Xe74z/dZ3MCrsa4pkhNdHkxYOEpExVBBJ7PUlx41vJx4XILenPsYwu2t6X1t4y/Tb7PIvXeuhDBMZycUywxChV2E8KoRPMDUy9OuPQ4c3xHcj5a9f5hREdub/+uVTBly4ntMTui/kwd0c8KQa93377fvP4YLczWkFzX81usgJfPkZEzN/9/mqJnDLeUzOrxFyfk0uZ/7Mf1ETONmPiQmoDnGV8zVwYTwiKHzEeZhdW/22mOrb07wyx1TSxUBiYXXED97dnFhQQOGpq6DQelMjguZXb7rICSzaNCJme5z/jn+R425OKyhigE4/PkcMz+lH51/np8he1QSmwo7IOR0ipgt3c1pBX8PlfE0vplhGyLE3pxYUMZ26m5MLenjPCxWl6uAMpFZ2ihF1Si4oYgJLMn11dg+am941N81rle6s9m5O8y7Gy4u077rW/2NxqPo189rPGVeIbWTJN+19VEDNLnR/8h2Z3oeE7sggI+nfxLekRmK0uoftpmotBvyC4JO78ZDfbbef6ir6MffMpH/Qq+3Lop6/iB2R93AxGfOg+0/PI/7j8bj7frOeP6KOyW+Mbp3R7A4Ekc8x8eHQc57w3SLgVWNMeGswv/Bqf6gPxyogaXlUftdsdicOi5fqfQjMG3OhMRqO9WY6UC1DziqMyj+bzCIerUz+fDzuYlYll/vzTfTXOpbR89DA1G8Lw9zQGQ9jRp5paiRzy5c4MDPfke0msG3eNHe2m5hGeeFORa4wvd6kWGfOcCOmr+FUl6LbGYa6t+tVDEo+fD1c7O/P9rO5haaQv1dfj+/6vY7nzSFXA4lea+VV5QKXUY4SaHO/XrpGY5535/FdfShYt6X05nDcn5bH4Ema6u9bTC6eK85kt2juvkoZHw+NwUtz7fTqu+EDqn7EaX+ujoeLwezaSXWQaOnHs728yn3HleL014cFsZrbC3SsKdYHV6PjubWZ1wO8tRrnweWmxSn6ZXnK6LOtV8uko09j8E6jTzuxJxJ+tXYX1W93dVrhi10gMpyv/YfFc6q1QmtxF1xjbYb6va9hdpwLZ7PH7aF+3kTvis714/tTql9A35HtKctvAa6Rv/8hZpOlvTvJ6jjtyrKrLOGy8vy4fAexEj3LhxRvuVO0/qE6LPf17hi+jhzKXvVspvUA7sNF775l23NbrNfbL//nVO2/2Qp+33+u9vt6FfOm3Xu/tuZ/bczb5knbjvmoxz6+a7DY7eb1Yx51Ybc7ze+9PE+wWxT9JWLrpifZmQs9fjdP9Ptqua8iYAoQfjibzCp+u/z0/lP1JZny7fLTwdnLKdsCirTP3Jq8xzNfVb+cnp8D0oOx8I65rKI/LE7rY0TJbp96a7f55zF95aa68aFaVfvm3Z0uC+O8uJhNsyq85US9Plb7ahVXc87jSWu7XtmdmuXZdkZ3aufGe/tm8Pw2IPkEu9K64N44noPzUqa68a8vnw7vFsuP1R9OgT3LsRuN3WVjd3WKaVo+1Y2X6rhYLY6LHK6cbd/Rne3mPxbLT+8+Ljabav237fM22W9+u/llsfy0dJbXZ8tZXWk3kt/tq8Wx3qT6nTR9Yazd5dVuZjeO0V2K/a4cF1fbET1YprrTNMd2cfVjRMMt7E5j20VWdN+tqe7EVofGjiSpDj3dBZeqnWpK7NrLK9s1fqpfqnSj1KXx08VqThci6XRfeQoUffMAVp/MxSlOg+VuSU44XN5heDxWm8Xm+IfI47U91c5kkuO1N8SfDtUPi1TvaadDtVtkfktrBti3z1GnOqnm/eI5HlRNkJ1wtsk2zcBNzR8D21RSA+lPrjxXx7frtTvMGTEqd/U1CH+xXi8vNmMe8PnJ+eU77emkL8/28sq2G8npVP/amssr+sfFl6Sh3CjfL75ENV0dkw9/i5ELEHd/erzwS7p30I7Eh9QvoO3j8226Ltbr5hPTaO9Yyyf50IfYUYKTkOvbcqM2Jane3CERP3F3FSeatweS4VBBD+XNVp6yIxfp1tEcMCYH76LkPTiTSc7enZ+bT3zb/bVavQ8raeZx4GI2psbZVCfaHelE2tt96LyS29ZhKXW3Ju8gvvnhJxLdmkordmwAiT7T0LeTfjhZRq6hgb6HJOto8gB94DEaQSAHEsGHaS68LL7WL6eXeJiCPGmN39Whw7peRfEH5MjV6B0cOG5j8i6h/NZkFvETBqCmsEMqjxpbv/WB6KIxx2BkH+adBqSrI1l+w2OuZBqYrh7lHJzGHEs8QF0dyjFIjTqScqDquJF8sCJOjA1Y75P4ZK2k3zNdVesqhq8M1D1cLCZ42O7R+ffwUup+jj4HN0X0Ia3oQzbRMKAbfhb/AtCx8hucdam6RPNt99FNecw/LPbHerFO87T7xn6jDx2ITPjsyfO8kX1i9xViElCuBvKV+YjdMkvY0N63oZdEXHc7LzIU2kd2W/gfv+7q2FWix4WqazqfM9Gbel35afb0bgg+2IceU8miJ/lQXczlE51mH7KrO+E25C3pljHG71z31bdGk+xb33IgsNeJR3lMx5OJkgP7nkDBeZ4wnGl+itqwbu7OMMsE9k8fyorrn95/SD6xAf3TkdDQ/umTRIb3pQZSI/tSTxIc1uwZiI1o9jxdaHifQZ/iyAaDk6TH9FEGuqP7KE8SHdhHGeiN6aM8TWp4H2UkN7KP8jTJYX2UkdyIPsqTpNYBzWKAzjq0b8wkkYEtioHOmBbFk6TGtCgGeqNbFE8SnUptbpmhLYqR1KgWxZPkRnX+BZLjO//Olp10Rk7Y+XeaI4Gdf5H0mM6/08TGd/5FuhN1/p3oQljnX6g7ovPvJLEh7XSB0OB2upNERrTTBVpj2+lOkhzaThfojWqnO0lscDtdoDauna5XLtp7/+diXa/s/mjMBjyxkoic9tt/NNWsOsVfcb3kCW1AxuzcRbi/mHCA+oGxO7jwY3U4rY/hqt39WYR+P5KRP0EnuD2TzP6vbZK0fD+t773J/5OEkZuzSfQn9k+UOTCQRWpTnTHgC+7clk2WzV7Yv93V/WEvoJnSbWv3cGIw+sV74jOZx5399mU3a4RydyQRo3rL7V4l14ntydrbMqnpVmidJ+jtrk5+EOCHi+m3u+BW68hIelgTuGXoFRe1cwif26jwsOYkt9RHtCWZ40JwQxK//rhWJHPERzYh8buQov3IPEfiO3aMeZOoV8cNl/DwY9cJ0eNPx8pvcACi6hKNQN1Hl3UI8uhPMgZNcCLBIDTwINUoNEF+smFo4ETacWiSKykHIuBP8pEIOwWHol2SoWiXdShahNcU9Su0GcMxFUXxI8w0mg7lJxlNp0uPHE19+lOMplOciB9Nhx4kGk2nyE81mg6dSDqaTnMl4WiK/Ek9mk5xal8dT/tNSC31EVec0VNoTfVbDoB9DNfi7e1u977af67277Yvu+2mWyxs2uaGz0yu7ZdO57vvmt/kzL0jZOAOUg/hItPMsWA9ELkQ+A2vAHJM/Vnn/NSTff5ZPsv0nnleTz+h554pMkwRQ8nDjdxeu6p5O7nNrTnH08a+Ay/dRcU/vu1msaWbxu7jwmBxFO0HtJhrArl8bNxEQsz8FicUJDHVxEKfovfQ9tGtsN7Xq+qH/TZ8soHO2D6ijflDvap2rfn8TkXNmtiR+NlzlvioWXTEg/jZdKIbsbMq9CHJ7DrRgTTvy9CNhC/Mk51J9sbs8SjtK/NEt6JXQtCZNCsivws3JvAf7cdHztlXI6mpvLd758QVHb0/+TLiR/IBoesIj50cqfv7fy7Wp4AU1TGJD4vl/vPZbEAY+x7jyGqobVq93f+5DqgOP+5M1/zHOrRY/EynVvVht17Mr7I96srVaH4H1tvnepP+27Bm7/YtvCy+vn2ef/x71IOXxdfgVscz5e/6h7uSyL/YzC8/OOF/1IG4xP/ZLoQuE274ELVOmOlEYBWDUQ9iqhnMlH+q/2bzJBN7cKrXF7NZnPCufLo11IOWPt+nOlTuXft8fwrejfcZSr/6ubS1TKvxoWs3OjI6T9I3yidp0TbuUsJWbRPco68pP7Zdvr7bruaBp96NWbZAz5/QvO8ESbM3ZpH2fvFSva+PFVnhT9DWvzOPuGp52tfHb2/Xz9t9ffz4Mk/g4O7k41mbUvK3+oNtLjf790Tuz1CEL4mkh2XYr5g+Hl8llDQiAxdrE0We0og8pRbZDcef2uYh52FjtmRq4LdToQkqiyvSNHhayUsgYdGRVZCmyg4rhIQlR9RCmiU3vPjCiO7IwgtTHYgpioTVR9dFmio9sDQSVh1THWmy4PACSR7RkTWSJgsPQ38e0RHQb6rgwDpEWHBMKaKpgmOqEWHV0QWJpkpPqPkOYkMrE3kERxUnmio6qj4RFh5foihEfOqJMmGhosnuBNYq8jgQU65osuT4ikUe9YmKFk13JKxukU99ROmiqZJDqhdhucEFjKZKjahhhBXHljGaKjy0khFWHVXMaKrk4HpGWHNcSaOh6P9+/cq9Dv/+f17ZY2bbzavfv+JvxBvz6vWrD3W1Xh1e/f7n89S/3L68uGSE1XZ5sv/53+0/+2e1PG73zT92//p3j69e//z4WrI3iunX7LWUbx4fzX//9+ufz1bsv7B/OBu7/sVaYK9e/8xfF+UbRW5kgxtZ70b+6vXP4rXUb9Rj2buRD27kvRuF70YxuFH0bpSvXv8sXxfyzWMpejfKwY2yd2Px6vXPBbqxGNxY9G5Ur17/rF4L86aQrHejGtyoejfqV69/1uhGPbhR924sX73+uXwtizel4r0by8GNZe9G8+r1zwZ9j2Zwo+kHQBMP7BGGwDB4GImeJiYYgzeDAOpHEGviguHgGwYR60cRa2KDCXjzMJBYP5JYEx9MwpuHwcT60cSaGGHFa8XeGN2PYDYMKNaPKNbECVOvC/Xm0fS/YTYMKtaPKtbECtPw5mFgsX5ksSZeWPm6eHxjtO7fPAwu1o8u1sQMM/CThwHG+hHGm5jhj+hmPoww3o8wbgcohp42H0YYJ2NUEzOcw5vBMNWPMN7EDBevC/6G/Ij5MMB4P8B4EzJcoh8yHwYY7wcYb0KGwwGLDwOM9wOMNyHDFQptPgww3g8w3oQM1/DmYYDxfoDxJmR4CaeEYYDxfoDxJmS4eS3LN4o87GF88X58iSZixCN6XmIYX6IfX6KJGMFeS/NGc9m/eRhfoh9fwk6CHE5mw/gSZB60E6EALgswE/bjSzQRI2B8iWF8iX58iSZiRAFVD+NL9ONLNBEjFPzkYXyJfnyJJmKEBj8pMQwv0Q8v0QSMKOG3PAwv0Q8v0USMgPOjGMaX6MeXfPQtA+QwvGQ/vGQTMBLGphyGl+yHl2wCRjJ48zC8ZD+8pPCtQeQwvCRZadmlFn8txRtNIkSCxVY/vGQTMBKu8OQwvGQ/vGQTMFKiEVsOw0v2w0tq7+Qqh/El+/ElS+9PSg7jS/bjSxrvT0oO40v246vwxlcxjK+iH18F833LxTC8in54Fdz7LRfD8Cr64VU0ESPhKqgYxlfRj69C+t4BimF4FWQxb8NLwQ8G6/l+eBU2vNAAVAyjq+hHV9HEi4QDUDGMrqIfXUUTL9JA1cPoKvrRVTTxUjzC5zWMrqIfXaoJmIKhdZ8ahpfqh5dqIqaACyg1jC/Vjy/ljy81jC/Vjy/VREwh0G9ZDeNL9eNLSe+kroYBpvoBpuzrInw5UMMAU+SNsYmZAv4sFHhp7EeY0t7vWQ0jTPUjTDUxUyj4PQ8jTPUjTBn/VzWMMNWPMG0jDK4a9TDCdD/CtI2wEt48jDDdjzDdxEwBp3U9jDDdjzAtfO/aehhguh9gugkZ9QjGET2ML92PL91EjILvzHoYX7ofX9puScB3Zj2ML012JZqIUfCdWYONiX586SZiFPxZ6GF86X586SZiVAHWunoYXrofXqWdHuEbTTkMr7IfXmUTMEqDDy6H0VX2o6ts4kWV6N5hcJX94CqbeFEwMsthdJX96CqbgNGP6IOH0VX2o6ts4kUzdO8wuMp+cJVNuGiO7h3GVtmPrdJueYnXkr+Rpj87lsPYKsmuVxMtGsZWCTa++rFVNuGiC3jzMLjKfnCZJly0Ai6bYWyZfmwZu/ZCsWWGsWX6sWWacNHla6neKNMfrc0wuEw/uIxd2qOXZTOMLdOPLSO9K1UzDC7TDy7TxEuJAtMMg8v0g8s08VKiwDTD4DL94DJNuJQoMM0wtkw/tozdUkWv2WYYWoZsqjbBUkp0L9hWpfuqTbSUMC7dtf7tnb+19zcRU6LQdJfo7WRz9bGJmRJFp7tEbyfbq492dkSDn7tEbycbrI9N4JQoRN0lejvZYn1sYsc8wj3WR7DJ+kh2WR+b+DFw19Bdo/eTjdbHJoYMXPe6a/R+stf62MSREfh+sNv6SLZbH+12PnwNdtfo/ST27Da9wXvUaFd/sK3fBJOBL1kMbuyT4LOb9Ubj+0H00c19u19vSnw/CD+6v2+37A183WJoh59u8bs9/kccgGiXn27zu33+RxyBaKefbvW7vf5HHIJot59u97v9/kccg2jHn275uz3/RxyEaNefbPsz7sgSjkKw88/I1j+zu/nsEYch2P1nZPuf2R199ojjEBAARhAAs9v67BEHIsAAjHAAZrf22SOORIACGGEBzG7vM4YjEeAARngAs1v8jOFIBEiAESbA7DY/YzgSARZghAswu9XPGI5EgAYYYQPM7vczhiMR8AFGAAGze/7Mw+wAI2AEEjDhOCeORMAJGAEFzO79M4YjEbACRmABswCAMRyJABgwQgyYhQCsYXjD/SsGoAEj1IBZEMA43MtmABwwQg6YhQGMY1oM4AEj9IBZIsA4JsaAIDCCEJilAox7qDGIRIIRmCUDjGNyDEgCIyiBWTzAMNxjACcwwhOYRQQMAz4GkAIjTIFJR93hdg0DWIERrsAsK2gadEEDIBIJXGCWFzCOIxHwBUYAA7PMgAl8ZgEwBkYgA7PcgAkciYAzMAIamCMNAkciYA2MwAZm+QETOBIBb2AEODDLEJjwnGEAkUigA7MggQn8fgLAAyPkgVmawASOREAfGMEPzBIFJnAkAgLBCIJghTsDgiMRUAhGMASzaIFhLsgAimCERTCLF5jEkQhwBCM8glnGwCSORMAkGIESzHIGJnEkAi7BCJhgljXAYw4MkAlG0ASztIFJPLkDOsEInmCWODCM/BggFIwgCqbYyLwEKAUjmIJZ8sAwy2KAVDCCKpgSI1MroBWM4AqmxkZEQCwYQRZMuTjE6xNALRjBFky5OMS/RUAuGEEXTLk4xOsTQC8YwRfM8QsIfBgAGIwQDKZcIHqeIQhEQjGYBROswCttADIYIRnMwglWQF7PAMxghGYwCyia3GdoAAQiIRrMUgpW4FkFUA1GsAazqIIV8rXSbx4NVQACkbANpt3huAIbAIFI+AazyIIVChsAgUgYB7PYghWI8TJAORjBHMySC1aUWAAIRII6mMUXrDDYAAhEwjuYRRhMPUIDAHkwwjyY5RhMMWwABCIBH8zCDKY4NgACkdAPZoEGUwIbAIFICAizVIM1uGn4LQIIwggFYZZsMIXjEJAQRlAIK91BTRyHAIcwwkNY6Q6jaGwABCJhIsxiDtbwpyHFZgCLMMJFmEUdnlcNQEYYQSPMuDjEqyOARxjhI8ww/08RIBJGGAmz2AOe1mAAkjBCSZglH/jABgOghBFSwiz8YBov7gAsYYSWMEtAmMaLO0BMGEEmzGIQpvHiDmATRrgJM/4TBQygE0bYCbM8BB8eYQCfMMJPmGUiTONZHTAURiAKt1CEYTTIAUXhhKJwi0UYxoMccBROOAp3HAWe5AUchROOwi0YgScFOOAonHAUbsEIBOcccBROOAq3XATibw4wCicYhVssAgk4BxSFE4rCLRWBHJsDiMIJROEWikCUzQFD4YShcMtEIM3mAKFwglC4RSIYaHOAUDhBKNylRmh8EhswFE4YCrdMBKJpDhAKJwiFWyQC6TQHBIUTgsItEcGAmgOCwglB4RaIQEbNAT/hhJ9wi0MgaeaAnnBCT7iFIRA2c8BOOGEn3KIQyJs5ICeckBNuQQhEzhxwE07TJSwGgdSZo3wJmjDBvdyYo4yJQcqElxtzmDNBwo57uTFHaRM0b4J7uTFHiRM0c8LREo0zGFDyBM2ecOkTOHED5U/QBAoHSzR8DeYoh4ImUThYomGqDUd5FDSRwsGSEr7GcpRMQWAJd+kU8IQ/B6yEE1bCHSspccoOYCWcsBJu0YcnkQSgEk5QCbfkA+eSAFDCCSjhLrcCbidxwEk44STcpVfAw6ccYBJOMAl3GRYwqYQDSsIJJeEuyQKOPoCRcMJIuPCfg+cAkXCCSLjwH4XngJBwQki4HAk/AEg4ASTc8g6YY8IBHuEEj3BLO3CaCQd0hBM6wi3sgIf5OWAjnLAR7jIvcPABNMIJGuEu+QJuQXFARjghI9yCDphPwAEX4YSLcIs58DliDrAIJ1iEW8qBc0c4oCKcUBHuqEiJM/4AFeGEinALOTzjP4AinEAR7qBICV94OIAinEARbhkHjh+ARDhBIrzwZv1wAEQ4ASLcAZESbsZzAEQ4ASLcARGYosoBD+GEh3DHQ2CWKgc4hBMcwh0OwbMnoCGc0BDuaAjOVQU4hBMcwi3dwEmjAIZwAkO4Ggk/wEI4YSFcjYUfYCGcsBBu0YYn9xSgEE5QCHcoBJ965ACFcIJCuEMhpSeBFUQgQSHcoZASLwEBCuEEhXCHQkq8hAMohBMUwh0KKeGZHw5QCCcohKuxNSBgIZywEO5YCD4/yQEL4YSFcMdC8AFKDlgIJyyEOxaCT1BywEI4YSHcsRB8hJIDFsIJC+GOhRi8cwRYCCcshFu0gTd+AAnhhIRwl+YBd24AB+GEg3CX6AFfwwAF4YSCcJfqAV/DAAThBIJwyzTwzg1AIJwgEG6JBt65AQCEEwDCLc/AOzcAf3CCP7ilGZ6dG0A/OKEfvPRvvAD2wQn74KV/4wWQD07IBy9HNl4A+eCEfPDSv/ECuAcn3IOX/o0XQD04oR689G+8AObBCfPgpX/jBRAPTogHL/0bLwB4cAI8uPFvvADcwQnu4Ma/8QJoBye0gxv/xgugHZzQDm78Gy8AdnACO7jxb7wA1MEJ6uAOdeAT5xygDk5QB3eoAx855wB1cII6uHErP3jCkgPWwQnr4JZdMHzonAPYwQns4A524FPnHMAOTmCHeHSFUuC0LQDsEAR2CMsuOD51LgDsEAR2CEsvOD51LgDuEAR3CMsvOD51LgDwEAR4CEswOD51LgDyEAR5CMsw+CNcwgoAPQSBHsJSDI5PnQuAPQTBHsJyDI5PnQsAPgQBH+LRvYTASBQAfQiCPoRlGRyfOhcAfggCPwRzhcUEf8OVeM1eC/mmOXvM2eNrod4YQR4r4CGC8BDBvJXGBKAhgtAQwbz1xgSgIYLQEMH8VccADRGEhgjmrT0mAAwRBIYI5q1AJgAMEQSGCOatQyYADBEEhgjmrUYmAAwRBIYI5q1JJgAMEQSGCOatTCYADBEEhgjuL08mAA0RhIYI7q9QJgAOEQSHCO4vUiYADxGEhwjur1MmABARBIgI7i9VJgAREYSICFdMCqd/CEBEBCEiwuWPwIldACIiCBER3F+URQAgIggQES0QwfeD+CM8RLQ8BO0oCYBDBC0u5XJH4Lu4QOWlaH0pwbw7SgJVmKIlphwNwd8fKjI1qDIlvDXQBCw0RQLQ4g24oyVQqSlaa8rSDbyjJVC1KVpuytINvCElUMEpWnHK4g2cLiFQ0SladcriDZwtIVDdKVp4yuINDLMEKj1FcIiweAPCLAFoiCA0RDgagmujARwiCA4RDofg8mgAhwiCQ4TlG54KaYCHCMJDhOUbuEgawCGC4BBh8YavThqIPoJDhOUbnlJpgIcIwkOE5RueammAhwjCQ4QrSgULpgEcIggOEa4sFa6ZBmiIIDREWLrhKZsGaIggNERYuIEXLoCFCMJChCtQhYMXwBBBYIhwNaogDBOAhghCQ4SFG3jhBFiIICxEuEpVEIYJwEIEYSHCFavCi1bAQgRhIcIVrMJvUoCFCMJCRFH6Z27AQgRhIcLCDc+PD8AQQWCIsHDD8+MDMEQQGCKUP/oAChEEhQiLNvC3D0iIICREWLDh+fYBCBEEhAjLNTiDZ7AFACGCgBCh3MoPjp2AgwjCQYTFGnjsARREEAoiHAXBx5cFoCCCUBBhoQbOyhEAgggCQYRlGvjXAxCIIAhEWKKBM2oEICCCEBBhgQY8vCwA/xCEfwiLM/DhZQHwhyD4Q1iagQvOCUA/BKEfwuIMfHJYAPwhCP4Qlmfgk8MC8A9B+IewQANXnhMAgAgCQIT2n0QQgIAIQkCE9qcjCYBABEEgwjINz8IJMBBBGIiwUIMzmIkjAAURhIIISzVwGTsBKIggFERYrIEr2QmAQQTBIMJyDU8AAQ4iCAcRlmvgenYCcBBBOIgoR2ZfAEIEASHCkg3uefEFKEQQFCIs2+C4ZoAAMEQQGCLaBBCUAyMADRGEhgiLN/D8B2iIIDREuNJY8HZAQwShIcLiDVwVUAAcIggOEZZv4MKAAvAQQXiIsIAD1wYUAIgIAkSE8eJfAYCIIEBEWL4Bz/0LgEMEwSHC0g1cJFAAGiIIDREWbuA6gQLAEEFgiLBsA5cKFICFCMJChEUbuFqgAChEEBQiLdmA9FwCECIJCJGWa+CagRJwEEk4iLRYA9J3CSiIJBREuqQPxOIkYCCSMBDpkj5g6EqAQCRBINISDUjvJQAgkgAQaXkGpPcS4A9J8Id0WR+I4UoAPySBH9JlfUB6LwH7kIR9SJf2ASNPAvQhCfqQLu8DHmCSgHNIwjmkBRfw9IAEnEMSziFd1geMPMA5JOEc0mV9wNMDEoAOSUCHdGkfaLtJAtAhCeiQzF9aXgLSIQnpkP60DwlIhySkQ/rTPiQgHZKQDulP+5CAdEhCOqQ/7UMC0iEJ6ZD+tA8JQIckoEO6tA8ctwB0SAI6pMv7gHELOIcknEO6vA8YtwBzSII5pMv7gCMmoBySUA5poQU8vSAB45CEcUiX9cFgrq4EkEMSyCFd4wwGVysSUA5JKId0zTMYHvMB5pAEc0jXQIPDpHEJOIcknENabsExaJAAdEgCOqQDHZg0SEA6JCEdUniPPksAOiQBHVKMNDxAHQ9IBFpwgY9MSgA6JAEd0oILfGJSAtAhCeiQFlzgA5MSgA5JQIe04AKfl5QAdEgCOqQFF7jkpASgQxLQIS24wAeAJAAdkjbZsOQCn/+RqM8GbbRhyQU+/iNRqw3aa8OSC3z6R6JuG7TdhiUX+PCPRB03Bi03pL/kpIRdN0gAuqpY+PCPRJ03aOsNVxULH/6RqPsGbb/hqmLhwz8SdeCgLThcVSx8+EeiLhy0DYfL/8AlJyXqxEGIh3RVsfDhHwmQhyTIQ7oEEHz4RwLoIQn0kK4qFj78IwH1kIR6SFcVCx/+kQB7SII9pEsCwSUnJQAfkoAP6ZJA8JkDCciHJORDuiwQXHJSAvQhCfqQLg0El5yUgH1Iwj6kYx+45KQE8EMS+CFdXSy8fSQB/ZCEfkhXFwtvH0mAPyTBH9LlguCSkxIAEEkAiHR1sXDJSQkQiCQIRI7VxZKAgUjCQGRbFwu3TwIMRBIGIl0yCC45KQEEkQSCSJcMgktOSoBBJMEg0mEQXHJSAgwiCQaRLhkEl5yUgINIwkGkSwbBRygkICGSkBDpkkHwGQoJUIgkKES6ZBB8iEICGCIJDJEuGQSXnJSAhkhCQ6RLBsEF1iTAIZLgEOkKY+GSkxLwEEl4iHSFsXDJSQmAiCRARLrCWLjkpARERBIiIl1hLFxyUgIkIgkSka4yFi45KQETkYSJSFcZC5eclACKSAJFpKuMhUtOSgBFJIEi0lXGwiUnJaAiklAR6Spj4ZKTEmARSbCIdJWx8JkKCbiIJFxEuspYuOSkBGBEEjAiXWksXHJSAjIiCRmRrjQWLjkpARmRhIxIR0bQkTIJuIgkXEQ6LoJLTkoARiQBI7I0/pKTEqARSdCIdJWxPPMSgCOSwBHpKmNhuC0BHZGEjkjDR6ZWgEckwSPSjI2IgI9Iwkekq46FAbkEhEQSQiJdygguOSkBI5GEkUiXMoJLTkoASSSBJNJVx4KMVwJIIgkkkS5jBJeclICSSEJJpMsYwSUnJcAkkmCSwpXHwiUnCwBKCgJKClceC5ecLAApKQgpKVzGCIc/xgKwkoKwksJljHD4YywALSkILSlcxgjHrQgBLikILikcLoF75gXgJQXhJYVLGOG4JSEgJgUhJoVLGOFwpV4AZlIQZlK4hBEOfwkFgCYFgSaFSxjhuD8hoCYFoSaFpSBcwO3HAmCTgmCTwqWH4PVRAcBJQcBJYUkIx+ujAqCTgqCTwnUUh9UKC4BOCoJOCuYOSsOalwWAJwWBJ4WFIVzAIx8FoCcFoSeFxSEcr68KwE8Kwk8K5iZmuL4qAEEpCEEpmCsmDU/rF4ChFIShFMz4s7cKQFEKQlEK12xc4J8C4CgF4SiFazgu4IH/AoCUgoCUwjUdl/DEfwFQSkFQSuEaj0tYvrUAMKUgMKVwOSP46F0BcEpBcErhymjhOsIFACoFASqFSxrBCLsAQKUgQKXg/iq+BeApBeEphcUjuNEroCkFoSmFhSOeXq8AphQEphQOpki4gVUAmFIQmFI4mCLxNwBgSkFgSuHSRiR8WSsATikITilc3ojEgwkAKgUBKoVrOIJXRwUgKgUhKkWbOoJHI4BUCoJUCpc7gleYBWAqBWEqhUsekfBtrwBQpSBQpXDZIxL/DgBVKQhVKVz6SIEHE4BVCoJVCtdwBKY/FQCrFASrFBaT8ALPy4CrFISrFK7fiGeJCsBKQcBK4fqNeJaogKwUhKwUFpRwnwEQiISsFNKfw1QAsFIQsFJIl8MksAAQhwSsFJaT4LOQBeAqBeEqhfSfJCwAVikIVimki0I8mACsUtAO566sVoEHE9TlnLY5L1wY4rEAtTqnvc4LV9gIjwWo3Tntd174z/MXqOM5bXleuCjEYwlqez7oe26jEJ9oLGDrcxKGFpJwBXeOCtT/nDZAL0aO9BeoBzptgu6qa+HC9AXqg04bobvyWp5pEfVCJ1SlaAts4UgGVKUgVKVQbGRaBFSlIFSlaLuN4GkRUJWCUJVCiZFpEVCVglCVwmWWeKZFQFUKQlUKl1nimRYBVSkIVSmUGpkWAVUpCFUpLCTxTYuAqhSEqhSOquBpEUCVgkCVQpmRaRFAlYJAlUKP7dwAqFIQqFLosZ0bAFUKAlUKzUemRQBVCgJVCi380yJgKgVhKoWWI9MiYCoFYSqFyzHB0yJAKgVBKoVDKnhaBESlIESl0HpkWgREpSBEpbCAxDctAqJSEKJSaDMyLQKiUhCiUrg0E8+0CIhKQYhKYQGJZ1oEQKUgQKUo+ci0CIBKQYBKYfmIb1oEQKUgQKWwfMQ3LQKgUhCgUrS9RvC0CIBKQYBK4VJNFH5bBEClIEClKEeOHxYAqRQEqRTlyPHDAiCVgiCVwvUaUXgbGCCVgiCVwhISrvA2MEAqBUEqhSUkHHd8KQBSKQhSKSwh4bjjSwGQSkGQSmEJCccdXwqAVAqCVArjIhG2HioAUikIUiksIeEKth4qAFIpCFIpLCHhGm/jAqRSEKRSWETCNV7hAaZSEKZSGFdvAaa9FoCpFISpFMb4z7EWgKkUhKkoV4VLw31cBZiKIkxFuSpcGoayAkxFEaaiHFPBe+EKMBVFmIpyTAXvhSvAVBRhKsoxFbwJqgBTUYSpKFeFC2+CKgBVFIEq6lH5B1UFoIoiUEU9an/3HgWgiiJQRT2W/u49CkAVRaCKejT+7j0KQBVFoIqyjASnUCrAVBRhKsoiEpyDqwBSUQSpKEtIPN17FEAqiiAVZREJ1xDNKcBUFGEqyjGVJpsGRAFgKoowFeWYioZAQgGmoghTUY6p6BIbAHFImIpyTAUX81WAqSjCVJRjKiX+KQGmoghTUY6p4IYMCjAVRZiKckzF8y0ApqIIU1GOqXi+BcBUFGEqyjEVz7cAmIoiTEU5puL5FgBTUYSpKItIfN8CYCqKMBXlCnHh0vQKMBVFmIpySSolXGIpwFQUYSrKJang4u4KQBVFoIpySSol/jkDrKIIVlEuSaWEpFwBrqIIV1FiLBIBV1GEqyjHVUqI2hXgKopwFeW4ik8BiETCVZRr5I4TFBXgKopwFeUKcuH65ApwFUW4inINSuCsAqiKIlRFWUgCayEqwFQUYSrKIhLPpAaQiiJIRTmkgqurK4BUFEEqyhISz6wIiIoiREVZQgIBtQJARRGgoqS3Ko0COEURnKKktyqNAjBFEZiiHEzB6a0KwBRFYIqS3rR4BVCKIihFSW9avAIkRRGSoiwYgWnhCnAURTiKslwEpnUrgFEUwSjKYhGY1q0ARVGEoigLRWBatgIMRRGGoiwSgWnZChAURQiKskAEpmUrwE8U4SfK4hCclq0APlEEnyiXlYLb4SnATxThJ8oV40L5qQrQE0XoibIwBOZVK8BOFGEnyqIQfEZMAXSiCDpRloTAvGoFwIki4ERZDgLzohXAJopgE2UpCMyLVgCaKAJNlGUgMC9aAWSiCDJRloDAvGgFgIkiwERZ/gHzohXAJYrgEmXpB8xrVgCWKAJLlGUfMK9ZAVSiCCpRlnzAvGYFQIkioERZ7gHzmhXAJIpgEuWST3A7PAUwiSKYRKnSzwgU4CSKcBLlOImBG0oKcBJFOInSj94qZgpgEkUwidLMCykUoCSKUBLVUhIIKRSgJIpQEuVST3BHQAUwiSKYRLnUE8+rC8AkimAS5VJPcEdABTiJIpxEWe6Bq1gqwEkU4STKZZ54XkABJ1GEkyjHSWARVQUwiSKYRDlMAn9GAJIoAkmUZR64iKoCjEQRRqIs88C1wBRgJIowEmWRBy6iqgAiUQSRKEs8YBFVBQCJIoBEWd6B6zgqwEcU4SOq9BcFUQCPKIJHVDkSfoCOKEJHlIUdsJChAmxEETaiLOrARVQVQCOKoBHlL8OlABhRBIwoyzlwEVQFuIgiXERZzIGLoCqARRTBIsr4XzgAFFEEiijjPzajABNRhIkoizhwEVQFkIgiSES5LBPPtgtAIoogEeWQCI5+QEQUISLK9SXBLdkUICKKEBHlSnHhLwCEH+EhyuINz/cHwo/QEO0yTPCmkQY0RBMaotsG7Mh9DWCIJjBEW7aBT2powEI0YSHaog1cv10DFKIJCtFtQxJ8/zAANSEh2pEQlOymAQfRhIPoR3/4aYBBNMEg+nEk/DTAIJpgEO1yS+B+hwYURBMKoh0FwYWJNKAgmlAQzR79HQE1wCCaYBDtUktwaRYNOIgmHEQ7DoJbCmrAQTThINpxEFzcRQMOogkH0Y6D4OouGnAQTTiIZoU/CVwDDqIJB9GOg+D6MBpwEE04iHYcxEA+rwEH0YSDaMdBjMIugEgkHEQ7DgJfJTTAIJpgEO0wiIF8XwMMogkG0Q6DGPQ2qAEF0YSCaEdBDMT7GlAQTSiIdhQEH5vTgIJoQkE091cF1gCCaAJBNPfXpNaAgWjCQLRFGvjElwYIRBMEorm/KrAGBEQTAqJdMxK8964BAdGEgOi2GwncvdaAgGhCQLRrR4LfBjUgIJoQEO3as+NCVxoQEE0IiLZAw9MbVAMCogkB0Y6AeEZDQEA0ISDaZZZ4RkNAQDQhINoRkEe4K6EBA9GEgWiXWYLjGEAQTSCIdj3aH+ExGQ0oiCYURFuo4eluqgEF0YSCaEs14D6+BhBEEwiipbc+qwYQRBMIoh0EQbtqGkAQTSCItlQDbsRrAEE0gSDaMg24Ea8BAtEEgWjLNOBGvAYIRBMEoi3TgBvxGiAQTRCIdh3a4Ua8BgxEEwaiLdSA++gaMBBNGIi2UAPuo2vAQDRhINoxELiPrgEE0QSCaAdB0E6OBhBEEwiiLdWA++gaQBBNIIi2UAPuo2vAQDRhINoiDbiPrgEB0YSAaIs04D66BgREEwKiLdKA++gaEBBNCIi2RAPuo2sAQDQBINoSDbiPrgEA0QSAaAdA4C8eABBNAIh2AASHDYg6AkC0q8WFixtqgEA0QSDa1eLC1Q01gCCaQBDtskZweUMNMIgmGES7Wly4vqEGIEQTEKJdLS5c4FADFKIJCtEuawQXONQAhmgCQ7TLGsEFDjXAIZrgEO2yRnCBQw1wiCY4RDscggscaoBDNMEh2uEQXOBQAxyiCQ7RDofg/HgNeIgmPEQ7HoILHGoARDQBItoBEVzgUAMgogkQ0S5tBBc41ACIaAJEtMsbwQUONQAimgARbfnG42vJ3iimX4tHt7NOd2cAGdGEjGhHRh7hWWEN0IgmaERrtxCENR80QCOaoBGtvYnuGpARTciIdmQEF2zQgI1owkZ0y0bwaz2AI5rAEe3gyCM8dq8BHdGEjuhy5JSqBnhEEzyiHR55xO/1AJBoAki0AySP8Ny+BoREE0KiLfHwbW0ARKIJItHlyKIQIBJNEIl2iOTRwBd7AEk0gSTaQRIGV1YAkmgCSXTp2uUwFMeAkmhCSbTxY2INKIkmlEQbh+g43FkAmEQTTKJd9gje2wGcRBNOoi33EAyPJACUaAJKtAUfAjcM0oCUaEJKtEsewWf+NSAlmpASbcmHYHgoAKhEE1SiXfIIxLwakBJNSIl2uSNwlQdIiSakRBsXg3ijGbASTVhJadEH5rQlQCUlQSWlRR+Q05aAlJSElJSWfGBOWwJSUhJSUlrygTlrCUhJSUhJ6dqWINJUAlBSElBSOlACf0ElICUlISWla1uCP34YfCUBJaXlHhg0loCTlISTlI6T4IyXEoCSkoCS8tGFH5yGSgBKSgJKSss9PPFbAlBSElBSMjcIwpVZCUBJSUBJ6Zq0M7hBXQJQUhJQUro27biLQQlASUlASWm5h+BwY60EoKQkoKR0CSNwDCoBJykJJykt9vCMAQCTlASTlJZ6eH7EgJKUhJKUzEuLS8BISsJISsdI8I8QMJKSMJLSIg/8IwSEpCSEpLTEw/MjBISkJISk5O6kDMweLAEhKQkhKbkLQDgNl4CQlISQlNwFIJyGS4BISoJISos8fL9iwEhKwkhK7iIQTsMlgCQlgSSlhR54MVkCSFISSFJa5uFZTJYAkpQEkpSWeQgOXwlKAElKAklK8ehfzZUAkpQEkpSWeQhcsboEkKQkkKQULhDhK0EJIElJIEnpym/hcQgwkpIwktJliaC1UAkISUkISekICR7GACApCSApLfDASxnAR0rCR0oxMgoCPFISPFJa2uFZygA6UhI6Ugrvma0S0JGS0JGybdoOR1GAR0qCR0rLO/AoCvBISfBIaXmHZxQFfKQkfKS0wAOmrZaAj5SEj5SuZzv+dBB6hI+U0pueVAI+UhI+UkpvelIJ8EhJ8EjpSm3h20HgETxSSv/0C/BISfBIKb2HtUpAR0pCR0qLOyDUKwEdKQkdKS3ugDUgSkBHSkJHyrZzCb4fhB3BI6VLEYH51iXgIyXhI6XrW4LjFgCSkgCS0rUtgbWlSkBISkJISte1BCLZEiCSkiCSsnBVPOD+dgkgSUkgSWmph+B4+Q0wSUkwSek6tuMqviUAJSUBJaVr2S7w8huAkpKAklK5V2C8gAOgpCSgpLTcQ+AqvCUAJSUBJaVyh6XxAg6AkpKAktJyDyHw+guAkpKAktKBErwABJykJJykdI3bBdziLwEnKQknKR0nwYsfgElKgklK5T+uXwJKUhJKUirvcf0SMJKSMJJS+4/rlwCRlASRlNp/XL8EhKQkhKTU/uP6JQAkJQEkpfYe1y8BHikJHim1/7h+CehISehIqf3H9UvARErCRMqRbJESIJGSIJFSe4/rlwCIlASIlNp/XL8ERKQkRKR0jdvxLAiASEmASGn5Bl4BABxSEhxSunpaOHgBDSkJDSkt3MDH/UsAQ0oCQ0rLNvAKBKCQkqCQ0pINfMCuBCSkJCSkdF3b8eoPgJCSgJDS5Yrg3y4AISUBIaUDIQJvwgEQUhIQUlqwgUvClQCElASElA6ECPziCEhISUhI6UgIHnwBCSkJCSldHS04+AIOUhIOUpqRwQ9wkJJwkNL4Bz9AQUpCQUozMvgBCFISCFJapuEZvAADKQkDKV3fdvjzAQSkJASktEQD//oAACkJACkt0fD8egABKQkBKV3tLNxAoAQEpCQExLjaWbiBgAEIxBAEYlztLNw2zwAIYggEMa52Fm6bZwAFMYSCGJcvAotCGkBBDKEgxk9BDKAghlAQ45qR4NuH8WcIBDGWauByjgZQEEMoiHl04x98hTAAgxiCQcxI+3YDKIghFMQ4CoI3Dw2gIIZQENNSEESiDYAghkAQ44pmwVKKBjAQQxiIsUgDl6M0AIEYgkCMJRrwHd4AAGIIADGWZ8ACGwbgD0Pwh7E4Q8F3cAPwhyH4w1icoeA7uAH4wxD8YSzOUPAd3AD8YQj+MA5/wOnXAP5hCP8wlmfAc80G4A9D8IexPEPh4Q/wD0P4h+Hec9EG4A9D8Ifh3nPRBsAPQ+CHsSwDN+0wgH0Ywj6MRRnwXLUB5MMQ8mEsyIDnqg3gHoZwD2MxBjxXbQD1MIR6mBHqYQD1MIR6GAsxcFknA6CHIdDDWIaBC/MYwDwMYR7GIgx4rtsA4mEI8TAWYMBz3QbwDkN4h7H4Ap/rNgB3GII7jGvejladBtAOQ2iHsfgCv7MagDsMwR3G4gt4LtwA2mEI7TAWX8Bz4QbQDkNoh7H0Ap4LNwB2GAI7jIUX8Fy4AazDENZhXCYIOhduAOswhHUYyy5weqcBrMMQ1mEsvIDnyg1gHYawDmPZBTxXbgDqMAR1GMsu4LlyA1CHIajDuGpYMGwB6jAEdRjXWITDA8kGwA5DYIeR3tcNA2CHIbDDSO/rhgGwwxDYYSy98BweNQB3GII7jOsrgk8zGwA8DAEexhIMIeGGtQHIwxDkYQo2stwE0MMQ6GEK7l9uAuhhCPQwLfSA7SAMoB6GUA/TUg+4Y2QA9jAEexiHPXCPbAO4hyHcwzjugXtkGwA+DAEfxvUVwT2yDQAfhoAP47q14x7ZBoAPQ8CHcd3acXq0AeDDEPBhXIYI3rQ3AHwYAj6MyxDBm+4GgA9DwIdxGSK4R7YB4MMQ8GFchgjuCGsA+DAEfBiXIYJ7ZBsAPgwBH8Z1a8d1rw0gH4aQD+O6teO61waQD0PIh3EFs3CPbAPQhyHow7i+IrhHtgHswxD2YVy3drwFYwD9MIR+GNdYxLMFA/CHIfjDuMYiuEe2AfzDEP5hXLd23CPbAABiCAAxrmQW3oM3AIEYgkCMK5mFe2QbwEAMYSDGlczCPbINgCCGQBDjWovgHtkGUBBDKIhxFERCGGwABzGEgxjXrR13+TEAhBgCQowDIRKiWANIiCEkxLjUEAlRrAEsxBAWYkrmPdRvAAsxhIUY11sE9yY2AIYYAkOM6y2CexMbgEMMwSHG9RbBvYkN4CGG8BBj+YbnvQrwEEN4iHGtRXBvYgOAiCFAxLjWIrg3sQFAxBAgYlxrEdyb2AAiYggRMa61CO5NbAARMYSIGNetHXczNQCJGIJEjEsOkfBIgAFQxBAoYhwU8awyARUxhIqYNjsErjIBFjEEi5g2OQSl1xiARQzBIsb463YYgEUMwSKmTQ2BBzINACOGgBFj3HCIf0gAjRiCRoxFHULCM6UGsBFD2Ihx2SH4VIUBbMQQNsIe22btiGy3F/sWun88m3CRCPFke3Vgg1Eb3A952qsDG5zaEH7O014d2BDUhvS/PbZXBzYktVH4XyDbqwMbBbWh/DNte3VgQ1EbdpTEXafbqwMbmtpwEeqzMQzR7h/PNtycDcfK9urABg1TB1AKmKfdXqU2GI1TNnJ+ur06sEHj1CWTFJ7vBaCU7h/PNoS/D3V7dWCDxqlFJL6fLWAq3T+eTRS+JN322sACDVLLSXBD6vbiwASNUVeAC/ekbq8ObNAYdTW4cP/N9urABo1Rl2KCW3C2Vwc2aIy6Uly4C2d7ldrgNEYtPPE04myvDmzQGG17vXvGQcBcun8827BjKV6ot1cHNmiMuu4kuCNne3Vggwapq82Fm3K2Vwc2aJi6HiW4wFh7dWCDxqlr/Q4LPrYXByZomLpGJbg7Z3t1YIOGqavUhRt0tlcHNmiYumJduHx2e5XaEDRMXccSrw0UpoKGadsMHkHl9uLABI1Sl4+C62C3Vwc2aJRa6oKrt7UXByZokFrygk9ntBcHJmiMutpd+IhWe3Vgg8aoawyPG3e2Vwc2aJC6Ria4d2d7dWCDBmnbHt4zdgB80/1ja8MCGXxkr71ITUgao22TeM/wAzBO949nG67Qumf4ASyn+8ezDRukuJVne3VggwapZTSexnPt1YENGqWO6+CGnu3VgQ0apq5pPO7p2V4d2KBhKl1Gge+ZojCVNEwd5MGdPdurAxs0TB3nwc0926sDGzRMXQt53FWxvUptFDROXRd5vMHcXh3YoHHqGsnjPeb26sAGjdNC+EsttFcHNmicun7yON+8vTqwQePUoR9frAP20/3j2Yby91lsrw5s0Dh1AAi3WmyvDmzQOHUMCHdbbK8ObNA4tVQHlzdtLw5M0DC1XAd3l2ovUhOKRqlDQbigTXt1YINGqYU7ns6L7dWBDRqlrtE8bnXWXh3YoFHqes3jzn/t1YENGqUuHwY3/2uvDmzQKHW1w3DZ1PbqwAaNUpcWg1sAtlcHNmiUtqkxnpdaAIi6fzzbMKPfCwpTRcPU1RHzfS8AE3X/eLbBxr4XQIq6fzzb4GPfC4BF3T+ebYix7wXwou4fzzZsnOI2Ae3VgQ0ap9qVjvDMlIAadf94tmHjFJfbb68ObNA4dW3pcZvG9urABo3TtuMK3O1srw5s0DjVo3EKCFL3j60N158e92tsr1IbJY1Th5F8OgBI6v7xbIP7uza2Vwc2aJw6moSLR7dXBzZonJbe3Or22sACjVKXYYNf4wBR6v7xbEGNzJKAKXX/eDbhQtSzTwmwUvePZxvlyEwLwFL3j2cTxpfs3V4bWKDxabzZXu01asHQ6DTeXP/22sACjU3D/T0d26sDGzQ2jffUeXttYIFGpvEePG+vDSzQyLTQCJ69bq8NLNDIdNk36DBge21ggQamxUbwBHV7bWCBhqXlRvAQdHttYIFGpevYgk6TttcGFkhUMsuN4FHo9hqxwChoYpYa4dPQ7cWBCUZNcH/Hx/bqwAanNoTvUHN7bWBBUAvSd665vTawIKkFP4JvLw5MFNSE8p1ubq8NLChqQfsOKLfXBhY0tVD6zii31wYWSmrB+I4pt9cGFmhcWk4ETyq316gFCpaYpUTwsHJ7bWCBhqVlRPC8cXttYIEGpcvQwSGFkBKjSIlZQARPHbfXBhZoUFpABA8et9cGFmhMMuXvDdleHdigUemKlRXwiFB7dWCDxqXlQ6KAp4TaqwMbNDItHxIFPKDRXh3YoLHpkJJnn50hpMQoUmLcf2CpvTgwQcOTj2zVMwSUGAVKjI9t1TMElBgFSsyVMStgEYv26sAGjVFXyayARy7aqwMbNEpdMbMCH3hgCCgxCpSYxUM4p7e9ODBBg5SPsXmGgBKjQInxMTbPEFBiFCgxV9isgNnh7VVqgwIlJsamdsSTGOVJTIycZ2qvDmzQKBX+I03txYEJGqTCf6qpvTgwQWPU1TnDB5PaqwMbNEZdrbMC5sy2Vwc2aIwKf/ZZe3FggsaoGCm7114d2KAxKszYl4JClOIkJh9HvhSEkxjFSUyOFGNurw5s0BC1bEgomBnSXh3YoCHqcBIuy91eHdigMeqaxXi+WESTGKVJzBVE832xiCYxSpOYVCNfLIJJjMIkZsmQ94tFIUpZEpPl6BeLQpSyJCb9FUrbiwMTNERd1pCCVaraq9QGRUnMJQ4pz9IHoSRGURJzuUP4UGN7dWCDxmjhijZ7lk8IJTGKkphDSb44RyiJUZTELBfyxTkiSYySJFaosThHJIlRksQKPRLnCCQxCpJYUY4EGOJIjHIk5uqoeY7QMQSSGAVJzJVSU541LSJJjJIk5qqpKc8qDpEkRkkScwXVlGcVh0gSoySJqdGBFJEkRkkSc2XVlGcliEgSoySJqbEgRSCJUZDE1GiQIpDEKEhiaixIEUdilCMxVY4MxggjMYqRmDJjgzHCSIxiJKb9hU7bi9QEpUjMVVtTniUtokiMUiTWVlzzvMsiisQoRWKu6pryrOIQRWKUIrGWIuHYQBCJUYjEHETCL/YIITGKkJj2VyBvLw5M0AB1yUf4NRbxI0b5EXNV2DyvsQgfMYqPmMs/8ry2IXrEKD1i/lps7TVqgbIj5tiRJ8AROmIUHTHLgfAGP0PgiFFwxCwFwmWd2osDEzQyHTfyHKZmiBwxSo6YBUFCe5bUiB0xyo5YW5/N8yKN4BGj8IhZEuQ5RsgQO2KUHTFLgjxNqdurAxs0Pi0L8vSlbq8ObNAAdcXacC/V9iq1QQESszzI0526vTqwQWO07V6D8TdDCIlRhMSMm+Qx/mYIIjEKkZiR/jzs9urABg1Tl6uEO1W3Vwc2aJhaLuRpr9peHdigYWrJEEZqDKEkRlESs2QIAzGGUBKjKIlZMoSBGEMoiVGUxC0ZwkCMI5TEKUriDiXBxQ5HJIlTksQtFsJAjCOOxClH4o4jQXTBEUfilCPxx5H3eI5AEqcgiTuQBMkDRxyJU47EHUeCXydHHIlTjsQtFvLALI5AEqcgibsKb3CFwhFI4hQkcQeSPBEBopJTkMQdSMIRgUASpyCJO5CEIwKBJE5BEncgCS6SOAJJnIIk7kAShFkcgSROQRJ3IAmHFAJJnIIk7kASDikEkjgFSdxSIQyzOMJInGIkbpkQhlkcQaTzH//79at687naH6vVXzar6uur/7+ya12SE0e67+Lv70QMEhKXeZWJjQpcqKtxU8AAZXfPhN/9Cy4nyQTazvq1te7dlNAlLydPpv76++8vxfUahuEytm+h+fLHf18u1fKn6dH1ecAvf/33xSbpl7/++/nHl+l99b/++/nzDwy5/DPGmv82Db5IPQiNmcjl/xkv/+Hd+l8N/t2sf4mTfPmRxH75Mb2AsP5Y/2Wm7Tw5rfDeVX0xVq2YoNsmSDNyGD/BsAkN658ddhBrnJptvMmqLgNFGeT7VCm/52I927kU65mv65kvK6yR+b2oH0FM2GZsA9dZ2hhDxNipdP3T9OLcsmQGexev05iamC8/8mj92im4U82sLPswiHmxaWHodZzJti0/UtrQDEuCncWBSvEF01MP62rF2Ass4Ox4qOZZ38Rm24htNg7zBCDNP1yyTsJhQXKvXI+6bn/88wj9R1f0xb39Hvq+Kncb59jV8/E6pvc5vm5ZlN+PdRcnLWGfhPWdfIF1fXGgcU9z3KWZzaQar+vq6jpf02EsxiC+ybDbE1ucMO2d6bq2CX3fig+aXoPYjpJXLkrX9e1jDH3RVa9FU9ahf5FqL464VKUKZVLbZlEhZWiqUK5jyBHYWkyvRDw/wq1vH91vh7F8GPPcMNe2GcP7KAXGXKBSNUFgV9zC6Sw9F6o+aY++lnfG8Tuz6hGfQF9NZbYqyePltRhexb1hu5V6XJcEt0RpVR6lkMm2Jk0gM4XMRClzfL2M1V1ctITtUZpCcgbJyvv2GF9DM06XWQg3nm2WSbWfvglru1k7SJlMJJbX6ldgFX2mdKa3p9liPP3tbf9aNeIKcI1jc9hU6FAXwabmsKkwnDHcIHhIU3N5mNKn17HtpcFIuPcHAw9znujF36uyrMOPopfLGCf8iuLk58ob9Rhf2776d96iS2jKrt0tas4dq2gV72L9tEn8bFPl0qRsaXAdYuxKoj8SNMZO8Rif8CuhP7eTwFAO17YLOz/Tcj9zXY4kIuuvNXSP8fVkPXI23RTeVZrBw5mS/OsvuPlzvko74uEOcr0MXzzWmv1/O6Ha+G0mvzCHatMty9fi+nZ9LZom1Je6vbWP8TKEYZjO5vDounYKuMTh5LsRpTicun0+G+x0kJgPkmEQ3SqxQZYxxH5zX8Mbg9Nk6TTp/IKvVT++lru9TZjqhsqboKHVh1/PlIugFrH/qSOPnU51Ticw123kVR5rbvbIczW57uRej0afq7wIH7Iu39TaXCW2qOtpd+SGWL4hFhtCoYvX+VWQfWJRrWFDxEqXCvKOKsN57lmt1y5RbtJruL7RBate+kJ6K7njBz/HwdcKr+qy34EWhus3KIfpNejlh9VZlWtdVPfhk8vKHRYIdrHOGl7rKkjrF0fCY9MplkXMbLLD+NqK+XkmL8GxQgQfQ3E6ZWC8jFSV0tkWRwKwEKLjuR+NXvYQrn0QSzI1rtmWGB6TgzPl4Uz5hNSY1amxa91e34a38EN+TsI/x0M4XUmrvJJtKU0fFwvPNlUuTVuGy/W1qOvQ3MJl2eXPDiT3QKDindMPROPIc8mUyHrKLVY+drAkUI7ZEx9G4x0PLzdXQD4AtlhsTeyAYsHqJJnBNPAjU96ktgzfQ1+9VDIu5XrEwCeFA0mepNIXu7b3CcBoxkF+K3dolCDLJurPE11iecivPrbNMPaP6yjRlakrGHNs1y82CFs8wDaPxZhb+iHa1n5M+1ZJnChl654QnGvhQsT0g67+dk8T8iZS+pUpFcM8k1NjyjYpzrSHfJJ2VGxTJyymaRJoGkLarNJfaWWExi7Nuj6x0c60DyfniM9zbrOok/Voxv5DqKZNTI6JEWyrlNpXO+PA7S8sgMu10r5LnJfHntgQlwAD9Up34TGM7b3r2zFcx1DOgNe9GK+ve6yLLev0up5Gdinny8MRhPiOYnKvU3pl+Pq43eTkpg5r7GymOJuUtrG6O12GSaV++yE3zWdcmei0Zhmu/Ucn5XBbZxEcp0pwcxV4GqeanCMFgOJSJcq5Sl4dXSmXp2HgwqTKkLoML8WjHj+J5bmb5AFq+IQyXkpntwx12KH1GfchLQlUIlVlGMa+/ThZDcshZK+0EmX4Xl3DRQEkca2F0Mo55eGohq4uPqQ55TkLOCEAMYCUJNn6pwz2L4PDkFEaFKm96U3INTZVuvrrvE5Mk2eWCdc0JkcoU16y9l5Uco8sh9IRmE7tv3XyGnmUeCTtc+V16qTS4/AIzrlDmjtXoknlP1IoDz2RS3SIk3KlZ1c+jnnpqfUM82GQWLMUHm32Xuk0S01luQEElOLg/KSGjBecIKP0LcO9qAS4mXB7tU5/Yu4sP5C4cECTEjjIqSOkhD4aynrmYalnc1l9c5k94Slk3EsAxxauqsPRTRy0LuKG3JL3CE0/k7tU02pOrJJIC2AjlMjLKvDUKtlIRGERJOv08Cr5TA9HPM4CrpUmOpUUmpIwnVM9zI094gTndHc/NOUqe7Z4YQwy2cFTUDB1cfas7AOKzxGHVHlA9wlp4d3juOcUqyJyAhkjTYk7oswiziOWYbj2VXdgw3D3jaI14HWwP95uLALlZr9P4PItCPO7hzoMJxcYZZQU3iW8z7P5ODRAk3NlZDQzhcJwkSbNpPyCEhkGyj5JiVOinvk0ihxEeGMEt2mnLRUKz+gZKFOXAjZXcgbC+9gX577j9Ao3C0V0B/7lBM+OuTXKlHnbl+Je1R+XZocGp5x5QQyVFHodhj8iqgo0LVyx3G6cFdwtq4xeX0IZ+mIHrU1sfmYBKWWrBJdI5lDdmn1mxkfce18/xW/kvQ1+1A42Xl8fQ+ir5qWVp5/rtnU1CZAkbaRdp6oeQx/Kqpw5cgtSLsmIXBVgOGhq6B8Px8UnNIENzdV5dC9VUx5oizbKuGkjXau7iC9tfw19eOmDzAdZjgfGGVzPSGd3Xtr+Xoy7s2W4ygRsA6ArU6aBXvq2GZ/KZ3JDB3zNOeXqnI12NorhfouBR+qcziO6haaU4ATnXiJXbbG3Fmifgw+YgBKYOrIfhGPAPzNWuXu30My3uGmb68474wEijm+qZBVAbPe2lxpzqTGk6gISSD1xJTmQCbuaJjrVf9sBmRmPPTcEWBnT3sJY1PWKksprxi6vg1yf0QBOPcAJtmxyLhx4SUZemNNu3Pjtx5vUeZwkZpSY8y2M9zAWZTEWUhbH+JSe7S2MZ+B1zEN5pZN5C2P3+FpX16G6vYWPl769V8PwCP3+o22U8xMFY6xkBt/COPNgJVjA4aGMXFWnPftjX/zowz+PMMjjyqkjnkjMkVMf/iH030M/VGXo+raTrlQiYCdl1DfLPMHHeGaVYCRSWZFaZY1HBrvlPC5vyIbRckQ6K0DCT9MlnttJ4NJK3+JWfQ/N0S0UPFYof/BNNnZGCuWPcJaozIRgGvpYq/3YvmjGy/jRhU+yr4aH0oZShU552SYirwhv2WGCvx8j6ZZHSvU3ST3ZnTjmCZlIqe4mYUJMynnAcCjhwlgARQ72OfGwjEQAwjZmlk4hgDcyJiYidzveftFfHZF8PFGHKFmxspCU3zb7sDL3zasy8IkZTEaOw5fjqOUbrBtvvzKaK82QYAGjxFpex7Frm1qqSR5zeQqRlXU1VSF0Y8pUY0YhFj7Q6jRvVZ4UJeXMB7QET8Y6VQCJlyl0qprbpahvl+9zkctn95CbTWg3p3QYqh3kzNPQlmhznsiRSj1cHeMTEfZREc4qF2hkTAUwQEISQ5lvihAp2N1KQ5SB6afBG8/TAbCKcbhzo927VfoJ2Yb7YEgFW+BVMdL7qVI785HGtg59cXDR2T5CQxE6A72SKtXFOty9eC9uO9eSHxdIf+qMHKMLdp6BV8fxU+uy3p1dcdP0eNR2BIEu+Y09ob70u0HavhpfhSI1/LQb2DOnzABU97Zpr3X7KBdn/syz4+CGUyIlR7lD1zbDbvUjLlg54fn/y6Wwr193EMokU8bcVVMulH85OybZ4RjnSqejasbQN0W9OLUHGNtyh9YrKbRVM/bt0IXrp9lZw+NaA2TIKYOuauB1JJKOyGkVnjjtQAVyRwGe9poPC8ArR+E1tgnZ9khJ46iGui3KqrlJP4MzqJWweSXLKVOOvwIIgbHItQd3DvDkbvH8KDS1U0Zii7yz6DYXqBeAoVi7MQu+efCaLV/IGGK9oZgU6+G2SEp5V/iQZy61Yx+Ue90WfvshMHQjjCI4lgbENkc/yBB73aU8ROy8phu+jCeMFhQtzMDB802VizWNd3n0lTxIPF0NG+yUofck8VpcX8NZot1wQ2Yov4YYzyPd61MKcZX34duP4TUU5VS1eJaDNLyqxaDI0CnTKHLveYWSwYwdPiZXUpvewsdlh0sYXgBOdT0OmcBcSW16Cx+7b+dqHGfGKekmb9WOz8ZPPoV0VF6d0slHhkdJnHobRcRkOJuZwjEHLztXgjZ1ey1qiU2wOAG4kgX1yIKc4LYIArgrqBI5XN65vz+iV911m6dT7b5UoBHrhYZLmin1Rt3eqmZf+8ipW+D8WwQjMfYuQcCSIXzPqBcDdjPbyvOVRZkzmbKoRc4+5gmUFKFrTqYPqEO+jRZvv4gbQw0iDGXNjRLBx6yOCEnME7iZUukcwwoO325KGUuPKAbHOaZwEsnTDDmJDPFwRmWhOPtZTkCKkpd5L96r++N+Tn1iOicBGJZsdJuNTprqFBt8iF8YAe5kE88Bp89D8Xmo1PkdWuXQr23ZtOPctGHnDXIOklfyq5by2iO+ySwAkD4L2owlKgTVigHvSnEU8g0fAxhkrBIqpFDoz8m/5tNit0uSyid/SqegSPhe9vQk/fbNVFwQPTvpSe7XYgiHGMYIBjt4Qg5Vhrn2qPOBzroXOMu/Q3nPudBTl5Jp2lwZFWwh7czmPyu05wwhA8jJ5U8u+eeVEty79NA8uTKBxeSfVSRYbsC9sriBZE4g6vGI8EI5A9vkkSjO8ycH2YrnT/eUqfJcWaxAopvwPp5VaXDnQ1k2SzLbqrweZRpOKtY2+dlknqxyIgA/uOYbp9zoXBI2xvHk8VvoyaGKlN0u9qInhSJ1PcfLlMRgEnqajuTzzWgplPANE32CW/GibP/sQZsrV3YNFHimn1IykTLSJclnpRGc72WowVNE1kBZzbIf4+yEcJQk2fpEKWOgT0Y4HJTM8FEIalBSN/ajDOOuzGt6w5OxLjZX6slrOnNDzlYp48V3G1P0WWM5y++KfqyK+nQYzo8n3yV61tItreEOCocfWEu9B8j1j541SCeJ9Ix7uYTXRMoSCZI8IUty6p5Pncpft7ZmT079e1FX5ewxnywTr3fCWUooE2WU9GB5o3n5LkVWDp0gciVv/eAgs+UGBGbBXbMIdhxVpBJBFNnWFLBfHpNbQinZaEsa6+zFZI2/SevOc49a53gSw3wG0TVMCBcBjlEatb30Q8cwOYSA5pWtVOQQfRgetfRPhC9hlB24mur6djgAnLaAwAisQoutdFQujEg+pdaAW+QPjqBZ+YO/n1A790Lb+aPcrfG5csd3rHnLEQxtxe4hT8gpQ6g3o/NOpfPAdqkHD6GWVKCEdczoviph+aYdX9pHIwPkVOS5dcrk3Ce1nKvuLbl3yuv6i5vFwbIUyZN8A0RItVOZ1fzwz/pLadbb5tcdevj19oDRPICMJKFM0xblK/trTHUafVi9iWsfinGXf7I8G5MoqaAnxmR6FnA7g8B4EsDuKeVhYGdSYIIpNdDMiEpDmlnZ1ON3yo23w0lzQiUx8FaYRn0+qeRifqMJ261dnl8tOPdNcDcRC1loK4u7GVMzEmB8HnFqAjgroSpo0mzRxkFS9oCYJj3+sn8ntxAeSsQDRExSQvg2Tass2WklNGR41S3dNodiw1zJm5J0Ho5d05Y64E65Eu+dWlie9SEVXRGNsk5+EvZEz1DRZs4oK7t3Y6i6hnpZRK1c7ZMCI84rU2ZtuqI/i2kNdwAtCIKJsqSjK/ohfN7eyka8sgN3KFXC010hT6/lwL+HtFxJy+omivFw8DV4itAjPM6VxIPutW3CpXncv8qNzkTeelU8QOwtQAlHGD7SxClxHjd1SSH7Sst9alKnJb48koaCs1S8hLy0w78kSH2klPWJSa1Ti26rdLG66jo+ZOidCZwX80EqhniT+JcEGjwFZTDfmKvUytEq+XRdO4xFfTkUXXJFCYIYUi2ZsiH1JHtxSqaarj5MXy7y91zxUBcxxFwe+tnDZ0w3ZG/znrRHleayK8+NOUEiUzZF7/rwEvo+lJcpzt6HFJnA2LGhRConIg1SamhuliKDm2/0XqRFjFVPrX2pZCI5E/gwPAM4BPCSHDVCQuOb1JOzTilNqlO0SnC169u7LGnnpQK4SZbagMEbjh3pYqgJYnYjm51Rt1X8bzLm4dGlUOZO1h47EgbneY2IbrtR0hhXkUVXSam5kEqLq0zmblKn5uUnCQEvi+SVmomkzr7ImVhR36fsU0piu8/EivpuoyzlX8UuEV23z21HvNJBCZ0dJJ7NlReApkpSPPVukll8XuigdGdJUtF1C8GSWrbJFRVEDSWcTsJJ5rEciccYmdYZ/W3rKlGUZpS9u6TYXULMc4VHekBZ97pKPj2qAstSMl5WeYdDKvjLESl6o3wXgIldggfufU9FRXLmAi9TFvkfhjh4+cdxRLyiZJjtxzlbeRGjKHMrO7l9GB99c5yy0JZa5/wxvIZy1zhqzcd9QlHmXwDWlNNeznm43zQkN9yztdTiUsmDOhniJL9oxBVQqlbZHYlHbwZookMLhlwJff0jmaCxaPUPl4Z42kqABX6qRBt5ilbZ2haCxnYpYZBalLc+2nJUWwuIVHe894Oc3hths5Vh7V7wiSHgvSuUxShS6g6qjAXfNjKEMimN7EH42WKIpLBRPtr0SezCCwMQf1lgezFwoDgh55XIcdoTNDfdkN4Hb0CtrARf5Zw27xBGAXFXjIjT4yM8AWRbK3HlEwq70c+oQzz8tVAHiTLtcdJOI+ZFs6my0f0q56zSkOtUQp3VR34WOxf6ypXn6kp9EDdhpwvJGfhAUmxCWC4R7p9akjNyhTDGSvxJijudPwewicysbJ22ij+WRHLaBFwsBOUxkIWESNTxxqygZJCSf96H236hRHPBdUwUR2TKBrCT2GHcNVTl7ShTZcrmxJrz7BdiaUsdsOkyZhRma1di8YPar9/CdXyizJbjw0CbnDIgwKBUVvHZINzdw2Y4ZWyAQfaFKBzxtGC3JMpsPRP6+9lze440j1NGIutAZ0/DcGbXuv2UvAUkk1F+MlKWo6wD7k0n7+2B5DF8tkyJ1kyiqz5cfuWIS/0imiIhW+iUWGYfhvbRy+w4Ry9XaeAgEpoFRgGw4xigdwwNHUNDx4QMIseWbK3wyS7iKoKNnQEXzujRQtjtjBro05NiVNC/vV25vbuoJElhKWSqgxMyPDSH3+jXSrgIOZrLvS0/1ROiEAWgsFPr03WEXzXekPg3UgJK0iBGuO8fbeBlv7DPyMrHOCEJNiRTe3jbcDuLyjlfqPRLN7xRbdiWAab34A4MA644cOz91n1S7X+tQ+yCc87lh12yW1EKEtaUeVcS8PhwuyUT753BCdnAGbXim6CG/UOCvHlpCgggBe0sA1ssoz72jBpCm+YJhE63WWlPyvf2+nmPayP8FXQkccoeyJPwt3B0oEULI2W25oQr7MWLJ6jA2R5jUD7sMxyeY+KXhHr4OOxOrnzrZCjuYah2xAYeJXvqQqO8dZD4/fj6Lo9J0g02UFYVzMZfxjg8BAP5I1X2gzj6Etw3hUVb94u0HvFS4BYj3RrTE9BIQ8WUoQL/I3GkK+kHrgzy4hm1O4SqzXCHMqojpGcxcfXyzcXZHlFUKpVlIT4zKDzUhoPolIT/IVx3OWPLi1s9tdRRaqdZXjV+UF+NnQ7k9F0wrtINklEy/4fQlN+GfREfZ6Qp60rOmplxKomH6fQZxWzKN7NW0XX1EvavnVp+K1Li9RslUZqI9ju2E6fkkeen7G047Dsl8soDSzZXiTANp40MebsZh6ysV3ZVGcLYtHM5pdx0/uSDMqA/4qaWxw0eCjqhdpOU+o2U4dCnqKnl77ClSlb0Z1CpES8ZKjf6pKcv9x49guOEfAb2WLwuovkcJ7W5eDheed4XcSffz9FuJYdnEia7cMS8Z06m5B4sYk7Qa97yVflSyFBX+xYrlnPHE+ILbd2Vt+dSlIj+8YlT3osHxBjsPdk+GFUyoXCQ4fPH9FwziNgehtdnBBAiQEC8k2VUfqL1go5lRZwFTBSmrb0YFYVEytzEMPYhjJeinErUdkWoPK+0fi9GypSx2/D4KpxDjnSiasZC91j4CI7uI0VZqA/JN74vWVCrPXOPBUD7ZaTK3Vfoa6fMIY+hKZrx5J0WziDx8Mg8ek6YSPnwzdJm7zzW4CuLJJhTJqal3Bn8+fU7hkY0Kge+4pT56WW4fWxq+MOwFizlVFnYcCz9Mrz0y0J3pEqq0fghaclOPDJItRu6yT2kOeBvCRriPipTNI9qaW0iH35lS4dw3lLSDHcnQblEBhZoRu1GEAJkVFpCbfm1aelHN706XF5k08pMvE8HzAEX3CLicFDzCaEEKA3KHbnK5DZaZYfkZU5nHi+HQrySMPTYkZ059c4gGHPwmnPlk0GPIRyaLnDoIFX2dXsMUyWn1DvcxYMZ8xlZVCU77Fj9yJENxIoJFHK6KTalRpgGKG5hX7jFXTQcYs+sqHpdTnK14ukDSi+DIws753EIPe5FstVuUBOkSImVYiafqHA+JcTmTsnN+UVKOOYd/lNlphnyTkn+XINZlLmkG8tW6ZY/xqqWKpsHChYBSKq0YrO4P9ExURYOcHYBlF+q9CLX0txw0iGWd/elIm8kFywhLlRCpaxj/BG+7sGvTDBnkQaB0rRwNh0ObkJAAwDOnIqT6TEJY5Wlw+9S7XGVDvfZUVWYkvL17q9SKv9CuNMOqiRXbta7l5eKB7kGnpeDBsyVXvK7H/9vmF5GES4BT4BBuTqop1xZ6v/uH1IqT8ZA6Tlon1yZA5WNxnjYQ72zHLV8V8Il/7ZN2OvRTFCvqUwOP+BwuK1qHVcBZSD51h0cGVJjNRjB//740lVdqKsmfPnr7//9/Pn/M6xTpA=="; \ No newline at end of file +window.searchData = "eJzUvVuX4zaSrv1fKm9ru5MnUOqrr6bsadvT7qpdaXtf9JqVi5ZYmXRKokxRdehZ+79/iwAlkcEXFA4BtffdTLsQegMZxOkBIv7nVVN/Prz66z//59VLtVu/+mv8+tWu2Jav/vrq/9vWu3q1qY/rvxTH9vl/reqmfPX61bHZvPrrq229Pm7Kw18ez//o8fyPvnlut5tXr1+tNsXhUB5e/fXVq//7emq/2q3LL2YG5T8FZl+/2hdNuWt1agc/m4nzD79ZrcrD4ef6pdydf77atWXzsVjNKxi0tFejbAw0RfdxehZVsIm6U6ba3pStwKE9A7HffdlXTdFWNafscmg0hANN+cexPLTl+mFV78uDr/SzucPJXBjRh/rYrEp/tWc7IWQeWLqUuydHA8B63ZQHa4mqFfeHv6qPu7b56iHm7mLCvrP6rtCI+1g326Jty7WPvKERboGbelVsqtar+wY2uOXt60NbbB5X9dr6qx0qHJvhFtmUTw7D91Df2QK3tEPblGX7WHh/sHcTSwxSR2PKsX0ud221Ktry3b6buqzlTi3wjzXr8teyqT5WZcOk7q6z+eli075bQcfpRqOyXT3/ciibH3Yfay790ujxUDaVMhrUgWrTlk25/mEtp6e3m6LacoXJ3cl4tZZrqNXJeEiHqpMj9erl4aX8zOXL2Yd69XJQdm/lxs/1pmyKnf0yy8SXdmD8Bg79VHx588TtyLb4UjzdyIF/1Px/iF0dvv9///zC9l33tkLKrXcP5eFQ1bu3TVm01e6JS3u9OyjDq4vhkI58KjbVumjLfoDlcuNkto8gfifi+2UeZTFaTdTNJZLar3tjD+qGY/lAlzh1U/1LbszfF03hNHcRC/znKM2vxeZovwHVSLsrVs2nk0GnvzrtMp3w4Z/u+2rXsjkwNPysDId0pFsQvn0uNpty5zT3QCc6o6uB0Zs58FPZPtfW218jN7Yn0yGdWVeH/aaw3h/rHLiYCyl6Uz9VO85vQBq8QexvXRdcULXfSstQ8s5xiQUVe62tDAXvm3q7Z4uMs7WQkrtdWVOu2l+aikv3yeRRmgwrXh5u8wk/mbuBaNYOlxZv0d9ux/x64R7H/Vay991y/yeHs84Z6dLm1vXg017+z1/37PJbZTOkfDfoohPuAV8sJLdFy9bVJ2MhBR+rv3ekgK+bj9XmbJBZON23PTh2tmz3JzuGvmhiOXxWXcO9oBuI9FvGzcpzXbwN1Hkt2WbFeUxkA32+09esROdhcyDQb7Ccl+f91foNjFTccFR5W2w2vxWrF6eDoHHjP89dGqDL9zoN6aeZIZFBqyshNhNZNk1tO2AjlSc7IWV+Wx5WTbV3uJikVbwemQwlvrv6VB5+YFGtbFUB5VZOB+1IrMfZupnUpvzYlIdnLr29ucCi5eTCoPZkJ5RMRXlcVplQrTLnPHcZiuZSyy6T4qC3m6rctd2MTI6jrwIh2pIDCVFxM8fl1/VNGweQ+K06tab3cq6qG7djxmnf7dY9dZV//7ItG9tlFDLBvZhyG+G1ynzGedhjMzfv/l4/1cf2g/Phq96JzvpGWvc8h7VxyWW80rvgPGpdkUy/vb819XFv/snJf878pflctxq1DQCrveXcKSPWf8Zxp+gEOl28RCLd712aCd1y9OQ2YE+2j8/F4ZlB5NlQIKFHW9qNRB6duLahwPb5sa22tkMhlHkxFUjsv/YMMqWRMAJ/q5r2eW0/sQCZQ1NhxK6YvqFV2E+o3BbVxl/lyUxAkY/94TnDJz+xF0j2F4YPShkJI/Bjsa02Xx/l/+ctdGwsjOCncre25jBA69lOIJnVp3LH1K0jW4HkdutYhoXT2U4YmVVhe7EDaFRGAgnkWH1WAVeeCuH6azzbCSNzW63Xm5Lp+xkbCyOYR2lYidXqhUnmxVIgqQ6gGOl0hcVGIvfP9a583B23v3HMR8RaeMmMiymd2UBOVN35FUN4XAwFEtqUH8umKdeP3YM9nk8P2gwlv/5YccwVF0NhhB6Y9lmHsPusw/E3Bo3SSBiBx323HV4/ciyyRrbCyP1c/naoOE4CLobCCP1XvSsr+zfAQOnAEpvU0dHz4XAsm5/KtlgXbWGrd9SY/fB5eIHwsdyt97X9iwsg8U5r2L6Hx72nO8IqVi+r52K3KzePCso89gD58XDc7+vGPn8FcsvwZ27oZGDnwju1ei5XL+derD42DjM6cEZjNpQT8vtn/WsAk6HE1+vy8fwi7VE9SWN25vpPBHJuXX6qVuVjsIHumv1AbpW79Tm4Gb3RmA3kxMem3rU3GLVNf+eWboZ2L7xbT02xax8lzGd1R2c3kBvV+lFeRnk8VE+7avf0WGyeHtVrb1a3TH8nlJu7tqkP+3LFPQBqDYdyRP4rDuEnQ4GEdjk7Ho/WF46Q1IGpQGL3x8NzuSbTWP/ckTNaTH8nkJunX6p/+71ctaE/ebtfC+zy/nRRK4iL2Hpgl45NFdgt/S8EdK1qyse578QahmkcNPmdYG6qV7GP3ate7o9Oazq0M/xroRnTwZz5VK/Yd0nYaiAX1GM81r8DMBlK/FFNFvyxpLccyBW13GWMoonBmwiX0oKcipj+TiA3TwkvOf9EyCaf/OGp+o+fXyz1/vj5hf38fGObJu8k4k41te6bzm3dOV7zyVWMasopxvb7OEtxCvg5IbZ3BS9KnC4Izkn5w1nKH8xSbI/Yz0qcDtHnhHyxHXYuUr44jS4zYlxHlLsXbiHl18fa+urgRc65OauoyvmjVk1ZxVjne7+IcUvzPiPG9mXcWYrTE7gZIXVre2PjLEU15RTjPPByj7vOwy73qPuH7WHgRYnT2d+MlOPBeQpQTTnFfHGV8oVbSLZyliKb8opxnhpVU2Yxdw9xJjwUHVRzXlVHd0FHZjHOExLDdER2Rg4rB/aHrS/lV2cZd31jl17RXcP68fPh+7JYl43zU3tg4c+wocSi3DeY027Sbjgr+xFKo7a3FVLu7w4nBhq1ylRIsS6LbY1Y58W3sdj2q/1aTyNWmeIWGy/OWn+qd/XbzkaXEOU/ikP53SijVf/Lc9qxBeZ8BecfUdlb3MoJYSPsqRx1mWm8Rd4p010L90Tpmp6cdeahXDWl7dh23ZHDyWxgJ/p8LQ8KOL/ZPNVN1T5vGf3pM7j0SLsY/EJg17qrEG+L1XP57dGp5OScU53tVWd7fXSvPGnnzrY/5A7l0sn+DdxCY+z3bbt3H1/PrTlGLCTvXbVeKX+c9F2as+SrSi8Ki0GlGA5pd8Sg+59/0GUz2s93CX5pNmz6z0aPjVNKhHkfsuiSr2jV5Z1rjqvWMXCp+rG9kJ2/Lrur1j9+ZgnoO2Xt989+U9Z11eU5nRRXvJS7dX/DN0iwjNV/6S7fPpWjbNxvh8lcvTzprY++ANccrxZePZXt6CDBx4ensnWtYGanePLIylP19mIvpHJ1C2sUPx9IxQ0fR5T5UQB5VOCw8Kt7VovKdfo409v0qdZp50GX4fVv3Z10Lvmdwafe4A209yMrp/rD2WRY/Z/ql3KcedJPfGfPOfOkhfJBcPrLvlGk68om+khnqJk47wFe1b9333L0bRnW86zryYEqvsVk3026ixksfeie591KJ8r07ifZM9H7jHp4ykcHacudf9+cPzfpuYiC89HjUNqwjoLfavDUX1fetZfrB5fqHhrxZ6Pu5T5MHXDLuIx1c4y+V+R65NXHmn0z65sK7yZXFsG9IVahaHKTXew+v12ah+IVv3j0aNeWfQxzSl88leSTvnjcOTqh1umLkUi39MVGAl3TxAKZXmlijcS65F8FQp3zr5qLdE0ZplPrlSvMSLZ7elOg2TO9qZFgp/SmQKt7elMzma7pTZFUr/SmZnJd0psiqc7pTY1kVtYvAIDGyu0xgJFAp+yhQKN79lAjme7ZQ4FWz+yhRoJ5lIaV6JY9FMn0yB5qJNUjMSeQ65uY01oy4yzLlpjTzAmnxJxItntiTjOhvok5kWaWxJyG8l0Sc0LNzok5jYTaZ7wEIh0zXhoJdM54CXT6Zbw0kuuW8RJo9ch4aSTUMeMlUOqT8VIrFZ1W/KoAQFV7HFkQGyxXbcblqd7t+sOXt01ZtNXucgX7aqmqSVPmY5X3RfOhzwFh+WcftOQ+Uulrij5Wtmd9VNPdyJJ1KA4753qqGF+tY1NMYmkovm/q7b41jz/177mDbnodwanCs9YOP6dofpUJlVgFdlXVPp3M2v+9tZ04wyz6K3p18719OoZrzgzNPztmZrB2ajWs7cnrUGd6NTB9Y2ec7rrbuOR+493asbWqccrrzMVoeAc29VO14/9mpNmbfSvb4ssb7o9kW3wpbvR1uJQXuaLeudSItfj9eN5lUX+2GV5+41zf9ooPnqVtHRwZX3tkcsL5sqODA4f62HB/CAOrN3FBLlN/Gl5h5nJDWt46Xl92duXnr/tArrTKcnhXDi4XWa444X6PxV6+Q+Hqa+pdq1dbiz9Wf5dshbn7j9XmbDaIE8NN3YfxXWy3B6XYCPd2rtaex3irvOu+WWl7dbFt3feavtR2/PkKuXOvUwvcXe44bemUeU1YqMM4B0WtaPfhcF4yiIY+wL3iYWyDOyLwyw1fgXfejzdwB+qcqDZt2ZTrcZkmPmd68/0Ny9XJfFinqpMz9erl4aX8zOfP2Y969XJQlm/nys/1pmwK+z2koT/twHxYp363z78z44PrwzkryQwzrk4/14Rr7kzDNeEid4bvt+qz8bAO6Z7meDvD8D7nmiMUcHwYbC4vf5arnGPULAAC/DDYKDrIks0CyHooV8emar+eU3hYaJu2ZcZETu9CVKMwD1UeW4fPYyDojpix/hj6HuHGpkOJfsR0XuCpRJGHvIEJZnH9wOutkNphlin3EB7yTu2ZZalU8639MdhQ28iIv8DhWPJLvyNwvOxAm/85HpFAVT7vSCa9xPxSAwv2eqxhKtnlvQaW6/xkw0qq633SGc1ed0lNxbu/3cDKPZ9vmMp2esGBFbs/4jAW6/qOQyPY6ymHsWiX1xwawc4POkzFOj2ZwGLdX02YinV/OIEVe76dMJXNpje4ULdHFBqxHu8oTAV7PKXAon1fU7gI550A2d5UGLvi9KxCI979ZYWxXN/HFRrlLO8rzJ1weWKhU+78ysJUrv1DCyzV8a2FqUzn5xZYrd+LC1PRbo8usGKPdxemch2fXmC9Pq8vZgRfTg2PbbW5rOS29fq40emU/9R+tzz4WTG4Rlqumq+DW3QfjztZFXr2t/tGDjt25eacku52xMPo4omNpHPrINpoxh8bZe7pfmZ0lTuHv17fKIgSx78ebR1Em9Nfb9yWV9dTuSuboi3/MbqFayRr1DSMqvf/9fY7N1FdyzCaHEJr1JRXVXVQdy3+1u2d7VSNmvKq2hfNoXxbbDa/FasX8gbISBswwKCQTHV/kbPxrthYzHmPpzZck9/HakfwrEkHXWSc27v2z6UXNGHfvj/+tqlWD9XTf5Vf/7Opt6rO6ijLr53mWZucflz+4LTdrl6X6q9y7W9//pdAGPolBQTMraoFmpXTF/GYiry55N8zWXlSLYPmjrpMqCubvGF2QFepQ6MGsr/raKpxzQUbB8qh5WCu9C8bbNIcXnXibNPyOqSTfPNbpwa6La+cOgg2v296VW6Q3h0NHubMcmJcNQ0yaKzq465tjN4azsm6u9hx7MC+e3ScrG62RWtY531W6NBSEKmSYFRm9XBnlQ4MBRG6rw9tsXlcGb4rmtU6thVEblM+uU4MQ6VnM0FEHtqmLNtHiwsKs2In5rhEj0am/X7TvUOv6t2D6bOgyS8QG1xj1UjnoGiOxUXSidSpmUAj67r8VaETI6xkqlM+S/90MewYEqAzuZ4eGHvi9vrAxxXXBwjmLnm9QfBwzeUZgrFXzi8RmByyeozg5JX9ewR/134yzjBg65JlngF/V/5hmm3A1hO7nAMejpg+EzF2wOqliIdwp8cixl64vxfxcMnhhYWxQ66PLOzcoS8H3gzT/Vx7NTDzU7VtjWvzpZVDcikk1Cu3lPFJl0WCKVORDvmlDEyzppcyd8U5u5SHS9bJpYzdccstxeWKeWopN4csM0t5uGWRWMrYFdu8Uh7yrdJKGTtgn1XKwwXzpFLG+hnWetwppYy1+6/u2BNKGWu3zCflId4ynZSxBy7ZpLzcME4mZeGCXS4pf/n8fwRp9mZ/Aw/Ew5YOy88Bq2xYNk7YJ8NicMQ0F5a1I1YPAz0c8YBwTImwfMQ7H3jzpMHykG6VBctYvn0SLDsX6K7TnTi4XSi84eH9RR3fkb3qriCLy4FchiXlrFCvheRAp//ycVam72Q5UMoyRc6K9RuGB1IZBt95oTxfPMNAS2UOx6bTJUkP0EhMBBmnaCUHT3l39c6uQvAVo4F2NFA6x27GUP7RA4ZC7d4MVC8cBbX7Ca/P3eHbXGMEClluMpK+m1k3cKn2ukxjJrf0HTyGenlGDgPBqLw4h3aXIuOObqi0QT/w6VcGLdIQuQm3KIRtItsXwpmJti2HbaLcqSK2m3zjHEYmuu0SGjkKVsTYeWsHdSubfos+Q/msusMIpnz57aYqd/KRHaFVZoSZNmdjzFTmDFczVDq1EAKIv63rl8rnluHIQKju/FaxNyrTrCfHjUN04ne7dX81RcZv2ZaNU18iO0GWnh6zm1aj9xwHe3HmSvff66f62H7w22Hp3el+YiN/gmPDZeOc87isd8ZvdL4ifvgp/K1sVcI9jyGF2gjyCXysm1XZZ5FlE3knrTZnq27dPelD/XLP98Yy9qI37L1ZN3fE/fxR54HnMaSpdPfTSCzc81ByRjadU8cvvs2mUoen3mYzqPc99ZGBUHfxeITdKUtuf+BxR/mnDTWR6/kox0zylq13t6F7t318LtwmDST3bC2k5KPTtT4k9+h+gc9Qavv82FZmicaMBF/shZT9rz2XYGkpoFSrLL0Ggu3z9DrJXnF+dasbfHTGqYUN9NolF3aXa5Vd0VS3fWJFNwe+cH2CylJAqZbZkA0ku+RDdpJunhHZQLVlTmQ3wVZZkU1E2+dFdhNunBnZRLRdbmQnwZVZKkgDtZVFFkg3qWyr4yr0ytg857SBWsus006CLfNOG6h2yTztJJ1R8w3EWuSfNhFsm4HaTbTrjTik2OtWnJFc25TZBqqdkmZ7i+de2PklznZzxzx1tokDlsmz3SQ7pc82Ue+eQNvREeMU2kbq7ZJoO0k+cO4XDzfYLxrm/TZRa5H520mqXe5vA8UO2b+dhFvk/zZQbZsB3EmyTQ5wA83WWcBNRY+O83+qd/Xbzoa6HvDB/UWcxhTfTYN0McxV+mazUb/jtj+YEXv3VLbFZrM6W3fsfk3X6l1S/y6EO6uT5WCuzMaUecm267/sUr/NMKoOvH+CUYmHAH+DaYL/4R9ht1a5Fpx8OTUOwud8IPJYmT89vnQTOzYmUj15MRI6+nvLtMo/lW2xLtrCSe/IQhgyO3yI91ju1vvaMXcCEHunte7Y4+Me1TGaYvWyei52u3LzqC4hPfYXQx8Px/2+bhwzhCIHDX/r1u7ews0bubd6Llcv506tPjauG0HglsZ2UHfk0o//LwTsBnWjXpeP5+Q0jyo7TQi3rv9OSDfX5adqVT6GHSSv/UhIB8vd+hz/3H5pbId052NT79pbjf2mP3Zzh2/i6I0cfGqKXSvrVwcYXXTGQzp0qrb+eKiedtXu6bHYPD2qlHL8Dpr+WFCHd21TH/blKsjgqbUe1CX5r9hcOFkLKblLNPp4dLvnj0QP7IWUvT8enss1mRv7bEjssWT6YyEdPv1c/dvv5aq9ySBh95O3cH5/eikRzln8E7dw7thUt3BQ/zOhnaya8nHuU3I7utG4avJjYR1WZ36PXUqwIB+n1v5N3Aq08pqxH9atT/UqzC4Omw7pjDq+5P/bALtB3TiqeSdQpOnNh3RKrbq5Y2xi9XYuSJHhznlMfyykw6cne+x/NmSY2ZEhd/jx84uL8h8/v4QhDBunYgMnOXeqvVt/dV2hO8FsPnnJUu3ZZTl9UWdR7p/InCSnpwEXTe7vAeZE/eEn6o8QopzAxFmTO3qYk/TFaRi7iPriPlrNyPIaoe5egkgqvz7Wbm8GLsLONvjlVX5Dg2rPL8uthuFFlkfpwhlZTuk5zqLc83DMSKpbpwuVZ1GqPbssv8E9yNjuN7QHGdn/cDo4vWhyPyedEXV0u8B1VqXas8v64iXqSxBJ2cpPlGwfQJbf5Kzah5B19xBnwlfbQdkIoO/oKe0YQpbfRMg1DZKdoOt6JkwekJfyq5+gu96Cc0/pbl3/+PnwfVmsy8YvCxkw8+faVGN5npvsaddpN92V44in0d0bDC78d9czFY1uZS+4bOdNg0a23ybCWHb71XFVqpGt7AWRHV/uqp9vg3cpMv+jOJTjrOv9z1/1ApsJkTjqcn1dZvb0yDqHLQUZ+Va6JKY8cu+U/a6ZZ8k9Te/OuvVQrprSaYS87tLhZPsW7vRJMh/UXYI3m6e6qdrnLbdnfdrM/spCMfiZWzjZ3YF5W6yey2+PTeGaaHzOve4HVt0PrC8/cAvHtj1gCOrc6Udu5CAe+Hwz+GJLQQa+db0tKs+/wkTk3dmqb7ePelLjwnPb7t/tNk4bpTknOru1snsLN1zfos+54PUM3U7+vnA7iZyT39u8ifyyOVSHtnTjs7NODC3fwpVDsS0fHJ9UzznS2fV6XG3pRrlyzC0x68TJaigX0NL9bd2UagZxX7dfbAR5Etu9xXqrLuOrLN5sSofPvDYn0969f+5QjT+rvnwBnxsDiyHUZ9ElEfCqqzbRHFetz0Zvon9kNPgfYF0e2qb+2mcp53Ojt3s42w3uyVM52cR6e/FUtvXZ5i08YP87PJXtbf8GKos2qwPtyWRw/dWhO1sod233tntwwc3bi+pQEMM38EXltx+nK2fwRN1oe+rNhvBjjM6r9Yp5Vr7rbK5ONoP/JboTih8Yv2l14nEr5e84FxmdwRstLVRmJPYBVZm94Zg6KSXp74JveYorXy9aW3/ftnvPI/GzCbYTFiT03XtPmb0BLpHsC86hPt7V5qnrdLcR+frVs5KklWJUS5JBPEcpyRk/4Iknx1lnyFPOYrOpP//vY9l8lbzt3aeyaaq1W7ofKPhO/sIf3S/I53H14Bd8/wTzxyTFfv9L45TUXuPIfn9s3BPbm8pWi6Qf/EAb4FEeKNlOOgNUC4jTrrpQr14eXsrPnPrr1ctBmQwsXh69sfe/ygJ4m/5fl78dn57cHvtj+QOLoaV/LI4bicrda3nrfJCmuxb7k+mwznws12XT7ZsfyH7E25ezZbaNyTVXqk1bNuXau26Xxp/efM/GVyfzYZ2aAH8+hyaQP7gzvGA/NNK/Ocy/Bca/4lS9+w8tBvF2qd4FACFXHeqPKd42ZdFWO8bvp3tnL02vLqbDO9O+2e83lXoR71zkW+9QW1zM+xVoNXWKrWwudoq3ZK6pUwxlULE7XGVQzR1RaWcZJ9KhyeDiZTaMn6ttyTqSnQy3Z8OBHamPLeuf4GQvrOwDOSH21s12NnxNOO/AepuBtC13xa791v8620i7ssp1ne2KC8dD+b5g3BMeD+W+CL8j7EbjN0++N6eo8qZ4YqFoBuJ556iQk9Pc4Wt3qZ/Di87O/3OHsGfR4Q9iZT8HP4wdOMR7IDsnn/NQ9uIA+8HsdRf4DgepG8wHhPOuMB7SDv3gPqiddYL5sHbgR4gD2zlXOA9tL26wH9zOuxDg8HboS6gD3DmnQhziXnwKdpA761Kow9yBX0EPdOecC3Koe3Es3MHunFNBDncvToU74J1zKtgh78WxsAe9c84FOuy9uBbywHfesQCHvkO3Qh38XnMqyOHv2LFwB8BzzgU7BL44F/YgeM65AIfBF7dCHQjPO8R4KDx0hftg+IoT3IfDI1eCHBDPOsR2SDzwg/egeE4+42HxRT/3gfGsA/wD8u0GYO7D44sPQQ6Q51zhO0S+OMF8kHxFPt9h8sgD5gPla07wz3WhJzl4uOxRJ5jaCPJu1btAMFTJVBl40ot6J9zr0Wod8KxDayFeHuqzav+jtxhc+ofiM3eId/qb4nNzNsvvBP5S3asvT4wE+VbX9Y5R3V1vzrt3p+WVR68dO527YvNQNp/KZvyEx9+Hk/WDtM70+OSaSyoF1T/qbuSsP7uVW9D4o0zv6rY4mw7szK5+W++883aMvdjVq7PN4PLb/6yPO86/wa5uP/YmA4s/HSUwih+YDCz+UO7WPx48t1y0+Ptu/fuBY8N1XTzPioG3dL2N/H/U8lSZV/+uXvVGAzgAJ13/UwdlIsiNC31SF0+hIXK69F2p48g0n4uvB3zpXOaFkzf6vrK5nuhfF+1LUqnqGwQJy757qJtvyz0RDocTmlTARX9vI8wVrtWqPBxIJhZfkXfKKlcyllMf6lzo6zmW6wdZkY7RjbPlw8lyWFd6kM7nQY/Ogwtvyo9NeXhmVt9bvY0L3cjAJ723xi55bpDheLM/NhUmM7P/MheovONa6ZLO1N274rg7gdzguzFh5si2+FJtj1uWuyDIn97+rd06bKq170UJ5M7F7m3caGvPjJnQid5qKBcMBinvu+1Tc/9vDFb0uiv3n2H2sij/Rz64KhroC5+9zhZs8BrcZws7gM0SePZBbIDiwwxk8xcKeAez4b2CAAOaCUztWzxweSYNhUE15ab0vM4x0Xh3NsrT8aob9WiPWf0TxzMDE+kHdumHkNJhoHc3d1g2GANDf9oZm2rkm6uH3WjS5e+Lpq2KDVvPj+39qf8AQCrv34H07ZVsj/JswzPh48UG2xiPIofhOE+ZCH3kyCVxeODoHxx9912X/92XfcWw8tQ4Ug6tB3WJ49hx6ATbqeMV2Qf5B/C87jASfijPFoNKZzsvHarnPS695oC8wsRy5j72obfLdeJ+zQ11RZ9R/9lgUOEH3m4P1ttwfvrF96i9MxBmblqvm/Lg169ncXcXa57dKjtMJ3nL1Jd3ylJAqb9VTfu89n1VcBE8tBdQdrktKr8UEBfJJ1uh5T5+KpvqY+U5NxLdQ6MBHfhYbKvN10f5//GoH1sMKP2p3K25xra7s7GQgqtP5Y6zq0cGQwrviopwDdRnYwEFV2unYsVArbIUUOqmXhUbroA4GwsoeFut15uSM4zHFgNKZ9R8A7HV6oVT8MVcQNH753pXPu6O29/YRmZi8kbiued0ne2Q7lTdM3Wu+LlYCym5e5HeNOX6sbvTwxj90HBQR+qPFduwfrEWUPLh+BuTXGUpoFRV7Gn9WPihnovikcGAwj+Xvx18a8teVF+sBZT8r3pXVr63gi+aB+aYRSOO8GuxqdbyWNcTJhBDfNR4mUfZpZLUu5msOu3XvYFiYCGc2K7OmC5bjqlcYCOc4HEUmEoM/Cf37cGb9d5cDiFzsRMbIfDc+6LxedE7aB7k6FORj8OjW74Mqu5uZM5tWB122DyGeDy6ZVeaqB7b45RNQ/d9U2/3tiOpahQkOI+H53L9pn/wID8E93ySWmOBeHLza7E5utGQeal3xar5dLLtGA3ajp15ztJX/62b7yu3Z9DX3Br+xnPl8Sza2r1VvS7fPhebTbl7chsH513r7K8G9v8dbv0k38yHdm57+pUbubiuDvtN4ZQV5IpbF8s3cmVTP1W7QN+WtH3bb2pbfHkT5GPaFl+KW35Fu3rnxuKv+HGyeyM39uO5nc+Ps+EbOdL4Ja+84g1H3koHl5xzA111xy89kIMr7pdXrvrieY3FxRm5ZP6pXgdySJrfKvM3durnr/uQTrXK/I2ccr96dMUdz0tI9o64Jri85odXlktrN47V3yViDfEnOVabs+1w7gw3oh/GyYU9Lr5jS0G2oCwJumf0Mqbo1vSv9o/R3Sj9W1PsWr+/BDUT5M/gMyHqNPpPhagT2YdWrXzPQXVePIgV/1wE0FCQePFOY66XeseTxRx3qs4drhojc26xFhmxcq86ueVRRGnGs7NHvsWUnJ36ud6UTeG4Azb0rB38xg3c66qcMHvTm7yBeK5ZXecJ66Ru7lbDOqkjx/pfeOp+oT7/wg1c+6SQePmD+4OmGbdO1n2fN11ziaKiD4Ot8eVPZUaMRm1DYdgPg22uq0DZNpTAh2JbPlRtSTiRmcJx42ASy9WxqdqvbzZPdVO1z1trmRMDIThhH7R/rz7KWiAuXxgxEeYNMpewu5XzZ067Ssfd2aS6z+mGUo9sUo8BpI7CVObo9JjdRgbCYGuvko1TfRLqehZpHHebdlnknDMdqK53fjnSjSQ35VN1aN2ufwPNA3NBRbfHZudYfRiq7uwdPSoP62TTL+/d0WdhObYQaOPvX2AUyOQrLUp6kf/dPlLvu641E+05fFDRHOPHddFs9fyQC7yV/MwccmYfyAE/4KEVPBxW3FOaBM9k8ti6foTTxB+Pfl/gfM4AvxueQ7EMlzuvZSTh6dWBnRAy+4MOHq3UWAjBkgb4Cj0ZCSFQOv/YOvLyocqRJSapwxGJgVDeBk06T7caEuk33+rBI/qy2GRf7HHLpjHR8R6fe/7Uxp8tzwnU553qZNJzIVKIYOn+WURMxTsnEsHC/XKJWIn2eno8o97/2bGpG55JRbAPHHlFTB1wTy2CtXtmFzGW7ZVgRCPdP8eIsXznNCMa6X6ZRkxlu2fwwLI9k3iYyvbM44G1c6TyMHWAV/ltJHvk9NDI9k3rYSrdN7MHls+S3MPFhQCTLG+KD2On3LN8aNzwTPRhLJwl14fGB750H+buOGf80Pngl/TDVLhj3g8s2if1h6lgv+wfWDdDAhBT+R45QLB23zQgpsJ9MoFg5d7JQGakX257HNtqc1lVbuv1cTOrWP57x5OAgQAxeM1Zrpqvg0dqH4+7lTzauKqib+l6LqFcn9PUPRYYZ3KwFnc2EU4lrexordGzrOOMwnLn+rftW4bT5PO3pSbCqXT/244NBFD4VO4kYv7H6KmsucBR+4D63v/X2+885HXNA6pzDcFR+wD6qoM6aP5bd0zgoG/UPoC+fdEcyrd9oWVye8lcJbDCpZVMsX+R64FdsbGdax9PDVkn3Y/VjlzZMO60i6CzEa8+u/SM5kNp3x9/21Srh+rpv8qv/9nU2x8Oh2PZ/Di80e+gftYwu0eXcJg0Lr+0vxssweQ/A7rQb6w2VTnIKXHFpvrXli4r1Zg+vblkdZnkwppbF4/kACMuEntzWqhgzCSNxN1ZMslrRrXXEg6Df2x4TmPmQHUoiOXgrvy9LoyrC5o6sTnbDCy/Uc9YGcVfLAaWblxo2ky3XaVpC9FidJDUlqv2rWz2vngyWjqNfmpigWdQGaUwoz9hczNjJFZnKcBAWNjdAjeX6XQd3Mg8AyqzcMMWmDG4IB/OhvFj1Zu+hTPbol09v9mYXTiw8ETaLTaOH4K1G/Xujbwa+W25M0UjFs7UO3Xxcn2yfhuXzO9kWfniswyyd0JuMsP+ceRX82/4C9m9vbBwyeERhq0jYrTU6OZ469m6b8c0Rw+SJG739a7ctcb7rksLz33SoFPUKxaLPrloUE3duuXi+9yTtfdNbTeHUnHSAJ9Cj0yrVwW6ZFedM8qbUdVAvnsWVRc3Vs/VZt0Y3jO/rn5gLqBom6Sh1zVbJwp1kWyXHPS6aIeEoC6yLZKAXtdsm/jTRbBFlszrgm0zY7oItkovdV2yfWIpN9EOK5lZ1a4LGCvZFpmwrmu2zYHlItguC991zQ6Z9wxlk6XQ8Pmr7VronXUlD4vF0Ltj67kaOlkItBzyn5BHArlm5HO/XXv8zKV7aDCk8MsjXK/hbCz+8vjWf0wDDpCP7RcjqAuN/2LLcy0+tV/2nl9ab+DPu+8YCmTbd5y6LdTadySaZ+17RbLvInKkmGUReUWw/5psJJlpTXZVtPeajKjmWZNdke27JhtpZlmTXRHMsCYbaeZak01lozOyv1heJzg3fGS5WTCYufpDx8GKwWLyehyfXJZrz0niLyYQsFy/PTVwn9kmysc22f3gW1yaKGdYbv5l/mf0TzHVza9wrg1+4bau2TNQO8ccaSiPW9Zc1MU3N0Lq6+CJlf4t8N/vxE7/TX9HT2Zn5ysHvXNweDBvnXI1/Vy7M5+Tq9RW0FmM/pj/HAYthp3B/HZt14VzbOP+MvcrYXmSiYN8gMnJUZ8NrIF73jtaJ6f88I6BWwy8x8kxj727gVe+m3knlzwQkYFLvszIySWvAwsDp/xPMBzd8jnSMPLL+4zDyTGPQw8Dr3xPQZxc8jsWMfCK4ZzE1LHLwYnKd2V4WKKe6jI+vZCLXPNsrEMVg7ZOCzKDFJU8wvoclZb5CTUWDQR/12WZlFfTWaWXQ7NhnOhLQZbrB9vRQyP/bNBtwLAQbj07aRW7zUPGUq0HZo1Q/h4dDQwWifZGllU7/gFhVR93bWOzpp8KursYcem0vkt0p4N1sy1aOzwNJA7N8IuU81vVenbjwAq/xA5sF5vHlWk9Va3KsSF+oV02fZchfqjxbINf3qFtyrJ9tMmYqZU5scUidzTe7PcbxwegvXligGUEosVu3uz378gbCE2RGyKtbxVK1If62JbNm331fbFbb8rmP3eW+qYGgkt9N3of0/+uq2xo7AYuTI6lvf3QWeRxZvzFqZ99W+/a8ovNaQXR3Rvgn/P3tg8MZ4Tdub0pxBZN4qN75OITDYP2YQJ5eEh7tWjXSOKoJYs4MT6l/kmmvvxcNBYPdpW2cWv+jwbUg7YOT03Raub9sz3EmJfnji20dkOAimtO+KIJa2e69efbjp2WO6tT7iuOdGZXA7M3dOKnsn2uHbY5Rq5sT8bDOmSPiK444QiFrIW7YKAr0p3Bj7V4a9RzRbkb3LGWvatNixsbqT6ZCyvamkFdUe1GnaxlN5Z1qoy0O9WncnZAHnlyij8ZvIlw5o6XNm/T765HwHrxXkfBVtLPxY5Z5UurW/cDMHsXfjatgGTlgl01JEcXXA/mdeK9DugtZLsdl2lV29XEcxTtgnKvCHeGtybi6eb57cx62GAHDZoH2eO/PR7aenu+eygPFn7qrnLanUnMmAki+1u1lqZ5sAyUjluyb/+/+9I2xRuX1FdKHmn/Z9r2I2m+W37aXcG2+1g8z1bf0AnXDSWU7rWZNBTsvpGEkj03kYaiHTeQULHP5tFQruMeDMr12X8ZynVeQkPBfstnQ8mOizYo2GfBZijXfd0DFXuuefSixxmVLdLKD81fWnIzgqeyJYWVzSU51VW+vjT428myffZOJY0a4F8cfKybVfnBokDpVXl30qR1jdI5u1cS557qmTLp760e+9onoV1wHF512n3GV1PRjgMsluwzws4IpvuHcRUCg22DS9kBgyGhs+o8HAwa8w8F1u89NaIcH3ZOrfG+4JxX6/RU01yyQ/5anV7XlLWzYoch+oOqyCD71z4cRq2DbGYZJN0pMw79N+4cnUjH+3VIqM/1OjOxW54e3Qbt0fbxuXBYoSChZ1PBxB7tQTgSenRE3oYi2+fHtjKsCnlV6sVYMMH/2rNIlWZCibQr6X5FqkMxd2vBK7bvahX6szKvOH9FqWWteTehdgVwTRQ71Ly1l/6F5SNTZkKJHFeq9xbrVPjeWrRFyfsrem2L3dtLtStzf02uQ4F7e8luexck12PzYiS1Mqyre0VnZVNK114kz+q1CrpyVeecHDrPlkJJ3crrx2zf1NhcKNFcakPLrFYvbFIvtoLJdbo4iLS6Xxk0Erp/rnfl4+64/Y1n3iL2biGbdRGmMxzMkaq7nMgSKhdTwcR2p+ZNU64fu3Nzrs8RWg3nQv2x4plPLqZCiT2w7dsOofdth+NvLDqlmVAij/tuo71+5FmcjayFkvy5/O1Q8Zw0XEyFEvuveldWLowOqB3YYpQ7OgLfrdUVIXu5p5b8R9/OqHCsyZMRXrqGFw4SkT5UEEkc1SXHhW8NrwuQ5tzXGKyrpo+1uZdMv84ufxhad2WYyEgolumGCLUK/VEh7EFuZKjX74cOr4gfRsqPn20SIivzP35+CYALNzY1ocdC7lRjh57q3Nedtzef3AWpxryC7LdGZzmOm585Mfanzxc1jkfOc3L+8JDzB7sc+5n/rMZxsp8T45Ad4iLni+PCeEaQ+4hzZ51b/bqY8uujXZpjKulsgFlY5fHBq8bMghwST10EueabmhFkn73pLMcxadOMmLq13+Of5ajGvII8Bmj+8dljeOYfnf+wfyJ7UeP4FHZGzvHgMV2oxryCvrjL+cIvJlt5yJGNuQV5TKeqMbugu4c4E16qDsoAt7Kjj6gjuyCPCYxl+hqcHnSN3naN7EqlK6ujxjx7sXhxlvbT0Pp/FIdynDOv/515hdhGkPemo59yyNmF2rOfyIx+xPVEBhnh34nXJEeit7q7elf2Fh2+INhzVzr5bV2/VKV3N4/M8Hf0ut4Wlf0idkbe3dmkT0ePe08j/rlt9+92G/sRdU5+Z7RWRoM74EQ+58S7Q0874fvCYasxJ7w3GF542RyqQ1s6PFqelT80G9yJQ7EtH1xg3pwLnVF3rGfpQLlyuaswK/9kMoh4tDL5vm33PquSc/twE/0lj6X3PDQx9efCMFd0+sOYmT7lRjLXfPEDM/aO1DvHsnlm7tQ7n0J57k55rjC13nCsMy3c8KlraOqSdzlDV/f2o4xB7MPX3dl+c7IfzC00hfyj/NK+Hdc6tptDLgaYtrXpRWWB0yh7CZRvv7ZDoz79Pei+iw9ZNCwpvTu0zXHVOk/SVP/YIrv4WMRROkya25Sc8XHXGTwX1+ZXPwwfkPXDT/tT2R7OBoNrJ9lBvKW3J3thleuuK/nprw4FsRraC3StydcHlaPjqbcZ1gN8tOrnwblRcfTeLJuMPnW1XrGOPp3BG40+/cTOJPxi7Saq3+wrXuHF3hEZ2mt/XzxxrRV6i3vnHGsW6htdwWw/F05m2/pQPe28T0Vt/Xh35PoCxo7UxyDfAlwjv3vvc8jSt2ZZHfOuLIfKGJeVp+7SXcRi6ss7jl2uidZvy8Oqqfat+zpyKns9ssnrATyH8z59C3bmVmw29ef/fSybrzKD37tPZdNUa5+d9mh/Lc3/0ZmXxZPqgXmvbp8/NSj2e7t6zLMu7PdH+9rLdoLVougHj6ObkWRlzvX6nZ3oh3LVlB4wBQg/nEwGFV+vXh5eys9syuvVy0HZCylbAgrePpcmb9Hn6/K349OTw/NgLHxgLqjoj8Vx03qk7Napl3a7f+5TV87UjY/lumy6vTtdFvp5cTbLsyq85kS1acumXPvlnNN40tuu1vKkZnWyHdCdSrnxIHcGT28cHp9gV3oX1I7jyfldiqkbv39+ObwtVs/lt0fHmuXYjc7uqrO7PvoULTd1Y1u2xbpoixCunGzf0J169x/F6uXtc7HblZu/10812zdf734rVi8rZXlzshzUlf4g+W1TFm214/pOurow0u7qYjewG613lWK9K21xse1Rg8XUna44toqrDx4Ft7A7nW0VWd51t0zd8c0OjR1hyQ5t7oJ6qs01JQ7thZWtCj9V25JvlDoXfjpbDemCJ50eK+dA0VcvYI3JnJ9iHix3TTLjcHmD4bEtd8Wu/dbzeu1ItTLJcr32ivjjoXxfcO3TjodyXwTepXUD7Jsnr1udVHNTPPmDKgPZjLNNsGkGHmp+cCxTSQ3w31x5Kts3m426zOkxKg/1dQi/2GxWZ5s+HXzqOb18pZ1P+upkL6xseZDMp/qP3lxY0R+Kz6yh3Clvis9eRVfn5MNv0XMBotrz44Xf+PagA4l33BvQvvt0h67FZtP9Io/2gbVwkg9jiO0lmIVcX5frdShJ9YYOCf+Je6iYad6eSIZDBb2UZ62csyIXqdbRXTAmF++85N0pkyx37079phPfV38t1w9uKc00DpzN+uQ4M3WiP5Fm0t6fQ4eV3JcO49Tdm7yB+O7DZxLdm+IVOzeAeN9pGNvhH05WnmtooO+OZR1NOlAHHr0RBHKACT6YubAtvlTb49YfpiBPeuM3deiwqdZe/AE5cjF6Awfa2ufdJZTfmwwi3mAA6hI7cHnU2fqzD0RnjSEGI9mZNxqQLo4E+YbnXAk0MF08Cjk4zTnGPEBdHAoxSM06wjlQDdxgH6yIE3MD1gOLT9IK/5nputyUPnxlou7ubJGhs1XX6c/wOHU/ed+DMxF94BV9CCYaBnTHz/w3AAMrf8JZl6pjmm+HXWfSze+Lpq2KDU9vj439STsdiGTse9KfV16fyHMFnwcoFwPh0nz4HpkxFrTXHeixiBse53mGQt9l14V/92Vf+a4SNS6UQ9PhnPE+1BvK5znTuyL4IDvdJ5PFSPKhPJsLJ5rnHHKom/EY8pp0yRj9T67H6nujLOfW1xxwrHWiUe5T8cRQsmPdEyg4TA/DmeYXrwPrrnWAWcaxfvpUll/99HEn6cQ61E9HQl3rpxuJdK9LDaR61qU2EuxW7BmI9Sj2bC7Uvc6gTrFngUEj6T51lIFu7zrKRqId6ygDvT51lM2kutdRRnI96yibSXaro4zketRRNpJaORSLATor17oxRiIdSxQDnT4lio2k+pQoBnq9SxQbieZSG1qma4liJNWrRLGRXK/Kv0Cyf+Vfa9msMzJj5V8zRxwr/yLpPpV/zcT6V/5Fupkq/xq64Fb5F+r2qPxrJNalnC4Q6lxO10ikRzldoNW3nK6RZNdyukCvVzldI7HO5XSBWr9yulq56Oz912JTreX5qM8BPLHCRE7H5T+6bFaD5K84X7JBGZA5OzcRrk8m7KB+YuwGLnwoD8dN665atQ8i9N3Mi3wDnaB5IJnjr81IWrhP65328b+RMNI4mET9w35DmRMDQaR22Rkd/sCDZsFkydcLzZt9NR72HIopXbd2Cycmo5+/JzqTYdxp6u3eaoRSLVjEiNFye5TJ1bA8Wd8skJphhlY7QW/2FftFgPdn02/2zqXWkRF+WON4ZKgV53VyCPttVrhbcZJr6j3Kkti44FyQRK/frxSJjXjPIiR6FzjKj9g54l+xY84bplodV1zCw49cJ3iPPwMrf8IBiKpjGoGGXRd0CNLoZxmDDJxgGIQmHnCNQgby2YahiRO845CRK5wDEfCHfSTCTsGhaM8yFO2DDkWFe05RvUL5YtgnoyjuwkCj6VQ+y2hqLt1zNNXp5xhNTZzwH02nHjCNpibyuUbTqROso6mZK4yjKfKHezQ1caop22Ozc8mlPuOKMnp0zal+zQFwjqFKvL3Z7x/K5lPZvK23+3o3TBZmdrihMxPq+GVQ+e6n7pu0PDtCBm4g9eAukmeOBesBz4XAn3gFEGLqDzrnc0/24Wf5INN74Hmdf0IPPVMEmCKmkqcHuaNyVXYnuV3TkONpZ1+Bl+Gi4ueveyu2dNXYbVyYLI68/YAWQ00g55/1m0iImT/jhIIkck0stBe1l7ZbtcJ6qNbl+6Z2n2ygM7KOaGf+UK3LfW8+vFNesyZ2xH/2tBLvNYvOeOA/mxq64TurQh9YZldDB3j2y9ANxg2zsTNsO2aNR7xbZkO3vFdC0BmeFZHehSsT+Af5855z9sUIN5XXVu80XNHR9uzLiA/kB1zXERo7IZ7uN78Wm6PDE9U5iXfFqvl0MusQxrpunFkN9UWr6+b7yiE7/LwzQ/PPlWuyeEun1tVhvynss2zPunIxGt6BTf1U7fj/GtLszf4K2+LLmyf769+zHmyLL86lji3l78eXu1jkn22Gl+/84H/WAb+H/9YuuC4TrvjgtU6wdMIxi8GsBz7ZDCzlH6u/y3eSzB4cq83ZbBAntCufYQ51p6XPO65L5dq1z7uj82m8zhD/6udc1pJX493QrndkDHpSN8qzlGibd4mxVJuBe3Sb8qGv8vVTvbYDT6OGQY5AT7/Q7XecpMmGQaQ9FNvyoWpLssI30DZuGUZcuTo2Vfv1zeapbqr2eWsncNKafTzrn5T8vfooi8tZf0+kfYAkfCyS7lZuXzHtHl0mFB6Rjos1Q5FHHpFHbpHDcPylLx5yGjasJVMDf54MTVCZX5KmSW+xp0DCoj2zIJnKdkuEhCV75EKykuuefGFGt2fiBVMHfJIiYfXeeZFMpTumRsKqfbIjGQt2T5CkEe2ZI8lYuBv604j2gH6mgh3zEGHBPqmITAX7ZCPCqr0TEplKZ9R8A7GumYk0gr2SE5mK9spPhIX7pyhyEc89UTImKjJ2xzFXkcYBn3RFxpL9MxZp1DMlLTJ3xC1vkU69R+oiU8ku2YuwXOcERqZSPXIYYcW+aYxMhbtmMsKqvZIZmUp2zmeENfulNJoRfTnUohZ+P/yv1bAYzLZeHzdAff/vwJYcHwa8scu4fzI/aGa3+z/5ob1FwCLHKe8/MGYg0y7dv4lghyz/FtIdcrdrRbumbLeSaw5uZ3RacloLgeZEUyuPtffo6bhlmqGzca/kQtOvfDTmXK7B2NyPPkubNmcdg1b1uvxVLW6Nlv/XdN11Bj9dDFr+lUFnaSFku3r+xaLQ9FXl0qJ1sWkX6dWmLZty/YMqKyAvDrMExd3Jcl+HZHWyHMyV6uRCvXp5eCk/s3hxVl+vXg7K6E0c+LnelE2xsxx/TbxoB5ZDu/KT8d0rUxcsb165S/9Hzdz5uzpwn//++YXny+0NBRNaaxMF+qjuVvTS6upiNZgLn1Sq0vIH84pNVx042bQt3GQmf7I8GV6JvQbuwU/UjffkT5cmdVP9Sy58zN9FDYWR5szbI4tL1tdEOdytnjHJeqX6unTnm9QOLnTrt7fdi51yZz+LQPmdxdXA4m2k/1S2z7XRWbCdA9uT3WBuWFxhvyrd9ua6g1yrC+tXBdvfU3eQbH49/apej7WRodidy6IIanVfDRlKNb83f1Wr5XV5B7GN3aXPq4pdLng6yZbHUEyST7ZCy+XrZGkueB87nMPpJbuex1kJPt/X5RItDW6VweDCR28nOYS3ymAw4Q4noTrJrieiFmJbw6t617W2Npf0HKRaPTq5Ktf+rYmZZLqLenDpYJajZrbD3Isa/yNc1R2si6+BPI8l16wwp4XWQJf78mpWlutkNFDmNQXNinMbBgfSPAa/eWF+X6THQEdlDceKt8Vm81uxerE/bBm3/DNgaKDIi0STvpkZ4nxVrlwWNWbyylHtEEd9JyPBBH5bHlZNtbfl+Fqt65G9ILJljfrDD/56laEqlNDK/nAayXQ9jzYT2ZQfm/LwzKK0txVSrpwjfHWejAQRqCCI9SoQ6lS23OYfQ7ksOnkFolnSuT/5V9bFfs+g5q7Y7/36bXbN47r8B0K9tgBGYu23AUCm41bATKDjSmMoz2ehwbtXAerc9itG8lz2LECh877FVKTT2RMW6n7qZCjWIiHKrFLbDChWMu33g0Cj457QTCDJA+KosHraqQKVISQyTDS8swy9x/B2U5W7ttvsEso6f5OBNvO+y0BlzfDfK8qmLbnFfatILL0COq9r3Ijz7sd3u3V/IUguxcq2bKw+W9SedcXlsJHSanLeTsFe4k4nc12+XxYZF2esxyC9eLeh6IrYYSj/rWxlqBwcrlfTtqwh/LFuVuUHtT/2FnUnrTVna3bdOekj/cmA671qrLo36Hyt2ly4/YpTp9hx0Wkq1X6NhIU6LpNmZNI5S2YgNpyq5L/lnKGcb8ePGnLfSPQTcqcs2P3Bxh3hn0RmTp5l8hg7iVvv3tuG6r328bmwG6SRvLOVEBKPVpcZkbyj/bVFQ2nt86Npsq9ZgRc7IWT+a+8rUFoIIM0qn9KMQPs8SlYyVxxfySrgR2Kc4GlGn11iJ3t5Vnkqrum0T0xhJ/iL7yejLASQZplbakaiS04pK6nmuaRmVFrmkLITaJU7ak6kfc4oO6HGuaLmRNrliLISWJkluJhRV1lktLCT5r06rEKtDM0zas2os8ykZSXQMoPWjEqXzFlWUhk0BhRnkSFrTqBtZiw7kbZsDSl0YmtG8mwTds2odErU5SyWa+Hjl5jLTr55Qq45wZaJuOwkOiXgmlPrnnjLUrhxwq1ZtXaJtqwkHjj2O4eA+x3DDGBz6iwyf1lJs8v4NaPQIdOXlVCLDF8zKm0ze1lJtMnoNaPROpPXNZGj49rdWj1QthJ5asR6TOvCAsZK3CHApRvYTv+JNMdjfySMnvf/0IkpZF2U0Uuy+ZN/0oqVARwOx7L5qWyLddEWVp02aslLAYZPgx7L3XpfW75+BuLutFYt/8zjHtOdNxarl9VzsduVm0cFlh/7e6ePh+N+XzeGxV3mHDL8jVu5F9KtwO6snsvVy7nzqo+N7SIPuKGxGUS+nDb4/gLAXhDZ9bp8PKd9eFR5HzjduG4/hFvr8lO1Kh/DDGLXjIdwqNytz3HM5YfGZgj5H5t614Yei01/5GYOBnUssENPTbFrH+WaiM8RndEQDlTrR3kd7rG7xlrtnh6LzdOjSo7E55DpjwRxcNc29WFfrlgHN63VIC7If+Ut+WQlhMQuZd3j0e6OIxI5sBNC5v54eC7XZE7q84iwxYbpj4Rw8PQz9W+/l6s26Edt91Mhnd2fboXyO4dNh3Tm2FQhHdKbD+VU1ZSPc5+E3fmHxjWTHwnjoHrs89g972L9uLR2g7rBvJKZsRvGjU/1incXg02GEK/O8vj6HtgLIvuoxn/myNGbDeGEWp1yxczEWnjJUhT/uYTpj4Rw8PRMgO3PggwyCR+dUz+0dVPYPWc+tfF/aJYuBlfN2h/acuus4+6pbCtlwLKbTj2gEdaU2/pT6adN2Qgi7+DbbwfGfhsE1o+fX2w0/fj5hRd1bKzyhJ9+/k61s+uJzlXdUWzzyUmGascmw2poPYuwHyvnJFjdx71osL+EOyfiDzcRf3CKsBprzxrsGcechC9W89NFxBf7aWhGhtMIcffCKqH8+ljbXcy9CDm35ZNTuX2qqh2fjNYqifdFRmufsHtGhtUb6rMI+8fSMxLq1uoW1VmEascmw23wZB073YZO1pHzD6sT24sG+wPaGRHHg9sArtqxyfjiJOILq4Rs5SZCtmOU4TaZqXacMu4e4ky4ajmotox6jo5Sjpwy3CYS32mE7ERs53fex9cv5Vc3AXd9S+ue0F11/PHz4fuyWJeNW+oU0Pzfu2nDchw3cdOu0W7qKssRR6OzNxRM6O+2e3CNTmUnmEzrRa9Gptsi2Fhm+9VyFaaRqeywyowv50EyCT091Ot/TKt12Mj3i86iy7XcVZcOtDmuhperrbXcja3YddyoOwyPHu0Vup49mqgD54/2Aj0OIE000kNIe4Gup5AadcMv4qdyWzdfbT+JUat/9zcxFeP1UYx7hOmrABpdPwsjfQ7fBZDo8WEYqbT9MoBE109Dp2/0bdS7+m3XtMtt+B/FofxulAb+qlrYnPMdxfkXVApGh0Rp2ALrunWlyyrpJ+9O2e3+uWPtPk3vzbrxUK6a0mp9e92Fw8lmSPl93sUHdbXrzeapbqr22YqMzXnSZ2Lsb44VA/MhnequGL4tVs/lt8emsC17MOdOZ3jVGV5fDId0ZNtz6CDOnIyHdgiNnN+37d5x1Dw39R6NkLAfH97WTal8sdc2bP1vX/5oRfktg2BP6ZdDfVpPDtlPZXs4WwurWqVMZBLdnozxah4jl2q9Yovau87a6mQtYE/vm7qrIHRKRM0hvTe5upgMqF+XP9VDv28GVVv9XX5Zxm+0t3iT77RbVfzAolqtT8KrHaai95Trko/+ql60hxj+W5+dBLDDew6+31vWS7gqrSvgcnSonTDbdzPPzP9PtVvXn3+utmVtV7PAwJNj+/xZmm/P5sM7tTrX/7G7EXDdn5PlfeFwZ8DJFY7tqt4dtk2rtUs/BHHFgSq4u+Cx+77ihu8e3MqVevXy8FJ+5vajXr0clNkbOfFzvSmbwjKrmqEn7cB2eHfW5cfiuJFfvX0Nz+se9ea7VvuT+fBOfSzXZdPlWHqwL45z3aezddZFylWX+lW4bdokE3/YV+PXnKk2bdmUa+eM+AZO9T/RH8+tTj8R3jnO80ate+ynjhYO8pw9al1jPIG0cIrvHFLrGPNppIVz+3p/3Kul9/dl9fTMPCBK82rp/Xwyf1On/k+15l59D3z63FsP79IpSRvzWDg0exMnnKoQGvnhXpTQxZX+jOe/Sqvbitcd6e2+lPb3GZ3cUKugt8G2qv1C6OY71rbcFbv223pbVMxjtbK8PlkO78qnYlN1aUF/sK8Sd92bk3HXqnGmDkHcdHCkYH3DIAzsnQdLuLRlfeja/ZvuVGE1LJriKuqOWHP8cw+6aUb1OU/F8HDSS/nZotfRJFTPxhypbhbieL3D12WXZu/Hz/6Be6dM/f7ZY7l2XW95LnvIEh3lbt1PnvyhMdb9pUvC9lS+GYbj22EOWXcfetOjSF+5VNa28OepbEcPHpzVP5Xt78pQSK2TDLk+ercXY8E0q7w9o2j5oLL2+LugbI/CpTnbDuaRN/mlbrBxXyPtHaP9W5eDkEV4Z+2ptxZatTOr1uj2JtUmyj/VL+V45eohuzPmuVK9rvlID1OdBd8ionX7A2fRbHsCqB2vut87bgX6hn+a+2ZDPUwLv75rdIkZ/Pvt7mQjoMJvy8Oqqfat2+g1EbsemWPTDe+A0EHXZt/dt+W967Hq7niRS3quou6UNd9beqc+mrnf0S1QyvWDdUkIjeyzRccaEabSK49Tl5Fi79H0itB+SmdS21sLK7mbHf2l9lb4JKIJSnar4xx1aRvknYvHSKCahhqdfCUNxyb3P3DfPdflfvdlX3nAPY3wcmg1iAs+I9RQtPcAdUXmQXawXdJGLPRQni0Fkeo9lA7V8oyk1wTLPb/X9DrW3NvznVyvybYvXqXR61jCylCofSErKJO9N+F88IvrrNo15J0L1uumtCvFOxVzd7Hi2G2yQ3QSt559dacsBJA2LHDvI3BoJ4BM6zr0QKJbHXpzeU7lWHU63euwGgl2LPYO1PoUezeSal/sHah0LPZuJtCp2DsS6V7s3UyodbF3JNKt2LuRwMouGytQVzkkZjWSZl9RHahzrKhuJNCxojpQ6VNR3Ugqg8aA4hwqqiOBrhXVjUS6liwHQr1KlluL5ZojeUqWm8m3L1mOBDuWLDeT6FWyHKn1L1luKNy6ZDlU61ay3EiiZUVwIM+lIriRNLeK4EChR0VwI6EOFcGBSteK4EYSXSqCA43OFcG1ItE58a+KnVa162ExMeB/kXBc9vrdrj/wftuURVvtLukz5wtfT9pxHmW/L5oP/QVumz/yoBnrsYU6XTw82t0cpmruRmbsQm7YIfNHfrZFCScqx3Y4ZNKQe18f2kmSi/loGzbh/gKGtsm7RnNRqiG7tKbe7ltTOfIfs36G04tq9g8/tUaYKVPzqyzCyCftrlg1n042Lb8DbcfN8PD+DnbdfG9Z++maG0Pbzy5loKzd6W6ovj1V92Z0pbO7Gti9pRv2iQ5snHFMdGDt0ro67DeF1RulK25cLAaWvqmfqh3ztyFt3uab2BZf3rB+DNviS3GLr2BXWyYvuKL7ZC+w7P147vTXfTYYWHj3Er0pV+0vlgu5efUnq07LOnsXxtfZOeS7XWJ3kG6PoK9qd4TRLuLl4vun4eMTFgek2a3LwxNnJ2wfBRs64fQi2NoJ+wsCV+Q7XhWwF95aAuZrulsX0Gwt+1jJNO6sXX6sNmeb/PKHG60P4/czDonlsAXWLVatPSny03fXfZXS8Opi2K6/Nf2n7ezzgx+3nqbNWbvZZQLSaXKfelAnsQ11WrmOg9y8WHqo0v/r0Rw5f7IyaMF5vNKbdY/BQIkjH2ynACCnSxbpNvSTXtHtpixXOEii03LGTF7DMsaQT/nysrA+m2QSD8KyH+zd1Y8NsAYpfm3qJc0ztRnutFA5zebcYElmZuVOdXLDIWXjjCdnD1xTNjo74ZSy0dAT95SNVu78blmxcEa90xN+K7G+K0udcpaFpbkbPIM+coRx7DdzxSPF0Iwbvu+Ir7kwXeldjkNMod6oDTfP+zA42rAVJNtwC3ooV8emar+eU0+aqpo25Ey+1P+FbQuujZv9u5+AAzVeD8BJp+gTolhVC0MqXYuumSl0qLqGRHqUXTPTaVt3DYl0LbymVzhYqD/Iig8OM82o4b8fw0/leKD3cacwbnKRStc9rplInzsBSK33PQAj2Q6EGYh1pcpGEp1IMhDpTo+NZNoTY6DRkRKbCbQ8hEHyXM5gjMTZ818gz5H5Ggl0OegFEp2PeA1FtsdmZ1lKBqrs7Lgk4jOSaX8GDTQ6nj6bCayedr9YvZhCAqun3dH+0ZSRQCeABjS6QzOdTLrkeXd02V2PW7IuelyGQSLFfRwc9IZuIKwP7d/rp/rYfnC7WYL0dkY30qjPxRIzB5zHICrabxCCQofBaZ93JVi6lcfW9thmmq3k0e2QZj5xgttV+qE4j1v019Km+PXaoD2nrP7sz08bNcIpUE6brsJOjTkFSScfW8vrQ0NVIwue0oYjxKkoj8vjFtr2352YA+pxzs0x6RnOHBhYqnsaDFOx1pkwsFC3ZBhWIp3e+s6odX/nayrbMSsG1uyTGMNUsH1uDKzVMT2GsUynDBkaqe5JMozlWufJ0Eh1S5VhKtM+JQWW6ZiVwlSmY2IKrNUnN4WpYB6lYSU6JKnQyHTNU2Eq1TVVBZbrla3CRTLjJMaTs8LYCfu0FRrZjpkrjIV6Ja/QaPbPX2Eu3zqFhU6zWxYLU6GWiSywSJdcFqYC3dJZYJ0eGS1M5ToktcBaXfNamAp1SW2BlTpnt5hK/e/Xr6rduvzy6q//8+pT2cjsyH99FX+TfLN89frVx6rcrA+v/vrP02S8qrfbUjKxdb06yv/zv/t/9mvZ3Xzo/rH613+5f/X6n/ev0+ibRbZ4Hb1Ok29Emv33f7/+58mK/BfyfzgZu/wv0kL06vU/49ci+iYV0ahhNGkYjRrGr17/M3md5t/EsRg1jCcN41HDRNcwmTRMRg3TV6//mb7Okm8W8WLUMJ00TEcNs1ev/5mhhtmkYTZqKF69/qd4nSy+WSTLUUMxaShGDfNXr/+Zo4b5pGE+arh49fqfi9ep+CbLxlIXk4aLUcPlq9f/XKK/43LScDkOgC4eonsYAtPgiUj0dDERRbAxCKBxBEVdXEQ4+KZBFI2jKOpiI0pg42kgReNIirr4iFLYeBpM0Tiaoi5Gogw2ngZUNI6oqIuTSKBgjKZBFY2jKupiJcph42lgRePIirp4iRavs/tvUhJb0TS4onF0RV3MRMvXWfZNTH2eBlg0jrC4i5n4HjWOpxEWjyMslgMUjLB4GmExGaO6mIlhhMVgmBpHWNzFTJy8zrrG47bTAIvHARZ3IROnr9Psm2VCfngaYPE4wOIuZOIM/fA0vuJxfMVdxMTidbb4Zpmm48bT+IrH8RV3ERPnsPE0vuJxfMVdxMSLbmBfpsTlaXzF4/iKu4iJl6/TxTd5FI8bT+MrHsdX0kVMco8+i2QaX8k4vpIuYpLodbr8JkvzceNpfCXj+ErkJBgjn5NpfCVkHpQTYYJ8TsBUOA6wpAuZRAZYkpLG0wBLxgGWdDGTZGiaSaYRlowjLOliJhEotJNphCXjCEu6mEny11n8TZaPIyyZRlgyjrCki5lkAf/O0whLxhGWdDGTLFFsJ9MIS8YRlt7rFgLpNMDScYClXcikMDrTaYCl4wBLu5BJIzAUpNP4SsfxlSa6RUg6Da+ULLXkWivuFpTxYvxHTsFqaxxeaRcwaYK+inQaXuk4vNIuYFI4NafT8ErH4ZXm2tk1nYZXOg6vdKH9pNJpeKXj8EqX2k8qnYZXOg6vTBte2TS8snF4ZZHur5xNoysbR1cWa//K2TS8snF4ZV3EpHAZlE3jKxvHV5bqNgHZNLwyspqX4SXgD4MF/Ti8MhlecADKpuGVjcMr6wImhQNQNg2vbBxeWRcwKVyiZ9PwysbhlXUBk93DDpuGVzYOL9FFTBahlZ+YxpcYx5foQiaL0eJNTANMjANMdCGTwUW6mAaYGAeYSLTRKaYBJsYBJrqYyeBuUUwjTIwjTGTaNYGYRpgge8YuZrIMTTQCbBvHESa6mMlgbItphIlxhImFNkjENMLEOMKEjLAczDRiGmBiHGD5vfYvlU8DLB8HWC4DbIH6K58GWD4OsFwGGJzV82mA5eMAy7uQEfew8TTA8nGA5alup55P4ysfx1feRYyI0CCUT+MrH8dXLg8lYqh6Gl85OZfoIkYksDE4mhjHV95FjEhh42l85eP4yruQEfCzyKcBlo8DbCEnSIGWyotpgC3GAbboQkbAXc1iGmCLcYAtupARC/jL0wBbjANsIQMM7moW0wBbjANs0cVMDqNzMY2wxTjCFl3M5BH85WmELcYRtuhiJo9h42mELcYRtpBHX3BXs5hG2IKcfnUxk6fdQJLT8y9wADaOsEUXMzmMsMU0whbjCFt2MZPDffNyGmHLcYQt5RosRz4vpxG2HEfYsouZHEbYchphy3GELeUaf4mG/OU0wpbjCFvKIewe/vI0wpbjCFvq95DLaYQtxxG27GJmAcNzOY2w5TjCll3MLGB4LqcRthxH2FIesMLwXE4jbEnOWLuYWaSwMThmpeesXdAsMtRa/bdx88H/1rfv4mYBQ1T9N9qenLbed6GzgFGq/httTw5c77voWcBAVf+Ntidnrvcy3OBoqP4bbU+OXe+7GFrCcFX/jbYnJ6/3XRgt8Vn1PTh7vSeHr/ddJC3xcfU9OH69J+ev910wLfGJ9T04gb0nR7D38ogfH1rfg0PYexJ/8uh+ic+t0Un/5Ki/i6clXJtG8LCfxJ88wF/muD2IP3rgL8/wlwvcHsQfPfOXx/hLuAGL0Kk/PfZX5/73mJSgk3969K/O/u81tAREID3+V+f/9zgEEQGgCEAxgHscg4gCUAygOMA9DkJEAggKiGJFm3AUAhoQERwQyRP+6B6HISACEUECkTzlj+5xHAIqEBEsEMmj/ugeByJAAxFhA5E87o/ucSQCPBARPhDJM/9Iw+wAI4gIJIjkuX+k4XaAE0QEFETy7D/SsTsQiQQWRPL8P9LwO8ALIgIMIskAIg3DA8wgItAgkhwg0nA8wA0iAg6iRLFPHImAHUQEHkSSB0QRjkTADyICECLJBKIIRyJgCBGBCJHkAlGEIxFwhIiAhEiygSiGp9sRYAkRgQmR5ANRHGEDIBIJUIgkI4hiuB+OAFOICFSIJCeIYrgnjgBXiAhYiCQriGK4L44AW4gIXIgkMIhiuHOJAGCICGGIJDSIOuoH8CyADBGhDFGqSDzcI0eANEQENUQSH3QZSKABEImEN0QSIUQxPMmJAHKICHOIJEaIMAWMAHaICHeIJEqIkggrAJFI2EOk4EOCIxHgh4jwh0gihSjBkQgQREQYRCSxQpTgSAQYIiIcIpJsIUpwJAIWEREYEUnAECV4kwKARESIRCQhQ5TgSARQIiJUIsrUvRAciQBMRIRMRJI2RJgURoBORARPRJI4RCk8uYkAoYgIoogkdYhSHImAUkQEU0SSPEQpjkRAKiKCKiJJH6IURyKgFRHBFZEkEPDuRAR4RUSARSQZRIQpYASYRUSgRSQ5RITpVAS4RUTARSTimXkJsIuIwItI8ogIY6oI8IuIAIxIpDNTK2AYEYEYkZgbEQHHiAjIiISKQ7w+ASwjIjAjEioO8bcIeEZEgEYkVBzi9QlgGhGBGpGiGhADRYBrRARsRJJVRBnuQ8A2IgI3Iskrogx/y4BvRARwRJJZdCnHoAIQiARyRJJbRFmCDYBAJKAjkvAiyvCsAmBHRGhHlKsLc9lrkX6zIFdGIgA8IkI8Igkxog6LIQMgEAn1iCTIiLIcG0BX50ggSpgRZfjwC8CPiNCPSAKNKFtiBSASCQGJJNSIxD00ACBIRChIJMFGJCJsAEQiISGRhBuRiLEBEImEhkQScEQiwQZAJBIiEknIEYkUGwCRSKhIJEFHJNDVughwkYiAkWihbm/iQARsJCJwJFqoCyp4SAV8JCKAJJLMIxILrADd4ySBKLlHJJawC0AcEk4SSfQBLydGAJREhJREEn5EGGtFAJZEhJZEy3jmSwTAJCLEJJIQBN8AiQAziQg0iSQHwZdAIoBNIsJNIolCohzPCACdRISdRBKHRDle3QF8EhF+Ei3VNWK8ugMIJSIMJVrqLxpEgKJEBKNEkozgCykRACkRISmxJCNRnr7OxDfLhFxUBSglJiglvldRCPc5MWApMWEpsWQjEeaFMYApMYEpsYIpiJ7FgKXEhKXEko3gGwQxYCkxYSmxZCMYqMeApcSEpcSSjWAsHgOWEhOWEks2gsl4DFhKTFhKLNkI5tsxYCkxYSmxZCMYcceApcSEpcSSjWDKHQOWEhOWEks2gkF3DFhKTFhKrJ5O5PiqNoApMYEpsYQjGFnHAKbEBKbEEo5gah0DmBITmBJLNoLBdQxYSkxYSizRCGbXMUApMUEpsSQjmEDHgKTEhKTEEoxgCB0DkBITkBJLLoI5dAw4SkyfVEgsglF0jB5V0FcVkopgGB2jdxWThxV6mBzDpxUk/mI9TI7R8wr6viLWw+QYvbCgTyxiPUyO0SsL+sxCEZQcbm1j9NKCPrVQby3wCxH02IK+tlAAJYdb4xg9uKAvLhRAWeBnOejRBQEosQIoC/w0BwCUmACUWD29gC8JYsBPYsJPYsVPFvh5D+AnMeEnscQhmicrAJ/EBJ/EkoZoXq0AehITehKrdxjwcCEG8CQm8CRWTzHgPdUYsJOYsJNYvcaAz1digE5igk5i9SADD2KAnMSEnMTqTQa8cR8DcBITcBJLDoLvIMWAm8SEm8TpTAACbBITbBJLCoJfs8SAmsSEmsQSguAHLTGAJjGBJrFkIPDdQAyQSUyQSazeaeDwA8QkJsQkVk810OOUGPCSmPCSONU+ko0BLYkJLYkl/MCXjmMAS2ICS2LJPvArlRiwkpiwklixkgUk2DFgJTFhJbFEH5oZAKCSmKCSWKGSBTzcjAEqiQkqiSX5wOEDQElMQEksuQf++wFMEhNMEitMsoBH9DHAJDHBJLHCJPA1bAwoSUwoSawoCXwQGwNIEhNIEitIAt/ExoCRxISRxIqR4PkXQJKYQJJYMg/8PhUgkpggkljMhB8gJDEhJLGYCz9ASGJCSGIJPPAzV8BHYsJHYsVH8H3IGPCRmPCRWPGRBd5DAT4SEz4SKz6ywGtAwEdiwkdixUcWeA0H+EhM+Eis+MgSXgSKAR+JCR+JxdwiEACSmACSWAESfKsyBoAkJoAkVoAEX6uMASCJCSCJ1RMQ+EApBnwkJnwkVnwE38uMAR+JCR+JFR9ZQj4SAz4SEz4SS9yBz4IAHYkJHYnVgxB8lgPgSEzgSKzehOCtGGAjMWEjsXoWglfBAI3EBI3EknRoznIAGYkJGYkl6NCc5QAwEhMwEkvOoTnLAVwkJlwklphDc5YDsEhMsEi8mDmKAVQkJlQkXswcxQAoEhMoEi9mjmIAFIkJFIkXM0cxgInEhInEi5mjGIBEYoJE4sXMUQwgIjEhIvFi5igGEJGYEJF4OXMUA5BITJBIvJw5igFEJCZEJF7OHMUAIBITIBIvZ45iABCJCRCJlzNHMQCIxASIxMuZoxjAQ2LCQ2LFQ5YQL8eAh8SEh8SKhywh1YsBD4kJD4mXahqGeDkGQCQmQCReqvQqkOrFgIjEhIgkiogsIV5OABFJCBFJJOCI7yFeTgARSQgRSSTgiO8hXk4AEUkIEUkk4ojvIV5OABNJCBNJJOOI7yFeTgAUSQgUSSTkiO8hXk4AFUkIFUkk5YjvM8SlEoBFEoJFEok54nsYiQngIgnhIonkHPE9jMQEgJGEgJHkXm1KYCQmgIwkhIwkkUr2gyMRoJGEoJFEoo7710n8TZpFr6PXSfLNIslfx9F9t9XM7pfEJErSQmJTwg+4wkwAK0kIK0kifcYygEoSgkqSSJvrIAGkJCGkJJHkA+6yEgBKEgJKEgk+YPKzBHCShHCSRHIPeEaQAEySEEySSOwBzwgSQEkSQkkSRUlgnhoASRICSRIJPeDuKgGMJCGMJOmfmuD2IOwII0nUSxO4NUoAI0kII0nUQxMct4CRJISRJOqdCdzYJICRJISRJOqZCbyEmQBGkhBGkqhcVLoOAMFHGEmiXpnAE6IEMJKEMJJEMRKYDiYBiCQhiCRRiASeMCWAkCQ0L1VPSNAJU4IyU9HUVOqFCTxhSlByKpqdKom1J0wJyk81SVCVaHOvJTBFFQlAxUdwAKMsVTRNleQd8IQrQXmqaKIqiTvwCVeCUlXRXFUSd8ADqgQlq6LZqiTtwKnYEpSviiaskrQDv8lIUMoqQkcSSTsw3UoAHUkIHUkk7cB0KwF0JCF0JFF0BKdlA3QkIXQkUXQEZ2YDdCQhdCSRuEOTnA3gkYTgkUTiDk1+NoBHEoJHEsk7dCnaQPgRPpJI4KHJ0gYASUIASaLyWeFEbQCQJASQJCqlFc7VBgBJQgBJInmHJl0b4CMJ4SOJ5B2ajG2AjySEjyQSd+ClC6AjCaEjicpvhcMX4JGE4JFE8g5IxxKARxKCRxJJO/DKCcCRhMCRROW5gnQsAXAkIXAkUamuIB1LABxJCBxJVLYrvHYAcCQhcCTJlvqpG8CRhMCRRNIOzccH6EhC6EgiaYfm4wN0JCF0JBH64ANsJCFsJBHa3H0JYCMJYSOJ0KfvSwAaSQgaSSTpiLul5/KbJR17ARpJCBpJhFr6wakbkJGEkJFEzOSJBGAkIWAkUWAE3nJOABdJCBdJJObAz4cSgEUSgkUSSTnwng9AkYRAkUQyDvx2KAFMJCFMJJGMA99xTgATSQgTSSTiwHecE4BEEoJEEkk48LOdBBCRhBCRRCIOfME4AUgkIUgkkYgDXzBOABJJCBJJJOLATCkBSCQhSCSRiAPnvUsAEkkIEkkk4tB8vwCJJASJJBJx4GdPCUAiCUEiyWImKS5AIglBIolEHHG3dQTjB2AiCWEiiWQcOIleAphIQphIIhkHzqOXACaSECaSLGYCEDCRhDCRRDIOmE0vAUgkIUgkkYhD8/cHSCQhSCSRiCPW7JwBE0kIE0kk44hxboMEQJGEQJFkea99aZMAKJIQKJJIyIHnT8BEEsJEEpVUCzcH4UeQSCIRB85JmAAkkhAkkkjEgdMSJgCJJASJJBJx4MyECUAiCUEiicqvBRcvAIgkBIgkkm/g1wUJ4CEJ4SGJxBs4RWECcEhCcEgi6QbOUpgAGpIQGpJKuIETFaYAhqQEhqSSbeBchSlgISlhIalEG5jIpwCFpASFpJJs4IyFKSAhKSEhqXodAoleCkBISkBIql6HwJ1/CjhISjhIKrEGfuOVAgySEgySSqqBbwSkgIKkhIKk6nUIJMIpgCApgSCpeh0Cd/4pYCApYSCpeh0CbwSkAIGkBIGk6nUIjj/AO1LCO1IJMPDjpBQAj5QAj3TmcUgKiEdKiEc68zgkBcgjJcgjnXkckgLmkRLmkc48DkkB9EgJ9Egj/clLCqhHSqhHqh6H4PgF2CMl2CNV2APHL+AeKeEeqXocguMXgI+UgI9UPQ6BNxpSAD5SAj5S9TgE3mhIAfhICfhI1eMQHL8AfKQEfKTqcQiOXwA+UgI+Ugky8I2IFICPlICPVHIMfCMiBdwjJdwjlRwD34hIAfdICfdIVSmOLrHUdPmdAvCREvCRqnIcOLFUCshHSshHKklGjBNLpQB9pAR9pBJlxPE9dAGwj5Swj1SxjxjeR0gB/EgJ/EgV/MD0IgX0IyX0I020t/NTAD9SAj/SRHsAmAL4kRL4kSb6bJcpgB8pgR9pos92mQL6kRL6kSb6bJcpoB8poR9pos92mQL6kdKKHak+22WKinbQqh2pPttliup20MIdqT7bZYpqd9DiHak+22WK6ndMCnjos12msIQHCb90Jttlisp40Doe6Uy2yxSV8qC1PNKZbJcpKudB63mkM9kuU1TSg9b0SGeyXaaorAdBIGk2k+0yBQwkJQwkzWayXaYAgqQEgqTZTLbLFGCQlGCQNJvJdpkCDpISDpJmM9kuU0BCUkJC0mwm22UKWEhKWEiazWS7TAEMSQkMSbOZbJcpoCEpoSFpNpPtMgU4JCU4JM1msl2mgIekhIekYibbZQqASEqASCpmsl2mgIikhIikYibbZQqYSEqYSCpmsl2mgIqkhIqkYibbZQqwSEqwSCpmsl2mAIukBIukYibbZQq4SEq4SCpmsl2mAIykBIykYibbZQrISErISCpmsl2mAI2kBI2k+Uy2yxTAkZTAkTSfyXaZAjqSEjqS5jPZLlOAR1KCR9J8JttlCvhISvhIms9ku0wBIEkJIEnzmdxuKSAkKSEkaT6T7TIFiCQliCTNZ7JdpoCRpISRpPlMtssUQJKUQJI0n8l2mQJKkhJKki5msl2mAJOkBJOki5lslyngJCnhJOliJttlCjhJSjhJupjJdpkCUJISUJIuZrJdpoCUpISUpIuZbJcpQCUpQSXpYibbZQpgSUpgSbqYyXaZAlqSElqSLmayXaaAlqSElqQLbbbLFLCSlLCSdDmT7TIFsCQlsCRdzmS7TAEuSQkuSZcz2S5TAExSAkzS5Uy2yxQQk5QQk3Q5k+0yBcgkJcgkXc6NiICZpISZpMuZbJcpoCYpoSbpcibbZQqwSUqwSbqcyXaZAm6SEm6SLvXZLlPATVLCTbL7mWyXGQAnGQEn2f1MtssMkJOMkJPsfibbZQbQSUbQSXY/k+0yA+wkI+wkU69IYviKJAPwJCPwJFOvSGL4iiQD9CQj9CRTr0hi+J4pA/gkI/gkU/gEHp9nAJ9kBJ9k6hFJDF+hZICfZISfZOoRSQxfoWQAoGQEoGTqEUkMX6FkgKBkhKBkkTo+hK9QMoBQMoJQMvVkJIHnjxlgKBlhKJlkInECN50ZgCgZgSiZhCJxAjedGaAoGaEoWV+nHB5jZwCjZASjZBKLxEmC+wAEIuEomeQicQKvgWQApGQEpGQSjMR4hZYBkpIRkpJFamaGK7QMoJSMoJRM1S7HK7QMsJSMsJRM1S/Hb8IyAFMyAlMyVcM8gdveDNCUjNCUrK9jvsQKQCQSnJL1xczhO4IM8JSM8JRMFTRPIxgHAKhkBKhkKtsWvM6XAaCSEaCS9Q9J4FYhA0QlI0Ql67NtwVVuBohKRohKpp6SaD5GQFQyQlQyCUg0hWsBUMkIUMkkH9HUrgU8JSM8JVM8JYXPMzPAUzLCUzLFU1J4BpYBnpIRnpKp1yQp/iMCopIRopKp5yQpHk0AU8kIU8lUsRLN+ghAlYxAlUy9KEnxcASoSkaoSqbelOBFagawSkawSqYelaR4NAFcJSNcJVOvSlK4YcwAWMkIWMnUs5KuE8FwBMhKRshKpoqVwFdVGSArGSErWaryzuCZGaCVjKCVTNUq0SxSAVvJCFvJFFvRLFIBW8kIW8kkKok7BagPQSAStpKl+uyDGUArGUErmSQlcecBEgDikKCVTJISeEEyA2AlowXTM/31wgzVTKdF01XuLc2EgAqn08rpEpPEGS5/joqn0+rpmYpCTRlzEIW0grrEJHGGhwJURX1SRj3TV3+HhdRJEGYqCOF+N0PF1Gk19Uy9r8Ml0VFBdVpRPVMv7CAZylBRdVpVPdMnQ89QXXVCVTKVgkvghQ2gKhmhKlmfhAtPioCqZISqZCKemRQBVckIVclUFi7NpAioSkaoSqaoimZSBFQlI1QlU49NNJMioCoZoSqZemyimRQBVckIVclEPjMpAqqSEaqSicXMpAioSkaoSiYhiW5SBFQlI1Qly/VPjTMAVTICVbI8mpkUAVTJCFTJ5uqUZACqZASqZHN1SjIAVTICVbI8nZkUAVTJCFTJ8kw/KQKmkhGmkuViZlIETCUjTCVTz07gpAiISkaISqaICp4UAVDJCFDJ8uXMpAiASkaASra4n5kUAVDJCFDJFtHMpAiASkaASqYenmgmRQBUMgJUMslHNJMi4CkZ4SnZIp2ZFAFPyQhPySQe0U2KgKdkhKdkEo/oJkXAUzLCU7K+RgmcFAFOyQhOydTjE1wnJgM4JSM4JVvM3D7MAFDJCFDJljO3DzMAVDICVDLJR2JcqSYDQCUjQCWTfCTGlWoyAFQyAlQyyUdikcGVBQAqGQEqmeQjcVeqBhkAgUiASib5SCzgJdIMAJWMAJVsqQJxgQ2AQCRAJZN8JBZLbABEIgEqmeQjcY4PcQFQyQhQyZYqBQNe3wGikhGiIiQgiXP4kFYAoiIIUREqLxe+xioAURGEqAiVlyuHh7gCEBVBiIpQeblyGMoCEBVBiIpQRAWfhAtAVAQhKkIRFXwSLgBREYSoCEVU8AmoAERFEKIiVF4ufAIqAFIRBKmIe/17ZAGIiiBERdwv9UWDBCAqghAVEd3riwYJQFQEISoiivRFgwQgKoIQFSEBCX5SKQBQEQSoCMlH8JteAXiKIDxFSDyiKRokAE8RhKcIiUfiHHI5AXiKIDxFKJ7SvcuZnuEKwFME4SlC8RRc9UUAniIITxGKp+CqFQLwFEF4ilA8JYcbHQF4iiA8RSiesoAH6QLwFEF4ilA8ZYEHRMBTBOEpQvEUzV8B8BRBeIpQPEXzVwA8RRCeIhRP0fwVAE8RhKcIxVM0fwXAUwThKUJl5tL9FUAkEqAiVPWSBVzjCQBUBAEqQj1RWcAVlgBARRCgItQTlQWelgBQEQSoCPVEZYE/Z0BUBCEqQj1RWUBMLgBSEQSpiGQuEgFSEQSpiL5+CeTsAiAVQZCKUEhFpwBEIkEqQtV/x08VBUAqgiAVoXJ0LeBaXwCkIghSEaqGCZxVAFARBKgIyUfgjRkBcIogOEVIOqKZ1ABNEYSmiD5HF9ypCEBTBKEpQsIRzawIYIogMEVIOALTQwrAUgRhKSLVlpAQgKQIQlJEqi0hIQBHEYSjCMVR8ENXATiKIBxFpNp38gJQFEEoikj17+QFoCiCUBQhoQh+Jy4ARBEEoghJRfA7bwEoiiAURUgqgt95C0BRBKEoQkIR/E5bAIgiCEQRkongd9oCMBRBGIqQSAS/0xYAoQiCUISqYALfaQtAUAQhKEK9TNGsBABCEQShCElE8ENrAQiKIARFSCCCH1oLAFAEAShC8hB8U0wAfiIIPxGSh+CH1gLwE0H4iZA4BD+UFgCfCIJPhKQh+KG0APREEHoiJAzBD6UFgCeCwBMhWQh+KC0AOxGEnQiJQvBDaQHQiSDoREgSgh86C0BOBCEnQoIQ/NBZAHAiCDgRkoPgh84CcBNBuImQGAQ/dBYAmwiCTYR6jKJZSQNsIgg2Efm9nhkIwE0E4SZCcZMlPGISgJsIwk1EHmszpQmATQTBJiJPtNBCAGoiCDURPTWB0EIAaiIINRHqKQouRCgANhEEmwj1FAXXoBEAmwiCTYR6ioILEQoATgQBJyLXZ8oUAJwIAk6EeomCCxEKAE4EASdioU/VKgA3EYSbiIU+VasA2EQQbCIW+lStAlATQaiJWOhTtQpATQShJmKhT9UqADQRBJqIhT5VqwDMRBBmIhb6VK0CIBNBkIlY6BOGCIBMBEEmYjETgICYCEJMxEKfqlUAYCIIMBFLfapWAXiJILxE6LN1CUBLBKElQsIPnGpVAFgiCCwRqqQ7SrUqACoRBJWIpX4XAkCJIKBELPX3aATgJIJwEiGxB061KgAmEQSTCPXuZAHvkAiASQTBJEJhEjyFAEoiCCURqnoJrgQnACURhJLkKl8X+gPkgJHkhJHkEnnAv18OCElOCEmu3pzgQoQ5ICQ5ISS5enMC08TnAJDkBJDkknfguxs54CM54SO5xB04TXwO8EhO8Ejely3B7acBmBM6kis6glYwOWAjOWEj+b0+/HLARnLCRvL7mfDLARvJCRvJ1WsTdG0iB2QkJ2QkV2QEpyvKARnJCRnJVTF3XIgwB2gkJ2gkV29NlvBMPAdsJCdsJFdsBFcyzAEbyQkbyRUbWcLz4BywkZywkVyxkSU8D84BG8kJG8mjXP8qPAdsJCdsJFdsZAkPlHPARnLCRnLFRnAdqhywkZywkVyxkaVAS/EcsJGcsJFcsRG4l8gBGskJGskVGllC5J8DNJITNJIrNLKEG8ocoJGcoJFcoRFcxyoHaCQnaCRXaARfpMsBGskJGskl6cAnujkgIzkhI7kiI5q/AQhDAkZyyTngHbAcYJGcYJE81mcOzgEVyQkVyfuSJXA3lwMqkhMqkvc1S+D1oxxQkZxQkbyv6o6nI0BFckJFcgk5NCVJc0BFckJFcgk5NCVJc0BFckJFcgk5cProHECRnECRXL0zwcmzcgBFcgJFcgVF7uGpRA6wSE6wSK7emeAoBlwkJ1wkV5Xd7+HFmRyAkZyAkVxyDk1R1RyAkZyAkVyCDni0nwMukhMukqf6FK45ACM5ASO5AiN4IARkJCdkJFel3eGOPgdoJCdoJJekAx/N54CM5ISM5BJ14KP5HKCRnKCRXBV3hzvyHKCRnKCRXKIOfDSfAzSSEzSSS9SBT9ZzgEZygkZyiTrwyXoO0EhO0Eiu0Ag8Wc8BGskJGskl6sAn6zlAIzlBI7lEHfhkPQdoJCdoJJeoA5+s5wCN5ASN5JJ04JP1HJCRnJCRXJIOfLKeAzKSEzKSS9KBT9ZzQEZyQkZySTrwyXoOyEhOyEiuyIgmfkD8ETKSKzKCv39ARnJCRnJJOvDJeg7ISE7ISK6ydWkWswCN5ASN5CpbFy6qmgM2khM2kqt3Jbioag7gSE7gSK6ydeGiqjmgIzmhI7nK1qVZjAI8khM8kqt3Jbioag74SE74SK7eleCiqjkAJDkBJLl6V4KLquYAkOQEkOQKkOCiqjkAJDkBJLkCJLioag4ASU4ASa4ACX5AnwNCkhNCkitCgouq5gCR5ASR5AqR4KKqOUAkOUEkuXpYgouq5gCR5ASR5OplCS6qmgNEkhNEkkvicf86jb5ZZIvXyX3cHdWLnFoCIUlYSa5YyT28T5wDWJITWJLnamkIk0LkAJbkBJbkC/1L+BzAkpzAklzBEpzSIQe0JCe0JO9pCbybnwNckhNckitccg/v5ueAl+SEl+SLmbusOQAmOQEmuQIm93inD4hJTohJrojJPbzcnwNkkhNkkksEojvsAMwkJ8wkX8ysEAEzyQkzyRUzuV/CY1cATXICTXIFTaJ7tEcC0CQn0CRfqiI7EdwmAmySE2ySL/XoOAfYJCfYJF8qagef7OUAnOQEnOTqjYnmuAegk5ygk1yikCTCgwlgJzlhJ7lkIQkuNJQDeJITeJKrNyb4aUAO4ElO4EkuYUgS4cEA0JOc0JNcvTGB7DcH8CQn8GShnpjAleIC0JMFoSeLexWG8M3dAvCTBeEnC4lDMLxdAHyyIPhkIXEIhrcLgE8WBJ8sJA7B8HYB8MmC4JOFxCEYvi4APlkQfLKQOATSqwWgJwtCTxaKnuCPaAH4yYLwk4WqdoJ/fxp/C4JPFpKGYPy4APRkQejJQtET/DZmAfjJgvCTRaQCEM5FC8BPFoSfLCQO0UUw4CcLwk8WqsB7BNdnC8BPFoSfLFSJ9wi+VFsAfrIg/GQhcUgSw53CAvCTBeEnC4lDkhgeuC0AP1kQfrJQb0vgMLQA+GRB8MlC0hDNKADoyYLQk4WEIZqvGMCTBYEni1jLkBcAnSwIOlkodKL5CgE7WRB2spAoBH+FgJwsCDlZSBCi+Qr//87Odjly3Nb797LP162T5gskMndwriGVcvXaGk/v2N1Od3t3Jqnc+1NNEhAJ/anlnE9xzB1IliASwA8vAJwEBU6CzRk0sNAwAHASFDgJNmsgPIoDACdBgZNgswbCozgAchIUOQmJhPQ+Y4BOgkInwWYVhEdxAPAkKHgSEgzBJmUA8CQoeBISC+mYlAHAk6DgSUgsxFnoGAQAT4KCJ8HZvkkXADwJCp6ExEKchQX0AcCToOBJcFkRoWMQADwJCp6E3KULb0QAngQFT0KuKMH2EGAnQbGTkNkJ3sgAOgkKnYSEQjrmDEAnQaGT4HY2QkBOgiInIYGQjjkDwElQ4CT4bi5XAOAkKHASvN3ZSAE5CYqchERC8EYKwElQ4CQkENLZSAE4CQqchARCIPoLgJsExU1CHvqOwv4BYJOgsEnw3WqmAKhJUNQk+G41UwDQJChoEnJTLvzPgeYpZhKofwQDZBIUMgnUTeMKgJgERUxCJiYI+AUATIICJiEBEIi9A+AlQfGSUKac4H8P1E7xklCGnOB/D/RO8ZKQZ5xgvQW8JCheEvKIE0icA+AlQfGSkCecwBbmAfCSoHhJoNzzo/MAgPIpYBLywHeLTXBATIIiJiFPfMcdfwNAJkEhk5AIiHPYBAfIJChkEqbsCGMbDiCToJBJSATE4Ya9ASCToJBJmHIeNbbhADIJCpmERECcwyYYQCZBIZOQkQnMpQuAmARFTMKUT18Y7A+AmARFTEImJjA4HAAwCQqYhLmfyh8ALwmKl4S5n8ofAC4JCpeEuZ/KHwAtCYqWhLmfyh8ALAkKloS5n8ofACsJipWEuZ/KHwAqCQqVhLmfyh8AKQmKlIS5n8ofAB8Jio+EnVqSAPBIUHgkzP1U/gDoSFB0JIR+Kn8AdCQoOhLy6HfYWiAAOBIUHAmJdWAjAKCRoNBIyP23sPoCMhIUGQkJdMBSgAC4SFBcJCTMgW0QQEWCoiIhQQ6cfRcAFAkKioQ89x0br4CJBMVEQq4jwR8vYCJBMZGQmYjDoTjARIJiIiExDoLtAAJgIkExkZCZiMPeI2AiQTGRkJkI3n4BEwmKiYTcdwtvvwCJBIVEQtzZ/gARCYqIhLiz/QEgEhQQCXFn+wM8JCgeEhLe6GxfAIcEhUNCHv0OPyAAQ4KCISHBDfz9ARYSFAuJiW3g7ycCFhIVC4m52xaeNxABC4mKhcTcbQvPG4gAhkQFQ2LutoXn9EVAQ6KiITF328JRtAhwSFQ4JOZqEthFMgIcEhUOiX0cEgEOiQqHxDy8BP/zrf5FBUNiohu4/WIENCQqGhIPeQeEbkQEOCQqHBJ3Zr9HQEOioiEx0xAcQ4yAhkRFQ2KhIQhLRwBDooIhMffZggZABCwkKhYSE9qYYGuhCFBIVCgkJrIB/fgIQEhUICQmroF7ckTAQaLiIDFxjQn2SYuAg0TFQWLiGhNskxYBB4mKg8TENSaY9xwBB4mKg8TMQfAOBkBIVCAkJq6BE58j4CBRcZCYwMYE/acIQEhUICTafuJ0BCAkKhASbT9xOgIOEhUHiQlr4EEfEWCQqDBITFQDJ15HQEGioiAxQQ2ceB0BBIkKgsTENHDidQQMJCoGEncYSAQMJCoGEhPSwA2hIkAgUSGQmIgGbukTAQGJioDEBDRw4ncEACQqABITz8CJ3xHwj6j4R0w4Ayd+R4A/osIfMeEMnPgdAf6ICn/EhDOw/xoB/ogKf8SEM3DieAT4Iyr8ERPOwInjEeCPqPBHTDgDJ45HgD+iwh8x4QycOB4B/ogKf8RcNwITxyPgH1Hxj5hwBi4GjQB/RIU/YuIZOPE8Av4RFf+IiWfgxPMI+EdU/CMmoIETzyMAIFEBkJiIBk48j4CAREVAYp5MYmEkOwIGEhUDib7rgUTAQKJiINF3PZAIGEhUDCQmqNFJLo2AgkRFQWKeTILTnSPgIFFxkJjAhvMwjh0BCYmKhERyOxYoYCFRsZBIvm+BAhYSFQuJmYXgWaARwJCoYEgsMASOM42AhkRFQ2KmIXjMdgQ4JCocEjMOwWO2I+AhUfGQmCeT4DHbEfCQqHhIzAPf8ZjtCHhIVDwk5oHvuKA6Ah4SFQ+JuYQEh9Ij4CFR8ZCYS0jwmO0IeEhUPCTmEhI8ZjsCHhIVD4m5hARH0yPgIVHxkJhLSPCY7Qh4SFQ8JOaB73jMdgRAJCogEvPAdzxmOwIgEhUQibnHFh6zHQERiYqIxDyapBNUAUgkKiQS88D3TlAFMJGomEjMs0k6mzKAIlFBkZhnk+Ax2xFQkaioSMwD33FYPQIsEhUWibnLFh6zHQEXiYqLxNxlC4/ZjgCMRAVGYu6yhcdsR0BGoiIjMY8nwWO2I0AjUaGRmNGIh9VQEbCRqNhIzAPf8YTmCOBIVHAkZjjiIaGNgI5ERUdiLh3xkNBGwEei4iMxuG7OfwR8JCo+EvN8EjzeOAJCEhUhiXk+CR5vHAEjiYqRxDyfBI83jgCSRAVJYoIeHQ8LQJKoIEnM80nweOMIKElUlCTm+SR4vHEElCQqShLzfBI83jgCTBIVJol5PgkebxwBJokKk8Q88B2P+omAk0TFSWKuHfEwUyACUBIVKIkZlHSsTEBKoiIlsdSOQCsTkJKoSEkspSOw/CYCVBIVKomx3+kjAlQSFSqJpXIE5mpGAEuigiUx5v0Qf0kAl0SFS8wh8Q/nYb5pWW1F1L9kGaafcVFWNzKMlmH703HL6kaG1TKyRkJ2WVY3MpyW4fv8p6xuZHgtg/oIqKxuZJCWMfW9yLK6kTFpGXPfkSyrGxmzlhH6J25Z3cgIWkbaLfH86rK6kaH11GQ9hRtmWdUyjNbTDFY83DPL6kaG1tPMVgiWaZTVjQytp2Ynw7qsbmRoPc31JtR5L4Cy1L9kGdQfaV1WNzK0niZ40v1uAW6pf8ky5m45b1nciNBqmhgKnm1dFjcitJbm5l14vHVZ3cjQWpr7d+FhnmVVy7BaS3MdCp7nWVY3MrSW5jZeeKRnWd3I0FqasEpnqmdZ3cjQWlrmxnd2QgBj6l+yjLSb4tmeZXUjQ2tpnnaCx3uW1Y0MraW5rRee8FlWNzK0muaZJ7g3WVndyNB6mufIw16RZXEjQqtpHnyCR32WVS3DaTXNXb7wtM+yupGh1TQ3+sIDP8vqRoZW0zwBBffvLqsbGVpNy1x5lPJSFjcitJbmmhXcRLusbmRoLU0gBjZ+K2sbCVpHE4rBmRtlcSNCq2ju+4X9grK6kaFVNI+Yx1NAy+pGhtbRPBcFDwItq1qG1zpaBs13tg7AcupfsgzbTegrixsRWkXLuHkYdCirGxlaRX1u0g7LE8rqRobW0VzYgueCltWNDK2jCdbgMXZlcSNCK2nmO3g6aFndyNBamqfP4wGhZXUjQ2upzwUHvUeKtNRrLc2wB48JLataBmktzbwHTwotqxsZWkvzMHo8orGsbmRoNc3z6PGUxrK6kaHVNI+kx4May+pGhlZTon5DhrK6kaHVNE+mxyXpZXUjQ+tpRkAdVQcIqP4liwj9oY1ldSNDq2nmQHhuY1ndyNBqmlEQHt1YVrWMSatpgju4LWpZ3IjQWprwDh5VVRY3IrSSZiKE+96U1Y0MraSJ8XTGOJbVjQytpHlkPZ6bVlY3MrSS5qn1eHhQWd3I0Eqaq2Xw/JOyupGhtTT3GMPDBMvqRobW0lw0g+cJltWNDK2lpXCm49MCTlT/kmWYvfcCUFH9S5Zh994LoEX1L1mG23svABjVv2QZfu+9AGZU/5Jl0N57Adio/iXLSHqKRz2W1Y0Mradzbi7ROSgBPKp/yTKSnuKBj2V1I0PraZ5wj2c+ltWNDK2nZVZLJ94JKFL9S5axq6cAJNW/ZBm50gFSiLK6kaH1NNOk7n0gPQ1aT0svsk60ASCl+pcsI+tpx6ADVKn+JcvoVl6XtY0EraW5+ga7owAs1b9kCWHnlARoqf4li8gq2rFLAV2qf1lk5CqczkkL+FL9SxZheqXgZW0jQetn7BaClbWNBK2dsdsJoKxtJGjdjL4/ILKsbmRo3YzdfPSytpGgNTP2U9LL4kaEVs3EjnBWdlnciNC6mStzOqFagJvqX7KI2M2tLosbEUo1TcJHOD26LCoRRgMnk8e9wAzTsrgRYbQI202SLosbEVaLcN086bK4EeG0CN8fH1lWNzK8lkHddOeyuBFBWsTUzXguixsRkxbRR/JlcSNi1iJCN++5LG5EBC0idlOXy+JGhFbPRI1w9nJZ1CI0ZzIJGuEE5rK4EaHVMzEjnMNcFjcitHomZITTmMviRoRWz0SMcCZyWdyI0NqZa3k6qoUQk9GIySRehPORy+JGhNbOxItwSnJZ3IjQ2mlCf9BkWd3I0OqZO5wRTB4qqxsZWj8TL3IE84fKqpahEZNJvMgRTN0oqxsZWkMzYurE3Q1CTEYjJmP7qUxlcSNCq6jdCd0bBJiMBkzG7oXuDQJMRgMmk1ufEex6UVY3MrSS5u5nhFMxDAJMRgMmkxugEU6BMAgwGQ2YTMJFuAC4LG5EaCV1e7TeIMBkNGAybo/WGwSYjAZMJjdDI1hMXlY3MrSSur1jHvElo/mScTuZTmV1I0NrqesnO5XFjQitpG4n36msbmRoJc290XDKUlndyNBKmvujEaywLasbGVpJXb9IrSxuRGgl9Tu9+sqqlqEJk/Fm560gwGQ0YDLe7r0VRJiMJkzG7/RxLqsbGVpJEy5yE6waKasbGVpJM2HCLb3L6kaG1tI8d6bzZhFhMpowmdxDrftmkZJqwmR82HuzSEc1YDKJFvXfLFJSDZgMHfbeLAJMRgMmQzudTcvqRobW0lxTNMHWVmV1I0NraS4rmjrmDwJMRgMmkyuLcMZjWd3I0FpKud1zx4RCgMlowGQyYOppOgJMRgMmk3BRT9MRYDIaMBkKe5qOAJPRgMlQ3NF0xJeM5ktmOuxpGOJLRvMlk7uvdTLrDAJMRgMmkxuwTR3DFhEmowmTyT3Ypo4phwiT0YTJ5DZsU8eUQ4TJaMJkpt29FBEmowmTyc3Ypo45iAiT0YTJTHtaigCT0YDJTLtaigCT0YDJTHtaiviS0XzJzIe9/RjxJaP5kpnN3n6M+JLRfMnMOw1Sy+pGhtbS3KRt6li2iC8ZzZdMadSG02MM4ktG8yWTm7VNHVsO8SWj+ZIpfAn17CmLGxFaSTNe6sQIEF0ymi6Zud++vCxuRGgdzeVJncAPYktGsyWTm7fB7k1lUYvQaMnkEqWO/4bIktFkyfRbuJW1jQStn5kr9XQccSWjuZJJkAhH/w2iSkZTJZMQEe4GVRY3IrRyZqjUSbQ2CCsZjZVMokRu7pjWCCwZDZZMaezWcakRWTKaLJmEiXCCoUFcyWiuZBIl6ky6LqtahgZLJnGizrDrsrqRoRU0N3nD867L6kaGVtHEijojr8vqRoZW0TL/BqNxg/CS0XjJxHzQYzRuEGAyGjCZOPVLtcvqRobW0lzNhMdfl9WNDK2lCRh1hraW1Y0MraWJGGHcZhBiMhox2QSMOqzMIsRkNWKyCRh1WJlFiMlqxGQTMOqwMosQk9WIyWbEhHmGRYjJasRkEy/qsDKLCJPVhMlmwoSPNYsIk9WEyR52nHqLCJPVhMlmwoRhhEWEyWrCZPOcnN5LBcppNWGyiRd1OJdFhMlqwmQzYcIwwiLCZDVhspkwdfQCESarCZPNhKmjF4gwWU2YbCZMHb1AhMlqwmQzYcKcyyLCZDVhspkwYc5lEWGymjDZTJg6qoUIk9WEySZe1OFcFhEmqwmTTbiow7ksAkxWAyabaFGHc1nEl6zmSzbBosOvzv6PJ/Or+dW5/wlu/tXN5mGI0UEZYhYRJ6uJk83ECX81iDdZzZtsgkc9CUhdNW2yecAOdNwsgk1Wwyab0BFOibGINVnNmmwCR9iwtog0WU2abO4u15GAVFVzJpsLmXCj/bK6kaF1NUEj3KO0LG5EaF3NdUxT52kiXdWYybqc1oxFIMpkNWWyuYwJV1NZBJmshkw2VzFFaHpZxJisZkw2FzHhbHWLGJPVjMnmGqbOS0WIyWrEZHMNE87dtwgxWY2YbB69A4GuRYDJasBk3dwHuhbxJav5ki0lTPgmkG5qumRzARP2ciyiS1bTJZvrl7CTYxFcshou2Vy+hOMiFsElq+GSLbN48IGA2JLVbMlmtoTLQC1CS1ajJZvREmxKXhY3IrRueupHZywCS1aDJZsH83TMFQSWrAZLNoMlHJ2xiCtZzZVs5kqwO2NZ3IjQ2ul3AL1FWMlqrGQzVsIl1xZRJaupkk2ICI8ZKIsbEVo7M1TC+e0WMSWrmZJNgKhzoCKiZDVRsgkP4XkDZXEjQitnokNw5EBZ20jQukk7pzqCSVbDJJvQUKdO0SKYZDVMsokMdaJlFrEkq1mSTWTIwyFAZXEjQqtmrlXq2AUIJVmNkmxGSZ3PFJEkq0mSzSSp85kikGQ1SLLTjmoijGQ1RrJTPwBqEUSyGiLZRIR6WoEYktUMySYg5DumHkJIViMkO3VnmpW1jQStmgkHeVwMbBFAshog2YSDOl0mLAJIVgMkm2hQp8uERfzIan5kEwzyOLffInxkNT6yiQV1SgwsokdW0yObUFCnPMAieGQ1PLKJBD3S/5DJitiR1ezIJhBEuFmGRejIanRk5/64lbK4EaGVM4/7mXFWgkXsyGp2ZDM7mnt/CtJPDY/svOcPIXhkNTyye/DIInhkNTyyGR7NOIBrET2ymh7ZsLd3InxkNT6yYWfvRPDIanhk+2OAytpGglbPXJLUQVgW0SOr6ZENO+c6YkdWsyMb5p1KZovYkdXsyCYQ1PtKEDqyGh3ZjI460RPEjqxmRzYedrwAhI6sRkc21yThQjOLyJHV5MgmDNRpK2EROLIaHNlEgXobMOJGVnMjmyAQJnEWUSOrqZGNeyc7gkZWQyObCFBn0kxZ3cjQ6lla4PWeJ1JPDY1shka4a4lFzMhqZmRzXRL+zhAzspoZuVyWBCU4hIycRkYuAaBOlw+HkJHTyMglAIQnr5TFjQirRbju8JWyuBHhtAjfBXAOESOniZFL/KdT7+YQMXKaGLk8RAh3PXCIGDlNjFziP3gQS1nciJi1iNCdxVIWNyKCFhG741jK4kaE1k2zwzMdIkZOEyOX+A8eylIWNyK0cib+00GiDhEjp4mRS/yng0QdIkZOEyOX+E+nZ51DxMhpYuQS/+lQVYeIkdPEyCX+06GqDhEjp4mRS/ynQ1UdIkZOEyOX+E+HqjpEjJwmRi7xn07ptkPEyGli5BLs6VTYOoSHnMZDLtGeDtt1iA85zYdcwj0dtusQIHIaELnEezps1yFC5DQhcgn4dNiuQ4jIaUTkEvHpWM8OMSKnGZFLyKeDhx2CRE5DIpeITwcPO8SInGZELhGfDh52iBE5zYhcIj4dPOwQI3KaEblEfDp42CFG5DQjcon4dHKeHGJETjMil4hPhzA7xIicZkQuEZ8OYXaIETnNiFwiPh3C7BAjcpoRuUR8OoTZIUbkNCNymRF1OJNDlMhpSuQS88H2nkOQyGlI5BLz6dh7CBI5DYlcQj5uxoniDlEipymRS8wnYmrnECVymhK5xHxi52kiSuQ0JXKJ+UQcvXCIEjlNiVxiPhEHfh2iRE5TIpeYT8TeiEOUyGlK5BLzidgZcYgSOU2JXJ5ehHOiHaJETlMil5hPxK1MHKJETlMil5hPxGFChyiR05TIJeZjDrjbn0OYyGlM5BL0MYeOfiJO5DQncon6mENHQREochoUuYR9zKGjoYgUOU2KXAI/5tBRUcSKnGZFLpEfc+joKIJFTsMil2cbHTpKinCR07jI5fFGh46WImDkNDByub3doaOmiBg5TYxc7m936OgpQkZOIyOX+9uZjp4iZuQ0M3KZGXVSWhyCRk5DI5enHZmOniJq5DQ1cnngkenoKcJGTmMjlzvcmY6eInDkNDhyeexRJ7LjEDpyGh25PPmoE9lxiB05zY5cHn5kOnqK4JHT8Mjl+UedVp8O4SOn8ZHLI5A6rT4d4kdO8yOXC5BmXNPlEEByGiC5XIHU6ffiEEFymiC5XIHUaUThEEJyGiG5BIRcp7OcQwzJaYbk8kQkPKOtrG5kaD3NQ5HwmLayupGh9TTPRcKT2srqRobW0zwaCQ9rK6sbGVpP83QkPK+trG5kaD3NA5LwyLayupGh9TRzpE4pgEMgyWmQ5PKYpE72kkMkyWmS5ILpz24rqxsZWk+D7Y9vK6sbGVpPg+tPcCurGxlaT3OHOzzEraxuZGg9DdSf41ZWNzK0noapP8qtrG5kaD0Nc3+aW1ndyNB6GkJ/oFtZ3cjQehpif6ZbWd3I0Hqay5E6U1IcYkpOMyWXy5HwZLeyupGh9TQPU+pkMjlElZymSi6XI+H5bmV1I0Prae52h0e8ldWNDK2nkfpT3srqRobW01yOhAe9ldWNDK2nmSzBVFKHuJLTXMllrtTJRnIILDkNllziRKaT/uIQWnIaLfnDYeeU8wgueQ2XfEJFppMB4xFd8pou+TxjqXNie4SXvMZL/rC3m3rEl7zmSz53vetM9PCIMHlNmHziRS7gkkqPEJPXiMkf9mbXeMSYvGZM/jDvWHQeQSavIZPPM5Y6Fp1HlMlryuQPccei8wgzeY2ZfJ6xFHCPD484k9ecyRuz90wRaPIaNPk8Y6n3TBFp8po0+TxjqfdMEWryGjX5PGOp90wRa/KaNfk8YwkPnCyrGxlaT/OMpU7SmEe0yWva5BM76uRveESbvKZNPnfA6wwE8gg3eY2bfIJHhvAB5RFv8po3+USPepNnPAJOXgMnb83O5BmPiJPXxMlb25+gWFY3MrSaJoDkAk4+84g5ec2cfCJI3U8OQSevoZPPPfA6Bp1H1Mlr6uTzkKWOQecRdvIaO/lcm9QZFecRd/KaO/ncAy/g9j4egSevwZMvxUkwJcUj8OQ1ePK5OGnqnHKIPHlNnnziSL1RGB6hJ6/Rk3d2J4HMI/bkNXvyLqsp7qvjEXzyGj75MmSp87kg+uQ1ffK5CV7AyMUj/OQ1fvK5C17AcRyP8JPX+Mm7vd0U8Sev+ZPPRUqdEW0eESivCZR3cW9HRgTKawLlc51SZ0SbRwjKawTlcxe8gNsMecSgvGZQPlcqdcareQShvIZQvgxawuPVPKJQXlMo732/ptAjCuU1hfKJKXVqCj2iUF5TKJ/HLPXOSYShvMZQPkGl7jmJOJTXHMr7sHdOIhDlNYjyuVwp4FZFHoEor0GUz/VKAbcZ8ghEeQ2ifG6D1zuvEYjyGkT5RJVwVrFHGMprDOVzE7zYcVwQhvIaQ/ncBC92DHWEobzGUD5PWeqkK3qEobzGUD43wcOHJIJQXkMon4iSix37B0EoryGUzxCKcEtAjyCU1xDKZwhFeKSHRxDKawjlM4QiPI7DIwjlNYTy0677hCCU1xDKZwhFuHGuRxDKawjlM4SacDM+jyCU1xDKZwg14R49HkEoryGUzxCqMyvOIwjlNYTyGUJ1ZrR5BKG8hlA+Q6jOjDaPIJTXEMpPO2nOHjEorxmUn7JZ2lFTxKC8ZlB+3rVLEYPymkH5BJTMhJtRecSgvGZQPgGlzng1jxCU1wjK5yFL+IEiAOU1gPIZQHXSST0CUF4DKJ8BVO+bRQDKawDlcx0TLk7ziD95zZ98gkmd4jSP8JPX+MnPe+PqPMJPXuMnP++Nq/MIP3mNn3zYG1fnEX7yGj/5sDOuziP65DV98mFnXJ1H8Mlr+OQzfOqMq/MIPnkNn/zueCWP4JPX8MnvjlfyCD55DZ/8znglj9CT1+jJ74xX8gg8eQ2e/N54JY+4k9fcye+OV/KIO3nNnfzeeCWPsJPX2MnvjFfyCDp5DZ38znglj5CT18jJ74xX8gg4eQ2c/O54JY+Ak9fAye+MV/IIN3mNm/zeeCWPaJPXtMnvjVfyCDd5jZv83nglj2iT17TJ741X8gg2eQ2baG+8EiHWRJo10d54JUKoiTRqor3xSoRIE2nSRHvjlQiBJtKgiXbHKxECTaRBE+2NVyLEmUhzJtobr0QIM5HGTLQ3XokQZSJNmWhvvBIhyEQaMtHeeCVCjIk0Y6K98UqEEBNpxER745UIESbShIn2xisRAkykARPtjVcixJdI8yXaG69ECC+Rxku0N16JEF0iTZdob7wSIbhEGi7R3nglQnCJNFyi3fFKhOASabhEiRR1WkcRYkuk2RJltjRj44AQWyLNliizpYAD7oTYEmm2RJktBZzQSogtkWZLlNlSxByEEFsizZbI5kgTDvwTYkuk2RLlgibcrogQWiKNlihxIhNwbi4htEQaLVFGS7ibFiGyRJosUcJEnW5ahMASabBEebgSjtgTAkukwRK5nTp6QlyJNFeiPFsJd9MihJVIYyXKo5U6uzCiSqSpEmWqhNtVEIJKpKES5clKuFiOEFMizZTI7aknQkqkkRJlpIS9d0JEiTRRojxXCXvvhIhS9UsWEbr+ACGeRJonUYJDnVZYhHASaZxEiQ3hADkhmEQaJlEiQ9gpIYSSSKMkSlyo0xqBEEkiTZIoYaFOKyxCIIk0SKIMkgKuBSBEkkiTJMrzlDonGiJJpEkSZZIUsNdNiCSRJknk+9V2hDgSaY5Evl9tR4gikaZIlClSxOiXEEUiTZEoU6SI0S8hikSaIlFue9dp9UOIIpGmSJT73nWa7BDiSKQ5EuVypt57RRyJNEeiXM4UcHIjIY5EmiNRLmfCvJQQRiKNkShXM2FeSogjkeZIlIuZcA9WQhiJNEaixIQ6PVgJUSTSFIkSEsIpq4QYEmmGRHmQUueDRwiJNEKijJB6ioEQEmmERIkH4cA6IYBEGiBRBkidomlCAIk0QKIMkDqDIggBJNIAiTJA6gx5IASQSAMkylOUIk5vIASQSAMkygCpAwkIASTSAInyGKVeOAMRJNIEiUoVU+95ICXVBIlKFRNO1SBEkEgTJJrzTDoMbQkRJNIEifIcpY5FjwgSaYJEeYxSbzdHDIk0Q6LZ73gFCCGRRkg073S3JUSQSBMkmne62xIiSKQJEs073W0JESTSBIlKI7zOyYYIEmmCRPNOe1tCAIk0QKJEgzoGC8JHpPERBbPT/I0QPyLNjyjRoI7Rg/ARaXxEiQU5izE8IXxEGh9RboTXMWURPSJNj6h0wsMZBYToEWl6RJke9TQD8SPS/IgSDsJd0wjxI9L8iELYfa1IPzVAoly41AFIhAASaYBEuXAp4qJnQgSJNEGiuBtnQgyJNEOiXLjUaUBBiCKRpkiUC5c6HSgIcSTSHIniTjdRQhiJNEaiXLfU6WJBCCSRBkmU65Y644sIkSTSJIkSF8I4ixBIIg2SKIMkzKIIgSTSIIkySOqoOQJJpEHSlIco4WNtQiBp0iBpyiAJ84IJgaRJg6QpgyTMCyYEkiYNkqYMkvDJOCGQNGmQNOUhSphFTYgjTZojTXscaUIcadIcadrjSBPiSJPmSNMeR5oQR5o0R5r2ONKEONKkOdK0x5EmxJEmzZGmPY40IY40aY407XGkCXGkSXOkaY8jTYgjTZojTXscaUIcadIcadrjSBPiSJPmSNMeR5oQR5o0R5r2ONKEONKkOdK0x5EmxJH4l//89ZfT+Y/lel9e/vf8snz/5e//+Mcvx+fn5XZ7ul++Ledffv3PL0+nvPQ4dtMVf/n7f3559An/+3/+++svszP5h3TS/v0///3vr3zx/Hu+alp73EaWvxHvKuH5X7r8P+TL/zWOf+DfzIf8w+Tm/EPwE/9QfmMOofwqDUfinyz/NPF/5/N/9zO3v3z/OF2P99Ol+UP8+ofInRPfZ+DbC3J7s9yUk1uZf/ZWbs2bmu16D4+Bhfni5sDXpMhXmuPgla71BaZKE2Z+K7H8kZFfT2qROij9j+Pb59L8ETZUClGe1mN8T76Y5zcfyg9zLH9TMKwLrtxQYDUJkV/7YxJueepe9Nfym3j4u0P3/fJyXW7NXVc3zR9IeRr2UO790Y29qEXkR8eviNV35rsKZPmpEr89ftBpgiM/aX7mXlYfBtLQX/H22iiPNZXyOH5OU7mPR45v/oEfZiT+b9wsd3EY3Ave3i5//utzuf74OF6P75c/luv19KIUwVdbA7EGPIJv5XnYwWu9tzpc/Zn8Riw/RhdnfiMzP/9Jnr/8vQeSpz64eXx8vJ2e05Zxux/vS/N3muqOHp0liwLwO7Z28H1+fFzOy/V6af5cZ2OlmtPgI/v4uF4+78v1+HH6ejy/vC3XL+2m7Q61VPPTUi/nvIm9LOfT8lKu0V7B1FcY/DCbK7xeL58ff3kZW19mcN/iyzxfzvfl+70V6GqB/ucEfhxfF3iXVAsd1rmNrj1Cd+tH/hiqUPYMkt1wHn4Gn9e39nv19ffq+Xvlvfcgx7B3g4/l/vT1ePvafL3V6+K9/NGFonyrvJM/mlsPXeHzpZFePZ15ZumRpQeRPvhFft6/Pt1P780rmKqnxM+/bJuPa6w7exi+xnK+PzaX5jKP4pz1Tcux52nw4K/EXj7SvtVKr4TzsWZXi+an7x1tjO5QP6pRi2WVebl+PZ2bj7PeC21k24L3fj57p8CHML+WwMdhmHkpstFmZvmzPas6Wfmw5kFVr2+7PQan2voutyr2pJixj4l6oxd6P728vC1/Hq/t43ZTvcmIoXoY3N0/718v19O/07t8Ws4vHxf19GNtnR7KjXsn36z/P1womQ/t85qr58XfsGMjcZJT1Q8ehfXV1I73KF6rvjHxKEZP2SJ6ebk9Xz4WZcrXG7VYJUaMn4mNeh/GrwaeVqxe+mzZqBbnxHgxOsXcMxMNX3HzUdeHBFu9jyaX5a38xPb05+n8cvnzsb1ePtsjONS7k3eDd/vvj2abrmTMkbfp8vgjP6g0fGBE+m/H52/PX4/n8/L29HZ5vXzen27L7fb4VG6fHx+XhyvefCv16z/wMeHkBPJjBhG6LLycry/Hf66Tw8iPGQXV5fLVGlWrLTpip34SD+ZAgxc5Xe9fX5RaTfXeVV6OZTPd8vH36M9UzHvx0tibEevkEGVPPchrFh/ayyrFsVPuuf3eahNDfAsTx5T0eWsQVVsQn1ueXc4o8Q5nxjbX5+Pb2+Mtti/O1i/O84sTx5TGzjiWDewJa6pLuMH9heVtdzVPtSVaNpl16x80oFf596/t/jI1+8vPSQM2uW1s8jHb8vnr8vxN9pDTl+uxNTNjvQey9novCu0H39nX09vLVUXsTPOxsUVkiq6FQX/1+e14er919qP6CfOh5yVk4/yghrydltYGcYfGxB/8gpOYZDkt96+X5k6p2jkn3spY1RxvRV4iNo85X2UnEW+l2ECD93Fqrm9bXS/fJE1snh5kCyinx+BVbsvzdbm31s6htnbKX0a8RxLbyCSP4bBGNsV38oN26vPb5fnb7dvyZ/vHTvUfO/MFZSeyEogaNO/SZe6Xt+V6PD+3n2WojTs/aJw+X15ac6e+YXaUZolHT4Ov5PKyPD1/Pb69LefX5SlrYe/TqW+bv0kvronzg9vV5WWRK7ZfULVT80nLeuf4OlPg3WCWkLtnbSA7qAP1PWw/vdqeYBrBqmBZGx1f1QVx7xzfGv8QxP70rEA28lZJblCVLi/LH8v19OXUBm/q3ZIPfI4uOnYUXRXuW88pvgU76Pw+X94fMcDz/dY+p9qPHoxYrqL+BnZRW0fN7OBR8nDxr5/P9zZA+Ujyq7YVfhMcZSYOL5A8l8NBQkpiQPmD/CQ+kl93Awka+1nC5NPgpnu5fDu1Adu5eqMT38LEG+3k5AfZCNcdSr79Q1h/GjN8851A66l6wS6MuQZZ2nabt36u99jAe6yEwe3g2XtpwwvVx1rU2pmVy41+YtcFaGN9x+YwCJ+eL5/n+/VHs3WuYvgAZ0cvDDonz9dTe2j65ut3bA7IwTgYXXm+/tHCmtpm5IPQczQokgRV5sG39Xm7X94/rpf78nxfXlI0+v14f/6qA9G1uxHGdqWX9s5rz5bVy3O4KUoowM1jG9XL8tvn62t7m9aHWocj67CwYTsq+7Gp//6nsoNivWGJOTfIKF6W5+uPj1Zibe5adjDnQRpRBMJoi6mtActx8nkQSxTJxclo5daUlo3bedBxe1m+HD/f7p2IlK8eL7HDQms8UsLMfjAI8rK8LQq5hUoJJwnWHgZ9r5fldr9efoDnYmv6Q2ZUy/44PS9PAwHU+qTkAIoXs8r5wds/3T7ejj/aA71GkL8UE4qNFDaKplB+CHwCB7brg2RiMAsOkU+/9VC3Ek2kNX1kcIcqdw2OP6o8ID6mnBh5Ysc9ZhsPXejyfjy1b9XWZIvjHjEM3vjl3CpfHauiOPgpfrSbaB2v4/3Ns9sZxZh0oxr9r1Z8E0BlH5Zdvih2qRt0oF8+t+kydp5rK4oj3OIyHlaLYzAto935bBOk4RACm18zXzCKaWhWvj9obi/vx1MDBKY6DYQ/I7ZMLQMCzyHPyfPG6SVgJ39+lI/mIGEPI768rFL8iXt9Kv5JCz3rBAHOVWE8Y1dEyblMxJCAt4UodvZhDXMc1sij2DqyOg2miSxncFZWt+s4+DAPhvSKQHhW2kPj2bKiDLoJRTI6Ew61n8rPZR50/Zfzi0T54JlQGyMcm/Xixjo/fJlylXQiL/elpZA1TWYzyoXVWR78QuUqmqTVmWUmSLB90ATaZL00Pgx/1mx0Ow5JkBPeJSlyEpSzEi/2g5ZououX5fZ8PX1skgNrg5QvwSek40DEeioeJGBmZ3kag5v58v3BYF6XxqDQgSlT50EZ8UX9oGm4fG8OpLlOB2Il5I0vWj71SwbniPTTdbk9tcfwo3ZjNTqF3/N7mpjyzG7l8GuS6tjhX67cXrixSDlgIzlvdh4V3W5ktokvcqCOdTNK3owbBLzL9/v1iG1q5+qDafBRfAEoyNWWQRhM8/hyfD+9/Xg6K0Ix1wlekojHGZ8rc2XLgFOUZjYioxV8JqBOsi2NJN8aCVGneomhO15elutRBVadqR+inGomDD4Flnk7vZ41Gq1D68TGCrFmz3YNcEscfRDJflnuz18/b8v1dP5yaTMMai+2PHXeKx1/XbM8T+tkH5LThWjMBP5yersv1+Xl9JKSljP5aT/tejPim5HsDXYC+Ssh3hPnlR6vYVPZRP3qbtDYFv7ldH7ZZKjbQ6gPcH4yg37Ll8v1ebkuX65LC25tHRd2TIXiYT1Tx3b7L5fr+/GudNXUxymH23gzDIO89sv1cr7/TNKCqS0ow9/f+hacH7NV4YXxBetDTILrXgx5Gts6X5fzSxtBmpu0UN6c+MgRrMfb1cTp2rOXQ09SaMR+lzRj4yRwTbI6HcaMqNflnDaS80URK3uovXj+cOdp7KGz2I9vWqqrpXrW/uEnm6QCa7uOWbNzMQ+epa8qZh1qCruCgkH39HW5H9/eSkC8/UarL9+zXBKEexi0rl+XO8AIpjIrvOxxEq84DH4tr8v9dF/e25SCenN3qwV5kNiZuJI06Ii8Lvff//zW7tp1Nq4J4pwOhgFfl/v7cj++HO/HVmodIQ7iPQ66eK/LHSESV4dwzNjW+rrcPz5/ezs9306v35YfX66X99Pt9rlc9YOwh9op5Q13HvQbXpd7KoVog0R1IDGKWzC8od2vxz+vy78+l1v7pdTpxyR1MQca/u5uy/WP5Xo7vSwf18tHa2ZODXsef2EwklrnNbBNEGW3PKyVL4NA6nW5b0umbJ30SkZOYXkwa6nHIDOQy0BQR/WZL3+U2FiDcPb19Mdy3hrUdeUBW3SsjHZNDmN/iTOjZql1EevSyAOQJDrjxDUmWZ0GYdvr9Xi+P91/fCydrAVTn12Gr+Slms+NKuij5qMJXFQ7OAf/HEcC4kFo06BnkOSDN+tcDQ8Hk0KTsEbMXH2drB6WManlHdbzS524RnKWfEb+V4FPq8j/cZRz0YjCGbf+JKtiPhmJVJg1z1xAu5MQBYm8ks05+JcnP6DNLame4szHbOCzMfKTiKy6cYUMAtslYG2MqI8RrGgGj7uv9/vH5fzWbsq190sS3hgsID0dm514rj1pdnblDxRnqxQL/rX0F1S5W5nHEkea5Z3TYNiOZT89XNfT+fXp+Pb69Eeq3Ox9zfURznripfjV0eiFW+xRmzWWLZiJ86qMkTOBBvXwtPX2Glect0rJSpHoDyc8ceRikttx4rULwFhrFtdMozUvak0GWMNwg0GFrkNdM2q+kuOPJUrwwg36HHIdkJRXm7F8gFoJk7EzPss5YtfwHI3ZYfXVYa6erQODfODxy3N8vVm2Lrt+AvRTD/r9+P34qqz4WiX5imvQ5Kf0cOvSVaci5xc52ensYGlDkV6+XlX3a6lOy2cQRWue0mD62+Yil+vp/rXZ3k19KcNXWD1gL9VvfjBL8fR+OV+e3y6fL9m/QhZvHejygyHLrdzbx+V8U+/mUPtvY/ZD/re1lOqJlPcridSDWc6n80uuG2vvztZ3x+flalANpq2fzo9y2ueHwfOuEIKrjzDjBhN7k8Dz8S37ERtyY2sfggbLIk7n+/Vy+1ieu6kTpg43GNYzzwDWuMH8rtOtroxsM7Hr3ChaS6nEZhHHfrA49XTLNKK9Sqi220lMncOaVj6YlXW6vV2OL6fza2uA1WVPg5mEp7YVQp0dycEMCTdECc66wZy/7HG377LWO37QXp6vG4xvZskoBFHbTYZPDS89Edxgcvnpdr9c1Xnh6sdj3GBw7nTLIfyNe2PrZ+H4VoV7zYKTaHWcBw/d+pLI4/HV9hcHDbrfWxE1AhpOAv39zwZJmXobNpyIbrgIwXPqrRfrR+xF4a7GD9pBm8BP3b1mNauLBcJ5Mo7vygfBKmvdrmjVWlk2WAX5uJunz+up/Thq/WI98PL63SCyech+Pj5/XVDuzmNKanWQM5XhsAAxICIxcg8rlLErRxrTxN//vH1dji+P7ggoNcHUFTCGTW0vMTM3mCGjtKomUmwVeVaYKPU1pazgr6UvP55UuMzU5eiGn5lnsByljmY0pfvb8kM9mfrQY230EmF2gxWM39qSI1OXgKwFwvKhzfLFMaiV9He3hnMHI0ff7j/aa9dbBkcqPKP/KEljJTnlL+W/XZ6Pb20YrTrGWYkse0yW/wAvBazMTGc2JqI4OGZ1euSDd2tOgqyWWsqxmz2pJ9IgsLLhsK8QBr/2JBidVqF51cO3+Xo6694LdWYsm6OW878da9HE/nTgmFKQXgesV2FthCTZ11aCVrS6l4Px95TnfnxrEpJcTVDnKAEoOU75I13vRY4eyTY0RiIecigYM3jk811tg4SuTm0Mg47H1nOtiQi7lHy/loMYTmr0efuYGIcGjrYEI4E6/oG/xyA5lWtSl/VripWQUVml1TUfTHd6P34/vX++4xzTahefOA41rfmKa0XAYNub9+X9cv0Bv5RmYzJjtgwbnzsnbR1Jkzwx/jiIvxsSU+Yg+u/XhjuDnDLX2J0v99SfSzkedXIrDYKK3GlkSyoqUcygLCcvWkkgk1JzjkPPbOPHNW69BnXWYL7UvEqQNvX2HLrjjZNbn6FCUdKECdZTiYMPRoIluPC3hzNZX63adHSR1Lz2mRk0lOUy+irOV7oaZQ89DLYcauT+drwtGyfe1OmOwg6kdUJcEzzN2InSXBI1yPKVQRoHTbJGKPRwXC10zAZbA0epTg31TqrTCQ2HlteMbj9YNqJCVAg31u4J8XYdBy2jSj6qurO1FUjmJ5/OA69s1aYupjdsB0t/xhjXne0nL/f7rVM6GGpHxtvBQwCJRQpUp6WYEoT7Genbbn5NDyU/GD8XiWvjJ6ju1d3G+JM3e16+31FpZu2NHgbT/kXo5fTyvBVq6oIfIwW9fjCUv0oHGlgnMhu2/td2XgdJKvWDjb2qq22/z3rXWu3WwyDy06IfW3F7YteR/cGmVCIUJo/U9yso6zDox1eiQTS9brhEP6t9qV5VtQGrU8IEUB8GA1UiGRU/NmErdgCmg5yjApv9YAKavhrSlTrYPq1NYQfz9TtX2KhMbcVOa0ukwWw/fZWHnazk21r+an3/5JGX0gnRU6pb80xrNcVgCn0r/+N4vZ+Ob/Ayde2a2KKHn7URcjfp7SZUvWqp/prEvzxI3Y3/2aMcJECF2kWSYOQhyEY3WOYo13iEjds/p65uXjtwrX2N1x7GP/nn/HF8O70knwk8xLpCmVH8JEU9Zs1eMWMfabsHuOYgZguXbfQojqUbfHwbF6nOJ+JwCX/2lt+Ol+4Ya5kEZwJxyDc6MfzWlOQ1nUcI2Bq/ltVpkBU8Dn8V2q/zueZBT/4hpjJRmhbBjfAm/GwGj0stfdMeuL1Ek8Ey6HG1l7gut8+31hxqDNwSnf9rqafnb1o96rgcfz+Wk8oth2i8NCfh8NMsfcXXcJX4zZIsaJxdM2mCKMPgd3JJbZGVt1BXmY52KD8rX9zWQbnRjnabnIo6sVTAjFROlyfIYNVJpx4BC1KqzJ9TkK9etk8rgT8rdVySvmec1PPQYH7I+XL/cvk8twGZuclUGns52KK2dX0YSfTkIJuDH+zptvPN1nHqmS3ruMYH5dlJLZwxgufNoAFyOe+3oKw3DuLQJrGnOUmi/GGNLw26mo8Ky+tS7J7n63K8K7Ru6zEa02CdAzjYrKkD6cw7JiZts6Bftq5mDqDP0rmfIUYU5GgGXd+/2jbrPo5zlBA+X1iCHNKzxghcM0YIvhl+PHsPvNpreTuz/FAsn44Sg3bSv44/eWLXcuLg6iQdVGRXPKx5p3bNyxKSKxlNtNaiDXpijz/uvjs4oD6jiHccmkUlJMy97vWDufKXNmBoangjUMNz4DNKfqQbjIC2aZ2uCZNwbg7HJaPYbG5wPsqjiz4ahdDEDcxgPv9D2E+MLWjarpvBbVNdY2hwAbV9/sa2f1QaXKecD1bufByvyIc3tdFqOWgyrS3XBs2oj+P1tvS7u9o6xcGxsToPEhzdzdXWNE2snTiYgPvxKIW5baydurab+BSNg5lZH18v5+Xp/Pn+W/vKa9+cz00rpbtsjUirzYmJ3SzZ8uumKye7VBcYGT1i5I7NNFjJUN8ybDJS+/186Fip9OVQkiSATrwrzwJapfe1dLM1kgJu1tkDJKvTIIP7OD3fP9swRWgC/3y3Uv3JOxRnskxs482cWhTXaoq1yd2adb2OB5DVadCc/bh8fH7k1udfl9PrVxXObrJWBgsIK5F/nl50r+MmR2Ww/Ozjcrsf3542PSeaRsfl2GW3MwyWaD9koy7VrmmZToP2TC0NbI5NX3QabHT5kJltz0fJ+3V5qFeTo1Vv3WurYDE/uMyU3Yp5DT+vRrLke1oJn9Do8Sj3p7qwuDqVPwz26vi4Ll+W63V5eXoEfjZ+asMUygckKfqSHspG68R5VTNn1cS1mke+drtOGpOaJpLVaZBFfVwvjxMW6lJo7J3Rw/V6+XJqc4maSQTchkLm0Vl2g7z0DuWcr5mRd1yTSWT/kDiQkdYIRhrqp4GHg7f73vZWqmshWdOkm4IMTHNeDnb+QYrOOKMp8FsL/N+EytWQvVFouhVPjyrfWH4a7MdV2le2AKreEQ9yOJjBqoYi8vhxaqXGRqq8osFknFXqY2gXQHHUdvobVugiNRnASGzTLGqwH7iI/eiJbZo3mcHO8kVsDkZ86GyaQ7VFzoMh1I1EdK91L4951FvhtqhtFlZdbjvoV4mkx3CuVAAhfZbbJ9ok9Q0yKxEuMrcV2rVTHEY9oL/sCtv0ATCDpRStWIWiqT42ZL8YTOwvkqGqNmHdwezIIm+jpE1D/IMcQGZwHl4lNnustcv3qJVu77wJHQ82m91cYuNabq/TOMmDDdj0ddCTbxzjQWyp5F6X++f1vL3lZrcc9QM/b1+XF9V1tUDvTglR7XHzie0lD8yNGrDpwn8xxcrUDpNUTE7zekz+ny8GwL5plGvFi4O9D9vmoa6ZDccWHqd8RYmxukEX+19tfUNtpBiO4knlbJS6RTfobbON3obW68yJwfoBFnS/5BrIdt+t+2avwHjtIjaYTqIvAr+05pQfbFOlBYOjo25/NsgtWql6TldTDnoQo94MHssb4ehhNAk9ZtBD6vhtdYEfh1Jk6J9jE9ZNAogkHVqcNQlx02D95cO7uj+3Pnkd/5oHhwcUObATXLPlM1p27JwR37MkusZ19JNElOyavyj2vR/staDuDeVM1g6ZPMRprZgaNDpBHzZX9xCbB4tYixzUcqHet6XbsECC0cymcoHUN6V9V/X2JyPO/WBRQS0WPuaamfDJJghzkkbvEiCkte6CJH9g0P4pN7PJuG5GV9FgEKsIQ1tAM0yKBkNYRR5K/2q6HElOhV/7Iw7CyvYS8HXUiUAcW5yl+w4N2sPlQttWF3WyF989v2MnHEkqnSQUcViH+q7t1ddiyrUTWBx9Eq/6ITdTIsodMWALg3mvD7G3uxoNUU9EmAfh7nV5jCjfdlmr7c51qpN0BTRSJGZo+APdGGc1m+cguMxScuteyBGXtdBmHeo8OGCMzd/Lb78vz/efaPdSPwgO6HrZENzw+8qXlzrP3uVqA4eVwpMEBQcTgflyuoK25izS9XSS8gsaVhoR/5d/UdOvkyNgfi1UHiwILpdEA2Xr7NqiOpIcxCZMkCjcQapn7TpEabBvcLkJbTvVHfJ4i2EFDWsgcDDW8bjI6bo87Xlx7V7a1Eky6vLSHNwNUvnrcrt8XtuMojrntMiV6Xj8vXICgoyjZHDn+Jh1vKk6CQuz2TB5SUCQdjr8uXOFU5BRRbxNB5ItgV+wTEqX5lWSqHSQ6oq1k6OVYKzct7FS+iy1sEYmwBgnBqEXeTJEykhqhaHBjFx+3C0ArtPoZHQ9rYVMckE/2DaOafbTwxjp7XItvmLcuo5aGjZ7yrX22uE15x/zH78ORxqM//C1tI1V927wEuDnjYFE21hv1jctuywNm8rrLSjrpplszuBjDaavE/gGo1B8KTAT2ta5H1K7R2vf/5/8a3QMqq6o4+3UrvOt+TuWjKh1dIJs8naNu6y1hYOdRurbUg+5bpnGdfjzGquUjZ4GQ3I5BqfIoa1HE81sAcyMJgMnaQTpQb0m+YmVIh0KjLSUMGv/V8l5NrQWYQ6GkK7LH5fn/lwlY5oaT8b76xSdYf374/Jt2fqETXxSymb8YJIbqG2hZqoo1wKvAwUHtea2mSbdTDbmygPP7zOuU0QHQdft+L7cTiptrQ4kSbpGHHQVWGK2R1sdrB35NbI22OQwmUyNxVSXqvAeKb30BM4LpbTz6uSPfUpbK632TcrD57cru7RkMPL0EE6jcTJglo9oxxu457ucZJYXf5uzDHBmtyVI9wi+eFgNNenBIK1yBVSvxuM6G0G2OUkukhkDRvZ8Iwnrxq0j19dDXOTJaAQj6Y6GBotu8sPuHbdNJzOOWa9zrgb3xtvyrDKJbN3jRbJ94qApneSd7j+km57a2+sSF84Entc46vrcBvP6bsv55feb7qFQfweDFZyooXOd9UKsvCS25mFwwnIR/W1pB9jFtifN2IZdZL2dviSbod1N6kxmSbgwo582F8CpnF1qBg/yXrI2BR19T1Jep5lkM/6ZBltw33Q7/brWUOJah8E0jBvsdl83yvQCtAbbLt9Qj/s6CiAznYxfixbkS6DBiNxtuZ8vqRdH+wXUL22wU9iWAdnaBSY+Uyf2xGYJZh/EJBztKtllQbaOpc5rMvqg6dFDQfV2OQ9WnqCxN7UbQhxomMRYlGydw3pmVPHW8Rdx+ayS/FSCY9Przw9GVPvAycam8+6amzf4ZWfB4JHXAHEwV/QhrG0X6OpmeWGdkDQIkbJAgAbrUU6D7StubyfdfdLWn/QkucDr9KN1COwgLt3sv3XFvXSpk87NbBH9UkwtMaykCZJMbJO0TS4W4Y+WgnjP7G2xRxHEzDmIJS1Tjox4Z8bOq7rL0SCNpmhw7C0ovq4rkCR5uWpTvQ5OGdTW+3VZ7k/Hl0dJv2pyUn9V5VnxiwyDAdrb52+Nc9KM+WYnm41VK7aubCTi7nLcJK61RnI2SNWkcWvnMFmdBrNgb585ZL4b02k6f7JzJT2w3KCRdl/Ox/MdTKmtkwaJVZbEBD/IH+8H855y03fsMTcDZvjJrzPrBg2P9gopjPuUm1B1H2LDXBg1rO0YB1NW8oV1FMfUOeQCtGbJuh7tR7wtszd1Hr2dxHmUENdgtsr9R1s6VQ+6NOwCeKmq9IN98D/bI8zXRoPUXQxW7X6eck/F5u+vWylxnFGSfh3vgRPfeGAjLkh5AO/WgXfcKK6i5CwY6TtvpJO5ocEmCZ8fL4+Wzk/tmIamooLbiFi+K+nd73lvm8QP4/BRlHF5MhLNSNmOWXvFk6xOg12x8h0jX6sOR9JgbuqnKuZyjSfBnzj7a1EMbjcYufm8LZtGZHWYex78uD5vj84c7c5XW9asTCRacRjMDtl2rqjTIVjdJj4c5nVrlf3HD1pSj0sdXxddJF/bw6zKVFkNw08IJPnU7hJnJjm2qIitAGK1Jf7OprXWVZI9DmK1+MHh3HxPneOk8eWkdbMQ3cFEop0MIlfPJpwHeTjLg8WO9S4psb95LVepRnSPHYaf99Nbe2jU3pvlvXEeZD9J3N+43X6jZ3Umq+PXOw/a1KXpygJmp9gmX6X8+YxxBBwKI5zXSr6K2MnZNa/hq7G/+M/lNx1sbsrXuAOeMG2pnfJrgxi+Nw7+RSnclgGTRioXzTqMg2R1GvSAvrfbbX3QcEzfS6W+PAw3GDv8Ts+t/PpJcPjN8xYWJXjtBuPl36n9hGtf3rAz5HkPjlIE7AYz4L7T/f/dHsHi5iK1s86a4nmDjOI3ucEw3Xf6bOXXiJf3OC8Wh+SAuMGzqu3U7JsKRYa6MgZOwoBucMP49+W86H2+iYNynqZwfPEiPfPriU+AmR2RuM7/WoehmxXwix8qq9PIPMV//vrLx+ljeTudl1/+/o9//ve//x/UiS1x"; \ No newline at end of file diff --git a/docs/html/modules.html b/docs/html/modules.html index a5fb1eb4..362d1854 100644 --- a/docs/html/modules.html +++ b/docs/html/modules.html @@ -1 +1 @@ -MonoCloud Authentication SDK
MonoCloud Authentication SDK
    Preparing search index...

      MonoCloud Authentication SDK

      Modules

      @monocloud/auth-core
      @monocloud/auth-node-core
      @monocloud/auth-nextjs

      Settings

      On This Page

      Modules
      +MonoCloud Authentication SDK
      MonoCloud Authentication SDK
        Preparing search index...

          MonoCloud Authentication SDK

          Modules

          @monocloud/auth-core
          @monocloud/auth-node-core
          @monocloud/auth-nextjs
          @monocloud/auth-js-core

          Settings

          On This Page

          Modules
          diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts index 17cca737..1fc00850 100644 --- a/packages/core/src/types.ts +++ b/packages/core/src/types.ts @@ -265,9 +265,15 @@ export interface CallbackParams { * Human-readable description providing additional information about the authorization error. */ errorDescription?: string; - /** Access token scopes (Implicit Flow) */ + + /** + * Access token scopes (Implicit Flow) + */ scope?: string; - /** Authorization code received from the callback */ + + /** + * Authorization code returned when using the Authorization Code Flow. + */ code?: string; /** diff --git a/packages/core/src/utils/internal.ts b/packages/core/src/utils/internal.ts index 2a44c915..989c4328 100644 --- a/packages/core/src/utils/internal.ts +++ b/packages/core/src/utils/internal.ts @@ -104,7 +104,7 @@ export const removeTrailingSlash = (val?: string): string => { * * @returns `true` if the value is present, `false` otherwise. */ -export const isPresent = (value?: string | number | boolean): boolean => { +export const isPresent = (value?: string | number | boolean): value is string | number | boolean => { if (typeof value === 'boolean' || typeof value === 'number') { return true; } diff --git a/packages/js-core/package.json b/packages/js-core/package.json index f6c9dc2f..d62e0a8c 100644 --- a/packages/js-core/package.json +++ b/packages/js-core/package.json @@ -64,6 +64,6 @@ }, "devDependencies": { "@monocloud/auth-test-utils": "workspace:*", - "eslint": "9.39.2" + "eslint": "10.0.0" } } diff --git a/packages/js-core/src/index.ts b/packages/js-core/src/index.ts index 4ee61ea5..258a61ab 100644 --- a/packages/js-core/src/index.ts +++ b/packages/js-core/src/index.ts @@ -43,7 +43,7 @@ export { MonoCloudOidcClient } from '@monocloud/auth-core'; export { MonoCloudJSCoreClient } from './monocloud-js-core-client'; export { MonoCloudJsError } from './monocloud-js-error'; -export { localStorage, memoryStorage, sessionStorage } from './storage'; +export { LocalStorage, MemoryStorage, SessionStorage } from './storage'; export type { MonoCloudJSCoreClientOptions, diff --git a/packages/js-core/src/monocloud-js-core-client.ts b/packages/js-core/src/monocloud-js-core-client.ts index 8c902d34..713d531d 100644 --- a/packages/js-core/src/monocloud-js-core-client.ts +++ b/packages/js-core/src/monocloud-js-core-client.ts @@ -6,6 +6,7 @@ import { parseCallbackParams, } from '@monocloud/auth-core/utils'; import type { + AccessToken, AuthorizationParams, IdTokenClaims, MonoCloudSession, @@ -38,7 +39,7 @@ import type { } from './types'; import { AUTH_CONSTANTS } from './constants'; import { Ref } from './ref'; -import { localStorage } from './storage'; +import { LocalStorage } from './storage'; import { MonoCloudOidcClient, MonoCloudOPError, @@ -48,13 +49,13 @@ import { MonoCloudJsError } from './monocloud-js-error'; import { withLock } from './lock'; /** - * `MonoCloudJSCoreClient` is the core SDK entry point for integrating MonoCloud authentication into browser-based applications (SPAs) or vanilla JavaScript environments. + * `MonoCloudJSCoreClient` is the core SDK entry point for integrating MonoCloud authentication into single-page applications (SPAs) and other browser-based JavaScript environments. * * It provides: - * - Redirection and popup-based sign-in and sign-out - * - Session and token management - * - Automatic PKCE and state validation - * - Silent and explicit token refreshing + * - Redirection and popup-based sign-in and sign-out. + * - Session and token management. + * - Automatic PKCE and state validation. + * - Silent and explicit token refreshing. * * ## Initialization * @@ -76,9 +77,7 @@ export class MonoCloudJSCoreClient { private storage: IStorage; /** - * This is intended for advanced scenarios requiring direct control over the authorization or token flow. - * - * @returns Returns the underlying **OIDC client** used for OpenID Connect operations. + * Underlying OpenID Connect client used for advanced authorization and token operations. */ oidcClient: MonoCloudOidcClient; @@ -86,10 +85,10 @@ export class MonoCloudJSCoreClient { /** * Default post-callback behavior: - * - If `returnUrl` is not set: remove query params from the current URL (no navigation). - * - If `returnUrl` is set: navigate to `returnUrl` (full page reload). + * - If `returnUrl` is not set, remove query parameters from the current URL (no navigation). + * - If `returnUrl` is set, navigate to `returnUrl` with a full page reload. * - * If you use a client-side router, provide a custom `postCallbackFn` to avoid full reload. + * If you use a client-side router, provide a custom `postCallbackFn` to avoid full reloads. */ private postCallbackFn: PostCallback = state => { if (!state.returnUrl) { @@ -99,7 +98,7 @@ export class MonoCloudJSCoreClient { } else { // eslint-disable-next-line no-console console.warn( - 'Warning: The default behavior for return url is to perform a full page reload, which will reset all data if you are using memoryStorage. To integrate with a client-side router, pass a custom postCallback() function during client initialization.' + 'Warning: The default behavior for return URL is to perform a full page reload, which resets all data when using MemoryStorage. To integrate with a client-side router, pass a custom postCallback() function during client initialization.' ); window.location.href = state.returnUrl; } @@ -177,7 +176,8 @@ export class MonoCloudJSCoreClient { } /** - * Persist the callback state in `sessionStorage` for redirect-based flows. + * Persists callback state in `sessionStorage` for redirect-based flows. + * * This state is consumed by `processCallback()` and then cleared. */ private set redirectCallbackState(state: CallbackState | undefined) { @@ -218,6 +218,7 @@ export class MonoCloudJSCoreClient { /** * Storage key used for persisting the current session. + * * Includes `clientId` and optional `sessionKey` suffix to avoid collisions. */ private get sessionKey(): string { @@ -269,27 +270,27 @@ export class MonoCloudJSCoreClient { * @example Custom Storage & Router * ```typescript:src/auth.ts tab="Custom Storage & Router" tab-group="constructor" * import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; - * import { InMemoryStorage } from './storage'; + * import { MemoryStorage } from './storage'; * import { router } from './router'; * * const client = new MonoCloudJSCoreClient( * options, - * new InMemoryStorage(), + * new MemoryStorage(), * (state) => { - * // Use router to navigate instead of full page reload - * router.push(state.returnUrl || '/dashboard'); + * // Use router to navigate instead of full page reload. + * router.push(state.returnUrl || '/dashboard'); * } * ); * ``` * * @param options Configuration options for the client. - * @param storage Custom storage implementation for session persistence. Defaults to `localStorage`. + * @param storage Custom storage implementation for session persistence. Defaults to `new LocalStorage()`. * @param postCallbackFn A callback function executed after a successful sign-in or sign-out. Useful for client-side routing integration. - * @param onSessionCreating A hook to modify or validate the session during creation. + * @param onSessionCreating A hook used to modify or validate the session during creation. */ constructor( options: MonoCloudJSCoreClientOptions, - storage: IStorage = localStorage(), + storage: IStorage = new LocalStorage(), postCallbackFn?: PostCallback, onSessionCreating?: OnSessionCreating ) { @@ -331,11 +332,11 @@ export class MonoCloudJSCoreClient { * import { client } from './auth'; * * async function init() { - * // Process any pending redirect callbacks before rendering - * await client.processCallback(); + * // Process any pending redirect callbacks before rendering. + * await client.processCallback(); * - * // Continue mounting the app - * renderApp(); + * // Continue mounting the app. + * renderApp(); * } * * init(); @@ -356,6 +357,7 @@ export class MonoCloudJSCoreClient { this.redirectCallbackState = undefined; if (callbackState) { + /* v8 ignore else -- @preserve */ if (isSignInPath && !callbackState.signOut) { await this.processSignInCallback(window.location.href, callbackState); } else if (isSignOutPath && callbackState.signOut) { @@ -386,25 +388,25 @@ export class MonoCloudJSCoreClient { * @example Redirect Flow * ```typescript:src/app.ts tab="Redirect Flow" tab-group="signIn" * document.getElementById('login-btn').addEventListener('click', async () => { - * // Standard top-level redirect to the authorization server - * await client.signIn(); + * // Standard top-level redirect to the authorization server. + * await client.signIn(); * }); * ``` * * @example Popup Flow * ```typescript:src/app.ts tab="Popup Flow" tab-group="signIn" * document.getElementById('login-popup-btn').addEventListener('click', async () => { - * // Opens a centered popup for authentication - * await client.signIn({ mode: 'popup' }); - * console.log("User finished popup flow!"); + * // Opens a centered popup for authentication. + * await client.signIn({ mode: 'popup' }); + * console.log('User finished popup flow!'); * }); * ``` * * @example Sign Up * ```typescript:src/app.ts tab="Sign Up" tab-group="signIn" * document.getElementById('register-btn').addEventListener('click', async () => { - * // Forces the identity provider to show the registration/sign-up screen - * await client.signIn({ signUp: true }); + * // Forces the identity provider to show the registration/sign-up screen. + * await client.signIn({ signUp: true }); * }); * ``` * @@ -440,13 +442,13 @@ export class MonoCloudJSCoreClient { parseSpaceSeparated(signInOptions?.scopes), parseSpaceSeparated(this.options.defaultAuthParams?.scopes), parseSpaceSeparated(indicatorScopes) - ) ?? AUTH_CONSTANTS.DEFAULT_SCOPES.split(' '); + )?.join(' ') ?? AUTH_CONSTANTS.DEFAULT_SCOPES; const mergedResources = mergeArrays( parseSpaceSeparated(signInOptions?.resource), parseSpaceSeparated(this.options.defaultAuthParams?.resource), parseSpaceSeparated(indicatorResource) - ); + )?.join(' '); const params: AuthorizationParams = { uiLocales: signInOptions?.uiLocales, @@ -454,13 +456,13 @@ export class MonoCloudJSCoreClient { loginHint: signInOptions?.loginHint, maxAge: signInOptions?.maxAge, responseType: this.responseType, - scopes: mergedScopes.join(' '), + scopes: mergedScopes, codeChallenge, codeChallengeMethod: 'S256', redirectUri: this.redirectUri, state, nonce, - resource: mergedResources?.join(' '), + resource: mergedResources, prompt: signInOptions?.prompt, display: signInOptions?.display, acrValues: signInOptions?.acrValues, @@ -472,6 +474,15 @@ export class MonoCloudJSCoreClient { const url = await this.oidcClient.authorizationUrl(params); + let resource = this.options.defaultAuthParams?.resource; + + if ( + params.responseType === 'token' || + params.responseType === 'id_token token' + ) { + resource = mergedResources; + } + const callbackState: CallbackState = { state, codeVerifier, @@ -481,7 +492,8 @@ export class MonoCloudJSCoreClient { returnUrl: signInOptions?.returnUrl, appState: signInOptions?.appState, scopes: params.scopes, - resource: this.options.defaultAuthParams?.resource, + responseType: this.responseType, + resource, }; if (mode === 'redirect') { @@ -511,15 +523,15 @@ export class MonoCloudJSCoreClient { * @example Standard Sign Out * ```typescript:src/app.ts tab="Redirect Flow" tab-group="signOut" * document.getElementById('logout-btn').addEventListener('click', async () => { - * await client.signOut(); + * await client.signOut(); * }); * ``` * * @example Popup Sign Out * ```typescript:src/app.ts tab="Popup Flow" tab-group="signOut" * document.getElementById('logout-popup-btn').addEventListener('click', async () => { - * // Opens a popup to perform the federated sign-out, keeping the user on the current page - * await client.signOut({ mode: 'popup' }); + * // Opens a popup to perform federated sign-out and keep the user on the current page. + * await client.signOut({ mode: 'popup' }); * }); * ``` * @@ -567,7 +579,7 @@ export class MonoCloudJSCoreClient { state, }); - const callbackState = { + const callbackState: CallbackState = { mode, state: new URL(url).searchParams.get('state') ?? undefined, signOut: true, @@ -598,7 +610,7 @@ export class MonoCloudJSCoreClient { * Refreshes the user's session. * * This method can be used to explicitly refresh tokens using various methods: - * - `silent`: Uses a hidden iframe (requires 3rd party cookies). + * - `silent`: Uses a hidden iframe (requires third-party cookies). * - `refresh_token`: Uses the Refresh Token Grant (requires `offline_access` scope). * - `popup`: Opens a transient popup to refresh the session interactively. * @@ -677,24 +689,26 @@ export class MonoCloudJSCoreClient { mergeArrays( parseSpaceSeparated(this.options.defaultAuthParams?.scopes), parseSpaceSeparated(indicatorScopes) - ) ?? AUTH_CONSTANTS.DEFAULT_SCOPES.split(' '); + )?.join(' ') ?? AUTH_CONSTANTS.DEFAULT_SCOPES; const mergedResources = mergeArrays( parseSpaceSeparated(this.options.defaultAuthParams?.resource), parseSpaceSeparated(indicatorResource) - ); + )?.join(' '); - const url = await this.oidcClient.authorizationUrl({ + const params: AuthorizationParams = { prompt: 'none', responseType: this.responseType, - scopes: mergedScopes.join(' '), + scopes: mergedScopes, codeChallenge, codeChallengeMethod: 'S256', redirectUri: this.redirectUri, - resource: mergedResources?.join(' '), + resource: mergedResources, state, nonce, - }); + }; + + const url = await this.oidcClient.authorizationUrl(params); /* v8 ignore if -- @preserve */ if (!ref) { @@ -703,14 +717,24 @@ export class MonoCloudJSCoreClient { const callbackUrl = await this.authWindow(url, ref); + let resource = this.options.defaultAuthParams?.resource; + + if ( + params.responseType === 'token' || + params.responseType === 'id_token token' + ) { + resource = mergedResources; + } + const callbackState: CallbackState = { state, codeVerifier, nonce, mode, appState: refreshOptions?.appState, - scopes: mergedScopes.join(' '), - resource: this.options.defaultAuthParams?.resource, + scopes: params.scopes, + resource, + responseType: this.responseType, }; return await this.processSignInCallback(callbackUrl, callbackState); @@ -722,7 +746,7 @@ export class MonoCloudJSCoreClient { } /** - * Refetches the user information from the userinfo endpoint and updates the local session. + * Refetches user information from the UserInfo endpoint and updates the local session. * * @example Usage * ```typescript:src/app.ts @@ -778,8 +802,8 @@ export class MonoCloudJSCoreClient { * @example Specific Resource * ```typescript:src/app.ts tab="Specific Resource" tab-group="getTokens" * const tokens = await client.getTokens({ - * resource: '[https://api.example.com](https://api.example.com)', - * scopes: 'read:data' + * resource: 'https://api.example.com', + * scopes: 'read:data' * }); * ``` * @@ -838,8 +862,8 @@ export class MonoCloudJSCoreClient { if (options?.forceRefresh || !token || tokenExpired) { const updatedSession = await this.oidcClient.refreshSession(session, { fetchUserInfo: options?.refetchUserInfo, - validateIdToken: true, - idTokenClockSkew: this.options.clockSkew, + validateIdToken: this.validateIdToken, + idTokenClockSkew: this.clockSkew, idTokenClockTolerance: this.clockTolerance, refreshGrantOptions: { resource, @@ -876,13 +900,13 @@ export class MonoCloudJSCoreClient { } /** - * Retrieves the current session object from local storage. + * Retrieves the current session object from configured storage. * * @example Usage * ```typescript:src/app.ts * const session = await client.getSession(); * if (session) { - * console.log('User is logged in:', session.user); + * console.log('User is logged in:', session.user); * } * ``` * @@ -898,7 +922,7 @@ export class MonoCloudJSCoreClient { } /** - * Persist or clear the session in storage. + * Persists or clears the session in storage. * * @param session When provided, the session is serialized to storage. When omitted, the session is removed. */ @@ -912,7 +936,7 @@ export class MonoCloudJSCoreClient { } /** - * Complete a sign-in flow using a callback URL and the saved callback state. + * Completes a sign-in flow using a callback URL and the saved callback state. * * Validates: * - Callback URL matches configured `redirectUri` @@ -920,7 +944,7 @@ export class MonoCloudJSCoreClient { * - Authorization response parameters (success or error) * - ID token (optional, depending on configuration and flow) * - * On success, creates/updates the session and invokes the configured post-callback handler. + * On success, creates or updates the session and invokes the configured post-callback handler. * * @param callbackUrl Full callback URL received from the OP. * @param callbackState State captured when initiating the flow. @@ -946,19 +970,16 @@ export class MonoCloudJSCoreClient { throw new MonoCloudValidationError('Scopes missing from callback state'); } + if (!isPresent(callbackState.responseType)) { + throw new MonoCloudValidationError( + 'Response type missing from callback state' + ); + } + const callbackParams = parseCallbackParams( this.responseType === 'code' ? url.search : url.hash ); - if ( - !callbackParams.accessToken && - !callbackParams.code && - !callbackParams.idToken && - !callbackParams.error - ) { - throw new MonoCloudValidationError('No parameters found in callback'); - } - if (callbackState.state && callbackParams.state !== callbackState.state) { throw new MonoCloudValidationError('Sign in callback states mismatch'); } @@ -970,17 +991,89 @@ export class MonoCloudJSCoreClient { ); } - // Implicit/Hybrid - if ( - !callbackParams.code && - (callbackParams.idToken || callbackParams.accessToken) - ) { + const { accessToken, idToken, code } = callbackParams; + + switch (callbackState.responseType) { + case 'code': + if (!isPresent(code)) + throw new MonoCloudValidationError("Response is missing 'code'"); + break; + + case 'token': + if (!isPresent(accessToken)) + throw new MonoCloudValidationError( + "Response is missing 'access_token'" + ); + break; + + case 'id_token': + if (!isPresent(idToken)) + throw new MonoCloudValidationError("Response is missing 'id_token'"); + break; + + case 'id_token token': + if (!isPresent(idToken) || !isPresent(accessToken)) { + throw new MonoCloudValidationError( + "Response is missing 'id_token' or 'access_token'" + ); + } + break; + + case 'code id_token': + if (!isPresent(code) || !isPresent(idToken)) { + throw new MonoCloudValidationError( + "Response is missing 'code' or 'id_token'" + ); + } + break; + + case 'code token': + if (!isPresent(code) || !isPresent(accessToken)) { + throw new MonoCloudValidationError( + "Response is missing 'code' or 'access_token'" + ); + } + break; + + case 'code id_token token': + if ( + !isPresent(code) || + !isPresent(idToken) || + !isPresent(accessToken) + ) { + throw new MonoCloudValidationError( + "Response is missing 'code', 'id_token', or 'access_token'" + ); + } + break; + + default: + throw new MonoCloudValidationError( + `Unsupported response_type: ${callbackState.responseType}` + ); + } + + const isImplicit = + callbackState.responseType === 'token' || + callbackState.responseType === 'id_token token' || + callbackState.responseType === 'id_token'; + + const isCodeOrHybrid = + callbackState.responseType === 'code' || + callbackState.responseType === 'code id_token' || + callbackState.responseType === 'code token' || + callbackState.responseType === 'code id_token token'; + + if (isImplicit) { let idTokenClaims = {} as IdTokenClaims; - if (callbackParams.idToken) { + if ( + callbackState.responseType === 'id_token' || + callbackState.responseType === 'id_token token' + ) { if (this.validateIdToken) { const jwks = await this.oidcClient.getJwks(); idTokenClaims = await this.oidcClient.validateIdToken( - callbackParams.idToken, + idToken!, jwks.keys, this.clockSkew, this.clockTolerance, @@ -988,18 +1081,42 @@ export class MonoCloudJSCoreClient { callbackState.nonce ); } else { - idTokenClaims = MonoCloudOidcClient.decodeJwt(callbackParams.idToken); + idTokenClaims = MonoCloudOidcClient.decodeJwt(idToken!); } } let userinfo = {} as unknown as UserinfoResponse; + const accessTokens: AccessToken[] = []; + if ( - callbackParams.accessToken && - this.fetchUserinfo && - callbackParams.scope?.includes('openid') + callbackState.responseType === 'token' || + callbackState.responseType === 'id_token token' ) { - userinfo = await this.oidcClient.userinfo(callbackParams.accessToken); + if (!isPresent(callbackParams.expiresIn)) { + throw new MonoCloudValidationError( + "The 'expires_in' parameter is missing from the callback" + ); + } + + const scopes = callbackParams.scope ?? callbackState.scopes; + + if (this.fetchUserinfo) { + if (!scopes.includes('openid')) { + throw new MonoCloudValidationError( + 'Fetching userinfo requires the openid scope' + ); + } + userinfo = await this.oidcClient.userinfo(accessToken!); + } + + accessTokens.push({ + accessToken: accessToken!, + scopes, + requestedScopes: callbackState.scopes, + resource: callbackState.resource, + accessTokenExpiration: now() + callbackParams.expiresIn, + }); } const session: MonoCloudSession = { @@ -1008,20 +1125,17 @@ export class MonoCloudJSCoreClient { ...userinfo, }, idToken: callbackParams.idToken, - accessTokenExpiration: callbackParams.expiresIn - ? now() + callbackParams.expiresIn - : undefined, + accessTokens, + refreshToken: callbackParams.refreshToken, + authorizedScopes: callbackState.scopes, }; - if (callbackParams.accessToken) { - session.accessTokens = [ - { - accessToken: callbackParams.accessToken, - scopes: callbackParams.scope ?? '', - accessTokenExpiration: 1, - }, - ]; - } + await this.onSessionCreating?.( + session, + idTokenClaims, + userinfo, + callbackState.appState + ); await this.setSession(session); @@ -1033,13 +1147,13 @@ export class MonoCloudJSCoreClient { return; } - // Authorization Code - if (callbackParams.code) { + // Authorization Code/Hybrid + /* v8 ignore else -- @preserve */ + if (isCodeOrHybrid) { const session = await this.oidcClient.authenticate( - callbackParams.code, + code!, this.redirectUri, - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - callbackState.scopes!, + callbackState.scopes, this.options.defaultAuthParams?.resource, { fetchUserInfo: this.fetchUserinfo, @@ -1072,7 +1186,7 @@ export class MonoCloudJSCoreClient { } /** - * Complete a sign-out callback. + * Completes a sign-out callback. * * Clears the local session and validates that the callback `state` matches the * stored callback state for the initiated sign-out flow. @@ -1111,12 +1225,12 @@ export class MonoCloudJSCoreClient { } /** - * Run an auth request inside a popup window or hidden iframe and wait for the callback URL. + * Runs an auth request inside a popup window or hidden iframe and waits for the callback URL. * * This method: - * - navigates the popup/iframe to the provided authorization URL - * - waits for a `postMessage` from the popup/iframe containing the callback URL - * - rejects on timeout or if the user closes the popup + * - Navigates the popup/iframe to the provided authorization URL. + * - Waits for a `postMessage` from the popup/iframe containing the callback URL. + * - Rejects on timeout or if the user closes the popup. * * It does not parse or validate the callback parameters; the caller does that. * @@ -1160,6 +1274,7 @@ export class MonoCloudJSCoreClient { return; } + /* v8 ignore else -- @preserve */ if (e.data.url) { abort(); resolve(e.data.url); @@ -1186,11 +1301,11 @@ export class MonoCloudJSCoreClient { } /** - * Create a window reference appropriate for the interaction mode. + * Creates a window reference appropriate for the interaction mode. * - * - `popup` -> opens a popup window - * - `silent` -> creates a hidden iframe - * - other modes do not require a window reference + * - `popup`: Opens a popup window. + * - `silent`: Creates a hidden iframe. + * - Other modes do not require a window reference. */ private createRef( mode: 'popup' | 'silent' | 'redirect' | 'refresh_token' @@ -1208,7 +1323,7 @@ export class MonoCloudJSCoreClient { } /** - * Open a centered popup window for interactive authentication. + * Opens a centered popup window for interactive authentication. * * @returns A `Ref` bound to the popup window. * @throws {@link MonoCloudJsError} If the browser blocks the popup. @@ -1249,7 +1364,7 @@ export class MonoCloudJSCoreClient { } /** - * Create a hidden iframe for silent authentication (`prompt=none`). + * Creates a hidden iframe for silent authentication (`prompt=none`). * * @returns A `Ref` bound to the iframe element. * @throws {@link MonoCloudJsError} If the environment is cross-origin isolated. diff --git a/packages/js-core/src/storage.ts b/packages/js-core/src/storage.ts index 45db4c97..b260de00 100644 --- a/packages/js-core/src/storage.ts +++ b/packages/js-core/src/storage.ts @@ -1,6 +1,13 @@ import { IStorage } from './types'; -class MemoryStorage implements IStorage { +/** + * In-memory implementation of {@link IStorage}. + * + * Useful for testing or for sessions that should not persist across page reloads. + * + * @category Classes + */ +export class MemoryStorage implements IStorage { private store: Record = {}; getItem(key: string): Promise { @@ -19,7 +26,14 @@ class MemoryStorage implements IStorage { } } -class LocalStorage implements IStorage { +/** + * `window.localStorage`-backed implementation of {@link IStorage}. + * + * This is the default storage used by `MonoCloudJSCoreClient`. + * + * @category Classes + */ +export class LocalStorage implements IStorage { getItem(key: string): Promise { return Promise.resolve(window.localStorage.getItem(key)); } @@ -35,7 +49,14 @@ class LocalStorage implements IStorage { } } -class SessionStorage implements IStorage { +/** + * `window.sessionStorage`-backed implementation of {@link IStorage}. + * + * Data persists for the lifetime of the current browser tab. + * + * @category Classes + */ +export class SessionStorage implements IStorage { getItem(key: string): Promise { return Promise.resolve(window.sessionStorage.getItem(key)); } @@ -50,31 +71,3 @@ class SessionStorage implements IStorage { return Promise.resolve(); } } - -/** - * In memory storage for `MonoCloudJsClient` - * - * @example - * - * const monoCloudClient = new MonoCloudJsClient(options, memoryStorage()); - */ -export const memoryStorage = (): IStorage => new MemoryStorage(); - -/** - * LocalStorage for `MonoCloudJsClient`. This is the default storage. - * Same as `window.localStorage`. - * - * @example - * - * const monoCloudClient = new MonoCloudJsClient(options, localStorage()); - */ -export const localStorage = (): IStorage => new LocalStorage(); - -/** - * SessionStorage for `MonoCloudJsClient`. Same as `window.sessionStorage`. - * - * @example - * - * const monoCloudClient = new MonoCloudJsClient(options, sessionStorage()); - */ -export const sessionStorage = (): IStorage => new SessionStorage(); diff --git a/packages/js-core/src/types.ts b/packages/js-core/src/types.ts index f1db5ed3..07f5ebf9 100644 --- a/packages/js-core/src/types.ts +++ b/packages/js-core/src/types.ts @@ -16,7 +16,7 @@ import type { } from '@monocloud/auth-core'; /** - * Storage interface for storing session data. + * Defines a storage adapter used to persist session data. * * @category Types */ @@ -24,58 +24,59 @@ export interface IStorage { /** * Retrieves the value associated with the given key. * - * @param key - The unique identifier for the stored item - * @returns The stored value as a string, or `null` if the key does not exist + * @param key The unique identifier for the stored item. + * @returns The stored value as a string, or `null` if the key does not exist. */ getItem(key: string): Promise; /** * Removes the item associated with the specified key from storage. * - * @param key - The unique identifier of the item to be removed + * @param key The unique identifier of the item to remove. */ removeItem(key: string): Promise; /** * Stores a key-value pair in the storage. * - * @param key - The unique identifier for the item - * @param value - The string value to be stored + * @param key The unique identifier for the item. + * @param value The string value to store. */ setItem(key: string, value: string): Promise; } /** - * Represents an indicator for additional resources that can be requested. + * Represents an additional resource indicator that can be requested when acquiring tokens. * * @category Types */ export interface Indicator { /** - * Space separated list of resources to scope the access token to + * Space-separated list of resources to scope the access token to. */ resource: string; + /** - * Optional: Space separated list of scopes to request + * Optional space-separated list of scopes to request. */ scopes?: string; } /** - * Configuration options for initializing a MonoCloudJSCoreClient. + * Configuration options for initializing `MonoCloudJSCoreClient`. * * @category Types */ export interface MonoCloudJSCoreClientOptions { /** - * Tenant domain. + * MonoCloud tenant domain. * * @example "https://your-domain.as.monocloud.com" */ tenantDomain: string; /** - * ID of the client. + * Client identifier of the application registered in MonoCloud. */ clientId: string; @@ -87,11 +88,12 @@ export interface MonoCloudJSCoreClientOptions { appUrl: string; /** - * The relative path where MonoCloud redirects the user after sign in. - * This url should be registered in the client's callback urls settings. If callback path is not set - * the callback url is set to `appUrl` with path `/`. + * Relative callback path where MonoCloud redirects the user after sign-in. + * + * This URL must be registered in the application's callback URL settings. + * If omitted, the callback URL defaults to `appUrl` with path `/`. * - * @example "/callback" + * @example /callback */ callbackPath?: string; @@ -103,28 +105,26 @@ export interface MonoCloudJSCoreClientOptions { validateIdToken?: boolean; /** - * Determines whether to fetch from userinfo after authentication. + * Determines whether to fetch UserInfo after authentication. * * @defaultValue true */ fetchUserinfo?: boolean; /** - * When set to `true`, signs user out from the app and MonoCloud globally. + * When `true`, signs the user out from both the app and MonoCloud. * * @defaultValue true */ federatedSignOut?: boolean; - /** - * Array of strings representing the filtered ID token claims. - */ + /** List of ID token claims to exclude when constructing the final user object. */ filteredIdTokenClaims?: string[]; /** * Timeout duration (in seconds) for popups and iframes. * - * @defaultValue 600 + * @defaultValue 600 (seconds) */ authWindowTimeout?: number; @@ -151,28 +151,28 @@ export interface MonoCloudJSCoreClientOptions { /** * The maximum allowed clock skew (in seconds) for token validation. * - * @defaultValue 60 + * @defaultValue 60 (seconds) */ clockSkew?: number; /** - * The maximum allowed clock tolerance (in seconds) for date time based claims. + * The maximum allowed clock tolerance for date-time-based claims. * - * @defaultValue 60 + * @defaultValue 60 (seconds) */ clockTolerance?: number; /** - * Specifies the OpenId response type for the authentication flow. + * Specifies the OpenID Connect response type for the authentication flow. * - * @defaultValue "code" + * @defaultValue 'code' */ responseType?: ResponseTypes; /** - * Path where MonoCloud redirects after the user signs out. + * Relative path where MonoCloud redirects the user after sign-out. * - * @example "/signout" + * @example /signout */ signOutCallbackPath?: string | null; @@ -189,64 +189,59 @@ export interface MonoCloudJSCoreClientOptions { /** * Algorithm used for verifying ID token signature. * - * @defaultValue "RS256" + * @defaultValue 'RS256' */ idTokenSigningAlgorithm?: SecurityAlgorithms; /** * A unique identifier that differentiates sessions when multiple clients are used within the same application. - * This key is concatenated with internal session key to prevent conflicts. + * + * This key is appended to the internal session key to prevent conflicts. */ sessionKey?: string; /** * Default authorization parameters to include in authentication requests. - * - * @defaultValue { scope: 'openid', response_type: 'code' } */ defaultAuthParams?: AuthorizationParams; /** - * Additional resources that can be requested via `getTokens()`. + * Additional resources that can be requested in `getTokens()`. */ resources?: Indicator[]; /** * The duration in seconds to cache the JWKS document after it is fetched. * - * @defaultValue 60 + * @defaultValue 300 (seconds) */ jwksCacheDuration?: number; /** * Time in seconds to cache the metadata document after it is fetched. * - * @defaultValue 60 + * @defaultValue 300 (seconds) */ metadataCacheDuration?: number; } /** - * The custom application state used for preserving context during redirection. + * Custom application state passed through authentication flows. * * @category Types */ export type ApplicationState = Record; /** - * Defines a callback function to be executed when a new session is being created or updated. - * - * This function receives parameters related to the session being created, - * including the session object itself, optional ID token and user information claims, - * and the application state. + * Callback invoked when a session is being created or updated. * * @category Types (Handler) * - * @param session - The Session object being created. - * @param idToken - Optional. Claims from the ID token received during authentication. - * @param userInfo - Optional. Claims from the user information received during authentication. - * @param state - Optional. The application state associated with the session. - * @returns A Promise that resolves when the operation is completed, or void. + * @param session The session object being created. + * @param idToken Optional claims from the ID token received during authentication. + * @param userInfo Optional claims from the UserInfo response. + * @param state Optional application state associated with the session. + * @returns Returns `void` or a `Promise`. */ export type OnSessionCreating = ( session: MonoCloudSession, @@ -256,14 +251,14 @@ export type OnSessionCreating = ( ) => Promise | void; /** - * Defines the interaction modes supported by the client for sign in and sign out. + * Interaction modes supported for sign-in and sign-out flows. * - * @category Types + * @category Types (Enums) */ export type InteractionMode = 'popup' | 'redirect'; /** - * Parameters for the post callback function after handling a redirect or popup flow. + * Metadata passed to `PostCallback` after callback processing. * * @category Types */ @@ -276,27 +271,29 @@ export type PostCallbackParams = | { type: 'signOut'; mode: InteractionMode; returnUrl?: string }; /** - * A function that is executed after a sign in or sign out callback. - * - * Use this function to navigate to another route or execute business logic instead of triggering a full page reload. + * Callback executed after sign-in or sign-out callback processing. * * @category Types (Handler) + * + * @param state Metadata describing the completed flow. + * @returns Returns `void` or a `Promise`. */ export type PostCallback = (state: PostCallbackParams) => Promise | void; /** - * Options for configuring the `signIn()` method. + * Options for `signIn()`. * * @category Types */ export interface SignInOptions { /** - * Specifies the preferred authenticator for sign in. + * Specifies the preferred authenticator for sign-in. */ authenticatorHint?: Authenticators; /** * Maximum allowed time (in seconds) since the user's last authentication. + * * Used to force re-authentication if the last login exceeds this time. */ maxAge?: number; @@ -309,94 +306,85 @@ export interface SignInOptions { loginHint?: string; /** - * Specifies preferred locales for the login pages. + * Specifies preferred locales for the sign-in page. * * @example "en-US" */ uiLocales?: string; /** - * Redirects to the sign up page if set to `true`. + * When `true`, starts the sign-up flow. */ signUp?: boolean; /** - * The desired authentication behaviour. + * The desired authentication behavior. */ prompt?: Prompt; - /** - * An array of authentication context class references (ACRs). - */ + /** An array of authentication context class references (ACRs). */ acrValues?: string[]; - /** - * The desired user interface mode. - */ + /** The desired user interface mode. */ display?: DisplayOptions; /** - * Determines the interaction mode for the sign in. + * Determines the interaction mode for sign-in. * - * @defaultValue "redirect" + * @defaultValue 'redirect' */ mode?: InteractionMode; /** - * The relative path to return to after sign in. + * Relative path to return to after sign-in. */ returnUrl?: string; - /** - * Space-separated scopes requested from the authorization server. - */ + /** Space-separated scopes requested from the authorization server. */ scopes?: string; - /** - * Space-separated resources the access token should be scoped to. - */ + /** Space-separated resources the access token should be scoped to. */ resource?: string; - /** - * Additional custom application specific state information. - */ + /** Additional custom application-specific state information. */ appState?: ApplicationState; } /** - * Options for configuring the `signOut()` method. + * Options for `signOut()`. * * @category Types */ export interface SignOutOptions { /** - * Specifies the URI to redirect to after successful sign out. The URI should be saved in the client's - * sign out uri section. + * URI to redirect to after successful sign-out. + * + * This URI must be configured in the application's allowed sign-out callback URLs. */ postLogoutRedirectUri?: string; /** * Determines the interaction mode for the sign-out process. * - * @defaultValue "redirect" + * @defaultValue 'redirect' */ mode?: InteractionMode; /** - * The relative path to return to after sign out. + * Relative path to return to after sign-out. */ returnUrl?: string; } /** - * Defines the modes of interaction for refreshing session. + * Interaction modes supported by `refreshSession()`. * - * @category Types + * @category Types (Enums) */ export type RefreshMode = 'popup' | 'refresh_token' | 'silent'; /** - * Options for configuring the `refreshSession()` method. + * Options for `refreshSession()`. * * @category Types */ @@ -404,25 +392,21 @@ export interface RefreshOptions { /** * Determines the interaction mode for the session refresh process. * - * > **WARNING**: Using `popup` or `silent` will overwrite the current session since it initiates a fresh authorization request. + * Using `popup` or `silent` starts a new authorization request and replaces the current session. * - * @defaultValue "silent" + * @defaultValue 'silent' */ mode?: RefreshMode; - /** - * Configuration specifically for the Refresh Token Grant flow. - */ + /** Configuration specific to the Refresh Token Grant flow. */ refreshGrantOptions?: RefreshGrantOptions; - /** - * Additional custom application specific state information. - */ + /** Additional custom application-specific state information. */ appState?: ApplicationState; } /** - * Internal interface used for storing the authentication request state. + * Internal state persisted between authorization start and callback processing. * * @category Types */ @@ -431,10 +415,11 @@ export interface CallbackState extends Partial { mode: 'popup' | 'redirect' | 'silent'; returnUrl?: string; appState?: ApplicationState; + responseType?: ResponseTypes; } /** - * Result structure emitted by the popup or iframe after successfully authenticating. + * Message payload posted by popup or iframe callback windows. * * @category Types */ @@ -444,24 +429,24 @@ export interface PostMessageResult { } /** - * Represents options for the `getTokens()` handler. + * Options for `getTokens()`. * * @category Types */ export interface GetTokensOptions extends RefreshGrantOptions { /** - * Specifies whether to force the refresh of the access token, bypassing expiration checks. + * Specifies whether to force the refresh of the access token. */ forceRefresh?: boolean; /** - * Determines whether to refetch the user information from the OpenID Provider. + * Determines whether to refetch the user information. */ refetchUserInfo?: boolean; } /** - * Represents the tokens obtained during authentication that are available in the session. + * Tokens available in the current session. * * @category Types */ diff --git a/packages/js-core/tests/get-tokens.test.ts b/packages/js-core/tests/get-tokens.test.ts index d94badf3..2e786529 100644 --- a/packages/js-core/tests/get-tokens.test.ts +++ b/packages/js-core/tests/get-tokens.test.ts @@ -1,7 +1,5 @@ -// eslint-disable-next-line import/no-extraneous-dependencies /* eslint-disable import/no-extraneous-dependencies */ /* eslint-disable no-param-reassign */ -/* eslint-disable @typescript-eslint/no-non-null-assertion */ import { afterEach, beforeEach, describe, expect, it } from 'vitest'; import { fetchBuilder, generateIdToken } from '@monocloud/auth-test-utils'; @@ -13,7 +11,7 @@ import { type MonoCloudUser, } from '@monocloud/auth-core'; import { setSession, testInstance, VanillaJsMockStorage } from './utils'; -import { freeze, travel } from 'timekeeper'; +import { freeze, travel, reset } from 'timekeeper'; describe('getTokens() Tests', () => { let mockStorage: VanillaJsMockStorage; @@ -29,6 +27,7 @@ describe('getTokens() Tests', () => { }); afterEach(() => { + reset(); window.localStorage.clear(); window.sessionStorage.clear(); }); @@ -258,7 +257,7 @@ describe('getTokens() Tests', () => { fetchSpy.assert(); }); - it('should not save the new access token in the cookie if RefreshGrantOptions.scopes or RefreshGrantOptions.resource was passed in', async () => { + it('should refresh using authorizedScopes when forceRefresh is true and no resource/scopes are provided', async () => { const frozenTimeMs = 1330688329321; freeze(frozenTimeMs); @@ -578,7 +577,7 @@ describe('getTokens() Tests', () => { const instance = testInstance({ storage: mockStorage, - onSessionCreating: async (session, idtoken, userinfo, appState) => { + onSessionCreating: (session, idtoken, userinfo, appState) => { expect(appState).toBeUndefined(); expect(userinfo).toBeUndefined(); expect(idtoken).toBeDefined(); diff --git a/packages/js-core/tests/refresh-session.test.ts b/packages/js-core/tests/refresh-session.test.ts index e3c7be5e..975aee7f 100644 --- a/packages/js-core/tests/refresh-session.test.ts +++ b/packages/js-core/tests/refresh-session.test.ts @@ -357,6 +357,105 @@ describe('instance.refreshSession() Tests', () => { } ); + it('Popup Mode - should refresh session through popup and resolve when a session message is received - implicit', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const mockPopup = { + close: vi.fn(), + closed: false, + location: { href: '' }, + } as unknown as Window; + + vi.spyOn(window, 'open').mockReturnValue(mockPopup); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'api', + requestedScopes: 'api', + }, + ], + authorizedScopes: 'api', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'token', + fetchUserinfo: false, + defaultAuthParams: { scopes: 'api' }, + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + authorizedScopes: 'api', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + scopes: 'api', + requestedScopes: 'api', + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession({ mode: 'popup' }); + + await vi.waitFor(() => { + expect(mockPopup.location.href).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(mockPopup.location.href); + const generatedState = authorizeUrl.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback#state=${encodeURIComponent( + generatedState ?? '' + )}&access_token=newAt&expires_in=600&scope=api`, + }, + source: mockPopup, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(mockPopup.close).toHaveBeenCalled(); + + const session = await instance.getSession(); + expect(session).toEqual( + expect.objectContaining({ + accessTokens: [ + { + accessToken: 'newAt', + scopes: 'api', + accessTokenExpiration: expect.any(Number), + requestedScopes: 'api', + }, + ], + authorizedScopes: 'api', + user: {}, + }) + ); + + mockStorage.expectCallbackStateRemoved(); + }); + + fetchSpy.assert(); + }); + it('Popup Mode - should reject when redirect has error', async () => { const fetchSpy = fetchBuilder().configureMetadata().createSpy(); @@ -712,6 +811,114 @@ describe('instance.refreshSession() Tests', () => { }); }); + it('Silent Mode - should refresh session through popup and resolve when a session message is received - implicit', async () => { + const fetchSpy = fetchBuilder().configureMetadata().createSpy(); + + mockWindow.assert(); + + const iframe = window.document.createElement('iframe'); + + vi.spyOn(window.document, 'createElement').mockReturnValue(iframe); + + vi.spyOn(iframe, 'contentWindow', 'get').mockReturnValue( + window as unknown as Window + ); + + const appendChildSpy = vi.spyOn(window.document.body, 'appendChild'); + + let iframeSrc = ''; + + vi.spyOn(iframe, 'setAttribute').mockImplementation( + (name: string, value: string) => { + if (name === 'src') iframeSrc = value; + } + ); + + const existingSession: MonoCloudSession = { + user: { sub: 'sub' }, + accessTokens: [ + { + accessToken: 'at', + accessTokenExpiration: now() + 1000, + scopes: 'api', + requestedScopes: 'api', + }, + ], + authorizedScopes: 'api', + }; + + setSession(mockStorage, existingSession); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'token', + fetchUserinfo: false, + defaultAuthParams: { scopes: 'api' }, + }); + + expect(await instance.getSession()).toEqual( + expect.objectContaining({ + user: { sub: 'sub' }, + authorizedScopes: 'api', + accessTokens: [ + expect.objectContaining({ + accessToken: 'at', + accessTokenExpiration: expect.any(Number), + scopes: 'api', + requestedScopes: 'api', + }), + ], + }) + ); + + const refreshPromise = instance.refreshSession(); + + await vi.waitFor(() => { + expect(appendChildSpy).toHaveBeenCalledWith(iframe); + expect(iframeSrc).toMatch(urlRegex); + }); + + const authorizeUrl = new URL(iframeSrc); + const generatedState = authorizeUrl.searchParams.get('state'); + + window.dispatchEvent( + new MessageEvent('message', { + data: { + source: 'monocloud-auth-js-core', + url: `http://localhost:3000/callback#access_token=newAt&scope=api&expires_in=600&state=${encodeURIComponent( + generatedState ?? '' + )}`, + }, + source: window, + origin: 'http://localhost:3000', + }) + ); + + await expect(refreshPromise).resolves.toBeUndefined(); + + await vi.waitFor(async () => { + expect(document.body.contains(iframe)).toBe(false); + + const saved = await instance.getSession(); + expect(saved).toEqual( + expect.objectContaining({ + authorizedScopes: 'api', + accessTokens: [ + { + accessToken: 'newAt', + accessTokenExpiration: expect.any(Number), + scopes: 'api', + requestedScopes: 'api', + }, + ], + user: {}, + }) + ); + + fetchSpy.assert(); + }); + }); + it('Silent Mode - should reject when an error callback url is received', async () => { const fetchSpy = fetchBuilder().configureMetadata().createSpy(); diff --git a/packages/js-core/tests/session.test.ts b/packages/js-core/tests/session.test.ts index e50a7920..c0ef4c7d 100644 --- a/packages/js-core/tests/session.test.ts +++ b/packages/js-core/tests/session.test.ts @@ -3,7 +3,7 @@ import { describe, it, expect, afterEach } from 'vitest'; import type { MonoCloudSession } from '@monocloud/auth-core'; import { now } from '@monocloud/auth-core/internal'; import { setSession, testInstance } from './utils'; -import { localStorage } from '../src'; +import { LocalStorage } from '../src'; describe('Session Tests', () => { afterEach(() => { @@ -26,7 +26,7 @@ describe('Session Tests', () => { user: { sub: 'sub' }, }; - await setSession(localStorage(), validSession); + await setSession(new LocalStorage(), validSession); const instance = testInstance(); @@ -52,7 +52,7 @@ describe('Session Tests', () => { // @ts-expect-error set custom key window.sessionKey = 'custom'; - await setSession(localStorage(), validSession); + await setSession(new LocalStorage(), validSession); const instance = testInstance({ sessionKey: 'custom' }); diff --git a/packages/js-core/tests/sign-in.test.ts b/packages/js-core/tests/sign-in.test.ts index 6076891c..8f6c1445 100644 --- a/packages/js-core/tests/sign-in.test.ts +++ b/packages/js-core/tests/sign-in.test.ts @@ -21,7 +21,7 @@ describe('signIn() Tests', () => { let mockStorage: VanillaJsMockStorage; const urlRegex = - /^https:\/\/example\.com\/connect\/authorize\?client_id=clientId&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=[a-zA-Z0-9+_% -]+&response_type=[a-zA-Z0-9_]+&nonce=[a-zA-Z0-9_-]+&code_challenge=[a-zA-Z0-9_-]+&code_challenge_method=S256&state=[a-zA-Z0-9_-]+$/; + /^https:\/\/example\.com\/connect\/authorize\?client_id=clientId&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=[a-zA-Z0-9+_% -]+&response_type=[a-zA-Z0-9_ ]+&nonce=[a-zA-Z0-9_-]+&code_challenge=[a-zA-Z0-9_-]+&code_challenge_method=S256&state=[a-zA-Z0-9_-]+$/; beforeEach(() => { mockStorage = new VanillaJsMockStorage(); @@ -196,6 +196,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid offline_access', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -248,6 +249,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid offline_access', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -309,6 +311,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid offline_access', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -352,6 +355,7 @@ describe('signIn() Tests', () => { mode: 'redirect', scopes: 'openid offline_access', returnUrl: '/test', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -387,6 +391,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid offline_access', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -433,6 +438,7 @@ describe('signIn() Tests', () => { codeVerifier: 'codeVerifier', nonce: 'nonce', scopes: 'openid offline_access', + responseType: 'code id_token token', }; mockStorage.setCallbackState(state); @@ -461,6 +467,54 @@ describe('signIn() Tests', () => { fetchSpy.assert(); }); + it("Redirect Mode - should process a redirect callback (Hybrid - 'code token' response type)", async () => { + const idToken = await generateIdToken({ nonce: 'nonce' }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .configureTokenEndpoint({ + idToken, + body: 'grant_type=authorization_code&code=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&code_verifier=codeVerifier', + }) + .configureUserinfo() + .createSpy(); + + mockWindow + .setHash('#state=state&code=code&access_token=at&expires_in=600') + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + state: 'state', + mode: 'redirect', + codeVerifier: 'codeVerifier', + nonce: 'nonce', + scopes: 'openid offline_access', + responseType: 'code token', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + responseType: 'code token', + }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + const session = await instance.getSession(); + + expect(session).toBeDefined(); + expect(session?.user.sub).toBe('sub'); + + expect(session?.accessTokens).toBeDefined(); + expect(session?.accessTokens?.[0].accessToken).toBeDefined(); + + fetchSpy.assert(); + }); + it("Redirect Mode - should process a redirect callback (Implicit - 'token' response type)", async () => { const fetchSpy = fetchBuilder() .configureMetadata() @@ -476,6 +530,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid offline_access', + responseType: 'token', }; mockStorage.setCallbackState(state); @@ -525,6 +580,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'id_token', }; mockStorage.setCallbackState(state); @@ -543,7 +599,7 @@ describe('signIn() Tests', () => { expect(session?.idToken).toBe(idToken); expect(session?.refreshToken).toBeUndefined(); - expect(session?.authorizedScopes).toBeUndefined(); + expect(session?.authorizedScopes).toBe('openid'); expect(session?.accessTokens?.[0]?.accessToken).toBeUndefined(); expect(session?.accessTokens?.[0]?.accessTokenExpiration).toBeUndefined(); @@ -575,6 +631,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'id_token token', }; mockStorage.setCallbackState(state); @@ -603,6 +660,51 @@ describe('signIn() Tests', () => { fetchSpy.assert(); }); + it('Redirect Mode - should set the scope in access token as requested scope if scope is not present', async () => { + const idToken = await generateIdToken({ + nonce: 'nonce', + claims: { sub: 'some' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow + .setSearch( + `?state=state&id_token=${idToken}&access_token=at&expires_in=600` + ) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid other', + responseType: 'id_token token', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ + storage: mockStorage, + fetchUserinfo: false, + }); + + await instance.processCallback(); + + mockStorage.expectCallbackStateRemoved(); + + const session = await instance.getSession(); + + expect(session?.accessTokens).toHaveLength(1); + expect(session?.accessTokens?.[0].scopes).toBe('openid other'); + expect(session?.accessTokens?.[0].requestedScopes).toBe('openid other'); + fetchSpy.assert(); + }); + it('Redirect Mode - should throw an error if states mismatch', async () => { mockWindow .setSearch('?state=states&code=code') @@ -615,6 +717,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -643,6 +746,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -678,6 +782,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'id_token', }; mockStorage.setCallbackState(state); @@ -692,6 +797,96 @@ describe('signIn() Tests', () => { fetchSpy.assert(); }); + it('Redirect Mode - should throw an error if fetchUserinfo is true and scope does not have openid', async () => { + const idToken = await generateIdToken({ + nonce: 'nonce', + claims: { sub: 'some' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow + .setSearch( + `?state=state&id_token=${idToken}&access_token=at&scope=token&expires_in=600` + ) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'token', + responseType: 'id_token token', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const processCallbackPromise = instance.processCallback(); + + await expect(processCallbackPromise).rejects.toBeInstanceOf( + MonoCloudValidationError + ); + + await expect(processCallbackPromise).rejects.toThrow( + 'Fetching userinfo requires the openid scope' + ); + + mockStorage.expectCallbackStateRemoved(); + + fetchSpy.assert(); + }); + + it('Redirect Mode - should throw an error if expires_in is not present in implicit flow', async () => { + const idToken = await generateIdToken({ + nonce: 'nonce', + claims: { sub: 'some' }, + }); + + const fetchSpy = fetchBuilder() + .configureMetadata() + .configureJwks() + .createSpy(); + + mockWindow + .setSearch( + `?state=state&id_token=${idToken}&access_token=at&scope=openid` + ) + .setPathname('/callback') + .assert(); + + const state: CallbackState = { + nonce: 'nonce', + state: 'state', + mode: 'redirect', + scopes: 'openid', + responseType: 'id_token token', + }; + + mockStorage.setCallbackState(state); + + const instance = testInstance({ storage: mockStorage }); + + const processCallbackPromise = instance.processCallback(); + + await expect(processCallbackPromise).rejects.toBeInstanceOf( + MonoCloudValidationError + ); + + await expect(processCallbackPromise).rejects.toThrow( + "The 'expires_in' parameter is missing from the callback" + ); + + mockStorage.expectCallbackStateRemoved(); + + fetchSpy.assert(); + }); + it('Redirect Mode - should throw an error if id token is invalid', async () => { fetchBuilder().configureMetadata().configureJwks().createSpy(); @@ -705,6 +900,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'id_token', }; mockStorage.setCallbackState(state); @@ -739,6 +935,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'id_token', }; mockStorage.setCallbackState(state); @@ -777,6 +974,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'id_token', }; mockStorage.setCallbackState(state); @@ -801,7 +999,7 @@ describe('signIn() Tests', () => { .createSpy(); mockWindow - .setSearch('?state=state&access_token=at&scope=openid') + .setSearch('?state=state&access_token=at&scope=openid&expires_in=600') .setPathname('/callback') .assert(); @@ -810,6 +1008,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'token', }; mockStorage.setCallbackState(state); @@ -850,6 +1049,7 @@ describe('signIn() Tests', () => { state: 'state', mode: 'redirect', scopes: 'openid', + responseType: 'code', }; mockStorage.setCallbackState(state); @@ -1004,6 +1204,7 @@ describe('signIn() Tests', () => { const instance = testInstance({ storage: mockStorage, + responseType: 'id_token', }); const signInPromise = instance.signIn({ mode: 'popup' }); @@ -1019,7 +1220,7 @@ describe('signIn() Tests', () => { new MessageEvent('message', { data: { source: 'monocloud-auth-js-core', - url: `http://localhost:3000/callback?state=${generatedState}&id_token=${idToken}`, + url: `http://localhost:3000/callback#state=${generatedState}&id_token=${idToken}`, }, source: mockPopup, origin: 'http://localhost:3000', @@ -1050,6 +1251,7 @@ describe('signIn() Tests', () => { const instance = testInstance({ storage: mockStorage, + responseType: 'id_token', }); const signInPromise = instance.signIn({ mode: 'popup' }); @@ -1065,7 +1267,7 @@ describe('signIn() Tests', () => { new MessageEvent('message', { data: { source: 'monocloud-auth-js-core', - url: `http://localhost:3000/callback?state=${generatedState}&id_token=malformed_token_string`, + url: `http://localhost:3000/callback#state=${generatedState}&id_token=malformed_token_string`, }, source: mockPopup, origin: 'http://localhost:3000', @@ -1104,6 +1306,7 @@ describe('signIn() Tests', () => { const instance = testInstance({ storage: mockStorage, validateIdToken: false, + responseType: 'id_token', }); const signInPromise = instance.signIn({ mode: 'popup' }); @@ -1119,7 +1322,7 @@ describe('signIn() Tests', () => { new MessageEvent('message', { data: { source: 'monocloud-auth-js-core', - url: `http://localhost:3000/callback?state=${generatedState}&id_token=${idToken}`, + url: `http://localhost:3000/callback#state=${generatedState}&id_token=${idToken}`, }, source: mockPopup, origin: 'http://localhost:3000', @@ -1163,6 +1366,7 @@ describe('signIn() Tests', () => { const instance = testInstance({ storage: mockStorage, validateIdToken: false, + responseType: 'id_token', }); const signInPromise = instance.signIn({ mode: 'popup' }); @@ -1178,7 +1382,7 @@ describe('signIn() Tests', () => { new MessageEvent('message', { data: { source: 'monocloud-auth-js-core', - url: `http://localhost:3000/callback?state=${generatedState}&id_token=malformed_token_string`, + url: `http://localhost:3000/callback#state=${generatedState}&id_token=malformed_token_string`, }, source: mockPopup, origin: 'http://localhost:3000', @@ -1826,6 +2030,7 @@ describe('signIn() Tests', () => { mode: 'popup', state: 'state', scopes: 'openid', + responseType: 'code', }; const badCallbackUrl = @@ -1847,6 +2052,7 @@ describe('signIn() Tests', () => { state: 'state', scopes: 'openid', signOut: true, + responseType: 'code', }; const callbackUrl = 'http://localhost:3000/callback?code=code&state=state'; @@ -1877,13 +2083,14 @@ describe('signIn() Tests', () => { expect(error.message).toBe('Scopes missing from callback state'); }); - it('should throw error when callback contains no code/token/error', async () => { + it('should throw error when callback is missing the required code/token based on response type', async () => { const instance = testInstance({ storage: mockStorage }); const callbackState: CallbackState = { mode: 'popup', state: 'state', scopes: 'openid', + responseType: 'code', }; const callbackUrl = 'http://localhost:3000/callback?state=state'; @@ -1893,7 +2100,7 @@ describe('signIn() Tests', () => { .catch((e: any) => e); expect(error).toBeInstanceOf(MonoCloudValidationError); - expect(error.message).toBe('No parameters found in callback'); + expect(error.message).toBe("Response is missing 'code'"); }); it('should combine multiple resources and scopes from options.resources', async () => { diff --git a/packages/js-core/tsconfig.json b/packages/js-core/tsconfig.json index 267ba984..6bfadf81 100644 --- a/packages/js-core/tsconfig.json +++ b/packages/js-core/tsconfig.json @@ -3,7 +3,6 @@ "display": "Default", "compilerOptions": { "declarationMap": false, - "downlevelIteration": true, "esModuleInterop": true, "forceConsistentCasingInFileNames": true, "incremental": true, diff --git a/packages/js-core/tsdown.config.mts b/packages/js-core/tsdown.config.mts index d2225959..19fafcfb 100644 --- a/packages/js-core/tsdown.config.mts +++ b/packages/js-core/tsdown.config.mts @@ -5,8 +5,6 @@ const common = { entry: ['src/index.ts', 'src/utils/index.ts', 'src/utils/internal.ts'], sourcemap: true, minify: true, - noExternal: ['browser-tabs-lock'], - inlineOnly: ['browser-tabs-lock'], }; export default defineConfig([ diff --git a/packages/js-core/typedoc.json b/packages/js-core/typedoc.json new file mode 100644 index 00000000..b4ca14ba --- /dev/null +++ b/packages/js-core/typedoc.json @@ -0,0 +1,7 @@ +{ + "entryPoints": [ + "src/index.ts", + "src/utils/index.ts", + "src/utils/internal.ts" + ] +} diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2322fc11..1634e993 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -115,8 +115,8 @@ importers: specifier: workspace:* version: link:../test-utils eslint: - specifier: 9.39.2 - version: 9.39.2 + specifier: 10.0.0 + version: 10.0.0 packages/nextjs: dependencies: @@ -555,12 +555,6 @@ packages: cpu: [x64] os: [win32] - '@eslint-community/eslint-utils@4.9.0': - resolution: {integrity: sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==} - engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} - peerDependencies: - eslint: ^6.0.0 || ^7.0.0 || >=8.0.0 - '@eslint-community/eslint-utils@4.9.1': resolution: {integrity: sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} @@ -4126,11 +4120,6 @@ snapshots: '@esbuild/win32-x64@0.25.12': optional: true - '@eslint-community/eslint-utils@4.9.0(eslint@10.0.0)': - dependencies: - eslint: 10.0.0 - eslint-visitor-keys: 3.4.3 - '@eslint-community/eslint-utils@4.9.1(eslint@10.0.0)': dependencies: eslint: 10.0.0 @@ -5585,7 +5574,7 @@ snapshots: eslint@10.0.0: dependencies: - '@eslint-community/eslint-utils': 4.9.0(eslint@10.0.0) + '@eslint-community/eslint-utils': 4.9.1(eslint@10.0.0) '@eslint-community/regexpp': 4.12.2 '@eslint/config-array': 0.23.1 '@eslint/config-helpers': 0.5.2 diff --git a/turbo.json b/turbo.json index 6bac49b2..63750019 100644 --- a/turbo.json +++ b/turbo.json @@ -1,60 +1,28 @@ { "$schema": "https://turborepo.com/schema.json", - "ui": "tui", + "ui": "stream", "tasks": { "build": { - "dependsOn": [ - "^build" - ], - "inputs": [ - "$TURBO_DEFAULT$", - ".env*" - ], - "outputs": [ - "dist/**" - ] + "dependsOn": ["^build"], + "inputs": ["$TURBO_DEFAULT$", ".env*"], + "outputs": ["dist/**"] }, "lint:ts": { - "inputs": [ - "**/*.ts", - "**/*.tsx", - "**/*.js", - "**/*.jsx", - "**/*.json" - ], + "inputs": ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.json"], "outputs": [] }, "lint:es": { - "inputs": [ - "**/*.ts", - "**/*.tsx", - "**/*.js", - "**/*.jsx", - "**/*.json" - ], + "inputs": ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.json"], "outputs": [] }, "lint": { - "dependsOn": [ - "^lint" - ], - "inputs": [ - "**/*.ts", - "**/*.js", - "**/*.jsx", - "**/*.json" - ], + "dependsOn": ["^lint"], + "inputs": ["**/*.ts", "**/*.js", "**/*.jsx", "**/*.json"], "outputs": [] }, "test": { - "inputs": [ - "**/*.ts", - "**/*.tsx", - "**/*.js", - "**/*.jsx", - "**/*.json" - ], + "inputs": ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx", "**/*.json"], "cache": false } } -} \ No newline at end of file +} From 84a22024e961323ced92f52bed7e133bad3cd52e Mon Sep 17 00:00:00 2001 From: Viraj Shukla Date: Thu, 26 Feb 2026 12:14:20 +0530 Subject: [PATCH 3/3] wip --- docs-gen/hook.mjs | 24 +- docs/html/assets/hierarchy.js | 2 +- docs/html/assets/navigation.js | 2 +- docs/html/assets/search.js | 2 +- ...uth-core.index.MonoCloudAuthBaseError.html | 2 +- ...ud_auth-core.index.MonoCloudHttpError.html | 2 +- ...loud_auth-core.index.MonoCloudOPError.html | 2 +- ...d_auth-core.index.MonoCloudTokenError.html | 2 +- ...h-core.index.MonoCloudValidationError.html | 2 +- ...cloud_auth-js-core.index.LocalStorage.html | 15 + ...loud_auth-js-core.index.MemoryStorage.html | 15 + ...-js-core.index.MonoCloudAuthBaseError.html | 4 + ...auth-js-core.index.MonoCloudHttpError.html | 4 + ...h-js-core.index.MonoCloudJSCoreClient.html | 107 ++++ ...d_auth-js-core.index.MonoCloudJsError.html | 4 + ...d_auth-js-core.index.MonoCloudOPError.html | 8 + ...uth-js-core.index.MonoCloudOidcClient.html | 138 +++++ ...uth-js-core.index.MonoCloudTokenError.html | 3 + ...s-core.index.MonoCloudValidationError.html | 3 + ...oud_auth-js-core.index.SessionStorage.html | 15 + ...h-nextjs.index.MonoCloudAuthBaseError.html | 2 +- ..._auth-nextjs.index.MonoCloudHttpError.html | 2 +- ...ud_auth-nextjs.index.MonoCloudOPError.html | 2 +- ...auth-nextjs.index.MonoCloudTokenError.html | 2 +- ...nextjs.index.MonoCloudValidationError.html | 2 +- ...ode-core.index.MonoCloudAuthBaseError.html | 2 +- ...th-node-core.index.MonoCloudHttpError.html | 2 +- ...auth-node-core.index.MonoCloudOPError.html | 2 +- ...h-node-core.index.MonoCloudTokenError.html | 2 +- ...e-core.index.MonoCloudValidationError.html | 2 +- .../_monocloud_auth-core.utils.decrypt.html | 2 +- ...loud_auth-core.utils.decryptAuthState.html | 2 +- ...ocloud_auth-core.utils.decryptSession.html | 2 +- .../_monocloud_auth-core.utils.encrypt.html | 2 +- ...loud_auth-core.utils.encryptAuthState.html | 2 +- ...ocloud_auth-core.utils.encryptSession.html | 2 +- ...nocloud_auth-core.utils.generateNonce.html | 2 +- ...onocloud_auth-core.utils.generatePKCE.html | 2 +- ...nocloud_auth-core.utils.generateState.html | 2 +- ...nocloud_auth-core.utils.isUserInGroup.html | 2 +- ..._monocloud_auth-js-core.utils.decrypt.html | 5 + ...d_auth-js-core.utils.decryptAuthState.html | 6 + ...oud_auth-js-core.utils.decryptSession.html | 6 + ..._monocloud_auth-js-core.utils.encrypt.html | 5 + ...d_auth-js-core.utils.encryptAuthState.html | 6 + ...oud_auth-js-core.utils.encryptSession.html | 6 + ...loud_auth-js-core.utils.generateNonce.html | 2 + ...cloud_auth-js-core.utils.generatePKCE.html | 2 + ...loud_auth-js-core.utils.generateState.html | 2 + ...loud_auth-js-core.utils.isUserInGroup.html | 7 + ...uth-js-core.utils.parseCallbackParams.html | 2 + ...auth-js-core.utils_internal.findToken.html | 6 + ...nternal.getPublicSigKeyFromIssuerJwks.html | 6 + ...onocloud_auth-node-core.utils.decrypt.html | 2 +- ...auth-node-core.utils.decryptAuthState.html | 2 +- ...d_auth-node-core.utils.decryptSession.html | 2 +- ...onocloud_auth-node-core.utils.encrypt.html | 2 +- ...auth-node-core.utils.encryptAuthState.html | 2 +- ...d_auth-node-core.utils.encryptSession.html | 2 +- ...ud_auth-node-core.utils.generateNonce.html | 2 +- ...oud_auth-node-core.utils.generatePKCE.html | 2 +- ...ud_auth-node-core.utils.generateState.html | 2 +- ...ud_auth-node-core.utils.isUserInGroup.html | 2 +- ...monocloud_auth-core.index.AccessToken.html | 12 +- .../_monocloud_auth-core.index.Address.html | 14 +- .../_monocloud_auth-core.index.AuthState.html | 14 +- ...d_auth-core.index.AuthenticateOptions.html | 22 +- ...ocloud_auth-core.index.CallbackParams.html | 18 +- ..._auth-core.index.EndSessionParameters.html | 8 +- ...nocloud_auth-core.index.IdTokenClaims.html | 70 +-- ...ocloud_auth-core.index.IssuerMetadata.html | 58 +-- .../_monocloud_auth-core.index.Jwk.html | 48 +- .../_monocloud_auth-core.index.Jwks.html | 4 +- ...d_auth-core.index.JwsHeaderParameters.html | 12 +- ...uth-core.index.MonoCloudClientOptions.html | 12 +- ...loud_auth-core.index.MonoCloudSession.html | 12 +- ...nocloud_auth-core.index.MonoCloudUser.html | 50 +- ...monocloud_auth-core.index.ParResponse.html | 6 +- ...-core.index.PushedAuthorizationParams.html | 2 +- ...uth-core.index.RefetchUserInfoOptions.html | 4 +- ...d_auth-core.index.RefreshGrantOptions.html | 6 +- ...auth-core.index.RefreshSessionOptions.html | 18 +- .../_monocloud_auth-core.index.Tokens.html | 14 +- ...loud_auth-core.index.UserinfoResponse.html | 46 +- ...ocloud_auth-js-core.index.AccessToken.html | 13 + ...onocloud_auth-js-core.index.AuthState.html | 14 + ...uth-js-core.index.AuthenticateOptions.html | 29 ++ ...uth-js-core.index.AuthorizationParams.html | 40 ++ ...oud_auth-js-core.index.CallbackParams.html | 22 + ...loud_auth-js-core.index.CallbackState.html | 19 + ...th-js-core.index.EndSessionParameters.html | 9 + ...d_auth-js-core.index.GetTokensOptions.html | 12 + ...monocloud_auth-js-core.index.IStorage.html | 13 + ...loud_auth-js-core.index.IdTokenClaims.html | 69 +++ ...onocloud_auth-js-core.index.Indicator.html | 6 + ...oud_auth-js-core.index.IssuerMetadata.html | 58 +++ .../_monocloud_auth-js-core.index.Jwk.html | 50 ++ .../_monocloud_auth-js-core.index.Jwks.html | 5 + ...uth-js-core.index.JwsHeaderParameters.html | 12 + ...-js-core.index.MonoCloudClientOptions.html | 23 + ...re.index.MonoCloudJSCoreClientOptions.html | 103 ++++ ...d_auth-js-core.index.MonoCloudSession.html | 15 + ...ud_auth-js-core.index.MonoCloudTokens.html | 19 + ...loud_auth-js-core.index.MonoCloudUser.html | 49 ++ ...ocloud_auth-js-core.index.ParResponse.html | 7 + ...-core.index.PushedAuthorizationParams.html | 40 ++ ...-js-core.index.RefetchUserInfoOptions.html | 4 + ...uth-js-core.index.RefreshGrantOptions.html | 9 + ...oud_auth-js-core.index.RefreshOptions.html | 12 + ...h-js-core.index.RefreshSessionOptions.html | 25 + ...loud_auth-js-core.index.SignInOptions.html | 38 ++ ...oud_auth-js-core.index.SignOutOptions.html | 12 + .../_monocloud_auth-js-core.index.Tokens.html | 14 + ...d_auth-js-core.index.UserinfoResponse.html | 46 ++ ...extjs.client.ProtectClientPageOptions.html | 2 +- ...ud_auth-nextjs.components.SignInProps.html | 2 +- ...ud_auth-nextjs.components.SignUpProps.html | 2 +- ...mponents_client.RedirectToSignInProps.html | 2 +- ...nocloud_auth-nextjs.index.AccessToken.html | 12 +- .../_monocloud_auth-nextjs.index.Address.html | 14 +- ...ud_auth-nextjs.index.ApplicationState.html | 2 +- ...oud_auth-nextjs.index.ExtraAuthParams.html | 2 +- ...ud_auth-nextjs.index.GetTokensOptions.html | 6 +- ...ocloud_auth-nextjs.index.GroupOptions.html | 2 +- ...cloud_auth-nextjs.index.IdTokenClaims.html | 70 +-- ...uth-nextjs.index.IsUserInGroupOptions.html | 2 +- .../_monocloud_auth-nextjs.index.Jwk.html | 48 +- ...ud_auth-nextjs.index.MonoCloudOptions.html | 2 +- ...ud_auth-nextjs.index.MonoCloudRequest.html | 2 +- ...ud_auth-nextjs.index.MonoCloudSession.html | 12 +- ...-nextjs.index.MonoCloudSessionOptions.html | 2 +- ...oud_auth-nextjs.index.MonoCloudTokens.html | 12 +- ...cloud_auth-nextjs.index.MonoCloudUser.html | 50 +- ...uth-nextjs.index.ProtectApiAppOptions.html | 2 +- ...th-nextjs.index.ProtectApiPageOptions.html | 2 +- ...th-nextjs.index.ProtectAppPageOptions.html | 2 +- ...loud_auth-nextjs.index.ProtectOptions.html | 2 +- ...h-nextjs.index.ProtectPagePageOptions.html | 2 +- ...ud_auth-nextjs.index.UserinfoResponse.html | 46 +- ...loud_auth-node-core.index.AccessToken.html | 12 +- ...onocloud_auth-node-core.index.Address.html | 14 +- ...auth-node-core.index.ApplicationState.html | 2 +- ...ocloud_auth-node-core.index.AuthState.html | 14 +- ...h-node-core.index.AuthenticateOptions.html | 22 +- ...d_auth-node-core.index.CallbackParams.html | 18 +- ...ud_auth-node-core.index.CookieOptions.html | 2 +- ...-node-core.index.EndSessionParameters.html | 8 +- ...auth-node-core.index.GetTokensOptions.html | 6 +- ...de-core.index.IMonoCloudCookieRequest.html | 2 +- ...e-core.index.IMonoCloudCookieResponse.html | 2 +- ...ud_auth-node-core.index.IdTokenClaims.html | 70 +-- ...d_auth-node-core.index.IssuerMetadata.html | 58 +-- .../_monocloud_auth-node-core.index.Jwk.html | 48 +- .../_monocloud_auth-node-core.index.Jwks.html | 4 +- ...h-node-core.index.JwsHeaderParameters.html | 12 +- ...ode-core.index.MonoCloudClientOptions.html | 12 +- ...auth-node-core.index.MonoCloudOptions.html | 2 +- ...auth-node-core.index.MonoCloudRequest.html | 2 +- ...uth-node-core.index.MonoCloudResponse.html | 2 +- ...auth-node-core.index.MonoCloudSession.html | 12 +- ...de-core.index.MonoCloudSessionOptions.html | 2 +- ..._auth-node-core.index.MonoCloudTokens.html | 12 +- ...ud_auth-node-core.index.MonoCloudUser.html | 50 +- ...loud_auth-node-core.index.ParResponse.html | 6 +- ...-core.index.PushedAuthorizationParams.html | 2 +- ...ode-core.index.RefetchUserInfoOptions.html | 4 +- ...h-node-core.index.RefreshGrantOptions.html | 6 +- ...node-core.index.RefreshSessionOptions.html | 18 +- ...d_auth-node-core.index.SignOutOptions.html | 8 +- ...monocloud_auth-node-core.index.Tokens.html | 14 +- ...auth-node-core.index.UserinfoResponse.html | 46 +- .../html/modules/_monocloud_auth-js-core.html | 1 + .../_monocloud_auth-js-core.index.html | 1 + .../_monocloud_auth-js-core.utils.html | 1 + ...monocloud_auth-js-core.utils_internal.html | 1 + ...ocloud_auth-core.index.Authenticators.html | 2 +- ...loud_auth-core.index.ClientAuthMethod.html | 2 +- .../_monocloud_auth-core.index.Group.html | 2 +- ...oud_auth-core.index.OnSessionCreating.html | 2 +- ...ud_auth-core.index.SecurityAlgorithms.html | 2 +- ...d_auth-js-core.index.ApplicationState.html | 2 + ...oud_auth-js-core.index.Authenticators.html | 16 + ...d_auth-js-core.index.ClientAuthMethod.html | 7 + ...uth-js-core.index.CodeChallengeMethod.html | 5 + ...oud_auth-js-core.index.DisplayOptions.html | 7 + .../_monocloud_auth-js-core.index.Group.html | 4 + ...ud_auth-js-core.index.InteractionMode.html | 2 + ..._auth-js-core.index.OnSessionCreating.html | 7 + ...cloud_auth-js-core.index.PostCallback.html | 4 + ...auth-js-core.index.PostCallbackParams.html | 2 + .../_monocloud_auth-js-core.index.Prompt.html | 8 + ...ocloud_auth-js-core.index.RefreshMode.html | 2 + ...loud_auth-js-core.index.ResponseModes.html | 6 + ...loud_auth-js-core.index.ResponseTypes.html | 13 + ...auth-js-core.index.SecurityAlgorithms.html | 15 + ...loud_auth-nextjs.index.Authenticators.html | 2 +- .../_monocloud_auth-nextjs.index.Group.html | 2 +- ..._auth-nextjs.index.SecurityAlgorithms.html | 2 +- ...d_auth-node-core.index.Authenticators.html | 2 +- ...auth-node-core.index.ClientAuthMethod.html | 2 +- ..._monocloud_auth-node-core.index.Group.html | 2 +- ...node-core.index.OnCoreSessionCreating.html | 2 +- ...th-node-core.index.SecurityAlgorithms.html | 2 +- ...nocloud_auth-js-core.index.LocalStorage.md | 94 ++++ ...ocloud_auth-js-core.index.MemoryStorage.md | 94 ++++ ...uth-js-core.index.MonoCloudJSCoreClient.md | 338 +++++++++++++ ..._auth-js-core.index.MonoCloudOidcClient.md | 474 ++++++++++++++++++ ...cloud_auth-js-core.index.SessionStorage.md | 94 ++++ ...th-js-core.index.MonoCloudAuthBaseError.md | 43 ++ ...d_auth-js-core.index.MonoCloudHttpError.md | 35 ++ ...oud_auth-js-core.index.MonoCloudJsError.md | 35 ++ ...oud_auth-js-core.index.MonoCloudOPError.md | 43 ++ ..._auth-js-core.index.MonoCloudTokenError.md | 33 ++ ...-js-core.index.MonoCloudValidationError.md | 33 ++ .../Other/_monocloud_auth-js-core.index.md | 78 +++ .../markdown/Other/_monocloud_auth-js-core.md | 13 + .../_monocloud_auth-js-core.utils.decrypt.md | 24 + ...oud_auth-js-core.utils.decryptAuthState.md | 34 ++ ...cloud_auth-js-core.utils.decryptSession.md | 28 ++ .../_monocloud_auth-js-core.utils.encrypt.md | 24 + ...oud_auth-js-core.utils.encryptAuthState.md | 31 ++ ...cloud_auth-js-core.utils.encryptSession.md | 25 + ...ocloud_auth-js-core.utils.generateNonce.md | 15 + ...nocloud_auth-js-core.utils.generatePKCE.md | 15 + ...ocloud_auth-js-core.utils.generateState.md | 15 + ...ocloud_auth-js-core.utils.isUserInGroup.md | 26 + .../Other/_monocloud_auth-js-core.utils.md | 21 + ..._auth-js-core.utils.parseCallbackParams.md | 21 + ...d_auth-js-core.utils_internal.findToken.md | 25 + ..._internal.getPublicSigKeyFromIssuerJwks.md | 28 ++ .../_monocloud_auth-js-core.utils_internal.md | 12 + ...onocloud_auth-core.index.CallbackParams.md | 1 + ...onocloud_auth-js-core.index.AccessToken.md | 23 + ...oud_auth-js-core.index.ApplicationState.md | 11 + ..._monocloud_auth-js-core.index.AuthState.md | 20 + ..._auth-js-core.index.AuthenticateOptions.md | 24 + ..._auth-js-core.index.AuthorizationParams.md | 32 ++ ...cloud_auth-js-core.index.CallbackParams.md | 24 + ...ocloud_auth-js-core.index.CallbackState.md | 29 ++ ...auth-js-core.index.EndSessionParameters.md | 17 + ...oud_auth-js-core.index.GetTokensOptions.md | 22 + .../_monocloud_auth-js-core.index.Group.md | 26 + .../_monocloud_auth-js-core.index.IStorage.md | 66 +++ ...ocloud_auth-js-core.index.IdTokenClaims.md | 57 +++ ..._monocloud_auth-js-core.index.Indicator.md | 16 + ...cloud_auth-js-core.index.IssuerMetadata.md | 42 ++ .../_monocloud_auth-js-core.index.Jwk.md | 41 ++ .../_monocloud_auth-js-core.index.Jwks.md | 17 + ..._auth-js-core.index.JwsHeaderParameters.md | 19 + ...th-js-core.index.MonoCloudClientOptions.md | 19 + ...core.index.MonoCloudJSCoreClientOptions.md | 37 ++ ...oud_auth-js-core.index.MonoCloudSession.md | 27 + ...loud_auth-js-core.index.MonoCloudTokens.md | 26 + ...ocloud_auth-js-core.index.MonoCloudUser.md | 47 ++ ...onocloud_auth-js-core.index.ParResponse.md | 16 + ...d_auth-js-core.index.PostCallbackParams.md | 11 + ...js-core.index.PushedAuthorizationParams.md | 39 ++ ...th-js-core.index.RefetchUserInfoOptions.md | 15 + ..._auth-js-core.index.RefreshGrantOptions.md | 22 + ...cloud_auth-js-core.index.RefreshOptions.md | 17 + ...uth-js-core.index.RefreshSessionOptions.md | 22 + ...ocloud_auth-js-core.index.SignInOptions.md | 27 + ...cloud_auth-js-core.index.SignOutOptions.md | 17 + .../_monocloud_auth-js-core.index.Tokens.md | 20 + ...oud_auth-js-core.index.UserinfoResponse.md | 52 ++ ...oud_auth-node-core.index.CallbackParams.md | 1 + ...cloud_auth-js-core.index.Authenticators.md | 28 ++ ...oud_auth-js-core.index.ClientAuthMethod.md | 20 + ..._auth-js-core.index.CodeChallengeMethod.md | 18 + ...cloud_auth-js-core.index.DisplayOptions.md | 20 + ...loud_auth-js-core.index.InteractionMode.md | 13 + .../_monocloud_auth-js-core.index.Prompt.md | 21 + ...onocloud_auth-js-core.index.RefreshMode.md | 13 + ...ocloud_auth-js-core.index.ResponseModes.md | 19 + ...ocloud_auth-js-core.index.ResponseTypes.md | 25 + ...d_auth-js-core.index.SecurityAlgorithms.md | 25 + ...ocloud_auth-nextjs.index.SameSiteValues.md | 2 +- ...oud_auth-node-core.index.SameSiteValues.md | 2 +- ...ud_auth-js-core.index.OnSessionCreating.md | 26 + ...nocloud_auth-js-core.index.PostCallback.md | 23 + docs/markdown/modules.md | 1 + 281 files changed, 4864 insertions(+), 683 deletions(-) create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.LocalStorage.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MemoryStorage.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudHttpError.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJsError.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOPError.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudTokenError.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.MonoCloudValidationError.html create mode 100644 docs/html/classes/_monocloud_auth-js-core.index.SessionStorage.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.decrypt.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.decryptAuthState.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.decryptSession.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.encrypt.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.encryptAuthState.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.encryptSession.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.generateNonce.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.generatePKCE.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.generateState.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.isUserInGroup.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils.parseCallbackParams.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils_internal.findToken.html create mode 100644 docs/html/functions/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.AccessToken.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.AuthState.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.AuthenticateOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.AuthorizationParams.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.CallbackParams.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.CallbackState.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.EndSessionParameters.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.GetTokensOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.IStorage.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.IdTokenClaims.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.Indicator.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.IssuerMetadata.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.Jwk.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.Jwks.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.JwsHeaderParameters.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudClientOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudSession.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudTokens.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudUser.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.ParResponse.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.PushedAuthorizationParams.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.RefetchUserInfoOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.RefreshGrantOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.RefreshOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.RefreshSessionOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.SignInOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.SignOutOptions.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.Tokens.html create mode 100644 docs/html/interfaces/_monocloud_auth-js-core.index.UserinfoResponse.html create mode 100644 docs/html/modules/_monocloud_auth-js-core.html create mode 100644 docs/html/modules/_monocloud_auth-js-core.index.html create mode 100644 docs/html/modules/_monocloud_auth-js-core.utils.html create mode 100644 docs/html/modules/_monocloud_auth-js-core.utils_internal.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.ApplicationState.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.Authenticators.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.ClientAuthMethod.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.CodeChallengeMethod.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.DisplayOptions.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.Group.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.InteractionMode.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.OnSessionCreating.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.PostCallback.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.PostCallbackParams.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.Prompt.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.RefreshMode.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.ResponseModes.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.ResponseTypes.html create mode 100644 docs/html/types/_monocloud_auth-js-core.index.SecurityAlgorithms.html create mode 100644 docs/markdown/Classes/_monocloud_auth-js-core.index.LocalStorage.md create mode 100644 docs/markdown/Classes/_monocloud_auth-js-core.index.MemoryStorage.md create mode 100644 docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.md create mode 100644 docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.md create mode 100644 docs/markdown/Classes/_monocloud_auth-js-core.index.SessionStorage.md create mode 100644 docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.md create mode 100644 docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudHttpError.md create mode 100644 docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudJsError.md create mode 100644 docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudOPError.md create mode 100644 docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudTokenError.md create mode 100644 docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudValidationError.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.index.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.decrypt.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.decryptAuthState.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.decryptSession.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.encrypt.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.encryptAuthState.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.encryptSession.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.generateNonce.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.generatePKCE.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.generateState.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.isUserInGroup.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils.parseCallbackParams.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils_internal.findToken.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.md create mode 100644 docs/markdown/Other/_monocloud_auth-js-core.utils_internal.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.AccessToken.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.ApplicationState.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.AuthState.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.AuthenticateOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.AuthorizationParams.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.CallbackParams.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.CallbackState.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.EndSessionParameters.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.GetTokensOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.Group.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.IStorage.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.IdTokenClaims.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.Indicator.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.IssuerMetadata.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.Jwk.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.Jwks.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.JwsHeaderParameters.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudClientOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudSession.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudTokens.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudUser.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.ParResponse.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.PostCallbackParams.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.PushedAuthorizationParams.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.RefetchUserInfoOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.RefreshGrantOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.RefreshOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.RefreshSessionOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.SignInOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.SignOutOptions.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.Tokens.md create mode 100644 docs/markdown/Types/_monocloud_auth-js-core.index.UserinfoResponse.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Authenticators.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ClientAuthMethod.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.CodeChallengeMethod.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.DisplayOptions.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.InteractionMode.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Prompt.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.RefreshMode.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseModes.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseTypes.md create mode 100644 docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.SecurityAlgorithms.md create mode 100644 docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.OnSessionCreating.md create mode 100644 docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.PostCallback.md diff --git a/docs-gen/hook.mjs b/docs-gen/hook.mjs index 368d091a..4066e381 100644 --- a/docs-gen/hook.mjs +++ b/docs-gen/hook.mjs @@ -114,17 +114,21 @@ export const load = app => { if (type === Type.Types_Enums) { const typesLen = page.model.type.types.length; const items = []; + for (let i = 0; i < typesLen; i++) { - const item = { - value: page.model.type.types[i].value, - type: page.model.type.types[i].type, - description: page.model.type.elementSummaries[i][0].text.replace( - /\n\n/g, - ' ' - ), - }; - - items.push(item); + const summary = page.model.type.elementSummaries?.[i]; + + if (summary) { + const text = summary.map(x => x.text).join(''); + + const item = { + value: page.model.type.types[i].value, + type: page.model.type.types[i].type, + description: text.replace(/\n\n/g, ' '), + }; + + items.push(item); + } } const str = items diff --git a/docs/html/assets/hierarchy.js b/docs/html/assets/hierarchy.js index df0fd97d..199bc7ec 100644 --- a/docs/html/assets/hierarchy.js +++ b/docs/html/assets/hierarchy.js @@ -1 +1 @@ -window.hierarchyData = "eJytml1P4zgUhv9Lrk03to+/escixLLaFYiZ2ZsRQlFqIEMbZ5NUYjXiv6+cfmySuoud+AZQpb59emwfv+8hP5PamLZJlt8pBoWoVAIBkwJRQgBRJRSiRFD7QyEQkCJIpUJESoYoZRQBJhSBxBTRFCiiXABiKUhEU84QFZghYBwjhlP+iJJaP6913hambJLlz4QICfZ3mW10skxuV1/Nmy6v1lmxaRKUvBXlKlkSxlGyrdfJMinKVtfPWa6bX542pjT52mxXT9m2fb3ITa0XRbnS74uBzOK13awTlOTrrGmSZdI2qwure3HUSj5QYr9QD+RPU5orq325bV9/zRp9XdemPhJhIg9Enez/47jFznLtXkBJ/lqsV7Uuk+V3ojggIhVDpFuRNFWPHbRyQv/WtlUU4KPQJ7CWRXFwsdzdRyHZy/hwCOXi6HZEFJT/lHxoJHXRfGt0PX1/D2T89rfdMi6Qv7J1scrseYxSm5Hc5wWyTaPH9aCfa9283tRZ2d5VuzYxuUwOMY9iDQ4epBg/dpi8f9Js3Yvy2TzopjJlo6czjpVCAW0DRXaXdZQY+ot8mee6abrtGghYmpXuU/aUQgEpk6xjI6TfH67L1RfdNIUp77M62+hW16ErPYZ0SQbTcqX2tLJHe6Pb7ss30/bkmHQs53mECRWR7sox0IQL07qCPs2xBVwZ81boB/33VjftXC63avCqgpIIiCS7pR1cEKcfMelIf04+7XxThndHmzLnRTLZn4yB55sUykmKKFBmf2BEmdy1TqA4mkk5Sx3gVCxiJKdyFsfbrtit6YKJc37Gcp5Hm2HnXot0NE70fKmkcx9NM3ZnoULcnb3bziLN7ckjNd8iKacLn+A3z/IEmE5O0sim8yxVuPPkAqI6zzFaBPtpbUjXQ7nq31lfipfybhsJcyjmubACR7TDY6K5ntgaJWRPQlc6OUC9r02r8/ZqXeiyvc9e9MQi6vf2R7PIO5nFOVHPYkoqR4t7W97XppoKZTaVKXXZNoueli/LoKM96FVR67z9aiJSPe2r5hT3xVQiTtDZwc1OOUBhZ9OG04fr97bOrKHqEsnEyu3TzVAq+ExIKpFdXUtpU23EdNPHnBZtIB1cFDe12VYxYHo6wSsKkiEAqhAA2L8YRsDsmFPifRFJrNHlAHpCFrMj2T5KYzvobRmrjC698EEKSbuqYRI5x/RJ54cYoEIiwEAQEBAIKFU7bCDxQowTOSDBWLRYCcbJ4h1fbKiOGF+cMEHZxS5YxJTgBAqJCPZiiBcRzuP4dgrKnOs1JR84YfzDgT1pscOBEyk4Gdiuf2oZL6visorRTl16niUDcHjZy6qYbWTHZMEm1t6PLrQqNlo1AU06qhaPKQxmOFvZS9jvFLdQI0VfOI4jxro+1txMZxsXsparu42ZjGP/fzS73DnH+Su+s4Ock3ie+gA20U5zgSNZ0wPIFFcqoG/qb7+0ps5eQnfREWD/9uD1EVIgkGmKWMq7YYp9pcf1h8mz9ZjN47I5gPXf73G3yHQwEtMbU/8z49MHAj4f7x7tTrbfR475zltxjEDap0kUcMTSNEUgheiWTLpTwyT7fYIc4rylcDrv35v5GHsNDwgFPJL9P4Hwd/6KRxzHn3AEeWzF443h3SS+LU+JWOP3Ew5/Z22PTmRnfUITbKrtM2FRx+0HpBhPeXDe/WvY3hD9SezuaYIZ3Xmo4FEknPJ4BuxAMdt7cYGR3dqPHx8f/wIQfMHV" \ No newline at end of file +window.hierarchyData = "eJytml1P5DYUhv9Lrs3U3x9zRxGiVK1AsO1NhVCUMZBlJp7GGYlqxX+vnExpEpxd2+MbdrUX7z5zjs/x+5r5VrTGdLZY/0WwIIBCjAAVCANCqAQUQQIIUQIQCgmgkjNAMSKAQKgAoUIAiqkAVBEJCOICEKEkYEgQQJBUgEiiAOWSAYYJegBFq5+2uupq09hi/a3ACkr3Z1PudLEurjdfzKtuLrZlvbMFKF7rZlOsMeOgOLTbYl3UTafbp7LS9qfHnWlMtTWHzWN56F7OKtPqVd1s9NtqIrN66XbbAhTVtrS2WBed3Zw53bMPreIdFO4DjUB+N425cNrnh+7l59Lqy7Y17QcRwvI/ol72+zh+sUWu4R9AUb3U202rG9cbKCUgEClA+o4gQh56aOSF/qXr9lmAP4R+ANuzSOljubnNQnKUCeBAkPg4+hORBeV/pSAa4aP5w+o2/XxPZALPNyLesvxZbutN6eYxS21mciEF4uMC3emnVtuXq7Zsupv9sCaSy+QRCyjWZPAoIqyfNCTHk+bqXjdP5k7bvWmsTmecK8UCugXqloLoKbEYN/m8qrS1/XGNBGzMRo8pR0qxgERA1bMROt4Pl83mXltbm+a2bMud7nQb2+k5pE8ymlbiYbMShke0V7rrP7xNO5Nz0rlc4AgTjjLdlXOglAuTqPHgXn+sgAtjXmt9p/8+aNudyuVXje4qxxhQCnnfWjq5ID7/F0kj/WPytPkmnAyjTYX3Ikn2J3PgDCZFUAoIY8r9YIAIOKxOxlg2k7JIHeNUGPO6pgSnsogTblc4xj6YPPMzlwscbU68Zy3TaHzSC6QS0HuO0ozdIlSUuxP+0DAs91xlGtRCi4S8LjzBby7yRJhOQWlm07lIFe88hZJZneccLYP9dDak36ESj++s+/q5uTlkwpyKBTZWkox2eE50qid2Rgm4SehLpyaot63pdNVdbGvddLfls04son7rvtpV1cuslkQDi6k4njX3urltzT4Vyuz2ptFNZ1cjrTAWOn0GudObutVV98VkpHo8Vs0rHoqJUZ6gM8CdnHIo5b1No9PXh8u3ri2doeoTSWLljulmKhU9E4pj4Lo7UBKWMd2MMdOiDUWTi+KqNYd9DpiRTnRHOVSAMk7cD/c3wQDlRAC3UIYi0lxPlxPohCzmnmTHKNZt0OsmVxl9evEPKZT2VcM0c44Zk54eYiiDGFDMOaBEIEApJwM25/lCjBc5IsE4tFwJxssSHF9cqM4YX7wwUdnFNSxjSvACxUQEdzHkiwjLOKGbggpvv1LygRcmPBy4ScsdDrxI0cnAbf3PlvF8X5/vc6xTn15oybjHy57v65ON7Jws2sS6+9GHts+Nto9H49BTtXxMkTCTt5WjhPtMeQs1UwyFkyxjrBtjnZrp3OICznL1t7FAOIv9/2oz/ZaDQQUHMinyOespXqK1FopnsqlTnBSfKvn4fF3fd6Ytn2PP1QzjKBJ9oBTCgCrMAENq8Hhqcqp+M1W5nRMGXEJTvLFKwM2j8OSNU+9M+8/JDBOZEAjifUNMtugzmpM9OoOSA6qoBAwKBBhyTYQQD02kXvgko74AHuHUHZYP51ebC+aoFIKSLTQsoASnBtfAfCZ9gSbGpbv1nc2lf48ncFEyqLy/WEiw6Qs04T7djVdmn77AFG3U3ffMsj7hT8FyfH9EyP5d0N0x4zfe4XsKJ2/2qU5AwTBB+QzelOVkhycUB+7gP7y/v/8L6CzoMw==" \ No newline at end of file diff --git a/docs/html/assets/navigation.js b/docs/html/assets/navigation.js index 8e2f2ac2..8d481a9c 100644 --- a/docs/html/assets/navigation.js +++ b/docs/html/assets/navigation.js @@ -1 +1 @@ -window.navigationData = "eJy9ndty3DYSht9lrp1s4kqyWV+tMnZiOVY0pbFz43KpEBKaYcQBuCAYS9nad9/imTgQ6AYJlu5U6P/DaUCy8RP89N+dpE9y92r37wtnPMl5le5e7JJzlqeCst2rT0MBUsnzVwkXdPdiVxB53r3aXXha5bT8x/0Qez+U+vosL/nuxe4xY+nu1Uu7ZsZS+gTUa8qCVK+ShJblB/5I2aidMUnFA0nc8pNQDfX9D/97MRLSVNCyRKu3YU7lSp4pk1lCJL0tZMYZnmJKAIlcTGDyuQBzuNAR3/zrn99+/1LDcJH9TeoKHYggl6CGaRK+hh0lkTSE0wS61Pckz/8gyWNYU9RoJyfPKJN1lW6oPPMUMUB6qG+I9jyl+zPJc8pOFE8zo33A11lZ5OTZmOdelhrow7xh6ZGWZT9pqKQCPWA2Ddew/SJ4VSBa1JT3NeQ6bVamfU4y/JRTgl1Vvy7LioobKklKJEFjlGgX592XR6z4uy+PHkV0t9Qxbs3yLSUpFeFzxyLhIt5wxve1UP3L/YmU9I0QXIzQJCdl6SbaJVToty9/tEHbRSPw0mNXATX2rZTFgoYO4aBG3mZp0lYxjDbGw3CHBS3rgkGgbokKHrYuHjRgzWqyoF1jPKhpH0sqgttVB4Ma9TvJs7S5v1jQMk3E1bxb1nX5XlAiM3ZCXDKMWN/l40DEHS0Lzkr0LdEk1NWPB8EvhUS0oQ3wVrwqzzRd4Q5yVsjVqDv6QGVyrufQNXvggUujXcXDFbQ8/yJI8HpskQAQu2m1jKmKuKntxLrhKcXcBCpxvinUF/5QqwZAmjgf5EiTSmTy+So/cZHJ8wVDMoN9uGYFRY9PG+UakHqOZuyBhy4WerzJ+jyhVTLLJ41w5gCasqAcQEoT8Txdih4qljRT0aXcRamEH76b1LYrYXm2xABmnjBtJOOSjuFYr+cKhbKQfuqi/Lqh/aSH+0lh/aQGOygnyqggkv7GWYJtjBILYBx+3b8JRNShAELIkCixDkZWttc47QkYxFBiHYyCiJLOZWBAJIuCq031usdIjlmm7vsg0Hr1kLFUy1hC2jFCBgHn8MtD9UeeJcfs9Ct9/lnwS/u4rj4448BOUaMyn5u/sUqNLOMpBaaWh6Jr5pdH0XhJZp0RIdNsIADp5qLI6wRuxhk8VWpwNJEY+W2DGTPJ7YBFzHTbqNHS3TYYOOe9ZOA0jZVT7HO09fPsBil+st1A4jPue84fs0U/PEXB1aG45L6O2SjDr2PRaX4q2+epJV2qiyzeVzAAcTYXdAx8h2HMEzez6Y7+p6KlDIPatXB4xHOun+9Pk12ztL2WhBH76JU3cQzO6js5OmGt7RyLbpQ9HZOzycaOjt10d2cWjt/iWX7xsUsB4YJCt3wc2F4E1NuIPa1ZJHJjC7rTNMvDbDetMpSYQezK1nN+FWgtBAIvuULpIkDggmuSoQJD8krShYPZaoBwmL3KWR5mwzJgW8PHxcxdNWT5FDb1MNU4SiXdsqACjRIMLRc+9FuV4OgDETIj+Xo1UAVX3zWfhSO3zhH7RG4krIngnfpZWLzt+lkkas/+J5I87s+EMZq/5ydeeXe8daxFwvd4dsvqmw+kW8DkWkT8ZK1zoSxLT9rUF7cJ3Z4jlfOJTzjVEFnbgKFDV3VhGOIbWDEM5sZ+DJ2/nSnDQt7GmTEDjmTPMGmxPBpzJJhRg1zoMZP0d5JXeJQavb4pxOChnSHd6L7PHqjMLmGLjabhmiLH7MSuF81KRcGHuq0W/fRUCRdswY0TzGWzdP1CLFxBph4bb3VnzwiJYu/R5eN4fGYocYw+M7BV3T46I47lZ4YSx/czA4tg/tFJsRxAc5y1bUBznNW9QDoosiFIx8VyBWmciNagWdIm/qBZ+homIfok/4RcTppyoJ5NtP0Aj2RiyfzPuYNGxwjOWqOQLCquS3whuKSJbDcoDuQE+2krREPCMVsOelnUnYyCnZNytbYqad0/+DZ2gZZZN4on/FJwRpmET7gxBDRD2jteTO1H/TbWMTRtgYPgBW40dESjALgdD2/GrZ75MtpxW8mlDeklfC35CLtGWRkfXZentsDSZnQKrlZgV7QBcI9Y3LpfK02Deute/c3T1L/E0HTfhy/oQwOsirpzIGkmaCI/8AU/256viznarxddofVWSdtz3GflTgfmo22hEU20U0AMB62iH8s+q0Aw3tmigObiNQQwF39VFM0GrrgqsreEpTkVPzMsy1TAYG9ZO6yvKcto2kkEV8GqhqtO8+Sxbp3mJMEV23PW/CtktikKntnWlq3vxxY1eiIA8U4jfNoKDmXSruNvsjTN6RciMDfKLUwNd6zgwTsletMQGyQh1uIpLsRXXJWSX4YrazPuN0QmZ+Sccej4qoD0G0+pSLPxkxSkHpLQ4dQEXEN5oqgE15Qyhrqf+PUkN1zeluNW1MPc0VPK+tZoRR3ii24KhTdgEu306+Ld11MM3HqNsx4rDIjvOCunb+ZgnhBaiBa/am5R5cASi9fTcsGzwKayiqF6CvG4qS9T1zC6v5RoR38Fe5ynsAUG5zoi5GbFJuBbGZSY4LlhU4llp7Zy8V5qjK/ZisSZmscbreWNNbRADf6NPkmwedzKHRVW9nFbadFM3HYaoidRRmorDeWiRlia7bBIfmYrLLaZ2QXdwskM4Ee0MbvoMT3Mdu5mBuZ5fGz3spUc0bo8z1vbt2wlRTQtW3kIx3J98Zlc+JSkGOouySXku1vSY40s2KKaGGq46tzRssr9ltn5GrQCfusx3jo+ZQb5xvEZ42jWbRWyiW9bRwaYtk80pBMncRDEihlwvxyyQqvkwIGa3qrBzO0KGeRs76wP6CfjLs5lTmpLXBVZqPhVkfl3Sa+KrN7qCb05sKl43jLoygd6P3Qs0PcxBBTrcAscl6ZXRXGk4q96E6XbXMXOxjkdwNxfmF8PyqyrQbjUuhYLRC0dVcBwdr8spE1K+VXC/FF1qfZaMF3t6tcUQjpyXg3YtaOAsQIvr5NVEluxhWOv6QB+0n3EHZWVYEt7YVTxNVyEu0pasi6AcJIE9/KMkKub1Wri7GK2hro9Y3d62ZWaCntlBPe2lEqL9qqUDRPjPakpJ/pLUgpsmzekVCT49aiwV2+mMMh7N4Zh+s8SeKZiVzCKY6vXhpq1kI93gzzyoS70GMKBF/P4QQsk4rGDU1q04wankBif1un1Eef9dSXxbVAinQjkkYIDIP5RggMq9kd7etBG5/n1uE3O8ethq5tUBuE45/b18pFMI4M86Jy6Woc094D1jQ+0Z7Qwbx/hT8MbSOBT8K7rXSTlcRIi3wWt4QbpNdc6Vm+iF+U4vVEfdYzee56Q3Ojruc2THjKNcm490QsXz2h5JQzsVEEYZAbQlof/GdCo33UyaDibyLsj5ow/AzYNR/MWdapFCNS178rQju0iYf4QxLeyDFCsD2WZoEhfyTJAsT6RZYDi7ZTbUStvkhuQePvjBirmB7h6WPSvb/Ug6KFPvJT9kwm0DdMYb/UnZfUHMzjF+lwWuMc36G9wcNXA2vjAqp673UFVE2LAAVWYe/hJiD/d2RRd0I6oZ2xprEhna42UWIlinRDpo2c9Jjhri747V+Nc1wP87sjAiHiE1ZSx+tFVvXikD8P18rAc9uf/A7bsX5s=" \ No newline at end of file +window.navigationData = "eJy9nV1z47YVhv+LrrdNs9Mk7V7VUTZZb9axxtrNTcazg5CwxJgCWBDs2u3kv3f4IYv4PgcEOL7z4LwPDgDx4+AV9Nv/NpI+yc2bzb9OnPGi5l25ebUpjlVdCso2b357aUA6efxLwQXdvNo0RB43bzYnXnY1bb/6/BL7+aXVX4/yVG9ebR4rVm7evLZrVqykT0C9oS1I9aooaNt+5I+UXbQrJql4IIVffhaqob759s9XF0JZCtq2aPUxzKvcySNlsiqIpLeNrDjDU0wJIJGLGUw+N2AOFzrib//87utvXmsYLqr/kr5DOyLIKSoxTSKU2F4SSWM4Q6BPfUvq+ndSPMalokZ7OXVFmey7dEPlkZeICdJDQ1O05SXdHkldU3ageJoZHQL+ULVNTZ6NdR5kqYEhzFtW7mnbnhcNlVSgJ8ym4Zu2nwTvGkRGQ/tQItflcGXa1qTCLzkl2Nf167btqLihkpREEjRGifZx3n95xIq///IYUEQPSx/j12zfUVJSEb92LBI+4g1nfNsL9Z/c70lL3wrBxQVa1KRt/US7hAr9+vU/bNDxohF567GrgJJ9J2WzINGXcFCSt1VZjF2Mo13iYbjdgsymYBBoukRFT9sUD5qw4WqyIK9LPCi1Ty0V0Xn1waCkfiV1VQ7PFwsy00R86d2yaci3ghJZsQPilmHEhm4fOyLuaNtw1qIfiWahvnHcCX5qJCKHMSDY8a490jLBE6RTyJfUHX2gsjj2a+iaPfDIS6NdJcAVtD3+JEj09dgiASBOy2oZUxXxU8eFdcNLinkIVOJCS+jc+GOvGgEZ4kKQPS06Ucnnq/rARSWPJwzJDA7hhisoen7GKN+E9Gu0Yg889mKhx5us+xmtk1U9S8JbAxjagmoAJS3E8/xS9NCxYliKPuUpSiV8+/dZb6cWlndLDMDxhmkjGbd0DMd6P1colMWM0xQV1o0dJz08TIobJzXYQzlQRgWR9BfOCmwySiyAsft5+zYS0YcCCDFTosR6GFU73uO0N2AQQ4n1MBoiWuqqwIBIFgVfTv11j5Eac5n6fA4CXa8eKlZqFUtIHhfIi4B3+uWu+72uin11+Jk+/yj4aXxdV1+ccWCvqNGZ++Hv0qVBlvGSAkvLL01T1pcvovmKzDojQ6XZQADKzU1T9wXcijN4qdTgaCI56tsGM2eR2wPLWOm2UbOVu20wcM17ycRpGolL7C5a+jq7QcpfbDeQ+Ir7lvPHatEHT1HwDSiuuK9jVqrw61h0mZ/K8X1qyZDqIov3FQxAns0FHQPfYbjUiYfVdEf/3dFWxkHtWjg84j03zA+Xya5ZOd5L4ojn6MSbOAYn+U6OTki1nWPRzbKnY3JW2djRsavu7jjh+C2e5TcfuxQQLih0y8eDPYuARhuxp+VEIje2oDtNTh5muynJVGImcWrbr/kk0F4IBF5yh9JFgMAF9yRDBYbknaQLJ3PUAOEwe5VOHmbDMmJbI8TFrF01ZPkSNvUw3dhLpdyyoAODEgwtF770W5Xg6B0RsiJ1uh6ogsl3zZ1w5NY5Yp/Ij4SlCN6pd8Lybdc7kag9++9J8bg9EsZo/YEfeBfc8daxFonQ69kt6x8+kG4Bk2sRCZO1wYWyLCNpU1+cEzqfPZXuwiecaoikNmDo0KQuDEN8BSuGwVzZj6Hz1zNlWMjrODMc4Ez2DJOWy6PhIsGMGuRE95Wkv5K6w6PU6PSmEIOHdoZMs/uheqCyOsVdbDQN3xLZVwd2vWhVKgoh1G236KOnSvhgCx6cYC6bpdcvxIUrytRj4yV39lwgWew9unwej4+Dksfo44AldfvojDyWHwclj+/HActg/tFJuRxALk5qG5CLk9wLpIMyG4J0XC5XkMbJaA1yklbxBznpKUxC9En+AbmdDO1AI1to+wEBycJS+Xe5gy6OEZy1RiFZVHy3+EZwSQs5blDsyAH20VaIhoRntez0tqgnGQXrkvJl27W0Hx98jlOgZdVdxAt+ajijTMIX3CUEtELGJ15M7y/6Y6xnasYGO8Eb3GzoiEEB8Dgen8atXvky8rjt5NJEzhKhTD7B7lFWxiff7WlssDSNScGXBfaK9gL4jLi4TZ9WWkaN1mf1M0/L8CWGlttz+IIxNMCqqL8GUlaCFvIjX/CxPfN1MU/+etME2Vslbe9x98qTDsxHO0IzmmjngBwOWkU/l31WgWC8s00DrcVrCGAt/qpphg1ccdVU7wgrayp+ZFiWqYDB3rJxWn+grKLlJBHdBasarjvDm0faPrkkwR3bcjb8K2a1KQqB1Ta27Z/HFiU9E4B4pxE+bQWHMmn38TdVWdb0CxGYB+URpoZ7ruDROyV6aogNkhhr8RwX4yvuWslPL3fWYd5viCyOyDXj0Ql1Aek3nlORZuMnKUg/JbHTqQn4pvJAUQWuOeUS6n/j14vccHlbjVtRj3NHzynprdGKOsQXPTSKT2AW7fXr4t3Xcwzceo2zHisMiO+4auffzMG8IYwQLT5pbVHlwAqL1/N20avAppLEUD2HBNzUp7lrGD1eSrRnvKI9znPYAoNzHxHzsGITCF0ZlJjotWFTyWWntnLxXmqMr9mKxJmaLw9ay5M1tEAJ/0KfJNg8buVeFBL7uK20bCZuOw0xkigjtZWGclEjLM12WCY/sxWW28zsg67hZAbwM9qYffScHmY7dzUDsxuf271sJWe0Lrt5qX3LVlJG07KVh3As9zef2Y1PKYqhnpJ8QqGnJT3WqIIt6omhhuvOHW27OmyZdfdgFAhbj/HW8TkzyjeOrxhns26rkFV82zoywrR9oDGDOIuDIBJWwMNyyA4lqYEDNYNdg5nbFTLI2T5ZH9BvxlOcz5w0trhqqljxq6YK75JeNVW/1RP7cGBTCXzLYGof6f3QsUDfx0tAk4bb4Li0vGqaPRX/6TdRps1V7Gp06QDW/sL6elRlXQ3Clda1WCBq6awCpnP6ZCFtUsqnEuaP6luN94L51a7/mkLMQLrVgEN7ETCuwMv7ZJXEdmzh3Gs6gI/0OeKOyk6wpaNwUQklLuJdJSNZF0A4SaJH2SHkG2a1mzi7mC1Rv2fsTm+bKFXYV0Zw35ZSadm+KmXD5Pie1JyT/UtSCmydb0ipSPDXo+K+ejOHQb53Yxim/2iBZypODUGOLaAT7CyZzwqmEqBeMOTbowZBvjnGnnWoUXOedOhEZTzn0GRmO+XQROX4XR+VgjhycGoZm48S7wUhzzbUMPlPNtSAuX9JSMWtdNSgCl3loEEVmdxLo8nnOWRQhWTyuWgQ0AF7vRoZHl77JzbcWGnBwVHDH+an8cBH+V33W2HKOzEcMoWmMLaoyqnOCTRUs5wSqFNQZwR+4AWpjTlw7QypqHmsd3eNnrh4joQowWBLDsIJpOHWPOvQgc76Y1YOJs4h836POd7QgZyLoKkJhtkiBxrs9+2yoZ7iYWYZxA+HOXC5fjvMhcv082EOXK5fEHPg8tkJfMDEfgIHKp+hwAHM+btlKjL7T5epOOi5WbyV53cqXD7zyGAqs7b6SyaWZX3HjNwy1SgrnAamEVc+C0ylr3cSmMGNOAcM/8YxCwzXloemi3PKeqyZlZjpUDOdlatOb+dk+uU5FRZdQI98i1CjfXca/HaVRsp4sphJSn6umIrI9Nt9KiTLIV9nRJYjvlTxPAd8WRl5jveyopIe7qUS8hztZWXkOdjLispwrJfKyXWol52S+kgvOyX5gV4qJvNxXios12FeCiXjUV4OzioHeTnYMcd43f95/3+x4jjc" \ No newline at end of file diff --git a/docs/html/assets/search.js b/docs/html/assets/search.js index f81cea8b..493f5c80 100644 --- a/docs/html/assets/search.js +++ b/docs/html/assets/search.js @@ -1 +1 @@ -window.searchData = "eJzUvVuX4zaSrv1fKm9ru5MnUOqrr6bsadvT7qpdaXtf9JqVi5ZYmXRKokxRdehZ+79/iwAlkcEXFA4BtffdTLsQegMZxOkBIv7nVVN/Prz66z//59VLtVu/+mv8+tWu2Jav/vrq/9vWu3q1qY/rvxTH9vl/reqmfPX61bHZvPrrq229Pm7Kw18ez//o8fyPvnlut5tXr1+tNsXhUB5e/fXVq//7emq/2q3LL2YG5T8FZl+/2hdNuWt1agc/m4nzD79ZrcrD4ef6pdydf77atWXzsVjNKxi0tFejbAw0RfdxehZVsIm6U6ba3pStwKE9A7HffdlXTdFWNafscmg0hANN+cexPLTl+mFV78uDr/SzucPJXBjRh/rYrEp/tWc7IWQeWLqUuydHA8B63ZQHa4mqFfeHv6qPu7b56iHm7mLCvrP6rtCI+1g326Jty7WPvKERboGbelVsqtar+wY2uOXt60NbbB5X9dr6qx0qHJvhFtmUTw7D91Df2QK3tEPblGX7WHh/sHcTSwxSR2PKsX0ud221Ktry3b6buqzlTi3wjzXr8teyqT5WZcOk7q6z+eli075bQcfpRqOyXT3/ciibH3Yfay790ujxUDaVMhrUgWrTlk25/mEtp6e3m6LacoXJ3cl4tZZrqNXJeEiHqpMj9erl4aX8zOXL2Yd69XJQdm/lxs/1pmyKnf0yy8SXdmD8Bg79VHx588TtyLb4UjzdyIF/1Px/iF0dvv9///zC9l33tkLKrXcP5eFQ1bu3TVm01e6JS3u9OyjDq4vhkI58KjbVumjLfoDlcuNkto8gfifi+2UeZTFaTdTNJZLar3tjD+qGY/lAlzh1U/1LbszfF03hNHcRC/znKM2vxeZovwHVSLsrVs2nk0GnvzrtMp3w4Z/u+2rXsjkwNPysDId0pFsQvn0uNpty5zT3QCc6o6uB0Zs58FPZPtfW218jN7Yn0yGdWVeH/aaw3h/rHLiYCyl6Uz9VO85vQBq8QexvXRdcULXfSstQ8s5xiQUVe62tDAXvm3q7Z4uMs7WQkrtdWVOu2l+aikv3yeRRmgwrXh5u8wk/mbuBaNYOlxZv0d9ux/x64R7H/Vay991y/yeHs84Z6dLm1vXg017+z1/37PJbZTOkfDfoohPuAV8sJLdFy9bVJ2MhBR+rv3ekgK+bj9XmbJBZON23PTh2tmz3JzuGvmhiOXxWXcO9oBuI9FvGzcpzXbwN1Hkt2WbFeUxkA32+09esROdhcyDQb7Ccl+f91foNjFTccFR5W2w2vxWrF6eDoHHjP89dGqDL9zoN6aeZIZFBqyshNhNZNk1tO2AjlSc7IWV+Wx5WTbV3uJikVbwemQwlvrv6VB5+YFGtbFUB5VZOB+1IrMfZupnUpvzYlIdnLr29ucCi5eTCoPZkJ5RMRXlcVplQrTLnPHcZiuZSyy6T4qC3m6rctd2MTI6jrwIh2pIDCVFxM8fl1/VNGweQ+K06tab3cq6qG7djxmnf7dY9dZV//7ItG9tlFDLBvZhyG+G1ynzGedhjMzfv/l4/1cf2g/Phq96JzvpGWvc8h7VxyWW80rvgPGpdkUy/vb819XFv/snJf878pflctxq1DQCrveXcKSPWf8Zxp+gEOl28RCLd712aCd1y9OQ2YE+2j8/F4ZlB5NlQIKFHW9qNRB6duLahwPb5sa22tkMhlHkxFUjsv/YMMqWRMAJ/q5r2eW0/sQCZQ1NhxK6YvqFV2E+o3BbVxl/lyUxAkY/94TnDJz+xF0j2F4YPShkJI/Bjsa02Xx/l/+ctdGwsjOCncre25jBA69lOIJnVp3LH1K0jW4HkdutYhoXT2U4YmVVhe7EDaFRGAgnkWH1WAVeeCuH6azzbCSNzW63Xm5Lp+xkbCyOYR2lYidXqhUnmxVIgqQ6gGOl0hcVGIvfP9a583B23v3HMR8RaeMmMiymd2UBOVN35FUN4XAwFEtqUH8umKdeP3YM9nk8P2gwlv/5YccwVF0NhhB6Y9lmHsPusw/E3Bo3SSBiBx323HV4/ciyyRrbCyP1c/naoOE4CLobCCP1XvSsr+zfAQOnAEpvU0dHz4XAsm5/KtlgXbWGrd9SY/fB5eIHwsdyt97X9iwsg8U5r2L6Hx72nO8IqVi+r52K3KzePCso89gD58XDc7+vGPn8FcsvwZ27oZGDnwju1ei5XL+derD42DjM6cEZjNpQT8vtn/WsAk6HE1+vy8fwi7VE9SWN25vpPBHJuXX6qVuVjsIHumv1AbpW79Tm4Gb3RmA3kxMem3rU3GLVNf+eWboZ2L7xbT02xax8lzGd1R2c3kBvV+lFeRnk8VE+7avf0WGyeHtVrb1a3TH8nlJu7tqkP+3LFPQBqDYdyRP4rDuEnQ4GEdjk7Ho/WF46Q1IGpQGL3x8NzuSbTWP/ckTNaTH8nkJunX6p/+71ctaE/ebtfC+zy/nRRK4iL2Hpgl45NFdgt/S8EdK1qyse578QahmkcNPmdYG6qV7GP3ate7o9Oazq0M/xroRnTwZz5VK/Yd0nYaiAX1GM81r8DMBlK/FFNFvyxpLccyBW13GWMoonBmwiX0oKcipj+TiA3TwkvOf9EyCaf/OGp+o+fXyz1/vj5hf38fGObJu8k4k41te6bzm3dOV7zyVWMasopxvb7OEtxCvg5IbZ3BS9KnC4Izkn5w1nKH8xSbI/Yz0qcDtHnhHyxHXYuUr44jS4zYlxHlLsXbiHl18fa+urgRc65OauoyvmjVk1ZxVjne7+IcUvzPiPG9mXcWYrTE7gZIXVre2PjLEU15RTjPPByj7vOwy73qPuH7WHgRYnT2d+MlOPBeQpQTTnFfHGV8oVbSLZyliKb8opxnhpVU2Yxdw9xJjwUHVRzXlVHd0FHZjHOExLDdER2Rg4rB/aHrS/lV2cZd31jl17RXcP68fPh+7JYl43zU3tg4c+wocSi3DeY027Sbjgr+xFKo7a3FVLu7w4nBhq1ylRIsS6LbY1Y58W3sdj2q/1aTyNWmeIWGy/OWn+qd/XbzkaXEOU/ikP53SijVf/Lc9qxBeZ8BecfUdlb3MoJYSPsqRx1mWm8Rd4p010L90Tpmp6cdeahXDWl7dh23ZHDyWxgJ/p8LQ8KOL/ZPNVN1T5vGf3pM7j0SLsY/EJg17qrEG+L1XP57dGp5OScU53tVWd7fXSvPGnnzrY/5A7l0sn+DdxCY+z3bbt3H1/PrTlGLCTvXbVeKX+c9F2as+SrSi8Ki0GlGA5pd8Sg+59/0GUz2s93CX5pNmz6z0aPjVNKhHkfsuiSr2jV5Z1rjqvWMXCp+rG9kJ2/Lrur1j9+ZgnoO2Xt989+U9Z11eU5nRRXvJS7dX/DN0iwjNV/6S7fPpWjbNxvh8lcvTzprY++ANccrxZePZXt6CDBx4ensnWtYGanePLIylP19mIvpHJ1C2sUPx9IxQ0fR5T5UQB5VOCw8Kt7VovKdfo409v0qdZp50GX4fVv3Z10Lvmdwafe4A209yMrp/rD2WRY/Z/ql3KcedJPfGfPOfOkhfJBcPrLvlGk68om+khnqJk47wFe1b9333L0bRnW86zryYEqvsVk3026ixksfeie591KJ8r07ifZM9H7jHp4ykcHacudf9+cPzfpuYiC89HjUNqwjoLfavDUX1fetZfrB5fqHhrxZ6Pu5T5MHXDLuIx1c4y+V+R65NXHmn0z65sK7yZXFsG9IVahaHKTXew+v12ah+IVv3j0aNeWfQxzSl88leSTvnjcOTqh1umLkUi39MVGAl3TxAKZXmlijcS65F8FQp3zr5qLdE0ZplPrlSvMSLZ7elOg2TO9qZFgp/SmQKt7elMzma7pTZFUr/SmZnJd0psiqc7pTY1kVtYvAIDGyu0xgJFAp+yhQKN79lAjme7ZQ4FWz+yhRoJ5lIaV6JY9FMn0yB5qJNUjMSeQ65uY01oy4yzLlpjTzAmnxJxItntiTjOhvok5kWaWxJyG8l0Sc0LNzok5jYTaZ7wEIh0zXhoJdM54CXT6Zbw0kuuW8RJo9ch4aSTUMeMlUOqT8VIrFZ1W/KoAQFV7HFkQGyxXbcblqd7t+sOXt01ZtNXucgX7aqmqSVPmY5X3RfOhzwFh+WcftOQ+Uulrij5Wtmd9VNPdyJJ1KA4753qqGF+tY1NMYmkovm/q7b41jz/177mDbnodwanCs9YOP6dofpUJlVgFdlXVPp3M2v+9tZ04wyz6K3p18719OoZrzgzNPztmZrB2ajWs7cnrUGd6NTB9Y2ec7rrbuOR+493asbWqccrrzMVoeAc29VO14/9mpNmbfSvb4ssb7o9kW3wpbvR1uJQXuaLeudSItfj9eN5lUX+2GV5+41zf9ooPnqVtHRwZX3tkcsL5sqODA4f62HB/CAOrN3FBLlN/Gl5h5nJDWt46Xl92duXnr/tArrTKcnhXDi4XWa444X6PxV6+Q+Hqa+pdq1dbiz9Wf5dshbn7j9XmbDaIE8NN3YfxXWy3B6XYCPd2rtaex3irvOu+WWl7dbFt3feavtR2/PkKuXOvUwvcXe44bemUeU1YqMM4B0WtaPfhcF4yiIY+wL3iYWyDOyLwyw1fgXfejzdwB+qcqDZt2ZTrcZkmPmd68/0Ny9XJfFinqpMz9erl4aX8zOfP2Y969XJQlm/nys/1pmwK+z2koT/twHxYp363z78z44PrwzkryQwzrk4/14Rr7kzDNeEid4bvt+qz8bAO6Z7meDvD8D7nmiMUcHwYbC4vf5arnGPULAAC/DDYKDrIks0CyHooV8emar+eU3hYaJu2ZcZETu9CVKMwD1UeW4fPYyDojpix/hj6HuHGpkOJfsR0XuCpRJGHvIEJZnH9wOutkNphlin3EB7yTu2ZZalU8639MdhQ28iIv8DhWPJLvyNwvOxAm/85HpFAVT7vSCa9xPxSAwv2eqxhKtnlvQaW6/xkw0qq633SGc1ed0lNxbu/3cDKPZ9vmMp2esGBFbs/4jAW6/qOQyPY6ymHsWiX1xwawc4POkzFOj2ZwGLdX02YinV/OIEVe76dMJXNpje4ULdHFBqxHu8oTAV7PKXAon1fU7gI550A2d5UGLvi9KxCI979ZYWxXN/HFRrlLO8rzJ1weWKhU+78ysJUrv1DCyzV8a2FqUzn5xZYrd+LC1PRbo8usGKPdxemch2fXmC9Pq8vZgRfTg2PbbW5rOS29fq40emU/9R+tzz4WTG4Rlqumq+DW3QfjztZFXr2t/tGDjt25eacku52xMPo4omNpHPrINpoxh8bZe7pfmZ0lTuHv17fKIgSx78ebR1Em9Nfb9yWV9dTuSuboi3/MbqFayRr1DSMqvf/9fY7N1FdyzCaHEJr1JRXVXVQdy3+1u2d7VSNmvKq2hfNoXxbbDa/FasX8gbISBswwKCQTHV/kbPxrthYzHmPpzZck9/HakfwrEkHXWSc27v2z6UXNGHfvj/+tqlWD9XTf5Vf/7Opt6rO6ijLr53mWZucflz+4LTdrl6X6q9y7W9//pdAGPolBQTMraoFmpXTF/GYiry55N8zWXlSLYPmjrpMqCubvGF2QFepQ6MGsr/raKpxzQUbB8qh5WCu9C8bbNIcXnXibNPyOqSTfPNbpwa6La+cOgg2v296VW6Q3h0NHubMcmJcNQ0yaKzq465tjN4azsm6u9hx7MC+e3ScrG62RWtY531W6NBSEKmSYFRm9XBnlQ4MBRG6rw9tsXlcGb4rmtU6thVEblM+uU4MQ6VnM0FEHtqmLNtHiwsKs2In5rhEj0am/X7TvUOv6t2D6bOgyS8QG1xj1UjnoGiOxUXSidSpmUAj67r8VaETI6xkqlM+S/90MewYEqAzuZ4eGHvi9vrAxxXXBwjmLnm9QfBwzeUZgrFXzi8RmByyeozg5JX9ewR/134yzjBg65JlngF/V/5hmm3A1hO7nAMejpg+EzF2wOqliIdwp8cixl64vxfxcMnhhYWxQ66PLOzcoS8H3gzT/Vx7NTDzU7VtjWvzpZVDcikk1Cu3lPFJl0WCKVORDvmlDEyzppcyd8U5u5SHS9bJpYzdccstxeWKeWopN4csM0t5uGWRWMrYFdu8Uh7yrdJKGTtgn1XKwwXzpFLG+hnWetwppYy1+6/u2BNKGWu3zCflId4ynZSxBy7ZpLzcME4mZeGCXS4pf/n8fwRp9mZ/Aw/Ew5YOy88Bq2xYNk7YJ8NicMQ0F5a1I1YPAz0c8YBwTImwfMQ7H3jzpMHykG6VBctYvn0SLDsX6K7TnTi4XSi84eH9RR3fkb3qriCLy4FchiXlrFCvheRAp//ycVam72Q5UMoyRc6K9RuGB1IZBt95oTxfPMNAS2UOx6bTJUkP0EhMBBmnaCUHT3l39c6uQvAVo4F2NFA6x27GUP7RA4ZC7d4MVC8cBbX7Ca/P3eHbXGMEClluMpK+m1k3cKn2ukxjJrf0HTyGenlGDgPBqLw4h3aXIuOObqi0QT/w6VcGLdIQuQm3KIRtItsXwpmJti2HbaLcqSK2m3zjHEYmuu0SGjkKVsTYeWsHdSubfos+Q/msusMIpnz57aYqd/KRHaFVZoSZNmdjzFTmDFczVDq1EAKIv63rl8rnluHIQKju/FaxNyrTrCfHjUN04ne7dX81RcZv2ZaNU18iO0GWnh6zm1aj9xwHe3HmSvff66f62H7w22Hp3el+YiN/gmPDZeOc87isd8ZvdL4ifvgp/K1sVcI9jyGF2gjyCXysm1XZZ5FlE3knrTZnq27dPelD/XLP98Yy9qI37L1ZN3fE/fxR54HnMaSpdPfTSCzc81ByRjadU8cvvs2mUoen3mYzqPc99ZGBUHfxeITdKUtuf+BxR/mnDTWR6/kox0zylq13t6F7t318LtwmDST3bC2k5KPTtT4k9+h+gc9Qavv82FZmicaMBF/shZT9rz2XYGkpoFSrLL0Ggu3z9DrJXnF+dasbfHTGqYUN9NolF3aXa5Vd0VS3fWJFNwe+cH2CylJAqZbZkA0ku+RDdpJunhHZQLVlTmQ3wVZZkU1E2+dFdhNunBnZRLRdbmQnwZVZKkgDtZVFFkg3qWyr4yr0ytg857SBWsus006CLfNOG6h2yTztJJ1R8w3EWuSfNhFsm4HaTbTrjTik2OtWnJFc25TZBqqdkmZ7i+de2PklznZzxzx1tokDlsmz3SQ7pc82Ue+eQNvREeMU2kbq7ZJoO0k+cO4XDzfYLxrm/TZRa5H520mqXe5vA8UO2b+dhFvk/zZQbZsB3EmyTQ5wA83WWcBNRY+O83+qd/Xbzoa6HvDB/UWcxhTfTYN0McxV+mazUb/jtj+YEXv3VLbFZrM6W3fsfk3X6l1S/y6EO6uT5WCuzMaUecm267/sUr/NMKoOvH+CUYmHAH+DaYL/4R9ht1a5Fpx8OTUOwud8IPJYmT89vnQTOzYmUj15MRI6+nvLtMo/lW2xLtrCSe/IQhgyO3yI91ju1vvaMXcCEHunte7Y4+Me1TGaYvWyei52u3LzqC4hPfYXQx8Px/2+bhwzhCIHDX/r1u7ews0bubd6Llcv506tPjauG0HglsZ2UHfk0o//LwTsBnWjXpeP5+Q0jyo7TQi3rv9OSDfX5adqVT6GHSSv/UhIB8vd+hz/3H5pbId052NT79pbjf2mP3Zzh2/i6I0cfGqKXSvrVwcYXXTGQzp0qrb+eKiedtXu6bHYPD2qlHL8Dpr+WFCHd21TH/blKsjgqbUe1CX5r9hcOFkLKblLNPp4dLvnj0QP7IWUvT8enss1mRv7bEjssWT6YyEdPv1c/dvv5aq9ySBh95O3cH5/eikRzln8E7dw7thUt3BQ/zOhnaya8nHuU3I7utG4avJjYR1WZ36PXUqwIB+n1v5N3Aq08pqxH9atT/UqzC4Omw7pjDq+5P/bALtB3TiqeSdQpOnNh3RKrbq5Y2xi9XYuSJHhznlMfyykw6cne+x/NmSY2ZEhd/jx84uL8h8/v4QhDBunYgMnOXeqvVt/dV2hO8FsPnnJUu3ZZTl9UWdR7p/InCSnpwEXTe7vAeZE/eEn6o8QopzAxFmTO3qYk/TFaRi7iPriPlrNyPIaoe5egkgqvz7Wbm8GLsLONvjlVX5Dg2rPL8uthuFFlkfpwhlZTuk5zqLc83DMSKpbpwuVZ1GqPbssv8E9yNjuN7QHGdn/cDo4vWhyPyedEXV0u8B1VqXas8v64iXqSxBJ2cpPlGwfQJbf5Kzah5B19xBnwlfbQdkIoO/oKe0YQpbfRMg1DZKdoOt6JkwekJfyq5+gu96Cc0/pbl3/+PnwfVmsy8YvCxkw8+faVGN5npvsaddpN92V44in0d0bDC78d9czFY1uZS+4bOdNg0a23ybCWHb71XFVqpGt7AWRHV/uqp9vg3cpMv+jOJTjrOv9z1/1ApsJkTjqcn1dZvb0yDqHLQUZ+Va6JKY8cu+U/a6ZZ8k9Te/OuvVQrprSaYS87tLhZPsW7vRJMh/UXYI3m6e6qdrnLbdnfdrM/spCMfiZWzjZ3YF5W6yey2+PTeGaaHzOve4HVt0PrC8/cAvHtj1gCOrc6Udu5CAe+Hwz+GJLQQa+db0tKs+/wkTk3dmqb7ePelLjwnPb7t/tNk4bpTknOru1snsLN1zfos+54PUM3U7+vnA7iZyT39u8ifyyOVSHtnTjs7NODC3fwpVDsS0fHJ9UzznS2fV6XG3pRrlyzC0x68TJaigX0NL9bd2UagZxX7dfbAR5Etu9xXqrLuOrLN5sSofPvDYn0969f+5QjT+rvnwBnxsDiyHUZ9ElEfCqqzbRHFetz0Zvon9kNPgfYF0e2qb+2mcp53Ojt3s42w3uyVM52cR6e/FUtvXZ5i08YP87PJXtbf8GKos2qwPtyWRw/dWhO1sod233tntwwc3bi+pQEMM38EXltx+nK2fwRN1oe+rNhvBjjM6r9Yp5Vr7rbK5ONoP/JboTih8Yv2l14nEr5e84FxmdwRstLVRmJPYBVZm94Zg6KSXp74JveYorXy9aW3/ftnvPI/GzCbYTFiT03XtPmb0BLpHsC86hPt7V5qnrdLcR+frVs5KklWJUS5JBPEcpyRk/4Iknx1lnyFPOYrOpP//vY9l8lbzt3aeyaaq1W7ofKPhO/sIf3S/I53H14Bd8/wTzxyTFfv9L45TUXuPIfn9s3BPbm8pWi6Qf/EAb4FEeKNlOOgNUC4jTrrpQr14eXsrPnPrr1ctBmQwsXh69sfe/ygJ4m/5fl78dn57cHvtj+QOLoaV/LI4bicrda3nrfJCmuxb7k+mwznws12XT7ZsfyH7E25ezZbaNyTVXqk1bNuXau26Xxp/efM/GVyfzYZ2aAH8+hyaQP7gzvGA/NNK/Ocy/Bca/4lS9+w8tBvF2qd4FACFXHeqPKd42ZdFWO8bvp3tnL02vLqbDO9O+2e83lXoR71zkW+9QW1zM+xVoNXWKrWwudoq3ZK6pUwxlULE7XGVQzR1RaWcZJ9KhyeDiZTaMn6ttyTqSnQy3Z8OBHamPLeuf4GQvrOwDOSH21s12NnxNOO/AepuBtC13xa791v8620i7ssp1ne2KC8dD+b5g3BMeD+W+CL8j7EbjN0++N6eo8qZ4YqFoBuJ556iQk9Pc4Wt3qZ/Di87O/3OHsGfR4Q9iZT8HP4wdOMR7IDsnn/NQ9uIA+8HsdRf4DgepG8wHhPOuMB7SDv3gPqiddYL5sHbgR4gD2zlXOA9tL26wH9zOuxDg8HboS6gD3DmnQhziXnwKdpA761Kow9yBX0EPdOecC3Koe3Es3MHunFNBDncvToU74J1zKtgh78WxsAe9c84FOuy9uBbywHfesQCHvkO3Qh38XnMqyOHv2LFwB8BzzgU7BL44F/YgeM65AIfBF7dCHQjPO8R4KDx0hftg+IoT3IfDI1eCHBDPOsR2SDzwg/egeE4+42HxRT/3gfGsA/wD8u0GYO7D44sPQQ6Q51zhO0S+OMF8kHxFPt9h8sgD5gPla07wz3WhJzl4uOxRJ5jaCPJu1btAMFTJVBl40ot6J9zr0Wod8KxDayFeHuqzav+jtxhc+ofiM3eId/qb4nNzNsvvBP5S3asvT4wE+VbX9Y5R3V1vzrt3p+WVR68dO527YvNQNp/KZvyEx9+Hk/WDtM70+OSaSyoF1T/qbuSsP7uVW9D4o0zv6rY4mw7szK5+W++883aMvdjVq7PN4PLb/6yPO86/wa5uP/YmA4s/HSUwih+YDCz+UO7WPx48t1y0+Ptu/fuBY8N1XTzPioG3dL2N/H/U8lSZV/+uXvVGAzgAJ13/UwdlIsiNC31SF0+hIXK69F2p48g0n4uvB3zpXOaFkzf6vrK5nuhfF+1LUqnqGwQJy757qJtvyz0RDocTmlTARX9vI8wVrtWqPBxIJhZfkXfKKlcyllMf6lzo6zmW6wdZkY7RjbPlw8lyWFd6kM7nQY/Ogwtvyo9NeXhmVt9bvY0L3cjAJ723xi55bpDheLM/NhUmM7P/MheovONa6ZLO1N274rg7gdzguzFh5si2+FJtj1uWuyDIn97+rd06bKq170UJ5M7F7m3caGvPjJnQid5qKBcMBinvu+1Tc/9vDFb0uiv3n2H2sij/Rz64KhroC5+9zhZs8BrcZws7gM0SePZBbIDiwwxk8xcKeAez4b2CAAOaCUztWzxweSYNhUE15ab0vM4x0Xh3NsrT8aob9WiPWf0TxzMDE+kHdumHkNJhoHc3d1g2GANDf9oZm2rkm6uH3WjS5e+Lpq2KDVvPj+39qf8AQCrv34H07ZVsj/JswzPh48UG2xiPIofhOE+ZCH3kyCVxeODoHxx9912X/92XfcWw8tQ4Ug6tB3WJ49hx6ATbqeMV2Qf5B/C87jASfijPFoNKZzsvHarnPS695oC8wsRy5j72obfLdeJ+zQ11RZ9R/9lgUOEH3m4P1ttwfvrF96i9MxBmblqvm/Lg169ncXcXa57dKjtMJ3nL1Jd3ylJAqb9VTfu89n1VcBE8tBdQdrktKr8UEBfJJ1uh5T5+KpvqY+U5NxLdQ6MBHfhYbKvN10f5//GoH1sMKP2p3K25xra7s7GQgqtP5Y6zq0cGQwrviopwDdRnYwEFV2unYsVArbIUUOqmXhUbroA4GwsoeFut15uSM4zHFgNKZ9R8A7HV6oVT8MVcQNH753pXPu6O29/YRmZi8kbiued0ne2Q7lTdM3Wu+LlYCym5e5HeNOX6sbvTwxj90HBQR+qPFduwfrEWUPLh+BuTXGUpoFRV7Gn9WPihnovikcGAwj+Xvx18a8teVF+sBZT8r3pXVr63gi+aB+aYRSOO8GuxqdbyWNcTJhBDfNR4mUfZpZLUu5msOu3XvYFiYCGc2K7OmC5bjqlcYCOc4HEUmEoM/Cf37cGb9d5cDiFzsRMbIfDc+6LxedE7aB7k6FORj8OjW74Mqu5uZM5tWB122DyGeDy6ZVeaqB7b45RNQ/d9U2/3tiOpahQkOI+H53L9pn/wID8E93ySWmOBeHLza7E5utGQeal3xar5dLLtGA3ajp15ztJX/62b7yu3Z9DX3Br+xnPl8Sza2r1VvS7fPhebTbl7chsH513r7K8G9v8dbv0k38yHdm57+pUbubiuDvtN4ZQV5IpbF8s3cmVTP1W7QN+WtH3bb2pbfHkT5GPaFl+KW35Fu3rnxuKv+HGyeyM39uO5nc+Ps+EbOdL4Ja+84g1H3koHl5xzA111xy89kIMr7pdXrvrieY3FxRm5ZP6pXgdySJrfKvM3durnr/uQTrXK/I2ccr96dMUdz0tI9o64Jri85odXlktrN47V3yViDfEnOVabs+1w7gw3oh/GyYU9Lr5jS0G2oCwJumf0Mqbo1vSv9o/R3Sj9W1PsWr+/BDUT5M/gMyHqNPpPhagT2YdWrXzPQXVePIgV/1wE0FCQePFOY66XeseTxRx3qs4drhojc26xFhmxcq86ueVRRGnGs7NHvsWUnJ36ud6UTeG4Azb0rB38xg3c66qcMHvTm7yBeK5ZXecJ66Ru7lbDOqkjx/pfeOp+oT7/wg1c+6SQePmD+4OmGbdO1n2fN11ziaKiD4Ot8eVPZUaMRm1DYdgPg22uq0DZNpTAh2JbPlRtSTiRmcJx42ASy9WxqdqvbzZPdVO1z1trmRMDIThhH7R/rz7KWiAuXxgxEeYNMpewu5XzZ067Ssfd2aS6z+mGUo9sUo8BpI7CVObo9JjdRgbCYGuvko1TfRLqehZpHHebdlnknDMdqK53fjnSjSQ35VN1aN2ufwPNA3NBRbfHZudYfRiq7uwdPSoP62TTL+/d0WdhObYQaOPvX2AUyOQrLUp6kf/dPlLvu641E+05fFDRHOPHddFs9fyQC7yV/MwccmYfyAE/4KEVPBxW3FOaBM9k8ti6foTTxB+Pfl/gfM4AvxueQ7EMlzuvZSTh6dWBnRAy+4MOHq3UWAjBkgb4Cj0ZCSFQOv/YOvLyocqRJSapwxGJgVDeBk06T7caEuk33+rBI/qy2GRf7HHLpjHR8R6fe/7Uxp8tzwnU553qZNJzIVKIYOn+WURMxTsnEsHC/XKJWIn2eno8o97/2bGpG55JRbAPHHlFTB1wTy2CtXtmFzGW7ZVgRCPdP8eIsXznNCMa6X6ZRkxlu2fwwLI9k3iYyvbM44G1c6TyMHWAV/ltJHvk9NDI9k3rYSrdN7MHls+S3MPFhQCTLG+KD2On3LN8aNzwTPRhLJwl14fGB750H+buOGf80Pngl/TDVLhj3g8s2if1h6lgv+wfWDdDAhBT+R45QLB23zQgpsJ9MoFg5d7JQGakX257HNtqc1lVbuv1cTOrWP57x5OAgQAxeM1Zrpqvg0dqH4+7lTzauKqib+l6LqFcn9PUPRYYZ3KwFnc2EU4lrexordGzrOOMwnLn+rftW4bT5PO3pSbCqXT/244NBFD4VO4kYv7H6KmsucBR+4D63v/X2+885HXNA6pzDcFR+wD6qoM6aP5bd0zgoG/UPoC+fdEcyrd9oWVye8lcJbDCpZVMsX+R64FdsbGdax9PDVkn3Y/VjlzZMO60i6CzEa8+u/SM5kNp3x9/21Srh+rpv8qv/9nU2x8Oh2PZ/Di80e+gftYwu0eXcJg0Lr+0vxssweQ/A7rQb6w2VTnIKXHFpvrXli4r1Zg+vblkdZnkwppbF4/kACMuEntzWqhgzCSNxN1ZMslrRrXXEg6Df2x4TmPmQHUoiOXgrvy9LoyrC5o6sTnbDCy/Uc9YGcVfLAaWblxo2ky3XaVpC9FidJDUlqv2rWz2vngyWjqNfmpigWdQGaUwoz9hczNjJFZnKcBAWNjdAjeX6XQd3Mg8AyqzcMMWmDG4IB/OhvFj1Zu+hTPbol09v9mYXTiw8ETaLTaOH4K1G/Xujbwa+W25M0UjFs7UO3Xxcn2yfhuXzO9kWfniswyyd0JuMsP+ceRX82/4C9m9vbBwyeERhq0jYrTU6OZ469m6b8c0Rw+SJG739a7ctcb7rksLz33SoFPUKxaLPrloUE3duuXi+9yTtfdNbTeHUnHSAJ9Cj0yrVwW6ZFedM8qbUdVAvnsWVRc3Vs/VZt0Y3jO/rn5gLqBom6Sh1zVbJwp1kWyXHPS6aIeEoC6yLZKAXtdsm/jTRbBFlszrgm0zY7oItkovdV2yfWIpN9EOK5lZ1a4LGCvZFpmwrmu2zYHlItguC991zQ6Z9wxlk6XQ8Pmr7VronXUlD4vF0Ltj67kaOlkItBzyn5BHArlm5HO/XXv8zKV7aDCk8MsjXK/hbCz+8vjWf0wDDpCP7RcjqAuN/2LLcy0+tV/2nl9ab+DPu+8YCmTbd5y6LdTadySaZ+17RbLvInKkmGUReUWw/5psJJlpTXZVtPeajKjmWZNdke27JhtpZlmTXRHMsCYbaeZak01lozOyv1heJzg3fGS5WTCYufpDx8GKwWLyehyfXJZrz0niLyYQsFy/PTVwn9kmysc22f3gW1yaKGdYbv5l/mf0TzHVza9wrg1+4bau2TNQO8ccaSiPW9Zc1MU3N0Lq6+CJlf4t8N/vxE7/TX9HT2Zn5ysHvXNweDBvnXI1/Vy7M5+Tq9RW0FmM/pj/HAYthp3B/HZt14VzbOP+MvcrYXmSiYN8gMnJUZ8NrIF73jtaJ6f88I6BWwy8x8kxj727gVe+m3knlzwQkYFLvszIySWvAwsDp/xPMBzd8jnSMPLL+4zDyTGPQw8Dr3xPQZxc8jsWMfCK4ZzE1LHLwYnKd2V4WKKe6jI+vZCLXPNsrEMVg7ZOCzKDFJU8wvoclZb5CTUWDQR/12WZlFfTWaWXQ7NhnOhLQZbrB9vRQyP/bNBtwLAQbj07aRW7zUPGUq0HZo1Q/h4dDQwWifZGllU7/gFhVR93bWOzpp8KursYcem0vkt0p4N1sy1aOzwNJA7N8IuU81vVenbjwAq/xA5sF5vHlWk9Va3KsSF+oV02fZchfqjxbINf3qFtyrJ9tMmYqZU5scUidzTe7PcbxwegvXligGUEosVu3uz378gbCE2RGyKtbxVK1If62JbNm331fbFbb8rmP3eW+qYGgkt9N3of0/+uq2xo7AYuTI6lvf3QWeRxZvzFqZ99W+/a8ovNaQXR3Rvgn/P3tg8MZ4Tdub0pxBZN4qN75OITDYP2YQJ5eEh7tWjXSOKoJYs4MT6l/kmmvvxcNBYPdpW2cWv+jwbUg7YOT03Raub9sz3EmJfnji20dkOAimtO+KIJa2e69efbjp2WO6tT7iuOdGZXA7M3dOKnsn2uHbY5Rq5sT8bDOmSPiK444QiFrIW7YKAr0p3Bj7V4a9RzRbkb3LGWvatNixsbqT6ZCyvamkFdUe1GnaxlN5Z1qoy0O9WncnZAHnlyij8ZvIlw5o6XNm/T765HwHrxXkfBVtLPxY5Z5UurW/cDMHsXfjatgGTlgl01JEcXXA/mdeK9DugtZLsdl2lV29XEcxTtgnKvCHeGtybi6eb57cx62GAHDZoH2eO/PR7aenu+eygPFn7qrnLanUnMmAki+1u1lqZ5sAyUjluyb/+/+9I2xRuX1FdKHmn/Z9r2I2m+W37aXcG2+1g8z1bf0AnXDSWU7rWZNBTsvpGEkj03kYaiHTeQULHP5tFQruMeDMr12X8ZynVeQkPBfstnQ8mOizYo2GfBZijXfd0DFXuuefSixxmVLdLKD81fWnIzgqeyJYWVzSU51VW+vjT428myffZOJY0a4F8cfKybVfnBokDpVXl30qR1jdI5u1cS557qmTLp760e+9onoV1wHF512n3GV1PRjgMsluwzws4IpvuHcRUCg22DS9kBgyGhs+o8HAwa8w8F1u89NaIcH3ZOrfG+4JxX6/RU01yyQ/5anV7XlLWzYoch+oOqyCD71z4cRq2DbGYZJN0pMw79N+4cnUjH+3VIqM/1OjOxW54e3Qbt0fbxuXBYoSChZ1PBxB7tQTgSenRE3oYi2+fHtjKsCnlV6sVYMMH/2rNIlWZCibQr6X5FqkMxd2vBK7bvahX6szKvOH9FqWWteTehdgVwTRQ71Ly1l/6F5SNTZkKJHFeq9xbrVPjeWrRFyfsrem2L3dtLtStzf02uQ4F7e8luexck12PzYiS1Mqyre0VnZVNK114kz+q1CrpyVeecHDrPlkJJ3crrx2zf1NhcKNFcakPLrFYvbFIvtoLJdbo4iLS6Xxk0Erp/rnfl4+64/Y1n3iL2biGbdRGmMxzMkaq7nMgSKhdTwcR2p+ZNU64fu3Nzrs8RWg3nQv2x4plPLqZCiT2w7dsOofdth+NvLDqlmVAij/tuo71+5FmcjayFkvy5/O1Q8Zw0XEyFEvuveldWLowOqB3YYpQ7OgLfrdUVIXu5p5b8R9/OqHCsyZMRXrqGFw4SkT5UEEkc1SXHhW8NrwuQ5tzXGKyrpo+1uZdMv84ufxhad2WYyEgolumGCLUK/VEh7EFuZKjX74cOr4gfRsqPn20SIivzP35+CYALNzY1ocdC7lRjh57q3Nedtzef3AWpxryC7LdGZzmOm585Mfanzxc1jkfOc3L+8JDzB7sc+5n/rMZxsp8T45Ad4iLni+PCeEaQ+4hzZ51b/bqY8uujXZpjKulsgFlY5fHBq8bMghwST10EueabmhFkn73pLMcxadOMmLq13+Of5ajGvII8Bmj+8dljeOYfnf+wfyJ7UeP4FHZGzvHgMV2oxryCvrjL+cIvJlt5yJGNuQV5TKeqMbugu4c4E16qDsoAt7Kjj6gjuyCPCYxl+hqcHnSN3naN7EqlK6ujxjx7sXhxlvbT0Pp/FIdynDOv/515hdhGkPemo59yyNmF2rOfyIx+xPVEBhnh34nXJEeit7q7elf2Fh2+INhzVzr5bV2/VKV3N4/M8Hf0ut4Wlf0idkbe3dmkT0ePe08j/rlt9+92G/sRdU5+Z7RWRoM74EQ+58S7Q0874fvCYasxJ7w3GF542RyqQ1s6PFqelT80G9yJQ7EtH1xg3pwLnVF3rGfpQLlyuaswK/9kMoh4tDL5vm33PquSc/twE/0lj6X3PDQx9efCMFd0+sOYmT7lRjLXfPEDM/aO1DvHsnlm7tQ7n0J57k55rjC13nCsMy3c8KlraOqSdzlDV/f2o4xB7MPX3dl+c7IfzC00hfyj/NK+Hdc6tptDLgaYtrXpRWWB0yh7CZRvv7ZDoz79Pei+iw9ZNCwpvTu0zXHVOk/SVP/YIrv4WMRROkya25Sc8XHXGTwX1+ZXPwwfkPXDT/tT2R7OBoNrJ9lBvKW3J3thleuuK/nprw4FsRraC3StydcHlaPjqbcZ1gN8tOrnwblRcfTeLJuMPnW1XrGOPp3BG40+/cTOJPxi7Saq3+wrXuHF3hEZ2mt/XzxxrRV6i3vnHGsW6htdwWw/F05m2/pQPe28T0Vt/Xh35PoCxo7UxyDfAlwjv3vvc8jSt2ZZHfOuLIfKGJeVp+7SXcRi6ss7jl2uidZvy8Oqqfat+zpyKns9ssnrATyH8z59C3bmVmw29ef/fSybrzKD37tPZdNUa5+d9mh/Lc3/0ZmXxZPqgXmvbp8/NSj2e7t6zLMu7PdH+9rLdoLVougHj6ObkWRlzvX6nZ3oh3LVlB4wBQg/nEwGFV+vXh5eys9syuvVy0HZCylbAgrePpcmb9Hn6/K349OTw/NgLHxgLqjoj8Vx03qk7Napl3a7f+5TV87UjY/lumy6vTtdFvp5cTbLsyq85kS1acumXPvlnNN40tuu1vKkZnWyHdCdSrnxIHcGT28cHp9gV3oX1I7jyfldiqkbv39+ObwtVs/lt0fHmuXYjc7uqrO7PvoULTd1Y1u2xbpoixCunGzf0J169x/F6uXtc7HblZu/10812zdf734rVi8rZXlzshzUlf4g+W1TFm214/pOurow0u7qYjewG613lWK9K21xse1Rg8XUna44toqrDx4Ft7A7nW0VWd51t0zd8c0OjR1hyQ5t7oJ6qs01JQ7thZWtCj9V25JvlDoXfjpbDemCJ50eK+dA0VcvYI3JnJ9iHix3TTLjcHmD4bEtd8Wu/dbzeu1ItTLJcr32ivjjoXxfcO3TjodyXwTepXUD7Jsnr1udVHNTPPmDKgPZjLNNsGkGHmp+cCxTSQ3w31x5Kts3m426zOkxKg/1dQi/2GxWZ5s+HXzqOb18pZ1P+upkL6xseZDMp/qP3lxY0R+Kz6yh3Clvis9eRVfn5MNv0XMBotrz44Xf+PagA4l33BvQvvt0h67FZtP9Io/2gbVwkg9jiO0lmIVcX5frdShJ9YYOCf+Je6iYad6eSIZDBb2UZ62csyIXqdbRXTAmF++85N0pkyx37079phPfV38t1w9uKc00DpzN+uQ4M3WiP5Fm0t6fQ4eV3JcO49Tdm7yB+O7DZxLdm+IVOzeAeN9pGNvhH05WnmtooO+OZR1NOlAHHr0RBHKACT6YubAtvlTb49YfpiBPeuM3deiwqdZe/AE5cjF6Awfa2ufdJZTfmwwi3mAA6hI7cHnU2fqzD0RnjSEGI9mZNxqQLo4E+YbnXAk0MF08Cjk4zTnGPEBdHAoxSM06wjlQDdxgH6yIE3MD1gOLT9IK/5nputyUPnxlou7ubJGhs1XX6c/wOHU/ed+DMxF94BV9CCYaBnTHz/w3AAMrf8JZl6pjmm+HXWfSze+Lpq2KDU9vj439STsdiGTse9KfV16fyHMFnwcoFwPh0nz4HpkxFrTXHeixiBse53mGQt9l14V/92Vf+a4SNS6UQ9PhnPE+1BvK5znTuyL4IDvdJ5PFSPKhPJsLJ5rnHHKom/EY8pp0yRj9T67H6nujLOfW1xxwrHWiUe5T8cRQsmPdEyg4TA/DmeYXrwPrrnWAWcaxfvpUll/99HEn6cQ61E9HQl3rpxuJdK9LDaR61qU2EuxW7BmI9Sj2bC7Uvc6gTrFngUEj6T51lIFu7zrKRqId6ygDvT51lM2kutdRRnI96yibSXaro4zketRRNpJaORSLATor17oxRiIdSxQDnT4lio2k+pQoBnq9SxQbieZSG1qma4liJNWrRLGRXK/Kv0Cyf+Vfa9msMzJj5V8zRxwr/yLpPpV/zcT6V/5Fupkq/xq64Fb5F+r2qPxrJNalnC4Q6lxO10ikRzldoNW3nK6RZNdyukCvVzldI7HO5XSBWr9yulq56Oz912JTreX5qM8BPLHCRE7H5T+6bFaD5K84X7JBGZA5OzcRrk8m7KB+YuwGLnwoD8dN665atQ8i9N3Mi3wDnaB5IJnjr81IWrhP65328b+RMNI4mET9w35DmRMDQaR22Rkd/sCDZsFkydcLzZt9NR72HIopXbd2Cycmo5+/JzqTYdxp6u3eaoRSLVjEiNFye5TJ1bA8Wd8skJphhlY7QW/2FftFgPdn02/2zqXWkRF+WON4ZKgV53VyCPttVrhbcZJr6j3Kkti44FyQRK/frxSJjXjPIiR6FzjKj9g54l+xY84bplodV1zCw49cJ3iPPwMrf8IBiKpjGoGGXRd0CNLoZxmDDJxgGIQmHnCNQgby2YahiRO845CRK5wDEfCHfSTCTsGhaM8yFO2DDkWFe05RvUL5YtgnoyjuwkCj6VQ+y2hqLt1zNNXp5xhNTZzwH02nHjCNpibyuUbTqROso6mZK4yjKfKHezQ1caop22Ozc8mlPuOKMnp0zal+zQFwjqFKvL3Z7x/K5lPZvK23+3o3TBZmdrihMxPq+GVQ+e6n7pu0PDtCBm4g9eAukmeOBesBz4XAn3gFEGLqDzrnc0/24Wf5INN74Hmdf0IPPVMEmCKmkqcHuaNyVXYnuV3TkONpZ1+Bl+Gi4ueveyu2dNXYbVyYLI68/YAWQ00g55/1m0iImT/jhIIkck0stBe1l7ZbtcJ6qNbl+6Z2n2ygM7KOaGf+UK3LfW8+vFNesyZ2xH/2tBLvNYvOeOA/mxq64TurQh9YZldDB3j2y9ANxg2zsTNsO2aNR7xbZkO3vFdC0BmeFZHehSsT+Af5855z9sUIN5XXVu80XNHR9uzLiA/kB1zXERo7IZ7uN78Wm6PDE9U5iXfFqvl0MusQxrpunFkN9UWr6+b7yiE7/LwzQ/PPlWuyeEun1tVhvynss2zPunIxGt6BTf1U7fj/GtLszf4K2+LLmyf769+zHmyLL86lji3l78eXu1jkn22Gl+/84H/WAb+H/9YuuC4TrvjgtU6wdMIxi8GsBz7ZDCzlH6u/y3eSzB4cq83ZbBAntCufYQ51p6XPO65L5dq1z7uj82m8zhD/6udc1pJX493QrndkDHpSN8qzlGibd4mxVJuBe3Sb8qGv8vVTvbYDT6OGQY5AT7/Q7XecpMmGQaQ9FNvyoWpLssI30DZuGUZcuTo2Vfv1zeapbqr2eWsncNKafTzrn5T8vfooi8tZf0+kfYAkfCyS7lZuXzHtHl0mFB6Rjos1Q5FHHpFHbpHDcPylLx5yGjasJVMDf54MTVCZX5KmSW+xp0DCoj2zIJnKdkuEhCV75EKykuuefGFGt2fiBVMHfJIiYfXeeZFMpTumRsKqfbIjGQt2T5CkEe2ZI8lYuBv604j2gH6mgh3zEGHBPqmITAX7ZCPCqr0TEplKZ9R8A7GumYk0gr2SE5mK9spPhIX7pyhyEc89UTImKjJ2xzFXkcYBn3RFxpL9MxZp1DMlLTJ3xC1vkU69R+oiU8ku2YuwXOcERqZSPXIYYcW+aYxMhbtmMsKqvZIZmUp2zmeENfulNJoRfTnUohZ+P/yv1bAYzLZeHzdAff/vwJYcHwa8scu4fzI/aGa3+z/5ob1FwCLHKe8/MGYg0y7dv4lghyz/FtIdcrdrRbumbLeSaw5uZ3RacloLgeZEUyuPtffo6bhlmqGzca/kQtOvfDTmXK7B2NyPPkubNmcdg1b1uvxVLW6Nlv/XdN11Bj9dDFr+lUFnaSFku3r+xaLQ9FXl0qJ1sWkX6dWmLZty/YMqKyAvDrMExd3Jcl+HZHWyHMyV6uRCvXp5eCk/s3hxVl+vXg7K6E0c+LnelE2xsxx/TbxoB5ZDu/KT8d0rUxcsb165S/9Hzdz5uzpwn//++YXny+0NBRNaaxMF+qjuVvTS6upiNZgLn1Sq0vIH84pNVx042bQt3GQmf7I8GV6JvQbuwU/UjffkT5cmdVP9Sy58zN9FDYWR5szbI4tL1tdEOdytnjHJeqX6unTnm9QOLnTrt7fdi51yZz+LQPmdxdXA4m2k/1S2z7XRWbCdA9uT3WBuWFxhvyrd9ua6g1yrC+tXBdvfU3eQbH49/apej7WRodidy6IIanVfDRlKNb83f1Wr5XV5B7GN3aXPq4pdLng6yZbHUEyST7ZCy+XrZGkueB87nMPpJbuex1kJPt/X5RItDW6VweDCR28nOYS3ymAw4Q4noTrJrieiFmJbw6t617W2Npf0HKRaPTq5Ktf+rYmZZLqLenDpYJajZrbD3Isa/yNc1R2si6+BPI8l16wwp4XWQJf78mpWlutkNFDmNQXNinMbBgfSPAa/eWF+X6THQEdlDceKt8Vm81uxerE/bBm3/DNgaKDIi0STvpkZ4nxVrlwWNWbyylHtEEd9JyPBBH5bHlZNtbfl+Fqt65G9ILJljfrDD/56laEqlNDK/nAayXQ9jzYT2ZQfm/LwzKK0txVSrpwjfHWejAQRqCCI9SoQ6lS23OYfQ7ksOnkFolnSuT/5V9bFfs+g5q7Y7/36bXbN47r8B0K9tgBGYu23AUCm41bATKDjSmMoz2ehwbtXAerc9itG8lz2LECh877FVKTT2RMW6n7qZCjWIiHKrFLbDChWMu33g0Cj457QTCDJA+KosHraqQKVISQyTDS8swy9x/B2U5W7ttvsEso6f5OBNvO+y0BlzfDfK8qmLbnFfatILL0COq9r3Ijz7sd3u3V/IUguxcq2bKw+W9SedcXlsJHSanLeTsFe4k4nc12+XxYZF2esxyC9eLeh6IrYYSj/rWxlqBwcrlfTtqwh/LFuVuUHtT/2FnUnrTVna3bdOekj/cmA671qrLo36Hyt2ly4/YpTp9hx0Wkq1X6NhIU6LpNmZNI5S2YgNpyq5L/lnKGcb8ePGnLfSPQTcqcs2P3Bxh3hn0RmTp5l8hg7iVvv3tuG6r328bmwG6SRvLOVEBKPVpcZkbyj/bVFQ2nt86Npsq9ZgRc7IWT+a+8rUFoIIM0qn9KMQPs8SlYyVxxfySrgR2Kc4GlGn11iJ3t5Vnkqrum0T0xhJ/iL7yejLASQZplbakaiS04pK6nmuaRmVFrmkLITaJU7ak6kfc4oO6HGuaLmRNrliLISWJkluJhRV1lktLCT5r06rEKtDM0zas2os8ykZSXQMoPWjEqXzFlWUhk0BhRnkSFrTqBtZiw7kbZsDSl0YmtG8mwTds2odErU5SyWa+Hjl5jLTr55Qq45wZaJuOwkOiXgmlPrnnjLUrhxwq1ZtXaJtqwkHjj2O4eA+x3DDGBz6iwyf1lJs8v4NaPQIdOXlVCLDF8zKm0ze1lJtMnoNaPROpPXNZGj49rdWj1QthJ5asR6TOvCAsZK3CHApRvYTv+JNMdjfySMnvf/0IkpZF2U0Uuy+ZN/0oqVARwOx7L5qWyLddEWVp02aslLAYZPgx7L3XpfW75+BuLutFYt/8zjHtOdNxarl9VzsduVm0cFlh/7e6ePh+N+XzeGxV3mHDL8jVu5F9KtwO6snsvVy7nzqo+N7SIPuKGxGUS+nDb4/gLAXhDZ9bp8PKd9eFR5HzjduG4/hFvr8lO1Kh/DDGLXjIdwqNytz3HM5YfGZgj5H5t614Yei01/5GYOBnUssENPTbFrH+WaiM8RndEQDlTrR3kd7rG7xlrtnh6LzdOjSo7E55DpjwRxcNc29WFfrlgHN63VIC7If+Ut+WQlhMQuZd3j0e6OIxI5sBNC5v54eC7XZE7q84iwxYbpj4Rw8PQz9W+/l6s26Edt91Mhnd2fboXyO4dNh3Tm2FQhHdKbD+VU1ZSPc5+E3fmHxjWTHwnjoHrs89g972L9uLR2g7rBvJKZsRvGjU/1incXg02GEK/O8vj6HtgLIvuoxn/myNGbDeGEWp1yxczEWnjJUhT/uYTpj4Rw8PRMgO3PggwyCR+dUz+0dVPYPWc+tfF/aJYuBlfN2h/acuus4+6pbCtlwLKbTj2gEdaU2/pT6adN2Qgi7+DbbwfGfhsE1o+fX2w0/fj5hRd1bKzyhJ9+/k61s+uJzlXdUWzzyUmGascmw2poPYuwHyvnJFjdx71osL+EOyfiDzcRf3CKsBprzxrsGcechC9W89NFxBf7aWhGhtMIcffCKqH8+ljbXcy9CDm35ZNTuX2qqh2fjNYqifdFRmufsHtGhtUb6rMI+8fSMxLq1uoW1VmEascmw23wZB073YZO1pHzD6sT24sG+wPaGRHHg9sArtqxyfjiJOILq4Rs5SZCtmOU4TaZqXacMu4e4ky4ajmotox6jo5Sjpwy3CYS32mE7ERs53fex9cv5Vc3AXd9S+ue0F11/PHz4fuyWJeNW+oU0Pzfu2nDchw3cdOu0W7qKssRR6OzNxRM6O+2e3CNTmUnmEzrRa9Gptsi2Fhm+9VyFaaRqeywyowv50EyCT091Ot/TKt12Mj3i86iy7XcVZcOtDmuhperrbXcja3YddyoOwyPHu0Vup49mqgD54/2Aj0OIE000kNIe4Gup5AadcMv4qdyWzdfbT+JUat/9zcxFeP1UYx7hOmrABpdPwsjfQ7fBZDo8WEYqbT9MoBE109Dp2/0bdS7+m3XtMtt+B/FofxulAb+qlrYnPMdxfkXVApGh0Rp2ALrunWlyyrpJ+9O2e3+uWPtPk3vzbrxUK6a0mp9e92Fw8lmSPl93sUHdbXrzeapbqr22YqMzXnSZ2Lsb44VA/MhnequGL4tVs/lt8emsC17MOdOZ3jVGV5fDId0ZNtz6CDOnIyHdgiNnN+37d5x1Dw39R6NkLAfH97WTal8sdc2bP1vX/5oRfktg2BP6ZdDfVpPDtlPZXs4WwurWqVMZBLdnozxah4jl2q9Yovau87a6mQtYE/vm7qrIHRKRM0hvTe5upgMqF+XP9VDv28GVVv9XX5Zxm+0t3iT77RbVfzAolqtT8KrHaai95Trko/+ql60hxj+W5+dBLDDew6+31vWS7gqrSvgcnSonTDbdzPPzP9PtVvXn3+utmVtV7PAwJNj+/xZmm/P5sM7tTrX/7G7EXDdn5PlfeFwZ8DJFY7tqt4dtk2rtUs/BHHFgSq4u+Cx+77ihu8e3MqVevXy8FJ+5vajXr0clNkbOfFzvSmbwjKrmqEn7cB2eHfW5cfiuJFfvX0Nz+se9ea7VvuT+fBOfSzXZdPlWHqwL45z3aezddZFylWX+lW4bdokE3/YV+PXnKk2bdmUa+eM+AZO9T/RH8+tTj8R3jnO80ate+ynjhYO8pw9al1jPIG0cIrvHFLrGPNppIVz+3p/3Kul9/dl9fTMPCBK82rp/Xwyf1On/k+15l59D3z63FsP79IpSRvzWDg0exMnnKoQGvnhXpTQxZX+jOe/Sqvbitcd6e2+lPb3GZ3cUKugt8G2qv1C6OY71rbcFbv223pbVMxjtbK8PlkO78qnYlN1aUF/sK8Sd92bk3HXqnGmDkHcdHCkYH3DIAzsnQdLuLRlfeja/ZvuVGE1LJriKuqOWHP8cw+6aUb1OU/F8HDSS/nZotfRJFTPxhypbhbieL3D12WXZu/Hz/6Be6dM/f7ZY7l2XW95LnvIEh3lbt1PnvyhMdb9pUvC9lS+GYbj22EOWXcfetOjSF+5VNa28OepbEcPHpzVP5Xt78pQSK2TDLk+ercXY8E0q7w9o2j5oLL2+LugbI/CpTnbDuaRN/mlbrBxXyPtHaP9W5eDkEV4Z+2ptxZatTOr1uj2JtUmyj/VL+V45eohuzPmuVK9rvlID1OdBd8ionX7A2fRbHsCqB2vut87bgX6hn+a+2ZDPUwLv75rdIkZ/Pvt7mQjoMJvy8Oqqfat2+g1EbsemWPTDe+A0EHXZt/dt+W967Hq7niRS3quou6UNd9beqc+mrnf0S1QyvWDdUkIjeyzRccaEabSK49Tl5Fi79H0itB+SmdS21sLK7mbHf2l9lb4JKIJSnar4xx1aRvknYvHSKCahhqdfCUNxyb3P3DfPdflfvdlX3nAPY3wcmg1iAs+I9RQtPcAdUXmQXawXdJGLPRQni0Fkeo9lA7V8oyk1wTLPb/X9DrW3NvznVyvybYvXqXR61jCylCofSErKJO9N+F88IvrrNo15J0L1uumtCvFOxVzd7Hi2G2yQ3QSt559dacsBJA2LHDvI3BoJ4BM6zr0QKJbHXpzeU7lWHU63euwGgl2LPYO1PoUezeSal/sHah0LPZuJtCp2DsS6V7s3UyodbF3JNKt2LuRwMouGytQVzkkZjWSZl9RHahzrKhuJNCxojpQ6VNR3Ugqg8aA4hwqqiOBrhXVjUS6liwHQr1KlluL5ZojeUqWm8m3L1mOBDuWLDeT6FWyHKn1L1luKNy6ZDlU61ay3EiiZUVwIM+lIriRNLeK4EChR0VwI6EOFcGBSteK4EYSXSqCA43OFcG1ItE58a+KnVa162ExMeB/kXBc9vrdrj/wftuURVvtLukz5wtfT9pxHmW/L5oP/QVumz/yoBnrsYU6XTw82t0cpmruRmbsQm7YIfNHfrZFCScqx3Y4ZNKQe18f2kmSi/loGzbh/gKGtsm7RnNRqiG7tKbe7ltTOfIfs36G04tq9g8/tUaYKVPzqyzCyCftrlg1n042Lb8DbcfN8PD+DnbdfG9Z++maG0Pbzy5loKzd6W6ovj1V92Z0pbO7Gti9pRv2iQ5snHFMdGDt0ro67DeF1RulK25cLAaWvqmfqh3ztyFt3uab2BZf3rB+DNviS3GLr2BXWyYvuKL7ZC+w7P147vTXfTYYWHj3Er0pV+0vlgu5efUnq07LOnsXxtfZOeS7XWJ3kG6PoK9qd4TRLuLl4vun4eMTFgek2a3LwxNnJ2wfBRs64fQi2NoJ+wsCV+Q7XhWwF95aAuZrulsX0Gwt+1jJNO6sXX6sNmeb/PKHG60P4/czDonlsAXWLVatPSny03fXfZXS8Opi2K6/Nf2n7ezzgx+3nqbNWbvZZQLSaXKfelAnsQ11WrmOg9y8WHqo0v/r0Rw5f7IyaMF5vNKbdY/BQIkjH2ynACCnSxbpNvSTXtHtpixXOEii03LGTF7DMsaQT/nysrA+m2QSD8KyH+zd1Y8NsAYpfm3qJc0ztRnutFA5zebcYElmZuVOdXLDIWXjjCdnD1xTNjo74ZSy0dAT95SNVu78blmxcEa90xN+K7G+K0udcpaFpbkbPIM+coRx7DdzxSPF0Iwbvu+Ir7kwXeldjkNMod6oDTfP+zA42rAVJNtwC3ooV8emar+eU0+aqpo25Ey+1P+FbQuujZv9u5+AAzVeD8BJp+gTolhVC0MqXYuumSl0qLqGRHqUXTPTaVt3DYl0LbymVzhYqD/Iig8OM82o4b8fw0/leKD3cacwbnKRStc9rplInzsBSK33PQAj2Q6EGYh1pcpGEp1IMhDpTo+NZNoTY6DRkRKbCbQ8hEHyXM5gjMTZ818gz5H5Ggl0OegFEp2PeA1FtsdmZ1lKBqrs7Lgk4jOSaX8GDTQ6nj6bCayedr9YvZhCAqun3dH+0ZSRQCeABjS6QzOdTLrkeXd02V2PW7IuelyGQSLFfRwc9IZuIKwP7d/rp/rYfnC7WYL0dkY30qjPxRIzB5zHICrabxCCQofBaZ93JVi6lcfW9thmmq3k0e2QZj5xgttV+qE4j1v019Km+PXaoD2nrP7sz08bNcIpUE6brsJOjTkFSScfW8vrQ0NVIwue0oYjxKkoj8vjFtr2352YA+pxzs0x6RnOHBhYqnsaDFOx1pkwsFC3ZBhWIp3e+s6odX/nayrbMSsG1uyTGMNUsH1uDKzVMT2GsUynDBkaqe5JMozlWufJ0Eh1S5VhKtM+JQWW6ZiVwlSmY2IKrNUnN4WpYB6lYSU6JKnQyHTNU2Eq1TVVBZbrla3CRTLjJMaTs8LYCfu0FRrZjpkrjIV6Ja/QaPbPX2Eu3zqFhU6zWxYLU6GWiSywSJdcFqYC3dJZYJ0eGS1M5ToktcBaXfNamAp1SW2BlTpnt5hK/e/Xr6rduvzy6q//8+pT2cjsyH99FX+TfLN89frVx6rcrA+v/vrP02S8qrfbUjKxdb06yv/zv/t/9mvZ3Xzo/rH613+5f/X6n/ev0+ibRbZ4Hb1Ok29Emv33f7/+58mK/BfyfzgZu/wv0kL06vU/49ci+iYV0ahhNGkYjRrGr17/M3md5t/EsRg1jCcN41HDRNcwmTRMRg3TV6//mb7Okm8W8WLUMJ00TEcNs1ev/5mhhtmkYTZqKF69/qd4nSy+WSTLUUMxaShGDfNXr/+Zo4b5pGE+arh49fqfi9ep+CbLxlIXk4aLUcPlq9f/XKK/43LScDkOgC4eonsYAtPgiUj0dDERRbAxCKBxBEVdXEQ4+KZBFI2jKOpiI0pg42kgReNIirr4iFLYeBpM0Tiaoi5Gogw2ngZUNI6oqIuTSKBgjKZBFY2jKupiJcph42lgRePIirp4iRavs/tvUhJb0TS4onF0RV3MRMvXWfZNTH2eBlg0jrC4i5n4HjWOpxEWjyMslgMUjLB4GmExGaO6mIlhhMVgmBpHWNzFTJy8zrrG47bTAIvHARZ3IROnr9Psm2VCfngaYPE4wOIuZOIM/fA0vuJxfMVdxMTidbb4Zpmm48bT+IrH8RV3ERPnsPE0vuJxfMVdxMSLbmBfpsTlaXzF4/iKu4iJl6/TxTd5FI8bT+MrHsdX0kVMco8+i2QaX8k4vpIuYpLodbr8JkvzceNpfCXj+ErkJBgjn5NpfCVkHpQTYYJ8TsBUOA6wpAuZRAZYkpLG0wBLxgGWdDGTZGiaSaYRlowjLOliJhEotJNphCXjCEu6mEny11n8TZaPIyyZRlgyjrCki5lkAf/O0whLxhGWdDGTLFFsJ9MIS8YRlt7rFgLpNMDScYClXcikMDrTaYCl4wBLu5BJIzAUpNP4SsfxlSa6RUg6Da+ULLXkWivuFpTxYvxHTsFqaxxeaRcwaYK+inQaXuk4vNIuYFI4NafT8ErH4ZXm2tk1nYZXOg6vdKH9pNJpeKXj8EqX2k8qnYZXOg6vTBte2TS8snF4ZZHur5xNoysbR1cWa//K2TS8snF4ZV3EpHAZlE3jKxvHV5bqNgHZNLwyspqX4SXgD4MF/Ti8MhlecADKpuGVjcMr6wImhQNQNg2vbBxeWRcwKVyiZ9PwysbhlXUBk93DDpuGVzYOL9FFTBahlZ+YxpcYx5foQiaL0eJNTANMjANMdCGTwUW6mAaYGAeYSLTRKaYBJsYBJrqYyeBuUUwjTIwjTGTaNYGYRpgge8YuZrIMTTQCbBvHESa6mMlgbItphIlxhImFNkjENMLEOMKEjLAczDRiGmBiHGD5vfYvlU8DLB8HWC4DbIH6K58GWD4OsFwGGJzV82mA5eMAy7uQEfew8TTA8nGA5alup55P4ysfx1feRYyI0CCUT+MrH8dXLg8lYqh6Gl85OZfoIkYksDE4mhjHV95FjEhh42l85eP4yruQEfCzyKcBlo8DbCEnSIGWyotpgC3GAbboQkbAXc1iGmCLcYAtupARC/jL0wBbjANsIQMM7moW0wBbjANs0cVMDqNzMY2wxTjCFl3M5BH85WmELcYRtuhiJo9h42mELcYRtpBHX3BXs5hG2IKcfnUxk6fdQJLT8y9wADaOsEUXMzmMsMU0whbjCFt2MZPDffNyGmHLcYQt5RosRz4vpxG2HEfYsouZHEbYchphy3GELeUaf4mG/OU0wpbjCFvKIewe/vI0wpbjCFvq95DLaYQtxxG27GJmAcNzOY2w5TjCll3MLGB4LqcRthxH2FIesMLwXE4jbEnOWLuYWaSwMThmpeesXdAsMtRa/bdx88H/1rfv4mYBQ1T9N9qenLbed6GzgFGq/httTw5c77voWcBAVf+Ntidnrvcy3OBoqP4bbU+OXe+7GFrCcFX/jbYnJ6/3XRgt8Vn1PTh7vSeHr/ddJC3xcfU9OH69J+ev910wLfGJ9T04gb0nR7D38ogfH1rfg0PYexJ/8uh+ic+t0Un/5Ki/i6clXJtG8LCfxJ88wF/muD2IP3rgL8/wlwvcHsQfPfOXx/hLuAGL0Kk/PfZX5/73mJSgk3969K/O/u81tAREID3+V+f/9zgEEQGgCEAxgHscg4gCUAygOMA9DkJEAggKiGJFm3AUAhoQERwQyRP+6B6HISACEUECkTzlj+5xHAIqEBEsEMmj/ugeByJAAxFhA5E87o/ucSQCPBARPhDJM/9Iw+wAI4gIJIjkuX+k4XaAE0QEFETy7D/SsTsQiQQWRPL8P9LwO8ALIgIMIskAIg3DA8wgItAgkhwg0nA8wA0iAg6iRLFPHImAHUQEHkSSB0QRjkTADyICECLJBKIIRyJgCBGBCJHkAlGEIxFwhIiAhEiygSiGp9sRYAkRgQmR5ANRHGEDIBIJUIgkI4hiuB+OAFOICFSIJCeIYrgnjgBXiAhYiCQriGK4L44AW4gIXIgkMIhiuHOJAGCICGGIJDSIOuoH8CyADBGhDFGqSDzcI0eANEQENUQSH3QZSKABEImEN0QSIUQxPMmJAHKICHOIJEaIMAWMAHaICHeIJEqIkggrAJFI2EOk4EOCIxHgh4jwh0gihSjBkQgQREQYRCSxQpTgSAQYIiIcIpJsIUpwJAIWEREYEUnAECV4kwKARESIRCQhQ5TgSARQIiJUIsrUvRAciQBMRIRMRJI2RJgURoBORARPRJI4RCk8uYkAoYgIoogkdYhSHImAUkQEU0SSPEQpjkRAKiKCKiJJH6IURyKgFRHBFZEkEPDuRAR4RUSARSQZRIQpYASYRUSgRSQ5RITpVAS4RUTARSTimXkJsIuIwItI8ogIY6oI8IuIAIxIpDNTK2AYEYEYkZgbEQHHiAjIiISKQ7w+ASwjIjAjEioO8bcIeEZEgEYkVBzi9QlgGhGBGpGiGhADRYBrRARsRJJVRBnuQ8A2IgI3Iskrogx/y4BvRARwRJJZdCnHoAIQiARyRJJbRFmCDYBAJKAjkvAiyvCsAmBHRGhHlKsLc9lrkX6zIFdGIgA8IkI8Igkxog6LIQMgEAn1iCTIiLIcG0BX50ggSpgRZfjwC8CPiNCPSAKNKFtiBSASCQGJJNSIxD00ACBIRChIJMFGJCJsAEQiISGRhBuRiLEBEImEhkQScEQiwQZAJBIiEknIEYkUGwCRSKhIJEFHJNDVughwkYiAkWihbm/iQARsJCJwJFqoCyp4SAV8JCKAJJLMIxILrADd4ySBKLlHJJawC0AcEk4SSfQBLydGAJREhJREEn5EGGtFAJZEhJZEy3jmSwTAJCLEJJIQBN8AiQAziQg0iSQHwZdAIoBNIsJNIolCohzPCACdRISdRBKHRDle3QF8EhF+Ei3VNWK8ugMIJSIMJVrqLxpEgKJEBKNEkozgCykRACkRISmxJCNRnr7OxDfLhFxUBSglJiglvldRCPc5MWApMWEpsWQjEeaFMYApMYEpsYIpiJ7FgKXEhKXEko3gGwQxYCkxYSmxZCMYqMeApcSEpcSSjWAsHgOWEhOWEks2gsl4DFhKTFhKLNkI5tsxYCkxYSmxZCMYcceApcSEpcSSjWDKHQOWEhOWEks2gkF3DFhKTFhKrJ5O5PiqNoApMYEpsYQjGFnHAKbEBKbEEo5gah0DmBITmBJLNoLBdQxYSkxYSizRCGbXMUApMUEpsSQjmEDHgKTEhKTEEoxgCB0DkBITkBJLLoI5dAw4SkyfVEgsglF0jB5V0FcVkopgGB2jdxWThxV6mBzDpxUk/mI9TI7R8wr6viLWw+QYvbCgTyxiPUyO0SsL+sxCEZQcbm1j9NKCPrVQby3wCxH02IK+tlAAJYdb4xg9uKAvLhRAWeBnOejRBQEosQIoC/w0BwCUmACUWD29gC8JYsBPYsJPYsVPFvh5D+AnMeEnscQhmicrAJ/EBJ/EkoZoXq0AehITehKrdxjwcCEG8CQm8CRWTzHgPdUYsJOYsJNYvcaAz1digE5igk5i9SADD2KAnMSEnMTqTQa8cR8DcBITcBJLDoLvIMWAm8SEm8TpTAACbBITbBJLCoJfs8SAmsSEmsQSguAHLTGAJjGBJrFkIPDdQAyQSUyQSazeaeDwA8QkJsQkVk810OOUGPCSmPCSONU+ko0BLYkJLYkl/MCXjmMAS2ICS2LJPvArlRiwkpiwklixkgUk2DFgJTFhJbFEH5oZAKCSmKCSWKGSBTzcjAEqiQkqiSX5wOEDQElMQEksuQf++wFMEhNMEitMsoBH9DHAJDHBJLHCJPA1bAwoSUwoSawoCXwQGwNIEhNIEitIAt/ExoCRxISRxIqR4PkXQJKYQJJYMg/8PhUgkpggkljMhB8gJDEhJLGYCz9ASGJCSGIJPPAzV8BHYsJHYsVH8H3IGPCRmPCRWPGRBd5DAT4SEz4SKz6ywGtAwEdiwkdixUcWeA0H+EhM+Eis+MgSXgSKAR+JCR+JxdwiEACSmACSWAESfKsyBoAkJoAkVoAEX6uMASCJCSCJ1RMQ+EApBnwkJnwkVnwE38uMAR+JCR+JFR9ZQj4SAz4SEz4SS9yBz4IAHYkJHYnVgxB8lgPgSEzgSKzehOCtGGAjMWEjsXoWglfBAI3EBI3EknRoznIAGYkJGYkl6NCc5QAwEhMwEkvOoTnLAVwkJlwklphDc5YDsEhMsEi8mDmKAVQkJlQkXswcxQAoEhMoEi9mjmIAFIkJFIkXM0cxgInEhInEi5mjGIBEYoJE4sXMUQwgIjEhIvFi5igGEJGYEJF4OXMUA5BITJBIvJw5igFEJCZEJF7OHMUAIBITIBIvZ45iABCJCRCJlzNHMQCIxASIxMuZoxjAQ2LCQ2LFQ5YQL8eAh8SEh8SKhywh1YsBD4kJD4mXahqGeDkGQCQmQCReqvQqkOrFgIjEhIgkiogsIV5OABFJCBFJJOCI7yFeTgARSQgRSSTgiO8hXk4AEUkIEUkk4ojvIV5OABNJCBNJJOOI7yFeTgAUSQgUSSTkiO8hXk4AFUkIFUkk5YjvM8SlEoBFEoJFEok54nsYiQngIgnhIonkHPE9jMQEgJGEgJHkXm1KYCQmgIwkhIwkkUr2gyMRoJGEoJFEoo7710n8TZpFr6PXSfLNIslfx9F9t9XM7pfEJErSQmJTwg+4wkwAK0kIK0kifcYygEoSgkqSSJvrIAGkJCGkJJHkA+6yEgBKEgJKEgk+YPKzBHCShHCSRHIPeEaQAEySEEySSOwBzwgSQEkSQkkSRUlgnhoASRICSRIJPeDuKgGMJCGMJOmfmuD2IOwII0nUSxO4NUoAI0kII0nUQxMct4CRJISRJOqdCdzYJICRJISRJOqZCbyEmQBGkhBGkqhcVLoOAMFHGEmiXpnAE6IEMJKEMJJEMRKYDiYBiCQhiCRRiASeMCWAkCQ0L1VPSNAJU4IyU9HUVOqFCTxhSlByKpqdKom1J0wJyk81SVCVaHOvJTBFFQlAxUdwAKMsVTRNleQd8IQrQXmqaKIqiTvwCVeCUlXRXFUSd8ADqgQlq6LZqiTtwKnYEpSviiaskrQDv8lIUMoqQkcSSTsw3UoAHUkIHUkk7cB0KwF0JCF0JFF0BKdlA3QkIXQkUXQEZ2YDdCQhdCSRuEOTnA3gkYTgkUTiDk1+NoBHEoJHEsk7dCnaQPgRPpJI4KHJ0gYASUIASaLyWeFEbQCQJASQJCqlFc7VBgBJQgBJInmHJl0b4CMJ4SOJ5B2ajG2AjySEjyQSd+ClC6AjCaEjicpvhcMX4JGE4JFE8g5IxxKARxKCRxJJO/DKCcCRhMCRROW5gnQsAXAkIXAkUamuIB1LABxJCBxJVLYrvHYAcCQhcCTJlvqpG8CRhMCRRNIOzccH6EhC6EgiaYfm4wN0JCF0JBH64ANsJCFsJBHa3H0JYCMJYSOJ0KfvSwAaSQgaSSTpiLul5/KbJR17ARpJCBpJhFr6wakbkJGEkJFEzOSJBGAkIWAkUWAE3nJOABdJCBdJJObAz4cSgEUSgkUSSTnwng9AkYRAkUQyDvx2KAFMJCFMJJGMA99xTgATSQgTSSTiwHecE4BEEoJEEkk48LOdBBCRhBCRRCIOfME4AUgkIUgkkYgDXzBOABJJCBJJJOLATCkBSCQhSCSRiAPnvUsAEkkIEkkk4tB8vwCJJASJJBJx4GdPCUAiCUEiyWImKS5AIglBIolEHHG3dQTjB2AiCWEiiWQcOIleAphIQphIIhkHzqOXACaSECaSLGYCEDCRhDCRRDIOmE0vAUgkIUgkkYhD8/cHSCQhSCSRiCPW7JwBE0kIE0kk44hxboMEQJGEQJFkea99aZMAKJIQKJJIyIHnT8BEEsJEEpVUCzcH4UeQSCIRB85JmAAkkhAkkkjEgdMSJgCJJASJJBJx4MyECUAiCUEiicqvBRcvAIgkBIgkkm/g1wUJ4CEJ4SGJxBs4RWECcEhCcEgi6QbOUpgAGpIQGpJKuIETFaYAhqQEhqSSbeBchSlgISlhIalEG5jIpwCFpASFpJJs4IyFKSAhKSEhqXodAoleCkBISkBIql6HwJ1/CjhISjhIKrEGfuOVAgySEgySSqqBbwSkgIKkhIKk6nUIJMIpgCApgSCpeh0Cd/4pYCApYSCpeh0CbwSkAIGkBIGk6nUIjj/AO1LCO1IJMPDjpBQAj5QAj3TmcUgKiEdKiEc68zgkBcgjJcgjnXkckgLmkRLmkc48DkkB9EgJ9Egj/clLCqhHSqhHqh6H4PgF2CMl2CNV2APHL+AeKeEeqXocguMXgI+UgI9UPQ6BNxpSAD5SAj5S9TgE3mhIAfhICfhI1eMQHL8AfKQEfKTqcQiOXwA+UgI+Ugky8I2IFICPlICPVHIMfCMiBdwjJdwjlRwD34hIAfdICfdIVSmOLrHUdPmdAvCREvCRqnIcOLFUCshHSshHKklGjBNLpQB9pAR9pBJlxPE9dAGwj5Swj1SxjxjeR0gB/EgJ/EgV/MD0IgX0IyX0I020t/NTAD9SAj/SRHsAmAL4kRL4kSb6bJcpgB8pgR9pos92mQL6kRL6kSb6bJcpoB8poR9pos92mQL6kdKKHak+22WKinbQqh2pPttliup20MIdqT7bZYpqd9DiHak+22WK6ndMCnjos12msIQHCb90Jttlisp40Doe6Uy2yxSV8qC1PNKZbJcpKudB63mkM9kuU1TSg9b0SGeyXaaorAdBIGk2k+0yBQwkJQwkzWayXaYAgqQEgqTZTLbLFGCQlGCQNJvJdpkCDpISDpJmM9kuU0BCUkJC0mwm22UKWEhKWEiazWS7TAEMSQkMSbOZbJcpoCEpoSFpNpPtMgU4JCU4JM1msl2mgIekhIekYibbZQqASEqASCpmsl2mgIikhIikYibbZQqYSEqYSCpmsl2mgIqkhIqkYibbZQqwSEqwSCpmsl2mAIukBIukYibbZQq4SEq4SCpmsl2mAIykBIykYibbZQrISErISCpmsl2mAI2kBI2k+Uy2yxTAkZTAkTSfyXaZAjqSEjqS5jPZLlOAR1KCR9J8JttlCvhISvhIms9ku0wBIEkJIEnzmdxuKSAkKSEkaT6T7TIFiCQliCTNZ7JdpoCRpISRpPlMtssUQJKUQJI0n8l2mQJKkhJKki5msl2mAJOkBJOki5lslyngJCnhJOliJttlCjhJSjhJupjJdpkCUJISUJIuZrJdpoCUpISUpIuZbJcpQCUpQSXpYibbZQpgSUpgSbqYyXaZAlqSElqSLmayXaaAlqSElqQLbbbLFLCSlLCSdDmT7TIFsCQlsCRdzmS7TAEuSQkuSZcz2S5TAExSAkzS5Uy2yxQQk5QQk3Q5k+0yBcgkJcgkXc6NiICZpISZpMuZbJcpoCYpoSbpcibbZQqwSUqwSbqcyXaZAm6SEm6SLvXZLlPATVLCTbL7mWyXGQAnGQEn2f1MtssMkJOMkJPsfibbZQbQSUbQSXY/k+0yA+wkI+wkU69IYviKJAPwJCPwJFOvSGL4iiQD9CQj9CRTr0hi+J4pA/gkI/gkU/gEHp9nAJ9kBJ9k6hFJDF+hZICfZISfZOoRSQxfoWQAoGQEoGTqEUkMX6FkgKBkhKBkkTo+hK9QMoBQMoJQMvVkJIHnjxlgKBlhKJlkInECN50ZgCgZgSiZhCJxAjedGaAoGaEoWV+nHB5jZwCjZASjZBKLxEmC+wAEIuEomeQicQKvgWQApGQEpGQSjMR4hZYBkpIRkpJFamaGK7QMoJSMoJRM1S7HK7QMsJSMsJRM1S/Hb8IyAFMyAlMyVcM8gdveDNCUjNCUrK9jvsQKQCQSnJL1xczhO4IM8JSM8JRMFTRPIxgHAKhkBKhkKtsWvM6XAaCSEaCS9Q9J4FYhA0QlI0Ql67NtwVVuBohKRohKpp6SaD5GQFQyQlQyCUg0hWsBUMkIUMkkH9HUrgU8JSM8JVM8JYXPMzPAUzLCUzLFU1J4BpYBnpIRnpKp1yQp/iMCopIRopKp5yQpHk0AU8kIU8lUsRLN+ghAlYxAlUy9KEnxcASoSkaoSqbelOBFagawSkawSqYelaR4NAFcJSNcJVOvSlK4YcwAWMkIWMnUs5KuE8FwBMhKRshKpoqVwFdVGSArGSErWaryzuCZGaCVjKCVTNUq0SxSAVvJCFvJFFvRLFIBW8kIW8kkKok7BagPQSAStpKl+uyDGUArGUErmSQlcecBEgDikKCVTJISeEEyA2AlowXTM/31wgzVTKdF01XuLc2EgAqn08rpEpPEGS5/joqn0+rpmYpCTRlzEIW0grrEJHGGhwJURX1SRj3TV3+HhdRJEGYqCOF+N0PF1Gk19Uy9r8Ml0VFBdVpRPVMv7CAZylBRdVpVPdMnQ89QXXVCVTKVgkvghQ2gKhmhKlmfhAtPioCqZISqZCKemRQBVckIVclUFi7NpAioSkaoSqaoimZSBFQlI1QlU49NNJMioCoZoSqZemyimRQBVckIVclEPjMpAqqSEaqSicXMpAioSkaoSiYhiW5SBFQlI1Qly/VPjTMAVTICVbI8mpkUAVTJCFTJ5uqUZACqZASqZHN1SjIAVTICVbI8nZkUAVTJCFTJ8kw/KQKmkhGmkuViZlIETCUjTCVTz07gpAiISkaISqaICp4UAVDJCFDJ8uXMpAiASkaASra4n5kUAVDJCFDJFtHMpAiASkaASqYenmgmRQBUMgJUMslHNJMi4CkZ4SnZIp2ZFAFPyQhPySQe0U2KgKdkhKdkEo/oJkXAUzLCU7K+RgmcFAFOyQhOydTjE1wnJgM4JSM4JVvM3D7MAFDJCFDJljO3DzMAVDICVDLJR2JcqSYDQCUjQCWTfCTGlWoyAFQyAlQyyUdikcGVBQAqGQEqmeQjcVeqBhkAgUiASib5SCzgJdIMAJWMAJVsqQJxgQ2AQCRAJZN8JBZLbABEIgEqmeQjcY4PcQFQyQhQyZYqBQNe3wGikhGiIiQgiXP4kFYAoiIIUREqLxe+xioAURGEqAiVlyuHh7gCEBVBiIpQeblyGMoCEBVBiIpQRAWfhAtAVAQhKkIRFXwSLgBREYSoCEVU8AmoAERFEKIiVF4ufAIqAFIRBKmIe/17ZAGIiiBERdwv9UWDBCAqghAVEd3riwYJQFQEISoiivRFgwQgKoIQFSEBCX5SKQBQEQSoCMlH8JteAXiKIDxFSDyiKRokAE8RhKcIiUfiHHI5AXiKIDxFKJ7SvcuZnuEKwFME4SlC8RRc9UUAniIITxGKp+CqFQLwFEF4ilA8JYcbHQF4iiA8RSiesoAH6QLwFEF4ilA8ZYEHRMBTBOEpQvEUzV8B8BRBeIpQPEXzVwA8RRCeIhRP0fwVAE8RhKcIxVM0fwXAUwThKUJl5tL9FUAkEqAiVPWSBVzjCQBUBAEqQj1RWcAVlgBARRCgItQTlQWelgBQEQSoCPVEZYE/Z0BUBCEqQj1RWUBMLgBSEQSpiGQuEgFSEQSpiL5+CeTsAiAVQZCKUEhFpwBEIkEqQtV/x08VBUAqgiAVoXJ0LeBaXwCkIghSEaqGCZxVAFARBKgIyUfgjRkBcIogOEVIOqKZ1ABNEYSmiD5HF9ypCEBTBKEpQsIRzawIYIogMEVIOALTQwrAUgRhKSLVlpAQgKQIQlJEqi0hIQBHEYSjCMVR8ENXATiKIBxFpNp38gJQFEEoikj17+QFoCiCUBQhoQh+Jy4ARBEEoghJRfA7bwEoiiAURUgqgt95C0BRBKEoQkIR/E5bAIgiCEQRkongd9oCMBRBGIqQSAS/0xYAoQiCUISqYALfaQtAUAQhKEK9TNGsBABCEQShCElE8ENrAQiKIARFSCCCH1oLAFAEAShC8hB8U0wAfiIIPxGSh+CH1gLwE0H4iZA4BD+UFgCfCIJPhKQh+KG0APREEHoiJAzBD6UFgCeCwBMhWQh+KC0AOxGEnQiJQvBDaQHQiSDoREgSgh86C0BOBCEnQoIQ/NBZAHAiCDgRkoPgh84CcBNBuImQGAQ/dBYAmwiCTYR6jKJZSQNsIgg2Efm9nhkIwE0E4SZCcZMlPGISgJsIwk1EHmszpQmATQTBJiJPtNBCAGoiCDURPTWB0EIAaiIINRHqKQouRCgANhEEmwj1FAXXoBEAmwiCTYR6ioILEQoATgQBJyLXZ8oUAJwIAk6EeomCCxEKAE4EASdioU/VKgA3EYSbiIU+VasA2EQQbCIW+lStAlATQaiJWOhTtQpATQShJmKhT9UqADQRBJqIhT5VqwDMRBBmIhb6VK0CIBNBkIlY6BOGCIBMBEEmYjETgICYCEJMxEKfqlUAYCIIMBFLfapWAXiJILxE6LN1CUBLBKElQsIPnGpVAFgiCCwRqqQ7SrUqACoRBJWIpX4XAkCJIKBELPX3aATgJIJwEiGxB061KgAmEQSTCPXuZAHvkAiASQTBJEJhEjyFAEoiCCURqnoJrgQnACURhJLkKl8X+gPkgJHkhJHkEnnAv18OCElOCEmu3pzgQoQ5ICQ5ISS5enMC08TnAJDkBJDkknfguxs54CM54SO5xB04TXwO8EhO8Ejely3B7acBmBM6kis6glYwOWAjOWEj+b0+/HLARnLCRvL7mfDLARvJCRvJ1WsTdG0iB2QkJ2QkV2QEpyvKARnJCRnJVTF3XIgwB2gkJ2gkV29NlvBMPAdsJCdsJFdsBFcyzAEbyQkbyRUbWcLz4BywkZywkVyxkSU8D84BG8kJG8mjXP8qPAdsJCdsJFdsZAkPlHPARnLCRnLFRnAdqhywkZywkVyxkaVAS/EcsJGcsJFcsRG4l8gBGskJGskVGllC5J8DNJITNJIrNLKEG8ocoJGcoJFcoRFcxyoHaCQnaCRXaARfpMsBGskJGskl6cAnujkgIzkhI7kiI5q/AQhDAkZyyTngHbAcYJGcYJE81mcOzgEVyQkVyfuSJXA3lwMqkhMqkvc1S+D1oxxQkZxQkbyv6o6nI0BFckJFcgk5NCVJc0BFckJFcgk5NCVJc0BFckJFcgk5cProHECRnECRXL0zwcmzcgBFcgJFcgVF7uGpRA6wSE6wSK7emeAoBlwkJ1wkV5Xd7+HFmRyAkZyAkVxyDk1R1RyAkZyAkVyCDni0nwMukhMukqf6FK45ACM5ASO5AiN4IARkJCdkJFel3eGOPgdoJCdoJJekAx/N54CM5ISM5BJ14KP5HKCRnKCRXBV3hzvyHKCRnKCRXKIOfDSfAzSSEzSSS9SBT9ZzgEZygkZyiTrwyXoO0EhO0Eiu0Ag8Wc8BGskJGskl6sAn6zlAIzlBI7lEHfhkPQdoJCdoJJeoA5+s5wCN5ASN5JJ04JP1HJCRnJCRXJIOfLKeAzKSEzKSS9KBT9ZzQEZyQkZySTrwyXoOyEhOyEiuyIgmfkD8ETKSKzKCv39ARnJCRnJJOvDJeg7ISE7ISK6ydWkWswCN5ASN5CpbFy6qmgM2khM2kqt3Jbioag7gSE7gSK6ydeGiqjmgIzmhI7nK1qVZjAI8khM8kqt3Jbioag74SE74SK7eleCiqjkAJDkBJLl6V4KLquYAkOQEkOQKkOCiqjkAJDkBJLkCJLioag4ASU4ASa4ACX5AnwNCkhNCkitCgouq5gCR5ASR5AqR4KKqOUAkOUEkuXpYgouq5gCR5ASR5OplCS6qmgNEkhNEkkvicf86jb5ZZIvXyX3cHdWLnFoCIUlYSa5YyT28T5wDWJITWJLnamkIk0LkAJbkBJbkC/1L+BzAkpzAklzBEpzSIQe0JCe0JO9pCbybnwNckhNckitccg/v5ueAl+SEl+SLmbusOQAmOQEmuQIm93inD4hJTohJrojJPbzcnwNkkhNkkksEojvsAMwkJ8wkX8ysEAEzyQkzyRUzuV/CY1cATXICTXIFTaJ7tEcC0CQn0CRfqiI7EdwmAmySE2ySL/XoOAfYJCfYJF8qagef7OUAnOQEnOTqjYnmuAegk5ygk1yikCTCgwlgJzlhJ7lkIQkuNJQDeJITeJKrNyb4aUAO4ElO4EkuYUgS4cEA0JOc0JNcvTGB7DcH8CQn8GShnpjAleIC0JMFoSeLexWG8M3dAvCTBeEnC4lDMLxdAHyyIPhkIXEIhrcLgE8WBJ8sJA7B8HYB8MmC4JOFxCEYvi4APlkQfLKQOATSqwWgJwtCTxaKnuCPaAH4yYLwk4WqdoJ/fxp/C4JPFpKGYPy4APRkQejJQtET/DZmAfjJgvCTRaQCEM5FC8BPFoSfLCQO0UUw4CcLwk8WqsB7BNdnC8BPFoSfLFSJ9wi+VFsAfrIg/GQhcUgSw53CAvCTBeEnC4lDkhgeuC0AP1kQfrJQb0vgMLQA+GRB8MlC0hDNKADoyYLQk4WEIZqvGMCTBYEni1jLkBcAnSwIOlkodKL5CgE7WRB2spAoBH+FgJwsCDlZSBCi+Qr//87Odjly3Nb797LP162T5gskMndwriGVcvXaGk/v2N1Od3t3Jqnc+1NNEhAJ/anlnE9xzB1IliASwA8vAJwEBU6CzRk0sNAwAHASFDgJNmsgPIoDACdBgZNgswbCozgAchIUOQmJhPQ+Y4BOgkInwWYVhEdxAPAkKHgSEgzBJmUA8CQoeBISC+mYlAHAk6DgSUgsxFnoGAQAT4KCJ8HZvkkXADwJCp6ExEKchQX0AcCToOBJcFkRoWMQADwJCp6E3KULb0QAngQFT0KuKMH2EGAnQbGTkNkJ3sgAOgkKnYSEQjrmDEAnQaGT4HY2QkBOgiInIYGQjjkDwElQ4CT4bi5XAOAkKHASvN3ZSAE5CYqchERC8EYKwElQ4CQkENLZSAE4CQqchARCIPoLgJsExU1CHvqOwv4BYJOgsEnw3WqmAKhJUNQk+G41UwDQJChoEnJTLvzPgeYpZhKofwQDZBIUMgnUTeMKgJgERUxCJiYI+AUATIICJiEBEIi9A+AlQfGSUKac4H8P1E7xklCGnOB/D/RO8ZKQZ5xgvQW8JCheEvKIE0icA+AlQfGSkCecwBbmAfCSoHhJoNzzo/MAgPIpYBLywHeLTXBATIIiJiFPfMcdfwNAJkEhk5AIiHPYBAfIJChkEqbsCGMbDiCToJBJSATE4Ya9ASCToJBJmHIeNbbhADIJCpmERECcwyYYQCZBIZOQkQnMpQuAmARFTMKUT18Y7A+AmARFTEImJjA4HAAwCQqYhLmfyh8ALwmKl4S5n8ofAC4JCpeEuZ/KHwAtCYqWhLmfyh8ALAkKloS5n8ofACsJipWEuZ/KHwAqCQqVhLmfyh8AKQmKlIS5n8ofAB8Jio+EnVqSAPBIUHgkzP1U/gDoSFB0JIR+Kn8AdCQoOhLy6HfYWiAAOBIUHAmJdWAjAKCRoNBIyP23sPoCMhIUGQkJdMBSgAC4SFBcJCTMgW0QQEWCoiIhQQ6cfRcAFAkKioQ89x0br4CJBMVEQq4jwR8vYCJBMZGQmYjDoTjARIJiIiExDoLtAAJgIkExkZCZiMPeI2AiQTGRkJkI3n4BEwmKiYTcdwtvvwCJBIVEQtzZ/gARCYqIhLiz/QEgEhQQCXFn+wM8JCgeEhLe6GxfAIcEhUNCHv0OPyAAQ4KCISHBDfz9ARYSFAuJiW3g7ycCFhIVC4m52xaeNxABC4mKhcTcbQvPG4gAhkQFQ2LutoXn9EVAQ6KiITF328JRtAhwSFQ4JOZqEthFMgIcEhUOiX0cEgEOiQqHxDy8BP/zrf5FBUNiohu4/WIENCQqGhIPeQeEbkQEOCQqHBJ3Zr9HQEOioiEx0xAcQ4yAhkRFQ2KhIQhLRwBDooIhMffZggZABCwkKhYSE9qYYGuhCFBIVCgkJrIB/fgIQEhUICQmroF7ckTAQaLiIDFxjQn2SYuAg0TFQWLiGhNskxYBB4mKg8TENSaY9xwBB4mKg8TMQfAOBkBIVCAkJq6BE58j4CBRcZCYwMYE/acIQEhUICTafuJ0BCAkKhASbT9xOgIOEhUHiQlr4EEfEWCQqDBITFQDJ15HQEGioiAxQQ2ceB0BBIkKgsTENHDidQQMJCoGEncYSAQMJCoGEhPSwA2hIkAgUSGQmIgGbukTAQGJioDEBDRw4ncEACQqABITz8CJ3xHwj6j4R0w4Ayd+R4A/osIfMeEMnPgdAf6ICn/EhDOw/xoB/ogKf8SEM3DieAT4Iyr8ERPOwInjEeCPqPBHTDgDJ45HgD+iwh8x4QycOB4B/ogKf8RcNwITxyPgH1Hxj5hwBi4GjQB/RIU/YuIZOPE8Av4RFf+IiWfgxPMI+EdU/CMmoIETzyMAIFEBkJiIBk48j4CAREVAYp5MYmEkOwIGEhUDib7rgUTAQKJiINF3PZAIGEhUDCQmqNFJLo2AgkRFQWKeTILTnSPgIFFxkJjAhvMwjh0BCYmKhERyOxYoYCFRsZBIvm+BAhYSFQuJmYXgWaARwJCoYEgsMASOM42AhkRFQ2KmIXjMdgQ4JCocEjMOwWO2I+AhUfGQmCeT4DHbEfCQqHhIzAPf8ZjtCHhIVDwk5oHvuKA6Ah4SFQ+JuYQEh9Ij4CFR8ZCYS0jwmO0IeEhUPCTmEhI8ZjsCHhIVD4m5hARH0yPgIVHxkJhLSPCY7Qh4SFQ8JOaB73jMdgRAJCogEvPAdzxmOwIgEhUQibnHFh6zHQERiYqIxDyapBNUAUgkKiQS88D3TlAFMJGomEjMs0k6mzKAIlFBkZhnk+Ax2xFQkaioSMwD33FYPQIsEhUWibnLFh6zHQEXiYqLxNxlC4/ZjgCMRAVGYu6yhcdsR0BGoiIjMY8nwWO2I0AjUaGRmNGIh9VQEbCRqNhIzAPf8YTmCOBIVHAkZjjiIaGNgI5ERUdiLh3xkNBGwEei4iMxuG7OfwR8JCo+EvN8EjzeOAJCEhUhiXk+CR5vHAEjiYqRxDyfBI83jgCSRAVJYoIeHQ8LQJKoIEnM80nweOMIKElUlCTm+SR4vHEElCQqShLzfBI83jgCTBIVJol5PgkebxwBJokKk8Q88B2P+omAk0TFSWKuHfEwUyACUBIVKIkZlHSsTEBKoiIlsdSOQCsTkJKoSEkspSOw/CYCVBIVKomx3+kjAlQSFSqJpXIE5mpGAEuigiUx5v0Qf0kAl0SFS8wh8Q/nYb5pWW1F1L9kGaafcVFWNzKMlmH703HL6kaG1TKyRkJ2WVY3MpyW4fv8p6xuZHgtg/oIqKxuZJCWMfW9yLK6kTFpGXPfkSyrGxmzlhH6J25Z3cgIWkbaLfH86rK6kaH11GQ9hRtmWdUyjNbTDFY83DPL6kaG1tPMVgiWaZTVjQytp2Ynw7qsbmRoPc31JtR5L4Cy1L9kGdQfaV1WNzK0niZ40v1uAW6pf8ky5m45b1nciNBqmhgKnm1dFjcitJbm5l14vHVZ3cjQWpr7d+FhnmVVy7BaS3MdCp7nWVY3MrSW5jZeeKRnWd3I0FqasEpnqmdZ3cjQWlrmxnd2QgBj6l+yjLSb4tmeZXUjQ2tpnnaCx3uW1Y0MraW5rRee8FlWNzK0muaZJ7g3WVndyNB6mufIw16RZXEjQqtpHnyCR32WVS3DaTXNXb7wtM+yupGh1TQ3+sIDP8vqRoZW0zwBBffvLqsbGVpNy1x5lPJSFjcitJbmmhXcRLusbmRoLU0gBjZ+K2sbCVpHE4rBmRtlcSNCq2ju+4X9grK6kaFVNI+Yx1NAy+pGhtbRPBcFDwItq1qG1zpaBs13tg7AcupfsgzbTegrixsRWkXLuHkYdCirGxlaRX1u0g7LE8rqRobW0VzYgueCltWNDK2jCdbgMXZlcSNCK2nmO3g6aFndyNBamqfP4wGhZXUjQ2upzwUHvUeKtNRrLc2wB48JLataBmktzbwHTwotqxsZWkvzMHo8orGsbmRoNc3z6PGUxrK6kaHVNI+kx4May+pGhlZTon5DhrK6kaHVNE+mxyXpZXUjQ+tpRkAdVQcIqP4liwj9oY1ldSNDq2nmQHhuY1ndyNBqmlEQHt1YVrWMSatpgju4LWpZ3IjQWprwDh5VVRY3IrSSZiKE+96U1Y0MraSJ8XTGOJbVjQytpHlkPZ6bVlY3MrSS5qn1eHhQWd3I0Eqaq2Xw/JOyupGhtTT3GMPDBMvqRobW0lw0g+cJltWNDK2lpXCm49MCTlT/kmWYvfcCUFH9S5Zh994LoEX1L1mG23svABjVv2QZfu+9AGZU/5Jl0N57Adio/iXLSHqKRz2W1Y0Mradzbi7ROSgBPKp/yTKSnuKBj2V1I0PraZ5wj2c+ltWNDK2nZVZLJ94JKFL9S5axq6cAJNW/ZBm50gFSiLK6kaH1NNOk7n0gPQ1aT0svsk60ASCl+pcsI+tpx6ADVKn+JcvoVl6XtY0EraW5+ga7owAs1b9kCWHnlARoqf4li8gq2rFLAV2qf1lk5CqczkkL+FL9SxZheqXgZW0jQetn7BaClbWNBK2dsdsJoKxtJGjdjL4/ILKsbmRo3YzdfPSytpGgNTP2U9LL4kaEVs3EjnBWdlnciNC6mStzOqFagJvqX7KI2M2tLosbEUo1TcJHOD26LCoRRgMnk8e9wAzTsrgRYbQI202SLosbEVaLcN086bK4EeG0CN8fH1lWNzK8lkHddOeyuBFBWsTUzXguixsRkxbRR/JlcSNi1iJCN++5LG5EBC0idlOXy+JGhFbPRI1w9nJZ1CI0ZzIJGuEE5rK4EaHVMzEjnMNcFjcitHomZITTmMviRoRWz0SMcCZyWdyI0NqZa3k6qoUQk9GIySRehPORy+JGhNbOxItwSnJZ3IjQ2mlCf9BkWd3I0OqZO5wRTB4qqxsZWj8TL3IE84fKqpahEZNJvMgRTN0oqxsZWkMzYurE3Q1CTEYjJmP7qUxlcSNCq6jdCd0bBJiMBkzG7oXuDQJMRgMmk1ufEex6UVY3MrSS5u5nhFMxDAJMRgMmkxugEU6BMAgwGQ2YTMJFuAC4LG5EaCV1e7TeIMBkNGAybo/WGwSYjAZMJjdDI1hMXlY3MrSSur1jHvElo/mScTuZTmV1I0NrqesnO5XFjQitpG4n36msbmRoJc290XDKUlndyNBKmvujEaywLasbGVpJXb9IrSxuRGgl9Tu9+sqqlqEJk/Fm560gwGQ0YDLe7r0VRJiMJkzG7/RxLqsbGVpJEy5yE6waKasbGVpJM2HCLb3L6kaG1tI8d6bzZhFhMpowmdxDrftmkZJqwmR82HuzSEc1YDKJFvXfLFJSDZgMHfbeLAJMRgMmQzudTcvqRobW0lxTNMHWVmV1I0NraS4rmjrmDwJMRgMmkyuLcMZjWd3I0FpKud1zx4RCgMlowGQyYOppOgJMRgMmk3BRT9MRYDIaMBkKe5qOAJPRgMlQ3NF0xJeM5ktmOuxpGOJLRvMlk7uvdTLrDAJMRgMmkxuwTR3DFhEmowmTyT3Ypo4phwiT0YTJ5DZsU8eUQ4TJaMJkpt29FBEmowmTyc3Ypo45iAiT0YTJTHtaigCT0YDJTLtaigCT0YDJTHtaiviS0XzJzIe9/RjxJaP5kpnN3n6M+JLRfMnMOw1Sy+pGhtbS3KRt6li2iC8ZzZdMadSG02MM4ktG8yWTm7VNHVsO8SWj+ZIpfAn17CmLGxFaSTNe6sQIEF0ymi6Zud++vCxuRGgdzeVJncAPYktGsyWTm7fB7k1lUYvQaMnkEqWO/4bIktFkyfRbuJW1jQStn5kr9XQccSWjuZJJkAhH/w2iSkZTJZMQEe4GVRY3IrRyZqjUSbQ2CCsZjZVMokRu7pjWCCwZDZZMaezWcakRWTKaLJmEiXCCoUFcyWiuZBIl6ky6LqtahgZLJnGizrDrsrqRoRU0N3nD867L6kaGVtHEijojr8vqRoZW0TL/BqNxg/CS0XjJxHzQYzRuEGAyGjCZOPVLtcvqRobW0lzNhMdfl9WNDK2lCRh1hraW1Y0MraWJGGHcZhBiMhox2QSMOqzMIsRkNWKyCRh1WJlFiMlqxGQTMOqwMosQk9WIyWbEhHmGRYjJasRkEy/qsDKLCJPVhMlmwoSPNYsIk9WEyR52nHqLCJPVhMlmwoRhhEWEyWrCZPOcnN5LBcppNWGyiRd1OJdFhMlqwmQzYcIwwiLCZDVhspkwdfQCESarCZPNhKmjF4gwWU2YbCZMHb1AhMlqwmQzYcKcyyLCZDVhspkwYc5lEWGymjDZTJg6qoUIk9WEySZe1OFcFhEmqwmTTbiow7ksAkxWAyabaFGHc1nEl6zmSzbBosOvzv6PJ/Or+dW5/wlu/tXN5mGI0UEZYhYRJ6uJk83ECX81iDdZzZtsgkc9CUhdNW2yecAOdNwsgk1Wwyab0BFOibGINVnNmmwCR9iwtog0WU2abO4u15GAVFVzJpsLmXCj/bK6kaF1NUEj3KO0LG5EaF3NdUxT52kiXdWYybqc1oxFIMpkNWWyuYwJV1NZBJmshkw2VzFFaHpZxJisZkw2FzHhbHWLGJPVjMnmGqbOS0WIyWrEZHMNE87dtwgxWY2YbB69A4GuRYDJasBk3dwHuhbxJav5ki0lTPgmkG5qumRzARP2ciyiS1bTJZvrl7CTYxFcshou2Vy+hOMiFsElq+GSLbN48IGA2JLVbMlmtoTLQC1CS1ajJZvREmxKXhY3IrRueupHZywCS1aDJZsH83TMFQSWrAZLNoMlHJ2xiCtZzZVs5kqwO2NZ3IjQ2ul3AL1FWMlqrGQzVsIl1xZRJaupkk2ICI8ZKIsbEVo7M1TC+e0WMSWrmZJNgKhzoCKiZDVRsgkP4XkDZXEjQitnokNw5EBZ20jQukk7pzqCSVbDJJvQUKdO0SKYZDVMsokMdaJlFrEkq1mSTWTIwyFAZXEjQqtmrlXq2AUIJVmNkmxGSZ3PFJEkq0mSzSSp85kikGQ1SLLTjmoijGQ1RrJTPwBqEUSyGiLZRIR6WoEYktUMySYg5DumHkJIViMkO3VnmpW1jQStmgkHeVwMbBFAshog2YSDOl0mLAJIVgMkm2hQp8uERfzIan5kEwzyOLffInxkNT6yiQV1SgwsokdW0yObUFCnPMAieGQ1PLKJBD3S/5DJitiR1ezIJhBEuFmGRejIanRk5/64lbK4EaGVM4/7mXFWgkXsyGp2ZDM7mnt/CtJPDY/svOcPIXhkNTyye/DIInhkNTyyGR7NOIBrET2ymh7ZsLd3InxkNT6yYWfvRPDIanhk+2OAytpGglbPXJLUQVgW0SOr6ZENO+c6YkdWsyMb5p1KZovYkdXsyCYQ1PtKEDqyGh3ZjI460RPEjqxmRzYedrwAhI6sRkc21yThQjOLyJHV5MgmDNRpK2EROLIaHNlEgXobMOJGVnMjmyAQJnEWUSOrqZGNeyc7gkZWQyObCFBn0kxZ3cjQ6lla4PWeJ1JPDY1shka4a4lFzMhqZmRzXRL+zhAzspoZuVyWBCU4hIycRkYuAaBOlw+HkJHTyMglAIQnr5TFjQirRbju8JWyuBHhtAjfBXAOESOniZFL/KdT7+YQMXKaGLk8RAh3PXCIGDlNjFziP3gQS1nciJi1iNCdxVIWNyKCFhG741jK4kaE1k2zwzMdIkZOEyOX+A8eylIWNyK0cib+00GiDhEjp4mRS/yng0QdIkZOEyOX+E+nZ51DxMhpYuQS/+lQVYeIkdPEyCX+06GqDhEjp4mRS/ynQ1UdIkZOEyOX+E+HqjpEjJwmRi7xn07ptkPEyGli5BLs6VTYOoSHnMZDLtGeDtt1iA85zYdcwj0dtusQIHIaELnEezps1yFC5DQhcgn4dNiuQ4jIaUTkEvHpWM8OMSKnGZFLyKeDhx2CRE5DIpeITwcPO8SInGZELhGfDh52iBE5zYhcIj4dPOwQI3KaEblEfDp42CFG5DQjcon4dHKeHGJETjMil4hPhzA7xIicZkQuEZ8OYXaIETnNiFwiPh3C7BAjcpoRuUR8OoTZIUbkNCNymRF1OJNDlMhpSuQS88H2nkOQyGlI5BLz6dh7CBI5DYlcQj5uxoniDlEipymRS8wnYmrnECVymhK5xHxi52kiSuQ0JXKJ+UQcvXCIEjlNiVxiPhEHfh2iRE5TIpeYT8TeiEOUyGlK5BLzidgZcYgSOU2JXJ5ehHOiHaJETlMil5hPxK1MHKJETlMil5hPxGFChyiR05TIJeZjDrjbn0OYyGlM5BL0MYeOfiJO5DQncon6mENHQREochoUuYR9zKGjoYgUOU2KXAI/5tBRUcSKnGZFLpEfc+joKIJFTsMil2cbHTpKinCR07jI5fFGh46WImDkNDByub3doaOmiBg5TYxc7m936OgpQkZOIyOX+9uZjp4iZuQ0M3KZGXVSWhyCRk5DI5enHZmOniJq5DQ1cnngkenoKcJGTmMjlzvcmY6eInDkNDhyeexRJ7LjEDpyGh25PPmoE9lxiB05zY5cHn5kOnqK4JHT8Mjl+UedVp8O4SOn8ZHLI5A6rT4d4kdO8yOXC5BmXNPlEEByGiC5XIHU6ffiEEFymiC5XIHUaUThEEJyGiG5BIRcp7OcQwzJaYbk8kQkPKOtrG5kaD3NQ5HwmLayupGh9TTPRcKT2srqRobW0zwaCQ9rK6sbGVpP83QkPK+trG5kaD3NA5LwyLayupGh9TRzpE4pgEMgyWmQ5PKYpE72kkMkyWmS5ILpz24rqxsZWk+D7Y9vK6sbGVpPg+tPcCurGxlaT3OHOzzEraxuZGg9DdSf41ZWNzK0noapP8qtrG5kaD0Nc3+aW1ndyNB6GkJ/oFtZ3cjQehpif6ZbWd3I0Hqay5E6U1IcYkpOMyWXy5HwZLeyupGh9TQPU+pkMjlElZymSi6XI+H5bmV1I0Prae52h0e8ldWNDK2nkfpT3srqRobW01yOhAe9ldWNDK2nmSzBVFKHuJLTXMllrtTJRnIILDkNllziRKaT/uIQWnIaLfnDYeeU8wgueQ2XfEJFppMB4xFd8pou+TxjqXNie4SXvMZL/rC3m3rEl7zmSz53vetM9PCIMHlNmHziRS7gkkqPEJPXiMkf9mbXeMSYvGZM/jDvWHQeQSavIZPPM5Y6Fp1HlMlryuQPccei8wgzeY2ZfJ6xFHCPD484k9ecyRuz90wRaPIaNPk8Y6n3TBFp8po0+TxjqfdMEWryGjX5PGOp90wRa/KaNfk8YwkPnCyrGxlaT/OMpU7SmEe0yWva5BM76uRveESbvKZNPnfA6wwE8gg3eY2bfIJHhvAB5RFv8po3+USPepNnPAJOXgMnb83O5BmPiJPXxMlb25+gWFY3MrSaJoDkAk4+84g5ec2cfCJI3U8OQSevoZPPPfA6Bp1H1Mlr6uTzkKWOQecRdvIaO/lcm9QZFecRd/KaO/ncAy/g9j4egSevwZMvxUkwJcUj8OQ1ePK5OGnqnHKIPHlNnnziSL1RGB6hJ6/Rk3d2J4HMI/bkNXvyLqsp7qvjEXzyGj75MmSp87kg+uQ1ffK5CV7AyMUj/OQ1fvK5C17AcRyP8JPX+Mm7vd0U8Sev+ZPPRUqdEW0eESivCZR3cW9HRgTKawLlc51SZ0SbRwjKawTlcxe8gNsMecSgvGZQPlcqdcareQShvIZQvgxawuPVPKJQXlMo732/ptAjCuU1hfKJKXVqCj2iUF5TKJ/HLPXOSYShvMZQPkGl7jmJOJTXHMr7sHdOIhDlNYjyuVwp4FZFHoEor0GUz/VKAbcZ8ghEeQ2ifG6D1zuvEYjyGkT5RJVwVrFHGMprDOVzE7zYcVwQhvIaQ/ncBC92DHWEobzGUD5PWeqkK3qEobzGUD43wcOHJIJQXkMon4iSix37B0EoryGUzxCKcEtAjyCU1xDKZwhFeKSHRxDKawjlM4QiPI7DIwjlNYTy0677hCCU1xDKZwhFuHGuRxDKawjlM4SacDM+jyCU1xDKZwg14R49HkEoryGUzxCqMyvOIwjlNYTyGUJ1ZrR5BKG8hlA+Q6jOjDaPIJTXEMpPO2nOHjEorxmUn7JZ2lFTxKC8ZlB+3rVLEYPymkH5BJTMhJtRecSgvGZQPgGlzng1jxCU1wjK5yFL+IEiAOU1gPIZQHXSST0CUF4DKJ8BVO+bRQDKawDlcx0TLk7ziD95zZ98gkmd4jSP8JPX+MnPe+PqPMJPXuMnP++Nq/MIP3mNn3zYG1fnEX7yGj/5sDOuziP65DV98mFnXJ1H8Mlr+OQzfOqMq/MIPnkNn/zueCWP4JPX8MnvjlfyCD55DZ/8znglj9CT1+jJ74xX8gg8eQ2e/N54JY+4k9fcye+OV/KIO3nNnfzeeCWPsJPX2MnvjFfyCDp5DZ38znglj5CT18jJ74xX8gg4eQ2c/O54JY+Ak9fAye+MV/IIN3mNm/zeeCWPaJPXtMnvjVfyCDd5jZv83nglj2iT17TJ741X8gg2eQ2baG+8EiHWRJo10d54JUKoiTRqor3xSoRIE2nSRHvjlQiBJtKgiXbHKxECTaRBE+2NVyLEmUhzJtobr0QIM5HGTLQ3XokQZSJNmWhvvBIhyEQaMtHeeCVCjIk0Y6K98UqEEBNpxER745UIESbShIn2xisRAkykARPtjVcixJdI8yXaG69ECC+Rxku0N16JEF0iTZdob7wSIbhEGi7R3nglQnCJNFyi3fFKhOASabhEiRR1WkcRYkuk2RJltjRj44AQWyLNliizpYAD7oTYEmm2RJktBZzQSogtkWZLlNlSxByEEFsizZbI5kgTDvwTYkuk2RLlgibcrogQWiKNlihxIhNwbi4htEQaLVFGS7ibFiGyRJosUcJEnW5ahMASabBEebgSjtgTAkukwRK5nTp6QlyJNFeiPFsJd9MihJVIYyXKo5U6uzCiSqSpEmWqhNtVEIJKpKES5clKuFiOEFMizZTI7aknQkqkkRJlpIS9d0JEiTRRojxXCXvvhIhS9UsWEbr+ACGeRJonUYJDnVZYhHASaZxEiQ3hADkhmEQaJlEiQ9gpIYSSSKMkSlyo0xqBEEkiTZIoYaFOKyxCIIk0SKIMkgKuBSBEkkiTJMrzlDonGiJJpEkSZZIUsNdNiCSRJknk+9V2hDgSaY5Evl9tR4gikaZIlClSxOiXEEUiTZEoU6SI0S8hikSaIlFue9dp9UOIIpGmSJT73nWa7BDiSKQ5EuVypt57RRyJNEeiXM4UcHIjIY5EmiNRLmfCvJQQRiKNkShXM2FeSogjkeZIlIuZcA9WQhiJNEaixIQ6PVgJUSTSFIkSEsIpq4QYEmmGRHmQUueDRwiJNEKijJB6ioEQEmmERIkH4cA6IYBEGiBRBkidomlCAIk0QKIMkDqDIggBJNIAiTJA6gx5IASQSAMkylOUIk5vIASQSAMkygCpAwkIASTSAInyGKVeOAMRJNIEiUoVU+95ICXVBIlKFRNO1SBEkEgTJJrzTDoMbQkRJNIEifIcpY5FjwgSaYJEeYxSbzdHDIk0Q6LZ73gFCCGRRkg073S3JUSQSBMkmne62xIiSKQJEs073W0JESTSBIlKI7zOyYYIEmmCRPNOe1tCAIk0QKJEgzoGC8JHpPERBbPT/I0QPyLNjyjRoI7Rg/ARaXxEiQU5izE8IXxEGh9RboTXMWURPSJNj6h0wsMZBYToEWl6RJke9TQD8SPS/IgSDsJd0wjxI9L8iELYfa1IPzVAoly41AFIhAASaYBEuXAp4qJnQgSJNEGiuBtnQgyJNEOiXLjUaUBBiCKRpkiUC5c6HSgIcSTSHIniTjdRQhiJNEaiXLfU6WJBCCSRBkmU65Y644sIkSTSJIkSF8I4ixBIIg2SKIMkzKIIgSTSIIkySOqoOQJJpEHSlIco4WNtQiBp0iBpyiAJ84IJgaRJg6QpgyTMCyYEkiYNkqYMkvDJOCGQNGmQNOUhSphFTYgjTZojTXscaUIcadIcadrjSBPiSJPmSNMeR5oQR5o0R5r2ONKEONKkOdK0x5EmxJEmzZGmPY40IY40aY407XGkCXGkSXOkaY8jTYgjTZojTXscaUIcadIcadrjSBPiSJPmSNMeR5oQR5o0R5r2ONKEONKkOdK0x5EmxJH4l//89ZfT+Y/lel9e/vf8snz/5e//+Mcvx+fn5XZ7ul++Ledffv3PL0+nvPQ4dtMVf/n7f3559An/+3/+++svszP5h3TS/v0///3vr3zx/Hu+alp73EaWvxHvKuH5X7r8P+TL/zWOf+DfzIf8w+Tm/EPwE/9QfmMOofwqDUfinyz/NPF/5/N/9zO3v3z/OF2P99Ol+UP8+ofInRPfZ+DbC3J7s9yUk1uZf/ZWbs2bmu16D4+Bhfni5sDXpMhXmuPgla71BaZKE2Z+K7H8kZFfT2qROij9j+Pb59L8ETZUClGe1mN8T76Y5zcfyg9zLH9TMKwLrtxQYDUJkV/7YxJueepe9Nfym3j4u0P3/fJyXW7NXVc3zR9IeRr2UO790Y29qEXkR8eviNV35rsKZPmpEr89ftBpgiM/aX7mXlYfBtLQX/H22iiPNZXyOH5OU7mPR45v/oEfZiT+b9wsd3EY3Ave3i5//utzuf74OF6P75c/luv19KIUwVdbA7EGPIJv5XnYwWu9tzpc/Zn8Riw/RhdnfiMzP/9Jnr/8vQeSpz64eXx8vJ2e05Zxux/vS/N3muqOHp0liwLwO7Z28H1+fFzOy/V6af5cZ2OlmtPgI/v4uF4+78v1+HH6ejy/vC3XL+2m7Q61VPPTUi/nvIm9LOfT8lKu0V7B1FcY/DCbK7xeL58ff3kZW19mcN/iyzxfzvfl+70V6GqB/ucEfhxfF3iXVAsd1rmNrj1Cd+tH/hiqUPYMkt1wHn4Gn9e39nv19ffq+Xvlvfcgx7B3g4/l/vT1ePvafL3V6+K9/NGFonyrvJM/mlsPXeHzpZFePZ15ZumRpQeRPvhFft6/Pt1P780rmKqnxM+/bJuPa6w7exi+xnK+PzaX5jKP4pz1Tcux52nw4K/EXj7SvtVKr4TzsWZXi+an7x1tjO5QP6pRi2WVebl+PZ2bj7PeC21k24L3fj57p8CHML+WwMdhmHkpstFmZvmzPas6Wfmw5kFVr2+7PQan2voutyr2pJixj4l6oxd6P728vC1/Hq/t43ZTvcmIoXoY3N0/718v19O/07t8Ws4vHxf19GNtnR7KjXsn36z/P1womQ/t85qr58XfsGMjcZJT1Q8ehfXV1I73KF6rvjHxKEZP2SJ6ebk9Xz4WZcrXG7VYJUaMn4mNeh/GrwaeVqxe+mzZqBbnxHgxOsXcMxMNX3HzUdeHBFu9jyaX5a38xPb05+n8cvnzsb1ePtsjONS7k3eDd/vvj2abrmTMkbfp8vgjP6g0fGBE+m/H52/PX4/n8/L29HZ5vXzen27L7fb4VG6fHx+XhyvefCv16z/wMeHkBPJjBhG6LLycry/Hf66Tw8iPGQXV5fLVGlWrLTpip34SD+ZAgxc5Xe9fX5RaTfXeVV6OZTPd8vH36M9UzHvx0tibEevkEGVPPchrFh/ayyrFsVPuuf3eahNDfAsTx5T0eWsQVVsQn1ueXc4o8Q5nxjbX5+Pb2+Mtti/O1i/O84sTx5TGzjiWDewJa6pLuMH9heVtdzVPtSVaNpl16x80oFf596/t/jI1+8vPSQM2uW1s8jHb8vnr8vxN9pDTl+uxNTNjvQey9novCu0H39nX09vLVUXsTPOxsUVkiq6FQX/1+e14er919qP6CfOh5yVk4/yghrydltYGcYfGxB/8gpOYZDkt96+X5k6p2jkn3spY1RxvRV4iNo85X2UnEW+l2ECD93Fqrm9bXS/fJE1snh5kCyinx+BVbsvzdbm31s6htnbKX0a8RxLbyCSP4bBGNsV38oN26vPb5fnb7dvyZ/vHTvUfO/MFZSeyEogaNO/SZe6Xt+V6PD+3n2WojTs/aJw+X15ac6e+YXaUZolHT4Ov5PKyPD1/Pb69LefX5SlrYe/TqW+bv0kvronzg9vV5WWRK7ZfULVT80nLeuf4OlPg3WCWkLtnbSA7qAP1PWw/vdqeYBrBqmBZGx1f1QVx7xzfGv8QxP70rEA28lZJblCVLi/LH8v19OXUBm/q3ZIPfI4uOnYUXRXuW88pvgU76Pw+X94fMcDz/dY+p9qPHoxYrqL+BnZRW0fN7OBR8nDxr5/P9zZA+Ujyq7YVfhMcZSYOL5A8l8NBQkpiQPmD/CQ+kl93Awka+1nC5NPgpnu5fDu1Adu5eqMT38LEG+3k5AfZCNcdSr79Q1h/GjN8851A66l6wS6MuQZZ2nabt36u99jAe6yEwe3g2XtpwwvVx1rU2pmVy41+YtcFaGN9x+YwCJ+eL5/n+/VHs3WuYvgAZ0cvDDonz9dTe2j65ut3bA7IwTgYXXm+/tHCmtpm5IPQczQokgRV5sG39Xm7X94/rpf78nxfXlI0+v14f/6qA9G1uxHGdqWX9s5rz5bVy3O4KUoowM1jG9XL8tvn62t7m9aHWocj67CwYTsq+7Gp//6nsoNivWGJOTfIKF6W5+uPj1Zibe5adjDnQRpRBMJoi6mtActx8nkQSxTJxclo5daUlo3bedBxe1m+HD/f7p2IlK8eL7HDQms8UsLMfjAI8rK8LQq5hUoJJwnWHgZ9r5fldr9efoDnYmv6Q2ZUy/44PS9PAwHU+qTkAIoXs8r5wds/3T7ejj/aA71GkL8UE4qNFDaKplB+CHwCB7brg2RiMAsOkU+/9VC3Ek2kNX1kcIcqdw2OP6o8ID6mnBh5Ysc9ZhsPXejyfjy1b9XWZIvjHjEM3vjl3CpfHauiOPgpfrSbaB2v4/3Ns9sZxZh0oxr9r1Z8E0BlH5Zdvih2qRt0oF8+t+kydp5rK4oj3OIyHlaLYzAto935bBOk4RACm18zXzCKaWhWvj9obi/vx1MDBKY6DYQ/I7ZMLQMCzyHPyfPG6SVgJ39+lI/mIGEPI768rFL8iXt9Kv5JCz3rBAHOVWE8Y1dEyblMxJCAt4UodvZhDXMc1sij2DqyOg2miSxncFZWt+s4+DAPhvSKQHhW2kPj2bKiDLoJRTI6Ew61n8rPZR50/Zfzi0T54JlQGyMcm/Xixjo/fJlylXQiL/elpZA1TWYzyoXVWR78QuUqmqTVmWUmSLB90ATaZL00Pgx/1mx0Ow5JkBPeJSlyEpSzEi/2g5ZououX5fZ8PX1skgNrg5QvwSek40DEeioeJGBmZ3kag5v58v3BYF6XxqDQgSlT50EZ8UX9oGm4fG8OpLlOB2Il5I0vWj71SwbniPTTdbk9tcfwo3ZjNTqF3/N7mpjyzG7l8GuS6tjhX67cXrixSDlgIzlvdh4V3W5ktokvcqCOdTNK3owbBLzL9/v1iG1q5+qDafBRfAEoyNWWQRhM8/hyfD+9/Xg6K0Ix1wlekojHGZ8rc2XLgFOUZjYioxV8JqBOsi2NJN8aCVGneomhO15elutRBVadqR+inGomDD4Flnk7vZ41Gq1D68TGCrFmz3YNcEscfRDJflnuz18/b8v1dP5yaTMMai+2PHXeKx1/XbM8T+tkH5LThWjMBP5yersv1+Xl9JKSljP5aT/tejPim5HsDXYC+Ssh3hPnlR6vYVPZRP3qbtDYFv7ldH7ZZKjbQ6gPcH4yg37Ll8v1ebkuX65LC25tHRd2TIXiYT1Tx3b7L5fr+/GudNXUxymH23gzDIO89sv1cr7/TNKCqS0ow9/f+hacH7NV4YXxBetDTILrXgx5Gts6X5fzSxtBmpu0UN6c+MgRrMfb1cTp2rOXQ09SaMR+lzRj4yRwTbI6HcaMqNflnDaS80URK3uovXj+cOdp7KGz2I9vWqqrpXrW/uEnm6QCa7uOWbNzMQ+epa8qZh1qCruCgkH39HW5H9/eSkC8/UarL9+zXBKEexi0rl+XO8AIpjIrvOxxEq84DH4tr8v9dF/e25SCenN3qwV5kNiZuJI06Ii8Lvff//zW7tp1Nq4J4pwOhgFfl/v7cj++HO/HVmodIQ7iPQ66eK/LHSESV4dwzNjW+rrcPz5/ezs9306v35YfX66X99Pt9rlc9YOwh9op5Q13HvQbXpd7KoVog0R1IDGKWzC8od2vxz+vy78+l1v7pdTpxyR1MQca/u5uy/WP5Xo7vSwf18tHa2ZODXsef2EwklrnNbBNEGW3PKyVL4NA6nW5b0umbJ30SkZOYXkwa6nHIDOQy0BQR/WZL3+U2FiDcPb19Mdy3hrUdeUBW3SsjHZNDmN/iTOjZql1EevSyAOQJDrjxDUmWZ0GYdvr9Xi+P91/fCydrAVTn12Gr+Slms+NKuij5qMJXFQ7OAf/HEcC4kFo06BnkOSDN+tcDQ8Hk0KTsEbMXH2drB6WManlHdbzS524RnKWfEb+V4FPq8j/cZRz0YjCGbf+JKtiPhmJVJg1z1xAu5MQBYm8ks05+JcnP6DNLame4szHbOCzMfKTiKy6cYUMAtslYG2MqI8RrGgGj7uv9/vH5fzWbsq190sS3hgsID0dm514rj1pdnblDxRnqxQL/rX0F1S5W5nHEkea5Z3TYNiOZT89XNfT+fXp+Pb69Eeq3Ox9zfURznripfjV0eiFW+xRmzWWLZiJ86qMkTOBBvXwtPX2Glect0rJSpHoDyc8ceRikttx4rULwFhrFtdMozUvak0GWMNwg0GFrkNdM2q+kuOPJUrwwg36HHIdkJRXm7F8gFoJk7EzPss5YtfwHI3ZYfXVYa6erQODfODxy3N8vVm2Lrt+AvRTD/r9+P34qqz4WiX5imvQ5Kf0cOvSVaci5xc52ensYGlDkV6+XlX3a6lOy2cQRWue0mD62+Yil+vp/rXZ3k19KcNXWD1gL9VvfjBL8fR+OV+e3y6fL9m/QhZvHejygyHLrdzbx+V8U+/mUPtvY/ZD/re1lOqJlPcridSDWc6n80uuG2vvztZ3x+flalANpq2fzo9y2ueHwfOuEIKrjzDjBhN7k8Dz8S37ERtyY2sfggbLIk7n+/Vy+1ieu6kTpg43GNYzzwDWuMH8rtOtroxsM7Hr3ChaS6nEZhHHfrA49XTLNKK9Sqi220lMncOaVj6YlXW6vV2OL6fza2uA1WVPg5mEp7YVQp0dycEMCTdECc66wZy/7HG377LWO37QXp6vG4xvZskoBFHbTYZPDS89Edxgcvnpdr9c1Xnh6sdj3GBw7nTLIfyNe2PrZ+H4VoV7zYKTaHWcBw/d+pLI4/HV9hcHDbrfWxE1AhpOAv39zwZJmXobNpyIbrgIwXPqrRfrR+xF4a7GD9pBm8BP3b1mNauLBcJ5Mo7vygfBKmvdrmjVWlk2WAX5uJunz+up/Thq/WI98PL63SCyech+Pj5/XVDuzmNKanWQM5XhsAAxICIxcg8rlLErRxrTxN//vH1dji+P7ggoNcHUFTCGTW0vMTM3mCGjtKomUmwVeVaYKPU1pazgr6UvP55UuMzU5eiGn5lnsByljmY0pfvb8kM9mfrQY230EmF2gxWM39qSI1OXgKwFwvKhzfLFMaiV9He3hnMHI0ff7j/aa9dbBkcqPKP/KEljJTnlL+W/XZ6Pb20YrTrGWYkse0yW/wAvBazMTGc2JqI4OGZ1euSDd2tOgqyWWsqxmz2pJ9IgsLLhsK8QBr/2JBidVqF51cO3+Xo6694LdWYsm6OW878da9HE/nTgmFKQXgesV2FthCTZ11aCVrS6l4Px95TnfnxrEpJcTVDnKAEoOU75I13vRY4eyTY0RiIecigYM3jk811tg4SuTm0Mg47H1nOtiQi7lHy/loMYTmr0efuYGIcGjrYEI4E6/oG/xyA5lWtSl/VripWQUVml1TUfTHd6P34/vX++4xzTahefOA41rfmKa0XAYNub9+X9cv0Bv5RmYzJjtgwbnzsnbR1Jkzwx/jiIvxsSU+Yg+u/XhjuDnDLX2J0v99SfSzkedXIrDYKK3GlkSyoqUcygLCcvWkkgk1JzjkPPbOPHNW69BnXWYL7UvEqQNvX2HLrjjZNbn6FCUdKECdZTiYMPRoIluPC3hzNZX63adHSR1Lz2mRk0lOUy+irOV7oaZQ89DLYcauT+drwtGyfe1OmOwg6kdUJcEzzN2InSXBI1yPKVQRoHTbJGKPRwXC10zAZbA0epTg31TqrTCQ2HlteMbj9YNqJCVAg31u4J8XYdBy2jSj6qurO1FUjmJ5/OA69s1aYupjdsB0t/xhjXne0nL/f7rVM6GGpHxtvBQwCJRQpUp6WYEoT7Genbbn5NDyU/GD8XiWvjJ6ju1d3G+JM3e16+31FpZu2NHgbT/kXo5fTyvBVq6oIfIwW9fjCUv0oHGlgnMhu2/td2XgdJKvWDjb2qq22/z3rXWu3WwyDy06IfW3F7YteR/cGmVCIUJo/U9yso6zDox1eiQTS9brhEP6t9qV5VtQGrU8IEUB8GA1UiGRU/NmErdgCmg5yjApv9YAKavhrSlTrYPq1NYQfz9TtX2KhMbcVOa0ukwWw/fZWHnazk21r+an3/5JGX0gnRU6pb80xrNcVgCn0r/+N4vZ+Ob/Ayde2a2KKHn7URcjfp7SZUvWqp/prEvzxI3Y3/2aMcJECF2kWSYOQhyEY3WOYo13iEjds/p65uXjtwrX2N1x7GP/nn/HF8O70knwk8xLpCmVH8JEU9Zs1eMWMfabsHuOYgZguXbfQojqUbfHwbF6nOJ+JwCX/2lt+Ol+4Ya5kEZwJxyDc6MfzWlOQ1nUcI2Bq/ltVpkBU8Dn8V2q/zueZBT/4hpjJRmhbBjfAm/GwGj0stfdMeuL1Ek8Ey6HG1l7gut8+31hxqDNwSnf9rqafnb1o96rgcfz+Wk8oth2i8NCfh8NMsfcXXcJX4zZIsaJxdM2mCKMPgd3JJbZGVt1BXmY52KD8rX9zWQbnRjnabnIo6sVTAjFROlyfIYNVJpx4BC1KqzJ9TkK9etk8rgT8rdVySvmec1PPQYH7I+XL/cvk8twGZuclUGns52KK2dX0YSfTkIJuDH+zptvPN1nHqmS3ruMYH5dlJLZwxgufNoAFyOe+3oKw3DuLQJrGnOUmi/GGNLw26mo8Ky+tS7J7n63K8K7Ru6zEa02CdAzjYrKkD6cw7JiZts6Bftq5mDqDP0rmfIUYU5GgGXd+/2jbrPo5zlBA+X1iCHNKzxghcM0YIvhl+PHsPvNpreTuz/FAsn44Sg3bSv44/eWLXcuLg6iQdVGRXPKx5p3bNyxKSKxlNtNaiDXpijz/uvjs4oD6jiHccmkUlJMy97vWDufKXNmBoangjUMNz4DNKfqQbjIC2aZ2uCZNwbg7HJaPYbG5wPsqjiz4ahdDEDcxgPv9D2E+MLWjarpvBbVNdY2hwAbV9/sa2f1QaXKecD1bufByvyIc3tdFqOWgyrS3XBs2oj+P1tvS7u9o6xcGxsToPEhzdzdXWNE2snTiYgPvxKIW5baydurab+BSNg5lZH18v5+Xp/Pn+W/vKa9+cz00rpbtsjUirzYmJ3SzZ8uumKye7VBcYGT1i5I7NNFjJUN8ybDJS+/186Fip9OVQkiSATrwrzwJapfe1dLM1kgJu1tkDJKvTIIP7OD3fP9swRWgC/3y3Uv3JOxRnskxs482cWhTXaoq1yd2adb2OB5DVadCc/bh8fH7k1udfl9PrVxXObrJWBgsIK5F/nl50r+MmR2Ww/Ozjcrsf3542PSeaRsfl2GW3MwyWaD9koy7VrmmZToP2TC0NbI5NX3QabHT5kJltz0fJ+3V5qFeTo1Vv3WurYDE/uMyU3Yp5DT+vRrLke1oJn9Do8Sj3p7qwuDqVPwz26vi4Ll+W63V5eXoEfjZ+asMUygckKfqSHspG68R5VTNn1cS1mke+drtOGpOaJpLVaZBFfVwvjxMW6lJo7J3Rw/V6+XJqc4maSQTchkLm0Vl2g7z0DuWcr5mRd1yTSWT/kDiQkdYIRhrqp4GHg7f73vZWqmshWdOkm4IMTHNeDnb+QYrOOKMp8FsL/N+EytWQvVFouhVPjyrfWH4a7MdV2le2AKreEQ9yOJjBqoYi8vhxaqXGRqq8osFknFXqY2gXQHHUdvobVugiNRnASGzTLGqwH7iI/eiJbZo3mcHO8kVsDkZ86GyaQ7VFzoMh1I1EdK91L4951FvhtqhtFlZdbjvoV4mkx3CuVAAhfZbbJ9ok9Q0yKxEuMrcV2rVTHEY9oL/sCtv0ATCDpRStWIWiqT42ZL8YTOwvkqGqNmHdwezIIm+jpE1D/IMcQGZwHl4lNnustcv3qJVu77wJHQ82m91cYuNabq/TOMmDDdj0ddCTbxzjQWyp5F6X++f1vL3lZrcc9QM/b1+XF9V1tUDvTglR7XHzie0lD8yNGrDpwn8xxcrUDpNUTE7zekz+ny8GwL5plGvFi4O9D9vmoa6ZDccWHqd8RYmxukEX+19tfUNtpBiO4knlbJS6RTfobbON3obW68yJwfoBFnS/5BrIdt+t+2avwHjtIjaYTqIvAr+05pQfbFOlBYOjo25/NsgtWql6TldTDnoQo94MHssb4ehhNAk9ZtBD6vhtdYEfh1Jk6J9jE9ZNAogkHVqcNQlx02D95cO7uj+3Pnkd/5oHhwcUObATXLPlM1p27JwR37MkusZ19JNElOyavyj2vR/staDuDeVM1g6ZPMRprZgaNDpBHzZX9xCbB4tYixzUcqHet6XbsECC0cymcoHUN6V9V/X2JyPO/WBRQS0WPuaamfDJJghzkkbvEiCkte6CJH9g0P4pN7PJuG5GV9FgEKsIQ1tAM0yKBkNYRR5K/2q6HElOhV/7Iw7CyvYS8HXUiUAcW5yl+w4N2sPlQttWF3WyF989v2MnHEkqnSQUcViH+q7t1ddiyrUTWBx9Eq/6ITdTIsodMWALg3mvD7G3uxoNUU9EmAfh7nV5jCjfdlmr7c51qpN0BTRSJGZo+APdGGc1m+cguMxScuteyBGXtdBmHeo8OGCMzd/Lb78vz/efaPdSPwgO6HrZENzw+8qXlzrP3uVqA4eVwpMEBQcTgflyuoK25izS9XSS8gsaVhoR/5d/UdOvkyNgfi1UHiwILpdEA2Xr7NqiOpIcxCZMkCjcQapn7TpEabBvcLkJbTvVHfJ4i2EFDWsgcDDW8bjI6bo87Xlx7V7a1Eky6vLSHNwNUvnrcrt8XtuMojrntMiV6Xj8vXICgoyjZHDn+Jh1vKk6CQuz2TB5SUCQdjr8uXOFU5BRRbxNB5ItgV+wTEqX5lWSqHSQ6oq1k6OVYKzct7FS+iy1sEYmwBgnBqEXeTJEykhqhaHBjFx+3C0ArtPoZHQ9rYVMckE/2DaOafbTwxjp7XItvmLcuo5aGjZ7yrX22uE15x/zH78ORxqM//C1tI1V927wEuDnjYFE21hv1jctuywNm8rrLSjrpplszuBjDaavE/gGo1B8KTAT2ta5H1K7R2vf/5/8a3QMqq6o4+3UrvOt+TuWjKh1dIJs8naNu6y1hYOdRurbUg+5bpnGdfjzGquUjZ4GQ3I5BqfIoa1HE81sAcyMJgMnaQTpQb0m+YmVIh0KjLSUMGv/V8l5NrQWYQ6GkK7LH5fn/lwlY5oaT8b76xSdYf374/Jt2fqETXxSymb8YJIbqG2hZqoo1wKvAwUHtea2mSbdTDbmygPP7zOuU0QHQdft+L7cTiptrQ4kSbpGHHQVWGK2R1sdrB35NbI22OQwmUyNxVSXqvAeKb30BM4LpbTz6uSPfUpbK632TcrD57cru7RkMPL0EE6jcTJglo9oxxu457ucZJYXf5uzDHBmtyVI9wi+eFgNNenBIK1yBVSvxuM6G0G2OUkukhkDRvZ8Iwnrxq0j19dDXOTJaAQj6Y6GBotu8sPuHbdNJzOOWa9zrgb3xtvyrDKJbN3jRbJ94qApneSd7j+km57a2+sSF84Entc46vrcBvP6bsv55feb7qFQfweDFZyooXOd9UKsvCS25mFwwnIR/W1pB9jFtifN2IZdZL2dviSbod1N6kxmSbgwo582F8CpnF1qBg/yXrI2BR19T1Jep5lkM/6ZBltw33Q7/brWUOJah8E0jBvsdl83yvQCtAbbLt9Qj/s6CiAznYxfixbkS6DBiNxtuZ8vqRdH+wXUL22wU9iWAdnaBSY+Uyf2xGYJZh/EJBztKtllQbaOpc5rMvqg6dFDQfV2OQ9WnqCxN7UbQhxomMRYlGydw3pmVPHW8Rdx+ayS/FSCY9Przw9GVPvAycam8+6amzf4ZWfB4JHXAHEwV/QhrG0X6OpmeWGdkDQIkbJAgAbrUU6D7StubyfdfdLWn/QkucDr9KN1COwgLt3sv3XFvXSpk87NbBH9UkwtMaykCZJMbJO0TS4W4Y+WgnjP7G2xRxHEzDmIJS1Tjox4Z8bOq7rL0SCNpmhw7C0ovq4rkCR5uWpTvQ5OGdTW+3VZ7k/Hl0dJv2pyUn9V5VnxiwyDAdrb52+Nc9KM+WYnm41VK7aubCTi7nLcJK61RnI2SNWkcWvnMFmdBrNgb585ZL4b02k6f7JzJT2w3KCRdl/Ox/MdTKmtkwaJVZbEBD/IH+8H855y03fsMTcDZvjJrzPrBg2P9gopjPuUm1B1H2LDXBg1rO0YB1NW8oV1FMfUOeQCtGbJuh7tR7wtszd1Hr2dxHmUENdgtsr9R1s6VQ+6NOwCeKmq9IN98D/bI8zXRoPUXQxW7X6eck/F5u+vWylxnFGSfh3vgRPfeGAjLkh5AO/WgXfcKK6i5CwY6TtvpJO5ocEmCZ8fL4+Wzk/tmIamooLbiFi+K+nd73lvm8QP4/BRlHF5MhLNSNmOWXvFk6xOg12x8h0jX6sOR9JgbuqnKuZyjSfBnzj7a1EMbjcYufm8LZtGZHWYex78uD5vj84c7c5XW9asTCRacRjMDtl2rqjTIVjdJj4c5nVrlf3HD1pSj0sdXxddJF/bw6zKVFkNw08IJPnU7hJnJjm2qIitAGK1Jf7OprXWVZI9DmK1+MHh3HxPneOk8eWkdbMQ3cFEop0MIlfPJpwHeTjLg8WO9S4psb95LVepRnSPHYaf99Nbe2jU3pvlvXEeZD9J3N+43X6jZ3Umq+PXOw/a1KXpygJmp9gmX6X8+YxxBBwKI5zXSr6K2MnZNa/hq7G/+M/lNx1sbsrXuAOeMG2pnfJrgxi+Nw7+RSnclgGTRioXzTqMg2R1GvSAvrfbbX3QcEzfS6W+PAw3GDv8Ts+t/PpJcPjN8xYWJXjtBuPl36n9hGtf3rAz5HkPjlIE7AYz4L7T/f/dHsHi5iK1s86a4nmDjOI3ucEw3Xf6bOXXiJf3OC8Wh+SAuMGzqu3U7JsKRYa6MgZOwoBucMP49+W86H2+iYNynqZwfPEiPfPriU+AmR2RuM7/WoehmxXwix8qq9PIPMV//vrLx+ljeTudl1/+/o9//ve//x/UiS1x"; \ No newline at end of file +window.searchData = "eJzUvV2X2zbSrv1f3KfenuYXKM3R63HyTJKZjL3dSfZB1rO0aInuZloSFYryxzxr//d3EaAksnSDwkdB4302GTeKd0FFAKwLKPzPi6b+vH/x19//58VztV29+Gv88sW22JQv/vri/9vU23q5rg+rvxSH9ul/LeumfPHyxaFZv/jri029OqzL/V8Wpz9anP7o1VO7Wb94+WK5Lvb7cv/iry9e/N+Xl/ar7ar8YmZQ/ikw+/LFrmjKbatTO3hsJk4Pfr1clvv9L/VzuT09vtq2ZfOxWE4rGLS0V6NsDDRF93F6ElWwibpTptrelK3AoT0Dsd9/2VVN0VY1p+xyaDSEA03556Hct+XqYVnvyr2v9JO5/dFcGNH7+tAsS3+1JzshZO5ZupS7J0cDwGrVlHtriaoV94u/rA/btvnqIebubMK+s/qu0Ij7WDebom3LlY+8oRFuget6Wayr1qv7Bja45e3qfVusF8t6Zf3WDhWOzXCLbMpHh+F7qO9kgVvavm3Ksl0U3i/s3YUlBqmjMeXQPpXbtloWbfl2101d1nIvLfCPNavyt7KpPlZlw6TurrP56WzTvltBx+lGo7JdPv26L5sftx9rLv3S6GFfNpUyGtSBat2WTbn6cSWnpzfrotpwhcnd0Xi1kmuo5dF4SIeqoyP18vnhufzM5cvJh3r5vFd2b+XGL/W6bIqt/TLLxJd2YPwGDv1cfHn9yO3IpvhSPN7IgX/V/D/Etg7f/398fmZ7r3tbIeXW24dyv6/q7ZumLNpq+8ilvd7uleHl2XBIRz4V62pVtGU/wHK5cTTbRxC/E/H9PI+yGK0m6uYcSe3XnbEHdcOxfKBLnLqp/i0/zN8VTeE0dxEL/HmU5rdifbD/ANVIuyuWzaejQadfnXaZTvjwp/uh2rZsDgwNPynDIR3pFoRvnor1utw6zT3Qic7ocmD0Zg78XLZPtfXnr5Ebm6PpkM6sqv1uXVh/H+scOJsLKXpdP1ZbzndAGrxB7G9cF1xQtd9Ky1Dy1nGJBRV7ra0MBe+aerNji4yTtZCSu6+yply2vzYVl+6jyYM0GVa8TG7zCT+au4Fo1g6XFm/R325pfr1wj3S/lexdt9z/2SHXOSFd2ty4Jj7t5f/ydccuv1U2Q8p3gy464R7wxUJyW7RsXX00FlLwofpnRwr4uvlQrU8GmYXT77YHx86W7b6xNPRZE0vyWXUN94JuINJvGTcpz3XxNlDntWSbFOcxkQ30+U5fkxKdh82BQL/Bclqe91vrNzBSccNR5U2xXn8ols9OiaBx429nLw3Q5budhvTTxJDIoNWVEJuJLJumth2wkcqjnZAyvyv3y6baOWxM0ipejUyGEt9tfSr3P7KoVraqgHIrp0Q7EuuRWzeT2pQfm3L/xKW3NxdYtJxcGNQe7YSSqSiPyyoTqlXmnOcuQ9FcatllUhz0Zl2V27abkUk6+ioQoi05kBAVN5Euv67vsnEAid+prDXdl3NV3bgdM077frvqqav8/cu2bGyXUcgE92LKbYTXKvMZ52GPTey8+2f9WB/a987JV70TnfW1tO6Zh7VxyWW80rvgPGpdkUzfvb839WFn/srJP2d+03y2W43aBoDV3nLulBHrn3HcKTqBThsvkUj3fZdmQjccPbkJ2JPt4qnYPzGIPBkKJPRgS7uRyIMT1zYU2D4t2mpjOxRCmWdTgcT+e8cgUxoJI/BD1bRPK/uJBcgcmgojdsn0Di3DvkLlpqjW/iqPZgKKXPTJc4ZX/sJeINlfGF4oZSSMwI/Fplp/Xcj/8hY6NhZG8GO5XVlzGKD1ZCeQzOpTuWXq1pGtQHK7dSzDwulkJ4zMqrDd2AE0KiOBBHKsPquAK0+FcP01nuyEkbmpVqt1yfT+jI2FEcyjNKzEavnMJPNsKZBUB1CMdLrCYiORu6d6Wy62h80HjvmIWAsvmXExpTMbyImqy18xhMfZUCChTfmxbJpytegO7PG8etBmKPn1x4pjrjgbCiN0z/SdtQ/7nbU/fGDQKI2EEXjYdZ/DqwXHImtkK4zcz+WHfcWRCTgbCiP03/W2rOzPAAOlA0tsUkep5/3+UDY/l22xKtrCVu+oMXvyebiBcFFuV7va/sQFkHinNWzfw+Pe06WwiuXz8qnYbsv1QkGZRQ+QF/vDblc39vUrkFuGj7mhk4GdC+/U8qlcPp96sfrYOMzowBmN2VBOyPef9dcAJkOJr1fl4nQibaGOpDE7c/0RgZxblZ+qZbkINtBdsx/IrXK7OgU3ozcas4Gc+NjU2/YGo7bpc27pZmj3wrv12BTbdiFhPqs7OruB3KhWC7kZZbGvHrfV9nFRrB8X6rQ3q1umzwnl5rZt6v2uXHIPgFrDoRyRf8Uh/GgokNCuZsfiYL3hCEkdmAokdnfYP5UrMo31xx05o8X0OYHcPD6p/vBHuWxDv/J2Twvs8u64USuIi9h6YJcOTRXYLf0TArpWNeVi6j2xhmEaB02eE8xNdSp20Z3q5X7ptKZDO8O/FpowHcyZT/WS/SsJWw3kgjqMx/o7AJOhxB/UZMEfS3rLgVxRy13GKLoweBPhUlqQrIjpcwK5eSx4yfkTIZt88odZ9Z8+P1vq/enzM3v+fG1bJu8o4k41te6bzm1dHq/55CpGNeUUY/t+nKQ4BfyUENu9gmclThsEp6T86SzlT2Yptin2kxKnJPqUkC+2w85Zyhen0WVCjOuIcvfMLaT8uqittw6e5Zyas4qqnF9q1ZRVjHW997MYtzLvE2JsT8adpDgdgZsQUre2OzZOUlRTTjHOAy/3uOs87HKPun/aJgPPSpxyfxNSDnvnKUA15RTzxVXKF24h2dJZimzKK8Z5alRNmcXcPcSZ8FC0V815VR3cBR2YxThPSAzTEfkyclg5sB9sfS6/Osu46xu79IpuG9ZPn/c/lMWqbJyP2gML38IHJRbl/oF52U3aD87KfoTSqO1thZT7h0PGQKNWmQop1mWxrRHrvPg2Ftt+tV/racQqU9xi49lJ68/1tn7T2egKovyt2Jffjypa9U+e0o4tMNcrOD1EVW9xu04IG2Ev5airTOMt8k6Z7lq4F0rX9OSkMw/lsiltx7brjuyPZgM70ddreVDA+fX6sW6q9mnD6E9fwaVH2sXgCYFd67ZCvCmWT+V3B6crJ6ec6mwvO9urg/vNk3bubPokdyiXjvZv4BYaY39o2537+HpqzTFiIXlvq9VS+eOk79ycpV5VelZYDG6K4ZB2Rwy6//yDLpvQftpL8GuzZtN/MnponEoiTPuQRed6Rcuu7lxzWLaOgUvVj+2F7PxV2W21/ukzS0DfKWt/fPabsq6rLk/lpLjipdyu+h2+QYJlrP5Lt/n2sRxV434zLObq5UlvffQGuNZ4tfDqsWxHiQQfHx7L1vUGMzvFF4esPFVvzvZCKle7sEbx857cuOHjiDI/CiCPGzgs/OqO1aLrOn2c6W363NZp50FX4fXv3Z50Lvmdwcfe4A209yMrp/r9yWRY/Z/q53JcedJPfGfPufKkhfJBcPrLvlGk665N9JHOcGfitAd4Vf/O/ZOjb8uwnmddTw5U8S0m+27Sbcxg6UP3Ou9WOlGldz/JnoXeJ9TDLB8dpC2//Pvm/LVJT5coOKceh9KG9yj4rQaP/XXlXHu5enC53UMj/mTU/boPUwfcKi5j3Ryj7xW5HnX1sWbfyvqmwrvJlUVwb4hVKJrcZBe7z2/n5qF4xa8ePdq1ZR/DnMoXX0ryKV887hydUOvyxUikW/liI4GuZWKBTK8ysUZiXeqvAqHO9VfNRbqWDNOp9aoVZiTbvbwp0OxZ3tRIsFN5U6DVvbypmUzX8qZIqld5UzO5LuVNkVTn8qZGMivrEwBAY+V2GMBIoFP1UKDRvXqokUz36qFAq2f1UCPBPErDSnSrHopkelQPNZLqUZgTyPUtzGktmXGWZSvMaeaEU2FOJNu9MKeZUN/CnEgzS2FOQ/kuhTmhZufCnEZC7SteApGOFS+NBDpXvAQ6/SpeGsl1q3gJtHpUvDQS6ljxEij1qXiplYqyFb8pAFDVHikLYoNlq834eqq32z758qYpi7banrdgX72q6qIpc1rlXdG872tAWP7sg5bcKZX+TtFFZZvro5ruRpasQ3HYOddLxfhqHZtiEktD8V1Tb3atefypv+cOusvtCE43PGvt8HOK5jdZUIlVYHer2qejWfvfW9uJE8yi36JXNz/Yl2O45szQ/JNjZQZrp5bDuz15HepMLwemb+yM0153G5fcd7xbO7ZSd5zyOnM2Gt6Bdf1YbfnfGWn2Zu/Kpvjymvsl2RRfihu9HS7Xi1xR73zViLX43XjeZVF/shlefuN8v+0VHzyvtnVwZLztkckJ582ODg7s60PD/SIMrN7EBblM/Xm4hZnLDWl547h92dmVX77uArnSKsvhXdm7bGS54oT7PhZ7+Q4XV19T73p7tbX4Q/VPyVaYu/9QrU9mgzgx/Kh7P96L7XagFBvh/pyrtfkYb5V33TsrbS/Ptq37XtOX2o4/bSF37nVqgbvLHactnTKvCQt1GOegqBXtPhxOSwbR0Ae4VzyMbXBHBD654SvwzvvwBu5AnRPVui2bcjW+ponPmd58v8NyeTQf1qnq6Ey9fH54Lj/z+XPyo14+75Xl27nyS70um8L+G9LQn3ZgPqxTf9jX35nwwfXgnJVkhhlXp59rwjV3puGacJE7w/Nb9cl4WId0R3O8nWE4n3PNEQo43g8+Ls8/y1XOMWoWAAG+H3woOsiSzQLIeiiXh6Zqv55KeFhou2zLjImczoWoRmEOqixah9djIOiOmLF+Gfoe4camQ4l+xHRa4PGKIg95AxPM4vqB11shtcMsU35DeMg7tmeWpUrNt/ZpsKG2kRF/gcOx5Nf+i8BxswNt/m0cIoGqfM6RXPQS80kNLNjrsIapZJfzGliu85ENK6mu+0knNHvtJTUV7352Ayv3PL5hKtvpBAdW7H6Iw1is6zkOjWCvoxzGol1Oc2gEOx/oMBXrdGQCi3U/NWEq1v3gBFbseXbCVDab3uBC3Q5RaMR6nKMwFexxlAKL9j1N4SKcdwJkO1Nh7IrTsQqNePeTFcZyfQ9XaJSznK8wd8LliIVOufMpC1O59gctsFTHsxamMp2PW2C1ficuTEW7HbrAij3OXZjKdTx6gfX6nL6YEHzOGh7aan1eyW3q1WGt0yn/1P5refBYMdhGWi6br4NddB8PW3kr9OSz+0YOX+zKzSkl3e6Ih9HGExtJp9ZBtNGKPzbK3Mv9TOgqtw6/Xt8oiBLHX4+2DqLN6dcbt+XV9Vhuy6Zoy3+NduEayRo1DaPq3T/efO8mqmsZRpNDaI2a8qqq9mqvxd+7b2c7VaOmvKp2RbMv3xTr9Ydi+UzOABlpAwYYFJKp7i9yNt4Wa4s5b3FswzX5fay2BM+adNBZxqm9a/+ce0ET9u27w4d1tXyoHv9Rfv2vpt6oe1ZHVX7tNE/a5PTj/IPTdtt6Vapf5dpvf/pLIAw9SQEBc6tqgWbl9Fk8piKvz/X3TFaeVMuguaMuE+rKJm9YHdBV6tCogezvO5pqfOeCjQPl0HIwV/qTDTZlDq86cbJpuR3SSb75rlMD3ZZbTh0Em+83vSo3SO+OBg9zZnlhXDUNMmgs68O2bYzOGk7JujvbcezAvnt0nKxuNkVreM/7pNChpSBSJcGozO7DnVQ6MBRE6K7et8V6sTQ8VzSpdWwriNymfHSdGIZKT2aCiNy3TVm2C4sNCpNiL8xxiR6NTLvdujuHXtXbB9NjQRdPIDa4xqqRzsGlORYbSS+kXpoJNLKuyt8UOjHCSqY65bH0T2fDjiEBOpPr6IGxJ26nD3xccT2AYO6S1xkED9dcjiEYe+V8EoHJIavDCE5e2Z9H8HftZ+MKA7YuWdYZ8HflX6bVBmw9sas54OGI6TERYwesTop4CHc6LGLshft5EQ+XHE5YGDvkesjCzh16cuD1sNzPtVMDE4+qbe+4Nl9aORSXQkK9aksZZ7osCkyZinSoL2VgmrW8lLkrztWlPFyyLi5l7I5bbSkuV8xLS7k5ZFlZysMti8JSxq7Y1pXykG9VVsrYAfuqUh4umBeVMtbPsNbjLillrN1/dcdeUMpYu2U9KQ/xluWkjD1wqSbl5YZxMSkLF+xqSfnL5/8RpNmb/QYeiIetHJafA1bVsGycsC+GxeCIaS0sa0esDgZ6OOIB4ZgKYfmId05485TB8pBuVQXLWL59ESw7F+hXpztxcNtQeMPk/VkdX8pedVeQxeVALsOSclKo10JyoNN/+Tgp03eyHChlmSInxfoNwwOpDIPvtFCeN55hoKUyh2PTcZOkB2gkJoKMU/QmB095d/XW7obgK0YDfdFA6RxfM4byDx4wFGr3ZqB64Sio3TO8PnuHb7ONEShk2clI+m5i3cCl2mszjZnc0nfwGOrlGTkMBKPrxTm0u1wy7uiGKhv0I59+ZdCiDJGbcIuLsE1k+0I4M9G212GbKHe6EdtNvnENIxPddgWNHAUrYuz8aQd1K5t+iz5D+ay6wwimfPnNuiq38pAdoVVmhJk2Z2PMVOYEVzNUemkhBBB/U9fPlc8uw5GBUN35nWJvVKZZT44bh+jE77erfmuKjN+yLRunvkR2giw9PWY3rUbvOQ724sSW7n/Wj/Whfe/3haV3p3vEWj6C44PLxjnncVnvjN/ofEX88FX4e9mqgnseQwq1EeQV+Fg3y7KvIssm8k5abU5W3br7og/1yz3fHcvYi96w98e6uSPu+UedB55pSFPp7tlILNwzKTkhm86p4xPfZlOpw1FvsxnUe5/6yECovXg8wu6UJbcfeNxR/mVDTeR6Hsoxk7xh691N6N5tF0+F26SB5J6shZR8cNrWh+Qe3DfwGUptnxZtZVZozEjw2V5I2f/ecQmWlgJKtarSayDYvk6vk+wl51u3vMFLZ1xa2ECvXXFhd7lW1RVNddsXVnRz4AvXK6gsBZRqWQ3ZQLJLPWQn6eYVkQ1UW9ZEdhNsVRXZRLR9XWQ34caVkU1E29VGdhJcmZWCNFBbWVSBdJPKtjquQq+MzWtOG6i1rDrtJNiy7rSBapfK007SGTXfQKxF/WkTwbYVqN1Eu+6IQ4q9dsUZybUtmW2g2qlotrd47oWdX+FsN3fMS2ebOGBZPNtNslP5bBP17gW0HR0xLqFtpN6uiLaT5D3n9+L+Bt+LhnW/TdRaVP52kmpX+9tAsUP1byfhFvW/DVTbVgB3kmxTA9xAs3UVcFPRo3T+z/W2ftPZUNsD3rufiNOY4ttpkM6GtUpfr9fqOW7fBxNi7x7Ltlivlyfrjt2v6Vq9S+rvQrizPFoO5spkTJlf2Xb9yS73txlG1Z73Jxhd8RDgN7gs8D/8EbYrVWvByZdj4yB8zgcij5X50+NzN7FjYyLVkxcjoaPfW5ZV/rlsi1XRFk56RxbCkNnhQbxFuV3tasfaCUDsnda6Y4+Pe1THaIrl8/Kp2G7L9UJtQlr0G0MX+8NuVzeOFUKRg4bPurW7t3DzRu4tn8rl86lTq4+N64cgcEtjO6g7cunH/wsBu0HdqFfl4lScZqGq04Rw6/pzQrq5Kj9Vy3IRdpC89pCQDpbb1Sn+uf3S2A7pzsem3ra3GvtNH3Zzh2/i6I0cfGyKbSvvrw4wuuiMh3ToeNv6Yl89bqvt46JYPy5USTl+B00fFtThbdvU+125DDJ4aq0HdUn+FZsLR2shJXeFRhcHt33+SPTAXkjZu8P+qVyRubGvhsQeS6YPC+nw8XH1hz/KZXuTQcLukbdwfnc8KRHOWfyIWzh3aKpbOKh/TGgnq6ZcTL1KbqkbjasmDwvrsMr5LbqSYEFeTq39m7gVaOU1YT+sW5/qZZivOGw6pDMqfcn/2wC7Qd04qHknUKTpzYd0Sq26uWPswurtXJAiw+V5TB8W0uHjkT32nw0ZZnZkyB1++vzsovynz89hCMPa6bKBo5w71d6tv7qu0GUwm09eslR7dllOb9RJlPsrMiXJ6WjAWZP7eYApUX/6ifozhCgnMHHS5I4epiR9cRrGzqK+uI9WE7K8Rqi75yCSyq+L2u3MwFnYyQa/vMpvaFDt+WW53WF4luVxdeGELKfyHCdR7nU4JiTVrdOGypMo1Z5dlt/gHmRs9xvag4zsfzolTs+a3POkE6IObhu4TqpUe3ZZX7xEfQkiKVv6iZLtA8jym5xV+xCy7h7iTPhq2ysbAfQdPKUdQsjymwi5pkHyJei6nglTB+S5/Oon6K634NxTul3XP33e/1AWq7Lxq0IGzHxbH9VYnudH9mXXaT+6K8cRT6O7Nxhc+B+uORWNbmUvuGznjwaNbL+PCGPZ7VfHValGtrIXRHZ83qt+2g3elcj8W7Evx1XX+8df9QKbCVE46rx9XVb29Kg6hy0FGfmWuiKmPHLvlP2umeeVe5renXTroVw2pdMIed2l/dH2Ldzpi2Q+qL0Er9ePdVO1Txtuz/qymf2WhWLwmFs42e2BeVMsn8rvDk3hWmh8yr3uAcvuAavzA27h2KYHDEGdOz7kRg7igc+3gi+2FGTgW9WbovL8FS5E3p2s+nb7qCc1Ljy17e7tdu30oTTlRGe3VnZv4YbrWfQpF7yOodvJ3xVumcgp+b3Nm8gvm321b0s3PjvpxNDyLVzZF5vywfFI9ZQjnV2vw9WWbpRLx9oSk04crYZyAS3d39RNqWYQ93X72UaQI7HdWaw3ajO+quLNpnR4zGt9NO3d+6cO1fiz7K8v4HNjYDGE+iw6FwJedrdNNIdl6/Ohd6F/ZDT4D7Aq921Tf+2rlPO50dvdn+wG9+SxvPiI9fbisWzrk81beMD+OzyW7W1/A1VFm9WB9mgyuP5q3+UWym3bne0ebHDz9qLaF8TwDXxR9e3H5coZPFE72h57syH8GKPzarVknpXvOpvLo83gv0SXofiR8Z1WGY9bKX/LucjoDN5oaaEqI7EPqMrsDcfUi6sk/V3wvZ7iytuL1tY/tO3OMyV+MsGWYUFC377zlNkb4BLJvuAc6uNdbR67Trcbka9fPW+StFKM7pJkEM9xleSEHzDjyZHrDJnlLNbr+vP/PpTNV8nb3n4qm6ZauZX7gYLv5BP+7J4gj8fVgyf4/gTTaZJit/u1cSpqr3Fktzs07oXtTWWrRdKPfqAN8CgPlGwnnQGqBcRpV12ol88Pz+VnTv318nmvTAYWL1Nv7P2vqgDepv9X5YfD46PbYX8sf2AxtPSPxWEtUbn7Xd46H6TprsXuaDqsMx/LVdl0380P5HvE25eTZbYPk2uuVOu2bMqV971dGn968z0bXx7Nh3XqAvjzOXQB+YM7wwv2QyP9m8P8W2D8K07V279pMYi3S/U2AAi56lCfpnjTlEVbbRnfn+6cvTS9PJsO70z7erdbV+pEvPMl33qH2uJs3u+CVlOn2K7NxU7xXplr6hTDNajYHa5rUM0dUWVnGSfSocng4mU1jF+qTck6kh0NtyfDgR2pDy3rT3C0F1b2nmSIvXWz5YavCecdWG8zkLbltti23/lvZxtpV1a5trNdceGwL98VjN+Eh325K8J/EXaj8etH351TVHlTPLJQNAPxvHNUyMlpKvnabern8KKz8/9cEvYkOnwiVvZz8GTswCHehOyUfM6k7NkB9sTsdRf4koPUDeYE4bQrjEnaoR/cidpJJ5iTtQM/QiRsp1zhTNqe3WBP3E67ECB5O/QlVAJ3yqkQSdyzT8ESuZMuhUrmDvwKmtCdci5IUvfsWLjE7pRTQZK7Z6fCJXinnAqW5D07FjbRO+VcoGTv2bWQCd9pxwIkfYduhUr8XnMqSPJ37Fi4BPCUc8GSwGfnwiaCp5wLkAw+uxUqITztEGNSeOgKd2L4ihPcyeGRK0ESxJMOsSWJB37wJoqn5DMmi8/6uRPGkw7wD8i3G4C5k8dnH4IkkKdc4Usin51gTiRfkc+XTB55wJxQvuYE/1wXepKDyWWPe4KpjSDnVr0vCIYqmW4GvuhFvRPu99FqHfC8h9ZCvEzqs2r/s7cYXPr74jN3iHf6m+JzczLL7wR+U91vX74wEuRdXdVbRnV3vTnv3r28Xnl02rHTuS3WD2XzqWzGR3j8fTha30vrTIdPrrmkSlD9q+5Gzvqz23ULGn+U6W3dFifTgZ3Z1m/qrXfdjrEX23p5shlcfvtf9WHL+Rts6/ZjbzKw+GMqgVH8wGRg8ftyu/pp7/nJRS9/367+2HN8cF0Xz7Ni4L263kb+v2qZVebVv62XvdEADsBJ1z/roEwE2XGhL+riKTRETZe+K3UcmdZz8fWAr5zLtHByRt9XNtcR/euifUkqVX2DIGH57h7q5vvkvhAOhxNaVMBFf28jzBau5bLc70klFl+Rd8oqVzGWYx/qXOjvcyxXD/JGOkY3Tpb3R8thXelBOp8HPToPLrwpPzbl/olZfW/1Ni50IwOf9N4au+SpQYbjzP7YVJjKzP7LXKDyjmulSzpTt++KY+8EcoNvx4SZI5viS7U5bFj2giB/evu3dmu/rla+GyWQO2e7t3GjrT0rZkInequhXDAYpLz3tl+a+39jsKLbXbl/hsnNovwv+WCraKA3fHI7W7DBa7CfLewANkng2QexAYoPM5BNbyjgHcyG+woCDGgmMLVv8cDlmTQUBtWU69JzO8eFxruTUZ6OV92oR3vM6h85jhmYSN+zS9+HlA4Dvdu5w/KBMTD0zc7YVCPfXD3sRpMuf1c0bVWs2Xp+bO+b/gGAVN7fgfTtlWqPMrfhWfDxbINtjEeRw5DOUyZCpxy5JA4Tjv7B0Xffdfnff9lVDCtPjSPl0HpQlzjSjkMn2LKOV2Tv5Q/gud1hJHxfniwGlc6WLx2q502XXnNAbmFiybmPfejtcmXcr7mhtugz6j8ZDCp8z9vtwXobzk+/+qbaOwNh5qbVqin3fv16End3tubZrbLDdJI3TH15pywFlPqhatqnle+pgrPgob2AsstNUfmVgDhLPtoKLXfxqWyqj5Xn3Eh0D40GdOBjsanWXxfyv3jUjy0GlP5YbldcY9vdyVhIwdWncsvZ1SODIYV3l4pwDdQnYwEFVyuny4qBWmUpoNR1vSzWXAFxMhZQ8KZardYlZxiPLQaUzqj5BmKr5TOn4LO5gKJ3T/W2XGwPmw9sIzMxeSPx3HO6znZId6rumDpX/JythZTcnUhvmnK16Pb0MEY/NBzUkfpjxTasn60FlLw/fGCSqywFlKoue1otCj/Uc1Y8MhhQ+Ofyw973btmz6rO1gJL/XW/LyndX8FnzwByzaMQRfivW1UqmdT1hAjHER43neZSdb5J6O1FVp/26M1AMLIQT290zpquWYyoX2AgneBwFphID/+S+PXiz3puqIWQu9sJGCDz3rmh8TvQOmgdJfSrysV+41cug6u5G5tyG1WGHTWOIxcGtutKF6rE9Ttk0dN819WZnO5KqRkGC87B/Klev+wMP8kVwryepNRaIJze/FeuDGw2ZlnpXLJtPR9uO0aDt2InjLP3tv3XzQ+V2DPqaW8NnPFUex6Kt3VvWq/LNU7Fel9tHt3Fw2rXO/nJg/z/h1s/yzHxo5zbHp9zIxVW1360Lp6ogV9w6W76RK+v6sdoGerek7du+U5viy+sgL9Om+FLc8i3a1ls3Fn/Fj6PdG7mxG8/tfH6cDN/IkcaveOUVbzjqVjq45Fwb6Ko7fuWBHFxx37xy1RfPbSwuzsgl88/1KpBD0vxGmb+xU7983YV0qlXmb+SU+9ajK+54bkKyd8S1wOU1P7yqXFq7caj+KRFriJ/kUK1PtsO5M/wQfT8uLuyx8R1bCvIJylKge0IvY4luTf9qf4xuR+nfm2Lb+v0S1EyQn8FnQtRp9J8KUSeyD61a+Z6D6rR4ECv+tQigoSDx4l3GXC/1jqeKOe5UnTtcd4xMucV6yYiVe9XRLY9LlCY8O3nke5mSs1O/1OuyKRy/gA09awfPuIF73S0nzN70Jm8gnmtW13nCOqmbu9WwTurIsf4Jj90T6tMTbuDaJ4XEyx/dDzRNuHW07nu86ZpLFBW9H3wan38qM2I0ahsKw74ffOa6CpRtQwl8KDblQ9WWhBOZKRw3DiaxXB6aqv36ev1YN1X7tLGWeWEgBCfsg/af1Ud5F4jLG0ZMhDmDzCXsbun8mtOu0nF3Nqnuc7qh1AOb1EMAqaMwlTU6PWa3kYEw2NrrysZLfRLqel7SOO427bLIuWY6UF1v/WqkG0luysdq37pt/waaB+aCim4Pzdbx9mGourN38Lh5WCebvnlvDz4Ly7GFQB/+/heMApl8V4uSXuQ/t4/U+65rzUR7Dh9UNMf4cV00231+yAXem/zMHHJmH8gBP+ChFTwcVtxLmgSvZLJoXV/Cy8IfC783cLpmgN8Oz6FYhs2d1yqS8PTqwE4ImX2ig0crNRZCsKQBvkKPRkIIlM4vWkdePlQ5ssQkdTgiMRDK26BJ5+lWQyL95ls9eERvFpvssz1u2TQmOt7js8+f2vjW6pxAfd6lTi56LkQJESzdv4qIqXjnQiJYuF8tESvRXkePJ9T7Hzs2dcOzqAj2gaOuiKkD7qVFsHbP6iLGsr0KjGik+9cYMZbvXGZEI92v0oipbPcKHli2ZxEPU9medTywdo5SHqYO8Cq/jWSPmh4a2b5lPUyl+1b2wPJZinu4uBBgkuUt8WHslHuVD40bnoU+jIWz1PrQ+MBX7sPcHeeKHzof/Ip+mAp3rPuBRfuU/jAV7Ff9A+tmKABiKt+jBgjW7lsGxFS4TyUQrNy7GMiE9PNuj0Nbrc+ryk29OqwnFcu/d8wEDASIwWnOctl8HRxS+3jYLmVq46qKvqVrXkK5PqWpOywwruRgLe5kIpxKerOjtUbPax0nFJZb19+2bxlOk89vS02EU+n+244NBFD4WG4lYv7X6KisucBR+4D63v3jzfce8rrmAdW5huCofQB91V4lmv/epQkc9I3aB9C3K5p9+aa/aJnsXjJXCaxwaSVT7F/kemBbrG3n2sWxIeuk+7Haki0bxp12FnQy4tVn557RvCjtu8OHdbV8qB7/UX79r6be/LjfH8rmp+GOfgf1k4bZPTqHw0Xj8kv7h8ESTP4Z0IWesVxX5aCmxBWb6q8tXVaqMX16fa7qclELa2pdPJIDjLhI7M1poYIxkzQSd2fJJK8Z1W5L2A/+2DBPY+ZAtS+I5eCu/LMujG8XNHVifbIZWH6jjrEyij9bDCzd+KJpM912N01biBajRFJbLts3stm74tFo6TR61IUFnkFlVMKMPsJmZ8ZIrM5SgIGwsNsFbi7TaTu4kXkGVGbhhi0wY3BBHpwN48eyN30LZzZFu3x6vTbbcGDhibRbrB1fBGs36u1ruTXyu3JrikYsnKm3auPl6mj9Ni6Z78my8sVnGWTvhPzIDPvjyLfmP/AL2Z29sHDJ4RCGrSNitNTo5njr2bpvxzRHD4okbnb1tty2xt9d5xae30mDTlGnWCz65KxBNXXrlrPvU0fW3jW13RxKxUkDfAo9Kq1eFehSXXXKKG9FVQP57lVUXdxYPlXrVWO4z/y6+oG5gKJtioZe12xdKNRFsl1x0OuiHQqCusi2KAJ6XbNt4U8XwRZVMq8Ltq2M6SLYqrzUdcn2haXcRDusZCZVuy5grGRbVMK6rtm2BpaLYLsqfNc1O1TeM5RNlkLD46+2a6G31jd5WCyG3h5az9XQ0UKg5ZD/hDwSyDUjn/rt2uFnLt1DgyGFnw/heg1nY/Hnw7f+YxpwgLxsvxpBXWj8V1uea/Gq/brzfNN6A9/ud8dQINt3x7HbQq19R6J51r5XJPsuIkeKWRaRVwT7r8lGkpnWZFdFe6/JiGqeNdkV2b5rspFmljXZFcEMa7KRZq412aVslCP7i+V2glPDBcvOgsHM1ScdBysGi8lrMc5clivPSeIvJhCwXL05NnCf2S6Uj22y+8G3uDRRzrDc/Mv0Y/RHMdXOr3CuDZ5wW9fsGaidY440lMctay7q4psbIfV18MhK/x749zuy0//Q7+jJ7Ox85aB3Dg4P5q1jraZfanfmc3SV2go6i9GH+c9h0GLYGczvq+26cI7PuL9MPSUsTzJxkA8wOTnq8wFr4J73F62TU354x8AtBt7j5JjHt7uBV74f804ueSAiA5d8mZGTS14JCwOn/DMYjm75pDSM/PLOcTg55pH0MPDKNwvi5JJfWsTAK4Y8ialj58SJqndlmCxRR3UZj17IRa55NdahikFbpwWZQYlKHmF9jUrL+oQaiwaCv++qTMqt6azSy6HZME70V0GWqwfb0UMj/2TQbcCwEG49O2kVu81DxlKtB2aNUP4eHQ0MFoX2RpZVO/4BYVkftm1js6a/FHR3NuLSaX2X6LKDdbMpWjs8DSQOzfCLlPNb1Xp248AKv8QObBfrxdL0PlWtyrEhfqFdNX2XIX6o8WSDX96+bcqyXdhUzNTKvLDFInc03ux2a8cDoL15YoBlBKKX3bze7d6SMxCaS26ItL5VKFHv60NbNq931Q/FdrUum//aWuq7NBBc6tvR+Zj+ua6yobEbuHCRlvb2Q2eRx5nxG6ce+6betuUXm2wF0d0b4J/zd7YHDCeE3bmdKcQWTeKjO+TiEw2D9mECeZikvXpp10jiqCWLODHOUv8sS19+LhqLA7tK27g1/0sD7oO2Dk/NpdXM38/2EGNanju20NoNASquOeGLJqyd6dafbzp2Wm6tstxXHOnMLgdmb+jEz2X7VDt85hi5sjkaD+uQPSK64oQjFLIW7oKBrkh3Bj/W4q1RzxXlbnDHWva2Nr3c2Ej10VxY0dYM6opqN+pkLbuxvKfKSLvT/VTODsiUJ6f4o8GbCGfueGnzNv3umgLWi/dKBVtJP112zCpfWt24J8DsXfjF9AYkKxfsbkNydME1Ma8T75Wgt5Dtli7Tqra7E89RtAvKvSLcGd6aiKcfz28m1sMGX9CgeZBv/DeHfVtvTnsPZWLh524rp11OYsJMENnfqbU0rYNloHTckv3z//svbVO8dil9peSR9t/SZz+S5vvJT7sr2Oc+Fs/zqW/ohOsHJZTu9TFpKNj9QxJK9vyINBTt+AEJFft8PBrKdfwGg3J9vr8M5TovoaFgv+WzoWTHRRsU7LNgM5Trvu6Bij3XPHrR44rKFmXlh+bPLbkZwWPZkouVzSU53at8fWnw96Nl++qdSho1wL84+Fg3y/K9xQWlV+XdSZPWd5RO2b1SOPd4nymT/t7qob/7JLQLjsOrTrvP+Goq2nGAxZJ9RtgJwfT7YXwLgcFng8u1AwZDQmfVeTgYNOYfCqzPe2pEOR7svLTGe4JzWq3TUU1zyQ71a3V6XUvWToodhuiP6kYG2b/24TBqHeRjlkHSnTLj0H/jztGJdNxfh4T6bK8zE7vh6dFN0B5tF0+FwwoFCT2ZCib2YA/CkdCDI/I2FNk+LdrK8FbIq1LPxoIJ/veORao0E0qk3ZXuV6Q6XOZuLXjJ9l4tQ79W5jfOX1Fqede8m1C7C3BNFDvceWsv/QvLS6bMhBI5vqneW6zTxffWoi2uvL+i1/aye3updtfcX5PrcMG9vWS3bxck1+PjxUhqZXiv7hWdlc1VuvYieVavVdCVq8pzcug8WQoldSO3H7O9U2NzoURzqQ0ts1o+s0k92wom12njINLqvmXQSOjuqd6Wi+1h84Fn3iL2biGbdRGmMxzMkarbnMgSKmdTwcR2WfOmKVeLLm/O9TpCq+FcqD9WPPPJ2VQosXu277Z96O+2/eEDi05pJpTIw6770F4teBZnI2uhJH8uP+wrnkzD2VQosf+ut2XlwuiA2oEtRrmjFPh2pbYI2cs9tuRPfTujwrEmT0Z47hpeOEhE+lBBJHF0Lzm++NZwuwBpzr2NwfrW9LE29yvTr7PLH4fWXRkmMhKKZbohQq1Cf1QIe5AbGer1+6HDK+KHkfLTZ5uCyMr8T5+fA+DCtc2d0GMhd6qxQ0917uvy7c0nd0GqMa8g+0+jkxzHj58pMfbZ57Max5TzlJw/PeT8yS7HfuY/qXGc7KfEOFSHOMv54rgwnhDkPuLcWddWvy6m/LqwK3NMJZ0MMAurPF541ZhZkEPhqbMg13pTE4Lsqzed5DgWbZoQU7f23/gnOaoxryCPAZp/fPYYnvlH5z/tj8ie1TgehZ2Qc9h7TBeqMa+gL+5yvvCLyZYecmRjbkEe06lqzC7o7iHOhJeqvTLArezgI+rALshjAmOZvgbZg67Rm66R3VXpyuqoMc+3WDw7Sft5aP1vxb4c18zrnzOtENsIct509CiHml2oPXtGZvQQ14wMMsL/JV6TGone6u7qbdlbdHiDYM9d6eQ3df1cld7dPDLD39GrelNU9ovYCXl3J5M+HT3uPY34p7bdvd2u7UfUKfmd0VoZDe6AE/mcEu8OPe2E7wqHT40p4b3B8MLLZl/t29Lh0PKk/KHZ4E7si0354ALzplzojLpjPUsHyqXLXoVJ+UeTQcSjlckPbbvzWZWc2oeb6M91LL3noQtT3xaGuaLTH8ZM9Ck3krnmix+YsXek3jpem2fmTr31uSjP3SnPFabWG451poUbPvcamrrkfZ2hq3u7UcUg9uHr7mS/OdoP5haaQv5VfmnfjO86tptDzgaYPmvTs8oCl1H2EijPfm2GRn36e9B9Zx+yaHil9HbfNodl6zxJU/1ji+ziYxFH6bBoblNyxsddZ/B0uTa/+mH4gKofftofy3Z/MhhcO6kO4i29PdoLq1y3XclPf7UviNXQXqBtTb4+qBodj73NsB7g1KqfB6dGxcH7Y9lk9Kmr1ZJ19OkM3mj06Sd2JuFnazdR/XpX8Qovdo7I0F77u+KRa63QW9w511izUN/oLsz2c+Fotq331ePWOytq68fbA9cbMHakPgR5F+Aa+e07nyRL35pldcy7shwqY1xWHrtLtxGLqS/vOL5yTbR+V+6XTbVr3deRl7JXI5u8HsA8nHf2LVjOrViv68//+1A2X2UFv7efyqapVj5f2qPva2n+z868vDypHpj36vbprEGx29ndxzzpwm53sL972U6wWhT96JG6GUlW5ly339mJfiiXTekBU4Dw/dFkUPH18vnhufzMprxePu+VvZCyJaDg7XNp8hZ9vio/HB4fHY4HY+EDc0FFfywO69ajZLdOvbTb/bnPvXKmbnwsV2XTfbvTZaGfFyezPKvCa05U67ZsypVfzTmNJ73taiUzNcuj7YDuVMqNB/ll8Pja4fAJdqV3QX1xPDqfSzF144/Pz/s3xfKp/O7geGc5dqOzu+zsrg4+l5aburEp22JVtEUIV462b+hOvf1bsXx+81Rst+X6n/VjzfbO19sPxfJ5qSyvj5aDutInkt80ZdFWW673pLsXRtpdnu0GdqP1vqVY70pbnG173MFi6k53ObaKq/ceF25hdzrbKrK8790ydce3OjR2hKU6tLkL6qg215Q4tBdWtrr4qdqUfKPU6eKnk9WQLnjS6bFyDhR9dQPWmMz5KebBctckMw6XNxge23JbbNvvPLfXjlQrkyzba6+IP+zLdwXXd9phX+6KwF9p3QD7+tFrVyfV3BSP/qDKQDbjbBNsmoFJzfeO11RSA/w7Vx7L9vV6rTZzeozKQ30dwi/W6+XJpk8HH3tOL19p55O+PNoLK1smkvlU/9mbCyv6ffGZNZQ75U3x2evS1Sn58F30XICo9vx44QPfN+hA4h33B2jffbqka7Fed0/k0T6wFk7yfgyxvQSzkOvrcr2SklRv6JDwn7iHipnm7QvJcKigm/KslXPeyEVu6+g2GJONd17y7pRJlr13x37Tie9vfy1XD24lzTQOnMz61DgzdaLPSDNp7/PQYSX3V4dx6u5N3kB89+Izie5N8YqdGkC89zSM7fAPJ0vPNTTQd8eyjiYdqAOP3ggCOcAEH8xc2BRfqs1h4w9TkCe98Zs6tF9XKy/+gBw5G72BA23tc+4Syu9NBhFvMAB1hR24POpsfesD0UljiMFIduaNBqSzI0He4SlXAg1MZ49CDk5TjjEPUGeHQgxSk45wDlQDN9gHK+LE1ID1wOKTtMKfM12V69KHr1youztZZOhs1XX6HB6n7kfvfXAmove8ovfBRMOA7viZ/wfAwMo3OOtSdUzz7bDrTLr5XdG0VbHm6e2xsW+004FIxr4n/Xnl9InMK/gcQDkbCFfmwzdlxnihvS6hxyJumM7zDIW+y64L//7LrvJdJWpcKIemwznjndQbyufJ6V0RvJed7lPJYiR5X57MhRPNk4cc6mZMQ16TLhmjf+Z6rL43ypK3vuaA410nGuU+N54YSna89wQKDtPDcKb51Sth3bUOMMs43p9+Kcvv/vRxJ+nEOtyfjoS63p9uJNL9Xmog1fNeaiPBbpc9A7Eelz2bC3W/Z1Cn2POCQSPpPvcoA93e9ygbiXa8Rxno9blH2Uyq+z3KSK7nPcpmkt3uUUZyPe5RNpJaOVwWA3RWrvfGGIl0vKIY6PS5othIqs8VxUCv9xXFRqK51IaW6XpFMZLqdUWxkVyvm3+BZP+bf61ls87IjDf/mjniePMvku5z86+ZWP+bf5Fuppt/DV1wu/kX6va4+ddIrMt1ukCo83W6RiI9rtMFWn2v0zWS7HqdLtDrdZ2ukVjn63SBWr/rdLVyUe79t2JdrWR+1CcBT6wwkdPx9R9dNatB8VdcL9ngGpApOzcRri8m7KD+wtgNXHhf7g/r1l21ah9E6NuJE/kGOkHzQDLHb5uRtHCv1lvt4X8jYaRxMIn6g/2GMi8MBJHaVWd0+IEHzYLJkqcXmte7ajzsOVymdN3aLZy4GP38PdGZDONOU292ViOUasEiRoyW26NKrobXk/XNAqkZVmi1E/R6V7FvBHh3Mv1653zVOjLCD2scU4ZacV6ZQ9hvk8LdLie5pt7jWhIbF5wvJNHr97uKxEa85yUkehc4rh+xc8T/xo4pb5ju6rjiEh5+5DrBe/wZWPkGByCqjmkEGnZd0CFIo59lDDJwgmEQuvCAaxQykM82DF04wTsOGbnCORABf9hHIuwUHIp2LEPRLuhQVLjXFNUrlCeGfSqK4i4MNJpeymcZTc2le46mOv0co6mJE/6j6aUHTKOpiXyu0fTSCdbR1MwVxtEU+cM9mpo41ZTtodm61FKfcEUZPbjWVL/mAMhjqCveXu92D2XzqWze1JtdvR0WCzNLbujMhEq/DG6++7l7Jy1zR8jADaTu3UXyzLFgPeC5EPiGVwAhpv6gcz73ZB9+lg8yvQee1/kn9NAzRYAp4lLyZSJ3dF2VXSa3axpyPO3sK/AyXFT88nVnxZauGruNCxeLI28/oMVQE8jpsX4TCTHzLU4oSCLXxEJ7Ubtpu1UrrIdqVb5ravfJBjoj7xHtzO+rVbnrzYd3ymvWxI74z55W4r1m0QkP/GdTQzd8Z1XoA8vsaugAz/cydIPxg9nYGbYvZo1HvJ/Mhm55r4SgMzwrIr0LVybw9/LxnnP22Qg3ldfe3mm4oqPt2ZcR78kDXNcRGjshju43vxXrg8MR1SmJd8Wy+XQ06xDGum6cWA31l1bXzQ+VQ3X4aWeG5p8q12Lxlk6tqv1uXdhX2Z505Ww0vAPr+rHa8v8a0uzNfoVN8eX1o/3270kPNsUX56uOLeXvxpu7WOSfbIaX73zgf9IBv4P/1i64LhOu+OC1TrB0wrGKwaQHPtUMLOUfqn/Kc5LMHhyq9clsECe0K59hDXWnpc9brk3l2rXP24NzNl5niH/1c7rWklfj3dCud2QMelI3yrNc0TbtEuNVbQbu0c+U9/0tXz/XKzvwNGoYJAV6fEL3veMkTTYMIu2h2JQPVVuSFb6BtnHLMOLK5aGp2q+v1491U7VPGzuBF63Zx7P+SMk/q4/ycjnr94m0D1CEj0XS3dLtLabdo6uEwiPScbFmKPLAI/LALXIYjr/2l4cchw1rydTAt1OhCSrzK9J00VvsJZCwaM8qSKay3QohYcketZCs5LoXX5jQ7Vl4wdQBn6JIWL13XSRT6Y6lkbBqn+pIxoLdCyRpRHvWSDIW7ob+NKI9oJ+pYMc6RFiwTykiU8E+1Yiwau+CRKbSGTXfQKxrZSKNYK/iRKaiveoTYeH+JYpcxHNPlIyFiozdcaxVpHHAp1yRsWT/ikUa9UxFi8wdcatbpFPvUbrIVLJL9SIs17mAkalUjxpGWLFvGSNT4a6VjLBqr2JGppKd6xlhzX4ljSZEn5Na1MIf+/+1HF4Gs6lXhzVQ3/8d+CRHT1Ef4aY2lXyrj/2jbJyJeG1X7n+sY9DYSdO17QyM0pyuIdCaNJBsdweBuXiHCwis3XAoLn/FAdfK8g7SzSnzVc2WaNlarDmKvSI1QK/SFL9lrSTyCK86SbrRYjSOnff12Gz4JjIvjQQY15b1qvxNrdyNvm3MNN51Zj+dzTpFAuhELW1tl0+/WtyobeiFtGt9t7a7G9W6LZty9aO6S0HulmYMnLuj/f4KluXRfmC3qqM79fL54bn8zOjRyZN6+bxXpm/ozC/1umyKrdP4buJRO7B/G7d+Nt6UZueO5cY0Xzf+VQf5Ubb1TX6LPz4/c771vbnAomttlUV/D7qPIml7ebYd2J1PquZr+aP51VeGzhwt296DZePKxXJpuM/42m4I7YPqhmkBQpdKdVP9Wy7HzA+eXYokRoJ8AlrsaDcT6LCd/aph1r3spm44b2R3dqdbYb7pjk2VW9cZC7rS2V0O7N7SjZ/L9qk2Ss67OLM5Wg/sksX5AkM3bA8XOEu3OllgKN7+WIGzfPMzBYbavddthsK37gs2qNt3pWYo2/wQhKFuyxMQzsIbu928hupd9u96uCCTeKzyjxZvI52786XRG/W9c15TL98vv2kl/rRxm9cBaXajzN7IidGBWj4nWmU2sBPOGWedfL/Ms4Xw1nBfp6nu1mZfp7Nsq9NKhtLtjyrZyKdfig/uHc+Y6mdOoJ+VcaXNVTcFWCQOpHovDSdFeiwIBxp9l4GTEv0mwYFKhqlvUqjPMDuQ6T24TovkeLO9B1IqcTj+vCnW6w/F8tk1STVu/61tUQDqGHYpkD6bGEJ5FC/dF19mUsvRxTdeWo+mAov9rtwvm2rntvdDq3s1shrQhW6DSbn/kUu7MleFFV25QgMk2Y8TmAluyo9NuX9iVN1bDC9dzko8mo+mAopVGMtxFQs1K4s+856hdEbNIcSimdqzn0N9MRS7HZuyu2K34+jPybWZ3ycOEM3wmWMk3PVTB0j2+twxE+u1ChpK9V8Ehfg2A0p9vs+MpLp/owG1nt9ppoI98npYtG9Gz1C4RTUiA9W2RYgcJLt+FwO9Xt/GZmJJcR4vtdXjVt0dG04u2wQXYnaj+2PerKty23YJAELgTXbI0MZMe2SoxIl9AkYqL9uHEfqdYvV027OJxnFT/r1G329X/SY1uXws27JxeP2RlQCrROePSK0+z09J2HvcdaNMXfErGuXumOO4pnfEZ3i7InwY+n8vWxlOe+fjCNRCgJD/WDfL8r3KHDAJvJM2m5NNl26+6Dt9FsXvHAL2oDfreQzB3AnXFbNOvdei2VS261oOi/Zazk1IpnOlLF9uNUXKFvwzo+eJk1HzMDtvOUTdKTsuP+q4g/yrVF2XalmjykXuhqlXN2F7tV08FS4TApJ6shVO7sFhAy+SenDdqmsos31amFYfNBB7thZO8r93PGKlnWAyrQq/XRVrX/bNQfKS7w1bBn/BjCvUXdVqV5/OVapV0R0zzfa1dlzEf+F53ZSdYDItC+hdletSPs9BtnnxvKuKLUvnuYi1Kpx3XbB92TwX0cZF864LtiuZ5yC2Mqv6c1VpZVHsx0Um0+q2CruyNS8/eFWpZfFBB7GWpQevKnYpPOggm01vcKEWJQevi7UtOOgi2I2vIrUefNVIqm1lxKuKneoiegrnXaD51UR0ccW8IuJ18Zb1EF3kOlVDvK7cvRaikxPGlRANlNvVQXSQu+f7vtsH/74zLNl4XalFwUYHmXblGq+qdSjW6CDaolTjVcW2hRod5NqUabyq17pIo5ngURp9u1IlEBwEH5sGSJ+7M52xKl+Yc+4eZopDZHrhGySScpsfO2GFvBxrdIrUhOCQtgFYzn5/KJufy7ZYFW3h0Jmj9iFozvDI36Lcrna1U8UFIPROa9spFMY9qcv3Fsvn5VOx3ZbrhdqSsOh3ZS/2h92ubgxvAbvunOGTbutqeBdv4tryqVw+n7qz+ti4LUyBSxrLAV2RUxT3LwOsBnShXpWLU+Gahapcw+/S9aeEc3FVfqqW5SLkYHjtEeGcK7erU8Tz+qSxHM6Vj029bW8zvps+6sbO3sDJmzj32BTbdiHXaNxO6UyHc6ZaLeRmzkW3mbvaPi6K9eNClZLjds70UQGd3bZNvd+VywCDpNZ2QHfkXzHJP9oKJ7crILo4uOzfRYIH1sJJ3h32T+WKzHx9hSTm+DF9VDhnjw+rP/xRLtsbDAh2Dwzv+O64+zmUo/gB4R07NFV45/QPCetg1ZSLqZfHJQ+kcdPkUSGdVUfwFt3BzAAvo9b6DVwKspqasB7SpU/1MsRXGDYczhGV/eT+TYDVgC4c1MwSJLr0xsM5pNbPvHF1YfNW8qXAUDkZ00eFc/Z40Ib550JmWZ0YMYCHtm4Kl9IHx5Zch0PT2WDLY/tjW248Nd09lm2lzDh137FnNCKbclN/Kjl0KksBpe55+nPP3p+DQPzp87O9vp8+P4fATmuHOymOUu5Ua5ce6rpAl+ZuPnlIUq2ZJTkM4ydBruPylByHPehnPa4bz6cE/ekj6E9+QQ5j/EmPK4eakvPFYb48C/riOi1OSPIYge6eA8gpvy5ql43pZ1EnC9zSKp/XX7XmltQ6XCRxltS6XhoxIcmhJsNJkGvxhQk5deuws+8kSLVmluQzaAcYs32G7AAj9p8OmfSzHtfE+YSgw95nElGtmSV98RD0JYCcbOkjSLZml+Qz0arW/JLuHuJM+OnaKwvs2g5esg78knwmNp5pjXypua1JQhR8eC6/+oi569s79pBue+9Pn/c/lMWqbHzKRwEj387HLpbm9fF72WXaj+HKaUTTaO7NBRb9h1t+Q6NZWQss2XGRr5Hss+g3ltx+dVpRaiQrawEkx+fcnLxohSZh+0de0T1syjMyZNF56/qyKxbdHJbDQwqOuu7Gtlw6dNRNhmljV7V+eWMTpSB37CrWO3lsopcmkF3F+mWQNUqHb9PP5aZuvrq9TqO239L7dCmM4YUa9xTrGwX0+r1SRlqd3ykg1/ulMlLs9lYBuX6vlU7r6L2qt/WbzkBXvfZvxb78fnS9iaFyaIT/XNPpOargrnMhS2wnwBp8qasqzCH1TlnvGnnd66vp1UmXHsplUzqs1a+7sz9aDu9KX1/3QW1efL1+rJuqfXKgqVNe9RV3+x2SxeAh4R3sNtq+KZZP5XeHpnC7/mfKtc78sjO/OpsP79Sm3/cQ0LHjI27jHBqNf2jbnddIfDLANKohkT89vKmbUvnlqnNo45tammkFcizRYA/ql2p9iWc+Fx7Ldn+yeQsPVDlcVgfao8kQ+sd4rVotmaP8rrO5PNoM/gvsmrq7x+94GQKfG73h5dlwcF90Nba9feGpsm3rS1eVnP397u3e8B3v1jc/Mnqg1ku3Uj68VoVFuvvdKle1o++h4d/6fxUBayH4xG7ndFfQVZndhWgH53uDJvt0opzF/6m2q/rzL9WmrF3u6DHw6tA+fZYPaU8PuZWDy9Odey47Ta77drS/K5z3oji5xfd5rneN+SPd2r0fA7rlTH7c3fHOPFxxiSf/YOVWvXx+eC4/h/GpXj7vlfGbOvRLvS6bwqmKpaFX7eAJt3JtVX4sDms5YrjeAX7du/4hXdvd8SG3cvBjuSqbrgrdg+tlc9f9Oz0jwELpqnv9l4NbSTkT3wJ9QVxzrFq3ZVOuPG9xMXCwf1Cf1lweH3QrR/lztlpXA2VuLZzlzN9q3WTP4lo4yJ3L1ToZJKNr4eiu3h126hPhh7J6fAoysMqHqE+Ep+ND/gMO/p9qFeYrYeDf5/4Zt3LvWPYyyJg6NH5DhzxuGTbyyffSYRe3+ozXP0qHnbXXneqtP5eue2+dXFIrsTeBP8H7xdh/6Eu8LbfFtv2u3hRVkPFf2V8d7d/KrU/FuuqKOv/oepPrdc+Oj/C72dXUOYgB916ksm8ekFO+9eY3ZwsBDsV3f9nlUpbDC8P8BN4Rm14hMei+CQ9OFXWGSV0GL052GVK60BNmXkx9YKTF13+IVdkVNP3pM1eg3ymDf3z2Xkpe116erjJmjKByu+on7VDhM/bhS1fW8rF8PQzcN8P64L7+9A8YvRlL9YDAvj2W7eiAkKcnj2X7hzIXXvdFJXR/7ZuzycD6VdWyUUS9VzXLuNxRTxiFVHN6QmDvmGg+dYmZ5Rv50RH3v3dVYBmd6Gw+9jZv44HnXgSND0w7EUy8+FQ/l+PVtrcLnUmW1fV1/QeanPYUf7s3QPet4+kA8/cN9AN/Nbzz+qzpm3+TexqH2lgXqH2X6QrDcPXn3dFScLXflftlU+1anxHxQvhqZJTZB7g/iA7q9vmH3kKIfUDLbgch2SDqJ/BO2eTZIXrsu4m9P92yqVw9OF5dpHHhZNfrLiNTNyrvDNVIPdNofUV0v7hgVd7bvIX8bm7mkt3b4paLJkbZ3V5z49lCwDNi3iOKMhB2xOORNxzvfIOg77br0r//squ8ga3GiXJoO6A7/qPe0AGmQe+K5L3seJdiu1j0vjzZCyibaageKuccqa+Jl9kQhil+rL+3yjPBX3PB9QJIjXavayANRbteBgklB+plOPf86jezd81DzDurVVPuffrzJOzubMurO2VH6eRuWPrwTtkJJvND1bRPq8LlSl0gdmgtmORyU1Q+Jy/Oco+Wwkr1uJ5dp9n3XnYj8R+LTbX+upD/xaF8bC+Y7Mdyu+IZv+5OpsKJrT6VW74uHpkLJ7qpDy71f5Hgo6lgYiuXCtxAaeVcjNtI5rorIsQTBCdTwcRuqtVqXfKF7dheMNlseoMLrZbPfGLPxoIJ3j3V23KxPWw+MI28xOBNhPPO0zrL4Vyplu2h4YmZs61wcjvI3TTlatEl/9iiHZoN6ET9sWIats+2gsndHz6wSFV2gsk87LpPiNWi8DlncFY7MhdM9Ofyw75i+ow62wom99/1tvQ8RnbWOzDGKhjl739TRL2q/ZL4xAzXxth5HmVn2P1220OJN01ZtNX2XNJY3t12RetFa37c8K5o3vdHHewDYdA4QLpH5XX3C5cd9VTZ3ciYS4gOO2o6zep20fCF4rE1Psk0RN/V+/aisI5JdA4bhnl7hk8g55VtBarmgWQ29WbX2kmTTQK8zpebLV0PemtNBSGKzW/y2mVumXfFsvl0tOz0Dmk7dGI/RX9yoW5+cLp78ZpLwyc8uV/DaO1at0/7zVOxXpdbl3sZr7jVWV8OrN/eJdciKjaOeRVRsXZvVe1368LhLOEVl852b+LGun6stkHeJWn5lu/QpvjyOsDLsym+FLd7a7a1U2GUKz4crd7Ehd14zuby4WT2Jk50dSyactn+6rTgnPbkaNtj+WnvzvhYCJ8rPodBHNxw3apw1Q+vTQsujsiPh5+HB8AYnZHGN+6Hv5wdcisaYOiQR8UAa4dcN5hcccVrq4m9E63T5oNrPrTumxCsXThU8gqQAD/FoVqfLIdyZfgB+X58ns25GCe2E+DTsdZm2Di03nVvtDS/PJt3+R00/ar9EU6H8Xx+AWokQPe7T3Y6fb7THOo85uFTK91r4JwWTpNO/V+P5maTzNOgHX/6qTfuG7NBi/Y+uE03QFpXqNdnmiG9pftidFp9IbkeSy0zqQ3juEWGhPNJ4vpkmNUREMb9xOLrydhMgKDGJ9AZZLKUg8SdGbYO5JRLjAUgrVyrji45l8ud8OrkjV+5XGeHPMrlGnrlWy7XyrU/nG4SnvDEo1SIlXCe1bDOC8bFsLlLnJMKcop9bjFzy7u02oRLPDUHrrlzuSI9p4vsQO2oZRhG+36Q+nETJ1uGEfdQLg9N1X49lQO2U3jZnL8YXR8FbheYjht/SyUlgDKGghKks/SFnRxu2USK/S4xNVPrfIspEux9jamZZrd7TJFgv4tM9WoHHx0P8gYi5xlu1Pzb2qJxKc17W8a4s9g/9pFiv299M8H+e0eQcqb9IkYuOO84AML9dhkYyfXYWQAE++4mMJLsuoMA6PXaNWAm1il5haS6566MhLruBwBSvfYAGIl1T7oDuZ7pdkPB7aHZOl2XBhV31twLohpJdmUDQK8XFTATWz1uf3U45YjEVo/bg+tBRyOxHrAU6PUFpDrJdGn29uCefRi3D7A4cx9miSzfcXbQS7qBtt63/6wf60P73mf3EtLemV5L0/6bl8yc8RzXqAMcAxsUPQxm17pSgctJLVq3NNhlBaaFT9JruqCLz5GUoVDv0yjXykJx9ObACr/EPuvKoZOa4hcrJ3A/kUcT/OKk24vWaUvbUOHIDovM4ahzvLTO/bAZtfAtFRiC2jxrDF30GH/9Hizbt4SPqXDHKj5YtE8hHyvBHjUCJpT71gcwdcGrog/W71/Ux1S8a10frNurtI+xZI/qPhrZvgV+jKU71vjRyPYp82Mq2bWEDpbsVUXHVLJXIR2s27+Wjql4TtW3kOtcVEcj2a+ujqlsv9I6WDpDdR0X+eyTJ2eNHWOHXMvsaFzwqrRjLJqh2I5GP1e9HXNXHEvu6PT7VN0xFe1UeAcLdq+9YyrWp/wO1uxdgcdUunMRHqzbrw6PqWj3UjxYtWc1ngnZ5z03h7Zan1eHm3p1WE+olX/t9MU+eLgYYOZy2Xwd8LqPh+1SJj2vKOjbueUOlMtTerpzVuMtB5bCTgZCKaQ3qVjq87pGZUJduXX7Pft2ofS4/57UQCiFrr/nuDm7usdyWzZFW/5rVCnAVNyodTBt7/7x5ntnaV3jYMrcQm7Uml1btVcnTP7efchbaxu1Zte2K5p9qSkUZaoQ2ODRSabMv8i5fVus7ebOxbEZ4yT6sdqSzeeGnXUWczLh0VfnHtG8FO27w4d1tXyoHv9Rfv2vpt78uN8fymZ0m6u18kmzPN7898sXCjf89X9efCobOU7/9UX8Knk1f/HyxceqXK/2L/76+zGNsqw3m1LuHVvVy4P8n//d/9lvZbcbuftj9dd/uX/x8vf7l2n0ah7nL6OXafIqj9L//u+Xvx+tyL+Q/8fR2Pn/kRaiFy9/j19m81f3aTxqGF00jEYN4xcvf09epvmrJE5GDeOLhvGoYaJrmFw0TEYN0xcvf09fZsmreSxGDdOLhumoYfbi5e8ZaphdNMxGDcWLl7+Ll8ns1TzJRw3FRUMxapi/ePl7jhrmFw3zUcPZi5e/z16m4pXIslHD2UXD2ajh/MXL3+cvRfQqy2ajhvOLhvNxAHTxEN2jptFl8EQkerqYiCLYGATQOIKiLi6iGDa+DKJoHEVRFxtRAhtfBlI0jqSoi48ohY0vgykaR1PUxUiUwcaXARWNIyrq4iQSKBijy6CKxlEVdbES5bDxZWBF48iKuniJZi+z+1dZRhpfBlc0jq6oi5lo/jLLXiXZfNz4MsCicYTFXczE96hxfBlh8TjCYjlAwQiLLyMsJmNUFzMxjLAYDFPjCIu7mImTlxlofBlh8TjC4i5m4rR7k+9j4vNlhMXjCIu7mIkz+OTLCIvHERZ3MRMLNKTHlxEWjyMs7mImzmHjywiLxxEWdzETz16ms1f3CfH5MsLicYTFXczE867xLBq3vQyweBxgSRcyyT16L5LLAEvGAZZ0IZNEL9P5K5GOx9zkMsCScYAlchaMkcvJZYAlZCKUM2ECXE7AVDiOr6SLmCR9mWav0vGEn1yGVzIOr6QLmCRDs0xyGV7JOLySLmASgQI7uQyvZBxeSRcwSf4yi1+JfBxeyWV4JePwSrqASWbwV74Mr2QcXkkXMckcBXZyGV/JOL7Se906IL0Mr3QcXmkXMCmMzfQyvNJxeKVdwKQRGgjSy/BKx+GVJrpFSHoZXilZasm1VtwtKJOcPBistsbxlXYRkybopUgv4ysdx1faRUwKp+b0Mr7ScXyluXZ2TS/jKx3HVzrTvVLpZXil4/BK59pXKr0Mr3QcXpk2vLLL8MrG4ZVFuh85u4yubBxdWaz9kbPL6MrG0ZV1AZPCVVB2GV7ZOLyyVPcNkF1GV0YW8zK6BHwwWM+PoyuT0QUHoOwyurJxdGVdvKRwAMouoysbR1fWBUwKV+jZZXhl4/DKuoDJ7mGHXYZXNg4v0UVMFqGFn7iMLzGOL9GFTBajtZu4DDAxDjDRhUwG1+jiMsDEOMBEoo1OcRlgYhxgoouZDH4sissIE+MIE5l2RSAuI0yQT8YuZrIMTTQCfDWOI0x0MZPB2BaXESbGESZm2iARlxEmxhEmZITlaKYRlxEmxhGW32t/qvwywvJxhOUywmaow/LLCMvHEZbLCIPTen4ZYfk4wvIuZsQ9bHwZYfk4wvJU96WeXwZYPg6wvAsZEaFRKL8MsHwcYLlMSsCUTX4ZYDnJS3QhIxLYGKQmxgGWdyEjUtj4MsDycYDlXcgI+F7klwGWjwNsJmdIAVbKs8v4mo3ja9ZFjICfNLPL+JqN42vWRYyYoQdfhtdsHF4zGV7oi2Z2GV2zcXTNuoDJYWjOLsNrNg6vWRcweYQefBlds3F0zbp4yWPU9jK4ZuPgmsmsF/qemV3G1ozkvbpoydNuCJnRzBdIfY1ja9ZFSw5ja3YZW7NxbM27cMnh9/L8Mrjm4+Cay+VXDlyeX8bWfBxb8y5cchRb88vYmo9jay7X9nM01s8vg2s+Dq65HLru0YMvY2s+jq25/ttxfhlc83Fwzbt4maHAnF8G13wcXPMuXmYoMOeXwTUfB9dcZlVRYM4vY2tO8qpdtMxS1BZkVmlqtYuWWQYaq38atx78f33zLmBmMDTVv9H2JL963wXNDEWn+ifanGRY77uwmaEAVf9Em5Mc670MMzT+qX+izUmW9b6LnTmKUvVPtDnJs9534TPHmel7kGm9J6nW+y6E5jg5fQ+Srfck23rfhdEc56fvQb71niRc72VCH6eo70HK9Z6EnkzUz3GWGuX1LxL7XSzN4VI0gql9EnsyXT/PcXsQfDS9LzP28xluD6KPZvhl0n4Ov7cilOOnSX6V5b/HXATl+WmiX2X67zVsBEQgTfarbP89DkGU76cJf5Xxv8cxiHL+NOmvsv73OAhR3p8k/qNYsSUchSD3H5HkfyTz+dE9DkOQ/48IAIhkTj+6x3EIGEBEIEAk8/rRPQ5EwAEiAgIimduP7nEkAhYQERgQyfx+pCF0gAdEBAhEMscfaSgdYAIRgQKRzPNHOlIHIpGAgUjm+iMNrQNsICJwIJIJ/0hD7AAgiAghiGTSP9JQOwAJIkIJokSRThyJABREhBREMvkfRTgSASyICC2IJAGIIhyJgBhEBBlEEgNEEY5EgA0iwg0iiQKiGCazI4AOIsIOIokDojjCBkAkEn4QSSQQxXjDAkAIEWEIkcQCUQy/gCOAESLCESKJBqIYfgVHACVEhCVEkg9EMfxaiQBPiAhQiCQjiDrCB2AsYAoRgQpRqrg7/CSOAFeICFiIJCzoqgJCAyASCV2IJDCIYpi3iQBgiAhhiCQ0iDDyiwBkiAhliCQ4iJIIKwCRSEhDpFBDgiMRwIaI0IZIEoQowZEIiENEkEMkKUKU4EgE1CEi2CGSKCFKcCQC9BAR9hBJnhAl+AMF8IeIAIhIMoUowZEIGEREIESUqV0gOBIBh4gIiIgkXIgwGIwAjIgIjYgkYIhSmKqJAJCICJGIJGSIUhyJAEpEhEpEEjREKY5EACYiQiYiCRuiFEcigBMRoRORBA54p0QE+EREAEUkmUOEoV8EGEVEIEUkuUOEaVQEOEVEQEUk4omJCbCKiMCKSPKHCGOpCPCKiACLSKQTcytgFhGBFpGYGhIBt4gIuIiECkS8QAHsIiLwIhIqEPHLCPhFRABGJFQg4gUKYBgRgRiRohgQ+0QAY0SEY0QSTUQZ7kOAMiLCMiKJJ6IMv8wAZ0SEZ0QSUXQ1gaECEIiEaUQSU0RZgg2AQCRcI5KsIsrwtALYRkTgRpSr/XHZS5G+msfkVwR8IyKAI5LMIuowGDIAApFAjkhyiyjLsQG0U44EomQXUQZTXwB1RIR1RBJfRNkcCwCBSHhHJBlGJO6hAcA8IgI9IskxIhFhAyAQCfiIJMyIRIwNgEAk9COSRCMSCTYAApEgkEhSjUik2AAIRIJBIok2IgH30UUAhUSEhUQztVkTByLgIREBItFM7UfBQyqAIhGhIpEEHZGYYQVo2yaJRAk7IjHHfQAikdCRSAIPvBcxAnwkIoAkktAjwigrApAkIpQkmsf6dxGAkoiQkkjCD7zlIwKsJCKwJJIABO/6iAAviQgwiSQDiXI8JQBmEhFoEkkQEuV4fQfASUTISTRX24bx+g7Qk4jgk2iu31kQAYISEYQSSSyCd6BEgKJEBKPEkotEefoyy1/dJ2RbKgApMQEp8b0KQvilEwOSEhOSEks0EmFKGAOWEhOWEiuWgrBZDFhKTFhKLOEI3jEQA5gSE5gSSzoCAXoMYEpMYEos4QjE4DFgKTFhKbFkI5CExwClxASlxBKNQJ4dA5ISE5ISSzICkXYMQEpMQEoswQik2jHgKDHhKLHkIhhsx4CjxISjxOqQRI63ZAOQEhOQEkswAhF1DDhKTDhKLLkIpNQxwCgxwSixpCIYVMeAosSEosQSikBWHQOGEhOGEkskAolzDAhKTAhKLIEIhM4x4Ccx4SexxCGQO8eAnsT02ISEIRA9x+jcBD04IVEIhM8xOjlxcXRCC49jeHaChF2shccxOj1Bj0/EWngco/MT9ABFrIXHMTpBQY9QKGKSwy/ZGJ2ioMco1DkKfPwDHaSgJykUMMnhl3CMDlPQ0xQKmMzwoRt0ooIAk1gBkxk+eAOASUyASazOVcCDAjHgJTHhJbHiJTN8eAfwkpjwkljiD81xFIBLYoJLYkk/8IkUAEtiAktidcoCphJiwEpiwkpiddAC7kKNASqJCSqJ1VkLeDQlBqQkJqQkVsct4OAFOElMOEmsDlyg3fQxoCQxoSSxhB54n1EMIElMIEmcTkQfYCQxYSSxRB74pEoMEElMEEksiQc+rBIDQhITQhJL4AHPBMSAj8SEj8TqCAYOPoBHYoJHYnUKAx48iQEdiQkdiVPtAdgYsJGYsJFYog68oTgGaCQmaCSWpAOfQIkBGYkJGYkVGZlBXh0DMhITMhJL0KEZ/wEYiQkYiRUYmcFMZgzASEzASCw5B44fgEVigkViSTnw7wegSEygSKygyAzm42MARWICRWIFReBJ1xgwkZgwkVgxEXjYNQZIJCZIJFZIBJ53jQERiQkRiRURwbMvICIxISKxBByas6cAiMQEiMRiIv4AD4kJD4nFVPwBHhITHhJLvKE5wgpwSExwSKxwCN77GAMcEhMcEiscMsPfTQCHxASHxAqHzPAaEOCQmOCQWOGQGV7DARwSExwSKxwyhxt/YoBDYoJDYjG1CAQ8JCY8JFY8BO+ijAEPiQkPiRUPwdsoY8BDYsJDYnXAA54/igEOiQkOiRUOwfswY4BDYoJDYoVD5hCHxACHxASHxJJu4MwPgCExgSGxOu4BMzcAhcQEhcTqwAf8DAMgJCYgJFZHPuAaGHCQmHCQWGINnLkBFCQmFCSWUANnbgADiQkDiSXSwJkbQEBiQkBiCTQ0mRsAQGICQOKZPvEC8EdM8Ec80ydeAPyICfyIZxOJF8A+YsI+4pk+8QLIR0zIRzzTJ14A94gJ94hn+sQLoB4xoR7xTJ94AcwjJswjnusTLwB5xAR5xHN94gUAj5gAj3iuT7wA3hET3hHP9YkXgDtigjviuT7xAmhHTGhHPNcnXgDriAnriBXrwNvWY8A6YsI6YsU68L71GLCOmLCOeK4mXYjsYgA7YgI74rkqlQK3acaAdsSEdiSKduCt6wmgHQmhHYmEFzHeup4A2pEQ2pFIeBHjresJoB0JoR2JxBcx3rqeAN6REN6RSH4R463rCQAeCQEeiSQYMd66ngDkkRDkkUiGEd9naOWRAOiREOiRSIoR463rCcAeCcEeieQYMd66ngDwkRDwkdyrjxAYiQlAHwlBH0mkCvfgSATwIyHwI5Ew4/5lEr/K7rOX0cskeTWbv4yj++7LMhOkDgfAIQnBIYmkGxCFJgCGJASGJJG++BiAIQmBIUmkrVuQABiSEBiSSLgBv6kSwEISwkISCTdgHbMEsJCEsJBEwg2YEkgAC0kIC0kk3IApgQSwkISwkESxEFhzBrCQhLCQRMINHIiAhSSEhST9ORLcHoQdgSGJOkaCB0RAQxJCQxJ1igSPhwCHJASHJOoQCR4OAQ9JCA9J1BkSPBoCIJIQIJKoolK6DgDBR4BIoo6QwHk9AUAkIUAkUUAEVnZJAA9JCA9JFA+BCaUE4JCEVpjqcQhKKCWoxhQtMqWOj8CEUoLKTNE6U0msTSglqNLURampRFtGLYHVpkgAKhiCAxhVnKIlpyTdwAmtBBWdolWnJN3ACa0E1Z2ihack3cD5qASVnqK1pyTewFXVElR9ipafknwDH7lIUAEqwkMSyTcwzEoAD0kID0kk34AwKwE4JCE4JFE4BFdYAzgkITgkUTgEF1kDOCQhOCSRfENTZw3wkITwkETyDVxqDeCQhOCQROINTbU1EHyEhiQSb2gKrgEckhAckqjKVLjmGsAhCcEhiapOhcuuARySEBySSLqhqbwGaEhCaEgi6Yam+BqgIQmhIYmEG3jlAlhIQlhIokpV4eAFMCQhMCSRdAPDsATQkITQkETCDbxyAiwkISwkUTWrIAxLAAtJCAtJVNkqCMMSwEISwkISVbkKrx0AC0kIC0myuX7qBiwkISwkkWwDv3wAhSQEhSQSbWhePoBCEoJCEqEPPgBCEgJCEqGtwpcADpIQDpIIfSG+BGCQhGCQRFKNOIpf5vev7i+6D0QfwSCJUCs/PHMDDJIQDJKIiZqPgIIkhIIkioLgHcwJoCAJoSCJhBr4bFACIEhCIEgimQb+6AMIJCEIJJFEAx8MSgABSQgBSSTRwPuXE0BAEkJAEgk08P7lBACQhACQRPIMfCYnAfwjIfwjkUADbx5OAABJCABJJNHAm4cTQEASQkASiTQwQUoAAkkIAkkk08BF7BLAQBLCQBIJNTRvMIAgCYEgiaQa+ExTAihIQihIMpuobwswSEIwSCKxRhylcAQBHCQhHCSRYANXxEsACEkICEkk2cBF8RJAQhJCQpLZRAACEpIQEpJItIFL4yUAhSQEhSSSbWgCALCQhLCQRMKNWPPtDGhIQmhIIvFGjEsXJICHJISHJPN7/UGaBBCRhBCRRCIOPIcCIpIQIpKoSlm4OQhAQkQSiThwhcEEIJGEIJFEMg5cZDABTCQhTCSRkAPXGUwAFEkIFElU2Sy4gAFIJCFIJJGEA58dSAARSQgRSSTgwAUHEwBEEgJEEsk3cM3BBPCQhPCQVOINXHYwBTgkJTgklXQDVx5MAQ1JCQ1JJdyABD4FLCQlLCSVaAPXH0wBCkkJCknV0Q/E81IAQlICQlJ18gN9+KcAg6QEg6SSauDTWymgICmhIKmEGnAHQAoYSEoYSKqOfiAOnAICkhICkqqjH+izPwX8IyX8I1VHP+AOgBTgj5Tgj1Sd/cCRB2BHSmBHKukFPnSUAtqREtqR6o9+pIB2pIR2pPqjHymgHSmhHenE0Y8U4I6U4I5Uf/QjBbgjJbgjjfRJlxTwjpTwjlSd/YCRC3hHSnhHqngHjFzAO1LCO1J19gNGLuAdKeEdqTr7gXYwpAB3pAR3pOrsB9rBkALakRLakaqzHzhuAe1ICe1I1eEPGLcAdqQEdqQSXsAdEClgHSlhHalEF3AHRApIR0pIRyrJBdwBkQLQkRLQkapLNKIcLbdTQDpSQjpSdZEGLhOVAtSREtSRSnQR4zJRKWAdKWEdqWQXcXwPXQCwIyWwI1WwI4aH11NAO1JCO1JFOzCuSAHuSAnuSBPt9vsU0I6U0I400Wb8UgA7UgI70kRfuzIFsCMlsCNN9LUrUwA7UgI70kRfuzIFsCMlsCNN9LUrUwA7UnrdRqqvXZmiGzfolRupvnZlii7doLdupPralSm6d4NevJHqa1em6O6Ni8s39LUrU3j9Bgm/dKJ2ZYqu4KB3cKQTtStTdA0HvYcjnahdmaKrOOhdHOlE7coU3cdBL+RIJ2pXpuhODgI90myidmUKqEdKqEeaTdSuTAH2SAn2SLOJ2pUpAB8pAR9pNlG7MgXkIyXkI80malemAH2kBH2k2UTtyhTAj5TAjzSbqF2ZAvqREvqRZhO1K1OAP1KCP9JsonZlCvhHSvhHmk3UrkwBAEkJAEnFRO3KFCCQlCCQVEzUrkwBA0kJA0nFRO3KFFCQlFCQVEzUrkwBB0kJB0nFRO3KFICQlICQVEzUrkwBCEkJCEnFRO3KFICQlICQVEzUrkwBCUkJCUnFRO3KFJCQlJCQVEzUrkwBCkkJCknzidqVKYAhKYEhaT5RuzIFNCQlNCTNJ2pXpgCHpASHpPlE7coU8JCU8JA0n6hdmQIgkhIgkuYThdpSQERSQkTSfKJ2ZQqQSEqQSJpP1K5MARNJCRNJ84nalSmAIimBImk+UbsyBVQkJVQknU3UrkwBFkkJFklnE7UrU8BFUsJF0tlE7coUcJGUcJF0NlG7MgVgJCVgJJ1N1K5MARlJCRlJZxO1K1OARlKCRtLZRO3KFLCRlLCRdDZRuzIFcCQlcCSdTdSuTAEcSQkcSWf62pUpYCMpYSPpfKJ2ZQrYSErYSDqfqF2ZAjqSEjqSzidqV6aAj6SEj6TzidqVKQAkKQEk6XyidmUKCElKCEk6nxoSASJJCSJJ5xO1K1MASVICSdL5RO3KFFCSlFCSdD5RuzIFmCQlmCSd62tXpgCTpASTZPcTtSszwEkywkmy+4nalRkAJRkBJdn9RO3KDKCSjKCS7H6idmUGWElGWEmmjo3EsOZgBmhJRmhJpo6NxLDmYAZ4SUZ4SaaOjcSw+GUGgElGgEmmgAnMmmeAmGSEmGTq1EgMaxZmgJlkhJlk6tRIDItnZoCaZISaZOrUSAxrFmYAm2QEm2SRyh/C6pkZ4CYZ4SaZOiSSwARkBsBJRsBJJklInMCvzgygk4ygk0yykDiBX50ZgCcZgSdZf8k4SmJnAJ5kBJ5kkobESYK7AMQhwSeZxCFxArd9ZICfZISfZBKIxHiFlgGCkhGCkkVqZoYrtAwwlIwwlEzdO45XaBmgKBmhKJm6exyfAcsAR8kIR8nU/eMJ/OzNAEnJCEnJ+jvI56jyYQZQSkZQStbfQw4PDmQApmQEpmTqLvI0gnEAcEpGcEqmamnh/XsZACoZASpZf3QEfitkAKlkBKlkfTEtuMzNAFLJCFLJ1OER/DICopIRopJJQKK5dRYAlYwAlUzyEc3Fs4CnZISnZIqnpLCWbwZ4SkZ4SqZ4SgpzYBngKRnhKZk6PpLi3xAQlYwQlUydH0nxaAKYSkaYSqauHtEsjwBUyQhUydQJkhQPR4CqZISqZOoICV6jZgCrZASrZOoMSYpHE8BVMsJVMnWIJIUfjBkAKxkBK5k6RdJ1IhiOAFnJCFnJ1NUj8BhVBshKRshKlqqyMnhiBmglI2glUzePaNaogK1khK1kiq1o1qiArWSErWQSlcSdAtSHIBAJW8lSfW3BDKCVjKCVTJKSuPMACQBxSNBKJkkJ3hCZAbKS0evOs4nthBm68pzeea6qa2lmBHTvOb34XIKSOMO3l6O7z+nl55mKQ80t5CAO6QXoEpTEGR4M0CXoF7egZ/rL2+E96CQMMxWG8IM3Q3eh08vQM3WiDt9oju5DpxeiZ+pIHWRDGboTnV6Knk3UNs/QvegErGSqypbAaxsAVjICVrK+zBaeFwFYyQhYyUQ8MS8CsJIRsJKpOluaeRGAlYyAlUyBFc28CMBKRsBKpk6YaOZFAFYyAlYydcJEMy8CsJIRsJKJfGJeBGAlI2AlE7OJeRGAlYyAlUxyEt28CMBKRsBKluuPF2eAq2SEq2R5NDEvAq6SEa6STd07kgGukhGukk3dO5IBrpIRrpLl6cS8CLhKRrhKlmf6eRFglYxglSwXE/MiwCoZwSqZOmmC50VAVTJCVTJFVTTzIqAqGaEqWT6fmBcBVckIVclm9xPzIqAqGaEq2SyamBcBVckIVcnUaRPNvAioSkaoSiYhiWZeBFAlI1Alm6UT8yKAKhmBKplkJLp5EUCVjECVTDIS3bwIoEpGoErW3zqC50UAVTICVTJ14gTf/ZIBqJIRqJLNJvYgZoCqZISqZPOJPYgZoCoZoSqZhCQxvn0mA1QlI1Qlk5AkxrfPZICqZISqZBKSxCKDiwtAVTJCVTIJSWIhsAEQiYSqZBKSxAJuJc0AVckIVcnmKhJn2ACIREJVMglJYjHHBkAkEqqSSUgS5ziTC6hKRqhKNld1F/ASD2CVjGAVISlJnMMDtAJgFUGwilDVuPBmVgGwiiBYRahqXDlM5QqAVQTBKkJV48phKAuAVQTBKkJhFZwOFwCrCIJVhMIqOB0uAFYRBKsIhVVwHlQArCIIVhGqGhfOgwrAVQThKuJ+4hiyAFxFEK4i7uf6e4AE4CqCcBUR3evvARKAqwjCVUQU6e8BEoCrCMJVhMQk+CSlAFhFEKwiJCXBR3kFoCqCUBUhIYnmHiABqIogVEVIShLnkM4JgFUEwSpCYZXuSM5lKlcArCIIVhEKq+DrXATAKoJgFaGwCr6aQgCsIghWEQqr5PBjRwCsIghWEQqrzGA6XQCsIghWEQqrzPCICLCKIFhFKKyi+RUAVhEEqwiFVTS/AsAqgmAVobCK5lcAWEUQrCIUVtH8CgCrCIJVhKrIpfsVQCQSrCLUFSUzuMgTAKsIglWEOqkyg0ssAbCKIFhFqJMqMzwvAa4iCFcR6qTKDL/OAKwIAlaEOqkyg7BcALIiCFkRyVQkArIiCFkR/SUlkLYLQFYEIStCkRWdAhCJhKwIdak7PqUoAFkRhKwIVZprBhf7ApAVQciKUDeVwFkFcBVBuIqQmATumxGAqghCVYSEJJpJDUAVQaCK6CtzwU8VAaCKIFBFSEaimRUBUxGEqQjJSGBZSAGQiiBIRaTamyIEACqCABWRam+KEACnCIJThMIp+IyrADhFEJwiUu3heAFgiiAwRaT6w/ECwBRBYIqQbAQeDhcApQiCUoREI/BwtwAkRRCSIiQYgYe7BeAognAUIbEIPJwtAEURhKIICUXg4WwBGIogDEVIJAIPZwtAUAQhKEJdUQIPZwsAUAQBKEIdTdGsAQBBEYSgCAlE4OlqAfiJIPxESBwCT1cLQE8EoSdCwhC8T0wAeCIIPBGShcDT1QKgE0HQiZAkBJ6OFgCcCAJOhOQg8HS0ANhEEGwiJAWBp6MFgCaCQBMhGQg8HS0AMhEEmQhJQODpaAGAiSDAREj+AU83C4BLBMElQtIPeLpZAFgiCCwRkn3A080CoBJBUImQ5AOebhYAlAgCSoQ6gaJZNwNQIggoEfm9nhIIQEoEISVCkZI5zCgJQEoEISUij/UF0QQgJYKQEpEnWk4hACgRBJSIHpRATiEAKBEElAh1AAVfLigAKRGElAh1AAXfKyMAKRGElAh1AAVfLigAKhEElYhcXxFTAFIiCCkR6vwJvlxQAFIiCCkRM309VgFAiSCgRMy09VgFwCSCYBIx09djFYCSCEJJxExfj1UASiIIJREzfT1WASCJIJBEzLT1WAVAJIIgEjHT1mMVAJAIAkjETF8aRAA+IggfEbOJ6AN4RBA8Imb6eqwC0BFB6IiY6+uxCgBHBIEjQl+OSwA0IggaEZJ04HqqApARQciIUDeyw3qqAoARQcCImOs/OQAWEQSLiLl+54wAVEQQKiIk5MD1VAWAIoJAEaGOmszgphEBoIggUEQoKIInEMBEBGEiQt1Qgi93E4CJCMJEclWRC/0AOSAiOSEiuQQc8PfLAQ/JCQ/J1TETfLlgDnhITnhIro6ZwFrwOcAhOcEhuaQbeLNGDmhITmhILuEGrgWfAxiSExiS91eT4PaXAZgTFpIrFgIXMDlAITlBIfm9Pv5yQEJyQkLy+4n4ywEJyQkJydUJE7hPIgcgJCcgJFcgBBcoygEIyQkIydWl7PhywRyQkJyQkFwdMJnDFHgOUEhOUEiuUAi+nTAHKCQnKCRXKGQO0785QCE5QSG5QiFzmP7NAQrJCQrJo1x/FjwHKCQnKCRXKGQO88c5QCE5QSG5QiFzmD/OAQrJCQrJFQqZC7QUzwEKyQkKyRUKwR8TOUAhOUEhuUIhc8j4c4BCcoJCcoVC5uh7MgckJCckJFckZA4Pa+WAhOSEhOSKhOC9czkgITkhIbkEGziBmwMQkhMQkisQovsNQBwSEJJLroH3feWAg+SEg+SxvkJwDjBITjBI3t9NAr/ncoBBcoJB8v5yErjjKAcYJCcYJO/vasdTEsAgOcEguaQamotGc4BBcoJBckk1NBeN5gCD5ASD5JJq4DLROaAgOaEguTpfgotm5YCC5ISC5IqC3MPERA44SE44SK7Ol2jiGJCQnJCQXF3Zfg/3yuQAheQEheSSbGjuSs0BCskJCskl2oDJ/ByQkJyQkDzVVmrNAQnJCQnJFQmBIyEgITkhIbm6sh190ueAhOSEhOQSbMBkfA44SE44SC7BBkzG54CD5ISD5OrCdvRBngMMkhMMkkuugZPxOeAgOeEguQQbMJeeAw6SEw6SS7ABc+k54CA54SC54iAwl54DEJITEJJLsgFz6TkAITkBIbkkGzCXngMQkhMQkkuwAXPpOeAgOeEgucQaMJeeAwqSEwqSS6wBc+k5oCA5oSC5xBowl54DCpITCpJLqgFz6TmAIDmBILmCIDhuQNgRCJIrCALfeABBcgJBckk1YC49BxAkJxAkV0W5cJnEHGCQnGCQXBXlwnUScwBCcgJCcnV2BBdKzAEKyQkKyVVRLlwpMQcwJCcwJFdFuXCpxBzgkJzgkFydHcGlEnMARHICRHJ1dgSXSswBEskJEsnV2RFcKjEHSCQnSCRXSASXSswBEskJEskVEsGlEnOARHKCRHKFRPA5+RwgkZwgkVwhEVwqMQdMJCdMJFdMBJdKzAETyQkTydXhEVwqMQdMJCdMJFenR3CpxBwwkZwwkVwijvuXafRqHucvk/u4S87nZBUG2EhO2Eiu2Mg93C+cAziSEziS52odCEs/5ACO5ASO5DP9efccwJGcwJFcwRFcuCEHeCQneCTv8Qjce58DPpITPpIrPnIP997nAJDkBJDks4mtqjkgJDkhJLkiJPf4wx4wkpwwklwxknu4eT8HlCQnlCSX1EOX3ACYJCeYJJ9NLAoBJskJJskVJrmfw0Qr4CQ54SS54iTRPfwiAqAkJ6Akn6u7cyI4sAFUkhNU8v93drbLjeQ4ur6XOn87dpOfSc4d7DVsbDjUdpZLXbbkkeTuqp2Yez8hkkCS4Es1a39trTmNTGUiQRAPPtb4ABavgJWsgpWsMYM6WJe3AliyCliy5ioSHN8BtGQVtGRN9MMobE0ALlkFLlkT/jB4ftAKeMkqeMmai0hw7v8KeMkqeMma+IdR2BoAYLIKYLLmIhIIe1fAS1bBS0KuIUF+YgC8JAheEpashXB3DICYBEFMQgIgmNYGAEyCACYhARBIawPgJUHwkpD4B6S1AeCSIHBJSPgD09YAcEkQuCQk/AFpVQC0JAhaEjItgR9QALQkCFoS8ggTfPle94KAJSGxD0wbA2AlQbCSkFkJLnwJAJYEAUuCytoHN6IAYEkQsCQk9jFSXwBLgoAlIQ9tV7ChWACwJAhYEvLYdgXL0AKAJUHAkpDYh9ELvgOggwKWhMQ+jIahtQBgSRCwJOS6EWiCAmAlQbCSkNDHwAQAVBIEKgmJfOBvGICSIEBJ0ENiHAAmCQKThIxJ8DcIKEkQlCQk6IG/QcBIgmAkITGPwTcIGEkQjCTonC0DawgDYCRBMJKgs/7BTTgARhIEIwk66x/chAOAJEFAkpCYx+gjBpAkCEgSdFZAuAkHQEmCoCQhUQ/sTQZASYKgJCFBj4E3GQAlCYKShAQ9jIZnggAoSRCUJBg99uUCoCRBUJKQoIfR8JQbACUJgpIEkxURngkCoCRBUJKQ23BhMwQoSRCUJORaEegJAUYSBCMJmZFgKwYQSRCIJCTigR0ZAEiCACTBjI0gwCNB4JGQaMfAkQF0JAg6EuwwbSsAOhIEHQlWj40owCNB4JGQeAc2ogCPBIFHQuIdAyMK+EgQfCQk4AGLXwPgI0HwkZBHuKMQfwB8JAg+EuywRikAPhIEHwl2WKMUAB4JAo+E3HEL/+dA8QQeCW68+wI8EgQeCW6YrxUAHQmCjoRMRxDUC4COBEFHQsIdMKwWAB0Jgo6EMsIE//dA7QQeCWWCCf7vgd4JPhLyABMY3Q0AkAQBSEKeXwKDuwEQkiAIScjjS2BsNwBEEgQiCS638hg8AKB8ApKEPL5dY+cbYJIgMEnIA9xxN98AQEkQoCQk7mEMdr4BKAkClASfz7/YfwOgJAhQEhL3MLgbbwCgJAhQEnzOl8b+GwAlQYCSkLiHMdj9AqAkCFASMiiBKXMBcJIgOEnweeuFpbYBcJIgOEnInATGhAPAJEFgkrCOM/YDoCRBUJKwDjP2A2AkQTCSsI4z9gNAJEEgkrCOM/YDICRBEJKwjjP2AwAkQQCSsA4z9gPAI0HgkbAOM/YDgCNBwJGwjjP2A2AiQTCR8KBeJAAkEgQSCes4Yz8AIhIEEQlhnLEfABEJgoiEPMQddgsIAIgEAURC4hvYAwA4JAgcEnJTLay8gIYEQUNCghs44z8AGBIEDAmJbWAPBKCQIFBISGQDJ9gFQEKCICEhT3DHrisAIUGAkJDrRfC3C0BIECAkZBBicAgOgJAgQEhIXMPBEv8AOEgQHCRkDmLwuRFwkCA4SMgcBBtfgEGCwCAhN9OCxhdAkCAgSIgPjB+AIEFAkBDHxg8gkCAQSIhj4wcASBAAJCSeMTBegH8EwT9CHuAOvx5AP4KgHyHRDPzxAfgRBPyIiWbgjycC+hEF/Yi5fxaeIxAB/YiCfsTcPwvPEYgAf0SBP2Lun4Xn70UAQKIAIDH3z8LBswgQSBQIJOaKEdwZMgIGEgUDiWMGEgEDiYKBxDyUBP/nvQJGgUBiYhq4pWIEDCQKBhKXbP/gESICCBIFBIkPBrlHwECiYCAxMxAcO4yAgUTBQGJhIJBER8BAomAgMbfOgg5ABAgkCgQSE9HwsFtQBAQkCgISE9CAh/gI+EcU/CMmnIHbbESAP6LAHzHhDA+jPxHgjyjwR0w4w8POZxHgjyjwR0w8w8PE5gj4RxT8I2b+gW0YACBRAJCYgAbMbI6Af0TBP2ICGh6enSIAIFEAkKiHmdER8I8o+EfUw8zoCOhHFPQjJpiBx3dEAD+igB8xsQyYWR0B+ogCfcREMmBmdQTgIwrwERPHgJnVEWCPKLBHfIA9IsAeUWCPmCgG7u4UAfWIgnrEBDFwf54IoEcU0CMmhgEzuyNAHlEgj5gIBszsjgB4RAE8YuIXOLM7At4RBe+IiV/AzO4IcEcUuCMmfoGPrRHwjih4R0z8AmaGR4A7osAdMfELmBkeAe6IAnfExC9gZngEuCMK3BETvoCZ4RHQjihoR8y1ICgzPALaEQXtiIle4BLPCGhHFLQjJnwBM8sjoB1R0I6Y6AXMLI8AdkQBO2KiFzCzPALYEQXsiIlewMzyCGBHFLAj5gkjGgatI8AdUeCOaIcnjghwRxS4I9rhiSMC3BEF7oiJXwzSRyMAHlEAj5jni+B85giQRxTIIyaGYSwMWUcAPaKAHtGZBw4nwB5RYI/o7AOHE3CPKLhHzNwDz/SMAHxEAT5iAR9wLGkE5CMK8hEz+cDzsiNAH1Ggj5jRB56XHQH7iIJ9xDxgBM/LjoB9RME+Yp7cjudlR8A+omAfMU9uxzXSEbCPKNhHzEUiOGweAfuIgn3EXCSC52VHwD6iYB8xF4ngedkRsI8o2EfMRSI4dB4B+4iCfcRcJILnZUfAPqJgHzFPbsfzsiOAH1HAj5gnt+N52RHAjyjgR8x9s/C87AjoRxT0I+YBI4MoCsAfUeCPmCe3D6IoAIBEAUBinjAysMqAgERBQGKeMILnZUeAQKJAIDFPbsdR9AgYSBQMJObGWXhedgQUJAoKEnPjLDwvOwIOEgUHiblxFp6XHQEIiQKExDxjBM/LjoCEREFCYiYhFnauiACFRIFCYp7cjictR8BComAhMbMQC2lsBDAkChgSc3WIhTQ2AhwSBQ6JwYyz+iPgIVHwkJiHjOA5xREAkSiASMxDRvCc4giQSBRIJOYhI3hOcQRMJAomEhPjGJysABOJgonEPGMEzymOAIpEAUVinjGC5xRHAEWigCIxzxjBc4ojoCJRUJGYZ4zgOcURUJEoqEjMk9vxvJ4IsEgUWCTm6hAL0wIiACNRgJGYwcjAzwRkJAoyEkt5CPYzARuJgo3EUh4CS2wioCNR0JEYH7TviACPRIFHYikPgWmZEQCSKABJjNkk4m8JIJIoEIlaEvMwFqaWltVWRP1HkqHGCRZltZOhpAw9HHRbFjsRWorIKglZZVntZBgpw46RT1ntZFgpw42pT1ntZDgpw48PkmW1k+GljHV8liyrnYxVygjjPbesdjKClJHMJR5FXVY7GVJNVVZTaDHLqpShpJpmlGKh0SyrnQypppmmOFiOUVY7GVJP1YNc6rLayZB6mutK3OC9AKxS/5FkuPFw6rLayZB6mmjJ6LMFeKX+I4lYhyW7ZbETIbU0MRM8pbosdiKkkuaGXHhQdVntZEglzT258EzOsiplaKmkud4Ej+Usq50MqaS5MxeezFlWOxlSSRNIGQznLKudDKmkZQL8wBAC/lL/kWQkY4pHdJbVToZU0jywBE/pLKudDKmluVUXHtRZVjsZUk3z2BLcb6ysdjKknuaB8LADZFnsREg1zbNL8MTOsiplGKmmuW8XHtpZVjsZUk1z6y48t7OsdjKkmuYhJrgpd1ntZEg1LRPiUZJLWexESC3NxSm4MXZZ7WRILU0EBvdyK4udCKmkicIMkjXKaidDKmnu5YVPBmW1kyGVNI+Lx8M8y2onQ2ppHm6C53mWVSnDSi0tQ+MHxgOwnPqPJEMPM/jKYidCKmkZHQ/jDmW1kyGV1ObW67Aaoax2MqSW5joWPN6zrHYypJYmYDMYRldWOxlSTTPkwUM+y2onQ6ppHiWP53yW1U6GVFObCwxGzxSpqZVqmokPnvZZVqUMJ9U0Qx888LOsdjKkmua58njSYlntZEg9zaPl8bDFstrJkHqap8vjeYtltZMh9dS5cduFstrJkHqah8zj4vOy2smQepox0EjXAQeq/0gywnj2YlntZEg9zTAIj18sq50MqaeZB+EJjGVVyvBSTxPhwe1Oy2InQqppYjx44lRZ7ERILc1YCPe3KaudDKmlCfQMpjGW1U6G1NI8fR6PPyurnQyppXkAPZ4EVFY7GVJLc3kMHmxSVjsZUktzKzE8E7CsdjKkluYqGTwWsKx2MqSWlkqZwbEWwKL6jyRDPXovgBfVfyQZ+tF7Acio/iPJMI/eC6BG9R9Jhn30XgA4qv9IMtyj9wLYUf1HkpH0FE9sLKudDKmna+4jMdgpAUGq/0gykp7iuY1ltZMh9TSPqsejG8tqJ0PqaZnBMoh4ApRU/5FkPNRTQJPqP5KMXNwASURZ7WRIPc1IaXgfSE+D1NPSc2wQcQBYqf4jych6OvDoAFmq/0gyhqXWZa2TILU0F9zgIymAS/UfSUJ4sEsCvFT/kURkFR04poAw1X8sMnLhzWCnBYyp/iOJUKPa77LWSZD6GYfFX2WtkyC1Mw5L/8taJ0HqZrTjOY9ltZMhdTMOc9DLWidBamYcp6GXxU6EVM1Ej2AmdlnrJEjVzOU4OFgLcFP9R5IQR/nUZa2TIPRSJXoEU6LLmpCgJG5SeYgLyi0ta50EJSXoUWJ0WeskaCnBDHOjy2InwkgRdjwFsqx2MqyU4UYpzmWtk+CkBD/Kci5rnQQvJYxxfFnsRKxSRBjlOpe1TkKQEuIoXbmsdRKkXiZcBDOWy5qUIPmSSrAIJi2XtU6C1MuEimDeclnrJEi9TKAIpi6XtU6CVMuEiWD2cVnrJEilzAU7WKUQVVKSKqnEiGAOclnrJEilTIgIpiGXtU6C1EkVxvMiy2onQ2plbl3mYL5QWe1kSL1MhMg4mDJUVqUMCZVUIkTGwWSNstrJkLqZodIg0q4QVFISKin9IHuprHYypH7qB9F6hZiSkkxJ6UfReoWYkpJMSeW2Zg52tSirnQyppLmzmcO5FwoxJSWZksrNzRxOelCIKSnJlFQiRLjKtyx2IqSWmkd8XiGmpCRTUuYRn1eIKSnJlFRudOZguXhZ7WRILTWP9naElJRESso8SG4qq50MqaXmQX5TWe1kSC01D1KcymonQ2pp7nyGk5TKaidDamnufuZgGW1Z7WRILTXjcrSy2ImQWmofNOIrq1KGZErKqkevBTElJZmSsvrRa0FQSUmopOyD9sxltZMh1TQRIuNhsUhZ7WRINc1QCffqLqudDKmmeYLM4NUipqQkU1K5S9rw1SItlUxJ2fDw1SItlUxJJUA0frVITSVTUm559GoRU1KSKSk37ltaFjsRUktzKZGHzavKaidDammuJvIDDwghJSWRksoFRTjJsax2MqSWutzJeeBFIaSkJFJSGSmNNB0hJSWRkkp8aKTpiCgpSZSUC480HRElJYmScvGRpiOipCRRUn55oGEIKCkJlFTurzbIplOIKClJlFRuseYHvi1CSkoiJZW7rPmBM4eQkpJISeVGa37gzCGkpCRSUv6hLUVISUmkpHK7NT9wCBFSUhIpKf9ISxFRUpIoKf9QSxFRUpIoKf9QSxFRUpIoqXV5ZI8RUVKSKKlVPbLHiCgpSZTUOm6BWhY7EVJLcx82P/BtEVBSEiip0osNZ8QoBJSUBEoq92PzA2cOASUlgZIqQAm15imLnQippJkn4SABoklK0iS1jjuTl8VOhFTRXJOEYz4IJSmJklTuz4Y6NJU1KUGCJJWrkgbHN8SRlORIatykrax1EqRyZoo00G8EkZSESCoRIRzqVwghKYmQVOJBuOFTWexESMXMBGmQWK0QQ1KSIamEhMw6cKsRRVKSIqnSuG1woEYYSUmMpBITGmQUKkSRlKRIKjGhwbzqsiplSIykEhUajKwuq50MqaC5ixueWl1WOxlSRRMZGgyuLqudDKmjZaYNBuEKwSQlYZKKeZfHIFwhnKQkTlLRj6uzy2onQ6ppLl/CQ6zLaidDqmkCRIO5q2W1kyHVNCEiDNcUYkpKMiWdEBEmYxoxJS2Zkk6ICJMxjZiSlkxJJ0SEyZhGTElLpqQzU4IMQyOkpCVS0okPYTKmEVDSEijpDJTgfqYRUNISKOnlwVleI6KkJVHSmShBBKERUNISKOk8+WbwOoFSagmUdOJDA6qlEVHSkijpTJQgg9CIKGlJlHQmSlgjEFHSkijpTJSwRiCipCVR0pkoYY1ARElLoqQzUYJUSyOipCVR0pkoQaqlEVHSkijpTJSwSiGipCVR0gkQYaqlEVHSkijphIcw1dKIJ2nJk3SCQ5hqaUSTtKRJOqGh5Tej/8Mt7jf1mzH/EeJvZlV3t8t5YcA1wkta4iWda5bgFqARXNISLulEinDejkZoSUu0pBMnGklAairBkk6YCGf+aMSVtORKOkEinC+jEVXSkippPWyWWdY6CVJN9bBfZlnrJEg1zVVKuO1+We1kSEXNVUq4/kMjoqQlUdIJDymPnyYCSloCJZ2LlNaBCKSYkifpXKOEy600wkla4iSd4JCK0FPTCCdpiZN0rlDCuewa0SQtaZLOFUqDl4pgkpYwSecJOjizXyOWpCVL0gkMacx/NUJJWqIkneuTMP/ViCRpSZJ0KU8a3AXSTkmSdK5OwscijUCSliBJ5+IkfCrSiCNpyZG0Hfe2LoudCKmddtjeuqx1EqRyZoiEC0U1YkhaMiRt3bBLeVnsREjlzEN2cCxHI4SkJULSGSFhTwcBJC0Bks4ACcZyNMJHWuIjnfERbNtYFjsRUjXdeNZTWZQiJDzSCQXhmQNlsRMhVTPDI1ySrRE70pId6cyOcO67RuhIS3SkEwca7KcIHGkJjnSiQHj+QFnsREjVTBAIjyAoi50IqZruwa6OqJGW1EgnBDQoY9QIGmkJjXQiQIPomkbMSEtmpBMBsnAkUFmUIiQz0rkv3cAvQMhIS2SkMzLCnykCRloCI52B0eAzRbxIS16k/QPVRLRIS1qk/XA0RVnrJEjN9OPpFGWxEyE1M4EfO/D0ECrSEhXpjIqw645AkZagSCfqY3GpsEacSEtOpBP0GXSh0AgTaYmJdGI+gy4UGlEiLSmRTszH4rx/jSiRlpRIJ+QzKD/QCBJpCYl0Ij6D0gGNGJGWjEgn4HNPFkQeK0JEWiIinYCPw800NEJEWiIinYjPSL8RI9KSEenMiFacwKARJNISEukywmf0U5B+Skykw6PjEOJEWnIiXbrXQbOHMJGWmEjn9nUrjvZqBIq0BEU6PDKdCBRpCYp0eGA6ESjSEhTpDIoGWzICRVqCIp3b2GHgpREn0pIT6fBgV0eUSEtKpHMru0GVs0aUSEtKpBPzGX0kiBJpSYl0rjUaxE4QJNISEuk852dwBECMSEtGpBPwwaOGymInQipn4j2DnhMaESItCZFOuGdkfxEg0hIQ6UR7BtxOIz6kJR/S8dHOjvCQlnhIl+52g60d4SEt8ZCOYTx+pqx2MqR+JtozamqiESDSEhCZDIjgl2YQIDISEJlcdDSQANTTSEBkEu8ZNAExiBAZSYjMMh7FUhY7EUaKGE9jKYudCCtFjIvhDGJERjIiszwohjOIERnJiMwyHstSFjsRqxQxnsxSFjsRQYoYD2cpi50IqZpqPJ+lLEoREhMZNRzRUtY6CVI31XhKS1nsREjdVMNBLWWtkyBVUw1ntZS1ToLUTDUe11IWOxFSNdVwYktZ6yRIzVTDoS1lrZMgFVMN57aUtU6C1Ev1IFfeIFJkJCkyejy9pSxKEZILGT0e4FIWOxFSMfVwhktZ6yRIvdTDMS5lrZMg9VKPJ7mUxU6EVEw9HOZS1joJUi/1eJ5LWexESMXUw5EuZa2TIBVTD6e6lLVOglRMPRzsUtY6CVIvzXC2S1mTEiQWMmY43qWsdRKkVprxhJey2ImQammGQ17KWidBqqUZznkpa50EqZVmOOqlrHUSpFaa4bSXstZJkEppHgx8KaudDKmWZjjzpax1EqRamuHYl7LWSZBqmUuLVpxCbhARMpIImcR3ImZ0BhEhI4mQSXwnDp4mIkJGEiGTAE/EwQqDkJCRSMgkwBNxmNcgJGQkEjIJ8ER8+DAICRmJhEweRYTPHgYhISORkEmEJ+JsaYOYkJFMyCTEE3FXE4OgkJFQyCTEE3FU0CAoZCQUMgnxqAW3/jOIChlJhUxiPGoZ6CfCQkZiIZMgj1oGCoq4kJFcyCTKo5aBhiIwZCQYMonzqGWgoggNGYmGTJ5TtAx0FLEhI9mQyaOKloGSIjhkJBwyuU3dMtBShIeMxEMmt6lbBmqK+JCRfMjkNnXLQE8RIDISEJncpk4N9BQRIiMJkcmEaJDAYhAiMhIRmTy8SA30FEEiIyGRyY3q1EBPESUykhKZPMJIDfQUcSIjOZHJU4wGgRyDSJGRpMjkQUaDQI5BqMhIVGTyLCM10FPEioxkRSaPMxq0/TSIFhlJi0yeaDRo+2kQLjISF5lcVrTiai+DeJGRvMjksqJBAxiDgJGRwMisOSI/iCohYmQkMTK5rmjQZM4gZGQkMjJ5wBGe2VZWOxlST/OMIzy2rax2MqSe5jFHeHJbWe1kSD3Nk47w8Lay2smQepqHHeH5bWW1kyH1dI3jEW5ltZMh9TRjo0GdgEHcyEhuZIIaD3Irq50MqadBj2e5ldVOhtTTxIEG49zKaidD6mluVDfIVjIIHhkJj0xw46FuZbWTIfU0+PFct7LayZB6GtbxaLey2smQehrCeLpbWe1kSD0NcTzgrax2MqSe5jqjwcwUgxCSkQjJ5DqjwcwUgxiSkQzJ5LlIeNJbWe1kSD3NdUaDxCWDKJKRFMnkpnV43ltZ7WRIPY1uPPKtrHYypJ7mOiM89a2sdjKknsZ1PPitrHYypJ5mkIQTRw3iSEZyJJM50iD5yCCOZCRHskueIIddKYtIkpUkyS7qwTZnEUuykiXZPC1pkPFiEUyyEibZxTzYsi2iSVbSJLs8MqcW4SQrcZJdsppit9AioGQlULIJD5mAKy4tIkpWEiWb+NBglI1FRMlKomTztKSBR2cRUrISKdklPvDoLGJKVjIlm6clDTw6i6CSlVDJ5mlJAXf/sAgrWYmVrHow1MsirGQlVrJ5WNLokSKwZCVYsnlY0uiRIrRkJVqyCRSNHynSUsmWbB6WhOdPltVOhtRSlY0pPrxYxJes5Es24aJBuoZFgMlKwGRVfDAeyCLCZCVhsokXKYf3J4sQk5WIyepHc2gsYkxWMiarH82hsYgyWUmZbBmXhP0oiziTlZzJJmpkAk41swg0WQmabOJGoy8OkSYrSZPN05IG7pxFqMlK1GTztKSBO2cRbLISNtlchzQYG2cRbrISN9nc2S7gtj8WAScrgZMthUg4/8Qi5GQlcrK5EskP9jgEnayETjYhpNFUDIuok5XUyeZxSYN8MYu4k5XcyebedgE33LGIPFlJnmyuRhpMObOIPVnJnmzubRcwcbGIPllJn2zubRdwGMci+mQlfbLmkTVF+MlK/GRzQdJgYJtFAMpKAGXt8sgiIwBlJYCyuSRpMLDNIgJlJYGyubddwP2HLEJQViIom4uSBsPWLGJQVjIoWwYm4WFrFkEoKyGUTUhpUEBoEYSyEkLZPC8JFxBaBKGshFDWro/2SUShrKRQNjGl4T6JMJSVGMra+GifRBzKSg5lc3FSwD2MLOJQVnIom6uTAu4/ZBGHspJD2TwuabRfIw5lJYeyCSoNkogtwlBWYiibW9vFwbkFYSgrMZTNre3iwFFHGMpKDGVza7tBcqJFGMpKDGUTUxpUVVpEoaykUDa3tosDDwhRKCsplM0UyuFugRZRKCsplM0UyuHxHhZRKCsplM0UyuHRHBZRKCsplPWPzk8IQlkJoWyGUA431bUIQlkJoWyGUB636bMIQlkJoWyGUB438LEIQlkJoWyGUIO5cRZBKCshlM0QajCvzSIIZSWEshlCDea1WQShrIRQ1j/KarYIQlkJoeyaPdOBmiIIZSWEsutDzxRBKCshlE1ESXncq8oiCGUlhLKJKI1mrVkEoayEUDZPSxo8UsSgrGRQNjOoQQqpRQzKSgZlM4MafLUIQVmJoGwuXMLVaBYRKCsJlE04aVCNZhGAshJA2QygBrPrLAJQVgIomwHUYHadRQDKSgBlM4AazK6zCEBZCaBsokmDsgyL+JOV/MkmmDQoi7MIP1mJn2yZk4Rn11mEn6zETzbjp0FmrkX4yUr8ZHPx0mDWkkX4yUr8ZHOXu8EDRSoq4ZNNJGlwcELoyUr0ZHOHu9FbRQoqyZONy4NZSxaRJyvJk82DkgaagcCTleDJ5uIl/CwQdrISO9nEkHAWpEXQyUroZOO4AaNFyMlK5GQzchqkfFuEnKxETjbxI1xeYhFwshI42TwoCZeXWMSbrORNNk9KgiUVFuEmK3GTzZOS8CaAYJOVsMnloiWYnusQanISNblctAQzvh0CTU6CJpcnJcGMb4cwk5OYyeWudjDj2yHI5CRkcrmrHS5mcIgxOcmYXGZMA4rgEGNykjG53NgOZmw7RJicJEwu97WDKuEQYHISMLnc1w6XIjjEl5zkSy5PSoIp2w7RJSfpkst97bBWIbbkJFtyua8d1ipElpwkSy73tcNahcCSk2DJ5b52sI7AIazkJFZyua8drCNwCCo5CZVc7muHVQohJSeRkst97bBKIaDkJFByua8dtjIIJzmJk1yCQ7gIwCGa5CRNcpkmDQCdQzTJSZrkEhoa9IVyCCY5CZNchkkrdgUcgklOwiSXYVLAEXaHYJKTMMllmBRwAqtDMMlJmOQyTIqYfDgEk5yESU7nyBKO9DtEk5ykSS7XLeFuRA7BJCdhkktkSAWci+sQTHISJrkMk3CnLIdYkpMsySUwhDtlOUSSnCRJLg9JwhF6h0CSkyDJmQdl8g5xJCc5kssjknCnLIcwkpMYySUmhDtlOQSRnIRILkMk2IvCIYTkJEJyeTwSLohziCA5SZCceaSbCCA5CZBcBkj4oO4QP6r+SCLCuFOWQ/zISX7kEgzCrr9D9MhJeuQSChq0uXIIHjkJj1wiQYNwuEPsyEl25BIIwgcQh8iRk+TIJQw06HvgEDhyEhy5RIEGba4c4kZOciOXuVHAmf8OgSMnwZFLGGi0nyFw5CQ4chkcBXzCdggcOQmOnB3X1jmEjZzERs6Oa+scgkZOQiOXoVHEpNchaOQkNHIZGkVMeh2CRk5CI5d72g36+DgEjZyERi43tRu00HGIGjlJjVwuXhq9V0SNnKRGLhcvBZzJ6BA1cpIauVy8hPGoQ9DISWjkcu0SxqMOQSMnoZHLpUu4v6pDzMhJZuQSABr0V3UIGTmJjFyehoQTVB0iRk4SI+fVgy8eASMngZHLwGikGYgYOUmMXMI/gyi6Q8DISWDkMjAaFEg7BIycBEYuA6PB1AiHgJGTwMhlYDSY+OAQMHISGLlEf0zE+QwOASMngZHLwAgTAYd4kZO8yOVZSKMIBuJFTvIiV4qWBo8D8SIneZErRUs4NcMhXuQkL3JlFhJGtA7xIid5kUvwZ+TQI1zkJC5yeRbSyJwjXuQkL3KrGx8KEC1ykha59UHjWodokZO0yK3jxrUOwSInYZFbx41rHWJFTrIiV3rcDfY1xIqcZEUuPOhc6xAqchIVucR9Bu4KAkVOgiIXHgzqcggUOQmKXMI+A48HcSInOZELeUwXJu4OcSInOZF7NAzJIUzkJCZypccdTh5wCBM5iYlcGYY0UAwEipwERS5xn0FDNIdIkZOkyIX46LUi9ZSkyJVZSIPwECJFTpIil2uUIq5vdggVOYmKXHwYYkKwyElY5HKN0qDXhEO4yElc5HKN0qDZhEPAyElg5OKDPqEO8SIneZHLJUqDhhUOESMniZHLJUqDMUYOISMnkZFLBAhzK4eQkZPIyGVkBKGTQ8jISWTkMzKCSu4RMvISGfk8CAluaB4hIy+Rkc/ICOIBj5CRl8jIZ2QE8YBHyMhLZOQzMoI7okfEyEti5PMgJAydPAJGXgIj/wAYeQSMvARG/gEw8ggYeQmM/CNg5BEw8hIY+QfAyCNg5CUw8g+AkUfAyEtg5B8AI4+AkZfAyD8ARh4BIy+BkX8AjDwCRl4CI/8AGHkEjLwERv4BMPIIGHkJjPwDYOQRMPISGPkHwMgjYOQlMPIPgJFHwMhLYOQzMBq0B/IIGHkJjHwuPxr0B/KIGHlJjHwmRoMGQR4RIy+Jkc/EaNAhyCNi5CUx8pkYDVoEeUSMvCRGXuchM9g18YgYeUmMfMI/etAiyCNi5CUx8rn+aNAiyCNk5CUy8rn+aNAiyCNk5CUy8hkZDVoEecSMvGRGPjOjxUH/xiNq5CU18okB6UGLII+wkZfYyCcIpActgjziRl5yI5/rjwYtgjwCR16CI5/rjwYtgjxCR/TH//nty/H053a5bS//dXrZfnz5x3//95fD8/N2vT7dzt+305ff/vXl6ZiX7g52uuSXf/zry31cwD/+9e/fvqxG5X8kn/of//r3v3+ji+e/01XT2v02svxOvKmE5//S5P/jbPl/laF/0F/WJf/DmzX/I1hP/yh/UUsof0rzzehfhv5FvyNl0v3i7W8/Po6Xw+14bn6I3X8I37mj+wx0e4Fvb+Wbsnwr4Vdv5dq8qVXv93AfUZovrha6pot8pWXySpf6Ar7ShJXeSiw/MtLrSV2OJ6X/eXj73JofoUOlEOVp3Yd45YtZevOh/GON5TcFRbpgyg0FUpMQSQHug6/LU7f0N0dXSVGtqft+ebls1+auq5umD6Q8jftg0fyP1ZFaRHp09IpIfVdbvqrgND1VR2+PHnSa2UpPmv5mSVY6Ck39irfXRnm0qpTHkDRf7uOe/J//QQ8zOvrfmJXvYpm0BW9v57/++bldfn4cLof385/b5XJ8EYpgK9PgSAPuYfryPPSkDr+3Olz9TLpvvdAXG1d6Iys9f8/Pn3/v4vmpTxqPj4+343MyGdfb4bY1v1NVd3RvNFsUgN6x1pPv8+PjfNoul3Pzc42OlWr6yUf28XE5f962y+Hj+O1wennbLl9bo22WWurkS6+knk/ZiL1sp+P2Uq7RXkHVV9D/hyu8Xs6fH397GV1fZvL7p8s8n0+37cetFWhqgZOGkAR+HF43eJeuFupnhXa6dg/Q7x/5fTBKsRmOreE6fcufl7f2e7X192rpeyXJi6Yv12YL/ffXuD19O1y/NV9v9brIlpsY6FulPfXen37qCp8vjfTq6awrSY8kPbD0yS/y8/bt6XZ8b16Br57SWiTe+9qUa+yWPU5fYzvd7salucy94G5/07zt2VkLUIk9fyS71UqvhNO2pneP5pfvHRlGs9SPav1lmefLt+Op+ThrW6gj+RZk+2nv9YE2YXotgbbDsNJSJE9SrfyzLf3Naf6w1klVr2+73QZ97X2XW2V/0u8Xn3+x78eXl7ftr8OlfdzG10aGHdXZLf3z9u18Of5vepdP2+nl4yyefqy906XcuDX8zdpJI19fKLkP7fNaq+dF37AhJ9Hzrmr/Dz9LWLx7QWr1jdEPsbP7YRG9vVyfzx+bcOVrQ81eiWLnx5NTb8P81cDTitVLXzU51Xw4UZadTnb3lJ/X6e6jrjcJ8nrv3W/LW/kF8/TX8fRy/utuXs+f7RYcautkzeR2+b8fjZmuZNA2Wbzb375EelBpfsiM9N8Pz9+fvx1Op+3t6e38ev68PV236/X+qVw/Pz7O96N4863Ur3+hbcLwDmTnPBV0WXg5W1+Ofq7hzcjOOQXV5fLVGlWrPTpHh3pPrrda3ORvOl5u316EWvnadpWXo+lwpGn7u/dtK+49n9LoNMPeyRLZpi77a2bfJfJpMc7tSM/t91a7GHy2UHHuk3ruHaLKBNG+ZenIGTnycR8xM3WBw9vb/S22L07XL87Si+ODqZvTDpIN/AmtqkuYSftC8nqrZl3tiRYjs5t+P+cc7vJv31r74hv78mvSgE+uG598zrd8/rY9f2cbcvx6ObRuZqxtIEWArGWFtpPP+Nvx7eUiInaq+djII1JF14KefCBvh+P7dWCP6idM354lBy3NFpi7xHFrfRCzNC7+5LNOYpLntN2+nZs7dZXl9GTKSNUMmSLLEZv7sL5iSfg8Uez65H0cm+vrVtfLN+k8uaILm4Bizievct2eL9ut9XaW2tspP8ORjXTkIzt+DAuHWy2fa+ykn/r8dn7+fv2+/dX+WF//2JUuyJZoD6VOunfpMrfz23Y5nJ7bzzLUzp2ddE6fzy+tu1PfMB2U6BCRJufOSn16/nZ4e9tOr9tT1sLRp1PfNn2TlqOdxk5+neeXja/YfkGVpaadlvTO0HV8IGuwcvDd0stxZlIH6nvoP73anyAaQaqgSRsNHcpM4OOdoVujfwT2P9nd1ZH5hplUpfPL9ud2OX49tsGb2lrShk/RRUOxZ7OH++ihplnb5V+T4frn8/s9Bni6XdvnVJ+j46TpZFH/CayorqNmenL7vx/xL5/PtzZAec/krcwKvQmKMjsKL+xn6mXhkBI7UHbh05dig6c5LM1BKMuREOcnje75/P3YBmzX6o16ugVPhvYO6so/2BDuFoq//SXs/5pzfPOdQO+pesEmzFqqu7TezGu71jY2kI3lMLie9BzObXih+liLgu9OtZ4M5d9lAm2s71gty+zT/DzdLj8b07mLoQ2cDnph8nDyfDm2m6Ztvn5D7gBvjMvk27r82cKa2mekjdBSNCg6Dqqsk5/75/V2fv+4nG/b8217SdHo98Pt+ZsMRNfHjTC3e720d16fbEm9LIWbIocCzDq3Ub1sv3++vra3qW2odTiSDjMb1nNP5WW7G/U//hJ+UKwNFjs2k/DgZXu+/PxoJdburqbj58o+nJ/8PIpoGHdRtV+g6RC77i6rntvlyjXKwaO9Qk1uyeFd2fQVAzlxha+Hz7fbIF5lq4fv6Djj9mglB6HtZIjkZXvbBJALlYp6psPLtEJeb5fzT/CEdM2GnJrVwT+Pz9vTRHi13kcpvGI5Jm3s3H73crx+vB1+ttt9DSi/FAeLXBhy63wo/wi0Pwc64QTO0yAqHiIp3r7la8t7s9lx1ORTyncNNkdXnY9oEzPsAvJpTMdJ7Ty/H47tW9U196KoSAxz2+TL+dQqXx3JcnHOtXr5aE1sHc0j62fpUBrZ1TST59+Xf7bim/AqnXDpQBg5Mm0mkc3LZ59Mo9e19rEo/s0HymX3R9a5F9daQ92EcCjAQM7ZSheM7IKrnf5POuPb++HY4AJfJ4nQZ0SpBJrwgaWAqLdkQi2H8/jncxRSLxwUUexUcLTBL79wr0/l9NIi0Tp9gDJZyNnWO8CkTCdHCIHMQuQz+bIHQZY9LsmHQg62+knitJ3ATlrdriGJKytLUaBZ0XAnvWd1VtcglWHnwk+eh8o10D6x1CdbelYrb3J+0gXfTi8cIYQ7Ru3I0IuwfEw3du773U4v5Sppv95uW0swaxJNT8nQZqF0nH0ldBVJ4eqsNBU4vDaZe9FlzDTnH1IcctgNhTOcYVbG6XWcfqBXvotJpyHdxct2fb4cP7rEwtqZpUvQ/mkoiOE4IXPhwKLm06adNPXbjzu/ed0ad0MGtVSdQ6X4HGsn4/bbj2a7WutUIlJCMouRz/AlmXJG+vGyXZ/aTfpe4bU7p8z+aU/0FBZYd8+DA6du0jUoV24v3PirFOxZWflnN682yUjpJjZJQT7SzcjhDjMJh7cft8sBe9zG1NvWZK7vV4CRTO03hMmktq+H9+Pbz6eToBtrnRzGSXyULbrzWvIbHFlpiu9FzeiN9x3O1FSG40qOt1c/eVL/ur1sl4MIyhpVP0TeqNVkwi/LvB5fTxKr1mF5R66MI81e9R4cZ94wiXO/brfnb5/X7XI8fT232Qn1Cbg8dbKVhr6ulZ+nZttkOcDq3Jxn//X4dtsu28vxJSU8Z2rUftq1MaKb4cwPOiLSV+LINq87edZ78JUDhfthxM2Z8K/H00uX3X5P8a+2cnoynDBbgoV/L/x8ed4u29fL1uJfXUeXTSAXf9l310kNO1/eDzehtareWCloR5w8TFLfr5fz6fYrqQ+q9q8UhX93xTFuzqeFF8YXrLczDtGzAhg3Z/Ret9NLG4dam+RSMlO0+TAcJMPlKQtztbz9cSIOGyJOVlaGHQ7HDrWfDH++bqdkUk5nwb3uxUKVxpZPeGV67idjZ3SBj+9SvqnlW/oi2PufxMckH/jndTScDiYru0J+cut5FXHxUJPeHUZMOlav2+3w9laC7u0XXFkIS3Jd4AtMxm1etxtAFapyPyzbQo56LJMu/ut2O9629zZtod4EdqbJ2pxmxxX1nOScr9vtj7++t9a9zvhVgc3zZBL063Z7326Hl8Pt0Eqto9CBD86TmSGv2w1hGFMHgtS0qI/P39+Oz9fj6/ft59fL+f14vX5uF/kg7oVeFe6kTYx5ljezH/4tFV60Qac6MMnkc5m0tK/b7XL467L983O7tt9MnezsuApnmTaot+t2+XO7XI8v28fl/NE6pr4h3fMKASOzdRYFeRGRbe7CNtdOm79bX6Cl6xRbp3i35gezl/NMW8FyGYgFXe0b8I9ir2yyeOX1+Od26l3wus6BfEBSS72notEJi/KwVq6sYX9U8QPglD1l+BDr+Ib9ZF3Z6+Vwuj3dfn5sgxwJVe9xinZRy7WDxs15ZanCpAl1VLacLKKh2EFky2gmzxJJPnizxtSocrJSIAlrxKzV10nqoQnKarK1ll6qp4rMlbMn6b8KtG9F+h9H3iEVvz9l9n/xKrtZimMbas9q50orLppLDclJH+ZCAvmXp5NDm8lSPcWVNtxAu2SkJxFJdeMOLRjtcwBcKVYfxRBTTSYZfLvdPs6nt9Yo1+dlxwGRMGd/jofGEq/12ZuOx/wDOeXETJLG4wuqE67caI6ArfzO3WSgj2Q/3Q+7x9Pr0+Ht9enPVCc6+prrzZzshuVSWzPJ7o8Co9QOjqasEk9ZXEote+h6Tg+P/fmwObyTqeQcGI4XUXoVxTo8347hcz4Dkb1Ccs9rWnejv1cbszM1CfKHR/CaiFMQytCFIruBZvJswtcBKYC1Q0smQXNgjeIMK+8jetc/N/ct1leHmYG6DiXShkcvz1AEYWXTxRVGqdPlL9zC++HH4VX487VK0hX3MMsv6WF/9Kt2RYp+Gr55PVlIUaSXr1dUGWtXFwEQ2HJ7VtRkamB3kfPlePvWmHdVX0rRFfaAnuUiDjuZE3l8P5/Oz2/nz5d80kIebx0as5MnzV7u9eN8uop3s9QnuTkHOv+3tZTqiZT3y2nbe+rjZCrI8fSS69Xa+9T1fdLOubtWk+nyx9O9jPf57vq8C/xg6s1MmcmE4iTwdHjLJ4qO+uj6NOEmyzGOp9vlfP3YnodJGaoORigyWJbQrjKTUbTjta7IbDPA65wst5dwsffCh/1l8gO+ZpLRXiVUhtez07NwnMLGyfdwfTsfXo6n19YVq8utJjMYj20LhjorkwIcnAwaOQJtZrU7ncLbd1nrHT1oy8/XuEmtSZJRWKL2oBTtH5Z7MZjJpPbj9Xa+iJ3D1I9HlQ4qE5Jy+L876Oj6WXA/BEd70sooyu1H6B2QT+6C9cXRKchWJjFOHtn+aEXUIGk6DfWPvxqwpWrTrAyH9ollUgacZY+IfcidBNpJ36gLC9X9c3ZXu3gllItj6K5sYDjDZ6y9AnevbZusw7zfzdPn5dh+JrWmkUZYVgQzCX7usp8Pz982lB90n75cbe7EdiiQ4CiJwXH5wbIzqL0RwWRs9Y+/rt+2w8u9PwNKcFB1DY4i99vGPSQ69zSFVtVcizwlS4585OzQ2YTv79vPJxFCU3VBvKJnZkkpI2eHmskU9e/bT/Fk6u2PtNFy/NlM1lB+b4ueVF2Espco84e28hdHuJezUPfEEzsZTfp++9leuzYZFL3guoLIuUZmMgPw7fx8eGtDa9WGTkqk6RSlKVrN4XVP5HUltyIyxlT7QYg/eLNnNvAZxU/6Bulmj+KJNPisGBy6RpjcFJNgtG+F5lVP3+br8SS7P9TZt+SYaspAN6RFns7YgeJWgbstkF6FvRUT539rdnHdfuSczP5JmfaHtyatydT0dY0clOKNlT7S/V546+GMRqU4CsKbglKTNIbuqg8cmjp9MkweRvrTbM1L6JhJ96spsGG4SwCZD08oNVAEJigO3tE/6HsMnLe5p4ZpfiiaM2U4Yq3cflyfZHvvhx/H9893nMdaWXFPsSm/50TuNQmTzcfet/fz5Sf8UhrDpCbfSnFDH+y0dXSNs83o43D03TgOMS17EsVefDoJGnOV3+l8Sx3CxBGkTqB1k3VsuddJTy8qUcSlNKVAak5D42J3ik2v5O3HPZa9B3r2AP/uiu1u72RPov64W++hHJZPo2xITzk2PtnMkAMO/3k/VtZXq4yOLNNa9043k44yX0ZexdhKVyPf/jLZWKmR+/vhunXHeVUnTTJPsFRbE/c00ckyjOaSqEWXrRzSOJl21wiFJxxTC53z8/ZgUqqUQ92b6qREReHmvbOFnWTXImyFEGR9PGFwE8Oc51XJR3V/uvYC3WSDC5Z5Ry692tTl/Ir8YEdZODHulm3SWtPl/rgOihdDfZCxk7njUCxSoDppRVnzy9L7foJNFyc7GVNniXvrKaju1d3GSVzEok/bjxsqDq1Po8vkSYyFno8vz71QVRcVqb375WR4f5cONLBOh1bk/e89ShfuB2onW4tVV+u/z9pq7VVXi/rlH5JE301xu2PX0f7JmAILhQkl9f0y3lomA/iVaBBhr1s+zcLKXeK9YlY0IqsTxhiCL5OBKpaMSi2bsBUdAPzC+ygDaDtZgyWvhnSlDrv7vS3tZJ3F4AqdytRerN+bMk0GLOVV7n6ykK9r+bv3/YtuQEo7RE+pbg7k95qMyaKxVv7H4XI7Ht7gZer6OPZFl1/1EXI/694IVa+aK8w8ny+XPYgyGeRoLyh+Sn1E4mD3EtjQTaY88DXuYeP259T11XsPsL2zMv+cSfDDl/rz8HZ8SWcm8BDremjC854TadWe4TRpblsbYJqNmDxc8tEjHyzN5OPrjkh1jhGFS+iz1/R2LPfn2IstKDuIQr7RsOO3pzPvKT7MwvSeUMGlbpMngvvmL0L7dY7XOhmIuYupXJSmSXEjvAk/q9n3J6R3DYrbSzRZLZMnrvYSl+36+da6Q42DqyZZ2On4/F2qRx2Xo+9HU/K8phCN5fYoFH5aubP5Hq7i180JhMpw3YpjBfGTmW6nc2rMLE4LdSWrm0x9PImzuK6DcmYyxNLlWdTJpgxmuDq7PEFCrIZ7BTFY4HJo+pwCf/VsPjUjZs2kgEPHituMKzeZM3I6376eP09tQGZtspfmvlTsUeu6ymwvvVv43c/mUjz4Zus49Uqeddzjg/zsuKJOKX6KatIBOZ8eN8GsDYej0Kajk6bnMohljy9N9s2412letuL3PF+2w01Adl0P8vDrnPKCjU2rOpBOvMMTaVsZApN3tVIAfeXZAaSJkZttqskT9d+ZzbqT5Bo5hE8X5iAHd81RDNeUYpavph/Powde2Vra2zQ9FE27I7f5MtxBjz55R0dLT8FVz51b2GYuey4qb6CMNRQnhCi3V7RNNii+/7jbw9EF9R7lKKruVlYJDnPvtn6ydv3cBgxVDW8YaljqPxA5Z9JMRkDbVE/ThEkoS4fikpF9NjNZsHnv44+GMTRxAzVZSnAX9guDE5rG72qyjkBcY2p0gms7Dc4+mb7AuE5Dn6wh/zhc0Ble1U6rpqCJ5wiNm3R4Pg6X6zbuL6vrFAdDruzKBMRPZjHKzrK65mrsBMdZpbsXylw7v6euFWdfKk6m/H58O5+2p9Pn++/ty69P6bSDai4FJr+EW5x6Yncr59Lv5pf3eK49UPssAcceoZ9stV3fMmxpUkcAaPvRXDlMQSVuWerJPq+MXNm6cmddxQniyuzzhPj3+ElX8eP4fPtsAxahQQB0t1xDSraKzLwnorlSklHcay32hnt7TvY+qoB/gZ+MpX+cPz4/chv2b9vx9ZsIbDf5K5OlZJXIv44vsu9yk60yWUT2cb7eDm9PXQ+Lpuly2YCJ2oXJFKW7bNQx2zTt291kUL+WBsxk06PdTW6jd5nZC72X0F+2u3o12Vq1Ed/bFrMjQuWodMBY90D07i5zDqjmXAQ3a7P4/kRXF1Mn+gc1+QQv29ftctlenu4hoO7E2tCF8gFxAj+njJL76unctFJ+Tdxrffhb0fvUM66i4eb2aWzp3I2f73st1KXQeD6TuZMfl/PXY5tV1ExFoKYXmn4t97tlZu8p+2sl+B33tBL+hRwRUmafCMjPxE+/uPN728mprpQkTeM2EppuxFje4ukfXJJGmU+B3lqg/02oDh1sGzn/Q/MhwFWnZP7XZCC3tNJsUVRtERfeOtSst5BFHj6OrdTYSOVXNJmWs0u9DxADUM61fQUntwaWmlxhJLZpPjXZAZ3FfozENs2g1GSjkyI2hyU+ZF7NUpnIdTLe3UlE91r3Blkno7TcorXNx6qLcWe3BpJ0HxSWiiK453P7RJv0vkl6xcJZZl+/XR+Pw+xZ6G871Db9AtRk6V8rVkBpV28bbC8mCzeKZKiqTYB3Mk+yyOuUtGnOv/D2pCaP+pXYfHatD3/3Sur2zpsg8uRwvu4S3SGzv05zXJ5ssCuvg558c0SeBJhC7mW7fV5O/S031nIyp+/j8/ptexE9Xgv+HpQV1Wdv2rEtT/Ezkz2L8oX/ZqKWqg9M3CHJ70lnszGG/mIA8atGuXbQOFlJ3bYqNc2cOvLwKPkrcrTVTB6H/9lWOtROiqJ4nuXKK65qNJO1UeSjt0H2OodiMl+eBN3OuUKytbt1D+8dHe9dySZHQMqLwC+t2eUnM1akYLB11O3UJrOaWqlyZlhTLLqwA6smt+VOOHoYTWqPmgxUDs5tddEfhVJ4prGhc5vxjIo4MZoPa1yR4yZrMu+nq9tzeyavI2HrZJVIkQM7yzUmnyCzocOZo2/YceR3H0PFESVuPq645ZGyk0nv4t5Q9mR9IOPDguczhZscrQS6uZm6E9k6Oa+nyEENGWq7zb2N9/T2ye7S5QKpq0r7rmrzx+PW7SQpq8XCx1zTE9rZOGHfc4N5Dh+6vQLD8W+cdE7KzXS5180YLTcZxCrCkAloBlu5yRBWkYcSwZoeSJxdYfdat0mO1V4Cvo46JYhiiyt37nGT/mu5UN8Io077oo+W3rFhosQ1TxyKWPYBw3sz972scu/tNdm69LK9yofcTKwod0SoLUx6Wnex15sYU1HPZFgnMe9lu49L77ux1X4ndylWdgfoe6ft6Q+0c85qSk9BcB57a3ZbSBGXveRmHzA9edQn9/f8+x/b8+0XmsHUD4ICupZrJcxkxjJdnis+R5erHRxSCsv2x0ymBNPlZC1tzVl4MpTnQgw3Cc0r8X/7i5qun5SFY/eS5ck03nJJNNy2zrMtqsNpQuTCBM68WLiOVu8DnSZbMpebkL5T3UmPTAx5Q6EKBM4/3ONle3p0imttaVMxSUFGy83GzeSh/bJdz5+XNreozj4tcnlSH32vlIrAozEJ3Bn6Sg0ZVcNhYXIbvOVUBG62Q587VUIFHptEZjo4Ngn0gnlqO7e24rK8hess9o6PnEGpNH9dmguUuWRLmX1oK2O6fd4SDwNSnK6g3GS1Dj3uFgXXCXWOlGivyFr2m5gMnRHXfro7IyMr1+Irwq372Kdpt6dc61GzvGb/I/5j90FNk3EZupb0seouDpYD/GQYHGsb6Q3v6OyFKDfZA6a+BeHdNFPWCXzswXR2LdxktIguBeZT6zoLxNEn5/Y5AtOOf7mEiEHVtXVkTvU+a5u+Y86N2kcxsAXSe/L1XmU42X2kvi3xkOuGalSRv+6xyn3k4mQWSI7BCXKo60FIK3kAK+WoBkrXCNzJek/34yMx9ypQ3FxC7X1iOb1Vub0cczKEdNn+PD+Ppzgp1VR7Et7fZ/ZM69+f5+9bfyZs4pNcQGMn5xCAKhfXTDilquB9uOHkp3ntJls3U5apBsHS+4z7RNNJJHU9vG/Xo0hgqwNJnGoSJ8N1JDH7o60O1gf5PbI26bYkl6nxmOqiFbKR3GmP4Txn2ek942myoqH30uqzSXn49HbZSnMuI00joTQaw8NuiaIbMuCW7tLz5DD6NlceJk25T4H7SNDFw+6ocTcGbqTLoHp3HvdZC2zmOLmIxwQoNkeKk5eU2UcrsdfAPXwUDxRQnCWh3GQALD/s0XbbdDejmPU+VWvSNl63Z5FJpOtuL5ybFCfPxUne8faTe+0J214Xu1BO8LrHUXcPbLJR83U7vfxxld0U6u9gspYTtXuus144WLTb8mVyqyuiv2/tuLzYdqeZM9hF1tvxa/IZWmtS5zRzwoWajN9xKZzI3nXNmEOyJXvL0Nn3xIV2kkk2o6jdZG/1q2y7X1cdcjh3maxrvMKu+HUbTctAa3Ls2BX1wq+jADySSXHrZMVlUspNRuSu2+10Tl052i+gfmmTbaR7BqTrI7CjPdXTSWzlYPbCPrad3WZHLEjXsdR1b+c86XqMUFBtLtfJGhQ0Rqc+hjgK5Hh2FvlNLpWTzO7TZO/9ct09yU8kODb9/+xkRHUMnHRs+vLyzjXJtIpg8MhrgDiZ2XoX1rYQNHXbvLB/H5PNIbJAgAbr0VCTzT2ub0fZkVLXn7TnXOB9mtI+cnYSl3b2t66953513NeZPKIvxdVix4rbIfEEOE7bpLIR+mhd4NMznbboRBH4CLOwI8N9lBXv4ErvTV+qNE8+/kwO2QVl2HUtEicvV02s9wErk5/B7bJtt6fDy724X7Q7qb+q8qzoRYbJePD18/fmcNKMHKdDNjmrmn1dNiR83KVnHPeqI/aSuH5S7U2dHX8ZfnIC3vUzh8wfxnSabqB0uOLO4WbSSbttp8PpBmbi1kmDjlTWsQu+8I+3k6nWuSU8PjE3g2joye8z8CYdj/YKKYz7lNtRDR9iw1wINeyNGSdTVvKFZRRH1Tnk3L993RNRJxtg9QX3qs6j154Pjxzimjz+3n62RVT14ExFBsSyrbCTXfI/2y3M1k4D111M1u9+HnN3xeb3102VKM7I5bKGjoSebjwQQgtcHkDWOpDFjRx05pwFxS3hFXcjVW4yffTz4+Xe5vmpHeLQVFRQQxFNd6XpiGXJtnk+h9GtRL4THqymuGxH7b3eHRsiP7mF5jtGZ606HDlbtvApyrpMc5KgT5zOa5FDdGbyMPt53bqWZHWYe52Mmnxe7z06WstXe9akTI61YplMSe57WNTpEKRunraOdTetbH/spCd1v9ThdZPl8rU/TJuWq7yG6ScEknzq4xK5FYY8Kk67d6S2jr4zv1e9cjXrwkEcO5luSfc02E6asxw3cWa+NJlI9CCDyNQTDtfJ5CuSB8seayvJyQ/rXq6yN3aeNZy341u7adSnN3YAV95l/WQPjCT4P6kZf6NxdU6roRe9ciqHnyxoKC1ZNjBtRTc5LEUuoR3uk2AokWzdq/v2AGClbXuS0Zze/bX9LgPQTUkb9cfTXCxO0Ua7t4+he6OAYOQ2Njy6UnE1o+LG38qxmfeT7f1+tCa43nwozs/pNZFjHmYyxv3DPbfy6ydBITlLZi3ywzaTnbl+uPazrs/3ig5Iluxy5IC5mYyq/XC3/3e9E7PmIvUBntxeS0Yz8rA+M7m//HCfrfwa+5ImWvZC+KxmJp3Dto+zbaoWCfTy4DgODZpJI/K/59MmbX8TG6XcTU7s4AJCSzF6T7vCSoeTuE8M2weuczjJ7A4yfwSl7+7j+/2f3758HD+2t+Np+/KP//6ff//7/wNWeND5"; \ No newline at end of file diff --git a/docs/html/classes/_monocloud_auth-core.index.MonoCloudAuthBaseError.html b/docs/html/classes/_monocloud_auth-core.index.MonoCloudAuthBaseError.html index fbbfb03a..0de33ddb 100644 --- a/docs/html/classes/_monocloud_auth-core.index.MonoCloudAuthBaseError.html +++ b/docs/html/classes/_monocloud_auth-core.index.MonoCloudAuthBaseError.html @@ -1,4 +1,4 @@ MonoCloudAuthBaseError | MonoCloud Authentication SDK
          MonoCloud Authentication SDK
            Preparing search index...

            Class MonoCloudAuthBaseError

            Base class for all MonoCloud authentication errors.

            All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using instanceof.

            -

            Hierarchy

            Index

            Constructors

            constructor +

            Hierarchy

            Index

            Constructors

            constructor

            Constructors

            • Parameters

              • Optionalmessage: string

              Returns MonoCloudAuthBaseError

            Settings

            On This Page

            Constructors
            diff --git a/docs/html/classes/_monocloud_auth-core.index.MonoCloudHttpError.html b/docs/html/classes/_monocloud_auth-core.index.MonoCloudHttpError.html index a5a94bec..2fae6bae 100644 --- a/docs/html/classes/_monocloud_auth-core.index.MonoCloudHttpError.html +++ b/docs/html/classes/_monocloud_auth-core.index.MonoCloudHttpError.html @@ -1,4 +1,4 @@ MonoCloudHttpError | MonoCloud Authentication SDK
            MonoCloud Authentication SDK
              Preparing search index...

              Class MonoCloudHttpError

              Error thrown when a request to the MonoCloud authorization server fails.

              This error typically indicates a network failure, an unexpected HTTP response, or an unsuccessful response returned by the authorization server.

              -

              Hierarchy

              Index

              Constructors

              constructor +

              Hierarchy

              Index

              Constructors

              constructor

              Constructors

              Settings

              On This Page

              Constructors
              diff --git a/docs/html/classes/_monocloud_auth-core.index.MonoCloudOPError.html b/docs/html/classes/_monocloud_auth-core.index.MonoCloudOPError.html index 8ede873c..db3eed50 100644 --- a/docs/html/classes/_monocloud_auth-core.index.MonoCloudOPError.html +++ b/docs/html/classes/_monocloud_auth-core.index.MonoCloudOPError.html @@ -1,6 +1,6 @@ MonoCloudOPError | MonoCloud Authentication SDK
              MonoCloud Authentication SDK
                Preparing search index...

                Class MonoCloudOPError

                OAuth error returned by the authorization server during an authentication or token request.

                These errors correspond to standard OAuth / OpenID Connect error responses such as invalid_request, access_denied, or invalid_grant.

                -

                Hierarchy

                Index

                Constructors

                constructor +

                Hierarchy

                Index

                Constructors

                constructor

                Properties

                error errorDescription?

                Constructors

                Properties

                error: string

                OAuth error code returned by the authorization server.

                diff --git a/docs/html/classes/_monocloud_auth-core.index.MonoCloudTokenError.html b/docs/html/classes/_monocloud_auth-core.index.MonoCloudTokenError.html index 66580065..3b6d4a3a 100644 --- a/docs/html/classes/_monocloud_auth-core.index.MonoCloudTokenError.html +++ b/docs/html/classes/_monocloud_auth-core.index.MonoCloudTokenError.html @@ -1,3 +1,3 @@ MonoCloudTokenError | MonoCloud Authentication SDK
                MonoCloud Authentication SDK
                  Preparing search index...

                  Class MonoCloudTokenError

                  Error thrown when a token operation fails.

                  -

                  Hierarchy

                  Index

                  Constructors

                  constructor +

                  Hierarchy

                  Index

                  Constructors

                  constructor

                  Constructors

                  Settings

                  On This Page

                  Constructors
                  diff --git a/docs/html/classes/_monocloud_auth-core.index.MonoCloudValidationError.html b/docs/html/classes/_monocloud_auth-core.index.MonoCloudValidationError.html index a45c486a..b0121940 100644 --- a/docs/html/classes/_monocloud_auth-core.index.MonoCloudValidationError.html +++ b/docs/html/classes/_monocloud_auth-core.index.MonoCloudValidationError.html @@ -1,3 +1,3 @@ MonoCloudValidationError | MonoCloud Authentication SDK
                  MonoCloud Authentication SDK
                    Preparing search index...

                    Class MonoCloudValidationError

                    Error thrown when validation fails.

                    -

                    Hierarchy

                    Index

                    Constructors

                    constructor +

                    Hierarchy

                    Index

                    Constructors

                    constructor

                    Constructors

                    Settings

                    On This Page

                    Constructors
                    diff --git a/docs/html/classes/_monocloud_auth-js-core.index.LocalStorage.html b/docs/html/classes/_monocloud_auth-js-core.index.LocalStorage.html new file mode 100644 index 00000000..444289c7 --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.LocalStorage.html @@ -0,0 +1,15 @@ +LocalStorage | MonoCloud Authentication SDK
                    MonoCloud Authentication SDK
                      Preparing search index...

                      Class LocalStorage

                      window.localStorage-backed implementation of IStorage.

                      +

                      This is the default storage used by MonoCloudJSCoreClient.

                      +

                      Implements

                      Index

                      Constructors

                      constructor +

                      Methods

                      getItem +removeItem +setItem +

                      Constructors

                      Methods

                      • Retrieves the value associated with the given key.

                        +

                        Parameters

                        • key: string

                          The unique identifier for the stored item.

                          +

                        Returns Promise<string | null>

                        The stored value as a string, or null if the key does not exist.

                        +

                      • Removes the item associated with the specified key from storage.

                        +

                        Parameters

                        • key: string

                          The unique identifier of the item to remove.

                          +

                        Returns Promise<void>

                      • Stores a key-value pair in the storage.

                        +

                        Parameters

                        • key: string

                          The unique identifier for the item.

                          +
                        • value: string

                          The string value to store.

                          +

                        Returns Promise<void>

                      Settings

                      On This Page

                      Constructors
                      Methods
                      diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MemoryStorage.html b/docs/html/classes/_monocloud_auth-js-core.index.MemoryStorage.html new file mode 100644 index 00000000..98020177 --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MemoryStorage.html @@ -0,0 +1,15 @@ +MemoryStorage | MonoCloud Authentication SDK
                      MonoCloud Authentication SDK
                        Preparing search index...

                        Class MemoryStorage

                        In-memory implementation of IStorage.

                        +

                        Useful for testing or for sessions that should not persist across page reloads.

                        +

                        Implements

                        Index

                        Constructors

                        constructor +

                        Methods

                        getItem +removeItem +setItem +

                        Constructors

                        Methods

                        • Retrieves the value associated with the given key.

                          +

                          Parameters

                          • key: string

                            The unique identifier for the stored item.

                            +

                          Returns Promise<string | null>

                          The stored value as a string, or null if the key does not exist.

                          +

                        • Removes the item associated with the specified key from storage.

                          +

                          Parameters

                          • key: string

                            The unique identifier of the item to remove.

                            +

                          Returns Promise<void>

                        • Stores a key-value pair in the storage.

                          +

                          Parameters

                          • key: string

                            The unique identifier for the item.

                            +
                          • value: string

                            The string value to store.

                            +

                          Returns Promise<void>

                        Settings

                        On This Page

                        Constructors
                        Methods
                        diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.html new file mode 100644 index 00000000..be8d6b88 --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.html @@ -0,0 +1,4 @@ +MonoCloudAuthBaseError | MonoCloud Authentication SDK
                        MonoCloud Authentication SDK
                          Preparing search index...

                          Class MonoCloudAuthBaseError

                          Base class for all MonoCloud authentication errors.

                          +

                          All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using instanceof.

                          +

                          Hierarchy

                          Index

                          Constructors

                          constructor +

                          Constructors

                          • Parameters

                            • Optionalmessage: string

                            Returns MonoCloudAuthBaseError

                          Settings

                          On This Page

                          Constructors
                          diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudHttpError.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudHttpError.html new file mode 100644 index 00000000..77aa908d --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudHttpError.html @@ -0,0 +1,4 @@ +MonoCloudHttpError | MonoCloud Authentication SDK
                          MonoCloud Authentication SDK
                            Preparing search index...

                            Class MonoCloudHttpError

                            Error thrown when a request to the MonoCloud authorization server fails.

                            +

                            This error typically indicates a network failure, an unexpected HTTP response, or an unsuccessful response returned by the authorization server.

                            +

                            Hierarchy

                            Index

                            Constructors

                            constructor +

                            Constructors

                            Settings

                            On This Page

                            Constructors
                            diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.html new file mode 100644 index 00000000..c228ea6c --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.html @@ -0,0 +1,107 @@ +MonoCloudJSCoreClient | MonoCloud Authentication SDK
                            MonoCloud Authentication SDK
                              Preparing search index...

                              Class MonoCloudJSCoreClient

                              MonoCloudJSCoreClient is the core SDK entry point for integrating MonoCloud authentication into single-page applications (SPAs) and other browser-based JavaScript environments.

                              +

                              It provides:

                              +
                                +
                              • Redirection and popup-based sign-in and sign-out.
                                • +
                              • Session and token management.
                                • +
                              • Automatic PKCE and state validation.
                                • +
                              • Silent and explicit token refreshing.
                                • +
                              + +
                              import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core';

                              export const client = new MonoCloudJSCoreClient({
                              tenantDomain: 'your-tenant.monocloud.com',
                              clientId: 'your-client-id',
                              appUrl: 'http://localhost:3000',
                              callbackPath: '/callback',
                              signOutCallbackPath: '/logout'
                              });
+
                              + +
                              Index

                              Constructors

                              constructor +

                              Properties

                              oidcClient +

                              Methods

                              getSession +getTokens +processCallback +refetchUserInfo +refreshSession +signIn +signOut +

                              Constructors

                              • Initializes a new instance of the MonoCloudJSCoreClient.

                                +

                                Parameters

                                • options: MonoCloudJSCoreClientOptions

                                  Configuration options for the client.

                                  +
                                • storage: IStorage = ...

                                  Custom storage implementation for session persistence. Defaults to new LocalStorage().

                                  +
                                • OptionalpostCallbackFn: PostCallback

                                  A callback function executed after a successful sign-in or sign-out. Useful for client-side routing integration.

                                  +
                                • OptionalonSessionCreating: OnSessionCreating

                                  A hook used to modify or validate the session during creation.

                                  +

                                Returns MonoCloudJSCoreClient

                                import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core';

                                const client = new MonoCloudJSCoreClient({
                                tenantDomain: 'your-tenant.monocloud.com',
                                clientId: 'your-client-id',
                                appUrl: 'http://localhost:3000',
                                });
+
                                + +
                                import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core';
                                import { MemoryStorage } from './storage';
                                import { router } from './router';

                                const client = new MonoCloudJSCoreClient(
                                options,
                                new MemoryStorage(),
                                (state) => {
                                  // Use router to navigate instead of full page reload.
                                  router.push(state.returnUrl || '/dashboard');
                                }
                                );
+
                                + +

                              Properties

                              oidcClient: MonoCloudOidcClient

                              Underlying OpenID Connect client used for advanced authorization and token operations.

                              +

                              Methods

                              • Retrieves the active tokens for the session.

                                +

                                If the tokens are expired or about to expire, this method will attempt to refresh them automatically before returning.

                                +

                                Parameters

                                • Optionaloptions: GetTokensOptions

                                  Options to control token retrieval (e.g., force refresh).

                                  +

                                Returns Promise<MonoCloudTokens>

                                The active tokens.

                                +
                                const tokens = await client.getTokens();
                                console.log(tokens.accessToken);
+
                                + +
                                const tokens = await client.getTokens({ forceRefresh: true });
+
                                + +
                                const tokens = await client.getTokens({
                                  resource: 'https://api.example.com',
                                  scopes: 'read:data'
                                });
+
                                + +

                                MonoCloudValidationError If the session does not exist.

                                +

                              • Processes the authentication callback.

                                +

                                This method must be called on application startup (usually in the entry point or router) +to handle the response from the identity provider after a redirect flow.

                                +
                                  +
                                • Main Window: Validates the state and code, exchanges them for tokens, and establishes the session.
                                  • +
                                • Popup/Iframe: Posts the callback URL back to the parent/opener window to complete the flow.
                                  • +
                                +

                                Returns Promise<void>

                                A promise that resolves when the callback processing is complete.

                                +

                                Example: Application Entry

                                import { client } from './auth';

                                async function init() {
                                  // Process any pending redirect callbacks before rendering.
                                  await client.processCallback();

                                  // Continue mounting the app.
                                  renderApp();
                                }

                                init();
+
                                + +

                              • Refetches user information from the UserInfo endpoint and updates the local session.

                                +

                                Returns Promise<void>

                                await client.refetchUserInfo();
                                const session = await client.getSession();
                                console.log('Updated user data:', session.user);
+
                                + +

                                MonoCloudValidationError If the session is invalid or the default token is missing.

                                +

                              • Refreshes the user's session.

                                +

                                This method can be used to explicitly refresh tokens using various methods:

                                +
                                  +
                                • silent: Uses a hidden iframe (requires third-party cookies).
                                  • +
                                • refresh_token: Uses the Refresh Token Grant (requires offline_access scope).
                                  • +
                                • popup: Opens a transient popup to refresh the session interactively.
                                  • +
                                +

                                Parameters

                                • OptionalrefreshOptions: RefreshOptions

                                  Optional configuration for the refresh flow.

                                  +

                                Returns Promise<void>

                                await client.refreshSession({ mode: 'silent' });
+
                                + +
                                await client.refreshSession({ mode: 'refresh_token' });
+
                                + +

                                MonoCloudValidationError If the session is invalid or missing required tokens.

                                +

                                MonoCloudJsError If called from within a popup or iframe.

                                +

                              • Initiates the sign-in flow.

                                +

                                Parameters

                                • OptionalsignInOptions: SignInOptions

                                  Optional configuration for the sign-in request.

                                  +

                                Returns Promise<void>

                                document.getElementById('login-btn').addEventListener('click', async () => {
                                  // Standard top-level redirect to the authorization server.
                                  await client.signIn();
                                });
+
                                + +
                                document.getElementById('login-popup-btn').addEventListener('click', async () => {
                                  // Opens a centered popup for authentication.
                                  await client.signIn({ mode: 'popup' });
                                  console.log('User finished popup flow!');
                                });
+
                                + +
                                document.getElementById('register-btn').addEventListener('click', async () => {
                                  // Forces the identity provider to show the registration/sign-up screen.
                                  await client.signIn({ signUp: true });
                                });
+
                                + +

                                MonoCloudJsError If called from within a popup or iframe.

                                +

                              • Initiates the sign-out flow.

                                +

                                Clears the local session and optionally redirects the user to the identity provider to end the session there (Federated Sign-Out).

                                +

                                Parameters

                                • OptionalsignOutOptions: SignOutOptions

                                  Optional configuration for the sign-out request.

                                  +

                                Returns Promise<void>

                                document.getElementById('logout-btn').addEventListener('click', async () => {
                                  await client.signOut();
                                });
+
                                + +
                                document.getElementById('logout-popup-btn').addEventListener('click', async () => {
                                  // Opens a popup to perform federated sign-out and keep the user on the current page.
                                  await client.signOut({ mode: 'popup' });
                                });
+
                                + +

                                MonoCloudJsError If called from within a popup or iframe.

                                +

                              Settings

                              On This Page

                              Initialization
                              Constructors
                              Properties
                              Methods
                              diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJsError.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJsError.html new file mode 100644 index 00000000..c194a88f --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudJsError.html @@ -0,0 +1,4 @@ +MonoCloudJsError | MonoCloud Authentication SDK
                              MonoCloud Authentication SDK
                                Preparing search index...

                                Class MonoCloudJsError

                                Base class for all MonoCloud authentication errors.

                                +

                                All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using instanceof.

                                +

                                Hierarchy

                                Index

                                Constructors

                                constructor +

                                Constructors

                                Settings

                                On This Page

                                Constructors
                                diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOPError.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOPError.html new file mode 100644 index 00000000..2c558ef5 --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOPError.html @@ -0,0 +1,8 @@ +MonoCloudOPError | MonoCloud Authentication SDK
                                MonoCloud Authentication SDK
                                  Preparing search index...

                                  Class MonoCloudOPError

                                  OAuth error returned by the authorization server during an authentication or token request.

                                  +

                                  These errors correspond to standard OAuth / OpenID Connect error responses such as invalid_request, access_denied, or invalid_grant.

                                  +

                                  Hierarchy

                                  Index

                                  Constructors

                                  constructor +

                                  Properties

                                  error +errorDescription? +

                                  Constructors

                                  Properties

                                  error: string

                                  OAuth error code returned by the authorization server.

                                  +
                                  errorDescription?: string

                                  Human-readable description of the error.

                                  +

                                  Settings

                                  On This Page

                                  Constructors
                                  Properties
                                  diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.html new file mode 100644 index 00000000..4c896a52 --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.html @@ -0,0 +1,138 @@ +MonoCloudOidcClient | MonoCloud Authentication SDK
                                  MonoCloud Authentication SDK
                                    Preparing search index...

                                    Class MonoCloudOidcClient

                                    Index

                                    Constructors

                                    constructor +

                                    Methods

                                    authenticate +authorizationUrl +decodeJwt +endSessionUrl +exchangeAuthorizationCode +getJwks +getMetadata +pushedAuthorizationRequest +refetchUserInfo +refreshGrant +refreshSession +revokeToken +userinfo +validateIdToken +

                                    Constructors

                                    Methods

                                    • Generates a session with user and tokens by exchanging authorization code from callback params.

                                      +

                                      Parameters

                                      • code: string

                                        The authorization code received from the callback.

                                        +
                                      • redirectUri: string

                                        The redirect URI that was used in the authorization request.

                                        +
                                      • requestedScopes: string

                                        A space-separated list of scopes originally requested via the /authorize endpoint. +This is stored in the session to ensure the correct access token can be identified and refreshed during refreshSession().

                                        +
                                      • Optionalresource: string

                                        A space-separated list of resource indicators originally requested via the /authorize endpoint. +Used alongside scopes to uniquely identify and refresh the specific access token associated with these resources.

                                        +
                                      • Optionaloptions: AuthenticateOptions

                                        Options for authenticating a user with authorization code.

                                        +

                                      Returns Promise<MonoCloudSession>

                                      The user's session containing authentication tokens and user information.

                                      +

                                      MonoCloudValidationError - When the token scope does not contain the openid scope, +or if 'expires_in' or 'scope' is missing from the token response.

                                      +

                                      MonoCloudOPError - When the OpenID Provider returns a standardized. +OAuth 2.0 error response.

                                      +

                                      MonoCloudTokenError - If ID Token validation fails.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Generates an authorization URL with specified parameters.

                                      +

                                      If no values are provided for responseType, or codeChallengeMethod, they default to code, and S256, respectively.

                                      +

                                      Parameters

                                      Returns Promise<string>

                                      Tenant's authorization URL.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Generates OpenID end session URL for signing out.

                                      +

                                      Note - The state is added only when postLogoutRedirectUri is present.

                                      +

                                      Parameters

                                      Returns Promise<string>

                                      Tenant's end session URL.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Exchanges an authorization code for tokens.

                                      +

                                      Parameters

                                      • code: string

                                        The authorization code received from the authorization server.

                                        +
                                      • redirectUri: string

                                        The redirect URI used in the initial authorization request.

                                        +
                                      • OptionalcodeVerifier: string

                                        Code verifier for PKCE.

                                        +
                                      • Optionalresource: string

                                        Space-separated list of resources the access token should be scoped to.

                                        +

                                      Returns Promise<Tokens>

                                      Tokens obtained by exchanging an authorization code at the token endpoint.

                                      +

                                      MonoCloudOPError - When the OpenID Provider returns a standardized +OAuth 2.0 error response.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Fetches the JSON Web Keys used to sign the ID token. +The JWKS is cached for 1 minute.

                                      +

                                      Parameters

                                      • forceRefresh: boolean = false

                                        If true, bypasses the cache and fetches fresh set of JWKS from the server.

                                        +

                                      Returns Promise<Jwks>

                                      The JSON Web Key Set containing the public keys for token verification.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Fetches the authorization server metadata from the .well-known endpoint. +The metadata is cached for 1 minute.

                                      +

                                      Parameters

                                      • forceRefresh: boolean = false

                                        If true, bypasses the cache and fetches fresh metadata from the server.

                                        +

                                      Returns Promise<IssuerMetadata>

                                      The issuer metadata for the tenant, retrieved from the OpenID Connect discovery endpoint.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Exchanges a refresh token for new tokens.

                                      +

                                      Parameters

                                      • refreshToken: string

                                        The refresh token used to request new tokens.

                                        +
                                      • Optionaloptions: RefreshGrantOptions

                                        Refresh grant options.

                                        +

                                      Returns Promise<Tokens>

                                      Tokens obtained by exchanging a refresh token at the token endpoint.

                                      +

                                      MonoCloudOPError - When the OpenID Provider returns a standardized +OAuth 2.0 error response.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Revokes an access token or refresh token, rendering it invalid for future use.

                                      +

                                      Parameters

                                      • token: string

                                        The token string to be revoked.

                                        +
                                      • OptionaltokenType: string

                                        Hint about the token type ('access_token' or 'refresh_token').

                                        +

                                      Returns Promise<void>

                                      If token revocation succeeded.

                                      +

                                      MonoCloudValidationError - If token is invalid or unsupported token type

                                      +

                                      MonoCloudOPError - When the OpenID Provider returns a standardized +OAuth 2.0 error response.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                    • Fetches userinfo associated with the provided access token.

                                      +

                                      Parameters

                                      • accessToken: string

                                        A valid access token used to retrieve userinfo.

                                        +

                                      Returns Promise<UserinfoResponse<Address>>

                                      The authenticated user's claims.

                                      +

                                      MonoCloudOPError - When the OpenID Provider returns a standardized +OAuth 2.0 error (e.g., 'invalid_token') in the 'WWW-Authenticate' header +following a 401 Unauthorized response.

                                      +

                                      MonoCloudHttpError - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response.

                                      +

                                      MonoCloudValidationError - When the access token is invalid.

                                      +

                                    • Validates an ID Token.

                                      +

                                      Parameters

                                      • idToken: string

                                        The ID Token JWT string to validate.

                                        +
                                      • jwks: Jwk[]

                                        Array of JSON Web Keys (JWK) used to verify the token's signature.

                                        +
                                      • clockSkew: number

                                        Number of seconds to adjust the current time to account for clock differences.

                                        +
                                      • clockTolerance: number

                                        Additional time tolerance in seconds for time-based claim validation.

                                        +
                                      • OptionalmaxAge: number

                                        Maximum authentication age in seconds.

                                        +
                                      • Optionalnonce: string

                                        Nonce value to validate against the token's nonce claim.

                                        +

                                      Returns Promise<IdTokenClaims>

                                      Validated ID Token claims.

                                      +

                                      MonoCloudTokenError - If ID Token validation fails

                                      +

                                    Settings

                                    On This Page

                                    Constructors
                                    Methods
                                    diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudTokenError.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudTokenError.html new file mode 100644 index 00000000..d6079fd9 --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudTokenError.html @@ -0,0 +1,3 @@ +MonoCloudTokenError | MonoCloud Authentication SDK
                                    MonoCloud Authentication SDK
                                      Preparing search index...

                                      Class MonoCloudTokenError

                                      Error thrown when a token operation fails.

                                      +

                                      Hierarchy

                                      Index

                                      Constructors

                                      constructor +

                                      Constructors

                                      Settings

                                      On This Page

                                      Constructors
                                      diff --git a/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudValidationError.html b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudValidationError.html new file mode 100644 index 00000000..41d66f4d --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.MonoCloudValidationError.html @@ -0,0 +1,3 @@ +MonoCloudValidationError | MonoCloud Authentication SDK
                                      MonoCloud Authentication SDK
                                        Preparing search index...

                                        Class MonoCloudValidationError

                                        Error thrown when validation fails.

                                        +

                                        Hierarchy

                                        Index

                                        Constructors

                                        constructor +

                                        Constructors

                                        Settings

                                        On This Page

                                        Constructors
                                        diff --git a/docs/html/classes/_monocloud_auth-js-core.index.SessionStorage.html b/docs/html/classes/_monocloud_auth-js-core.index.SessionStorage.html new file mode 100644 index 00000000..d62bf34d --- /dev/null +++ b/docs/html/classes/_monocloud_auth-js-core.index.SessionStorage.html @@ -0,0 +1,15 @@ +SessionStorage | MonoCloud Authentication SDK
                                        MonoCloud Authentication SDK
                                          Preparing search index...

                                          Class SessionStorage

                                          window.sessionStorage-backed implementation of IStorage.

                                          +

                                          Data persists for the lifetime of the current browser tab.

                                          +

                                          Implements

                                          Index

                                          Constructors

                                          constructor +

                                          Methods

                                          getItem +removeItem +setItem +

                                          Constructors

                                          Methods

                                          • Retrieves the value associated with the given key.

                                            +

                                            Parameters

                                            • key: string

                                              The unique identifier for the stored item.

                                              +

                                            Returns Promise<string | null>

                                            The stored value as a string, or null if the key does not exist.

                                            +

                                          • Removes the item associated with the specified key from storage.

                                            +

                                            Parameters

                                            • key: string

                                              The unique identifier of the item to remove.

                                              +

                                            Returns Promise<void>

                                          • Stores a key-value pair in the storage.

                                            +

                                            Parameters

                                            • key: string

                                              The unique identifier for the item.

                                              +
                                            • value: string

                                              The string value to store.

                                              +

                                            Returns Promise<void>

                                          Settings

                                          On This Page

                                          Constructors
                                          Methods
                                          diff --git a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudAuthBaseError.html b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudAuthBaseError.html index fe93d12f..9569e745 100644 --- a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudAuthBaseError.html +++ b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudAuthBaseError.html @@ -1,4 +1,4 @@ MonoCloudAuthBaseError | MonoCloud Authentication SDK
                                          MonoCloud Authentication SDK
                                            Preparing search index...

                                            Class MonoCloudAuthBaseError

                                            Base class for all MonoCloud authentication errors.

                                            All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using instanceof.

                                            -

                                            Hierarchy

                                            Index

                                            Constructors

                                            constructor +

                                            Hierarchy

                                            Index

                                            Constructors

                                            constructor

                                            Constructors

                                            • Parameters

                                              • Optionalmessage: string

                                              Returns MonoCloudAuthBaseError

                                            Settings

                                            On This Page

                                            Constructors
                                            diff --git a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudHttpError.html b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudHttpError.html index 7a543346..851b480a 100644 --- a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudHttpError.html +++ b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudHttpError.html @@ -1,4 +1,4 @@ MonoCloudHttpError | MonoCloud Authentication SDK
                                            MonoCloud Authentication SDK
                                              Preparing search index...

                                              Class MonoCloudHttpError

                                              Error thrown when a request to the MonoCloud authorization server fails.

                                              This error typically indicates a network failure, an unexpected HTTP response, or an unsuccessful response returned by the authorization server.

                                              -

                                              Hierarchy

                                              Index

                                              Constructors

                                              constructor +

                                              Hierarchy

                                              Index

                                              Constructors

                                              constructor

                                              Constructors

                                              Settings

                                              On This Page

                                              Constructors
                                              diff --git a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudOPError.html b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudOPError.html index 1a433b9d..84d26ebc 100644 --- a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudOPError.html +++ b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudOPError.html @@ -1,6 +1,6 @@ MonoCloudOPError | MonoCloud Authentication SDK
                                              MonoCloud Authentication SDK
                                                Preparing search index...

                                                Class MonoCloudOPError

                                                OAuth error returned by the authorization server during an authentication or token request.

                                                These errors correspond to standard OAuth / OpenID Connect error responses such as invalid_request, access_denied, or invalid_grant.

                                                -

                                                Hierarchy

                                                Index

                                                Constructors

                                                constructor +

                                                Hierarchy

                                                Index

                                                Constructors

                                                constructor

                                                Properties

                                                error errorDescription?

                                                Constructors

                                                Properties

                                                error: string

                                                OAuth error code returned by the authorization server.

                                                diff --git a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudTokenError.html b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudTokenError.html index 562a427c..28322e34 100644 --- a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudTokenError.html +++ b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudTokenError.html @@ -1,3 +1,3 @@ MonoCloudTokenError | MonoCloud Authentication SDK
                                                MonoCloud Authentication SDK
                                                  Preparing search index...

                                                  Class MonoCloudTokenError

                                                  Error thrown when a token operation fails.

                                                  -

                                                  Hierarchy

                                                  Index

                                                  Constructors

                                                  constructor +

                                                  Hierarchy

                                                  Index

                                                  Constructors

                                                  constructor

                                                  Constructors

                                                  Settings

                                                  On This Page

                                                  Constructors
                                                  diff --git a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudValidationError.html b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudValidationError.html index 432e1000..c17619af 100644 --- a/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudValidationError.html +++ b/docs/html/classes/_monocloud_auth-nextjs.index.MonoCloudValidationError.html @@ -1,3 +1,3 @@ MonoCloudValidationError | MonoCloud Authentication SDK
                                                  MonoCloud Authentication SDK
                                                    Preparing search index...

                                                    Class MonoCloudValidationError

                                                    Error thrown when validation fails.

                                                    -

                                                    Hierarchy

                                                    Index

                                                    Constructors

                                                    constructor +

                                                    Hierarchy

                                                    Index

                                                    Constructors

                                                    constructor

                                                    Constructors

                                                    Settings

                                                    On This Page

                                                    Constructors
                                                    diff --git a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudAuthBaseError.html b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudAuthBaseError.html index 763d6f16..e40ed6ec 100644 --- a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudAuthBaseError.html +++ b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudAuthBaseError.html @@ -1,4 +1,4 @@ MonoCloudAuthBaseError | MonoCloud Authentication SDK
                                                    MonoCloud Authentication SDK
                                                      Preparing search index...

                                                      Class MonoCloudAuthBaseError

                                                      Base class for all MonoCloud authentication errors.

                                                      All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using instanceof.

                                                      -

                                                      Hierarchy

                                                      Index

                                                      Constructors

                                                      constructor +

                                                      Hierarchy

                                                      Index

                                                      Constructors

                                                      constructor

                                                      Constructors

                                                      • Parameters

                                                        • Optionalmessage: string

                                                        Returns MonoCloudAuthBaseError

                                                      Settings

                                                      On This Page

                                                      Constructors
                                                      diff --git a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudHttpError.html b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudHttpError.html index a0b60e03..82c959d0 100644 --- a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudHttpError.html +++ b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudHttpError.html @@ -1,4 +1,4 @@ MonoCloudHttpError | MonoCloud Authentication SDK
                                                      MonoCloud Authentication SDK
                                                        Preparing search index...

                                                        Class MonoCloudHttpError

                                                        Error thrown when a request to the MonoCloud authorization server fails.

                                                        This error typically indicates a network failure, an unexpected HTTP response, or an unsuccessful response returned by the authorization server.

                                                        -

                                                        Hierarchy

                                                        Index

                                                        Constructors

                                                        constructor +

                                                        Hierarchy

                                                        Index

                                                        Constructors

                                                        constructor

                                                        Constructors

                                                        Settings

                                                        On This Page

                                                        Constructors
                                                        diff --git a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudOPError.html b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudOPError.html index 01f635db..170df5b9 100644 --- a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudOPError.html +++ b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudOPError.html @@ -1,6 +1,6 @@ MonoCloudOPError | MonoCloud Authentication SDK
                                                        MonoCloud Authentication SDK
                                                          Preparing search index...

                                                          Class MonoCloudOPError

                                                          OAuth error returned by the authorization server during an authentication or token request.

                                                          These errors correspond to standard OAuth / OpenID Connect error responses such as invalid_request, access_denied, or invalid_grant.

                                                          -

                                                          Hierarchy

                                                          Index

                                                          Constructors

                                                          constructor +

                                                          Hierarchy

                                                          Index

                                                          Constructors

                                                          constructor

                                                          Properties

                                                          error errorDescription?

                                                          Constructors

                                                          Properties

                                                          error: string

                                                          OAuth error code returned by the authorization server.

                                                          diff --git a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudTokenError.html b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudTokenError.html index dcc63749..3edf050c 100644 --- a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudTokenError.html +++ b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudTokenError.html @@ -1,3 +1,3 @@ MonoCloudTokenError | MonoCloud Authentication SDK
                                                          MonoCloud Authentication SDK
                                                            Preparing search index...

                                                            Class MonoCloudTokenError

                                                            Error thrown when a token operation fails.

                                                            -

                                                            Hierarchy

                                                            Index

                                                            Constructors

                                                            constructor +

                                                            Hierarchy

                                                            Index

                                                            Constructors

                                                            constructor

                                                            Constructors

                                                            Settings

                                                            On This Page

                                                            Constructors
                                                            diff --git a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudValidationError.html b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudValidationError.html index 627fcb24..38d72764 100644 --- a/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudValidationError.html +++ b/docs/html/classes/_monocloud_auth-node-core.index.MonoCloudValidationError.html @@ -1,3 +1,3 @@ MonoCloudValidationError | MonoCloud Authentication SDK
                                                            MonoCloud Authentication SDK
                                                              Preparing search index...

                                                              Class MonoCloudValidationError

                                                              Error thrown when validation fails.

                                                              -

                                                              Hierarchy

                                                              Index

                                                              Constructors

                                                              constructor +

                                                              Hierarchy

                                                              Index

                                                              Constructors

                                                              constructor

                                                              Constructors

                                                              Settings

                                                              On This Page

                                                              Constructors
                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.decrypt.html b/docs/html/functions/_monocloud_auth-core.utils.decrypt.html index df72b6fa..402f34a8 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.decrypt.html +++ b/docs/html/functions/_monocloud_auth-core.utils.decrypt.html @@ -2,4 +2,4 @@

                                                              Parameters

                                                              • encrypted: string

                                                                The ciphertext to decrypt.

                                                              • secret: string

                                                                The secret used to derive the decryption key.

                                                              Returns Promise<string | undefined>

                                                              Decrypted plaintext string or undefined if decryption fails.

                                                              -

                                                              Settings

                                                              +

                                                              Settings

                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.decryptAuthState.html b/docs/html/functions/_monocloud_auth-core.utils.decryptAuthState.html index 996f7d35..c556a938 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.decryptAuthState.html +++ b/docs/html/functions/_monocloud_auth-core.utils.decryptAuthState.html @@ -3,4 +3,4 @@
                                                            • secret: string

                                                              The secret used for decryption.

                                                              • Returns Promise<T>

                                                              State object on success.

                                                              If decryption fails or the auth state has expired.

                                                              -

                                                              Settings

                                                              +

                                                              Settings

                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.decryptSession.html b/docs/html/functions/_monocloud_auth-core.utils.decryptSession.html index 484e1f84..73b671ba 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.decryptSession.html +++ b/docs/html/functions/_monocloud_auth-core.utils.decryptSession.html @@ -3,4 +3,4 @@
                                                            • secret: string

                                                              The secret used for decryption.

                                                              • Returns Promise<MonoCloudSession>

                                                              Session object on success.

                                                              If decryption fails or the session has expired.

                                                              -

                                                              Settings

                                                              +

                                                              Settings

                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.encrypt.html b/docs/html/functions/_monocloud_auth-core.utils.encrypt.html index 6fb106b2..4cf7b7d3 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.encrypt.html +++ b/docs/html/functions/_monocloud_auth-core.utils.encrypt.html @@ -2,4 +2,4 @@

                                                              Parameters

                                                              • data: string

                                                                The plaintext data to encrypt.

                                                              • secret: string

                                                                The secret used to derive the encryption key.

                                                              Returns Promise<string>

                                                              Base64-encoded ciphertext.

                                                              -

                                                              Settings

                                                              +

                                                              Settings

                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.encryptAuthState.html b/docs/html/functions/_monocloud_auth-core.utils.encryptAuthState.html index e256f770..1d0ed800 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.encryptAuthState.html +++ b/docs/html/functions/_monocloud_auth-core.utils.encryptAuthState.html @@ -3,4 +3,4 @@
                                                            • secret: string

                                                              The secret used for encryption.

                                                            • Optionalttl: number

                                                              Optional time-to-live in seconds, after which the auth state expires.

                                                              • Returns Promise<string>

                                                              Encrypted auth state string.

                                                              -

                                                              Settings

                                                              +

                                                              Settings

                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.encryptSession.html b/docs/html/functions/_monocloud_auth-core.utils.encryptSession.html index 88cdebfc..b9251b1b 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.encryptSession.html +++ b/docs/html/functions/_monocloud_auth-core.utils.encryptSession.html @@ -3,4 +3,4 @@
                                                            • secret: string

                                                              The secret used for encryption.

                                                            • Optionalttl: number

                                                              Optional time-to-live in seconds, after which the session expires.

                                                              • Returns Promise<string>

                                                              Encrypted session string.

                                                              -

                                                              Settings

                                                              +

                                                              Settings

                                                              diff --git a/docs/html/functions/_monocloud_auth-core.utils.generateNonce.html b/docs/html/functions/_monocloud_auth-core.utils.generateNonce.html index 3a8dacb3..cce1691b 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.generateNonce.html +++ b/docs/html/functions/_monocloud_auth-core.utils.generateNonce.html @@ -1,2 +1,2 @@ generateNonce | MonoCloud Authentication SDK
                                                              MonoCloud Authentication SDK
                                                                Preparing search index...

                                                                Function generateNonce

                                                                Settings

                                                                +

                                                                Returns string

                                                                Settings

                                                                diff --git a/docs/html/functions/_monocloud_auth-core.utils.generatePKCE.html b/docs/html/functions/_monocloud_auth-core.utils.generatePKCE.html index ad808e65..c78a4dda 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.generatePKCE.html +++ b/docs/html/functions/_monocloud_auth-core.utils.generatePKCE.html @@ -1,2 +1,2 @@ generatePKCE | MonoCloud Authentication SDK
                                                                MonoCloud Authentication SDK
                                                                  Preparing search index...

                                                                  Function generatePKCE

                                                                  • Generates a PKCE (Proof Key for Code Exchange) code verifier and code challenge.

                                                                    -

                                                                    Returns Promise<{ codeChallenge: string; codeVerifier: string }>

                                                                  Settings

                                                                  +

                                                                  Returns Promise<{ codeChallenge: string; codeVerifier: string }>

                                                                  Settings

                                                                  diff --git a/docs/html/functions/_monocloud_auth-core.utils.generateState.html b/docs/html/functions/_monocloud_auth-core.utils.generateState.html index 3971e273..9b61b579 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.generateState.html +++ b/docs/html/functions/_monocloud_auth-core.utils.generateState.html @@ -1,2 +1,2 @@ generateState | MonoCloud Authentication SDK
                                                                  MonoCloud Authentication SDK
                                                                    Preparing search index...

                                                                    Function generateState

                                                                    Settings

                                                                    +

                                                                    Returns string

                                                                    Settings

                                                                    diff --git a/docs/html/functions/_monocloud_auth-core.utils.isUserInGroup.html b/docs/html/functions/_monocloud_auth-core.utils.isUserInGroup.html index e94b6c4c..f6cd4c80 100644 --- a/docs/html/functions/_monocloud_auth-core.utils.isUserInGroup.html +++ b/docs/html/functions/_monocloud_auth-core.utils.isUserInGroup.html @@ -4,4 +4,4 @@
                                                                  • groupsClaim: string = 'groups'

                                                                    The claim in the user object that contains groups.

                                                                  • matchAll: boolean = false

                                                                    If true, requires the user to be in all specified groups; if false, checks if the user is in at least one of the groups.

                                                                    • Returns boolean

                                                                    true if the user is in the specified groups, false otherwise.

                                                                    -

                                                                    Settings

                                                                    +

                                                                    Settings

                                                                    diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.decrypt.html b/docs/html/functions/_monocloud_auth-js-core.utils.decrypt.html new file mode 100644 index 00000000..7d727849 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.decrypt.html @@ -0,0 +1,5 @@ +decrypt | MonoCloud Authentication SDK
                                                                    MonoCloud Authentication SDK
                                                                      Preparing search index...

                                                                      Function decrypt

                                                                      • Decrypts an encrypted string using a secret with AES-GCM.

                                                                        +

                                                                        Parameters

                                                                        • encrypted: string

                                                                          The ciphertext to decrypt.

                                                                          +
                                                                        • secret: string

                                                                          The secret used to derive the decryption key.

                                                                          +

                                                                        Returns Promise<string | undefined>

                                                                        Decrypted plaintext string or undefined if decryption fails.

                                                                        +

                                                                      Settings

                                                                      diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.decryptAuthState.html b/docs/html/functions/_monocloud_auth-js-core.utils.decryptAuthState.html new file mode 100644 index 00000000..580d5211 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.decryptAuthState.html @@ -0,0 +1,6 @@ +decryptAuthState | MonoCloud Authentication SDK
                                                                      MonoCloud Authentication SDK
                                                                        Preparing search index...

                                                                        Function decryptAuthState

                                                                        • Decrypts an encrypted AuthState.

                                                                          +

                                                                          Type Parameters

                                                                          Parameters

                                                                          • encryptedAuthState: string

                                                                            The encrypted auth state string to decrypt.

                                                                            +
                                                                          • secret: string

                                                                            The secret used for decryption.

                                                                            +

                                                                          Returns Promise<T>

                                                                          State object on success.

                                                                          +

                                                                          If decryption fails or the auth state has expired.

                                                                          +

                                                                        Settings

                                                                        diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.decryptSession.html b/docs/html/functions/_monocloud_auth-js-core.utils.decryptSession.html new file mode 100644 index 00000000..d56fb5d3 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.decryptSession.html @@ -0,0 +1,6 @@ +decryptSession | MonoCloud Authentication SDK
                                                                        MonoCloud Authentication SDK
                                                                          Preparing search index...

                                                                          Function decryptSession

                                                                          • Decrypts an encrypted MonoCloud session.

                                                                            +

                                                                            Parameters

                                                                            • encryptedSession: string

                                                                              The encrypted session string to decrypt.

                                                                              +
                                                                            • secret: string

                                                                              The secret used for decryption.

                                                                              +

                                                                            Returns Promise<MonoCloudSession>

                                                                            Session object on success.

                                                                            +

                                                                            If decryption fails or the session has expired.

                                                                            +

                                                                          Settings

                                                                          diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.encrypt.html b/docs/html/functions/_monocloud_auth-js-core.utils.encrypt.html new file mode 100644 index 00000000..833da589 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.encrypt.html @@ -0,0 +1,5 @@ +encrypt | MonoCloud Authentication SDK
                                                                          MonoCloud Authentication SDK
                                                                            Preparing search index...

                                                                            Function encrypt

                                                                            • Encrypts a given string using a secret with AES-GCM.

                                                                              +

                                                                              Parameters

                                                                              • data: string

                                                                                The plaintext data to encrypt.

                                                                                +
                                                                              • secret: string

                                                                                The secret used to derive the encryption key.

                                                                                +

                                                                              Returns Promise<string>

                                                                              Base64-encoded ciphertext.

                                                                              +

                                                                            Settings

                                                                            diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.encryptAuthState.html b/docs/html/functions/_monocloud_auth-js-core.utils.encryptAuthState.html new file mode 100644 index 00000000..8640710f --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.encryptAuthState.html @@ -0,0 +1,6 @@ +encryptAuthState | MonoCloud Authentication SDK
                                                                            MonoCloud Authentication SDK
                                                                              Preparing search index...

                                                                              Function encryptAuthState

                                                                              • Encrypts an AuthState object with a secret and optional time-to-live (TTL).

                                                                                +

                                                                                Type Parameters

                                                                                Parameters

                                                                                • authState: T

                                                                                  A type that extends the AuthState interface.

                                                                                  +
                                                                                • secret: string

                                                                                  The secret used for encryption.

                                                                                  +
                                                                                • Optionalttl: number

                                                                                  Optional time-to-live in seconds, after which the auth state expires.

                                                                                  +

                                                                                Returns Promise<string>

                                                                                Encrypted auth state string.

                                                                                +

                                                                              Settings

                                                                              diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.encryptSession.html b/docs/html/functions/_monocloud_auth-js-core.utils.encryptSession.html new file mode 100644 index 00000000..220f12e0 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.encryptSession.html @@ -0,0 +1,6 @@ +encryptSession | MonoCloud Authentication SDK
                                                                              MonoCloud Authentication SDK
                                                                                Preparing search index...

                                                                                Function encryptSession

                                                                                • Encrypts a MonoCloud session object with a secret and optional time-to-live (TTL).

                                                                                  +

                                                                                  Parameters

                                                                                  • session: MonoCloudSession

                                                                                    The session object to encrypt.

                                                                                    +
                                                                                  • secret: string

                                                                                    The secret used for encryption.

                                                                                    +
                                                                                  • Optionalttl: number

                                                                                    Optional time-to-live in seconds, after which the session expires.

                                                                                    +

                                                                                  Returns Promise<string>

                                                                                  Encrypted session string.

                                                                                  +

                                                                                Settings

                                                                                diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.generateNonce.html b/docs/html/functions/_monocloud_auth-js-core.utils.generateNonce.html new file mode 100644 index 00000000..2ae21b1a --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.generateNonce.html @@ -0,0 +1,2 @@ +generateNonce | MonoCloud Authentication SDK
                                                                                MonoCloud Authentication SDK
                                                                                  Preparing search index...

                                                                                  Function generateNonce

                                                                                  Settings

                                                                                  diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.generatePKCE.html b/docs/html/functions/_monocloud_auth-js-core.utils.generatePKCE.html new file mode 100644 index 00000000..8ef7be95 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.generatePKCE.html @@ -0,0 +1,2 @@ +generatePKCE | MonoCloud Authentication SDK
                                                                                  MonoCloud Authentication SDK
                                                                                    Preparing search index...

                                                                                    Function generatePKCE

                                                                                    • Generates a PKCE (Proof Key for Code Exchange) code verifier and code challenge.

                                                                                      +

                                                                                      Returns Promise<{ codeChallenge: string; codeVerifier: string }>

                                                                                    Settings

                                                                                    diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.generateState.html b/docs/html/functions/_monocloud_auth-js-core.utils.generateState.html new file mode 100644 index 00000000..9d28b563 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.generateState.html @@ -0,0 +1,2 @@ +generateState | MonoCloud Authentication SDK
                                                                                    MonoCloud Authentication SDK
                                                                                      Preparing search index...

                                                                                      Function generateState

                                                                                      Settings

                                                                                      diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.isUserInGroup.html b/docs/html/functions/_monocloud_auth-js-core.utils.isUserInGroup.html new file mode 100644 index 00000000..ac97e6cf --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.isUserInGroup.html @@ -0,0 +1,7 @@ +isUserInGroup | MonoCloud Authentication SDK
                                                                                      MonoCloud Authentication SDK
                                                                                        Preparing search index...

                                                                                        Function isUserInGroup

                                                                                        • Checks if a user is a member of a specified group or groups.

                                                                                          +

                                                                                          Parameters

                                                                                          • user: MonoCloudUser | IdTokenClaims

                                                                                            The user.

                                                                                            +
                                                                                          • groups: string[]

                                                                                            An array of group names or IDs to check membership against.

                                                                                            +
                                                                                          • groupsClaim: string = 'groups'

                                                                                            The claim in the user object that contains groups.

                                                                                            +
                                                                                          • matchAll: boolean = false

                                                                                            If true, requires the user to be in all specified groups; if false, checks if the user is in at least one of the groups.

                                                                                            +

                                                                                          Returns boolean

                                                                                          true if the user is in the specified groups, false otherwise.

                                                                                          +

                                                                                        Settings

                                                                                        diff --git a/docs/html/functions/_monocloud_auth-js-core.utils.parseCallbackParams.html b/docs/html/functions/_monocloud_auth-js-core.utils.parseCallbackParams.html new file mode 100644 index 00000000..e6d83733 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils.parseCallbackParams.html @@ -0,0 +1,2 @@ +parseCallbackParams | MonoCloud Authentication SDK
                                                                                        MonoCloud Authentication SDK
                                                                                          Preparing search index...

                                                                                          Function parseCallbackParams

                                                                                          Settings

                                                                                          diff --git a/docs/html/functions/_monocloud_auth-js-core.utils_internal.findToken.html b/docs/html/functions/_monocloud_auth-js-core.utils_internal.findToken.html new file mode 100644 index 00000000..1b3f2604 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils_internal.findToken.html @@ -0,0 +1,6 @@ +findToken | MonoCloud Authentication SDK
                                                                                          MonoCloud Authentication SDK
                                                                                            Preparing search index...

                                                                                            Function findToken

                                                                                            • Finds a specific access token in an array based on resource and scopes.

                                                                                              +

                                                                                              Parameters

                                                                                              • Optionaltokens: AccessToken[]

                                                                                                The array of access tokens.

                                                                                                +
                                                                                              • Optionalresource: string

                                                                                                Space-separated resource indicators.

                                                                                                +
                                                                                              • Optionalscopes: string

                                                                                                Space-separated scopes.

                                                                                                +

                                                                                              Returns AccessToken | undefined

                                                                                              The matching AccessToken, or undefined if not found.

                                                                                              +

                                                                                            Settings

                                                                                            diff --git a/docs/html/functions/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.html b/docs/html/functions/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.html new file mode 100644 index 00000000..77451364 --- /dev/null +++ b/docs/html/functions/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.html @@ -0,0 +1,6 @@ +getPublicSigKeyFromIssuerJwks | MonoCloud Authentication SDK
                                                                                            MonoCloud Authentication SDK
                                                                                              Preparing search index...

                                                                                              Function getPublicSigKeyFromIssuerJwks

                                                                                              • Retrieves a public CryptoKey from a JWK set based on the JWS header.

                                                                                                +

                                                                                                Parameters

                                                                                                • jwks: Jwk[]

                                                                                                  The set of JSON Web Keys.

                                                                                                  +
                                                                                                • header: JwsHeaderParameters

                                                                                                  The JWS header containing the algorithm and key ID.

                                                                                                  +

                                                                                                Returns Promise<CryptoKey>

                                                                                                A promise that resolves to the CryptoKey.

                                                                                                +

                                                                                                If no applicable key or multiple keys are found or the algorithm is unsupported.

                                                                                                +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.decrypt.html b/docs/html/functions/_monocloud_auth-node-core.utils.decrypt.html index 86f78f28..247ee483 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.decrypt.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.decrypt.html @@ -2,4 +2,4 @@

                                                                                              Parameters

                                                                                              • encrypted: string

                                                                                                The ciphertext to decrypt.

                                                                                              • secret: string

                                                                                                The secret used to derive the decryption key.

                                                                                              Returns Promise<string | undefined>

                                                                                              Decrypted plaintext string or undefined if decryption fails.

                                                                                              -

                                                                                              Settings

                                                                                              +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.decryptAuthState.html b/docs/html/functions/_monocloud_auth-node-core.utils.decryptAuthState.html index 9f6d7f25..d0c25568 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.decryptAuthState.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.decryptAuthState.html @@ -3,4 +3,4 @@
                                                                                            • secret: string

                                                                                              The secret used for decryption.

                                                                                              • Returns Promise<T>

                                                                                              State object on success.

                                                                                              If decryption fails or the auth state has expired.

                                                                                              -

                                                                                              Settings

                                                                                              +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.decryptSession.html b/docs/html/functions/_monocloud_auth-node-core.utils.decryptSession.html index a9221a2e..a67b2f48 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.decryptSession.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.decryptSession.html @@ -3,4 +3,4 @@
                                                                                            • secret: string

                                                                                              The secret used for decryption.

                                                                                              • Returns Promise<MonoCloudSession>

                                                                                              Session object on success.

                                                                                              If decryption fails or the session has expired.

                                                                                              -

                                                                                              Settings

                                                                                              +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.encrypt.html b/docs/html/functions/_monocloud_auth-node-core.utils.encrypt.html index dc693ed9..a77c5dfa 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.encrypt.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.encrypt.html @@ -2,4 +2,4 @@

                                                                                              Parameters

                                                                                              • data: string

                                                                                                The plaintext data to encrypt.

                                                                                              • secret: string

                                                                                                The secret used to derive the encryption key.

                                                                                              Returns Promise<string>

                                                                                              Base64-encoded ciphertext.

                                                                                              -

                                                                                              Settings

                                                                                              +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.encryptAuthState.html b/docs/html/functions/_monocloud_auth-node-core.utils.encryptAuthState.html index c13b1d0c..8f9c175d 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.encryptAuthState.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.encryptAuthState.html @@ -3,4 +3,4 @@
                                                                                            • secret: string

                                                                                              The secret used for encryption.

                                                                                            • Optionalttl: number

                                                                                              Optional time-to-live in seconds, after which the auth state expires.

                                                                                              • Returns Promise<string>

                                                                                              Encrypted auth state string.

                                                                                              -

                                                                                              Settings

                                                                                              +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.encryptSession.html b/docs/html/functions/_monocloud_auth-node-core.utils.encryptSession.html index 56a92a58..3a2fb7c8 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.encryptSession.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.encryptSession.html @@ -3,4 +3,4 @@
                                                                                            • secret: string

                                                                                              The secret used for encryption.

                                                                                            • Optionalttl: number

                                                                                              Optional time-to-live in seconds, after which the session expires.

                                                                                              • Returns Promise<string>

                                                                                              Encrypted session string.

                                                                                              -

                                                                                              Settings

                                                                                              +

                                                                                              Settings

                                                                                              diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.generateNonce.html b/docs/html/functions/_monocloud_auth-node-core.utils.generateNonce.html index 82669d78..e8d30161 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.generateNonce.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.generateNonce.html @@ -1,2 +1,2 @@ generateNonce | MonoCloud Authentication SDK
                                                                                              MonoCloud Authentication SDK
                                                                                                Preparing search index...

                                                                                                Function generateNonce

                                                                                                Settings

                                                                                                +

                                                                                                Returns string

                                                                                                Settings

                                                                                                diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.generatePKCE.html b/docs/html/functions/_monocloud_auth-node-core.utils.generatePKCE.html index dd041555..5d47a955 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.generatePKCE.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.generatePKCE.html @@ -1,2 +1,2 @@ generatePKCE | MonoCloud Authentication SDK
                                                                                                MonoCloud Authentication SDK
                                                                                                  Preparing search index...

                                                                                                  Function generatePKCE

                                                                                                  • Generates a PKCE (Proof Key for Code Exchange) code verifier and code challenge.

                                                                                                    -

                                                                                                    Returns Promise<{ codeChallenge: string; codeVerifier: string }>

                                                                                                  Settings

                                                                                                  +

                                                                                                  Returns Promise<{ codeChallenge: string; codeVerifier: string }>

                                                                                                  Settings

                                                                                                  diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.generateState.html b/docs/html/functions/_monocloud_auth-node-core.utils.generateState.html index 1b08e49e..2b128f23 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.generateState.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.generateState.html @@ -1,2 +1,2 @@ generateState | MonoCloud Authentication SDK
                                                                                                  MonoCloud Authentication SDK
                                                                                                    Preparing search index...

                                                                                                    Function generateState

                                                                                                    Settings

                                                                                                    +

                                                                                                    Returns string

                                                                                                    Settings

                                                                                                    diff --git a/docs/html/functions/_monocloud_auth-node-core.utils.isUserInGroup.html b/docs/html/functions/_monocloud_auth-node-core.utils.isUserInGroup.html index 057f4ddb..f4ce869b 100644 --- a/docs/html/functions/_monocloud_auth-node-core.utils.isUserInGroup.html +++ b/docs/html/functions/_monocloud_auth-node-core.utils.isUserInGroup.html @@ -4,4 +4,4 @@
                                                                                                  • groupsClaim: string = 'groups'

                                                                                                    The claim in the user object that contains groups.

                                                                                                  • matchAll: boolean = false

                                                                                                    If true, requires the user to be in all specified groups; if false, checks if the user is in at least one of the groups.

                                                                                                    • Returns boolean

                                                                                                    true if the user is in the specified groups, false otherwise.

                                                                                                    -

                                                                                                    Settings

                                                                                                    +

                                                                                                    Settings

                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-core.index.AccessToken.html b/docs/html/interfaces/_monocloud_auth-core.index.AccessToken.html index 06ead825..ce3810ab 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.AccessToken.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.AccessToken.html @@ -1,13 +1,13 @@ AccessToken | MonoCloud Authentication SDK
                                                                                                    MonoCloud Authentication SDK
                                                                                                      Preparing search index...

                                                                                                      Interface AccessToken

                                                                                                      Represents an OAuth 2.0 access token and its associated metadata.

                                                                                                      -
                                                                                                      interface AccessToken {
                                                                                                          accessToken: string;
                                                                                                          accessTokenExpiration: number;
                                                                                                          requestedScopes?: string;
                                                                                                          resource?: string;
                                                                                                          scopes: string;
                                                                                                      }
                                                                                                      Index

                                                                                                      Properties

                                                                                                      accessToken +
                                                                                                      interface AccessToken {
                                                                                                          accessToken: string;
                                                                                                          accessTokenExpiration: number;
                                                                                                          requestedScopes?: string;
                                                                                                          resource?: string;
                                                                                                          scopes: string;
                                                                                                      }
                                                                                                      Index

                                                                                                      Properties

                                                                                                      accessToken accessTokenExpiration requestedScopes? resource? scopes

                                                                                                      Properties

                                                                                                      accessToken: string

                                                                                                      The issued access token.

                                                                                                      -
                                                                                                      accessTokenExpiration: number

                                                                                                      The expiration time of the access token (Unix epoch, in seconds).

                                                                                                      -
                                                                                                      requestedScopes?: string

                                                                                                      Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                      -
                                                                                                      resource?: string

                                                                                                      Optional resource (audience) that the access token is scoped for.

                                                                                                      -
                                                                                                      scopes: string

                                                                                                      Space-separated list of scopes granted to the access token.

                                                                                                      +
                                                                                                      accessTokenExpiration: number

                                                                                                      The expiration time of the access token (Unix epoch, in seconds).

                                                                                                      +
                                                                                                      requestedScopes?: string

                                                                                                      Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                      +
                                                                                                      resource?: string

                                                                                                      Optional resource (audience) that the access token is scoped for.

                                                                                                      +
                                                                                                      scopes: string

                                                                                                      Space-separated list of scopes granted to the access token.

                                                                                                      These represent the effective permissions approved by the authorization server.

                                                                                                      -

                                                                                                      Settings

                                                                                                      On This Page

                                                                                                      Properties
                                                                                                      +

                                                                                                      Settings

                                                                                                      On This Page

                                                                                                      Properties
                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-core.index.Address.html b/docs/html/interfaces/_monocloud_auth-core.index.Address.html index 3a282162..20ffb372 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.Address.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.Address.html @@ -1,15 +1,15 @@ Address | MonoCloud Authentication SDK
                                                                                                      MonoCloud Authentication SDK
                                                                                                        Preparing search index...

                                                                                                        Interface Address

                                                                                                        Represents a postal address as defined by the OpenID Connect standard address claim.

                                                                                                        interface Address {
                                                                                                            country?: string;
                                                                                                            formatted?: string;
                                                                                                            locality?: string;
                                                                                                            postal_code?: string;
                                                                                                            region?: string;
                                                                                                            street_address?: string;
                                                                                                            [key: string]: unknown;
                                                                                                        }

                                                                                                        Indexable

                                                                                                        • [key: string]: unknown

                                                                                                          Additional provider-specific address fields.

                                                                                                          -
                                                                                                        Index

                                                                                                        Properties

                                                                                                        country? +
                                                                                                        Index

                                                                                                        Properties

                                                                                                        country? formatted? locality? postal_code? region? street_address?

                                                                                                        Properties

                                                                                                        country?: string

                                                                                                        Country name or ISO country code.

                                                                                                        -
                                                                                                        formatted?: string

                                                                                                        Full mailing address formatted for display or mailing labels.

                                                                                                        -
                                                                                                        locality?: string

                                                                                                        City or locality component.

                                                                                                        -
                                                                                                        postal_code?: string

                                                                                                        Postal or ZIP code.

                                                                                                        -
                                                                                                        region?: string

                                                                                                        State, province, or region component.

                                                                                                        -
                                                                                                        street_address?: string

                                                                                                        Full street address component, which may include house number, street name, apartment, suite, or unit information.

                                                                                                        -

                                                                                                        Settings

                                                                                                        On This Page

                                                                                                        Properties
                                                                                                        +
                                                                                                        formatted?: string

                                                                                                        Full mailing address formatted for display or mailing labels.

                                                                                                        +
                                                                                                        locality?: string

                                                                                                        City or locality component.

                                                                                                        +
                                                                                                        postal_code?: string

                                                                                                        Postal or ZIP code.

                                                                                                        +
                                                                                                        region?: string

                                                                                                        State, province, or region component.

                                                                                                        +
                                                                                                        street_address?: string

                                                                                                        Full street address component, which may include house number, street name, apartment, suite, or unit information.

                                                                                                        +

                                                                                                        Settings

                                                                                                        On This Page

                                                                                                        Properties
                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-core.index.AuthState.html b/docs/html/interfaces/_monocloud_auth-core.index.AuthState.html index c0f11845..5b8a4fd9 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.AuthState.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.AuthState.html @@ -1,14 +1,14 @@ AuthState | MonoCloud Authentication SDK
                                                                                                        MonoCloud Authentication SDK
                                                                                                          Preparing search index...

                                                                                                          Interface AuthState

                                                                                                          Represents the authentication transaction state stored between the authorization request and the callback.

                                                                                                          -
                                                                                                          interface AuthState {
                                                                                                              codeVerifier?: string;
                                                                                                              maxAge?: number;
                                                                                                              nonce: string;
                                                                                                              resource?: string;
                                                                                                              scopes: string;
                                                                                                              state: string;
                                                                                                          }
                                                                                                          Index

                                                                                                          Properties

                                                                                                          codeVerifier? +
                                                                                                          interface AuthState {
                                                                                                              codeVerifier?: string;
                                                                                                              maxAge?: number;
                                                                                                              nonce: string;
                                                                                                              resource?: string;
                                                                                                              scopes: string;
                                                                                                              state: string;
                                                                                                          }
                                                                                                          Index

                                                                                                          Properties

                                                                                                          codeVerifier? maxAge? nonce resource? scopes state

                                                                                                          Properties

                                                                                                          codeVerifier?: string

                                                                                                          Optional. PKCE code verifier used to validate the authorization code exchange.

                                                                                                          -
                                                                                                          maxAge?: number

                                                                                                          Optional. Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                          -
                                                                                                          nonce: string

                                                                                                          A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks.

                                                                                                          -
                                                                                                          resource?: string

                                                                                                          Optional. Space-separated list of resource indicators requested for the access token.

                                                                                                          -
                                                                                                          scopes: string

                                                                                                          Space-separated list of scopes requested during authorization.

                                                                                                          -
                                                                                                          state: string

                                                                                                          A unique value used to correlate the authorization request with the callback and protect against CSRF attacks.

                                                                                                          -

                                                                                                          Settings

                                                                                                          On This Page

                                                                                                          Properties
                                                                                                          +
                                                                                                          maxAge?: number

                                                                                                          Optional. Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                          +
                                                                                                          nonce: string

                                                                                                          A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks.

                                                                                                          +
                                                                                                          resource?: string

                                                                                                          Optional. Space-separated list of resource indicators requested for the access token.

                                                                                                          +
                                                                                                          scopes: string

                                                                                                          Space-separated list of scopes requested during authorization.

                                                                                                          +
                                                                                                          state: string

                                                                                                          A unique value used to correlate the authorization request with the callback and protect against CSRF attacks.

                                                                                                          +

                                                                                                          Settings

                                                                                                          On This Page

                                                                                                          Properties
                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-core.index.AuthenticateOptions.html b/docs/html/interfaces/_monocloud_auth-core.index.AuthenticateOptions.html index c9e04f77..3a4ba24f 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.AuthenticateOptions.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.AuthenticateOptions.html @@ -1,5 +1,5 @@ AuthenticateOptions | MonoCloud Authentication SDK
                                                                                                          MonoCloud Authentication SDK
                                                                                                            Preparing search index...

                                                                                                            Interface AuthenticateOptions

                                                                                                            Options used when authenticating a user via the Authorization Code flow.

                                                                                                            -
                                                                                                            interface AuthenticateOptions {
                                                                                                                codeVerifier?: string;
                                                                                                                fetchUserInfo?: boolean;
                                                                                                                filteredIdTokenClaims?: string[];
                                                                                                                idTokenClockSkew?: number;
                                                                                                                idTokenClockTolerance?: number;
                                                                                                                idTokenMaxAge?: number;
                                                                                                                idTokenNonce?: string;
                                                                                                                jwks?: Jwks;
                                                                                                                onSessionCreating?: OnSessionCreating;
                                                                                                                validateIdToken?: boolean;
                                                                                                            }
                                                                                                            Index

                                                                                                            Properties

                                                                                                            codeVerifier? +
                                                                                                            interface AuthenticateOptions {
                                                                                                                codeVerifier?: string;
                                                                                                                fetchUserInfo?: boolean;
                                                                                                                filteredIdTokenClaims?: string[];
                                                                                                                idTokenClockSkew?: number;
                                                                                                                idTokenClockTolerance?: number;
                                                                                                                idTokenMaxAge?: number;
                                                                                                                idTokenNonce?: string;
                                                                                                                jwks?: Jwks;
                                                                                                                onSessionCreating?: OnSessionCreating;
                                                                                                                validateIdToken?: boolean;
                                                                                                            }
                                                                                                            Index

                                                                                                            Properties

                                                                                                            codeVerifier? fetchUserInfo? filteredIdTokenClaims? idTokenClockSkew? @@ -10,20 +10,20 @@ onSessionCreating? validateIdToken?

                                                                                                            Properties

                                                                                                            codeVerifier?: string

                                                                                                            PKCE code verifier associated with the authorization request.

                                                                                                            -
                                                                                                            fetchUserInfo?: boolean

                                                                                                            When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

                                                                                                            +
                                                                                                            fetchUserInfo?: boolean

                                                                                                            When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

                                                                                                            false
                                                                                                            -
                                                                                                            filteredIdTokenClaims?: string[]

                                                                                                            List of ID token claims to remove before storing the session.

                                                                                                            -
                                                                                                            idTokenClockSkew?: number

                                                                                                            Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                            -
                                                                                                            idTokenClockTolerance?: number

                                                                                                            Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                            -
                                                                                                            idTokenMaxAge?: number

                                                                                                            Maximum allowed authentication age (in seconds) for the ID token.

                                                                                                            -
                                                                                                            idTokenNonce?: string

                                                                                                            Nonce value expected in the ID token. Used to prevent replay attacks.

                                                                                                            -
                                                                                                            jwks?: Jwks

                                                                                                            JSON Web Key Set used to validate the ID token signature.

                                                                                                            +
                                                                                                            filteredIdTokenClaims?: string[]

                                                                                                            List of ID token claims to remove before storing the session.

                                                                                                            +
                                                                                                            idTokenClockSkew?: number

                                                                                                            Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                            +
                                                                                                            idTokenClockTolerance?: number

                                                                                                            Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                            +
                                                                                                            idTokenMaxAge?: number

                                                                                                            Maximum allowed authentication age (in seconds) for the ID token.

                                                                                                            +
                                                                                                            idTokenNonce?: string

                                                                                                            Nonce value expected in the ID token. Used to prevent replay attacks.

                                                                                                            +
                                                                                                            jwks?: Jwks

                                                                                                            JSON Web Key Set used to validate the ID token signature.

                                                                                                            If not provided, the JWKS is automatically fetched from the authorization server metadata.

                                                                                                            -
                                                                                                            onSessionCreating?: OnSessionCreating

                                                                                                            Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                            -
                                                                                                            validateIdToken?: boolean

                                                                                                            Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                            +
                                                                                                            onSessionCreating?: OnSessionCreating

                                                                                                            Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                            +
                                                                                                            validateIdToken?: boolean

                                                                                                            Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                            true
                                                                                                            -

                                                                                                            Settings

                                                                                                            On This Page

                                                                                                            Properties
                                                                                                            +

                                                                                                            Settings

                                                                                                            On This Page

                                                                                                            Properties
                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-core.index.CallbackParams.html b/docs/html/interfaces/_monocloud_auth-core.index.CallbackParams.html index 6d4e14b7..90c38924 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.CallbackParams.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.CallbackParams.html @@ -1,20 +1,22 @@ CallbackParams | MonoCloud Authentication SDK
                                                                                                            MonoCloud Authentication SDK
                                                                                                              Preparing search index...

                                                                                                              Interface CallbackParams

                                                                                                              Parameters returned to the application after the authorization server redirects the user back to the callback URL.

                                                                                                              -
                                                                                                              interface CallbackParams {
                                                                                                                  accessToken?: string;
                                                                                                                  code?: string;
                                                                                                                  error?: string;
                                                                                                                  errorDescription?: string;
                                                                                                                  expiresIn?: number;
                                                                                                                  idToken?: string;
                                                                                                                  refreshToken?: string;
                                                                                                                  sessionState?: string;
                                                                                                                  state?: string;
                                                                                                              }
                                                                                                              Index

                                                                                                              Properties

                                                                                                              accessToken? +
                                                                                                              interface CallbackParams {
                                                                                                                  accessToken?: string;
                                                                                                                  code?: string;
                                                                                                                  error?: string;
                                                                                                                  errorDescription?: string;
                                                                                                                  expiresIn?: number;
                                                                                                                  idToken?: string;
                                                                                                                  refreshToken?: string;
                                                                                                                  scope?: string;
                                                                                                                  sessionState?: string;
                                                                                                                  state?: string;
                                                                                                              }
                                                                                                              Index

                                                                                                              Properties

                                                                                                              accessToken? code? error? errorDescription? expiresIn? idToken? refreshToken? +scope? sessionState? state?

                                                                                                              Properties

                                                                                                              accessToken?: string

                                                                                                              Access token returned directly by implicit or hybrid flows.

                                                                                                              -
                                                                                                              code?: string

                                                                                                              Authorization code returned when using the Authorization Code Flow.

                                                                                                              -
                                                                                                              error?: string

                                                                                                              Error code returned when authorization fails.

                                                                                                              +
                                                                                                              code?: string

                                                                                                              Authorization code returned when using the Authorization Code Flow.

                                                                                                              +
                                                                                                              error?: string

                                                                                                              Error code returned when authorization fails.

                                                                                                              errorDescription?: string

                                                                                                              Human-readable description providing additional information about the authorization error.

                                                                                                              expiresIn?: number

                                                                                                              Lifetime of the access token in seconds.

                                                                                                              -
                                                                                                              idToken?: string

                                                                                                              ID token issued by the authorization server.

                                                                                                              -
                                                                                                              refreshToken?: string

                                                                                                              Refresh token issued during authorization (if enabled).

                                                                                                              -
                                                                                                              sessionState?: string

                                                                                                              OIDC session state value used for session monitoring and front-channel session management.

                                                                                                              -
                                                                                                              state?: string

                                                                                                              The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks.

                                                                                                              -

                                                                                                              Settings

                                                                                                              On This Page

                                                                                                              Properties
                                                                                                              +
                                                                                                              idToken?: string

                                                                                                              ID token issued by the authorization server.

                                                                                                              +
                                                                                                              refreshToken?: string

                                                                                                              Refresh token issued during authorization (if enabled).

                                                                                                              +
                                                                                                              scope?: string

                                                                                                              Access token scopes (Implicit Flow)

                                                                                                              +
                                                                                                              sessionState?: string

                                                                                                              OIDC session state value used for session monitoring and front-channel session management.

                                                                                                              +
                                                                                                              state?: string

                                                                                                              The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks.

                                                                                                              +

                                                                                                              Settings

                                                                                                              On This Page

                                                                                                              Properties
                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-core.index.EndSessionParameters.html b/docs/html/interfaces/_monocloud_auth-core.index.EndSessionParameters.html index c8537be0..b9e4fb12 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.EndSessionParameters.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.EndSessionParameters.html @@ -1,9 +1,9 @@ EndSessionParameters | MonoCloud Authentication SDK
                                                                                                              MonoCloud Authentication SDK
                                                                                                                Preparing search index...

                                                                                                                Interface EndSessionParameters

                                                                                                                Parameters used to construct an OpenID Connect end-session (sign-out) request.

                                                                                                                -
                                                                                                                interface EndSessionParameters {
                                                                                                                    idToken?: string;
                                                                                                                    postLogoutRedirectUri?: string;
                                                                                                                    state?: string;
                                                                                                                }
                                                                                                                Index

                                                                                                                Properties

                                                                                                                idToken? +
                                                                                                                interface EndSessionParameters {
                                                                                                                    idToken?: string;
                                                                                                                    postLogoutRedirectUri?: string;
                                                                                                                    state?: string;
                                                                                                                }
                                                                                                                Index

                                                                                                                Properties

                                                                                                                idToken? postLogoutRedirectUri? state?

                                                                                                                Properties

                                                                                                                idToken?: string

                                                                                                                ID token hint identifying the session to terminate.

                                                                                                                When provided, the authorization server can use this value to determine which user session should be signed out.

                                                                                                                -
                                                                                                                postLogoutRedirectUri?: string

                                                                                                                The URL the authorization server should redirect the user to after a successful sign-out.

                                                                                                                -
                                                                                                                state?: string

                                                                                                                Optional state value returned to the application after sign-out.

                                                                                                                -

                                                                                                                Settings

                                                                                                                On This Page

                                                                                                                Properties
                                                                                                                +
                                                                                                                postLogoutRedirectUri?: string

                                                                                                                The URL the authorization server should redirect the user to after a successful sign-out.

                                                                                                                +
                                                                                                                state?: string

                                                                                                                Optional state value returned to the application after sign-out.

                                                                                                                +

                                                                                                                Settings

                                                                                                                On This Page

                                                                                                                Properties
                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-core.index.IdTokenClaims.html b/docs/html/interfaces/_monocloud_auth-core.index.IdTokenClaims.html index 0ecdb03c..764896a5 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.IdTokenClaims.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.IdTokenClaims.html @@ -1,6 +1,6 @@ IdTokenClaims | MonoCloud Authentication SDK
                                                                                                                MonoCloud Authentication SDK
                                                                                                                  Preparing search index...

                                                                                                                  Interface IdTokenClaims

                                                                                                                  Standard OpenID Connect ID Token claims.

                                                                                                                  -
                                                                                                                  interface IdTokenClaims {
                                                                                                                      acr?: string;
                                                                                                                      address?: Address;
                                                                                                                      amr?: string[];
                                                                                                                      at_hash?: string;
                                                                                                                      aud: string | string[];
                                                                                                                      auth_time?: number;
                                                                                                                      azp?: string;
                                                                                                                      birthdate?: string;
                                                                                                                      c_hash?: string;
                                                                                                                      email?: string;
                                                                                                                      email_verified?: boolean;
                                                                                                                      exp: number;
                                                                                                                      family_name?: string;
                                                                                                                      gender?: string;
                                                                                                                      given_name?: string;
                                                                                                                      groups?: Group[];
                                                                                                                      iat: number;
                                                                                                                      iss: string;
                                                                                                                      locale?: string;
                                                                                                                      middle_name?: string;
                                                                                                                      name?: string;
                                                                                                                      nickname?: string;
                                                                                                                      nonce?: string;
                                                                                                                      phone_number?: string;
                                                                                                                      phone_number_verified?: boolean;
                                                                                                                      picture?: string;
                                                                                                                      preferred_username?: string;
                                                                                                                      profile?: string;
                                                                                                                      s_hash?: string;
                                                                                                                      sub: string;
                                                                                                                      updated_at?: number;
                                                                                                                      website?: string;
                                                                                                                      zoneinfo?: string;
                                                                                                                      [key: string]: unknown;
                                                                                                                  }

                                                                                                                  Hierarchy

                                                                                                                  Indexable

                                                                                                                  • [key: string]: unknown

                                                                                                                    Additional custom or provider-specific claims.

                                                                                                                    -
                                                                                                                  Index

                                                                                                                  Properties

                                                                                                                  acr? +
                                                                                                                  interface IdTokenClaims {
                                                                                                                      acr?: string;
                                                                                                                      address?: Address;
                                                                                                                      amr?: string[];
                                                                                                                      at_hash?: string;
                                                                                                                      aud: string | string[];
                                                                                                                      auth_time?: number;
                                                                                                                      azp?: string;
                                                                                                                      birthdate?: string;
                                                                                                                      c_hash?: string;
                                                                                                                      email?: string;
                                                                                                                      email_verified?: boolean;
                                                                                                                      exp: number;
                                                                                                                      family_name?: string;
                                                                                                                      gender?: string;
                                                                                                                      given_name?: string;
                                                                                                                      groups?: Group[];
                                                                                                                      iat: number;
                                                                                                                      iss: string;
                                                                                                                      locale?: string;
                                                                                                                      middle_name?: string;
                                                                                                                      name?: string;
                                                                                                                      nickname?: string;
                                                                                                                      nonce?: string;
                                                                                                                      phone_number?: string;
                                                                                                                      phone_number_verified?: boolean;
                                                                                                                      picture?: string;
                                                                                                                      preferred_username?: string;
                                                                                                                      profile?: string;
                                                                                                                      s_hash?: string;
                                                                                                                      sub: string;
                                                                                                                      updated_at?: number;
                                                                                                                      website?: string;
                                                                                                                      zoneinfo?: string;
                                                                                                                      [key: string]: unknown;
                                                                                                                  }

                                                                                                                  Hierarchy

                                                                                                                  Indexable

                                                                                                                  • [key: string]: unknown

                                                                                                                    Additional custom or provider-specific claims.

                                                                                                                    +
                                                                                                                  Index

                                                                                                                  Properties

                                                                                                                  acr? address? amr? at_hash? @@ -34,36 +34,36 @@ website? zoneinfo?

                                                                                                                  Properties

                                                                                                                  acr?: string

                                                                                                                  Authentication Context Class Reference. Indicates the assurance level of the authentication performed.

                                                                                                                  -
                                                                                                                  address?: Address

                                                                                                                  Postal address.

                                                                                                                  -
                                                                                                                  amr?: string[]

                                                                                                                  Authentication Methods References. Lists the authentication methods used (for example: pwd, mfa, otp).

                                                                                                                  -
                                                                                                                  at_hash?: string

                                                                                                                  Access token hash. Used to validate access tokens returned alongside the ID token.

                                                                                                                  -
                                                                                                                  aud: string | string[]

                                                                                                                  Intended audience(s) of the ID token.

                                                                                                                  -
                                                                                                                  auth_time?: number

                                                                                                                  Time when the end-user authentication occurred (Unix epoch seconds).

                                                                                                                  -
                                                                                                                  azp?: string

                                                                                                                  Authorized party - identifies the client to which the ID token was issued.

                                                                                                                  -
                                                                                                                  birthdate?: string

                                                                                                                  Birthday.

                                                                                                                  -
                                                                                                                  c_hash?: string

                                                                                                                  Authorization code hash. Used to validate authorization codes returned with hybrid flows.

                                                                                                                  -
                                                                                                                  email?: string

                                                                                                                  Email address.

                                                                                                                  -
                                                                                                                  email_verified?: boolean

                                                                                                                  Whether the email address has been verified by the provider.

                                                                                                                  -
                                                                                                                  exp: number

                                                                                                                  Expiration time of the ID token (Unix epoch seconds).

                                                                                                                  -
                                                                                                                  family_name?: string

                                                                                                                  Surname(s) / last name.

                                                                                                                  -
                                                                                                                  gender?: string

                                                                                                                  Gender.

                                                                                                                  -
                                                                                                                  given_name?: string

                                                                                                                  Given name(s) / first name.

                                                                                                                  -
                                                                                                                  groups?: Group[]

                                                                                                                  Group memberships for the user.

                                                                                                                  -
                                                                                                                  iat: number

                                                                                                                  Time at which the ID token was issued (Unix epoch seconds).

                                                                                                                  -
                                                                                                                  iss: string

                                                                                                                  Issuer identifier - the authorization server that issued the token.

                                                                                                                  -
                                                                                                                  locale?: string

                                                                                                                  Locale.

                                                                                                                  -
                                                                                                                  middle_name?: string

                                                                                                                  Middle name(s).

                                                                                                                  -
                                                                                                                  name?: string

                                                                                                                  Full name of the user (e.g. "Jane Doe").

                                                                                                                  -
                                                                                                                  nickname?: string

                                                                                                                  Casual name used by the user.

                                                                                                                  -
                                                                                                                  nonce?: string

                                                                                                                  Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks.

                                                                                                                  -
                                                                                                                  phone_number?: string

                                                                                                                  Phone number (formatted in E.164 standard).

                                                                                                                  -
                                                                                                                  phone_number_verified?: boolean

                                                                                                                  Whether the phone number has been verified by the provider.

                                                                                                                  -
                                                                                                                  picture?: string

                                                                                                                  URL of the user's profile picture.

                                                                                                                  -
                                                                                                                  preferred_username?: string

                                                                                                                  Preferred username.

                                                                                                                  -
                                                                                                                  profile?: string

                                                                                                                  URL of the user's profile page.

                                                                                                                  -
                                                                                                                  s_hash?: string

                                                                                                                  State hash (used in some hybrid flow validations).

                                                                                                                  -
                                                                                                                  sub: string

                                                                                                                  Subject identifier — uniquely identifies the authenticated user.

                                                                                                                  -
                                                                                                                  updated_at?: number

                                                                                                                  Time the user's information was last updated (seconds since epoch).

                                                                                                                  -
                                                                                                                  website?: string

                                                                                                                  URL of the user's website.

                                                                                                                  -
                                                                                                                  zoneinfo?: string

                                                                                                                  Time zone name.

                                                                                                                  -

                                                                                                                  Settings

                                                                                                                  On This Page

                                                                                                                  Properties
                                                                                                                  +
                                                                                                                  address?: Address

                                                                                                                  Postal address.

                                                                                                                  +
                                                                                                                  amr?: string[]

                                                                                                                  Authentication Methods References. Lists the authentication methods used (for example: pwd, mfa, otp).

                                                                                                                  +
                                                                                                                  at_hash?: string

                                                                                                                  Access token hash. Used to validate access tokens returned alongside the ID token.

                                                                                                                  +
                                                                                                                  aud: string | string[]

                                                                                                                  Intended audience(s) of the ID token.

                                                                                                                  +
                                                                                                                  auth_time?: number

                                                                                                                  Time when the end-user authentication occurred (Unix epoch seconds).

                                                                                                                  +
                                                                                                                  azp?: string

                                                                                                                  Authorized party - identifies the client to which the ID token was issued.

                                                                                                                  +
                                                                                                                  birthdate?: string

                                                                                                                  Birthday.

                                                                                                                  +
                                                                                                                  c_hash?: string

                                                                                                                  Authorization code hash. Used to validate authorization codes returned with hybrid flows.

                                                                                                                  +
                                                                                                                  email?: string

                                                                                                                  Email address.

                                                                                                                  +
                                                                                                                  email_verified?: boolean

                                                                                                                  Whether the email address has been verified by the provider.

                                                                                                                  +
                                                                                                                  exp: number

                                                                                                                  Expiration time of the ID token (Unix epoch seconds).

                                                                                                                  +
                                                                                                                  family_name?: string

                                                                                                                  Surname(s) / last name.

                                                                                                                  +
                                                                                                                  gender?: string

                                                                                                                  Gender.

                                                                                                                  +
                                                                                                                  given_name?: string

                                                                                                                  Given name(s) / first name.

                                                                                                                  +
                                                                                                                  groups?: Group[]

                                                                                                                  Group memberships for the user.

                                                                                                                  +
                                                                                                                  iat: number

                                                                                                                  Time at which the ID token was issued (Unix epoch seconds).

                                                                                                                  +
                                                                                                                  iss: string

                                                                                                                  Issuer identifier - the authorization server that issued the token.

                                                                                                                  +
                                                                                                                  locale?: string

                                                                                                                  Locale.

                                                                                                                  +
                                                                                                                  middle_name?: string

                                                                                                                  Middle name(s).

                                                                                                                  +
                                                                                                                  name?: string

                                                                                                                  Full name of the user (e.g. "Jane Doe").

                                                                                                                  +
                                                                                                                  nickname?: string

                                                                                                                  Casual name used by the user.

                                                                                                                  +
                                                                                                                  nonce?: string

                                                                                                                  Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks.

                                                                                                                  +
                                                                                                                  phone_number?: string

                                                                                                                  Phone number (formatted in E.164 standard).

                                                                                                                  +
                                                                                                                  phone_number_verified?: boolean

                                                                                                                  Whether the phone number has been verified by the provider.

                                                                                                                  +
                                                                                                                  picture?: string

                                                                                                                  URL of the user's profile picture.

                                                                                                                  +
                                                                                                                  preferred_username?: string

                                                                                                                  Preferred username.

                                                                                                                  +
                                                                                                                  profile?: string

                                                                                                                  URL of the user's profile page.

                                                                                                                  +
                                                                                                                  s_hash?: string

                                                                                                                  State hash (used in some hybrid flow validations).

                                                                                                                  +
                                                                                                                  sub: string

                                                                                                                  Subject identifier — uniquely identifies the authenticated user.

                                                                                                                  +
                                                                                                                  updated_at?: number

                                                                                                                  Time the user's information was last updated (seconds since epoch).

                                                                                                                  +
                                                                                                                  website?: string

                                                                                                                  URL of the user's website.

                                                                                                                  +
                                                                                                                  zoneinfo?: string

                                                                                                                  Time zone name.

                                                                                                                  +

                                                                                                                  Settings

                                                                                                                  On This Page

                                                                                                                  Properties
                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-core.index.IssuerMetadata.html b/docs/html/interfaces/_monocloud_auth-core.index.IssuerMetadata.html index ac49e647..0d2e8b0f 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.IssuerMetadata.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.IssuerMetadata.html @@ -1,5 +1,5 @@ IssuerMetadata | MonoCloud Authentication SDK
                                                                                                                  MonoCloud Authentication SDK
                                                                                                                    Preparing search index...

                                                                                                                    Interface IssuerMetadata

                                                                                                                    OpenID Connect Discovery metadata published by the authorization server.

                                                                                                                    -
                                                                                                                    interface IssuerMetadata {
                                                                                                                        authorization_endpoint: string;
                                                                                                                        backchannel_logout_session_supported: boolean;
                                                                                                                        backchannel_logout_supported: boolean;
                                                                                                                        check_session_iframe: string;
                                                                                                                        claims_supported: string[];
                                                                                                                        code_challenge_methods_supported: string[];
                                                                                                                        device_authorization_endpoint: string;
                                                                                                                        end_session_endpoint: string;
                                                                                                                        frontchannel_logout_session_supported: boolean;
                                                                                                                        frontchannel_logout_supported: boolean;
                                                                                                                        grant_types_supported: string[];
                                                                                                                        id_token_signing_alg_values_supported: string[];
                                                                                                                        introspection_endpoint: string;
                                                                                                                        issuer: string;
                                                                                                                        jwks_uri: string;
                                                                                                                        pushed_authorization_request_endpoint?: string;
                                                                                                                        request_object_signing_alg_values_supported: string[];
                                                                                                                        request_parameter_supported: boolean;
                                                                                                                        request_uri_parameter_supported: boolean;
                                                                                                                        require_pushed_authorization_requests: boolean;
                                                                                                                        response_modes_supported: string[];
                                                                                                                        response_types_supported: string[];
                                                                                                                        revocation_endpoint: string;
                                                                                                                        scopes_supported: string[];
                                                                                                                        subject_types_supported: string[];
                                                                                                                        token_endpoint: string;
                                                                                                                        token_endpoint_auth_methods_supported: string[];
                                                                                                                        userinfo_endpoint: string;
                                                                                                                    }
                                                                                                                    Index

                                                                                                                    Properties

                                                                                                                    authorization_endpoint +
                                                                                                                    interface IssuerMetadata {
                                                                                                                        authorization_endpoint: string;
                                                                                                                        backchannel_logout_session_supported: boolean;
                                                                                                                        backchannel_logout_supported: boolean;
                                                                                                                        check_session_iframe: string;
                                                                                                                        claims_supported: string[];
                                                                                                                        code_challenge_methods_supported: string[];
                                                                                                                        device_authorization_endpoint: string;
                                                                                                                        end_session_endpoint: string;
                                                                                                                        frontchannel_logout_session_supported: boolean;
                                                                                                                        frontchannel_logout_supported: boolean;
                                                                                                                        grant_types_supported: string[];
                                                                                                                        id_token_signing_alg_values_supported: string[];
                                                                                                                        introspection_endpoint: string;
                                                                                                                        issuer: string;
                                                                                                                        jwks_uri: string;
                                                                                                                        pushed_authorization_request_endpoint?: string;
                                                                                                                        request_object_signing_alg_values_supported: string[];
                                                                                                                        request_parameter_supported: boolean;
                                                                                                                        request_uri_parameter_supported: boolean;
                                                                                                                        require_pushed_authorization_requests: boolean;
                                                                                                                        response_modes_supported: string[];
                                                                                                                        response_types_supported: string[];
                                                                                                                        revocation_endpoint: string;
                                                                                                                        scopes_supported: string[];
                                                                                                                        subject_types_supported: string[];
                                                                                                                        token_endpoint: string;
                                                                                                                        token_endpoint_auth_methods_supported: string[];
                                                                                                                        userinfo_endpoint: string;
                                                                                                                    }
                                                                                                                    Index

                                                                                                                    Properties

                                                                                                                    authorization_endpoint backchannel_logout_session_supported backchannel_logout_supported check_session_iframe @@ -28,31 +28,31 @@ token_endpoint_auth_methods_supported userinfo_endpoint

                                                                                                                    Properties

                                                                                                                    authorization_endpoint: string

                                                                                                                    Authorization endpoint used to initiate authentication requests.

                                                                                                                    -
                                                                                                                    backchannel_logout_session_supported: boolean

                                                                                                                    Indicates back-channel logout session support.

                                                                                                                    -
                                                                                                                    backchannel_logout_supported: boolean

                                                                                                                    Indicates support for back-channel logout.

                                                                                                                    -
                                                                                                                    check_session_iframe: string

                                                                                                                    Session management iframe endpoint.

                                                                                                                    -
                                                                                                                    claims_supported: string[]

                                                                                                                    Claims that may be returned in tokens or UserInfo responses.

                                                                                                                    -
                                                                                                                    code_challenge_methods_supported: string[]

                                                                                                                    Supported PKCE code challenge methods.

                                                                                                                    -
                                                                                                                    device_authorization_endpoint: string

                                                                                                                    Device Authorization Grant endpoint.

                                                                                                                    -
                                                                                                                    end_session_endpoint: string

                                                                                                                    End-session endpoint used to initiate logout.

                                                                                                                    -
                                                                                                                    frontchannel_logout_session_supported: boolean

                                                                                                                    Indicates front-channel logout session support.

                                                                                                                    -
                                                                                                                    frontchannel_logout_supported: boolean

                                                                                                                    Indicates support for front-channel logout.

                                                                                                                    -
                                                                                                                    grant_types_supported: string[]

                                                                                                                    Supported OAuth grant types.

                                                                                                                    -
                                                                                                                    id_token_signing_alg_values_supported: string[]

                                                                                                                    Supported signing algorithms for ID tokens.

                                                                                                                    -
                                                                                                                    introspection_endpoint: string

                                                                                                                    Token introspection endpoint.

                                                                                                                    -
                                                                                                                    issuer: string

                                                                                                                    The issuer identifier for the authorization server.

                                                                                                                    -
                                                                                                                    jwks_uri: string

                                                                                                                    JSON Web Key Set (JWKS) endpoint used to obtain signing keys.

                                                                                                                    -
                                                                                                                    pushed_authorization_request_endpoint?: string

                                                                                                                    Pushed Authorization Request (PAR) endpoint.

                                                                                                                    -
                                                                                                                    request_object_signing_alg_values_supported: string[]

                                                                                                                    Supported signing algorithms for request objects.

                                                                                                                    -
                                                                                                                    request_parameter_supported: boolean

                                                                                                                    Indicates support for request objects passed by value.

                                                                                                                    -
                                                                                                                    request_uri_parameter_supported: boolean

                                                                                                                    Indicates support for request objects passed by reference (request_uri).

                                                                                                                    -
                                                                                                                    require_pushed_authorization_requests: boolean

                                                                                                                    Indicates whether PAR is required for authorization requests.

                                                                                                                    -
                                                                                                                    response_modes_supported: string[]

                                                                                                                    Supported response modes.

                                                                                                                    -
                                                                                                                    response_types_supported: string[]

                                                                                                                    Supported OAuth/OIDC response types.

                                                                                                                    -
                                                                                                                    revocation_endpoint: string

                                                                                                                    Token revocation endpoint.

                                                                                                                    -
                                                                                                                    scopes_supported: string[]

                                                                                                                    OAuth scopes supported by the authorization server.

                                                                                                                    -
                                                                                                                    subject_types_supported: string[]

                                                                                                                    Supported subject identifier types.

                                                                                                                    -
                                                                                                                    token_endpoint: string

                                                                                                                    Token endpoint used to exchange authorization codes for tokens.

                                                                                                                    -
                                                                                                                    token_endpoint_auth_methods_supported: string[]

                                                                                                                    Supported authentication methods for the token endpoint.

                                                                                                                    -
                                                                                                                    userinfo_endpoint: string

                                                                                                                    UserInfo endpoint used to retrieve user profile claims.

                                                                                                                    -

                                                                                                                    Settings

                                                                                                                    On This Page

                                                                                                                    Properties
                                                                                                                    +
                                                                                                                    backchannel_logout_session_supported: boolean

                                                                                                                    Indicates back-channel logout session support.

                                                                                                                    +
                                                                                                                    backchannel_logout_supported: boolean

                                                                                                                    Indicates support for back-channel logout.

                                                                                                                    +
                                                                                                                    check_session_iframe: string

                                                                                                                    Session management iframe endpoint.

                                                                                                                    +
                                                                                                                    claims_supported: string[]

                                                                                                                    Claims that may be returned in tokens or UserInfo responses.

                                                                                                                    +
                                                                                                                    code_challenge_methods_supported: string[]

                                                                                                                    Supported PKCE code challenge methods.

                                                                                                                    +
                                                                                                                    device_authorization_endpoint: string

                                                                                                                    Device Authorization Grant endpoint.

                                                                                                                    +
                                                                                                                    end_session_endpoint: string

                                                                                                                    End-session endpoint used to initiate logout.

                                                                                                                    +
                                                                                                                    frontchannel_logout_session_supported: boolean

                                                                                                                    Indicates front-channel logout session support.

                                                                                                                    +
                                                                                                                    frontchannel_logout_supported: boolean

                                                                                                                    Indicates support for front-channel logout.

                                                                                                                    +
                                                                                                                    grant_types_supported: string[]

                                                                                                                    Supported OAuth grant types.

                                                                                                                    +
                                                                                                                    id_token_signing_alg_values_supported: string[]

                                                                                                                    Supported signing algorithms for ID tokens.

                                                                                                                    +
                                                                                                                    introspection_endpoint: string

                                                                                                                    Token introspection endpoint.

                                                                                                                    +
                                                                                                                    issuer: string

                                                                                                                    The issuer identifier for the authorization server.

                                                                                                                    +
                                                                                                                    jwks_uri: string

                                                                                                                    JSON Web Key Set (JWKS) endpoint used to obtain signing keys.

                                                                                                                    +
                                                                                                                    pushed_authorization_request_endpoint?: string

                                                                                                                    Pushed Authorization Request (PAR) endpoint.

                                                                                                                    +
                                                                                                                    request_object_signing_alg_values_supported: string[]

                                                                                                                    Supported signing algorithms for request objects.

                                                                                                                    +
                                                                                                                    request_parameter_supported: boolean

                                                                                                                    Indicates support for request objects passed by value.

                                                                                                                    +
                                                                                                                    request_uri_parameter_supported: boolean

                                                                                                                    Indicates support for request objects passed by reference (request_uri).

                                                                                                                    +
                                                                                                                    require_pushed_authorization_requests: boolean

                                                                                                                    Indicates whether PAR is required for authorization requests.

                                                                                                                    +
                                                                                                                    response_modes_supported: string[]

                                                                                                                    Supported response modes.

                                                                                                                    +
                                                                                                                    response_types_supported: string[]

                                                                                                                    Supported OAuth/OIDC response types.

                                                                                                                    +
                                                                                                                    revocation_endpoint: string

                                                                                                                    Token revocation endpoint.

                                                                                                                    +
                                                                                                                    scopes_supported: string[]

                                                                                                                    OAuth scopes supported by the authorization server.

                                                                                                                    +
                                                                                                                    subject_types_supported: string[]

                                                                                                                    Supported subject identifier types.

                                                                                                                    +
                                                                                                                    token_endpoint: string

                                                                                                                    Token endpoint used to exchange authorization codes for tokens.

                                                                                                                    +
                                                                                                                    token_endpoint_auth_methods_supported: string[]

                                                                                                                    Supported authentication methods for the token endpoint.

                                                                                                                    +
                                                                                                                    userinfo_endpoint: string

                                                                                                                    UserInfo endpoint used to retrieve user profile claims.

                                                                                                                    +

                                                                                                                    Settings

                                                                                                                    On This Page

                                                                                                                    Properties
                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-core.index.Jwk.html b/docs/html/interfaces/_monocloud_auth-core.index.Jwk.html index 1ceb9090..dbb1e4bd 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.Jwk.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.Jwk.html @@ -1,7 +1,7 @@ Jwk | MonoCloud Authentication SDK
                                                                                                                    MonoCloud Authentication SDK
                                                                                                                      Preparing search index...

                                                                                                                      Interface Jwk

                                                                                                                      Represents a JSON Web Key (JWK) as defined by RFC 7517.

                                                                                                                      A JWK describes a cryptographic key used to verify or encrypt JSON Web Tokens (JWTs) as obtained from the JWKS (JSON Web Key Set) endpoint exposed by the authorization server.

                                                                                                                      The available properties depend on the key type (kty).

                                                                                                                      -
                                                                                                                      interface Jwk {
                                                                                                                          alg?: string;
                                                                                                                          crv?: string;
                                                                                                                          d?: string;
                                                                                                                          dp?: string;
                                                                                                                          dq?: string;
                                                                                                                          e?: string;
                                                                                                                          ext?: boolean;
                                                                                                                          k?: string;
                                                                                                                          key_ops?: string[];
                                                                                                                          kid?: string;
                                                                                                                          kty: string;
                                                                                                                          n?: string;
                                                                                                                          oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                          p?: string;
                                                                                                                          q?: string;
                                                                                                                          qi?: string;
                                                                                                                          use?: string;
                                                                                                                          x?: string;
                                                                                                                          x5c?: string[];
                                                                                                                          x5t?: string;
                                                                                                                          "x5t#S256"?: string;
                                                                                                                          x5u?: string;
                                                                                                                          y?: string;
                                                                                                                      }
                                                                                                                      Index

                                                                                                                      Properties

                                                                                                                      alg? +
                                                                                                                      interface Jwk {
                                                                                                                          alg?: string;
                                                                                                                          crv?: string;
                                                                                                                          d?: string;
                                                                                                                          dp?: string;
                                                                                                                          dq?: string;
                                                                                                                          e?: string;
                                                                                                                          ext?: boolean;
                                                                                                                          k?: string;
                                                                                                                          key_ops?: string[];
                                                                                                                          kid?: string;
                                                                                                                          kty: string;
                                                                                                                          n?: string;
                                                                                                                          oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                          p?: string;
                                                                                                                          q?: string;
                                                                                                                          qi?: string;
                                                                                                                          use?: string;
                                                                                                                          x?: string;
                                                                                                                          x5c?: string[];
                                                                                                                          x5t?: string;
                                                                                                                          "x5t#S256"?: string;
                                                                                                                          x5u?: string;
                                                                                                                          y?: string;
                                                                                                                      }
                                                                                                                      Index

                                                                                                                      Properties

                                                                                                                      alg? crv? d? dp? @@ -25,26 +25,26 @@ x5u? y?

                                                                                                                      Properties

                                                                                                                      alg?: string

                                                                                                                      Intended algorithm for the key (for example: RS256).

                                                                                                                      -
                                                                                                                      crv?: string

                                                                                                                      Elliptic curve name (for example: P-256).

                                                                                                                      -
                                                                                                                      d?: string

                                                                                                                      RSA private exponent.

                                                                                                                      -
                                                                                                                      dp?: string

                                                                                                                      RSA first factor CRT exponent.

                                                                                                                      -
                                                                                                                      dq?: string

                                                                                                                      RSA second factor CRT exponent.

                                                                                                                      -
                                                                                                                      e?: string

                                                                                                                      RSA public exponent.

                                                                                                                      -
                                                                                                                      ext?: boolean

                                                                                                                      Indicates whether the key is extractable.

                                                                                                                      -
                                                                                                                      k?: string

                                                                                                                      Symmetric key value (base64url encoded).

                                                                                                                      -
                                                                                                                      key_ops?: string[]

                                                                                                                      Allowed operations for the key (e.g. sign, verify, encrypt).

                                                                                                                      -
                                                                                                                      kid?: string

                                                                                                                      Key identifier used to match keys during verification.

                                                                                                                      -
                                                                                                                      kty: string

                                                                                                                      Key type (for example: RSA, or EC).

                                                                                                                      -
                                                                                                                      n?: string

                                                                                                                      RSA modulus.

                                                                                                                      -
                                                                                                                      oth?: { d?: string; r?: string; t?: string }[]

                                                                                                                      Additional prime information (multi-prime RSA).

                                                                                                                      -
                                                                                                                      p?: string

                                                                                                                      RSA first prime factor.

                                                                                                                      -
                                                                                                                      q?: string

                                                                                                                      RSA second prime factor.

                                                                                                                      -
                                                                                                                      qi?: string

                                                                                                                      RSA CRT coefficient.

                                                                                                                      -
                                                                                                                      use?: string

                                                                                                                      Public key use (sig for signature or enc for encryption).

                                                                                                                      -
                                                                                                                      x?: string

                                                                                                                      X coordinate for EC public keys.

                                                                                                                      -
                                                                                                                      x5c?: string[]

                                                                                                                      X.509 certificate chain.

                                                                                                                      -
                                                                                                                      x5t?: string

                                                                                                                      X.509 certificate SHA-1 thumbprint.

                                                                                                                      -
                                                                                                                      "x5t#S256"?: string

                                                                                                                      X.509 certificate SHA-256 thumbprint.

                                                                                                                      -
                                                                                                                      x5u?: string

                                                                                                                      URL referencing the X.509 certificate.

                                                                                                                      -
                                                                                                                      y?: string

                                                                                                                      Y coordinate for EC public keys.

                                                                                                                      -

                                                                                                                      Settings

                                                                                                                      On This Page

                                                                                                                      Properties
                                                                                                                      +
                                                                                                                      crv?: string

                                                                                                                      Elliptic curve name (for example: P-256).

                                                                                                                      +
                                                                                                                      d?: string

                                                                                                                      RSA private exponent.

                                                                                                                      +
                                                                                                                      dp?: string

                                                                                                                      RSA first factor CRT exponent.

                                                                                                                      +
                                                                                                                      dq?: string

                                                                                                                      RSA second factor CRT exponent.

                                                                                                                      +
                                                                                                                      e?: string

                                                                                                                      RSA public exponent.

                                                                                                                      +
                                                                                                                      ext?: boolean

                                                                                                                      Indicates whether the key is extractable.

                                                                                                                      +
                                                                                                                      k?: string

                                                                                                                      Symmetric key value (base64url encoded).

                                                                                                                      +
                                                                                                                      key_ops?: string[]

                                                                                                                      Allowed operations for the key (e.g. sign, verify, encrypt).

                                                                                                                      +
                                                                                                                      kid?: string

                                                                                                                      Key identifier used to match keys during verification.

                                                                                                                      +
                                                                                                                      kty: string

                                                                                                                      Key type (for example: RSA, or EC).

                                                                                                                      +
                                                                                                                      n?: string

                                                                                                                      RSA modulus.

                                                                                                                      +
                                                                                                                      oth?: { d?: string; r?: string; t?: string }[]

                                                                                                                      Additional prime information (multi-prime RSA).

                                                                                                                      +
                                                                                                                      p?: string

                                                                                                                      RSA first prime factor.

                                                                                                                      +
                                                                                                                      q?: string

                                                                                                                      RSA second prime factor.

                                                                                                                      +
                                                                                                                      qi?: string

                                                                                                                      RSA CRT coefficient.

                                                                                                                      +
                                                                                                                      use?: string

                                                                                                                      Public key use (sig for signature or enc for encryption).

                                                                                                                      +
                                                                                                                      x?: string

                                                                                                                      X coordinate for EC public keys.

                                                                                                                      +
                                                                                                                      x5c?: string[]

                                                                                                                      X.509 certificate chain.

                                                                                                                      +
                                                                                                                      x5t?: string

                                                                                                                      X.509 certificate SHA-1 thumbprint.

                                                                                                                      +
                                                                                                                      "x5t#S256"?: string

                                                                                                                      X.509 certificate SHA-256 thumbprint.

                                                                                                                      +
                                                                                                                      x5u?: string

                                                                                                                      URL referencing the X.509 certificate.

                                                                                                                      +
                                                                                                                      y?: string

                                                                                                                      Y coordinate for EC public keys.

                                                                                                                      +

                                                                                                                      Settings

                                                                                                                      On This Page

                                                                                                                      Properties
                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-core.index.Jwks.html b/docs/html/interfaces/_monocloud_auth-core.index.Jwks.html index 2a4a943e..1ad9e03c 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.Jwks.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.Jwks.html @@ -1,5 +1,5 @@ Jwks | MonoCloud Authentication SDK
                                                                                                                      MonoCloud Authentication SDK
                                                                                                                        Preparing search index...

                                                                                                                        Interface Jwks

                                                                                                                        Represents a JSON Web Key Set (JWKS).

                                                                                                                        A JWKS is a collection of public JSON Web Keys used to verify signatures of JSON Web Tokens (JWTs).

                                                                                                                        -
                                                                                                                        interface Jwks {
                                                                                                                            keys: Jwk[];
                                                                                                                        }
                                                                                                                        Index

                                                                                                                        Properties

                                                                                                                        keys +
                                                                                                                        interface Jwks {
                                                                                                                            keys: Jwk[];
                                                                                                                        }
                                                                                                                        Index

                                                                                                                        Properties

                                                                                                                        keys

                                                                                                                        Properties

                                                                                                                        keys: Jwk[]

                                                                                                                        The list of public keys contained in this key set.

                                                                                                                        -

                                                                                                                        Settings

                                                                                                                        On This Page

                                                                                                                        Properties
                                                                                                                        +

                                                                                                                        Settings

                                                                                                                        On This Page

                                                                                                                        Properties
                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-core.index.JwsHeaderParameters.html b/docs/html/interfaces/_monocloud_auth-core.index.JwsHeaderParameters.html index 977885ef..f21343f3 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.JwsHeaderParameters.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.JwsHeaderParameters.html @@ -1,12 +1,12 @@ JwsHeaderParameters | MonoCloud Authentication SDK
                                                                                                                        MonoCloud Authentication SDK
                                                                                                                          Preparing search index...

                                                                                                                          Interface JwsHeaderParameters

                                                                                                                          Parameters contained in a JSON Web Signature (JWS) header.

                                                                                                                          -
                                                                                                                          interface JwsHeaderParameters {
                                                                                                                              alg: SecurityAlgorithms;
                                                                                                                              crit?: string[];
                                                                                                                              jwk?: Jwk;
                                                                                                                              kid?: string;
                                                                                                                              typ?: string;
                                                                                                                          }
                                                                                                                          Index

                                                                                                                          Properties

                                                                                                                          alg +
                                                                                                                          interface JwsHeaderParameters {
                                                                                                                              alg: SecurityAlgorithms;
                                                                                                                              crit?: string[];
                                                                                                                              jwk?: Jwk;
                                                                                                                              kid?: string;
                                                                                                                              typ?: string;
                                                                                                                          }
                                                                                                                          Index

                                                                                                                          Properties

                                                                                                                          alg crit? jwk? kid? typ?

                                                                                                                          Properties

                                                                                                                          alg: SecurityAlgorithms

                                                                                                                          The cryptographic algorithm used to sign the token.

                                                                                                                          -
                                                                                                                          crit?: string[]

                                                                                                                          List of header parameters that are marked as critical and must be understood by the token processor.

                                                                                                                          -
                                                                                                                          jwk?: Jwk

                                                                                                                          An embedded JSON Web Key (JWK) containing the signing key.

                                                                                                                          -
                                                                                                                          kid?: string

                                                                                                                          Identifier of the key used to sign the token.

                                                                                                                          -
                                                                                                                          typ?: string

                                                                                                                          The token type.

                                                                                                                          -

                                                                                                                          Settings

                                                                                                                          On This Page

                                                                                                                          Properties
                                                                                                                          +
                                                                                                                          crit?: string[]

                                                                                                                          List of header parameters that are marked as critical and must be understood by the token processor.

                                                                                                                          +
                                                                                                                          jwk?: Jwk

                                                                                                                          An embedded JSON Web Key (JWK) containing the signing key.

                                                                                                                          +
                                                                                                                          kid?: string

                                                                                                                          Identifier of the key used to sign the token.

                                                                                                                          +
                                                                                                                          typ?: string

                                                                                                                          The token type.

                                                                                                                          +

                                                                                                                          Settings

                                                                                                                          On This Page

                                                                                                                          Properties
                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudClientOptions.html b/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudClientOptions.html index 58ab86e8..e8ba6241 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudClientOptions.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudClientOptions.html @@ -1,23 +1,23 @@ MonoCloudClientOptions | MonoCloud Authentication SDK
                                                                                                                          MonoCloud Authentication SDK
                                                                                                                            Preparing search index...

                                                                                                                            Interface MonoCloudClientOptions

                                                                                                                            Configuration options used to initialize the MonoCloudClient.

                                                                                                                            -
                                                                                                                            interface MonoCloudClientOptions {
                                                                                                                                clientAuthMethod?: ClientAuthMethod;
                                                                                                                                clientSecret?: string | Jwk;
                                                                                                                                idTokenSigningAlgorithm?: SecurityAlgorithms;
                                                                                                                                jwksCacheDuration?: number;
                                                                                                                                metadataCacheDuration?: number;
                                                                                                                            }
                                                                                                                            Index

                                                                                                                            Properties

                                                                                                                            clientAuthMethod? +
                                                                                                                            interface MonoCloudClientOptions {
                                                                                                                                clientAuthMethod?: ClientAuthMethod;
                                                                                                                                clientSecret?: string | Jwk;
                                                                                                                                idTokenSigningAlgorithm?: SecurityAlgorithms;
                                                                                                                                jwksCacheDuration?: number;
                                                                                                                                metadataCacheDuration?: number;
                                                                                                                            }
                                                                                                                            Index

                                                                                                                            Properties

                                                                                                                            clientAuthMethod? clientSecret? idTokenSigningAlgorithm? jwksCacheDuration? metadataCacheDuration?

                                                                                                                            Properties

                                                                                                                            clientAuthMethod?: ClientAuthMethod

                                                                                                                            Client authentication method used when communicating with the token endpoint.

                                                                                                                            -
                                                                                                                            clientSecret?: string | Jwk

                                                                                                                            Client secret used for client authentication.

                                                                                                                            +
                                                                                                                            clientSecret?: string | Jwk

                                                                                                                            Client secret used for client authentication.

                                                                                                                            When clientAuthMethod is client_secret_jwt and a plain-text secret is provided, the default signing algorithm is HS256.

                                                                                                                            To use a different algorithm, provide a symmetric JSON Web Key (JWK) (kty: "oct") with the desired algorithm specified in its alg property.

                                                                                                                            -
                                                                                                                            idTokenSigningAlgorithm?: SecurityAlgorithms

                                                                                                                            Expected signing algorithm for validating ID tokens.

                                                                                                                            +
                                                                                                                            idTokenSigningAlgorithm?: SecurityAlgorithms

                                                                                                                            Expected signing algorithm for validating ID tokens.

                                                                                                                            'RS256'
                                                                                                                            -
                                                                                                                            jwksCacheDuration?: number

                                                                                                                            Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server.

                                                                                                                            +
                                                                                                                            jwksCacheDuration?: number

                                                                                                                            Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server.

                                                                                                                            300
                                                                                                                            -
                                                                                                                            metadataCacheDuration?: number

                                                                                                                            Duration (in seconds) to cache OpenID Connect discovery metadata.

                                                                                                                            +
                                                                                                                            metadataCacheDuration?: number

                                                                                                                            Duration (in seconds) to cache OpenID Connect discovery metadata.

                                                                                                                            300
                                                                                                                            -

                                                                                                                            Settings

                                                                                                                            On This Page

                                                                                                                            Properties
                                                                                                                            +

                                                                                                                            Settings

                                                                                                                            On This Page

                                                                                                                            Properties
                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudSession.html b/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudSession.html index b4f372dc..7ce4627d 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudSession.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudSession.html @@ -1,15 +1,15 @@ MonoCloudSession | MonoCloud Authentication SDK
                                                                                                                            MonoCloud Authentication SDK
                                                                                                                              Preparing search index...

                                                                                                                              Interface MonoCloudSession

                                                                                                                              Represents an authenticated session, containing the authenticated user profile along with the tokens and metadata issued during authentication.

                                                                                                                              interface MonoCloudSession {
                                                                                                                                  accessTokens?: AccessToken[];
                                                                                                                                  authorizedScopes?: string;
                                                                                                                                  idToken?: string;
                                                                                                                                  refreshToken?: string;
                                                                                                                                  user: MonoCloudUser;
                                                                                                                                  [key: string]: unknown;
                                                                                                                              }

                                                                                                                              Indexable

                                                                                                                              • [key: string]: unknown

                                                                                                                                Additional custom properties attached to the session.

                                                                                                                                These may be added via hooks such as onSessionCreating.

                                                                                                                                -
                                                                                                                              Index

                                                                                                                              Properties

                                                                                                                              accessTokens? +
                                                                                                                              Index

                                                                                                                              Properties

                                                                                                                              accessTokens? authorizedScopes? idToken? refreshToken? user

                                                                                                                              Properties

                                                                                                                              accessTokens?: AccessToken[]

                                                                                                                              Access tokens associated with the session.

                                                                                                                              Multiple tokens may exist when access tokens are issued for different resources or scope sets.

                                                                                                                              -
                                                                                                                              authorizedScopes?: string

                                                                                                                              Space-separated list of scopes authorized for the session.

                                                                                                                              -
                                                                                                                              idToken?: string

                                                                                                                              Optional ID token issued during authentication.

                                                                                                                              -
                                                                                                                              refreshToken?: string

                                                                                                                              Optional refresh token used to obtain new access tokens without requiring the user to re-authenticate.

                                                                                                                              -
                                                                                                                              user: MonoCloudUser

                                                                                                                              The authenticated user profile, typically derived from ID token claims and/or the UserInfo endpoint.

                                                                                                                              -

                                                                                                                              Settings

                                                                                                                              On This Page

                                                                                                                              Properties
                                                                                                                              +
                                                                                                                              authorizedScopes?: string

                                                                                                                              Space-separated list of scopes authorized for the session.

                                                                                                                              +
                                                                                                                              idToken?: string

                                                                                                                              Optional ID token issued during authentication.

                                                                                                                              +
                                                                                                                              refreshToken?: string

                                                                                                                              Optional refresh token used to obtain new access tokens without requiring the user to re-authenticate.

                                                                                                                              +
                                                                                                                              user: MonoCloudUser

                                                                                                                              The authenticated user profile, typically derived from ID token claims and/or the UserInfo endpoint.

                                                                                                                              +

                                                                                                                              Settings

                                                                                                                              On This Page

                                                                                                                              Properties
                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudUser.html b/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudUser.html index 40dd45e8..e943377f 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudUser.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.MonoCloudUser.html @@ -1,6 +1,6 @@ MonoCloudUser | MonoCloud Authentication SDK
                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                Preparing search index...

                                                                                                                                Interface MonoCloudUser

                                                                                                                                Represents the authenticated user stored in a MonoCloud session.

                                                                                                                                -
                                                                                                                                interface MonoCloudUser {
                                                                                                                                    address?: Address;
                                                                                                                                    amr?: string[];
                                                                                                                                    birthdate?: string;
                                                                                                                                    email?: string;
                                                                                                                                    email_verified?: boolean;
                                                                                                                                    family_name?: string;
                                                                                                                                    gender?: string;
                                                                                                                                    given_name?: string;
                                                                                                                                    groups?: Group[];
                                                                                                                                    idp?: string;
                                                                                                                                    locale?: string;
                                                                                                                                    middle_name?: string;
                                                                                                                                    name?: string;
                                                                                                                                    nickname?: string;
                                                                                                                                    phone_number?: string;
                                                                                                                                    phone_number_verified?: boolean;
                                                                                                                                    picture?: string;
                                                                                                                                    preferred_username?: string;
                                                                                                                                    profile?: string;
                                                                                                                                    sub: string;
                                                                                                                                    updated_at?: number;
                                                                                                                                    website?: string;
                                                                                                                                    zoneinfo?: string;
                                                                                                                                    [key: string]: unknown;
                                                                                                                                }

                                                                                                                                Hierarchy

                                                                                                                                Indexable

                                                                                                                                • [key: string]: unknown

                                                                                                                                  Additional provider-specific claims.

                                                                                                                                  -
                                                                                                                                Index

                                                                                                                                Properties

                                                                                                                                address? +
                                                                                                                                interface MonoCloudUser {
                                                                                                                                    address?: Address;
                                                                                                                                    amr?: string[];
                                                                                                                                    birthdate?: string;
                                                                                                                                    email?: string;
                                                                                                                                    email_verified?: boolean;
                                                                                                                                    family_name?: string;
                                                                                                                                    gender?: string;
                                                                                                                                    given_name?: string;
                                                                                                                                    groups?: Group[];
                                                                                                                                    idp?: string;
                                                                                                                                    locale?: string;
                                                                                                                                    middle_name?: string;
                                                                                                                                    name?: string;
                                                                                                                                    nickname?: string;
                                                                                                                                    phone_number?: string;
                                                                                                                                    phone_number_verified?: boolean;
                                                                                                                                    picture?: string;
                                                                                                                                    preferred_username?: string;
                                                                                                                                    profile?: string;
                                                                                                                                    sub: string;
                                                                                                                                    updated_at?: number;
                                                                                                                                    website?: string;
                                                                                                                                    zoneinfo?: string;
                                                                                                                                    [key: string]: unknown;
                                                                                                                                }

                                                                                                                                Hierarchy

                                                                                                                                Indexable

                                                                                                                                • [key: string]: unknown

                                                                                                                                  Additional provider-specific claims.

                                                                                                                                  +
                                                                                                                                Index

                                                                                                                                Properties

                                                                                                                                address? amr? birthdate? email? @@ -24,26 +24,26 @@ website? zoneinfo?

                                                                                                                                Properties

                                                                                                                                address?: Address

                                                                                                                                Postal address.

                                                                                                                                -
                                                                                                                                amr?: string[]

                                                                                                                                Authentication Methods References (AMR). Indicates how the user authenticated.

                                                                                                                                -
                                                                                                                                birthdate?: string

                                                                                                                                Birthday.

                                                                                                                                -
                                                                                                                                email?: string

                                                                                                                                Email address.

                                                                                                                                -
                                                                                                                                email_verified?: boolean

                                                                                                                                Whether the email address has been verified by the provider.

                                                                                                                                -
                                                                                                                                family_name?: string

                                                                                                                                Surname(s) / last name.

                                                                                                                                -
                                                                                                                                gender?: string

                                                                                                                                Gender.

                                                                                                                                -
                                                                                                                                given_name?: string

                                                                                                                                Given name(s) / first name.

                                                                                                                                -
                                                                                                                                groups?: Group[]

                                                                                                                                Group memberships for the user.

                                                                                                                                -
                                                                                                                                idp?: string

                                                                                                                                Identity Provider (IdP) identifier. Specifies the upstream provider used to authenticate the user.

                                                                                                                                -
                                                                                                                                locale?: string

                                                                                                                                Locale.

                                                                                                                                -
                                                                                                                                middle_name?: string

                                                                                                                                Middle name(s).

                                                                                                                                -
                                                                                                                                name?: string

                                                                                                                                Full name of the user (e.g. "Jane Doe").

                                                                                                                                -
                                                                                                                                nickname?: string

                                                                                                                                Casual name used by the user.

                                                                                                                                -
                                                                                                                                phone_number?: string

                                                                                                                                Phone number (formatted in E.164 standard).

                                                                                                                                -
                                                                                                                                phone_number_verified?: boolean

                                                                                                                                Whether the phone number has been verified by the provider.

                                                                                                                                -
                                                                                                                                picture?: string

                                                                                                                                URL of the user's profile picture.

                                                                                                                                -
                                                                                                                                preferred_username?: string

                                                                                                                                Preferred username.

                                                                                                                                -
                                                                                                                                profile?: string

                                                                                                                                URL of the user's profile page.

                                                                                                                                -
                                                                                                                                sub: string

                                                                                                                                Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                -
                                                                                                                                updated_at?: number

                                                                                                                                Time the user's information was last updated (seconds since epoch).

                                                                                                                                -
                                                                                                                                website?: string

                                                                                                                                URL of the user's website.

                                                                                                                                -
                                                                                                                                zoneinfo?: string

                                                                                                                                Time zone name.

                                                                                                                                -

                                                                                                                                Settings

                                                                                                                                On This Page

                                                                                                                                Properties
                                                                                                                                +
                                                                                                                                amr?: string[]

                                                                                                                                Authentication Methods References (AMR). Indicates how the user authenticated.

                                                                                                                                +
                                                                                                                                birthdate?: string

                                                                                                                                Birthday.

                                                                                                                                +
                                                                                                                                email?: string

                                                                                                                                Email address.

                                                                                                                                +
                                                                                                                                email_verified?: boolean

                                                                                                                                Whether the email address has been verified by the provider.

                                                                                                                                +
                                                                                                                                family_name?: string

                                                                                                                                Surname(s) / last name.

                                                                                                                                +
                                                                                                                                gender?: string

                                                                                                                                Gender.

                                                                                                                                +
                                                                                                                                given_name?: string

                                                                                                                                Given name(s) / first name.

                                                                                                                                +
                                                                                                                                groups?: Group[]

                                                                                                                                Group memberships for the user.

                                                                                                                                +
                                                                                                                                idp?: string

                                                                                                                                Identity Provider (IdP) identifier. Specifies the upstream provider used to authenticate the user.

                                                                                                                                +
                                                                                                                                locale?: string

                                                                                                                                Locale.

                                                                                                                                +
                                                                                                                                middle_name?: string

                                                                                                                                Middle name(s).

                                                                                                                                +
                                                                                                                                name?: string

                                                                                                                                Full name of the user (e.g. "Jane Doe").

                                                                                                                                +
                                                                                                                                nickname?: string

                                                                                                                                Casual name used by the user.

                                                                                                                                +
                                                                                                                                phone_number?: string

                                                                                                                                Phone number (formatted in E.164 standard).

                                                                                                                                +
                                                                                                                                phone_number_verified?: boolean

                                                                                                                                Whether the phone number has been verified by the provider.

                                                                                                                                +
                                                                                                                                picture?: string

                                                                                                                                URL of the user's profile picture.

                                                                                                                                +
                                                                                                                                preferred_username?: string

                                                                                                                                Preferred username.

                                                                                                                                +
                                                                                                                                profile?: string

                                                                                                                                URL of the user's profile page.

                                                                                                                                +
                                                                                                                                sub: string

                                                                                                                                Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                +
                                                                                                                                updated_at?: number

                                                                                                                                Time the user's information was last updated (seconds since epoch).

                                                                                                                                +
                                                                                                                                website?: string

                                                                                                                                URL of the user's website.

                                                                                                                                +
                                                                                                                                zoneinfo?: string

                                                                                                                                Time zone name.

                                                                                                                                +

                                                                                                                                Settings

                                                                                                                                On This Page

                                                                                                                                Properties
                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-core.index.ParResponse.html b/docs/html/interfaces/_monocloud_auth-core.index.ParResponse.html index 6fc9989f..2ef43f1c 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.ParResponse.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.ParResponse.html @@ -1,7 +1,7 @@ ParResponse | MonoCloud Authentication SDK
                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                  Preparing search index...

                                                                                                                                  Interface ParResponse

                                                                                                                                  Response returned from the Pushed Authorization Request (PAR) endpoint.

                                                                                                                                  -
                                                                                                                                  interface ParResponse {
                                                                                                                                      expires_in: number;
                                                                                                                                      request_uri: string;
                                                                                                                                  }
                                                                                                                                  Index

                                                                                                                                  Properties

                                                                                                                                  expires_in +
                                                                                                                                  interface ParResponse {
                                                                                                                                      expires_in: number;
                                                                                                                                      request_uri: string;
                                                                                                                                  }
                                                                                                                                  Index

                                                                                                                                  Properties

                                                                                                                                  expires_in request_uri

                                                                                                                                  Properties

                                                                                                                                  expires_in: number

                                                                                                                                  Lifetime of the request_uri, in seconds. After this duration expires, the authorization request becomes invalid.

                                                                                                                                  -
                                                                                                                                  request_uri: string

                                                                                                                                  The URI reference identifying the pushed authorization request.

                                                                                                                                  +
                                                                                                                                  request_uri: string

                                                                                                                                  The URI reference identifying the pushed authorization request.

                                                                                                                                  This value must be supplied as the request_uri parameter when redirecting the user to the authorization endpoint.

                                                                                                                                  -

                                                                                                                                  Settings

                                                                                                                                  On This Page

                                                                                                                                  Properties
                                                                                                                                  +

                                                                                                                                  Settings

                                                                                                                                  On This Page

                                                                                                                                  Properties
                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-core.index.PushedAuthorizationParams.html b/docs/html/interfaces/_monocloud_auth-core.index.PushedAuthorizationParams.html index df12bf46..3861abcf 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.PushedAuthorizationParams.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.PushedAuthorizationParams.html @@ -2,7 +2,7 @@

                                                                                                                                  This type mirrors AuthorizationParams but excludes requestUri, since the request_uri value is generated by the authorization server after a successful PAR request and must not be supplied by the client.

                                                                                                                                  -
                                                                                                                                  interface PushedAuthorizationParams {
                                                                                                                                      acrValues?: string[];
                                                                                                                                      authenticatorHint?: Authenticators;
                                                                                                                                      codeChallenge?: string;
                                                                                                                                      codeChallengeMethod?: CodeChallengeMethod;
                                                                                                                                      display?: DisplayOptions;
                                                                                                                                      loginHint?: string;
                                                                                                                                      maxAge?: number;
                                                                                                                                      nonce?: string;
                                                                                                                                      prompt?: Prompt;
                                                                                                                                      redirectUri?: string;
                                                                                                                                      request?: string;
                                                                                                                                      resource?: string;
                                                                                                                                      responseMode?: ResponseModes;
                                                                                                                                      responseType?: ResponseTypes;
                                                                                                                                      scopes?: string;
                                                                                                                                      state?: string;
                                                                                                                                      uiLocales?: string;
                                                                                                                                  }

                                                                                                                                  Hierarchy

                                                                                                                                  Index

                                                                                                                                  Properties

                                                                                                                                  acrValues? +
                                                                                                                                  interface PushedAuthorizationParams {
                                                                                                                                      acrValues?: string[];
                                                                                                                                      authenticatorHint?: Authenticators;
                                                                                                                                      codeChallenge?: string;
                                                                                                                                      codeChallengeMethod?: CodeChallengeMethod;
                                                                                                                                      display?: DisplayOptions;
                                                                                                                                      loginHint?: string;
                                                                                                                                      maxAge?: number;
                                                                                                                                      nonce?: string;
                                                                                                                                      prompt?: Prompt;
                                                                                                                                      redirectUri?: string;
                                                                                                                                      request?: string;
                                                                                                                                      resource?: string;
                                                                                                                                      responseMode?: ResponseModes;
                                                                                                                                      responseType?: ResponseTypes;
                                                                                                                                      scopes?: string;
                                                                                                                                      state?: string;
                                                                                                                                      uiLocales?: string;
                                                                                                                                  }

                                                                                                                                  Hierarchy

                                                                                                                                  Index

                                                                                                                                  Properties

                                                                                                                                  acrValues? authenticatorHint? codeChallenge? codeChallengeMethod? diff --git a/docs/html/interfaces/_monocloud_auth-core.index.RefetchUserInfoOptions.html b/docs/html/interfaces/_monocloud_auth-core.index.RefetchUserInfoOptions.html index db355f33..4cddcc8c 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.RefetchUserInfoOptions.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.RefetchUserInfoOptions.html @@ -1,4 +1,4 @@ RefetchUserInfoOptions | MonoCloud Authentication SDK
                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                    Preparing search index...

                                                                                                                                    Interface RefetchUserInfoOptions

                                                                                                                                    Options used when refetching user profile data from the UserInfo endpoint.

                                                                                                                                    -
                                                                                                                                    interface RefetchUserInfoOptions {
                                                                                                                                        onSessionCreating?: OnSessionCreating;
                                                                                                                                    }
                                                                                                                                    Index

                                                                                                                                    Properties

                                                                                                                                    onSessionCreating? +
                                                                                                                                    interface RefetchUserInfoOptions {
                                                                                                                                        onSessionCreating?: OnSessionCreating;
                                                                                                                                    }
                                                                                                                                    Index

                                                                                                                                    Properties

                                                                                                                                    onSessionCreating?

                                                                                                                                    Properties

                                                                                                                                    onSessionCreating?: OnSessionCreating

                                                                                                                                    Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                    -

                                                                                                                                    Settings

                                                                                                                                    On This Page

                                                                                                                                    Properties
                                                                                                                                    +

                                                                                                                                    Settings

                                                                                                                                    On This Page

                                                                                                                                    Properties
                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-core.index.RefreshGrantOptions.html b/docs/html/interfaces/_monocloud_auth-core.index.RefreshGrantOptions.html index 575b7a65..ab7c1d19 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.RefreshGrantOptions.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.RefreshGrantOptions.html @@ -1,9 +1,9 @@ RefreshGrantOptions | MonoCloud Authentication SDK
                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                      Preparing search index...

                                                                                                                                      Interface RefreshGrantOptions

                                                                                                                                      Options used when exchanging a refresh token for a new access token.

                                                                                                                                      These parameters allow requesting an access token scoped to specific resources or scopes that were previously authorized by the user.

                                                                                                                                      -
                                                                                                                                      interface RefreshGrantOptions {
                                                                                                                                          resource?: string;
                                                                                                                                          scopes?: string;
                                                                                                                                      }

                                                                                                                                      Hierarchy

                                                                                                                                      Index

                                                                                                                                      Properties

                                                                                                                                      resource? +
                                                                                                                                      interface RefreshGrantOptions {
                                                                                                                                          resource?: string;
                                                                                                                                          scopes?: string;
                                                                                                                                      }

                                                                                                                                      Hierarchy

                                                                                                                                      Index

                                                                                                                                      Properties

                                                                                                                                      resource? scopes?

                                                                                                                                      Properties

                                                                                                                                      resource?: string

                                                                                                                                      Space-separated list of resource indicators that the new access token should be issued for.

                                                                                                                                      The requested resources must have been previously granted during the original authorization flow.

                                                                                                                                      -
                                                                                                                                      scopes?: string

                                                                                                                                      Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                      +
                                                                                                                                      scopes?: string

                                                                                                                                      Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                      The requested scopes must have been granted during the original authorization flow.

                                                                                                                                      -

                                                                                                                                      Settings

                                                                                                                                      On This Page

                                                                                                                                      Properties
                                                                                                                                      +

                                                                                                                                      Settings

                                                                                                                                      On This Page

                                                                                                                                      Properties
                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-core.index.RefreshSessionOptions.html b/docs/html/interfaces/_monocloud_auth-core.index.RefreshSessionOptions.html index d64d0afa..0efd980a 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.RefreshSessionOptions.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.RefreshSessionOptions.html @@ -1,5 +1,5 @@ RefreshSessionOptions | MonoCloud Authentication SDK
                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                        Preparing search index...

                                                                                                                                        Interface RefreshSessionOptions

                                                                                                                                        Options used when refreshing an existing MonoCloud session.

                                                                                                                                        -
                                                                                                                                        interface RefreshSessionOptions {
                                                                                                                                            fetchUserInfo?: boolean;
                                                                                                                                            filteredIdTokenClaims?: string[];
                                                                                                                                            idTokenClockSkew?: number;
                                                                                                                                            idTokenClockTolerance?: number;
                                                                                                                                            jwks?: Jwks;
                                                                                                                                            onSessionCreating?: OnSessionCreating;
                                                                                                                                            refreshGrantOptions?: RefreshGrantOptions;
                                                                                                                                            validateIdToken?: boolean;
                                                                                                                                        }
                                                                                                                                        Index

                                                                                                                                        Properties

                                                                                                                                        fetchUserInfo? +
                                                                                                                                        interface RefreshSessionOptions {
                                                                                                                                            fetchUserInfo?: boolean;
                                                                                                                                            filteredIdTokenClaims?: string[];
                                                                                                                                            idTokenClockSkew?: number;
                                                                                                                                            idTokenClockTolerance?: number;
                                                                                                                                            jwks?: Jwks;
                                                                                                                                            onSessionCreating?: OnSessionCreating;
                                                                                                                                            refreshGrantOptions?: RefreshGrantOptions;
                                                                                                                                            validateIdToken?: boolean;
                                                                                                                                        }
                                                                                                                                        Index

                                                                                                                                        Properties

                                                                                                                                        fetchUserInfo? filteredIdTokenClaims? idTokenClockSkew? idTokenClockTolerance? @@ -11,15 +11,15 @@ 
                                                                                                                                        false
                                                                                                                                        -
                                                                                                                                        filteredIdTokenClaims?: string[]

                                                                                                                                        List of ID token claims to remove before storing the session.

                                                                                                                                        -
                                                                                                                                        idTokenClockSkew?: number

                                                                                                                                        Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                                                        -
                                                                                                                                        idTokenClockTolerance?: number

                                                                                                                                        Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                                                        -
                                                                                                                                        jwks?: Jwks

                                                                                                                                        JSON Web Key Set used to validate the ID token signature.

                                                                                                                                        +
                                                                                                                                        filteredIdTokenClaims?: string[]

                                                                                                                                        List of ID token claims to remove before storing the session.

                                                                                                                                        +
                                                                                                                                        idTokenClockSkew?: number

                                                                                                                                        Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                                                        +
                                                                                                                                        idTokenClockTolerance?: number

                                                                                                                                        Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                                                        +
                                                                                                                                        jwks?: Jwks

                                                                                                                                        JSON Web Key Set used to validate the ID token signature.

                                                                                                                                        If not provided, the JWKS is automatically fetched from the authorization server metadata.

                                                                                                                                        -
                                                                                                                                        onSessionCreating?: OnSessionCreating

                                                                                                                                        Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                        -
                                                                                                                                        refreshGrantOptions?: RefreshGrantOptions

                                                                                                                                        Options applied to the refresh token grant request, such as requesting tokens for specific resources or scopes.

                                                                                                                                        -
                                                                                                                                        validateIdToken?: boolean

                                                                                                                                        Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                                                        +
                                                                                                                                        onSessionCreating?: OnSessionCreating

                                                                                                                                        Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                        +
                                                                                                                                        refreshGrantOptions?: RefreshGrantOptions

                                                                                                                                        Options applied to the refresh token grant request, such as requesting tokens for specific resources or scopes.

                                                                                                                                        +
                                                                                                                                        validateIdToken?: boolean

                                                                                                                                        Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                                                        true
                                                                                                                                        -

                                                                                                                                        Settings

                                                                                                                                        On This Page

                                                                                                                                        Properties
                                                                                                                                        +

                                                                                                                                        Settings

                                                                                                                                        On This Page

                                                                                                                                        Properties
                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-core.index.Tokens.html b/docs/html/interfaces/_monocloud_auth-core.index.Tokens.html index 329c6aad..c4d2ccc2 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.Tokens.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.Tokens.html @@ -1,14 +1,14 @@ Tokens | MonoCloud Authentication SDK
                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                          Preparing search index...

                                                                                                                                          Interface Tokens

                                                                                                                                          OAuth 2.0 / OpenID Connect token endpoint response.

                                                                                                                                          -
                                                                                                                                          interface Tokens {
                                                                                                                                              access_token: string;
                                                                                                                                              expires_in?: number;
                                                                                                                                              id_token?: string;
                                                                                                                                              refresh_token?: string;
                                                                                                                                              scope?: string;
                                                                                                                                              token_type?: string;
                                                                                                                                          }
                                                                                                                                          Index

                                                                                                                                          Properties

                                                                                                                                          access_token +
                                                                                                                                          interface Tokens {
                                                                                                                                              access_token: string;
                                                                                                                                              expires_in?: number;
                                                                                                                                              id_token?: string;
                                                                                                                                              refresh_token?: string;
                                                                                                                                              scope?: string;
                                                                                                                                              token_type?: string;
                                                                                                                                          }
                                                                                                                                          Index

                                                                                                                                          Properties

                                                                                                                                          access_token expires_in? id_token? refresh_token? scope? token_type?

                                                                                                                                          Properties

                                                                                                                                          access_token: string

                                                                                                                                          Access token issued by the authorization server.

                                                                                                                                          -
                                                                                                                                          expires_in?: number

                                                                                                                                          Lifetime of the access token (in seconds) from the time the response was issued.

                                                                                                                                          -
                                                                                                                                          id_token?: string

                                                                                                                                          Optional ID token containing authentication claims about the user.

                                                                                                                                          -
                                                                                                                                          refresh_token?: string

                                                                                                                                          Optional refresh token used to obtain new access tokens without requiring user re-authentication.

                                                                                                                                          -
                                                                                                                                          scope?: string

                                                                                                                                          Space-separated list of scopes granted for the access token.

                                                                                                                                          -
                                                                                                                                          token_type?: string

                                                                                                                                          Token type issued.

                                                                                                                                          -

                                                                                                                                          Settings

                                                                                                                                          On This Page

                                                                                                                                          Properties
                                                                                                                                          +
                                                                                                                                          expires_in?: number

                                                                                                                                          Lifetime of the access token (in seconds) from the time the response was issued.

                                                                                                                                          +
                                                                                                                                          id_token?: string

                                                                                                                                          Optional ID token containing authentication claims about the user.

                                                                                                                                          +
                                                                                                                                          refresh_token?: string

                                                                                                                                          Optional refresh token used to obtain new access tokens without requiring user re-authentication.

                                                                                                                                          +
                                                                                                                                          scope?: string

                                                                                                                                          Space-separated list of scopes granted for the access token.

                                                                                                                                          +
                                                                                                                                          token_type?: string

                                                                                                                                          Token type issued.

                                                                                                                                          +

                                                                                                                                          Settings

                                                                                                                                          On This Page

                                                                                                                                          Properties
                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-core.index.UserinfoResponse.html b/docs/html/interfaces/_monocloud_auth-core.index.UserinfoResponse.html index 7ae709ad..a3f9268b 100644 --- a/docs/html/interfaces/_monocloud_auth-core.index.UserinfoResponse.html +++ b/docs/html/interfaces/_monocloud_auth-core.index.UserinfoResponse.html @@ -1,7 +1,7 @@ UserinfoResponse | MonoCloud Authentication SDK
                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                            Preparing search index...

                                                                                                                                            Interface UserinfoResponse<TAddress>

                                                                                                                                            Represents the OpenID Connect UserInfo response.

                                                                                                                                            interface UserinfoResponse<TAddress extends Address = Address> {
                                                                                                                                                address?: TAddress;
                                                                                                                                                birthdate?: string;
                                                                                                                                                email?: string;
                                                                                                                                                email_verified?: boolean;
                                                                                                                                                family_name?: string;
                                                                                                                                                gender?: string;
                                                                                                                                                given_name?: string;
                                                                                                                                                groups?: Group[];
                                                                                                                                                locale?: string;
                                                                                                                                                middle_name?: string;
                                                                                                                                                name?: string;
                                                                                                                                                nickname?: string;
                                                                                                                                                phone_number?: string;
                                                                                                                                                phone_number_verified?: boolean;
                                                                                                                                                picture?: string;
                                                                                                                                                preferred_username?: string;
                                                                                                                                                profile?: string;
                                                                                                                                                sub: string;
                                                                                                                                                updated_at?: number;
                                                                                                                                                website?: string;
                                                                                                                                                zoneinfo?: string;
                                                                                                                                                [key: string]: unknown;
                                                                                                                                            }

                                                                                                                                            Type Parameters

                                                                                                                                            Hierarchy

                                                                                                                                            Indexable

                                                                                                                                            • [key: string]: unknown

                                                                                                                                              Additional provider-specific claims.

                                                                                                                                              -
                                                                                                                                            Index

                                                                                                                                            Properties

                                                                                                                                            address? +

                                                                                                                                            Hierarchy

                                                                                                                                            Indexable

                                                                                                                                            • [key: string]: unknown

                                                                                                                                              Additional provider-specific claims.

                                                                                                                                              +
                                                                                                                                            Index

                                                                                                                                            Properties

                                                                                                                                            address? birthdate? email? email_verified? @@ -23,24 +23,24 @@ website? zoneinfo?

                                                                                                                                            Properties

                                                                                                                                            address?: TAddress

                                                                                                                                            Postal address.

                                                                                                                                            -
                                                                                                                                            birthdate?: string

                                                                                                                                            Birthday.

                                                                                                                                            -
                                                                                                                                            email?: string

                                                                                                                                            Email address.

                                                                                                                                            -
                                                                                                                                            email_verified?: boolean

                                                                                                                                            Whether the email address has been verified by the provider.

                                                                                                                                            -
                                                                                                                                            family_name?: string

                                                                                                                                            Surname(s) / last name.

                                                                                                                                            -
                                                                                                                                            gender?: string

                                                                                                                                            Gender.

                                                                                                                                            -
                                                                                                                                            given_name?: string

                                                                                                                                            Given name(s) / first name.

                                                                                                                                            -
                                                                                                                                            groups?: Group[]

                                                                                                                                            Group memberships for the user.

                                                                                                                                            -
                                                                                                                                            locale?: string

                                                                                                                                            Locale.

                                                                                                                                            -
                                                                                                                                            middle_name?: string

                                                                                                                                            Middle name(s).

                                                                                                                                            -
                                                                                                                                            name?: string

                                                                                                                                            Full name of the user (e.g. "Jane Doe").

                                                                                                                                            -
                                                                                                                                            nickname?: string

                                                                                                                                            Casual name used by the user.

                                                                                                                                            -
                                                                                                                                            phone_number?: string

                                                                                                                                            Phone number (formatted in E.164 standard).

                                                                                                                                            -
                                                                                                                                            phone_number_verified?: boolean

                                                                                                                                            Whether the phone number has been verified by the provider.

                                                                                                                                            -
                                                                                                                                            picture?: string

                                                                                                                                            URL of the user's profile picture.

                                                                                                                                            -
                                                                                                                                            preferred_username?: string

                                                                                                                                            Preferred username.

                                                                                                                                            -
                                                                                                                                            profile?: string

                                                                                                                                            URL of the user's profile page.

                                                                                                                                            -
                                                                                                                                            sub: string

                                                                                                                                            Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                            -
                                                                                                                                            updated_at?: number

                                                                                                                                            Time the user's information was last updated (seconds since epoch).

                                                                                                                                            -
                                                                                                                                            website?: string

                                                                                                                                            URL of the user's website.

                                                                                                                                            -
                                                                                                                                            zoneinfo?: string

                                                                                                                                            Time zone name.

                                                                                                                                            -

                                                                                                                                            Settings

                                                                                                                                            On This Page

                                                                                                                                            Properties
                                                                                                                                            +
                                                                                                                                            birthdate?: string

                                                                                                                                            Birthday.

                                                                                                                                            +
                                                                                                                                            email?: string

                                                                                                                                            Email address.

                                                                                                                                            +
                                                                                                                                            email_verified?: boolean

                                                                                                                                            Whether the email address has been verified by the provider.

                                                                                                                                            +
                                                                                                                                            family_name?: string

                                                                                                                                            Surname(s) / last name.

                                                                                                                                            +
                                                                                                                                            gender?: string

                                                                                                                                            Gender.

                                                                                                                                            +
                                                                                                                                            given_name?: string

                                                                                                                                            Given name(s) / first name.

                                                                                                                                            +
                                                                                                                                            groups?: Group[]

                                                                                                                                            Group memberships for the user.

                                                                                                                                            +
                                                                                                                                            locale?: string

                                                                                                                                            Locale.

                                                                                                                                            +
                                                                                                                                            middle_name?: string

                                                                                                                                            Middle name(s).

                                                                                                                                            +
                                                                                                                                            name?: string

                                                                                                                                            Full name of the user (e.g. "Jane Doe").

                                                                                                                                            +
                                                                                                                                            nickname?: string

                                                                                                                                            Casual name used by the user.

                                                                                                                                            +
                                                                                                                                            phone_number?: string

                                                                                                                                            Phone number (formatted in E.164 standard).

                                                                                                                                            +
                                                                                                                                            phone_number_verified?: boolean

                                                                                                                                            Whether the phone number has been verified by the provider.

                                                                                                                                            +
                                                                                                                                            picture?: string

                                                                                                                                            URL of the user's profile picture.

                                                                                                                                            +
                                                                                                                                            preferred_username?: string

                                                                                                                                            Preferred username.

                                                                                                                                            +
                                                                                                                                            profile?: string

                                                                                                                                            URL of the user's profile page.

                                                                                                                                            +
                                                                                                                                            sub: string

                                                                                                                                            Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                            +
                                                                                                                                            updated_at?: number

                                                                                                                                            Time the user's information was last updated (seconds since epoch).

                                                                                                                                            +
                                                                                                                                            website?: string

                                                                                                                                            URL of the user's website.

                                                                                                                                            +
                                                                                                                                            zoneinfo?: string

                                                                                                                                            Time zone name.

                                                                                                                                            +

                                                                                                                                            Settings

                                                                                                                                            On This Page

                                                                                                                                            Properties
                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.AccessToken.html b/docs/html/interfaces/_monocloud_auth-js-core.index.AccessToken.html new file mode 100644 index 00000000..1c1ff77e --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.AccessToken.html @@ -0,0 +1,13 @@ +AccessToken | MonoCloud Authentication SDK
                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                              Preparing search index...

                                                                                                                                              Interface AccessToken

                                                                                                                                              Represents an OAuth 2.0 access token and its associated metadata.

                                                                                                                                              +
                                                                                                                                              interface AccessToken {
                                                                                                                                                  accessToken: string;
                                                                                                                                                  accessTokenExpiration: number;
                                                                                                                                                  requestedScopes?: string;
                                                                                                                                                  resource?: string;
                                                                                                                                                  scopes: string;
                                                                                                                                              }

                                                                                                                                              Hierarchy

                                                                                                                                              Index

                                                                                                                                              Properties

                                                                                                                                              accessToken +accessTokenExpiration +requestedScopes? +resource? +scopes +

                                                                                                                                              Properties

                                                                                                                                              accessToken: string

                                                                                                                                              The issued access token.

                                                                                                                                              +
                                                                                                                                              accessTokenExpiration: number

                                                                                                                                              The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                              +
                                                                                                                                              requestedScopes?: string

                                                                                                                                              Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                              +
                                                                                                                                              resource?: string

                                                                                                                                              Optional resource (audience) that the access token is scoped for.

                                                                                                                                              +
                                                                                                                                              scopes: string

                                                                                                                                              Space-separated list of scopes granted to the access token.

                                                                                                                                              +

                                                                                                                                              These represent the effective permissions approved by the authorization server.

                                                                                                                                              +

                                                                                                                                              Settings

                                                                                                                                              On This Page

                                                                                                                                              Properties
                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.AuthState.html b/docs/html/interfaces/_monocloud_auth-js-core.index.AuthState.html new file mode 100644 index 00000000..6fad3c4d --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.AuthState.html @@ -0,0 +1,14 @@ +AuthState | MonoCloud Authentication SDK
                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                Preparing search index...

                                                                                                                                                Interface AuthState

                                                                                                                                                Represents the authentication transaction state stored between the authorization request and the callback.

                                                                                                                                                +
                                                                                                                                                interface AuthState {
                                                                                                                                                    codeVerifier?: string;
                                                                                                                                                    maxAge?: number;
                                                                                                                                                    nonce: string;
                                                                                                                                                    resource?: string;
                                                                                                                                                    scopes: string;
                                                                                                                                                    state: string;
                                                                                                                                                }
                                                                                                                                                Index

                                                                                                                                                Properties

                                                                                                                                                codeVerifier? +maxAge? +nonce +resource? +scopes +state +

                                                                                                                                                Properties

                                                                                                                                                codeVerifier?: string

                                                                                                                                                Optional. PKCE code verifier used to validate the authorization code exchange.

                                                                                                                                                +
                                                                                                                                                maxAge?: number

                                                                                                                                                Optional. Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                                                                +
                                                                                                                                                nonce: string

                                                                                                                                                A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks.

                                                                                                                                                +
                                                                                                                                                resource?: string

                                                                                                                                                Optional. Space-separated list of resource indicators requested for the access token.

                                                                                                                                                +
                                                                                                                                                scopes: string

                                                                                                                                                Space-separated list of scopes requested during authorization.

                                                                                                                                                +
                                                                                                                                                state: string

                                                                                                                                                A unique value used to correlate the authorization request with the callback and protect against CSRF attacks.

                                                                                                                                                +

                                                                                                                                                Settings

                                                                                                                                                On This Page

                                                                                                                                                Properties
                                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.AuthenticateOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.AuthenticateOptions.html new file mode 100644 index 00000000..482f4110 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.AuthenticateOptions.html @@ -0,0 +1,29 @@ +AuthenticateOptions | MonoCloud Authentication SDK
                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                  Preparing search index...

                                                                                                                                                  Interface AuthenticateOptions

                                                                                                                                                  Options used when authenticating a user via the Authorization Code flow.

                                                                                                                                                  +
                                                                                                                                                  interface AuthenticateOptions {
                                                                                                                                                      codeVerifier?: string;
                                                                                                                                                      fetchUserInfo?: boolean;
                                                                                                                                                      filteredIdTokenClaims?: string[];
                                                                                                                                                      idTokenClockSkew?: number;
                                                                                                                                                      idTokenClockTolerance?: number;
                                                                                                                                                      idTokenMaxAge?: number;
                                                                                                                                                      idTokenNonce?: string;
                                                                                                                                                      jwks?: Jwks;
                                                                                                                                                      onSessionCreating?: OnSessionCreating;
                                                                                                                                                      validateIdToken?: boolean;
                                                                                                                                                  }
                                                                                                                                                  Index

                                                                                                                                                  Properties

                                                                                                                                                  codeVerifier? +fetchUserInfo? +filteredIdTokenClaims? +idTokenClockSkew? +idTokenClockTolerance? +idTokenMaxAge? +idTokenNonce? +jwks? +onSessionCreating? +validateIdToken? +

                                                                                                                                                  Properties

                                                                                                                                                  codeVerifier?: string

                                                                                                                                                  PKCE code verifier associated with the authorization request.

                                                                                                                                                  +
                                                                                                                                                  fetchUserInfo?: boolean

                                                                                                                                                  When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

                                                                                                                                                  +
                                                                                                                                                  false
+
                                                                                                                                                  + +
                                                                                                                                                  filteredIdTokenClaims?: string[]

                                                                                                                                                  List of ID token claims to remove before storing the session.

                                                                                                                                                  +
                                                                                                                                                  idTokenClockSkew?: number

                                                                                                                                                  Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                                                                  +
                                                                                                                                                  idTokenClockTolerance?: number

                                                                                                                                                  Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                                                                  +
                                                                                                                                                  idTokenMaxAge?: number

                                                                                                                                                  Maximum allowed authentication age (in seconds) for the ID token.

                                                                                                                                                  +
                                                                                                                                                  idTokenNonce?: string

                                                                                                                                                  Nonce value expected in the ID token. Used to prevent replay attacks.

                                                                                                                                                  +
                                                                                                                                                  jwks?: Jwks

                                                                                                                                                  JSON Web Key Set used to validate the ID token signature.

                                                                                                                                                  +

                                                                                                                                                  If not provided, the JWKS is automatically fetched from the authorization server metadata.

                                                                                                                                                  +
                                                                                                                                                  onSessionCreating?: OnSessionCreating

                                                                                                                                                  Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                                  +
                                                                                                                                                  validateIdToken?: boolean

                                                                                                                                                  Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                                                                  +
                                                                                                                                                  true
+
                                                                                                                                                  + +

                                                                                                                                                  Settings

                                                                                                                                                  On This Page

                                                                                                                                                  Properties
                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.AuthorizationParams.html b/docs/html/interfaces/_monocloud_auth-js-core.index.AuthorizationParams.html new file mode 100644 index 00000000..b31a98a3 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.AuthorizationParams.html @@ -0,0 +1,40 @@ +AuthorizationParams | MonoCloud Authentication SDK
                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                    Preparing search index...

                                                                                                                                                    Interface AuthorizationParams

                                                                                                                                                    Parameters used to construct an OAuth 2.0 / OpenID Connect authorization request.

                                                                                                                                                    +
                                                                                                                                                    interface AuthorizationParams {
                                                                                                                                                        acrValues?: string[];
                                                                                                                                                        authenticatorHint?: Authenticators;
                                                                                                                                                        codeChallenge?: string;
                                                                                                                                                        codeChallengeMethod?: CodeChallengeMethod;
                                                                                                                                                        display?: DisplayOptions;
                                                                                                                                                        loginHint?: string;
                                                                                                                                                        maxAge?: number;
                                                                                                                                                        nonce?: string;
                                                                                                                                                        prompt?: Prompt;
                                                                                                                                                        redirectUri?: string;
                                                                                                                                                        request?: string;
                                                                                                                                                        requestUri?: string;
                                                                                                                                                        resource?: string;
                                                                                                                                                        responseMode?: ResponseModes;
                                                                                                                                                        responseType?: ResponseTypes;
                                                                                                                                                        scopes?: string;
                                                                                                                                                        state?: string;
                                                                                                                                                        uiLocales?: string;
                                                                                                                                                    }
                                                                                                                                                    Index

                                                                                                                                                    Properties

                                                                                                                                                    acrValues? +authenticatorHint? +codeChallenge? +codeChallengeMethod? +display? +loginHint? +maxAge? +nonce? +prompt? +redirectUri? +request? +requestUri? +resource? +responseMode? +responseType? +scopes? +state? +uiLocales? +

                                                                                                                                                    Properties

                                                                                                                                                    acrValues?: string[]

                                                                                                                                                    Authentication Context Class Reference (ACR) values requesting specific authentication assurance levels or methods.

                                                                                                                                                    +
                                                                                                                                                    authenticatorHint?: Authenticators

                                                                                                                                                    Hint to the authorization server indicating which authenticator or connection should be used.

                                                                                                                                                    +
                                                                                                                                                    codeChallenge?: string

                                                                                                                                                    PKCE code challenge derived from the code verifier. Used to secure authorization code exchanges.

                                                                                                                                                    +
                                                                                                                                                    codeChallengeMethod?: CodeChallengeMethod

                                                                                                                                                    Method used to generate the PKCE code challenge.

                                                                                                                                                    +
                                                                                                                                                    display?: DisplayOptions

                                                                                                                                                    Preferred display mode for the authentication UI.

                                                                                                                                                    +
                                                                                                                                                    loginHint?: string

                                                                                                                                                    Hint identifying the user (for example, email or username). Used to prefill or optimize the sign-in experience.

                                                                                                                                                    +
                                                                                                                                                    maxAge?: number

                                                                                                                                                    Maximum acceptable time (in seconds) since the user last authenticated. If exceeded, the user may be required to sign in again.

                                                                                                                                                    +
                                                                                                                                                    nonce?: string

                                                                                                                                                    A cryptographically random value included in the ID token to prevent replay attacks.

                                                                                                                                                    +
                                                                                                                                                    prompt?: Prompt

                                                                                                                                                    Controls authentication interaction behavior. For example, forcing login or consent.

                                                                                                                                                    +
                                                                                                                                                    redirectUri?: string

                                                                                                                                                    The redirect URI where the authorization server sends the user after authentication completes.

                                                                                                                                                    +
                                                                                                                                                    request?: string

                                                                                                                                                    A signed JWT containing authorization request parameters.

                                                                                                                                                    +
                                                                                                                                                    requestUri?: string

                                                                                                                                                    URI referencing a previously created authorization request (typically via Pushed Authorization Requests — PAR).

                                                                                                                                                    +

                                                                                                                                                    When set, other authorization parameters may be ignored.

                                                                                                                                                    +
                                                                                                                                                    resource?: string

                                                                                                                                                    Space-separated list of resource indicators that scope the issued access token.

                                                                                                                                                    +
                                                                                                                                                    responseMode?: ResponseModes

                                                                                                                                                    Specifies how the authorization response is returned to the client.

                                                                                                                                                    +
                                                                                                                                                    responseType?: ResponseTypes

                                                                                                                                                    Determines which artifacts are returned from the authorization endpoint.

                                                                                                                                                    +
                                                                                                                                                    scopes?: string

                                                                                                                                                    Space-separated list of scopes requested during authentication.

                                                                                                                                                    +
                                                                                                                                                    state?: string

                                                                                                                                                    A cryptographically random value used to maintain request state +and protect against CSRF attacks.

                                                                                                                                                    +
                                                                                                                                                    uiLocales?: string

                                                                                                                                                    Preferred UI language.

                                                                                                                                                    +

                                                                                                                                                    Settings

                                                                                                                                                    On This Page

                                                                                                                                                    Properties
                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.CallbackParams.html b/docs/html/interfaces/_monocloud_auth-js-core.index.CallbackParams.html new file mode 100644 index 00000000..7c78e89f --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.CallbackParams.html @@ -0,0 +1,22 @@ +CallbackParams | MonoCloud Authentication SDK
                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                      Preparing search index...

                                                                                                                                                      Interface CallbackParams

                                                                                                                                                      Parameters returned to the application after the authorization server redirects the user back to the callback URL.

                                                                                                                                                      +
                                                                                                                                                      interface CallbackParams {
                                                                                                                                                          accessToken?: string;
                                                                                                                                                          code?: string;
                                                                                                                                                          error?: string;
                                                                                                                                                          errorDescription?: string;
                                                                                                                                                          expiresIn?: number;
                                                                                                                                                          idToken?: string;
                                                                                                                                                          refreshToken?: string;
                                                                                                                                                          scope?: string;
                                                                                                                                                          sessionState?: string;
                                                                                                                                                          state?: string;
                                                                                                                                                      }
                                                                                                                                                      Index

                                                                                                                                                      Properties

                                                                                                                                                      accessToken? +code? +error? +errorDescription? +expiresIn? +idToken? +refreshToken? +scope? +sessionState? +state? +

                                                                                                                                                      Properties

                                                                                                                                                      accessToken?: string

                                                                                                                                                      Access token returned directly by implicit or hybrid flows.

                                                                                                                                                      +
                                                                                                                                                      code?: string

                                                                                                                                                      Authorization code returned when using the Authorization Code Flow.

                                                                                                                                                      +
                                                                                                                                                      error?: string

                                                                                                                                                      Error code returned when authorization fails.

                                                                                                                                                      +
                                                                                                                                                      errorDescription?: string

                                                                                                                                                      Human-readable description providing additional information about the authorization error.

                                                                                                                                                      +
                                                                                                                                                      expiresIn?: number

                                                                                                                                                      Lifetime of the access token in seconds.

                                                                                                                                                      +
                                                                                                                                                      idToken?: string

                                                                                                                                                      ID token issued by the authorization server.

                                                                                                                                                      +
                                                                                                                                                      refreshToken?: string

                                                                                                                                                      Refresh token issued during authorization (if enabled).

                                                                                                                                                      +
                                                                                                                                                      scope?: string

                                                                                                                                                      Access token scopes (Implicit Flow)

                                                                                                                                                      +
                                                                                                                                                      sessionState?: string

                                                                                                                                                      OIDC session state value used for session monitoring and front-channel session management.

                                                                                                                                                      +
                                                                                                                                                      state?: string

                                                                                                                                                      The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks.

                                                                                                                                                      +

                                                                                                                                                      Settings

                                                                                                                                                      On This Page

                                                                                                                                                      Properties
                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.CallbackState.html b/docs/html/interfaces/_monocloud_auth-js-core.index.CallbackState.html new file mode 100644 index 00000000..81adf93c --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.CallbackState.html @@ -0,0 +1,19 @@ +CallbackState | MonoCloud Authentication SDK
                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                        Preparing search index...

                                                                                                                                                        Interface CallbackState

                                                                                                                                                        Internal state persisted between authorization start and callback processing.

                                                                                                                                                        +
                                                                                                                                                        interface CallbackState {
                                                                                                                                                            appState?: ApplicationState;
                                                                                                                                                            codeVerifier?: string;
                                                                                                                                                            maxAge?: number;
                                                                                                                                                            mode: "popup" | "redirect" | "silent";
                                                                                                                                                            nonce?: string;
                                                                                                                                                            resource?: string;
                                                                                                                                                            responseType?: ResponseTypes;
                                                                                                                                                            returnUrl?: string;
                                                                                                                                                            scopes?: string;
                                                                                                                                                            signOut?: boolean;
                                                                                                                                                            state?: string;
                                                                                                                                                        }

                                                                                                                                                        Hierarchy

                                                                                                                                                        Index

                                                                                                                                                        Properties

                                                                                                                                                        appState? +codeVerifier? +maxAge? +mode +nonce? +resource? +responseType? +returnUrl? +scopes? +signOut? +state? +

                                                                                                                                                        Properties

                                                                                                                                                        appState?: ApplicationState
                                                                                                                                                        codeVerifier?: string

                                                                                                                                                        Optional. PKCE code verifier used to validate the authorization code exchange.

                                                                                                                                                        +
                                                                                                                                                        maxAge?: number

                                                                                                                                                        Optional. Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                                                                        +
                                                                                                                                                        mode: "popup" | "redirect" | "silent"
                                                                                                                                                        nonce?: string

                                                                                                                                                        A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks.

                                                                                                                                                        +
                                                                                                                                                        resource?: string

                                                                                                                                                        Optional. Space-separated list of resource indicators requested for the access token.

                                                                                                                                                        +
                                                                                                                                                        responseType?: ResponseTypes
                                                                                                                                                        returnUrl?: string
                                                                                                                                                        scopes?: string

                                                                                                                                                        Space-separated list of scopes requested during authorization.

                                                                                                                                                        +
                                                                                                                                                        signOut?: boolean
                                                                                                                                                        state?: string

                                                                                                                                                        A unique value used to correlate the authorization request with the callback and protect against CSRF attacks.

                                                                                                                                                        +

                                                                                                                                                        Settings

                                                                                                                                                        On This Page

                                                                                                                                                        Properties
                                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.EndSessionParameters.html b/docs/html/interfaces/_monocloud_auth-js-core.index.EndSessionParameters.html new file mode 100644 index 00000000..493c039e --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.EndSessionParameters.html @@ -0,0 +1,9 @@ +EndSessionParameters | MonoCloud Authentication SDK
                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                          Preparing search index...

                                                                                                                                                          Interface EndSessionParameters

                                                                                                                                                          Parameters used to construct an OpenID Connect end-session (sign-out) request.

                                                                                                                                                          +
                                                                                                                                                          interface EndSessionParameters {
                                                                                                                                                              idToken?: string;
                                                                                                                                                              postLogoutRedirectUri?: string;
                                                                                                                                                              state?: string;
                                                                                                                                                          }
                                                                                                                                                          Index

                                                                                                                                                          Properties

                                                                                                                                                          idToken? +postLogoutRedirectUri? +state? +

                                                                                                                                                          Properties

                                                                                                                                                          idToken?: string

                                                                                                                                                          ID token hint identifying the session to terminate.

                                                                                                                                                          +

                                                                                                                                                          When provided, the authorization server can use this value to determine which user session should be signed out.

                                                                                                                                                          +
                                                                                                                                                          postLogoutRedirectUri?: string

                                                                                                                                                          The URL the authorization server should redirect the user to after a successful sign-out.

                                                                                                                                                          +
                                                                                                                                                          state?: string

                                                                                                                                                          Optional state value returned to the application after sign-out.

                                                                                                                                                          +

                                                                                                                                                          Settings

                                                                                                                                                          On This Page

                                                                                                                                                          Properties
                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.GetTokensOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.GetTokensOptions.html new file mode 100644 index 00000000..c931d0be --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.GetTokensOptions.html @@ -0,0 +1,12 @@ +GetTokensOptions | MonoCloud Authentication SDK
                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                            Preparing search index...

                                                                                                                                                            Interface GetTokensOptions

                                                                                                                                                            Options for getTokens().

                                                                                                                                                            +
                                                                                                                                                            interface GetTokensOptions {
                                                                                                                                                                forceRefresh?: boolean;
                                                                                                                                                                refetchUserInfo?: boolean;
                                                                                                                                                                resource?: string;
                                                                                                                                                                scopes?: string;
                                                                                                                                                            }

                                                                                                                                                            Hierarchy

                                                                                                                                                            Index

                                                                                                                                                            Properties

                                                                                                                                                            forceRefresh? +refetchUserInfo? +resource? +scopes? +

                                                                                                                                                            Properties

                                                                                                                                                            forceRefresh?: boolean

                                                                                                                                                            Specifies whether to force the refresh of the access token.

                                                                                                                                                            +
                                                                                                                                                            refetchUserInfo?: boolean

                                                                                                                                                            Determines whether to refetch the user information.

                                                                                                                                                            +
                                                                                                                                                            resource?: string

                                                                                                                                                            Space-separated list of resource indicators that the new access token should be issued for.

                                                                                                                                                            +

                                                                                                                                                            The requested resources must have been previously granted during the original authorization flow.

                                                                                                                                                            +
                                                                                                                                                            scopes?: string

                                                                                                                                                            Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                                            +

                                                                                                                                                            The requested scopes must have been granted during the original authorization flow.

                                                                                                                                                            +

                                                                                                                                                            Settings

                                                                                                                                                            On This Page

                                                                                                                                                            Properties
                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.IStorage.html b/docs/html/interfaces/_monocloud_auth-js-core.index.IStorage.html new file mode 100644 index 00000000..8aaf4d23 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.IStorage.html @@ -0,0 +1,13 @@ +IStorage | MonoCloud Authentication SDK
                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                              Preparing search index...

                                                                                                                                                              Interface IStorage

                                                                                                                                                              Defines a storage adapter used to persist session data.

                                                                                                                                                              +
                                                                                                                                                              interface IStorage {
                                                                                                                                                                  getItem(key: string): Promise<string | null>;
                                                                                                                                                                  removeItem(key: string): Promise<void>;
                                                                                                                                                                  setItem(key: string, value: string): Promise<void>;
                                                                                                                                                              }

                                                                                                                                                              Implemented by

                                                                                                                                                              Index

                                                                                                                                                              Methods

                                                                                                                                                              getItem +removeItem +setItem +

                                                                                                                                                              Methods

                                                                                                                                                              • Retrieves the value associated with the given key.

                                                                                                                                                                +

                                                                                                                                                                Parameters

                                                                                                                                                                • key: string

                                                                                                                                                                  The unique identifier for the stored item.

                                                                                                                                                                  +

                                                                                                                                                                Returns Promise<string | null>

                                                                                                                                                                The stored value as a string, or null if the key does not exist.

                                                                                                                                                                +

                                                                                                                                                              • Removes the item associated with the specified key from storage.

                                                                                                                                                                +

                                                                                                                                                                Parameters

                                                                                                                                                                • key: string

                                                                                                                                                                  The unique identifier of the item to remove.

                                                                                                                                                                  +

                                                                                                                                                                Returns Promise<void>

                                                                                                                                                              • Stores a key-value pair in the storage.

                                                                                                                                                                +

                                                                                                                                                                Parameters

                                                                                                                                                                • key: string

                                                                                                                                                                  The unique identifier for the item.

                                                                                                                                                                  +
                                                                                                                                                                • value: string

                                                                                                                                                                  The string value to store.

                                                                                                                                                                  +

                                                                                                                                                                Returns Promise<void>

                                                                                                                                                              Settings

                                                                                                                                                              On This Page

                                                                                                                                                              Methods
                                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.IdTokenClaims.html b/docs/html/interfaces/_monocloud_auth-js-core.index.IdTokenClaims.html new file mode 100644 index 00000000..6bd412e7 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.IdTokenClaims.html @@ -0,0 +1,69 @@ +IdTokenClaims | MonoCloud Authentication SDK
                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                Preparing search index...

                                                                                                                                                                Interface IdTokenClaims

                                                                                                                                                                Standard OpenID Connect ID Token claims.

                                                                                                                                                                +
                                                                                                                                                                interface IdTokenClaims {
                                                                                                                                                                    acr?: string;
                                                                                                                                                                    address?: Address;
                                                                                                                                                                    amr?: string[];
                                                                                                                                                                    at_hash?: string;
                                                                                                                                                                    aud: string | string[];
                                                                                                                                                                    auth_time?: number;
                                                                                                                                                                    azp?: string;
                                                                                                                                                                    birthdate?: string;
                                                                                                                                                                    c_hash?: string;
                                                                                                                                                                    email?: string;
                                                                                                                                                                    email_verified?: boolean;
                                                                                                                                                                    exp: number;
                                                                                                                                                                    family_name?: string;
                                                                                                                                                                    gender?: string;
                                                                                                                                                                    given_name?: string;
                                                                                                                                                                    groups?: Group[];
                                                                                                                                                                    iat: number;
                                                                                                                                                                    iss: string;
                                                                                                                                                                    locale?: string;
                                                                                                                                                                    middle_name?: string;
                                                                                                                                                                    name?: string;
                                                                                                                                                                    nickname?: string;
                                                                                                                                                                    nonce?: string;
                                                                                                                                                                    phone_number?: string;
                                                                                                                                                                    phone_number_verified?: boolean;
                                                                                                                                                                    picture?: string;
                                                                                                                                                                    preferred_username?: string;
                                                                                                                                                                    profile?: string;
                                                                                                                                                                    s_hash?: string;
                                                                                                                                                                    sub: string;
                                                                                                                                                                    updated_at?: number;
                                                                                                                                                                    website?: string;
                                                                                                                                                                    zoneinfo?: string;
                                                                                                                                                                    [key: string]: unknown;
                                                                                                                                                                }

                                                                                                                                                                Hierarchy

                                                                                                                                                                Indexable

                                                                                                                                                                • [key: string]: unknown

                                                                                                                                                                  Additional custom or provider-specific claims.

                                                                                                                                                                  +
                                                                                                                                                                Index

                                                                                                                                                                Properties

                                                                                                                                                                acr? +address? +amr? +at_hash? +aud +auth_time? +azp? +birthdate? +c_hash? +email? +email_verified? +exp +family_name? +gender? +given_name? +groups? +iat +iss +locale? +middle_name? +name? +nickname? +nonce? +phone_number? +phone_number_verified? +picture? +preferred_username? +profile? +s_hash? +sub +updated_at? +website? +zoneinfo? +

                                                                                                                                                                Properties

                                                                                                                                                                acr?: string

                                                                                                                                                                Authentication Context Class Reference. Indicates the assurance level of the authentication performed.

                                                                                                                                                                +
                                                                                                                                                                address?: Address

                                                                                                                                                                Postal address.

                                                                                                                                                                +
                                                                                                                                                                amr?: string[]

                                                                                                                                                                Authentication Methods References. Lists the authentication methods used (for example: pwd, mfa, otp).

                                                                                                                                                                +
                                                                                                                                                                at_hash?: string

                                                                                                                                                                Access token hash. Used to validate access tokens returned alongside the ID token.

                                                                                                                                                                +
                                                                                                                                                                aud: string | string[]

                                                                                                                                                                Intended audience(s) of the ID token.

                                                                                                                                                                +
                                                                                                                                                                auth_time?: number

                                                                                                                                                                Time when the end-user authentication occurred (Unix epoch seconds).

                                                                                                                                                                +
                                                                                                                                                                azp?: string

                                                                                                                                                                Authorized party - identifies the client to which the ID token was issued.

                                                                                                                                                                +
                                                                                                                                                                birthdate?: string

                                                                                                                                                                Birthday.

                                                                                                                                                                +
                                                                                                                                                                c_hash?: string

                                                                                                                                                                Authorization code hash. Used to validate authorization codes returned with hybrid flows.

                                                                                                                                                                +
                                                                                                                                                                email?: string

                                                                                                                                                                Email address.

                                                                                                                                                                +
                                                                                                                                                                email_verified?: boolean

                                                                                                                                                                Whether the email address has been verified by the provider.

                                                                                                                                                                +
                                                                                                                                                                exp: number

                                                                                                                                                                Expiration time of the ID token (Unix epoch seconds).

                                                                                                                                                                +
                                                                                                                                                                family_name?: string

                                                                                                                                                                Surname(s) / last name.

                                                                                                                                                                +
                                                                                                                                                                gender?: string

                                                                                                                                                                Gender.

                                                                                                                                                                +
                                                                                                                                                                given_name?: string

                                                                                                                                                                Given name(s) / first name.

                                                                                                                                                                +
                                                                                                                                                                groups?: Group[]

                                                                                                                                                                Group memberships for the user.

                                                                                                                                                                +
                                                                                                                                                                iat: number

                                                                                                                                                                Time at which the ID token was issued (Unix epoch seconds).

                                                                                                                                                                +
                                                                                                                                                                iss: string

                                                                                                                                                                Issuer identifier - the authorization server that issued the token.

                                                                                                                                                                +
                                                                                                                                                                locale?: string

                                                                                                                                                                Locale.

                                                                                                                                                                +
                                                                                                                                                                middle_name?: string

                                                                                                                                                                Middle name(s).

                                                                                                                                                                +
                                                                                                                                                                name?: string

                                                                                                                                                                Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                +
                                                                                                                                                                nickname?: string

                                                                                                                                                                Casual name used by the user.

                                                                                                                                                                +
                                                                                                                                                                nonce?: string

                                                                                                                                                                Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks.

                                                                                                                                                                +
                                                                                                                                                                phone_number?: string

                                                                                                                                                                Phone number (formatted in E.164 standard).

                                                                                                                                                                +
                                                                                                                                                                phone_number_verified?: boolean

                                                                                                                                                                Whether the phone number has been verified by the provider.

                                                                                                                                                                +
                                                                                                                                                                picture?: string

                                                                                                                                                                URL of the user's profile picture.

                                                                                                                                                                +
                                                                                                                                                                preferred_username?: string

                                                                                                                                                                Preferred username.

                                                                                                                                                                +
                                                                                                                                                                profile?: string

                                                                                                                                                                URL of the user's profile page.

                                                                                                                                                                +
                                                                                                                                                                s_hash?: string

                                                                                                                                                                State hash (used in some hybrid flow validations).

                                                                                                                                                                +
                                                                                                                                                                sub: string

                                                                                                                                                                Subject identifier — uniquely identifies the authenticated user.

                                                                                                                                                                +
                                                                                                                                                                updated_at?: number

                                                                                                                                                                Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                +
                                                                                                                                                                website?: string

                                                                                                                                                                URL of the user's website.

                                                                                                                                                                +
                                                                                                                                                                zoneinfo?: string

                                                                                                                                                                Time zone name.

                                                                                                                                                                +

                                                                                                                                                                Settings

                                                                                                                                                                On This Page

                                                                                                                                                                Properties
                                                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.Indicator.html b/docs/html/interfaces/_monocloud_auth-js-core.index.Indicator.html new file mode 100644 index 00000000..d2ceee93 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.Indicator.html @@ -0,0 +1,6 @@ +Indicator | MonoCloud Authentication SDK
                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                  Preparing search index...

                                                                                                                                                                  Interface Indicator

                                                                                                                                                                  Represents an additional resource indicator that can be requested when acquiring tokens.

                                                                                                                                                                  +
                                                                                                                                                                  interface Indicator {
                                                                                                                                                                      resource: string;
                                                                                                                                                                      scopes?: string;
                                                                                                                                                                  }
                                                                                                                                                                  Index

                                                                                                                                                                  Properties

                                                                                                                                                                  resource +scopes? +

                                                                                                                                                                  Properties

                                                                                                                                                                  resource: string

                                                                                                                                                                  Space-separated list of resources to scope the access token to.

                                                                                                                                                                  +
                                                                                                                                                                  scopes?: string

                                                                                                                                                                  Optional space-separated list of scopes to request.

                                                                                                                                                                  +

                                                                                                                                                                  Settings

                                                                                                                                                                  On This Page

                                                                                                                                                                  Properties
                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.IssuerMetadata.html b/docs/html/interfaces/_monocloud_auth-js-core.index.IssuerMetadata.html new file mode 100644 index 00000000..1a9ac1af --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.IssuerMetadata.html @@ -0,0 +1,58 @@ +IssuerMetadata | MonoCloud Authentication SDK
                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                    Preparing search index...

                                                                                                                                                                    Interface IssuerMetadata

                                                                                                                                                                    OpenID Connect Discovery metadata published by the authorization server.

                                                                                                                                                                    +
                                                                                                                                                                    interface IssuerMetadata {
                                                                                                                                                                        authorization_endpoint: string;
                                                                                                                                                                        backchannel_logout_session_supported: boolean;
                                                                                                                                                                        backchannel_logout_supported: boolean;
                                                                                                                                                                        check_session_iframe: string;
                                                                                                                                                                        claims_supported: string[];
                                                                                                                                                                        code_challenge_methods_supported: string[];
                                                                                                                                                                        device_authorization_endpoint: string;
                                                                                                                                                                        end_session_endpoint: string;
                                                                                                                                                                        frontchannel_logout_session_supported: boolean;
                                                                                                                                                                        frontchannel_logout_supported: boolean;
                                                                                                                                                                        grant_types_supported: string[];
                                                                                                                                                                        id_token_signing_alg_values_supported: string[];
                                                                                                                                                                        introspection_endpoint: string;
                                                                                                                                                                        issuer: string;
                                                                                                                                                                        jwks_uri: string;
                                                                                                                                                                        pushed_authorization_request_endpoint?: string;
                                                                                                                                                                        request_object_signing_alg_values_supported: string[];
                                                                                                                                                                        request_parameter_supported: boolean;
                                                                                                                                                                        request_uri_parameter_supported: boolean;
                                                                                                                                                                        require_pushed_authorization_requests: boolean;
                                                                                                                                                                        response_modes_supported: string[];
                                                                                                                                                                        response_types_supported: string[];
                                                                                                                                                                        revocation_endpoint: string;
                                                                                                                                                                        scopes_supported: string[];
                                                                                                                                                                        subject_types_supported: string[];
                                                                                                                                                                        token_endpoint: string;
                                                                                                                                                                        token_endpoint_auth_methods_supported: string[];
                                                                                                                                                                        userinfo_endpoint: string;
                                                                                                                                                                    }
                                                                                                                                                                    Index

                                                                                                                                                                    Properties

                                                                                                                                                                    authorization_endpoint +backchannel_logout_session_supported +backchannel_logout_supported +check_session_iframe +claims_supported +code_challenge_methods_supported +device_authorization_endpoint +end_session_endpoint +frontchannel_logout_session_supported +frontchannel_logout_supported +grant_types_supported +id_token_signing_alg_values_supported +introspection_endpoint +issuer +jwks_uri +pushed_authorization_request_endpoint? +request_object_signing_alg_values_supported +request_parameter_supported +request_uri_parameter_supported +require_pushed_authorization_requests +response_modes_supported +response_types_supported +revocation_endpoint +scopes_supported +subject_types_supported +token_endpoint +token_endpoint_auth_methods_supported +userinfo_endpoint +

                                                                                                                                                                    Properties

                                                                                                                                                                    authorization_endpoint: string

                                                                                                                                                                    Authorization endpoint used to initiate authentication requests.

                                                                                                                                                                    +
                                                                                                                                                                    backchannel_logout_session_supported: boolean

                                                                                                                                                                    Indicates back-channel logout session support.

                                                                                                                                                                    +
                                                                                                                                                                    backchannel_logout_supported: boolean

                                                                                                                                                                    Indicates support for back-channel logout.

                                                                                                                                                                    +
                                                                                                                                                                    check_session_iframe: string

                                                                                                                                                                    Session management iframe endpoint.

                                                                                                                                                                    +
                                                                                                                                                                    claims_supported: string[]

                                                                                                                                                                    Claims that may be returned in tokens or UserInfo responses.

                                                                                                                                                                    +
                                                                                                                                                                    code_challenge_methods_supported: string[]

                                                                                                                                                                    Supported PKCE code challenge methods.

                                                                                                                                                                    +
                                                                                                                                                                    device_authorization_endpoint: string

                                                                                                                                                                    Device Authorization Grant endpoint.

                                                                                                                                                                    +
                                                                                                                                                                    end_session_endpoint: string

                                                                                                                                                                    End-session endpoint used to initiate logout.

                                                                                                                                                                    +
                                                                                                                                                                    frontchannel_logout_session_supported: boolean

                                                                                                                                                                    Indicates front-channel logout session support.

                                                                                                                                                                    +
                                                                                                                                                                    frontchannel_logout_supported: boolean

                                                                                                                                                                    Indicates support for front-channel logout.

                                                                                                                                                                    +
                                                                                                                                                                    grant_types_supported: string[]

                                                                                                                                                                    Supported OAuth grant types.

                                                                                                                                                                    +
                                                                                                                                                                    id_token_signing_alg_values_supported: string[]

                                                                                                                                                                    Supported signing algorithms for ID tokens.

                                                                                                                                                                    +
                                                                                                                                                                    introspection_endpoint: string

                                                                                                                                                                    Token introspection endpoint.

                                                                                                                                                                    +
                                                                                                                                                                    issuer: string

                                                                                                                                                                    The issuer identifier for the authorization server.

                                                                                                                                                                    +
                                                                                                                                                                    jwks_uri: string

                                                                                                                                                                    JSON Web Key Set (JWKS) endpoint used to obtain signing keys.

                                                                                                                                                                    +
                                                                                                                                                                    pushed_authorization_request_endpoint?: string

                                                                                                                                                                    Pushed Authorization Request (PAR) endpoint.

                                                                                                                                                                    +
                                                                                                                                                                    request_object_signing_alg_values_supported: string[]

                                                                                                                                                                    Supported signing algorithms for request objects.

                                                                                                                                                                    +
                                                                                                                                                                    request_parameter_supported: boolean

                                                                                                                                                                    Indicates support for request objects passed by value.

                                                                                                                                                                    +
                                                                                                                                                                    request_uri_parameter_supported: boolean

                                                                                                                                                                    Indicates support for request objects passed by reference (request_uri).

                                                                                                                                                                    +
                                                                                                                                                                    require_pushed_authorization_requests: boolean

                                                                                                                                                                    Indicates whether PAR is required for authorization requests.

                                                                                                                                                                    +
                                                                                                                                                                    response_modes_supported: string[]

                                                                                                                                                                    Supported response modes.

                                                                                                                                                                    +
                                                                                                                                                                    response_types_supported: string[]

                                                                                                                                                                    Supported OAuth/OIDC response types.

                                                                                                                                                                    +
                                                                                                                                                                    revocation_endpoint: string

                                                                                                                                                                    Token revocation endpoint.

                                                                                                                                                                    +
                                                                                                                                                                    scopes_supported: string[]

                                                                                                                                                                    OAuth scopes supported by the authorization server.

                                                                                                                                                                    +
                                                                                                                                                                    subject_types_supported: string[]

                                                                                                                                                                    Supported subject identifier types.

                                                                                                                                                                    +
                                                                                                                                                                    token_endpoint: string

                                                                                                                                                                    Token endpoint used to exchange authorization codes for tokens.

                                                                                                                                                                    +
                                                                                                                                                                    token_endpoint_auth_methods_supported: string[]

                                                                                                                                                                    Supported authentication methods for the token endpoint.

                                                                                                                                                                    +
                                                                                                                                                                    userinfo_endpoint: string

                                                                                                                                                                    UserInfo endpoint used to retrieve user profile claims.

                                                                                                                                                                    +

                                                                                                                                                                    Settings

                                                                                                                                                                    On This Page

                                                                                                                                                                    Properties
                                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.Jwk.html b/docs/html/interfaces/_monocloud_auth-js-core.index.Jwk.html new file mode 100644 index 00000000..e2818b97 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.Jwk.html @@ -0,0 +1,50 @@ +Jwk | MonoCloud Authentication SDK
                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                      Preparing search index...

                                                                                                                                                                      Interface Jwk

                                                                                                                                                                      Represents a JSON Web Key (JWK) as defined by RFC 7517.

                                                                                                                                                                      +

                                                                                                                                                                      A JWK describes a cryptographic key used to verify or encrypt JSON Web Tokens (JWTs) as obtained from the JWKS (JSON Web Key Set) endpoint exposed by the authorization server.

                                                                                                                                                                      +

                                                                                                                                                                      The available properties depend on the key type (kty).

                                                                                                                                                                      +
                                                                                                                                                                      interface Jwk {
                                                                                                                                                                          alg?: string;
                                                                                                                                                                          crv?: string;
                                                                                                                                                                          d?: string;
                                                                                                                                                                          dp?: string;
                                                                                                                                                                          dq?: string;
                                                                                                                                                                          e?: string;
                                                                                                                                                                          ext?: boolean;
                                                                                                                                                                          k?: string;
                                                                                                                                                                          key_ops?: string[];
                                                                                                                                                                          kid?: string;
                                                                                                                                                                          kty: string;
                                                                                                                                                                          n?: string;
                                                                                                                                                                          oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                                                                          p?: string;
                                                                                                                                                                          q?: string;
                                                                                                                                                                          qi?: string;
                                                                                                                                                                          use?: string;
                                                                                                                                                                          x?: string;
                                                                                                                                                                          x5c?: string[];
                                                                                                                                                                          x5t?: string;
                                                                                                                                                                          "x5t#S256"?: string;
                                                                                                                                                                          x5u?: string;
                                                                                                                                                                          y?: string;
                                                                                                                                                                      }
                                                                                                                                                                      Index

                                                                                                                                                                      Properties

                                                                                                                                                                      alg? +crv? +d? +dp? +dq? +e? +ext? +k? +key_ops? +kid? +kty +n? +oth? +p? +q? +qi? +use? +x? +x5c? +x5t? +x5t#S256? +x5u? +y? +

                                                                                                                                                                      Properties

                                                                                                                                                                      alg?: string

                                                                                                                                                                      Intended algorithm for the key (for example: RS256).

                                                                                                                                                                      +
                                                                                                                                                                      crv?: string

                                                                                                                                                                      Elliptic curve name (for example: P-256).

                                                                                                                                                                      +
                                                                                                                                                                      d?: string

                                                                                                                                                                      RSA private exponent.

                                                                                                                                                                      +
                                                                                                                                                                      dp?: string

                                                                                                                                                                      RSA first factor CRT exponent.

                                                                                                                                                                      +
                                                                                                                                                                      dq?: string

                                                                                                                                                                      RSA second factor CRT exponent.

                                                                                                                                                                      +
                                                                                                                                                                      e?: string

                                                                                                                                                                      RSA public exponent.

                                                                                                                                                                      +
                                                                                                                                                                      ext?: boolean

                                                                                                                                                                      Indicates whether the key is extractable.

                                                                                                                                                                      +
                                                                                                                                                                      k?: string

                                                                                                                                                                      Symmetric key value (base64url encoded).

                                                                                                                                                                      +
                                                                                                                                                                      key_ops?: string[]

                                                                                                                                                                      Allowed operations for the key (e.g. sign, verify, encrypt).

                                                                                                                                                                      +
                                                                                                                                                                      kid?: string

                                                                                                                                                                      Key identifier used to match keys during verification.

                                                                                                                                                                      +
                                                                                                                                                                      kty: string

                                                                                                                                                                      Key type (for example: RSA, or EC).

                                                                                                                                                                      +
                                                                                                                                                                      n?: string

                                                                                                                                                                      RSA modulus.

                                                                                                                                                                      +
                                                                                                                                                                      oth?: { d?: string; r?: string; t?: string }[]

                                                                                                                                                                      Additional prime information (multi-prime RSA).

                                                                                                                                                                      +
                                                                                                                                                                      p?: string

                                                                                                                                                                      RSA first prime factor.

                                                                                                                                                                      +
                                                                                                                                                                      q?: string

                                                                                                                                                                      RSA second prime factor.

                                                                                                                                                                      +
                                                                                                                                                                      qi?: string

                                                                                                                                                                      RSA CRT coefficient.

                                                                                                                                                                      +
                                                                                                                                                                      use?: string

                                                                                                                                                                      Public key use (sig for signature or enc for encryption).

                                                                                                                                                                      +
                                                                                                                                                                      x?: string

                                                                                                                                                                      X coordinate for EC public keys.

                                                                                                                                                                      +
                                                                                                                                                                      x5c?: string[]

                                                                                                                                                                      X.509 certificate chain.

                                                                                                                                                                      +
                                                                                                                                                                      x5t?: string

                                                                                                                                                                      X.509 certificate SHA-1 thumbprint.

                                                                                                                                                                      +
                                                                                                                                                                      "x5t#S256"?: string

                                                                                                                                                                      X.509 certificate SHA-256 thumbprint.

                                                                                                                                                                      +
                                                                                                                                                                      x5u?: string

                                                                                                                                                                      URL referencing the X.509 certificate.

                                                                                                                                                                      +
                                                                                                                                                                      y?: string

                                                                                                                                                                      Y coordinate for EC public keys.

                                                                                                                                                                      +

                                                                                                                                                                      Settings

                                                                                                                                                                      On This Page

                                                                                                                                                                      Properties
                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.Jwks.html b/docs/html/interfaces/_monocloud_auth-js-core.index.Jwks.html new file mode 100644 index 00000000..0fef5623 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.Jwks.html @@ -0,0 +1,5 @@ +Jwks | MonoCloud Authentication SDK
                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                        Preparing search index...

                                                                                                                                                                        Interface Jwks

                                                                                                                                                                        Represents a JSON Web Key Set (JWKS).

                                                                                                                                                                        +

                                                                                                                                                                        A JWKS is a collection of public JSON Web Keys used to verify signatures of JSON Web Tokens (JWTs).

                                                                                                                                                                        +
                                                                                                                                                                        interface Jwks {
                                                                                                                                                                            keys: Jwk[];
                                                                                                                                                                        }
                                                                                                                                                                        Index

                                                                                                                                                                        Properties

                                                                                                                                                                        keys +

                                                                                                                                                                        Properties

                                                                                                                                                                        keys: Jwk[]

                                                                                                                                                                        The list of public keys contained in this key set.

                                                                                                                                                                        +

                                                                                                                                                                        Settings

                                                                                                                                                                        On This Page

                                                                                                                                                                        Properties
                                                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.JwsHeaderParameters.html b/docs/html/interfaces/_monocloud_auth-js-core.index.JwsHeaderParameters.html new file mode 100644 index 00000000..74658cb2 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.JwsHeaderParameters.html @@ -0,0 +1,12 @@ +JwsHeaderParameters | MonoCloud Authentication SDK
                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                          Preparing search index...

                                                                                                                                                                          Interface JwsHeaderParameters

                                                                                                                                                                          Parameters contained in a JSON Web Signature (JWS) header.

                                                                                                                                                                          +
                                                                                                                                                                          interface JwsHeaderParameters {
                                                                                                                                                                              alg: SecurityAlgorithms;
                                                                                                                                                                              crit?: string[];
                                                                                                                                                                              jwk?: Jwk;
                                                                                                                                                                              kid?: string;
                                                                                                                                                                              typ?: string;
                                                                                                                                                                          }
                                                                                                                                                                          Index

                                                                                                                                                                          Properties

                                                                                                                                                                          alg +crit? +jwk? +kid? +typ? +

                                                                                                                                                                          Properties

                                                                                                                                                                          alg: SecurityAlgorithms

                                                                                                                                                                          The cryptographic algorithm used to sign the token.

                                                                                                                                                                          +
                                                                                                                                                                          crit?: string[]

                                                                                                                                                                          List of header parameters that are marked as critical and must be understood by the token processor.

                                                                                                                                                                          +
                                                                                                                                                                          jwk?: Jwk

                                                                                                                                                                          An embedded JSON Web Key (JWK) containing the signing key.

                                                                                                                                                                          +
                                                                                                                                                                          kid?: string

                                                                                                                                                                          Identifier of the key used to sign the token.

                                                                                                                                                                          +
                                                                                                                                                                          typ?: string

                                                                                                                                                                          The token type.

                                                                                                                                                                          +

                                                                                                                                                                          Settings

                                                                                                                                                                          On This Page

                                                                                                                                                                          Properties
                                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudClientOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudClientOptions.html new file mode 100644 index 00000000..ffe47e69 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudClientOptions.html @@ -0,0 +1,23 @@ +MonoCloudClientOptions | MonoCloud Authentication SDK
                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                            Preparing search index...

                                                                                                                                                                            Interface MonoCloudClientOptions

                                                                                                                                                                            Configuration options used to initialize the MonoCloudClient.

                                                                                                                                                                            +
                                                                                                                                                                            interface MonoCloudClientOptions {
                                                                                                                                                                                clientAuthMethod?: ClientAuthMethod;
                                                                                                                                                                                clientSecret?: string | Jwk;
                                                                                                                                                                                idTokenSigningAlgorithm?: SecurityAlgorithms;
                                                                                                                                                                                jwksCacheDuration?: number;
                                                                                                                                                                                metadataCacheDuration?: number;
                                                                                                                                                                            }
                                                                                                                                                                            Index

                                                                                                                                                                            Properties

                                                                                                                                                                            clientAuthMethod? +clientSecret? +idTokenSigningAlgorithm? +jwksCacheDuration? +metadataCacheDuration? +

                                                                                                                                                                            Properties

                                                                                                                                                                            clientAuthMethod?: ClientAuthMethod

                                                                                                                                                                            Client authentication method used when communicating with the token endpoint.

                                                                                                                                                                            +
                                                                                                                                                                            clientSecret?: string | Jwk

                                                                                                                                                                            Client secret used for client authentication.

                                                                                                                                                                            +

                                                                                                                                                                            When clientAuthMethod is client_secret_jwt and a plain-text secret is provided, the default signing algorithm is HS256.

                                                                                                                                                                            +

                                                                                                                                                                            To use a different algorithm, provide a symmetric JSON Web Key (JWK) (kty: "oct") with the desired algorithm specified in its alg property.

                                                                                                                                                                            +
                                                                                                                                                                            idTokenSigningAlgorithm?: SecurityAlgorithms

                                                                                                                                                                            Expected signing algorithm for validating ID tokens.

                                                                                                                                                                            +
                                                                                                                                                                            'RS256'
+
                                                                                                                                                                            + +
                                                                                                                                                                            jwksCacheDuration?: number

                                                                                                                                                                            Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server.

                                                                                                                                                                            +
                                                                                                                                                                            300
+
                                                                                                                                                                            + +
                                                                                                                                                                            metadataCacheDuration?: number

                                                                                                                                                                            Duration (in seconds) to cache OpenID Connect discovery metadata.

                                                                                                                                                                            +
                                                                                                                                                                            300
+
                                                                                                                                                                            + +

                                                                                                                                                                            Settings

                                                                                                                                                                            On This Page

                                                                                                                                                                            Properties
                                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.html new file mode 100644 index 00000000..d0810b85 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.html @@ -0,0 +1,103 @@ +MonoCloudJSCoreClientOptions | MonoCloud Authentication SDK
                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                              Preparing search index...

                                                                                                                                                                              Interface MonoCloudJSCoreClientOptions

                                                                                                                                                                              Configuration options for initializing MonoCloudJSCoreClient.

                                                                                                                                                                              +
                                                                                                                                                                              interface MonoCloudJSCoreClientOptions {
                                                                                                                                                                                  appUrl: string;
                                                                                                                                                                                  authWindowTimeout?: number;
                                                                                                                                                                                  callbackPath?: string;
                                                                                                                                                                                  clientAuthMethod?: ClientAuthMethod;
                                                                                                                                                                                  clientId: string;
                                                                                                                                                                                  clientSecret?: string | Jwk;
                                                                                                                                                                                  clockSkew?: number;
                                                                                                                                                                                  clockTolerance?: number;
                                                                                                                                                                                  defaultAuthParams?: AuthorizationParams;
                                                                                                                                                                                  federatedSignOut?: boolean;
                                                                                                                                                                                  fetchUserinfo?: boolean;
                                                                                                                                                                                  filteredIdTokenClaims?: string[];
                                                                                                                                                                                  idTokenSigningAlgorithm?: SecurityAlgorithms;
                                                                                                                                                                                  jwksCacheDuration?: number;
                                                                                                                                                                                  metadataCacheDuration?: number;
                                                                                                                                                                                  popupWindowHeight?: number;
                                                                                                                                                                                  popupWindowWidth?: number;
                                                                                                                                                                                  resources?: Indicator[];
                                                                                                                                                                                  responseType?: ResponseTypes;
                                                                                                                                                                                  sessionKey?: string;
                                                                                                                                                                                  signOutCallbackPath?: string | null;
                                                                                                                                                                                  tenantDomain: string;
                                                                                                                                                                                  validateIdToken?: boolean;
                                                                                                                                                                              }
                                                                                                                                                                              Index

                                                                                                                                                                              Properties

                                                                                                                                                                              appUrl +authWindowTimeout? +callbackPath? +clientAuthMethod? +clientId +clientSecret? +clockSkew? +clockTolerance? +defaultAuthParams? +federatedSignOut? +fetchUserinfo? +filteredIdTokenClaims? +idTokenSigningAlgorithm? +jwksCacheDuration? +metadataCacheDuration? +popupWindowHeight? +popupWindowWidth? +resources? +responseType? +sessionKey? +signOutCallbackPath? +tenantDomain +validateIdToken? +

                                                                                                                                                                              Properties

                                                                                                                                                                              appUrl: string

                                                                                                                                                                              The base URL of the application implementing authentication.

                                                                                                                                                                              +
                                                                                                                                                                              "https://example.com"
+
                                                                                                                                                                              + +
                                                                                                                                                                              authWindowTimeout?: number

                                                                                                                                                                              Timeout duration (in seconds) for popups and iframes.

                                                                                                                                                                              +
                                                                                                                                                                              600 (seconds)
+
                                                                                                                                                                              + +
                                                                                                                                                                              callbackPath?: string

                                                                                                                                                                              Relative callback path where MonoCloud redirects the user after sign-in.

                                                                                                                                                                              +

                                                                                                                                                                              This URL must be registered in the application's callback URL settings. +If omitted, the callback URL defaults to appUrl with path /.

                                                                                                                                                                              +
                                                                                                                                                                              /callback
+
                                                                                                                                                                              + +
                                                                                                                                                                              clientAuthMethod?: ClientAuthMethod

                                                                                                                                                                              Method used for client authentication.

                                                                                                                                                                              +
                                                                                                                                                                              clientId: string

                                                                                                                                                                              Client identifier of the application registered in MonoCloud.

                                                                                                                                                                              +
                                                                                                                                                                              clientSecret?: string | Jwk

                                                                                                                                                                              Client secret or JSON Web Key for client authentication.

                                                                                                                                                                              +
                                                                                                                                                                              clockSkew?: number

                                                                                                                                                                              The maximum allowed clock skew (in seconds) for token validation.

                                                                                                                                                                              +
                                                                                                                                                                              60 (seconds)
+
                                                                                                                                                                              + +
                                                                                                                                                                              clockTolerance?: number

                                                                                                                                                                              The maximum allowed clock tolerance for date-time-based claims.

                                                                                                                                                                              +
                                                                                                                                                                              60 (seconds)
+
                                                                                                                                                                              + +
                                                                                                                                                                              defaultAuthParams?: AuthorizationParams

                                                                                                                                                                              Default authorization parameters to include in authentication requests.

                                                                                                                                                                              +
                                                                                                                                                                              federatedSignOut?: boolean

                                                                                                                                                                              When true, signs the user out from both the app and MonoCloud.

                                                                                                                                                                              +
                                                                                                                                                                              true
+
                                                                                                                                                                              + +
                                                                                                                                                                              fetchUserinfo?: boolean

                                                                                                                                                                              Determines whether to fetch UserInfo after authentication.

                                                                                                                                                                              +
                                                                                                                                                                              true
+
                                                                                                                                                                              + +
                                                                                                                                                                              filteredIdTokenClaims?: string[]

                                                                                                                                                                              List of ID token claims to exclude when constructing the final user object.

                                                                                                                                                                              +
                                                                                                                                                                              idTokenSigningAlgorithm?: SecurityAlgorithms

                                                                                                                                                                              Algorithm used for verifying ID token signature.

                                                                                                                                                                              +
                                                                                                                                                                              'RS256'
+
                                                                                                                                                                              + +
                                                                                                                                                                              jwksCacheDuration?: number

                                                                                                                                                                              The duration in seconds to cache the JWKS document after it is fetched.

                                                                                                                                                                              +
                                                                                                                                                                              300 (seconds)
+
                                                                                                                                                                              + +
                                                                                                                                                                              metadataCacheDuration?: number

                                                                                                                                                                              Time in seconds to cache the metadata document after it is fetched.

                                                                                                                                                                              +
                                                                                                                                                                              300 (seconds)
+
                                                                                                                                                                              + +
                                                                                                                                                                              popupWindowHeight?: number

                                                                                                                                                                              The height of the popup window in pixels.

                                                                                                                                                                              +

                                                                                                                                                                              This value is used to size and center the window when signIn or signOut +is called with mode: 'popup'.

                                                                                                                                                                              +
                                                                                                                                                                              600
+
                                                                                                                                                                              + +
                                                                                                                                                                              popupWindowWidth?: number

                                                                                                                                                                              The width of the popup window in pixels.

                                                                                                                                                                              +

                                                                                                                                                                              This value is used to size and center the window when signIn or signOut +is called with mode: 'popup'.

                                                                                                                                                                              +
                                                                                                                                                                              375
+
                                                                                                                                                                              + +
                                                                                                                                                                              resources?: Indicator[]

                                                                                                                                                                              Additional resources that can be requested in getTokens().

                                                                                                                                                                              +
                                                                                                                                                                              responseType?: ResponseTypes

                                                                                                                                                                              Specifies the OpenID Connect response type for the authentication flow.

                                                                                                                                                                              +
                                                                                                                                                                              'code'
+
                                                                                                                                                                              + +
                                                                                                                                                                              sessionKey?: string

                                                                                                                                                                              A unique identifier that differentiates sessions when multiple clients are used within the same application.

                                                                                                                                                                              +

                                                                                                                                                                              This key is appended to the internal session key to prevent conflicts.

                                                                                                                                                                              +
                                                                                                                                                                              signOutCallbackPath?: string | null

                                                                                                                                                                              Relative path where MonoCloud redirects the user after sign-out.

                                                                                                                                                                              +
                                                                                                                                                                              /signout
+
                                                                                                                                                                              + +
                                                                                                                                                                              tenantDomain: string

                                                                                                                                                                              MonoCloud tenant domain.

                                                                                                                                                                              +
                                                                                                                                                                              "https://your-domain.as.monocloud.com"
+
                                                                                                                                                                              + +
                                                                                                                                                                              validateIdToken?: boolean

                                                                                                                                                                              Whether the ID token should be validated.

                                                                                                                                                                              +
                                                                                                                                                                              true
+
                                                                                                                                                                              + +

                                                                                                                                                                              Settings

                                                                                                                                                                              On This Page

                                                                                                                                                                              Properties
                                                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudSession.html b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudSession.html new file mode 100644 index 00000000..f5baf78d --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudSession.html @@ -0,0 +1,15 @@ +MonoCloudSession | MonoCloud Authentication SDK
                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                Interface MonoCloudSession

                                                                                                                                                                                Represents an authenticated session, containing the authenticated user profile along with the tokens and metadata issued during authentication.

                                                                                                                                                                                +
                                                                                                                                                                                interface MonoCloudSession {
                                                                                                                                                                                    accessTokens?: AccessToken[];
                                                                                                                                                                                    authorizedScopes?: string;
                                                                                                                                                                                    idToken?: string;
                                                                                                                                                                                    refreshToken?: string;
                                                                                                                                                                                    user: MonoCloudUser;
                                                                                                                                                                                    [key: string]: unknown;
                                                                                                                                                                                }

                                                                                                                                                                                Indexable

                                                                                                                                                                                • [key: string]: unknown

                                                                                                                                                                                  Additional custom properties attached to the session.

                                                                                                                                                                                  +

                                                                                                                                                                                  These may be added via hooks such as onSessionCreating.

                                                                                                                                                                                  +
                                                                                                                                                                                Index

                                                                                                                                                                                Properties

                                                                                                                                                                                accessTokens? +authorizedScopes? +idToken? +refreshToken? +user +

                                                                                                                                                                                Properties

                                                                                                                                                                                accessTokens?: AccessToken[]

                                                                                                                                                                                Access tokens associated with the session.

                                                                                                                                                                                +

                                                                                                                                                                                Multiple tokens may exist when access tokens are issued for different resources or scope sets.

                                                                                                                                                                                +
                                                                                                                                                                                authorizedScopes?: string

                                                                                                                                                                                Space-separated list of scopes authorized for the session.

                                                                                                                                                                                +
                                                                                                                                                                                idToken?: string

                                                                                                                                                                                Optional ID token issued during authentication.

                                                                                                                                                                                +
                                                                                                                                                                                refreshToken?: string

                                                                                                                                                                                Optional refresh token used to obtain new access tokens without requiring the user to re-authenticate.

                                                                                                                                                                                +
                                                                                                                                                                                user: MonoCloudUser

                                                                                                                                                                                The authenticated user profile, typically derived from ID token claims and/or the UserInfo endpoint.

                                                                                                                                                                                +

                                                                                                                                                                                Settings

                                                                                                                                                                                On This Page

                                                                                                                                                                                Properties
                                                                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudTokens.html b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudTokens.html new file mode 100644 index 00000000..3e649aae --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudTokens.html @@ -0,0 +1,19 @@ +MonoCloudTokens | MonoCloud Authentication SDK
                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                  Interface MonoCloudTokens

                                                                                                                                                                                  Tokens available in the current session.

                                                                                                                                                                                  +
                                                                                                                                                                                  interface MonoCloudTokens {
                                                                                                                                                                                      accessToken: string;
                                                                                                                                                                                      accessTokenExpiration: number;
                                                                                                                                                                                      idToken?: string;
                                                                                                                                                                                      isExpired: boolean;
                                                                                                                                                                                      refreshToken?: string;
                                                                                                                                                                                      requestedScopes?: string;
                                                                                                                                                                                      resource?: string;
                                                                                                                                                                                      scopes: string;
                                                                                                                                                                                  }

                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                  Index

                                                                                                                                                                                  Properties

                                                                                                                                                                                  accessToken +accessTokenExpiration +idToken? +isExpired +refreshToken? +requestedScopes? +resource? +scopes +

                                                                                                                                                                                  Properties

                                                                                                                                                                                  accessToken: string

                                                                                                                                                                                  The issued access token.

                                                                                                                                                                                  +
                                                                                                                                                                                  accessTokenExpiration: number

                                                                                                                                                                                  The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                  +
                                                                                                                                                                                  idToken?: string

                                                                                                                                                                                  The ID token obtained during authentication.

                                                                                                                                                                                  +
                                                                                                                                                                                  isExpired: boolean

                                                                                                                                                                                  Specifies if the access token has expired.

                                                                                                                                                                                  +
                                                                                                                                                                                  refreshToken?: string

                                                                                                                                                                                  The refresh token obtained during authentication.

                                                                                                                                                                                  +
                                                                                                                                                                                  requestedScopes?: string

                                                                                                                                                                                  Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                                                                  +
                                                                                                                                                                                  resource?: string

                                                                                                                                                                                  Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                  +
                                                                                                                                                                                  scopes: string

                                                                                                                                                                                  Space-separated list of scopes granted to the access token.

                                                                                                                                                                                  +

                                                                                                                                                                                  These represent the effective permissions approved by the authorization server.

                                                                                                                                                                                  +

                                                                                                                                                                                  Settings

                                                                                                                                                                                  On This Page

                                                                                                                                                                                  Properties
                                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudUser.html b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudUser.html new file mode 100644 index 00000000..6f7a3d93 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.MonoCloudUser.html @@ -0,0 +1,49 @@ +MonoCloudUser | MonoCloud Authentication SDK
                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                    Interface MonoCloudUser

                                                                                                                                                                                    Represents the authenticated user stored in a MonoCloud session.

                                                                                                                                                                                    +
                                                                                                                                                                                    interface MonoCloudUser {
                                                                                                                                                                                        address?: Address;
                                                                                                                                                                                        amr?: string[];
                                                                                                                                                                                        birthdate?: string;
                                                                                                                                                                                        email?: string;
                                                                                                                                                                                        email_verified?: boolean;
                                                                                                                                                                                        family_name?: string;
                                                                                                                                                                                        gender?: string;
                                                                                                                                                                                        given_name?: string;
                                                                                                                                                                                        groups?: Group[];
                                                                                                                                                                                        idp?: string;
                                                                                                                                                                                        locale?: string;
                                                                                                                                                                                        middle_name?: string;
                                                                                                                                                                                        name?: string;
                                                                                                                                                                                        nickname?: string;
                                                                                                                                                                                        phone_number?: string;
                                                                                                                                                                                        phone_number_verified?: boolean;
                                                                                                                                                                                        picture?: string;
                                                                                                                                                                                        preferred_username?: string;
                                                                                                                                                                                        profile?: string;
                                                                                                                                                                                        sub: string;
                                                                                                                                                                                        updated_at?: number;
                                                                                                                                                                                        website?: string;
                                                                                                                                                                                        zoneinfo?: string;
                                                                                                                                                                                        [key: string]: unknown;
                                                                                                                                                                                    }

                                                                                                                                                                                    Hierarchy

                                                                                                                                                                                    Indexable

                                                                                                                                                                                    • [key: string]: unknown

                                                                                                                                                                                      Additional provider-specific claims.

                                                                                                                                                                                      +
                                                                                                                                                                                    Index

                                                                                                                                                                                    Properties

                                                                                                                                                                                    address? +amr? +birthdate? +email? +email_verified? +family_name? +gender? +given_name? +groups? +idp? +locale? +middle_name? +name? +nickname? +phone_number? +phone_number_verified? +picture? +preferred_username? +profile? +sub +updated_at? +website? +zoneinfo? +

                                                                                                                                                                                    Properties

                                                                                                                                                                                    address?: Address

                                                                                                                                                                                    Postal address.

                                                                                                                                                                                    +
                                                                                                                                                                                    amr?: string[]

                                                                                                                                                                                    Authentication Methods References (AMR). Indicates how the user authenticated.

                                                                                                                                                                                    +
                                                                                                                                                                                    birthdate?: string

                                                                                                                                                                                    Birthday.

                                                                                                                                                                                    +
                                                                                                                                                                                    email?: string

                                                                                                                                                                                    Email address.

                                                                                                                                                                                    +
                                                                                                                                                                                    email_verified?: boolean

                                                                                                                                                                                    Whether the email address has been verified by the provider.

                                                                                                                                                                                    +
                                                                                                                                                                                    family_name?: string

                                                                                                                                                                                    Surname(s) / last name.

                                                                                                                                                                                    +
                                                                                                                                                                                    gender?: string

                                                                                                                                                                                    Gender.

                                                                                                                                                                                    +
                                                                                                                                                                                    given_name?: string

                                                                                                                                                                                    Given name(s) / first name.

                                                                                                                                                                                    +
                                                                                                                                                                                    groups?: Group[]

                                                                                                                                                                                    Group memberships for the user.

                                                                                                                                                                                    +
                                                                                                                                                                                    idp?: string

                                                                                                                                                                                    Identity Provider (IdP) identifier. Specifies the upstream provider used to authenticate the user.

                                                                                                                                                                                    +
                                                                                                                                                                                    locale?: string

                                                                                                                                                                                    Locale.

                                                                                                                                                                                    +
                                                                                                                                                                                    middle_name?: string

                                                                                                                                                                                    Middle name(s).

                                                                                                                                                                                    +
                                                                                                                                                                                    name?: string

                                                                                                                                                                                    Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                    +
                                                                                                                                                                                    nickname?: string

                                                                                                                                                                                    Casual name used by the user.

                                                                                                                                                                                    +
                                                                                                                                                                                    phone_number?: string

                                                                                                                                                                                    Phone number (formatted in E.164 standard).

                                                                                                                                                                                    +
                                                                                                                                                                                    phone_number_verified?: boolean

                                                                                                                                                                                    Whether the phone number has been verified by the provider.

                                                                                                                                                                                    +
                                                                                                                                                                                    picture?: string

                                                                                                                                                                                    URL of the user's profile picture.

                                                                                                                                                                                    +
                                                                                                                                                                                    preferred_username?: string

                                                                                                                                                                                    Preferred username.

                                                                                                                                                                                    +
                                                                                                                                                                                    profile?: string

                                                                                                                                                                                    URL of the user's profile page.

                                                                                                                                                                                    +
                                                                                                                                                                                    sub: string

                                                                                                                                                                                    Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                                                                    +
                                                                                                                                                                                    updated_at?: number

                                                                                                                                                                                    Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                    +
                                                                                                                                                                                    website?: string

                                                                                                                                                                                    URL of the user's website.

                                                                                                                                                                                    +
                                                                                                                                                                                    zoneinfo?: string

                                                                                                                                                                                    Time zone name.

                                                                                                                                                                                    +

                                                                                                                                                                                    Settings

                                                                                                                                                                                    On This Page

                                                                                                                                                                                    Properties
                                                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.ParResponse.html b/docs/html/interfaces/_monocloud_auth-js-core.index.ParResponse.html new file mode 100644 index 00000000..26b3dcfa --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.ParResponse.html @@ -0,0 +1,7 @@ +ParResponse | MonoCloud Authentication SDK
                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                      Interface ParResponse

                                                                                                                                                                                      Response returned from the Pushed Authorization Request (PAR) endpoint.

                                                                                                                                                                                      +
                                                                                                                                                                                      interface ParResponse {
                                                                                                                                                                                          expires_in: number;
                                                                                                                                                                                          request_uri: string;
                                                                                                                                                                                      }
                                                                                                                                                                                      Index

                                                                                                                                                                                      Properties

                                                                                                                                                                                      expires_in +request_uri +

                                                                                                                                                                                      Properties

                                                                                                                                                                                      expires_in: number

                                                                                                                                                                                      Lifetime of the request_uri, in seconds. After this duration expires, the authorization request becomes invalid.

                                                                                                                                                                                      +
                                                                                                                                                                                      request_uri: string

                                                                                                                                                                                      The URI reference identifying the pushed authorization request.

                                                                                                                                                                                      +

                                                                                                                                                                                      This value must be supplied as the request_uri parameter when redirecting the user to the authorization endpoint.

                                                                                                                                                                                      +

                                                                                                                                                                                      Settings

                                                                                                                                                                                      On This Page

                                                                                                                                                                                      Properties
                                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.PushedAuthorizationParams.html b/docs/html/interfaces/_monocloud_auth-js-core.index.PushedAuthorizationParams.html new file mode 100644 index 00000000..ff40f68f --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.PushedAuthorizationParams.html @@ -0,0 +1,40 @@ +PushedAuthorizationParams | MonoCloud Authentication SDK
                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                        Interface PushedAuthorizationParams

                                                                                                                                                                                        Parameters used when creating a Pushed Authorization Request (PAR).

                                                                                                                                                                                        +

                                                                                                                                                                                        This type mirrors AuthorizationParams but excludes requestUri, +since the request_uri value is generated by the authorization server +after a successful PAR request and must not be supplied by the client.

                                                                                                                                                                                        +
                                                                                                                                                                                        interface PushedAuthorizationParams {
                                                                                                                                                                                            acrValues?: string[];
                                                                                                                                                                                            authenticatorHint?: Authenticators;
                                                                                                                                                                                            codeChallenge?: string;
                                                                                                                                                                                            codeChallengeMethod?: CodeChallengeMethod;
                                                                                                                                                                                            display?: DisplayOptions;
                                                                                                                                                                                            loginHint?: string;
                                                                                                                                                                                            maxAge?: number;
                                                                                                                                                                                            nonce?: string;
                                                                                                                                                                                            prompt?: Prompt;
                                                                                                                                                                                            redirectUri?: string;
                                                                                                                                                                                            request?: string;
                                                                                                                                                                                            resource?: string;
                                                                                                                                                                                            responseMode?: ResponseModes;
                                                                                                                                                                                            responseType?: ResponseTypes;
                                                                                                                                                                                            scopes?: string;
                                                                                                                                                                                            state?: string;
                                                                                                                                                                                            uiLocales?: string;
                                                                                                                                                                                        }

                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                        Index

                                                                                                                                                                                        Properties

                                                                                                                                                                                        acrValues? +authenticatorHint? +codeChallenge? +codeChallengeMethod? +display? +loginHint? +maxAge? +nonce? +prompt? +redirectUri? +request? +resource? +responseMode? +responseType? +scopes? +state? +uiLocales? +

                                                                                                                                                                                        Properties

                                                                                                                                                                                        acrValues?: string[]

                                                                                                                                                                                        Authentication Context Class Reference (ACR) values requesting specific authentication assurance levels or methods.

                                                                                                                                                                                        +
                                                                                                                                                                                        authenticatorHint?: Authenticators

                                                                                                                                                                                        Hint to the authorization server indicating which authenticator or connection should be used.

                                                                                                                                                                                        +
                                                                                                                                                                                        codeChallenge?: string

                                                                                                                                                                                        PKCE code challenge derived from the code verifier. Used to secure authorization code exchanges.

                                                                                                                                                                                        +
                                                                                                                                                                                        codeChallengeMethod?: CodeChallengeMethod

                                                                                                                                                                                        Method used to generate the PKCE code challenge.

                                                                                                                                                                                        +
                                                                                                                                                                                        display?: DisplayOptions

                                                                                                                                                                                        Preferred display mode for the authentication UI.

                                                                                                                                                                                        +
                                                                                                                                                                                        loginHint?: string

                                                                                                                                                                                        Hint identifying the user (for example, email or username). Used to prefill or optimize the sign-in experience.

                                                                                                                                                                                        +
                                                                                                                                                                                        maxAge?: number

                                                                                                                                                                                        Maximum acceptable time (in seconds) since the user last authenticated. If exceeded, the user may be required to sign in again.

                                                                                                                                                                                        +
                                                                                                                                                                                        nonce?: string

                                                                                                                                                                                        A cryptographically random value included in the ID token to prevent replay attacks.

                                                                                                                                                                                        +
                                                                                                                                                                                        prompt?: Prompt

                                                                                                                                                                                        Controls authentication interaction behavior. For example, forcing login or consent.

                                                                                                                                                                                        +
                                                                                                                                                                                        redirectUri?: string

                                                                                                                                                                                        The redirect URI where the authorization server sends the user after authentication completes.

                                                                                                                                                                                        +
                                                                                                                                                                                        request?: string

                                                                                                                                                                                        A signed JWT containing authorization request parameters.

                                                                                                                                                                                        +
                                                                                                                                                                                        resource?: string

                                                                                                                                                                                        Space-separated list of resource indicators that scope the issued access token.

                                                                                                                                                                                        +
                                                                                                                                                                                        responseMode?: ResponseModes

                                                                                                                                                                                        Specifies how the authorization response is returned to the client.

                                                                                                                                                                                        +
                                                                                                                                                                                        responseType?: ResponseTypes

                                                                                                                                                                                        Determines which artifacts are returned from the authorization endpoint.

                                                                                                                                                                                        +
                                                                                                                                                                                        scopes?: string

                                                                                                                                                                                        Space-separated list of scopes requested during authentication.

                                                                                                                                                                                        +
                                                                                                                                                                                        state?: string

                                                                                                                                                                                        A cryptographically random value used to maintain request state +and protect against CSRF attacks.

                                                                                                                                                                                        +
                                                                                                                                                                                        uiLocales?: string

                                                                                                                                                                                        Preferred UI language.

                                                                                                                                                                                        +

                                                                                                                                                                                        Settings

                                                                                                                                                                                        On This Page

                                                                                                                                                                                        Properties
                                                                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.RefetchUserInfoOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.RefetchUserInfoOptions.html new file mode 100644 index 00000000..edae3c24 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.RefetchUserInfoOptions.html @@ -0,0 +1,4 @@ +RefetchUserInfoOptions | MonoCloud Authentication SDK
                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                          Interface RefetchUserInfoOptions

                                                                                                                                                                                          Options used when refetching user profile data from the UserInfo endpoint.

                                                                                                                                                                                          +
                                                                                                                                                                                          interface RefetchUserInfoOptions {
                                                                                                                                                                                              onSessionCreating?: OnSessionCreating;
                                                                                                                                                                                          }
                                                                                                                                                                                          Index

                                                                                                                                                                                          Properties

                                                                                                                                                                                          onSessionCreating? +

                                                                                                                                                                                          Properties

                                                                                                                                                                                          onSessionCreating?: OnSessionCreating

                                                                                                                                                                                          Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                                                                          +

                                                                                                                                                                                          Settings

                                                                                                                                                                                          On This Page

                                                                                                                                                                                          Properties
                                                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshGrantOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshGrantOptions.html new file mode 100644 index 00000000..c95e5b2c --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshGrantOptions.html @@ -0,0 +1,9 @@ +RefreshGrantOptions | MonoCloud Authentication SDK
                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                            Interface RefreshGrantOptions

                                                                                                                                                                                            Options used when exchanging a refresh token for a new access token.

                                                                                                                                                                                            +

                                                                                                                                                                                            These parameters allow requesting an access token scoped to specific resources or scopes that were previously authorized by the user.

                                                                                                                                                                                            +
                                                                                                                                                                                            interface RefreshGrantOptions {
                                                                                                                                                                                                resource?: string;
                                                                                                                                                                                                scopes?: string;
                                                                                                                                                                                            }

                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                            Index

                                                                                                                                                                                            Properties

                                                                                                                                                                                            resource? +scopes? +

                                                                                                                                                                                            Properties

                                                                                                                                                                                            resource?: string

                                                                                                                                                                                            Space-separated list of resource indicators that the new access token should be issued for.

                                                                                                                                                                                            +

                                                                                                                                                                                            The requested resources must have been previously granted during the original authorization flow.

                                                                                                                                                                                            +
                                                                                                                                                                                            scopes?: string

                                                                                                                                                                                            Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                                                                            +

                                                                                                                                                                                            The requested scopes must have been granted during the original authorization flow.

                                                                                                                                                                                            +

                                                                                                                                                                                            Settings

                                                                                                                                                                                            On This Page

                                                                                                                                                                                            Properties
                                                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshOptions.html new file mode 100644 index 00000000..593b3cac --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshOptions.html @@ -0,0 +1,12 @@ +RefreshOptions | MonoCloud Authentication SDK
                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                              Interface RefreshOptions

                                                                                                                                                                                              Options for refreshSession().

                                                                                                                                                                                              +
                                                                                                                                                                                              interface RefreshOptions {
                                                                                                                                                                                                  appState?: ApplicationState;
                                                                                                                                                                                                  mode?: RefreshMode;
                                                                                                                                                                                                  refreshGrantOptions?: RefreshGrantOptions;
                                                                                                                                                                                              }
                                                                                                                                                                                              Index

                                                                                                                                                                                              Properties

                                                                                                                                                                                              appState? +mode? +refreshGrantOptions? +

                                                                                                                                                                                              Properties

                                                                                                                                                                                              appState?: ApplicationState

                                                                                                                                                                                              Additional custom application-specific state information.

                                                                                                                                                                                              +
                                                                                                                                                                                              mode?: RefreshMode

                                                                                                                                                                                              Determines the interaction mode for the session refresh process.

                                                                                                                                                                                              +

                                                                                                                                                                                              Using popup or silent starts a new authorization request and replaces the current session.

                                                                                                                                                                                              +
                                                                                                                                                                                              'silent'
+
                                                                                                                                                                                              + +
                                                                                                                                                                                              refreshGrantOptions?: RefreshGrantOptions

                                                                                                                                                                                              Configuration specific to the Refresh Token Grant flow.

                                                                                                                                                                                              +

                                                                                                                                                                                              Settings

                                                                                                                                                                                              On This Page

                                                                                                                                                                                              Properties
                                                                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshSessionOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshSessionOptions.html new file mode 100644 index 00000000..6a7ceb97 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.RefreshSessionOptions.html @@ -0,0 +1,25 @@ +RefreshSessionOptions | MonoCloud Authentication SDK
                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                Interface RefreshSessionOptions

                                                                                                                                                                                                Options used when refreshing an existing MonoCloud session.

                                                                                                                                                                                                +
                                                                                                                                                                                                interface RefreshSessionOptions {
                                                                                                                                                                                                    fetchUserInfo?: boolean;
                                                                                                                                                                                                    filteredIdTokenClaims?: string[];
                                                                                                                                                                                                    idTokenClockSkew?: number;
                                                                                                                                                                                                    idTokenClockTolerance?: number;
                                                                                                                                                                                                    jwks?: Jwks;
                                                                                                                                                                                                    onSessionCreating?: OnSessionCreating;
                                                                                                                                                                                                    refreshGrantOptions?: RefreshGrantOptions;
                                                                                                                                                                                                    validateIdToken?: boolean;
                                                                                                                                                                                                }
                                                                                                                                                                                                Index

                                                                                                                                                                                                Properties

                                                                                                                                                                                                fetchUserInfo? +filteredIdTokenClaims? +idTokenClockSkew? +idTokenClockTolerance? +jwks? +onSessionCreating? +refreshGrantOptions? +validateIdToken? +

                                                                                                                                                                                                Properties

                                                                                                                                                                                                fetchUserInfo?: boolean

                                                                                                                                                                                                When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

                                                                                                                                                                                                +
                                                                                                                                                                                                false
+
                                                                                                                                                                                                + +
                                                                                                                                                                                                filteredIdTokenClaims?: string[]

                                                                                                                                                                                                List of ID token claims to remove before storing the session.

                                                                                                                                                                                                +
                                                                                                                                                                                                idTokenClockSkew?: number

                                                                                                                                                                                                Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                                                                                                                +
                                                                                                                                                                                                idTokenClockTolerance?: number

                                                                                                                                                                                                Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                                                                                                                +
                                                                                                                                                                                                jwks?: Jwks

                                                                                                                                                                                                JSON Web Key Set used to validate the ID token signature.

                                                                                                                                                                                                +

                                                                                                                                                                                                If not provided, the JWKS is automatically fetched from the authorization server metadata.

                                                                                                                                                                                                +
                                                                                                                                                                                                onSessionCreating?: OnSessionCreating

                                                                                                                                                                                                Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                                                                                +
                                                                                                                                                                                                refreshGrantOptions?: RefreshGrantOptions

                                                                                                                                                                                                Options applied to the refresh token grant request, such as requesting tokens for specific resources or scopes.

                                                                                                                                                                                                +
                                                                                                                                                                                                validateIdToken?: boolean

                                                                                                                                                                                                Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                                                                                                                +
                                                                                                                                                                                                true
+
                                                                                                                                                                                                + +

                                                                                                                                                                                                Settings

                                                                                                                                                                                                On This Page

                                                                                                                                                                                                Properties
                                                                                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.SignInOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.SignInOptions.html new file mode 100644 index 00000000..3a1faf82 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.SignInOptions.html @@ -0,0 +1,38 @@ +SignInOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                  Interface SignInOptions

                                                                                                                                                                                                  Options for signIn().

                                                                                                                                                                                                  +
                                                                                                                                                                                                  interface SignInOptions {
                                                                                                                                                                                                      acrValues?: string[];
                                                                                                                                                                                                      appState?: ApplicationState;
                                                                                                                                                                                                      authenticatorHint?: Authenticators;
                                                                                                                                                                                                      display?: DisplayOptions;
                                                                                                                                                                                                      loginHint?: string;
                                                                                                                                                                                                      maxAge?: number;
                                                                                                                                                                                                      mode?: InteractionMode;
                                                                                                                                                                                                      prompt?: Prompt;
                                                                                                                                                                                                      resource?: string;
                                                                                                                                                                                                      returnUrl?: string;
                                                                                                                                                                                                      scopes?: string;
                                                                                                                                                                                                      signUp?: boolean;
                                                                                                                                                                                                      uiLocales?: string;
                                                                                                                                                                                                  }
                                                                                                                                                                                                  Index

                                                                                                                                                                                                  Properties

                                                                                                                                                                                                  acrValues? +appState? +authenticatorHint? +display? +loginHint? +maxAge? +mode? +prompt? +resource? +returnUrl? +scopes? +signUp? +uiLocales? +

                                                                                                                                                                                                  Properties

                                                                                                                                                                                                  acrValues?: string[]

                                                                                                                                                                                                  An array of authentication context class references (ACRs).

                                                                                                                                                                                                  +
                                                                                                                                                                                                  appState?: ApplicationState

                                                                                                                                                                                                  Additional custom application-specific state information.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  authenticatorHint?: Authenticators

                                                                                                                                                                                                  Specifies the preferred authenticator for sign-in.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  display?: DisplayOptions

                                                                                                                                                                                                  The desired user interface mode.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  loginHint?: string

                                                                                                                                                                                                  Provides a hint about the user's login identifier. Used to pre-fill or suggest a username.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  "user@example.com"
+
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  maxAge?: number

                                                                                                                                                                                                  Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                                                                                                                  +

                                                                                                                                                                                                  Used to force re-authentication if the last login exceeds this time.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  mode?: InteractionMode

                                                                                                                                                                                                  Determines the interaction mode for sign-in.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  'redirect'
+
                                                                                                                                                                                                  + +
                                                                                                                                                                                                  prompt?: Prompt

                                                                                                                                                                                                  The desired authentication behavior.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  resource?: string

                                                                                                                                                                                                  Space-separated resources the access token should be scoped to.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  returnUrl?: string

                                                                                                                                                                                                  Relative path to return to after sign-in.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  scopes?: string

                                                                                                                                                                                                  Space-separated scopes requested from the authorization server.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  signUp?: boolean

                                                                                                                                                                                                  When true, starts the sign-up flow.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  uiLocales?: string

                                                                                                                                                                                                  Specifies preferred locales for the sign-in page.

                                                                                                                                                                                                  +
                                                                                                                                                                                                  "en-US"
+
                                                                                                                                                                                                  + +

                                                                                                                                                                                                  Settings

                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                  Properties
                                                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.SignOutOptions.html b/docs/html/interfaces/_monocloud_auth-js-core.index.SignOutOptions.html new file mode 100644 index 00000000..34e454cf --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.SignOutOptions.html @@ -0,0 +1,12 @@ +SignOutOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                    Interface SignOutOptions

                                                                                                                                                                                                    Options for signOut().

                                                                                                                                                                                                    +
                                                                                                                                                                                                    interface SignOutOptions {
                                                                                                                                                                                                        mode?: InteractionMode;
                                                                                                                                                                                                        postLogoutRedirectUri?: string;
                                                                                                                                                                                                        returnUrl?: string;
                                                                                                                                                                                                    }
                                                                                                                                                                                                    Index

                                                                                                                                                                                                    Properties

                                                                                                                                                                                                    mode? +postLogoutRedirectUri? +returnUrl? +

                                                                                                                                                                                                    Properties

                                                                                                                                                                                                    mode?: InteractionMode

                                                                                                                                                                                                    Determines the interaction mode for the sign-out process.

                                                                                                                                                                                                    +
                                                                                                                                                                                                    'redirect'
+
                                                                                                                                                                                                    + +
                                                                                                                                                                                                    postLogoutRedirectUri?: string

                                                                                                                                                                                                    URI to redirect to after successful sign-out.

                                                                                                                                                                                                    +

                                                                                                                                                                                                    This URI must be configured in the application's allowed sign-out callback URLs.

                                                                                                                                                                                                    +
                                                                                                                                                                                                    returnUrl?: string

                                                                                                                                                                                                    Relative path to return to after sign-out.

                                                                                                                                                                                                    +

                                                                                                                                                                                                    Settings

                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                    Properties
                                                                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.Tokens.html b/docs/html/interfaces/_monocloud_auth-js-core.index.Tokens.html new file mode 100644 index 00000000..8439a082 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.Tokens.html @@ -0,0 +1,14 @@ +Tokens | MonoCloud Authentication SDK
                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                      Interface Tokens

                                                                                                                                                                                                      OAuth 2.0 / OpenID Connect token endpoint response.

                                                                                                                                                                                                      +
                                                                                                                                                                                                      interface Tokens {
                                                                                                                                                                                                          access_token: string;
                                                                                                                                                                                                          expires_in?: number;
                                                                                                                                                                                                          id_token?: string;
                                                                                                                                                                                                          refresh_token?: string;
                                                                                                                                                                                                          scope?: string;
                                                                                                                                                                                                          token_type?: string;
                                                                                                                                                                                                      }
                                                                                                                                                                                                      Index

                                                                                                                                                                                                      Properties

                                                                                                                                                                                                      access_token +expires_in? +id_token? +refresh_token? +scope? +token_type? +

                                                                                                                                                                                                      Properties

                                                                                                                                                                                                      access_token: string

                                                                                                                                                                                                      Access token issued by the authorization server.

                                                                                                                                                                                                      +
                                                                                                                                                                                                      expires_in?: number

                                                                                                                                                                                                      Lifetime of the access token (in seconds) from the time the response was issued.

                                                                                                                                                                                                      +
                                                                                                                                                                                                      id_token?: string

                                                                                                                                                                                                      Optional ID token containing authentication claims about the user.

                                                                                                                                                                                                      +
                                                                                                                                                                                                      refresh_token?: string

                                                                                                                                                                                                      Optional refresh token used to obtain new access tokens without requiring user re-authentication.

                                                                                                                                                                                                      +
                                                                                                                                                                                                      scope?: string

                                                                                                                                                                                                      Space-separated list of scopes granted for the access token.

                                                                                                                                                                                                      +
                                                                                                                                                                                                      token_type?: string

                                                                                                                                                                                                      Token type issued.

                                                                                                                                                                                                      +

                                                                                                                                                                                                      Settings

                                                                                                                                                                                                      On This Page

                                                                                                                                                                                                      Properties
                                                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-js-core.index.UserinfoResponse.html b/docs/html/interfaces/_monocloud_auth-js-core.index.UserinfoResponse.html new file mode 100644 index 00000000..f6c6aca3 --- /dev/null +++ b/docs/html/interfaces/_monocloud_auth-js-core.index.UserinfoResponse.html @@ -0,0 +1,46 @@ +UserinfoResponse | MonoCloud Authentication SDK
                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                        Interface UserinfoResponse<TAddress>

                                                                                                                                                                                                        Represents the OpenID Connect UserInfo response.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        interface UserinfoResponse<TAddress extends Address = Address> {
                                                                                                                                                                                                            address?: TAddress;
                                                                                                                                                                                                            birthdate?: string;
                                                                                                                                                                                                            email?: string;
                                                                                                                                                                                                            email_verified?: boolean;
                                                                                                                                                                                                            family_name?: string;
                                                                                                                                                                                                            gender?: string;
                                                                                                                                                                                                            given_name?: string;
                                                                                                                                                                                                            groups?: Group[];
                                                                                                                                                                                                            locale?: string;
                                                                                                                                                                                                            middle_name?: string;
                                                                                                                                                                                                            name?: string;
                                                                                                                                                                                                            nickname?: string;
                                                                                                                                                                                                            phone_number?: string;
                                                                                                                                                                                                            phone_number_verified?: boolean;
                                                                                                                                                                                                            picture?: string;
                                                                                                                                                                                                            preferred_username?: string;
                                                                                                                                                                                                            profile?: string;
                                                                                                                                                                                                            sub: string;
                                                                                                                                                                                                            updated_at?: number;
                                                                                                                                                                                                            website?: string;
                                                                                                                                                                                                            zoneinfo?: string;
                                                                                                                                                                                                            [key: string]: unknown;
                                                                                                                                                                                                        }

                                                                                                                                                                                                        Type Parameters

                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                        Indexable

                                                                                                                                                                                                        • [key: string]: unknown

                                                                                                                                                                                                          Additional provider-specific claims.

                                                                                                                                                                                                          +
                                                                                                                                                                                                        Index

                                                                                                                                                                                                        Properties

                                                                                                                                                                                                        address? +birthdate? +email? +email_verified? +family_name? +gender? +given_name? +groups? +locale? +middle_name? +name? +nickname? +phone_number? +phone_number_verified? +picture? +preferred_username? +profile? +sub +updated_at? +website? +zoneinfo? +

                                                                                                                                                                                                        Properties

                                                                                                                                                                                                        address?: TAddress

                                                                                                                                                                                                        Postal address.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        birthdate?: string

                                                                                                                                                                                                        Birthday.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        email?: string

                                                                                                                                                                                                        Email address.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        email_verified?: boolean

                                                                                                                                                                                                        Whether the email address has been verified by the provider.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        family_name?: string

                                                                                                                                                                                                        Surname(s) / last name.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        gender?: string

                                                                                                                                                                                                        Gender.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        given_name?: string

                                                                                                                                                                                                        Given name(s) / first name.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        groups?: Group[]

                                                                                                                                                                                                        Group memberships for the user.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        locale?: string

                                                                                                                                                                                                        Locale.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        middle_name?: string

                                                                                                                                                                                                        Middle name(s).

                                                                                                                                                                                                        +
                                                                                                                                                                                                        name?: string

                                                                                                                                                                                                        Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                        +
                                                                                                                                                                                                        nickname?: string

                                                                                                                                                                                                        Casual name used by the user.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        phone_number?: string

                                                                                                                                                                                                        Phone number (formatted in E.164 standard).

                                                                                                                                                                                                        +
                                                                                                                                                                                                        phone_number_verified?: boolean

                                                                                                                                                                                                        Whether the phone number has been verified by the provider.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        picture?: string

                                                                                                                                                                                                        URL of the user's profile picture.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        preferred_username?: string

                                                                                                                                                                                                        Preferred username.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        profile?: string

                                                                                                                                                                                                        URL of the user's profile page.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        sub: string

                                                                                                                                                                                                        Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        updated_at?: number

                                                                                                                                                                                                        Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                        +
                                                                                                                                                                                                        website?: string

                                                                                                                                                                                                        URL of the user's website.

                                                                                                                                                                                                        +
                                                                                                                                                                                                        zoneinfo?: string

                                                                                                                                                                                                        Time zone name.

                                                                                                                                                                                                        +

                                                                                                                                                                                                        Settings

                                                                                                                                                                                                        On This Page

                                                                                                                                                                                                        Properties
                                                                                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.client.ProtectClientPageOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.client.ProtectClientPageOptions.html index b16ff66f..b915fc67 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.client.ProtectClientPageOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.client.ProtectClientPageOptions.html @@ -1,5 +1,5 @@ ProtectClientPageOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                          Interface ProtectClientPageOptions

                                                                                                                                                                                                          Options for configuring page protection.

                                                                                                                                                                                                          -
                                                                                                                                                                                                          interface ProtectClientPageOptions {
                                                                                                                                                                                                              authParams?: ExtraAuthParams;
                                                                                                                                                                                                              groups?: string[];
                                                                                                                                                                                                              groupsClaim?: string;
                                                                                                                                                                                                              matchAll?: boolean;
                                                                                                                                                                                                              onAccessDenied?: () => ReactNode;
                                                                                                                                                                                                              onError?: (error: Error) => ReactNode;
                                                                                                                                                                                                              onGroupAccessDenied?: (user: MonoCloudUser) => ReactNode;
                                                                                                                                                                                                              returnUrl?: string;
                                                                                                                                                                                                          }

                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                          Index

                                                                                                                                                                                                          Properties

                                                                                                                                                                                                          authParams? +
                                                                                                                                                                                                          interface ProtectClientPageOptions {
                                                                                                                                                                                                              authParams?: ExtraAuthParams;
                                                                                                                                                                                                              groups?: string[];
                                                                                                                                                                                                              groupsClaim?: string;
                                                                                                                                                                                                              matchAll?: boolean;
                                                                                                                                                                                                              onAccessDenied?: () => ReactNode;
                                                                                                                                                                                                              onError?: (error: Error) => ReactNode;
                                                                                                                                                                                                              onGroupAccessDenied?: (user: MonoCloudUser) => ReactNode;
                                                                                                                                                                                                              returnUrl?: string;
                                                                                                                                                                                                          }

                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                          Index

                                                                                                                                                                                                          Properties

                                                                                                                                                                                                          authParams? groups? groupsClaim? matchAll? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.components.SignInProps.html b/docs/html/interfaces/_monocloud_auth-nextjs.components.SignInProps.html index 035648a1..76d06c95 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.components.SignInProps.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.components.SignInProps.html @@ -1,5 +1,5 @@ SignInProps | MonoCloud Authentication SDK
                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                            Interface SignInProps

                                                                                                                                                                                                            Props for the <SignIn /> component.

                                                                                                                                                                                                            -
                                                                                                                                                                                                            interface SignInProps {
                                                                                                                                                                                                                acrValues?: string[];
                                                                                                                                                                                                                authenticatorHint?: Authenticators;
                                                                                                                                                                                                                children: ReactNode;
                                                                                                                                                                                                                display?: DisplayOptions;
                                                                                                                                                                                                                loginHint?: string;
                                                                                                                                                                                                                maxAge?: number;
                                                                                                                                                                                                                prompt?: Prompt;
                                                                                                                                                                                                                resource?: string;
                                                                                                                                                                                                                returnUrl?: string;
                                                                                                                                                                                                                scopes?: string;
                                                                                                                                                                                                                uiLocales?: string;
                                                                                                                                                                                                            }

                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                            Index

                                                                                                                                                                                                            Properties

                                                                                                                                                                                                            acrValues? +
                                                                                                                                                                                                            interface SignInProps {
                                                                                                                                                                                                                acrValues?: string[];
                                                                                                                                                                                                                authenticatorHint?: Authenticators;
                                                                                                                                                                                                                children: ReactNode;
                                                                                                                                                                                                                display?: DisplayOptions;
                                                                                                                                                                                                                loginHint?: string;
                                                                                                                                                                                                                maxAge?: number;
                                                                                                                                                                                                                prompt?: Prompt;
                                                                                                                                                                                                                resource?: string;
                                                                                                                                                                                                                returnUrl?: string;
                                                                                                                                                                                                                scopes?: string;
                                                                                                                                                                                                                uiLocales?: string;
                                                                                                                                                                                                            }

                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                            Index

                                                                                                                                                                                                            Properties

                                                                                                                                                                                                            acrValues? authenticatorHint? children display? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.components.SignUpProps.html b/docs/html/interfaces/_monocloud_auth-nextjs.components.SignUpProps.html index 32d7d95b..daf9bf6b 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.components.SignUpProps.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.components.SignUpProps.html @@ -1,5 +1,5 @@ SignUpProps | MonoCloud Authentication SDK
                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                              Interface SignUpProps

                                                                                                                                                                                                              Props for the <SignUp /> component.

                                                                                                                                                                                                              -
                                                                                                                                                                                                              interface SignUpProps {
                                                                                                                                                                                                                  acrValues?: string[];
                                                                                                                                                                                                                  display?: DisplayOptions;
                                                                                                                                                                                                                  maxAge?: number;
                                                                                                                                                                                                                  resource?: string;
                                                                                                                                                                                                                  returnUrl?: string;
                                                                                                                                                                                                                  scopes?: string;
                                                                                                                                                                                                                  uiLocales?: string;
                                                                                                                                                                                                              }

                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                              • Omit<ExtraAuthParams, "authenticatorHint" | "loginHint" | "prompt">
                                                                                                                                                                                                                • SignUpProps
                                                                                                                                                                                                              Index

                                                                                                                                                                                                              Properties

                                                                                                                                                                                                              acrValues? +
                                                                                                                                                                                                              interface SignUpProps {
                                                                                                                                                                                                                  acrValues?: string[];
                                                                                                                                                                                                                  display?: DisplayOptions;
                                                                                                                                                                                                                  maxAge?: number;
                                                                                                                                                                                                                  resource?: string;
                                                                                                                                                                                                                  returnUrl?: string;
                                                                                                                                                                                                                  scopes?: string;
                                                                                                                                                                                                                  uiLocales?: string;
                                                                                                                                                                                                              }

                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                              • Omit<ExtraAuthParams, "authenticatorHint" | "loginHint" | "prompt">
                                                                                                                                                                                                                • SignUpProps
                                                                                                                                                                                                              Index

                                                                                                                                                                                                              Properties

                                                                                                                                                                                                              acrValues? display? maxAge? resource? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.components_client.RedirectToSignInProps.html b/docs/html/interfaces/_monocloud_auth-nextjs.components_client.RedirectToSignInProps.html index 947cabd4..e0e082ce 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.components_client.RedirectToSignInProps.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.components_client.RedirectToSignInProps.html @@ -1,5 +1,5 @@ RedirectToSignInProps | MonoCloud Authentication SDK
                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                Interface RedirectToSignInProps

                                                                                                                                                                                                                Props for the <RedirectToSignIn /> Component

                                                                                                                                                                                                                -
                                                                                                                                                                                                                interface RedirectToSignInProps {
                                                                                                                                                                                                                    acrValues?: string[];
                                                                                                                                                                                                                    authenticatorHint?: Authenticators;
                                                                                                                                                                                                                    display?: DisplayOptions;
                                                                                                                                                                                                                    loginHint?: string;
                                                                                                                                                                                                                    maxAge?: number;
                                                                                                                                                                                                                    prompt?: Prompt;
                                                                                                                                                                                                                    resource?: string;
                                                                                                                                                                                                                    returnUrl?: string;
                                                                                                                                                                                                                    scopes?: string;
                                                                                                                                                                                                                    uiLocales?: string;
                                                                                                                                                                                                                }

                                                                                                                                                                                                                Hierarchy

                                                                                                                                                                                                                Index

                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                acrValues? +
                                                                                                                                                                                                                interface RedirectToSignInProps {
                                                                                                                                                                                                                    acrValues?: string[];
                                                                                                                                                                                                                    authenticatorHint?: Authenticators;
                                                                                                                                                                                                                    display?: DisplayOptions;
                                                                                                                                                                                                                    loginHint?: string;
                                                                                                                                                                                                                    maxAge?: number;
                                                                                                                                                                                                                    prompt?: Prompt;
                                                                                                                                                                                                                    resource?: string;
                                                                                                                                                                                                                    returnUrl?: string;
                                                                                                                                                                                                                    scopes?: string;
                                                                                                                                                                                                                    uiLocales?: string;
                                                                                                                                                                                                                }

                                                                                                                                                                                                                Hierarchy

                                                                                                                                                                                                                Index

                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                acrValues? authenticatorHint? display? loginHint? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.AccessToken.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.AccessToken.html index d9afd91d..00a292d8 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.AccessToken.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.AccessToken.html @@ -1,13 +1,13 @@ AccessToken | MonoCloud Authentication SDK
                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                                  Interface AccessToken

                                                                                                                                                                                                                  Represents an OAuth 2.0 access token and its associated metadata.

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  interface AccessToken {
                                                                                                                                                                                                                      accessToken: string;
                                                                                                                                                                                                                      accessTokenExpiration: number;
                                                                                                                                                                                                                      requestedScopes?: string;
                                                                                                                                                                                                                      resource?: string;
                                                                                                                                                                                                                      scopes: string;
                                                                                                                                                                                                                  }

                                                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                  accessToken +
                                                                                                                                                                                                                  interface AccessToken {
                                                                                                                                                                                                                      accessToken: string;
                                                                                                                                                                                                                      accessTokenExpiration: number;
                                                                                                                                                                                                                      requestedScopes?: string;
                                                                                                                                                                                                                      resource?: string;
                                                                                                                                                                                                                      scopes: string;
                                                                                                                                                                                                                  }

                                                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                  accessToken accessTokenExpiration requestedScopes? resource? scopes

                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                  accessToken: string

                                                                                                                                                                                                                  The issued access token.

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  accessTokenExpiration: number

                                                                                                                                                                                                                  The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  requestedScopes?: string

                                                                                                                                                                                                                  Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  resource?: string

                                                                                                                                                                                                                  Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                                                  -
                                                                                                                                                                                                                  scopes: string

                                                                                                                                                                                                                  Space-separated list of scopes granted to the access token.

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  accessTokenExpiration: number

                                                                                                                                                                                                                  The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  requestedScopes?: string

                                                                                                                                                                                                                  Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  resource?: string

                                                                                                                                                                                                                  Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                                                  +
                                                                                                                                                                                                                  scopes: string

                                                                                                                                                                                                                  Space-separated list of scopes granted to the access token.

                                                                                                                                                                                                                  These represent the effective permissions approved by the authorization server.

                                                                                                                                                                                                                  -

                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                  +

                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.Address.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.Address.html index dff9646d..5256ec8c 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.Address.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.Address.html @@ -1,15 +1,15 @@ Address | MonoCloud Authentication SDK
                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                    Interface Address

                                                                                                                                                                                                                    Represents a postal address as defined by the OpenID Connect standard address claim.

                                                                                                                                                                                                                    interface Address {
                                                                                                                                                                                                                        country?: string;
                                                                                                                                                                                                                        formatted?: string;
                                                                                                                                                                                                                        locality?: string;
                                                                                                                                                                                                                        postal_code?: string;
                                                                                                                                                                                                                        region?: string;
                                                                                                                                                                                                                        street_address?: string;
                                                                                                                                                                                                                        [key: string]: unknown;
                                                                                                                                                                                                                    }

                                                                                                                                                                                                                    Indexable

                                                                                                                                                                                                                    • [key: string]: unknown

                                                                                                                                                                                                                      Additional provider-specific address fields.

                                                                                                                                                                                                                      -
                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                    country? +
                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                    country? formatted? locality? postal_code? region? street_address?

                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                    country?: string

                                                                                                                                                                                                                    Country name or ISO country code.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    formatted?: string

                                                                                                                                                                                                                    Full mailing address formatted for display or mailing labels.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    locality?: string

                                                                                                                                                                                                                    City or locality component.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    postal_code?: string

                                                                                                                                                                                                                    Postal or ZIP code.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    region?: string

                                                                                                                                                                                                                    State, province, or region component.

                                                                                                                                                                                                                    -
                                                                                                                                                                                                                    street_address?: string

                                                                                                                                                                                                                    Full street address component, which may include house number, street name, apartment, suite, or unit information.

                                                                                                                                                                                                                    -

                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                                    Properties
                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    formatted?: string

                                                                                                                                                                                                                    Full mailing address formatted for display or mailing labels.

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    locality?: string

                                                                                                                                                                                                                    City or locality component.

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    postal_code?: string

                                                                                                                                                                                                                    Postal or ZIP code.

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    region?: string

                                                                                                                                                                                                                    State, province, or region component.

                                                                                                                                                                                                                    +
                                                                                                                                                                                                                    street_address?: string

                                                                                                                                                                                                                    Full street address component, which may include house number, street name, apartment, suite, or unit information.

                                                                                                                                                                                                                    +

                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                                    Properties
                                                                                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ApplicationState.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ApplicationState.html index cec866c9..2ba1af5c 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ApplicationState.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ApplicationState.html @@ -1,3 +1,3 @@ ApplicationState | MonoCloud Authentication SDK
                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                      Interface ApplicationState

                                                                                                                                                                                                                      Represents custom application state associated with an authentication request.

                                                                                                                                                                                                                      This object is populated via onSetApplicationState and is persisted through the authentication flow. The resolved value is later available during session creation and can be used to carry application-specific context (for example: return targets, workflow state, or tenant hints).

                                                                                                                                                                                                                      -

                                                                                                                                                                                                                      Hierarchy

                                                                                                                                                                                                                      • Record<string, any>
                                                                                                                                                                                                                        • ApplicationState

                                                                                                                                                                                                                      Indexable

                                                                                                                                                                                                                      • [key: string]: any

                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                      +

                                                                                                                                                                                                                      Hierarchy

                                                                                                                                                                                                                      • Record<string, any>
                                                                                                                                                                                                                        • ApplicationState

                                                                                                                                                                                                                      Indexable

                                                                                                                                                                                                                      • [key: string]: any

                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ExtraAuthParams.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ExtraAuthParams.html index df16b94a..941074c6 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ExtraAuthParams.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ExtraAuthParams.html @@ -1,5 +1,5 @@ ExtraAuthParams | MonoCloud Authentication SDK
                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                        Interface ExtraAuthParams

                                                                                                                                                                                                                        A subset of authorization parameters supported by client-side helpers.

                                                                                                                                                                                                                        -
                                                                                                                                                                                                                        interface ExtraAuthParams {
                                                                                                                                                                                                                            acrValues?: string[];
                                                                                                                                                                                                                            authenticatorHint?: Authenticators;
                                                                                                                                                                                                                            display?: DisplayOptions;
                                                                                                                                                                                                                            loginHint?: string;
                                                                                                                                                                                                                            maxAge?: number;
                                                                                                                                                                                                                            prompt?: Prompt;
                                                                                                                                                                                                                            resource?: string;
                                                                                                                                                                                                                            scopes?: string;
                                                                                                                                                                                                                            uiLocales?: string;
                                                                                                                                                                                                                        }

                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                        • Pick<
                                                                                                                                                                                                                              AuthorizationParams,
                                                                                                                                                                                                                              | "scopes"
                                                                                                                                                                                                                              | "resource"
                                                                                                                                                                                                                              | "prompt"
                                                                                                                                                                                                                              | "display"
                                                                                                                                                                                                                              | "uiLocales"
                                                                                                                                                                                                                              | "acrValues"
                                                                                                                                                                                                                              | "authenticatorHint"
                                                                                                                                                                                                                              | "maxAge"
                                                                                                                                                                                                                              | "loginHint",
                                                                                                                                                                                                                          >
                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                        acrValues? +
                                                                                                                                                                                                                        interface ExtraAuthParams {
                                                                                                                                                                                                                            acrValues?: string[];
                                                                                                                                                                                                                            authenticatorHint?: Authenticators;
                                                                                                                                                                                                                            display?: DisplayOptions;
                                                                                                                                                                                                                            loginHint?: string;
                                                                                                                                                                                                                            maxAge?: number;
                                                                                                                                                                                                                            prompt?: Prompt;
                                                                                                                                                                                                                            resource?: string;
                                                                                                                                                                                                                            scopes?: string;
                                                                                                                                                                                                                            uiLocales?: string;
                                                                                                                                                                                                                        }

                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                        • Pick<
                                                                                                                                                                                                                              AuthorizationParams,
                                                                                                                                                                                                                              | "scopes"
                                                                                                                                                                                                                              | "resource"
                                                                                                                                                                                                                              | "prompt"
                                                                                                                                                                                                                              | "display"
                                                                                                                                                                                                                              | "uiLocales"
                                                                                                                                                                                                                              | "acrValues"
                                                                                                                                                                                                                              | "authenticatorHint"
                                                                                                                                                                                                                              | "maxAge"
                                                                                                                                                                                                                              | "loginHint",
                                                                                                                                                                                                                          >
                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                        acrValues? authenticatorHint? display? loginHint? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.GetTokensOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.GetTokensOptions.html index b334be31..560cbcf7 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.GetTokensOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.GetTokensOptions.html @@ -1,5 +1,5 @@ GetTokensOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                                          Interface GetTokensOptions

                                                                                                                                                                                                                          Options used to control token retrieval and refresh behavior when calling getTokens().

                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          interface GetTokensOptions {
                                                                                                                                                                                                                              forceRefresh?: boolean;
                                                                                                                                                                                                                              refetchUserInfo?: boolean;
                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                              scopes?: string;
                                                                                                                                                                                                                          }

                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                          forceRefresh? +
                                                                                                                                                                                                                          interface GetTokensOptions {
                                                                                                                                                                                                                              forceRefresh?: boolean;
                                                                                                                                                                                                                              refetchUserInfo?: boolean;
                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                              scopes?: string;
                                                                                                                                                                                                                          }

                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                          forceRefresh? refetchUserInfo? resource? scopes? @@ -7,6 +7,6 @@
                                                                                                                                                                                                                          refetchUserInfo?: boolean

                                                                                                                                                                                                                          When enabled, refetches user information from the UserInfo endpoint after tokens are refreshed.

                                                                                                                                                                                                                          resource?: string

                                                                                                                                                                                                                          Space-separated list of resource indicators that the new access token should be issued for.

                                                                                                                                                                                                                          The requested resources must have been previously granted during the original authorization flow.

                                                                                                                                                                                                                          -
                                                                                                                                                                                                                          scopes?: string

                                                                                                                                                                                                                          Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                                                                                                          +
                                                                                                                                                                                                                          scopes?: string

                                                                                                                                                                                                                          Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                                                                                                          The requested scopes must have been granted during the original authorization flow.

                                                                                                                                                                                                                          -

                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                          +

                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.GroupOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.GroupOptions.html index c7b124bd..e32fdb00 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.GroupOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.GroupOptions.html @@ -1,5 +1,5 @@ GroupOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                                            Interface GroupOptions

                                                                                                                                                                                                                            Configuration options that require the user to belong to specific groups.

                                                                                                                                                                                                                            -
                                                                                                                                                                                                                            interface GroupOptions {
                                                                                                                                                                                                                                groups?: string[];
                                                                                                                                                                                                                                groupsClaim?: string;
                                                                                                                                                                                                                                matchAll?: boolean;
                                                                                                                                                                                                                            }

                                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                            groups? +
                                                                                                                                                                                                                            interface GroupOptions {
                                                                                                                                                                                                                                groups?: string[];
                                                                                                                                                                                                                                groupsClaim?: string;
                                                                                                                                                                                                                                matchAll?: boolean;
                                                                                                                                                                                                                            }

                                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                            groups? groupsClaim? matchAll?

                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                            groups?: string[]

                                                                                                                                                                                                                            A list of group IDs or group names the authenticated user must belong to.

                                                                                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.IdTokenClaims.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.IdTokenClaims.html index 24947fbe..2905b7b0 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.IdTokenClaims.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.IdTokenClaims.html @@ -1,6 +1,6 @@ IdTokenClaims | MonoCloud Authentication SDK
                                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                                              Interface IdTokenClaims

                                                                                                                                                                                                                              Standard OpenID Connect ID Token claims.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              interface IdTokenClaims {
                                                                                                                                                                                                                                  acr?: string;
                                                                                                                                                                                                                                  address?: Address;
                                                                                                                                                                                                                                  amr?: string[];
                                                                                                                                                                                                                                  at_hash?: string;
                                                                                                                                                                                                                                  aud: string | string[];
                                                                                                                                                                                                                                  auth_time?: number;
                                                                                                                                                                                                                                  azp?: string;
                                                                                                                                                                                                                                  birthdate?: string;
                                                                                                                                                                                                                                  c_hash?: string;
                                                                                                                                                                                                                                  email?: string;
                                                                                                                                                                                                                                  email_verified?: boolean;
                                                                                                                                                                                                                                  exp: number;
                                                                                                                                                                                                                                  family_name?: string;
                                                                                                                                                                                                                                  gender?: string;
                                                                                                                                                                                                                                  given_name?: string;
                                                                                                                                                                                                                                  groups?: Group[];
                                                                                                                                                                                                                                  iat: number;
                                                                                                                                                                                                                                  iss: string;
                                                                                                                                                                                                                                  locale?: string;
                                                                                                                                                                                                                                  middle_name?: string;
                                                                                                                                                                                                                                  name?: string;
                                                                                                                                                                                                                                  nickname?: string;
                                                                                                                                                                                                                                  nonce?: string;
                                                                                                                                                                                                                                  phone_number?: string;
                                                                                                                                                                                                                                  phone_number_verified?: boolean;
                                                                                                                                                                                                                                  picture?: string;
                                                                                                                                                                                                                                  preferred_username?: string;
                                                                                                                                                                                                                                  profile?: string;
                                                                                                                                                                                                                                  s_hash?: string;
                                                                                                                                                                                                                                  sub: string;
                                                                                                                                                                                                                                  updated_at?: number;
                                                                                                                                                                                                                                  website?: string;
                                                                                                                                                                                                                                  zoneinfo?: string;
                                                                                                                                                                                                                                  [key: string]: unknown;
                                                                                                                                                                                                                              }

                                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                                              Indexable

                                                                                                                                                                                                                              • [key: string]: unknown

                                                                                                                                                                                                                                Additional custom or provider-specific claims.

                                                                                                                                                                                                                                -
                                                                                                                                                                                                                              Index

                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                              acr? +
                                                                                                                                                                                                                              interface IdTokenClaims {
                                                                                                                                                                                                                                  acr?: string;
                                                                                                                                                                                                                                  address?: Address;
                                                                                                                                                                                                                                  amr?: string[];
                                                                                                                                                                                                                                  at_hash?: string;
                                                                                                                                                                                                                                  aud: string | string[];
                                                                                                                                                                                                                                  auth_time?: number;
                                                                                                                                                                                                                                  azp?: string;
                                                                                                                                                                                                                                  birthdate?: string;
                                                                                                                                                                                                                                  c_hash?: string;
                                                                                                                                                                                                                                  email?: string;
                                                                                                                                                                                                                                  email_verified?: boolean;
                                                                                                                                                                                                                                  exp: number;
                                                                                                                                                                                                                                  family_name?: string;
                                                                                                                                                                                                                                  gender?: string;
                                                                                                                                                                                                                                  given_name?: string;
                                                                                                                                                                                                                                  groups?: Group[];
                                                                                                                                                                                                                                  iat: number;
                                                                                                                                                                                                                                  iss: string;
                                                                                                                                                                                                                                  locale?: string;
                                                                                                                                                                                                                                  middle_name?: string;
                                                                                                                                                                                                                                  name?: string;
                                                                                                                                                                                                                                  nickname?: string;
                                                                                                                                                                                                                                  nonce?: string;
                                                                                                                                                                                                                                  phone_number?: string;
                                                                                                                                                                                                                                  phone_number_verified?: boolean;
                                                                                                                                                                                                                                  picture?: string;
                                                                                                                                                                                                                                  preferred_username?: string;
                                                                                                                                                                                                                                  profile?: string;
                                                                                                                                                                                                                                  s_hash?: string;
                                                                                                                                                                                                                                  sub: string;
                                                                                                                                                                                                                                  updated_at?: number;
                                                                                                                                                                                                                                  website?: string;
                                                                                                                                                                                                                                  zoneinfo?: string;
                                                                                                                                                                                                                                  [key: string]: unknown;
                                                                                                                                                                                                                              }

                                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                                              Indexable

                                                                                                                                                                                                                              • [key: string]: unknown

                                                                                                                                                                                                                                Additional custom or provider-specific claims.

                                                                                                                                                                                                                                +
                                                                                                                                                                                                                              Index

                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                              acr? address? amr? at_hash? @@ -34,36 +34,36 @@ website? zoneinfo?

                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                              acr?: string

                                                                                                                                                                                                                              Authentication Context Class Reference. Indicates the assurance level of the authentication performed.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              address?: Address

                                                                                                                                                                                                                              Postal address.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              amr?: string[]

                                                                                                                                                                                                                              Authentication Methods References. Lists the authentication methods used (for example: pwd, mfa, otp).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              at_hash?: string

                                                                                                                                                                                                                              Access token hash. Used to validate access tokens returned alongside the ID token.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              aud: string | string[]

                                                                                                                                                                                                                              Intended audience(s) of the ID token.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              auth_time?: number

                                                                                                                                                                                                                              Time when the end-user authentication occurred (Unix epoch seconds).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              azp?: string

                                                                                                                                                                                                                              Authorized party - identifies the client to which the ID token was issued.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              birthdate?: string

                                                                                                                                                                                                                              Birthday.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              c_hash?: string

                                                                                                                                                                                                                              Authorization code hash. Used to validate authorization codes returned with hybrid flows.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              email?: string

                                                                                                                                                                                                                              Email address.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              email_verified?: boolean

                                                                                                                                                                                                                              Whether the email address has been verified by the provider.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              exp: number

                                                                                                                                                                                                                              Expiration time of the ID token (Unix epoch seconds).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              family_name?: string

                                                                                                                                                                                                                              Surname(s) / last name.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              gender?: string

                                                                                                                                                                                                                              Gender.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              given_name?: string

                                                                                                                                                                                                                              Given name(s) / first name.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              groups?: Group[]

                                                                                                                                                                                                                              Group memberships for the user.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              iat: number

                                                                                                                                                                                                                              Time at which the ID token was issued (Unix epoch seconds).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              iss: string

                                                                                                                                                                                                                              Issuer identifier - the authorization server that issued the token.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              locale?: string

                                                                                                                                                                                                                              Locale.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              middle_name?: string

                                                                                                                                                                                                                              Middle name(s).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              name?: string

                                                                                                                                                                                                                              Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              nickname?: string

                                                                                                                                                                                                                              Casual name used by the user.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              nonce?: string

                                                                                                                                                                                                                              Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              phone_number?: string

                                                                                                                                                                                                                              Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              phone_number_verified?: boolean

                                                                                                                                                                                                                              Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              picture?: string

                                                                                                                                                                                                                              URL of the user's profile picture.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              preferred_username?: string

                                                                                                                                                                                                                              Preferred username.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              profile?: string

                                                                                                                                                                                                                              URL of the user's profile page.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              s_hash?: string

                                                                                                                                                                                                                              State hash (used in some hybrid flow validations).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              sub: string

                                                                                                                                                                                                                              Subject identifier — uniquely identifies the authenticated user.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              updated_at?: number

                                                                                                                                                                                                                              Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              website?: string

                                                                                                                                                                                                                              URL of the user's website.

                                                                                                                                                                                                                              -
                                                                                                                                                                                                                              zoneinfo?: string

                                                                                                                                                                                                                              Time zone name.

                                                                                                                                                                                                                              -

                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                              On This Page

                                                                                                                                                                                                                              Properties
                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              address?: Address

                                                                                                                                                                                                                              Postal address.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              amr?: string[]

                                                                                                                                                                                                                              Authentication Methods References. Lists the authentication methods used (for example: pwd, mfa, otp).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              at_hash?: string

                                                                                                                                                                                                                              Access token hash. Used to validate access tokens returned alongside the ID token.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              aud: string | string[]

                                                                                                                                                                                                                              Intended audience(s) of the ID token.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              auth_time?: number

                                                                                                                                                                                                                              Time when the end-user authentication occurred (Unix epoch seconds).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              azp?: string

                                                                                                                                                                                                                              Authorized party - identifies the client to which the ID token was issued.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              birthdate?: string

                                                                                                                                                                                                                              Birthday.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              c_hash?: string

                                                                                                                                                                                                                              Authorization code hash. Used to validate authorization codes returned with hybrid flows.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              email?: string

                                                                                                                                                                                                                              Email address.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              email_verified?: boolean

                                                                                                                                                                                                                              Whether the email address has been verified by the provider.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              exp: number

                                                                                                                                                                                                                              Expiration time of the ID token (Unix epoch seconds).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              family_name?: string

                                                                                                                                                                                                                              Surname(s) / last name.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              gender?: string

                                                                                                                                                                                                                              Gender.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              given_name?: string

                                                                                                                                                                                                                              Given name(s) / first name.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              groups?: Group[]

                                                                                                                                                                                                                              Group memberships for the user.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              iat: number

                                                                                                                                                                                                                              Time at which the ID token was issued (Unix epoch seconds).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              iss: string

                                                                                                                                                                                                                              Issuer identifier - the authorization server that issued the token.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              locale?: string

                                                                                                                                                                                                                              Locale.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              middle_name?: string

                                                                                                                                                                                                                              Middle name(s).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              name?: string

                                                                                                                                                                                                                              Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              nickname?: string

                                                                                                                                                                                                                              Casual name used by the user.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              nonce?: string

                                                                                                                                                                                                                              Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              phone_number?: string

                                                                                                                                                                                                                              Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              phone_number_verified?: boolean

                                                                                                                                                                                                                              Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              picture?: string

                                                                                                                                                                                                                              URL of the user's profile picture.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              preferred_username?: string

                                                                                                                                                                                                                              Preferred username.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              profile?: string

                                                                                                                                                                                                                              URL of the user's profile page.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              s_hash?: string

                                                                                                                                                                                                                              State hash (used in some hybrid flow validations).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              sub: string

                                                                                                                                                                                                                              Subject identifier — uniquely identifies the authenticated user.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              updated_at?: number

                                                                                                                                                                                                                              Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              website?: string

                                                                                                                                                                                                                              URL of the user's website.

                                                                                                                                                                                                                              +
                                                                                                                                                                                                                              zoneinfo?: string

                                                                                                                                                                                                                              Time zone name.

                                                                                                                                                                                                                              +

                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                              On This Page

                                                                                                                                                                                                                              Properties
                                                                                                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.IsUserInGroupOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.IsUserInGroupOptions.html index d746355f..49342d00 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.IsUserInGroupOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.IsUserInGroupOptions.html @@ -1,5 +1,5 @@ IsUserInGroupOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                                Interface IsUserInGroupOptions

                                                                                                                                                                                                                                Configuration options for evaluating user group membership.

                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                interface IsUserInGroupOptions {
                                                                                                                                                                                                                                    groupsClaim?: string;
                                                                                                                                                                                                                                    matchAll?: boolean;
                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                Hierarchy

                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                groupsClaim? +
                                                                                                                                                                                                                                interface IsUserInGroupOptions {
                                                                                                                                                                                                                                    groupsClaim?: string;
                                                                                                                                                                                                                                    matchAll?: boolean;
                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                Hierarchy

                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                groupsClaim? matchAll?

                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                groupsClaim?: string

                                                                                                                                                                                                                                The name of the claim in the user profile that contains group information. This value is read from the authenticated user's session.

                                                                                                                                                                                                                                'groups'
diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.Jwk.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.Jwk.html
index 2cc2320b..61c7e225 100644
--- a/docs/html/interfaces/_monocloud_auth-nextjs.index.Jwk.html
+++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.Jwk.html
@@ -1,7 +1,7 @@
 Jwk | MonoCloud Authentication SDK
                                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                                  Preparing search index...
                                                                                                                                                                                                                                  Interface Jwk
                                                                                                                                                                                                                                  Represents a JSON Web Key (JWK) as defined by RFC 7517.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  A JWK describes a cryptographic key used to verify or encrypt JSON Web Tokens (JWTs) as obtained from the JWKS (JSON Web Key Set) endpoint exposed by the authorization server.
                                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                                  The available properties depend on the key type (kty).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  interface Jwk {
                                                                                                                                                                                                                                      alg?: string;
                                                                                                                                                                                                                                      crv?: string;
                                                                                                                                                                                                                                      d?: string;
                                                                                                                                                                                                                                      dp?: string;
                                                                                                                                                                                                                                      dq?: string;
                                                                                                                                                                                                                                      e?: string;
                                                                                                                                                                                                                                      ext?: boolean;
                                                                                                                                                                                                                                      k?: string;
                                                                                                                                                                                                                                      key_ops?: string[];
                                                                                                                                                                                                                                      kid?: string;
                                                                                                                                                                                                                                      kty: string;
                                                                                                                                                                                                                                      n?: string;
                                                                                                                                                                                                                                      oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                                                                                                                                      p?: string;
                                                                                                                                                                                                                                      q?: string;
                                                                                                                                                                                                                                      qi?: string;
                                                                                                                                                                                                                                      use?: string;
                                                                                                                                                                                                                                      x?: string;
                                                                                                                                                                                                                                      x5c?: string[];
                                                                                                                                                                                                                                      x5t?: string;
                                                                                                                                                                                                                                      "x5t#S256"?: string;
                                                                                                                                                                                                                                      x5u?: string;
                                                                                                                                                                                                                                      y?: string;
                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                  Index
                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                  alg?
+
                                                                                                                                                                                                                                  interface Jwk {
                                                                                                                                                                                                                                      alg?: string;
                                                                                                                                                                                                                                      crv?: string;
                                                                                                                                                                                                                                      d?: string;
                                                                                                                                                                                                                                      dp?: string;
                                                                                                                                                                                                                                      dq?: string;
                                                                                                                                                                                                                                      e?: string;
                                                                                                                                                                                                                                      ext?: boolean;
                                                                                                                                                                                                                                      k?: string;
                                                                                                                                                                                                                                      key_ops?: string[];
                                                                                                                                                                                                                                      kid?: string;
                                                                                                                                                                                                                                      kty: string;
                                                                                                                                                                                                                                      n?: string;
                                                                                                                                                                                                                                      oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                                                                                                                                      p?: string;
                                                                                                                                                                                                                                      q?: string;
                                                                                                                                                                                                                                      qi?: string;
                                                                                                                                                                                                                                      use?: string;
                                                                                                                                                                                                                                      x?: string;
                                                                                                                                                                                                                                      x5c?: string[];
                                                                                                                                                                                                                                      x5t?: string;
                                                                                                                                                                                                                                      "x5t#S256"?: string;
                                                                                                                                                                                                                                      x5u?: string;
                                                                                                                                                                                                                                      y?: string;
                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                  Index
                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                  alg?
 crv?
 d?
 dp?
@@ -25,26 +25,26 @@
 x5u?
 y?
 
                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                  alg?: string
                                                                                                                                                                                                                                  Intended algorithm for the key (for example: RS256).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  crv?: string
                                                                                                                                                                                                                                  Elliptic curve name (for example: P-256).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  d?: string
                                                                                                                                                                                                                                  RSA private exponent.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  dp?: string
                                                                                                                                                                                                                                  RSA first factor CRT exponent.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  dq?: string
                                                                                                                                                                                                                                  RSA second factor CRT exponent.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  e?: string
                                                                                                                                                                                                                                  RSA public exponent.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  ext?: boolean
                                                                                                                                                                                                                                  Indicates whether the key is extractable.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  k?: string
                                                                                                                                                                                                                                  Symmetric key value (base64url encoded).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  key_ops?: string[]
                                                                                                                                                                                                                                  Allowed operations for the key (e.g. sign, verify, encrypt).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  kid?: string
                                                                                                                                                                                                                                  Key identifier used to match keys during verification.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  kty: string
                                                                                                                                                                                                                                  Key type (for example: RSA, or EC).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  n?: string
                                                                                                                                                                                                                                  RSA modulus.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  oth?: { d?: string; r?: string; t?: string }[]
                                                                                                                                                                                                                                  Additional prime information (multi-prime RSA).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  p?: string
                                                                                                                                                                                                                                  RSA first prime factor.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  q?: string
                                                                                                                                                                                                                                  RSA second prime factor.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  qi?: string
                                                                                                                                                                                                                                  RSA CRT coefficient.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  use?: string
                                                                                                                                                                                                                                  Public key use (sig for signature or enc for encryption).
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  x?: string
                                                                                                                                                                                                                                  X coordinate for EC public keys.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  x5c?: string[]
                                                                                                                                                                                                                                  X.509 certificate chain.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  x5t?: string
                                                                                                                                                                                                                                  X.509 certificate SHA-1 thumbprint.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  "x5t#S256"?: string
                                                                                                                                                                                                                                  X.509 certificate SHA-256 thumbprint.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  x5u?: string
                                                                                                                                                                                                                                  URL referencing the X.509 certificate.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  y?: string
                                                                                                                                                                                                                                  Y coordinate for EC public keys.
                                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                                  Settings
                                                                                                                                                                                                                                  On This Page
                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                                  crv?: string

                                                                                                                                                                                                                                  Elliptic curve name (for example: P-256).

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  d?: string

                                                                                                                                                                                                                                  RSA private exponent.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  dp?: string

                                                                                                                                                                                                                                  RSA first factor CRT exponent.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  dq?: string

                                                                                                                                                                                                                                  RSA second factor CRT exponent.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  e?: string

                                                                                                                                                                                                                                  RSA public exponent.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  ext?: boolean

                                                                                                                                                                                                                                  Indicates whether the key is extractable.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  k?: string

                                                                                                                                                                                                                                  Symmetric key value (base64url encoded).

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  key_ops?: string[]

                                                                                                                                                                                                                                  Allowed operations for the key (e.g. sign, verify, encrypt).

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  kid?: string

                                                                                                                                                                                                                                  Key identifier used to match keys during verification.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  kty: string

                                                                                                                                                                                                                                  Key type (for example: RSA, or EC).

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  n?: string

                                                                                                                                                                                                                                  RSA modulus.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  oth?: { d?: string; r?: string; t?: string }[]

                                                                                                                                                                                                                                  Additional prime information (multi-prime RSA).

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  p?: string

                                                                                                                                                                                                                                  RSA first prime factor.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  q?: string

                                                                                                                                                                                                                                  RSA second prime factor.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  qi?: string

                                                                                                                                                                                                                                  RSA CRT coefficient.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  use?: string

                                                                                                                                                                                                                                  Public key use (sig for signature or enc for encryption).

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  x?: string

                                                                                                                                                                                                                                  X coordinate for EC public keys.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  x5c?: string[]

                                                                                                                                                                                                                                  X.509 certificate chain.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  x5t?: string

                                                                                                                                                                                                                                  X.509 certificate SHA-1 thumbprint.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  "x5t#S256"?: string

                                                                                                                                                                                                                                  X.509 certificate SHA-256 thumbprint.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  x5u?: string

                                                                                                                                                                                                                                  URL referencing the X.509 certificate.

                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                  y?: string

                                                                                                                                                                                                                                  Y coordinate for EC public keys.

                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudOptions.html index 4ae341f0..f6fbb9b2 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudOptions.html @@ -229,7 +229,7 @@

                                                                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                                                                  • Partial<
                                                                                                                                                                                                                                        Omit<
                                                                                                                                                                                                                                            MonoCloudOptionsBase,
                                                                                                                                                                                                                                            "defaultAuthParams"
                                                                                                                                                                                                                                            | "session"
                                                                                                                                                                                                                                            | "routes"
                                                                                                                                                                                                                                            | "state",
                                                                                                                                                                                                                                        >,
                                                                                                                                                                                                                                    >
                                                                                                                                                                                                                                    • MonoCloudOptions
                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                  allowQueryParamOverrides? +
                                                                                                                                                                                                                                  interface MonoCloudOptions {
                                                                                                                                                                                                                                      allowQueryParamOverrides?: boolean;
                                                                                                                                                                                                                                      appUrl?: string;
                                                                                                                                                                                                                                      clientId?: string;
                                                                                                                                                                                                                                      clientSecret?: string;
                                                                                                                                                                                                                                      clockSkew?: number;
                                                                                                                                                                                                                                      cookieSecret?: string;
                                                                                                                                                                                                                                      debugger?: string;
                                                                                                                                                                                                                                      defaultAuthParams?: AuthorizationParams;
                                                                                                                                                                                                                                      federatedSignOut?: boolean;
                                                                                                                                                                                                                                      filteredIdTokenClaims?: string[];
                                                                                                                                                                                                                                      idTokenSigningAlg?: SecurityAlgorithms;
                                                                                                                                                                                                                                      jwksCacheDuration?: number;
                                                                                                                                                                                                                                      metadataCacheDuration?: number;
                                                                                                                                                                                                                                      onBackChannelLogout?: OnBackChannelLogout;
                                                                                                                                                                                                                                      onSessionCreating?: OnSessionCreating;
                                                                                                                                                                                                                                      onSetApplicationState?: OnSetApplicationState;
                                                                                                                                                                                                                                      postLogoutRedirectUri?: string;
                                                                                                                                                                                                                                      refetchUserInfo?: boolean;
                                                                                                                                                                                                                                      resources?: Indicator[];
                                                                                                                                                                                                                                      responseTimeout?: number;
                                                                                                                                                                                                                                      routes?: Partial<MonoCloudRoutes>;
                                                                                                                                                                                                                                      session?: MonoCloudSessionOptions;
                                                                                                                                                                                                                                      state?: MonoCloudStatePartialOptions;
                                                                                                                                                                                                                                      tenantDomain?: string;
                                                                                                                                                                                                                                      usePar?: boolean;
                                                                                                                                                                                                                                      userAgent?: string;
                                                                                                                                                                                                                                      userInfo?: boolean;
                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                                                                  • Partial<
                                                                                                                                                                                                                                        Omit<
                                                                                                                                                                                                                                            MonoCloudOptionsBase,
                                                                                                                                                                                                                                            "defaultAuthParams"
                                                                                                                                                                                                                                            | "session"
                                                                                                                                                                                                                                            | "routes"
                                                                                                                                                                                                                                            | "state",
                                                                                                                                                                                                                                        >,
                                                                                                                                                                                                                                    >
                                                                                                                                                                                                                                    • MonoCloudOptions
                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                  allowQueryParamOverrides? appUrl? clientId? clientSecret? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudRequest.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudRequest.html index 25e4225f..7d0446cc 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudRequest.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudRequest.html @@ -1,5 +1,5 @@ MonoCloudRequest | MonoCloud Authentication SDK
                                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                                    Interface MonoCloudRequest

                                                                                                                                                                                                                                    Represents a request object that includes cookie handling capabilities.

                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                    interface MonoCloudRequest {
                                                                                                                                                                                                                                        getAllCookies(): Promise<Map<string, string>>;
                                                                                                                                                                                                                                        getCookie(name: string): Promise<string | undefined>;
                                                                                                                                                                                                                                        getQuery(parameter: string): string | string[] | undefined;
                                                                                                                                                                                                                                        getRawRequest(): Promise<
                                                                                                                                                                                                                                            { body: string
                                                                                                                                                                                                                                            | Record<string, string>; method: string; url: string },
                                                                                                                                                                                                                                        >;
                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                    Hierarchy

                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                    Methods

                                                                                                                                                                                                                                    getAllCookies +
                                                                                                                                                                                                                                    interface MonoCloudRequest {
                                                                                                                                                                                                                                        getAllCookies(): Promise<Map<string, string>>;
                                                                                                                                                                                                                                        getCookie(name: string): Promise<string | undefined>;
                                                                                                                                                                                                                                        getQuery(parameter: string): string | string[] | undefined;
                                                                                                                                                                                                                                        getRawRequest(): Promise<
                                                                                                                                                                                                                                            { body: string
                                                                                                                                                                                                                                            | Record<string, string>; method: string; url: string },
                                                                                                                                                                                                                                        >;
                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                    Hierarchy

                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                    Methods

                                                                                                                                                                                                                                    getAllCookies getCookie getQuery getRawRequest diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSession.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSession.html index 3f613481..2471efd1 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSession.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSession.html @@ -1,15 +1,15 @@ MonoCloudSession | MonoCloud Authentication SDK
                                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                                      Interface MonoCloudSession

                                                                                                                                                                                                                                      Represents an authenticated session, containing the authenticated user profile along with the tokens and metadata issued during authentication.

                                                                                                                                                                                                                                      interface MonoCloudSession {
                                                                                                                                                                                                                                          accessTokens?: AccessToken[];
                                                                                                                                                                                                                                          authorizedScopes?: string;
                                                                                                                                                                                                                                          idToken?: string;
                                                                                                                                                                                                                                          refreshToken?: string;
                                                                                                                                                                                                                                          user: MonoCloudUser;
                                                                                                                                                                                                                                          [key: string]: unknown;
                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                      Indexable

                                                                                                                                                                                                                                      • [key: string]: unknown

                                                                                                                                                                                                                                        Additional custom properties attached to the session.

                                                                                                                                                                                                                                        These may be added via hooks such as onSessionCreating.

                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                      Index

                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                      accessTokens? +
                                                                                                                                                                                                                                      Index

                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                      accessTokens? authorizedScopes? idToken? refreshToken? user

                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                      accessTokens?: AccessToken[]

                                                                                                                                                                                                                                      Access tokens associated with the session.

                                                                                                                                                                                                                                      Multiple tokens may exist when access tokens are issued for different resources or scope sets.

                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                      authorizedScopes?: string

                                                                                                                                                                                                                                      Space-separated list of scopes authorized for the session.

                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                      idToken?: string

                                                                                                                                                                                                                                      Optional ID token issued during authentication.

                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                      refreshToken?: string

                                                                                                                                                                                                                                      Optional refresh token used to obtain new access tokens without requiring the user to re-authenticate.

                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                      user: MonoCloudUser

                                                                                                                                                                                                                                      The authenticated user profile, typically derived from ID token claims and/or the UserInfo endpoint.

                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                      On This Page

                                                                                                                                                                                                                                      Properties
                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                      authorizedScopes?: string

                                                                                                                                                                                                                                      Space-separated list of scopes authorized for the session.

                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                      idToken?: string

                                                                                                                                                                                                                                      Optional ID token issued during authentication.

                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                      refreshToken?: string

                                                                                                                                                                                                                                      Optional refresh token used to obtain new access tokens without requiring the user to re-authenticate.

                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                      user: MonoCloudUser

                                                                                                                                                                                                                                      The authenticated user profile, typically derived from ID token claims and/or the UserInfo endpoint.

                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                      On This Page

                                                                                                                                                                                                                                      Properties
                                                                                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSessionOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSessionOptions.html index 0096aea8..94de785f 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSessionOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudSessionOptions.html @@ -1,5 +1,5 @@ MonoCloudSessionOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                                        Interface MonoCloudSessionOptions

                                                                                                                                                                                                                                        Partial configuration options for authentication sessions.

                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                        interface MonoCloudSessionOptions {
                                                                                                                                                                                                                                            cookie?: Partial<MonoCloudCookieOptions>;
                                                                                                                                                                                                                                            duration?: number;
                                                                                                                                                                                                                                            maximumDuration?: number;
                                                                                                                                                                                                                                            sliding?: boolean;
                                                                                                                                                                                                                                            store?: MonoCloudSessionStore;
                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                        cookie? +
                                                                                                                                                                                                                                        interface MonoCloudSessionOptions {
                                                                                                                                                                                                                                            cookie?: Partial<MonoCloudCookieOptions>;
                                                                                                                                                                                                                                            duration?: number;
                                                                                                                                                                                                                                            maximumDuration?: number;
                                                                                                                                                                                                                                            sliding?: boolean;
                                                                                                                                                                                                                                            store?: MonoCloudSessionStore;
                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                        cookie? duration? maximumDuration? sliding? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudTokens.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudTokens.html index 624cbee8..07258b0e 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudTokens.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudTokens.html @@ -1,6 +1,6 @@ MonoCloudTokens | MonoCloud Authentication SDK
                                                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                                                          Interface MonoCloudTokens

                                                                                                                                                                                                                                          Represents the token set associated with the currently authenticated user.

                                                                                                                                                                                                                                          This object extends AccessToken and includes additional tokens issued during authentication, along with convenience metadata used by the SDK to indicate token validity.

                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                          interface MonoCloudTokens {
                                                                                                                                                                                                                                              accessToken: string;
                                                                                                                                                                                                                                              accessTokenExpiration: number;
                                                                                                                                                                                                                                              idToken?: string;
                                                                                                                                                                                                                                              isExpired: boolean;
                                                                                                                                                                                                                                              refreshToken?: string;
                                                                                                                                                                                                                                              requestedScopes?: string;
                                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                                              scopes: string;
                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                          accessToken +
                                                                                                                                                                                                                                          interface MonoCloudTokens {
                                                                                                                                                                                                                                              accessToken: string;
                                                                                                                                                                                                                                              accessTokenExpiration: number;
                                                                                                                                                                                                                                              idToken?: string;
                                                                                                                                                                                                                                              isExpired: boolean;
                                                                                                                                                                                                                                              refreshToken?: string;
                                                                                                                                                                                                                                              requestedScopes?: string;
                                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                                              scopes: string;
                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                          accessToken accessTokenExpiration idToken? isExpired @@ -9,12 +9,12 @@ resource? scopes

                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                          accessToken: string

                                                                                                                                                                                                                                          The issued access token.

                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                          accessTokenExpiration: number

                                                                                                                                                                                                                                          The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                          idToken?: string

                                                                                                                                                                                                                                          The ID token issued during authentication. Contains identity claims about the authenticated user.

                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                          accessTokenExpiration: number

                                                                                                                                                                                                                                          The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                          idToken?: string

                                                                                                                                                                                                                                          The ID token issued during authentication. Contains identity claims about the authenticated user.

                                                                                                                                                                                                                                          isExpired: boolean

                                                                                                                                                                                                                                          Indicates whether the current access token is expired at the time of evaluation.

                                                                                                                                                                                                                                          refreshToken?: string

                                                                                                                                                                                                                                          The refresh token used to obtain new access tokens without requiring the user to re-authenticate.

                                                                                                                                                                                                                                          requestedScopes?: string

                                                                                                                                                                                                                                          Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                          resource?: string

                                                                                                                                                                                                                                          Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                          scopes: string

                                                                                                                                                                                                                                          Space-separated list of scopes granted to the access token.

                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                          resource?: string

                                                                                                                                                                                                                                          Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                          scopes: string

                                                                                                                                                                                                                                          Space-separated list of scopes granted to the access token.

                                                                                                                                                                                                                                          These represent the effective permissions approved by the authorization server.

                                                                                                                                                                                                                                          -

                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                                          +

                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudUser.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudUser.html index 1d66148b..739bddb8 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudUser.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.MonoCloudUser.html @@ -1,6 +1,6 @@ MonoCloudUser | MonoCloud Authentication SDK
                                                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                                                            Interface MonoCloudUser

                                                                                                                                                                                                                                            Represents the authenticated user stored in a MonoCloud session.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            interface MonoCloudUser {
                                                                                                                                                                                                                                                address?: Address;
                                                                                                                                                                                                                                                amr?: string[];
                                                                                                                                                                                                                                                birthdate?: string;
                                                                                                                                                                                                                                                email?: string;
                                                                                                                                                                                                                                                email_verified?: boolean;
                                                                                                                                                                                                                                                family_name?: string;
                                                                                                                                                                                                                                                gender?: string;
                                                                                                                                                                                                                                                given_name?: string;
                                                                                                                                                                                                                                                groups?: Group[];
                                                                                                                                                                                                                                                idp?: string;
                                                                                                                                                                                                                                                locale?: string;
                                                                                                                                                                                                                                                middle_name?: string;
                                                                                                                                                                                                                                                name?: string;
                                                                                                                                                                                                                                                nickname?: string;
                                                                                                                                                                                                                                                phone_number?: string;
                                                                                                                                                                                                                                                phone_number_verified?: boolean;
                                                                                                                                                                                                                                                picture?: string;
                                                                                                                                                                                                                                                preferred_username?: string;
                                                                                                                                                                                                                                                profile?: string;
                                                                                                                                                                                                                                                sub: string;
                                                                                                                                                                                                                                                updated_at?: number;
                                                                                                                                                                                                                                                website?: string;
                                                                                                                                                                                                                                                zoneinfo?: string;
                                                                                                                                                                                                                                                [key: string]: unknown;
                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                                                            Indexable

                                                                                                                                                                                                                                            • [key: string]: unknown

                                                                                                                                                                                                                                              Additional provider-specific claims.

                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                                            address? +
                                                                                                                                                                                                                                            interface MonoCloudUser {
                                                                                                                                                                                                                                                address?: Address;
                                                                                                                                                                                                                                                amr?: string[];
                                                                                                                                                                                                                                                birthdate?: string;
                                                                                                                                                                                                                                                email?: string;
                                                                                                                                                                                                                                                email_verified?: boolean;
                                                                                                                                                                                                                                                family_name?: string;
                                                                                                                                                                                                                                                gender?: string;
                                                                                                                                                                                                                                                given_name?: string;
                                                                                                                                                                                                                                                groups?: Group[];
                                                                                                                                                                                                                                                idp?: string;
                                                                                                                                                                                                                                                locale?: string;
                                                                                                                                                                                                                                                middle_name?: string;
                                                                                                                                                                                                                                                name?: string;
                                                                                                                                                                                                                                                nickname?: string;
                                                                                                                                                                                                                                                phone_number?: string;
                                                                                                                                                                                                                                                phone_number_verified?: boolean;
                                                                                                                                                                                                                                                picture?: string;
                                                                                                                                                                                                                                                preferred_username?: string;
                                                                                                                                                                                                                                                profile?: string;
                                                                                                                                                                                                                                                sub: string;
                                                                                                                                                                                                                                                updated_at?: number;
                                                                                                                                                                                                                                                website?: string;
                                                                                                                                                                                                                                                zoneinfo?: string;
                                                                                                                                                                                                                                                [key: string]: unknown;
                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                                                            Indexable

                                                                                                                                                                                                                                            • [key: string]: unknown

                                                                                                                                                                                                                                              Additional provider-specific claims.

                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                                            address? amr? birthdate? email? @@ -24,26 +24,26 @@ website? zoneinfo?

                                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                                            address?: Address

                                                                                                                                                                                                                                            Postal address.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            amr?: string[]

                                                                                                                                                                                                                                            Authentication Methods References (AMR). Indicates how the user authenticated.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            birthdate?: string

                                                                                                                                                                                                                                            Birthday.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            email?: string

                                                                                                                                                                                                                                            Email address.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            email_verified?: boolean

                                                                                                                                                                                                                                            Whether the email address has been verified by the provider.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            family_name?: string

                                                                                                                                                                                                                                            Surname(s) / last name.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            gender?: string

                                                                                                                                                                                                                                            Gender.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            given_name?: string

                                                                                                                                                                                                                                            Given name(s) / first name.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            groups?: Group[]

                                                                                                                                                                                                                                            Group memberships for the user.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            idp?: string

                                                                                                                                                                                                                                            Identity Provider (IdP) identifier. Specifies the upstream provider used to authenticate the user.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            locale?: string

                                                                                                                                                                                                                                            Locale.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            middle_name?: string

                                                                                                                                                                                                                                            Middle name(s).

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            name?: string

                                                                                                                                                                                                                                            Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            nickname?: string

                                                                                                                                                                                                                                            Casual name used by the user.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            phone_number?: string

                                                                                                                                                                                                                                            Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            phone_number_verified?: boolean

                                                                                                                                                                                                                                            Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            picture?: string

                                                                                                                                                                                                                                            URL of the user's profile picture.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            preferred_username?: string

                                                                                                                                                                                                                                            Preferred username.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            profile?: string

                                                                                                                                                                                                                                            URL of the user's profile page.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            sub: string

                                                                                                                                                                                                                                            Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            updated_at?: number

                                                                                                                                                                                                                                            Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            website?: string

                                                                                                                                                                                                                                            URL of the user's website.

                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                            zoneinfo?: string

                                                                                                                                                                                                                                            Time zone name.

                                                                                                                                                                                                                                            -

                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                            On This Page

                                                                                                                                                                                                                                            Properties
                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            amr?: string[]

                                                                                                                                                                                                                                            Authentication Methods References (AMR). Indicates how the user authenticated.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            birthdate?: string

                                                                                                                                                                                                                                            Birthday.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            email?: string

                                                                                                                                                                                                                                            Email address.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            email_verified?: boolean

                                                                                                                                                                                                                                            Whether the email address has been verified by the provider.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            family_name?: string

                                                                                                                                                                                                                                            Surname(s) / last name.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            gender?: string

                                                                                                                                                                                                                                            Gender.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            given_name?: string

                                                                                                                                                                                                                                            Given name(s) / first name.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            groups?: Group[]

                                                                                                                                                                                                                                            Group memberships for the user.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            idp?: string

                                                                                                                                                                                                                                            Identity Provider (IdP) identifier. Specifies the upstream provider used to authenticate the user.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            locale?: string

                                                                                                                                                                                                                                            Locale.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            middle_name?: string

                                                                                                                                                                                                                                            Middle name(s).

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            name?: string

                                                                                                                                                                                                                                            Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            nickname?: string

                                                                                                                                                                                                                                            Casual name used by the user.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            phone_number?: string

                                                                                                                                                                                                                                            Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            phone_number_verified?: boolean

                                                                                                                                                                                                                                            Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            picture?: string

                                                                                                                                                                                                                                            URL of the user's profile picture.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            preferred_username?: string

                                                                                                                                                                                                                                            Preferred username.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            profile?: string

                                                                                                                                                                                                                                            URL of the user's profile page.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            sub: string

                                                                                                                                                                                                                                            Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            updated_at?: number

                                                                                                                                                                                                                                            Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            website?: string

                                                                                                                                                                                                                                            URL of the user's website.

                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                            zoneinfo?: string

                                                                                                                                                                                                                                            Time zone name.

                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                            On This Page

                                                                                                                                                                                                                                            Properties
                                                                                                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiAppOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiAppOptions.html index 56e86ed1..3baa3e36 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiAppOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiAppOptions.html @@ -1,5 +1,5 @@ ProtectApiAppOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                                                              Interface ProtectApiAppOptions

                                                                                                                                                                                                                                              Options for configuring protectApi() in the App Router.

                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                              interface ProtectApiAppOptions {
                                                                                                                                                                                                                                                  groups?: string[];
                                                                                                                                                                                                                                                  groupsClaim?: string;
                                                                                                                                                                                                                                                  matchAll?: boolean;
                                                                                                                                                                                                                                                  onAccessDenied?: AppRouterApiOnAccessDeniedHandler;
                                                                                                                                                                                                                                                  onGroupAccessDenied?: AppRouterApiOnGroupAccessDeniedHandler;
                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                                                              Index

                                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                                              groups? +
                                                                                                                                                                                                                                              interface ProtectApiAppOptions {
                                                                                                                                                                                                                                                  groups?: string[];
                                                                                                                                                                                                                                                  groupsClaim?: string;
                                                                                                                                                                                                                                                  matchAll?: boolean;
                                                                                                                                                                                                                                                  onAccessDenied?: AppRouterApiOnAccessDeniedHandler;
                                                                                                                                                                                                                                                  onGroupAccessDenied?: AppRouterApiOnGroupAccessDeniedHandler;
                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                                                              Index

                                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                                              groups? groupsClaim? matchAll? onAccessDenied? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiPageOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiPageOptions.html index dd9295e4..7262c29b 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiPageOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectApiPageOptions.html @@ -1,5 +1,5 @@ ProtectApiPageOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                                                Interface ProtectApiPageOptions

                                                                                                                                                                                                                                                Options for configuring protectApi() in the Pages Router.

                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                interface ProtectApiPageOptions {
                                                                                                                                                                                                                                                    groups?: string[];
                                                                                                                                                                                                                                                    groupsClaim?: string;
                                                                                                                                                                                                                                                    matchAll?: boolean;
                                                                                                                                                                                                                                                    onAccessDenied?: PageRouterApiOnAccessDeniedHandler;
                                                                                                                                                                                                                                                    onGroupAccessDenied?: PageRouterApiOnGroupAccessDeniedHandler;
                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                Hierarchy

                                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                groups? +
                                                                                                                                                                                                                                                interface ProtectApiPageOptions {
                                                                                                                                                                                                                                                    groups?: string[];
                                                                                                                                                                                                                                                    groupsClaim?: string;
                                                                                                                                                                                                                                                    matchAll?: boolean;
                                                                                                                                                                                                                                                    onAccessDenied?: PageRouterApiOnAccessDeniedHandler;
                                                                                                                                                                                                                                                    onGroupAccessDenied?: PageRouterApiOnGroupAccessDeniedHandler;
                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                Hierarchy

                                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                groups? groupsClaim? matchAll? onAccessDenied? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectAppPageOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectAppPageOptions.html index 45d90fa1..3b62128d 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectAppPageOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectAppPageOptions.html @@ -1,5 +1,5 @@ ProtectAppPageOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                                                                  Interface ProtectAppPageOptions

                                                                                                                                                                                                                                                  Options for configuring protectPage() in the App Router.

                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                  interface ProtectAppPageOptions {
                                                                                                                                                                                                                                                      authParams?: ExtraAuthParams;
                                                                                                                                                                                                                                                      groups?: string[];
                                                                                                                                                                                                                                                      groupsClaim?: string;
                                                                                                                                                                                                                                                      matchAll?: boolean;
                                                                                                                                                                                                                                                      onAccessDenied?: (
                                                                                                                                                                                                                                                          props: {
                                                                                                                                                                                                                                                              params?: Record<string, string | string[]>;
                                                                                                                                                                                                                                                              searchParams?: Record<string, string | string[] | undefined>;
                                                                                                                                                                                                                                                          },
                                                                                                                                                                                                                                                      ) => Element
                                                                                                                                                                                                                                                      | Promise<Element>;
                                                                                                                                                                                                                                                      onGroupAccessDenied?: (
                                                                                                                                                                                                                                                          props: {
                                                                                                                                                                                                                                                              params?: Record<string, string | string[]>;
                                                                                                                                                                                                                                                              searchParams?: Record<string, string | string[] | undefined>;
                                                                                                                                                                                                                                                              user: MonoCloudUser;
                                                                                                                                                                                                                                                          },
                                                                                                                                                                                                                                                      ) => Element
                                                                                                                                                                                                                                                      | Promise<Element>;
                                                                                                                                                                                                                                                      returnUrl?: string;
                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                  authParams? +
                                                                                                                                                                                                                                                  interface ProtectAppPageOptions {
                                                                                                                                                                                                                                                      authParams?: ExtraAuthParams;
                                                                                                                                                                                                                                                      groups?: string[];
                                                                                                                                                                                                                                                      groupsClaim?: string;
                                                                                                                                                                                                                                                      matchAll?: boolean;
                                                                                                                                                                                                                                                      onAccessDenied?: (
                                                                                                                                                                                                                                                          props: {
                                                                                                                                                                                                                                                              params?: Record<string, string | string[]>;
                                                                                                                                                                                                                                                              searchParams?: Record<string, string | string[] | undefined>;
                                                                                                                                                                                                                                                          },
                                                                                                                                                                                                                                                      ) => Element
                                                                                                                                                                                                                                                      | Promise<Element>;
                                                                                                                                                                                                                                                      onGroupAccessDenied?: (
                                                                                                                                                                                                                                                          props: {
                                                                                                                                                                                                                                                              params?: Record<string, string | string[]>;
                                                                                                                                                                                                                                                              searchParams?: Record<string, string | string[] | undefined>;
                                                                                                                                                                                                                                                              user: MonoCloudUser;
                                                                                                                                                                                                                                                          },
                                                                                                                                                                                                                                                      ) => Element
                                                                                                                                                                                                                                                      | Promise<Element>;
                                                                                                                                                                                                                                                      returnUrl?: string;
                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                  Hierarchy

                                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                  authParams? groups? groupsClaim? matchAll? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectOptions.html index 12d6dbd4..eb3111b3 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectOptions.html @@ -1,5 +1,5 @@ ProtectOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                                                    Interface ProtectOptions

                                                                                                                                                                                                                                                    Options for configuring the protect() helper.

                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                    interface ProtectOptions {
                                                                                                                                                                                                                                                        authParams?: ExtraAuthParams;
                                                                                                                                                                                                                                                        groups?: string[];
                                                                                                                                                                                                                                                        groupsClaim?: string;
                                                                                                                                                                                                                                                        matchAll?: boolean;
                                                                                                                                                                                                                                                        returnUrl?: string;
                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                    Hierarchy

                                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                    authParams? +
                                                                                                                                                                                                                                                    interface ProtectOptions {
                                                                                                                                                                                                                                                        authParams?: ExtraAuthParams;
                                                                                                                                                                                                                                                        groups?: string[];
                                                                                                                                                                                                                                                        groupsClaim?: string;
                                                                                                                                                                                                                                                        matchAll?: boolean;
                                                                                                                                                                                                                                                        returnUrl?: string;
                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                    Hierarchy

                                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                    authParams? groups? groupsClaim? matchAll? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectPagePageOptions.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectPagePageOptions.html index 22b61a63..e2aa4177 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectPagePageOptions.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.ProtectPagePageOptions.html @@ -1,7 +1,7 @@ ProtectPagePageOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                                                      Interface ProtectPagePageOptions<P, Q>

                                                                                                                                                                                                                                                      Options for configuring protectPage() in the Pages Router.

                                                                                                                                                                                                                                                      interface ProtectPagePageOptions<
                                                                                                                                                                                                                                                          P extends Record<string, any> = Record<string, any>,
                                                                                                                                                                                                                                                          Q extends ParsedUrlQuery = ParsedUrlQuery,
                                                                                                                                                                                                                                                      > {
                                                                                                                                                                                                                                                          authParams?: ExtraAuthParams;
                                                                                                                                                                                                                                                          getServerSideProps?: GetServerSideProps<P, Q>;
                                                                                                                                                                                                                                                          groups?: string[];
                                                                                                                                                                                                                                                          groupsClaim?: string;
                                                                                                                                                                                                                                                          matchAll?: boolean;
                                                                                                                                                                                                                                                          onAccessDenied?: ProtectPagePageOnAccessDeniedType<P, Q>;
                                                                                                                                                                                                                                                          onGroupAccessDenied?: ProtectPagePageOnGroupAccessDeniedType<P, Q>;
                                                                                                                                                                                                                                                          returnUrl?: string;
                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                      Type Parameters

                                                                                                                                                                                                                                                      • P extends Record<string, any> = Record<string, any>

                                                                                                                                                                                                                                                        Props returned from getServerSideProps.

                                                                                                                                                                                                                                                      • Q extends ParsedUrlQuery = ParsedUrlQuery

                                                                                                                                                                                                                                                        Query parameters parsed from the URL.

                                                                                                                                                                                                                                                        -

                                                                                                                                                                                                                                                      Hierarchy

                                                                                                                                                                                                                                                      Index

                                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                                      authParams? +

                                                                                                                                                                                                                                                      Hierarchy

                                                                                                                                                                                                                                                      Index

                                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                                      authParams? getServerSideProps? groups? groupsClaim? diff --git a/docs/html/interfaces/_monocloud_auth-nextjs.index.UserinfoResponse.html b/docs/html/interfaces/_monocloud_auth-nextjs.index.UserinfoResponse.html index c48189fd..1af76fd1 100644 --- a/docs/html/interfaces/_monocloud_auth-nextjs.index.UserinfoResponse.html +++ b/docs/html/interfaces/_monocloud_auth-nextjs.index.UserinfoResponse.html @@ -1,7 +1,7 @@ UserinfoResponse | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                                                        Interface UserinfoResponse<TAddress>

                                                                                                                                                                                                                                                        Represents the OpenID Connect UserInfo response.

                                                                                                                                                                                                                                                        interface UserinfoResponse<TAddress extends Address = Address> {
                                                                                                                                                                                                                                                            address?: TAddress;
                                                                                                                                                                                                                                                            birthdate?: string;
                                                                                                                                                                                                                                                            email?: string;
                                                                                                                                                                                                                                                            email_verified?: boolean;
                                                                                                                                                                                                                                                            family_name?: string;
                                                                                                                                                                                                                                                            gender?: string;
                                                                                                                                                                                                                                                            given_name?: string;
                                                                                                                                                                                                                                                            groups?: Group[];
                                                                                                                                                                                                                                                            locale?: string;
                                                                                                                                                                                                                                                            middle_name?: string;
                                                                                                                                                                                                                                                            name?: string;
                                                                                                                                                                                                                                                            nickname?: string;
                                                                                                                                                                                                                                                            phone_number?: string;
                                                                                                                                                                                                                                                            phone_number_verified?: boolean;
                                                                                                                                                                                                                                                            picture?: string;
                                                                                                                                                                                                                                                            preferred_username?: string;
                                                                                                                                                                                                                                                            profile?: string;
                                                                                                                                                                                                                                                            sub: string;
                                                                                                                                                                                                                                                            updated_at?: number;
                                                                                                                                                                                                                                                            website?: string;
                                                                                                                                                                                                                                                            zoneinfo?: string;
                                                                                                                                                                                                                                                            [key: string]: unknown;
                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                        Type Parameters

                                                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                                                        Indexable

                                                                                                                                                                                                                                                        • [key: string]: unknown

                                                                                                                                                                                                                                                          Additional provider-specific claims.

                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                                        address? +

                                                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                                                        Indexable

                                                                                                                                                                                                                                                        • [key: string]: unknown

                                                                                                                                                                                                                                                          Additional provider-specific claims.

                                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                                        address? birthdate? email? email_verified? @@ -23,24 +23,24 @@ website? zoneinfo?

                                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                                        address?: TAddress

                                                                                                                                                                                                                                                        Postal address.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        birthdate?: string

                                                                                                                                                                                                                                                        Birthday.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        email?: string

                                                                                                                                                                                                                                                        Email address.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        email_verified?: boolean

                                                                                                                                                                                                                                                        Whether the email address has been verified by the provider.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        family_name?: string

                                                                                                                                                                                                                                                        Surname(s) / last name.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        gender?: string

                                                                                                                                                                                                                                                        Gender.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        given_name?: string

                                                                                                                                                                                                                                                        Given name(s) / first name.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        groups?: Group[]

                                                                                                                                                                                                                                                        Group memberships for the user.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        locale?: string

                                                                                                                                                                                                                                                        Locale.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        middle_name?: string

                                                                                                                                                                                                                                                        Middle name(s).

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        name?: string

                                                                                                                                                                                                                                                        Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        nickname?: string

                                                                                                                                                                                                                                                        Casual name used by the user.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        phone_number?: string

                                                                                                                                                                                                                                                        Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        phone_number_verified?: boolean

                                                                                                                                                                                                                                                        Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        picture?: string

                                                                                                                                                                                                                                                        URL of the user's profile picture.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        preferred_username?: string

                                                                                                                                                                                                                                                        Preferred username.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        profile?: string

                                                                                                                                                                                                                                                        URL of the user's profile page.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        sub: string

                                                                                                                                                                                                                                                        Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        updated_at?: number

                                                                                                                                                                                                                                                        Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        website?: string

                                                                                                                                                                                                                                                        URL of the user's website.

                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                        zoneinfo?: string

                                                                                                                                                                                                                                                        Time zone name.

                                                                                                                                                                                                                                                        -

                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                        On This Page

                                                                                                                                                                                                                                                        Properties
                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        birthdate?: string

                                                                                                                                                                                                                                                        Birthday.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        email?: string

                                                                                                                                                                                                                                                        Email address.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        email_verified?: boolean

                                                                                                                                                                                                                                                        Whether the email address has been verified by the provider.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        family_name?: string

                                                                                                                                                                                                                                                        Surname(s) / last name.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        gender?: string

                                                                                                                                                                                                                                                        Gender.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        given_name?: string

                                                                                                                                                                                                                                                        Given name(s) / first name.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        groups?: Group[]

                                                                                                                                                                                                                                                        Group memberships for the user.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        locale?: string

                                                                                                                                                                                                                                                        Locale.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        middle_name?: string

                                                                                                                                                                                                                                                        Middle name(s).

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        name?: string

                                                                                                                                                                                                                                                        Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        nickname?: string

                                                                                                                                                                                                                                                        Casual name used by the user.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        phone_number?: string

                                                                                                                                                                                                                                                        Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        phone_number_verified?: boolean

                                                                                                                                                                                                                                                        Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        picture?: string

                                                                                                                                                                                                                                                        URL of the user's profile picture.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        preferred_username?: string

                                                                                                                                                                                                                                                        Preferred username.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        profile?: string

                                                                                                                                                                                                                                                        URL of the user's profile page.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        sub: string

                                                                                                                                                                                                                                                        Subject identifier - a unique, stable identifier for the user within the issuer.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        updated_at?: number

                                                                                                                                                                                                                                                        Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        website?: string

                                                                                                                                                                                                                                                        URL of the user's website.

                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                        zoneinfo?: string

                                                                                                                                                                                                                                                        Time zone name.

                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                        On This Page

                                                                                                                                                                                                                                                        Properties
                                                                                                                                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.AccessToken.html b/docs/html/interfaces/_monocloud_auth-node-core.index.AccessToken.html index 67e6ff2a..2f60e596 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.AccessToken.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.AccessToken.html @@ -1,13 +1,13 @@ AccessToken | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                                                                          Interface AccessToken

                                                                                                                                                                                                                                                          Represents an OAuth 2.0 access token and its associated metadata.

                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                          interface AccessToken {
                                                                                                                                                                                                                                                              accessToken: string;
                                                                                                                                                                                                                                                              accessTokenExpiration: number;
                                                                                                                                                                                                                                                              requestedScopes?: string;
                                                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                                                              scopes: string;
                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                                          accessToken +
                                                                                                                                                                                                                                                          interface AccessToken {
                                                                                                                                                                                                                                                              accessToken: string;
                                                                                                                                                                                                                                                              accessTokenExpiration: number;
                                                                                                                                                                                                                                                              requestedScopes?: string;
                                                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                                                              scopes: string;
                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                                          accessToken accessTokenExpiration requestedScopes? resource? scopes

                                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                                          accessToken: string

                                                                                                                                                                                                                                                          The issued access token.

                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                          accessTokenExpiration: number

                                                                                                                                                                                                                                                          The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                          requestedScopes?: string

                                                                                                                                                                                                                                                          Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                          resource?: string

                                                                                                                                                                                                                                                          Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                          scopes: string

                                                                                                                                                                                                                                                          Space-separated list of scopes granted to the access token.

                                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                                          accessTokenExpiration: number

                                                                                                                                                                                                                                                          The expiration time of the access token (Unix epoch, in seconds).

                                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                                          requestedScopes?: string

                                                                                                                                                                                                                                                          Optional space-separated list of scopes originally requested during token acquisition.

                                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                                          resource?: string

                                                                                                                                                                                                                                                          Optional resource (audience) that the access token is scoped for.

                                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                                          scopes: string

                                                                                                                                                                                                                                                          Space-separated list of scopes granted to the access token.

                                                                                                                                                                                                                                                          These represent the effective permissions approved by the authorization server.

                                                                                                                                                                                                                                                          -

                                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                                                          +

                                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.Address.html b/docs/html/interfaces/_monocloud_auth-node-core.index.Address.html index bf28ec3e..00243beb 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.Address.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.Address.html @@ -1,15 +1,15 @@ Address | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                                                                            Interface Address

                                                                                                                                                                                                                                                            Represents a postal address as defined by the OpenID Connect standard address claim.

                                                                                                                                                                                                                                                            interface Address {
                                                                                                                                                                                                                                                                country?: string;
                                                                                                                                                                                                                                                                formatted?: string;
                                                                                                                                                                                                                                                                locality?: string;
                                                                                                                                                                                                                                                                postal_code?: string;
                                                                                                                                                                                                                                                                region?: string;
                                                                                                                                                                                                                                                                street_address?: string;
                                                                                                                                                                                                                                                                [key: string]: unknown;
                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                            Indexable

                                                                                                                                                                                                                                                            • [key: string]: unknown

                                                                                                                                                                                                                                                              Additional provider-specific address fields.

                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                                                            country? +
                                                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                                                            country? formatted? locality? postal_code? region? street_address?

                                                                                                                                                                                                                                                            Properties

                                                                                                                                                                                                                                                            country?: string

                                                                                                                                                                                                                                                            Country name or ISO country code.

                                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                                            formatted?: string

                                                                                                                                                                                                                                                            Full mailing address formatted for display or mailing labels.

                                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                                            locality?: string

                                                                                                                                                                                                                                                            City or locality component.

                                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                                            postal_code?: string

                                                                                                                                                                                                                                                            Postal or ZIP code.

                                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                                            region?: string

                                                                                                                                                                                                                                                            State, province, or region component.

                                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                                            street_address?: string

                                                                                                                                                                                                                                                            Full street address component, which may include house number, street name, apartment, suite, or unit information.

                                                                                                                                                                                                                                                            -

                                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                                            On This Page

                                                                                                                                                                                                                                                            Properties
                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                            formatted?: string

                                                                                                                                                                                                                                                            Full mailing address formatted for display or mailing labels.

                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                            locality?: string

                                                                                                                                                                                                                                                            City or locality component.

                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                            postal_code?: string

                                                                                                                                                                                                                                                            Postal or ZIP code.

                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                            region?: string

                                                                                                                                                                                                                                                            State, province, or region component.

                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                            street_address?: string

                                                                                                                                                                                                                                                            Full street address component, which may include house number, street name, apartment, suite, or unit information.

                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                                            On This Page

                                                                                                                                                                                                                                                            Properties
                                                                                                                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.ApplicationState.html b/docs/html/interfaces/_monocloud_auth-node-core.index.ApplicationState.html index a75bb696..5612f343 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.ApplicationState.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.ApplicationState.html @@ -1,3 +1,3 @@ ApplicationState | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                                                                              Interface ApplicationState

                                                                                                                                                                                                                                                              Represents custom application state associated with an authentication request.

                                                                                                                                                                                                                                                              This object is populated via onSetApplicationState and is persisted through the authentication flow. The resolved value is later available during session creation and can be used to carry application-specific context (for example: return targets, workflow state, or tenant hints).

                                                                                                                                                                                                                                                              -

                                                                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                                                                              • Record<string, any>
                                                                                                                                                                                                                                                                • ApplicationState

                                                                                                                                                                                                                                                              Indexable

                                                                                                                                                                                                                                                              • [key: string]: any

                                                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                              Hierarchy

                                                                                                                                                                                                                                                              • Record<string, any>
                                                                                                                                                                                                                                                                • ApplicationState

                                                                                                                                                                                                                                                              Indexable

                                                                                                                                                                                                                                                              • [key: string]: any

                                                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.AuthState.html b/docs/html/interfaces/_monocloud_auth-node-core.index.AuthState.html index 3e2b37d5..8aca1fee 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.AuthState.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.AuthState.html @@ -1,14 +1,14 @@ AuthState | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                                                                Interface AuthState

                                                                                                                                                                                                                                                                Represents the authentication transaction state stored between the authorization request and the callback.

                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                interface AuthState {
                                                                                                                                                                                                                                                                    codeVerifier?: string;
                                                                                                                                                                                                                                                                    maxAge?: number;
                                                                                                                                                                                                                                                                    nonce: string;
                                                                                                                                                                                                                                                                    resource?: string;
                                                                                                                                                                                                                                                                    scopes: string;
                                                                                                                                                                                                                                                                    state: string;
                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                                codeVerifier? +
                                                                                                                                                                                                                                                                interface AuthState {
                                                                                                                                                                                                                                                                    codeVerifier?: string;
                                                                                                                                                                                                                                                                    maxAge?: number;
                                                                                                                                                                                                                                                                    nonce: string;
                                                                                                                                                                                                                                                                    resource?: string;
                                                                                                                                                                                                                                                                    scopes: string;
                                                                                                                                                                                                                                                                    state: string;
                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                                codeVerifier? maxAge? nonce resource? scopes state

                                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                                codeVerifier?: string

                                                                                                                                                                                                                                                                Optional. PKCE code verifier used to validate the authorization code exchange.

                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                maxAge?: number

                                                                                                                                                                                                                                                                Optional. Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                nonce: string

                                                                                                                                                                                                                                                                A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks.

                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                resource?: string

                                                                                                                                                                                                                                                                Optional. Space-separated list of resource indicators requested for the access token.

                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                scopes: string

                                                                                                                                                                                                                                                                Space-separated list of scopes requested during authorization.

                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                state: string

                                                                                                                                                                                                                                                                A unique value used to correlate the authorization request with the callback and protect against CSRF attacks.

                                                                                                                                                                                                                                                                -

                                                                                                                                                                                                                                                                Settings

                                                                                                                                                                                                                                                                On This Page

                                                                                                                                                                                                                                                                Properties
                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                maxAge?: number

                                                                                                                                                                                                                                                                Optional. Maximum allowed time (in seconds) since the user's last authentication.

                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                nonce: string

                                                                                                                                                                                                                                                                A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks.

                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                resource?: string

                                                                                                                                                                                                                                                                Optional. Space-separated list of resource indicators requested for the access token.

                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                scopes: string

                                                                                                                                                                                                                                                                Space-separated list of scopes requested during authorization.

                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                state: string

                                                                                                                                                                                                                                                                A unique value used to correlate the authorization request with the callback and protect against CSRF attacks.

                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                Settings

                                                                                                                                                                                                                                                                On This Page

                                                                                                                                                                                                                                                                Properties
                                                                                                                                                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.AuthenticateOptions.html b/docs/html/interfaces/_monocloud_auth-node-core.index.AuthenticateOptions.html index 9848bbf8..530194db 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.AuthenticateOptions.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.AuthenticateOptions.html @@ -1,5 +1,5 @@ AuthenticateOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                                                                                  Interface AuthenticateOptions

                                                                                                                                                                                                                                                                  Options used when authenticating a user via the Authorization Code flow.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  interface AuthenticateOptions {
                                                                                                                                                                                                                                                                      codeVerifier?: string;
                                                                                                                                                                                                                                                                      fetchUserInfo?: boolean;
                                                                                                                                                                                                                                                                      filteredIdTokenClaims?: string[];
                                                                                                                                                                                                                                                                      idTokenClockSkew?: number;
                                                                                                                                                                                                                                                                      idTokenClockTolerance?: number;
                                                                                                                                                                                                                                                                      idTokenMaxAge?: number;
                                                                                                                                                                                                                                                                      idTokenNonce?: string;
                                                                                                                                                                                                                                                                      jwks?: Jwks;
                                                                                                                                                                                                                                                                      onSessionCreating?: OnCoreSessionCreating;
                                                                                                                                                                                                                                                                      validateIdToken?: boolean;
                                                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                                  codeVerifier? +
                                                                                                                                                                                                                                                                  interface AuthenticateOptions {
                                                                                                                                                                                                                                                                      codeVerifier?: string;
                                                                                                                                                                                                                                                                      fetchUserInfo?: boolean;
                                                                                                                                                                                                                                                                      filteredIdTokenClaims?: string[];
                                                                                                                                                                                                                                                                      idTokenClockSkew?: number;
                                                                                                                                                                                                                                                                      idTokenClockTolerance?: number;
                                                                                                                                                                                                                                                                      idTokenMaxAge?: number;
                                                                                                                                                                                                                                                                      idTokenNonce?: string;
                                                                                                                                                                                                                                                                      jwks?: Jwks;
                                                                                                                                                                                                                                                                      onSessionCreating?: OnCoreSessionCreating;
                                                                                                                                                                                                                                                                      validateIdToken?: boolean;
                                                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                                  codeVerifier? fetchUserInfo? filteredIdTokenClaims? idTokenClockSkew? @@ -10,20 +10,20 @@ onSessionCreating? validateIdToken?

                                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                                  codeVerifier?: string

                                                                                                                                                                                                                                                                  PKCE code verifier associated with the authorization request.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  fetchUserInfo?: boolean

                                                                                                                                                                                                                                                                  When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  fetchUserInfo?: boolean

                                                                                                                                                                                                                                                                  When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object.

                                                                                                                                                                                                                                                                  false
                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  filteredIdTokenClaims?: string[]

                                                                                                                                                                                                                                                                  List of ID token claims to remove before storing the session.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  idTokenClockSkew?: number

                                                                                                                                                                                                                                                                  Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  idTokenClockTolerance?: number

                                                                                                                                                                                                                                                                  Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  idTokenMaxAge?: number

                                                                                                                                                                                                                                                                  Maximum allowed authentication age (in seconds) for the ID token.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  idTokenNonce?: string

                                                                                                                                                                                                                                                                  Nonce value expected in the ID token. Used to prevent replay attacks.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  jwks?: Jwks

                                                                                                                                                                                                                                                                  JSON Web Key Set used to validate the ID token signature.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  filteredIdTokenClaims?: string[]

                                                                                                                                                                                                                                                                  List of ID token claims to remove before storing the session.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  idTokenClockSkew?: number

                                                                                                                                                                                                                                                                  Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  idTokenClockTolerance?: number

                                                                                                                                                                                                                                                                  Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as exp, iat, and nbf.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  idTokenMaxAge?: number

                                                                                                                                                                                                                                                                  Maximum allowed authentication age (in seconds) for the ID token.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  idTokenNonce?: string

                                                                                                                                                                                                                                                                  Nonce value expected in the ID token. Used to prevent replay attacks.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  jwks?: Jwks

                                                                                                                                                                                                                                                                  JSON Web Key Set used to validate the ID token signature.

                                                                                                                                                                                                                                                                  If not provided, the JWKS is automatically fetched from the authorization server metadata.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  onSessionCreating?: OnCoreSessionCreating

                                                                                                                                                                                                                                                                  Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                  validateIdToken?: boolean

                                                                                                                                                                                                                                                                  Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  onSessionCreating?: OnCoreSessionCreating

                                                                                                                                                                                                                                                                  Callback invoked before a session is created or updated. Allows customization or enrichment of the session.

                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                  validateIdToken?: boolean

                                                                                                                                                                                                                                                                  Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments.

                                                                                                                                                                                                                                                                  true
                                                                                                                                                                                                                                                                  -

                                                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.CallbackParams.html b/docs/html/interfaces/_monocloud_auth-node-core.index.CallbackParams.html index 9112ce07..0affea88 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.CallbackParams.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.CallbackParams.html @@ -1,20 +1,22 @@ CallbackParams | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                                                                    Interface CallbackParams

                                                                                                                                                                                                                                                                    Parameters returned to the application after the authorization server redirects the user back to the callback URL.

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    interface CallbackParams {
                                                                                                                                                                                                                                                                        accessToken?: string;
                                                                                                                                                                                                                                                                        code?: string;
                                                                                                                                                                                                                                                                        error?: string;
                                                                                                                                                                                                                                                                        errorDescription?: string;
                                                                                                                                                                                                                                                                        expiresIn?: number;
                                                                                                                                                                                                                                                                        idToken?: string;
                                                                                                                                                                                                                                                                        refreshToken?: string;
                                                                                                                                                                                                                                                                        sessionState?: string;
                                                                                                                                                                                                                                                                        state?: string;
                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                                    accessToken? +
                                                                                                                                                                                                                                                                    interface CallbackParams {
                                                                                                                                                                                                                                                                        accessToken?: string;
                                                                                                                                                                                                                                                                        code?: string;
                                                                                                                                                                                                                                                                        error?: string;
                                                                                                                                                                                                                                                                        errorDescription?: string;
                                                                                                                                                                                                                                                                        expiresIn?: number;
                                                                                                                                                                                                                                                                        idToken?: string;
                                                                                                                                                                                                                                                                        refreshToken?: string;
                                                                                                                                                                                                                                                                        scope?: string;
                                                                                                                                                                                                                                                                        sessionState?: string;
                                                                                                                                                                                                                                                                        state?: string;
                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                                    accessToken? code? error? errorDescription? expiresIn? idToken? refreshToken? +scope? sessionState? state?

                                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                                    accessToken?: string

                                                                                                                                                                                                                                                                    Access token returned directly by implicit or hybrid flows.

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    code?: string

                                                                                                                                                                                                                                                                    Authorization code returned when using the Authorization Code Flow.

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    error?: string

                                                                                                                                                                                                                                                                    Error code returned when authorization fails.

                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    code?: string

                                                                                                                                                                                                                                                                    Authorization code returned when using the Authorization Code Flow.

                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    error?: string

                                                                                                                                                                                                                                                                    Error code returned when authorization fails.

                                                                                                                                                                                                                                                                    errorDescription?: string

                                                                                                                                                                                                                                                                    Human-readable description providing additional information about the authorization error.

                                                                                                                                                                                                                                                                    expiresIn?: number

                                                                                                                                                                                                                                                                    Lifetime of the access token in seconds.

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    idToken?: string

                                                                                                                                                                                                                                                                    ID token issued by the authorization server.

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    refreshToken?: string

                                                                                                                                                                                                                                                                    Refresh token issued during authorization (if enabled).

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    sessionState?: string

                                                                                                                                                                                                                                                                    OIDC session state value used for session monitoring and front-channel session management.

                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                    state?: string

                                                                                                                                                                                                                                                                    The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks.

                                                                                                                                                                                                                                                                    -

                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                                                                                    Properties
                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    idToken?: string

                                                                                                                                                                                                                                                                    ID token issued by the authorization server.

                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    refreshToken?: string

                                                                                                                                                                                                                                                                    Refresh token issued during authorization (if enabled).

                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    scope?: string

                                                                                                                                                                                                                                                                    Access token scopes (Implicit Flow)

                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    sessionState?: string

                                                                                                                                                                                                                                                                    OIDC session state value used for session monitoring and front-channel session management.

                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                    state?: string

                                                                                                                                                                                                                                                                    The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks.

                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                                                                                    Properties
                                                                                                                                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.CookieOptions.html b/docs/html/interfaces/_monocloud_auth-node-core.index.CookieOptions.html index c2a1cbba..ad6c2575 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.CookieOptions.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.CookieOptions.html @@ -1,2 +1,2 @@ CookieOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                                                                      Interface CookieOptions

                                                                                                                                                                                                                                                                      Options for serializing cookies.

                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                      Hierarchy

                                                                                                                                                                                                                                                                      • SerializeOptions
                                                                                                                                                                                                                                                                        • CookieOptions

                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                      Hierarchy

                                                                                                                                                                                                                                                                      • SerializeOptions
                                                                                                                                                                                                                                                                        • CookieOptions

                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.EndSessionParameters.html b/docs/html/interfaces/_monocloud_auth-node-core.index.EndSessionParameters.html index 9ade80a7..df3e2a09 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.EndSessionParameters.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.EndSessionParameters.html @@ -1,9 +1,9 @@ EndSessionParameters | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                                                                        Interface EndSessionParameters

                                                                                                                                                                                                                                                                        Parameters used to construct an OpenID Connect end-session (sign-out) request.

                                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                                        interface EndSessionParameters {
                                                                                                                                                                                                                                                                            idToken?: string;
                                                                                                                                                                                                                                                                            postLogoutRedirectUri?: string;
                                                                                                                                                                                                                                                                            state?: string;
                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                                                        idToken? +
                                                                                                                                                                                                                                                                        interface EndSessionParameters {
                                                                                                                                                                                                                                                                            idToken?: string;
                                                                                                                                                                                                                                                                            postLogoutRedirectUri?: string;
                                                                                                                                                                                                                                                                            state?: string;
                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                        Hierarchy

                                                                                                                                                                                                                                                                        Index

                                                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                                                        idToken? postLogoutRedirectUri? state?

                                                                                                                                                                                                                                                                        Properties

                                                                                                                                                                                                                                                                        idToken?: string

                                                                                                                                                                                                                                                                        ID token hint identifying the session to terminate.

                                                                                                                                                                                                                                                                        When provided, the authorization server can use this value to determine which user session should be signed out.

                                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                                        postLogoutRedirectUri?: string

                                                                                                                                                                                                                                                                        The URL the authorization server should redirect the user to after a successful sign-out.

                                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                                        state?: string

                                                                                                                                                                                                                                                                        Optional state value returned to the application after sign-out.

                                                                                                                                                                                                                                                                        -

                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                        On This Page

                                                                                                                                                                                                                                                                        Properties
                                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                                        postLogoutRedirectUri?: string

                                                                                                                                                                                                                                                                        The URL the authorization server should redirect the user to after a successful sign-out.

                                                                                                                                                                                                                                                                        +
                                                                                                                                                                                                                                                                        state?: string

                                                                                                                                                                                                                                                                        Optional state value returned to the application after sign-out.

                                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                        On This Page

                                                                                                                                                                                                                                                                        Properties
                                                                                                                                                                                                                                                                        diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.GetTokensOptions.html b/docs/html/interfaces/_monocloud_auth-node-core.index.GetTokensOptions.html index 0ad9c7a2..1a1a7d1b 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.GetTokensOptions.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.GetTokensOptions.html @@ -1,5 +1,5 @@ GetTokensOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                                                                                          Interface GetTokensOptions

                                                                                                                                                                                                                                                                          Options used to control token retrieval and refresh behavior when calling getTokens().

                                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                                          interface GetTokensOptions {
                                                                                                                                                                                                                                                                              forceRefresh?: boolean;
                                                                                                                                                                                                                                                                              refetchUserInfo?: boolean;
                                                                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                                                                              scopes?: string;
                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                                                          forceRefresh? +
                                                                                                                                                                                                                                                                          interface GetTokensOptions {
                                                                                                                                                                                                                                                                              forceRefresh?: boolean;
                                                                                                                                                                                                                                                                              refetchUserInfo?: boolean;
                                                                                                                                                                                                                                                                              resource?: string;
                                                                                                                                                                                                                                                                              scopes?: string;
                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                          Hierarchy

                                                                                                                                                                                                                                                                          Index

                                                                                                                                                                                                                                                                          Properties

                                                                                                                                                                                                                                                                          forceRefresh? refetchUserInfo? resource? scopes? @@ -7,6 +7,6 @@
                                                                                                                                                                                                                                                                          refetchUserInfo?: boolean

                                                                                                                                                                                                                                                                          When enabled, refetches user information from the UserInfo endpoint after tokens are refreshed.

                                                                                                                                                                                                                                                                          resource?: string

                                                                                                                                                                                                                                                                          Space-separated list of resource indicators that the new access token should be issued for.

                                                                                                                                                                                                                                                                          The requested resources must have been previously granted during the original authorization flow.

                                                                                                                                                                                                                                                                          -
                                                                                                                                                                                                                                                                          scopes?: string

                                                                                                                                                                                                                                                                          Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                                                                                                                                                          +
                                                                                                                                                                                                                                                                          scopes?: string

                                                                                                                                                                                                                                                                          Space-separated list of scopes to request for the refreshed access token.

                                                                                                                                                                                                                                                                          The requested scopes must have been granted during the original authorization flow.

                                                                                                                                                                                                                                                                          -

                                                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                                                                          +

                                                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                                                          On This Page

                                                                                                                                                                                                                                                                          Properties
                                                                                                                                                                                                                                                                          diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.IMonoCloudCookieRequest.html b/docs/html/interfaces/_monocloud_auth-node-core.index.IMonoCloudCookieRequest.html index 815ce900..460dfe60 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.IMonoCloudCookieRequest.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.IMonoCloudCookieRequest.html @@ -1,5 +1,5 @@ IMonoCloudCookieRequest | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                                                                                            Interface IMonoCloudCookieRequest

                                                                                                                                                                                                                                                                            Interface for reading cookies from an incoming request.

                                                                                                                                                                                                                                                                            -
                                                                                                                                                                                                                                                                            interface IMonoCloudCookieRequest {
                                                                                                                                                                                                                                                                                getAllCookies(): Promise<Map<string, string>>;
                                                                                                                                                                                                                                                                                getCookie(name: string): Promise<string | undefined>;
                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                                                                            Methods

                                                                                                                                                                                                                                                                            getAllCookies +
                                                                                                                                                                                                                                                                            interface IMonoCloudCookieRequest {
                                                                                                                                                                                                                                                                                getAllCookies(): Promise<Map<string, string>>;
                                                                                                                                                                                                                                                                                getCookie(name: string): Promise<string | undefined>;
                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                            Hierarchy

                                                                                                                                                                                                                                                                            Index

                                                                                                                                                                                                                                                                            Methods

                                                                                                                                                                                                                                                                            getAllCookies getCookie

                                                                                                                                                                                                                                                                            Methods

                                                                                                                                                                                                                                                                            address?: Address

                                                                                                                                                                                                                                                                            Postal address.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            amr?: string[]

                                                                                                                                                                                                                                                                            Authentication Methods References. Lists the authentication methods used (for example: pwd, mfa, otp).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            at_hash?: string

                                                                                                                                                                                                                                                                            Access token hash. Used to validate access tokens returned alongside the ID token.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            aud: string | string[]

                                                                                                                                                                                                                                                                            Intended audience(s) of the ID token.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            auth_time?: number

                                                                                                                                                                                                                                                                            Time when the end-user authentication occurred (Unix epoch seconds).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            azp?: string

                                                                                                                                                                                                                                                                            Authorized party - identifies the client to which the ID token was issued.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            birthdate?: string

                                                                                                                                                                                                                                                                            Birthday.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            c_hash?: string

                                                                                                                                                                                                                                                                            Authorization code hash. Used to validate authorization codes returned with hybrid flows.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            email?: string

                                                                                                                                                                                                                                                                            Email address.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            email_verified?: boolean

                                                                                                                                                                                                                                                                            Whether the email address has been verified by the provider.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            exp: number

                                                                                                                                                                                                                                                                            Expiration time of the ID token (Unix epoch seconds).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            family_name?: string

                                                                                                                                                                                                                                                                            Surname(s) / last name.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            gender?: string

                                                                                                                                                                                                                                                                            Gender.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            given_name?: string

                                                                                                                                                                                                                                                                            Given name(s) / first name.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            groups?: Group[]

                                                                                                                                                                                                                                                                            Group memberships for the user.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            iat: number

                                                                                                                                                                                                                                                                            Time at which the ID token was issued (Unix epoch seconds).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            iss: string

                                                                                                                                                                                                                                                                            Issuer identifier - the authorization server that issued the token.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            locale?: string

                                                                                                                                                                                                                                                                            Locale.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            middle_name?: string

                                                                                                                                                                                                                                                                            Middle name(s).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            name?: string

                                                                                                                                                                                                                                                                            Full name of the user (e.g. "Jane Doe").

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            nickname?: string

                                                                                                                                                                                                                                                                            Casual name used by the user.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            nonce?: string

                                                                                                                                                                                                                                                                            Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            phone_number?: string

                                                                                                                                                                                                                                                                            Phone number (formatted in E.164 standard).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            phone_number_verified?: boolean

                                                                                                                                                                                                                                                                            Whether the phone number has been verified by the provider.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            picture?: string

                                                                                                                                                                                                                                                                            URL of the user's profile picture.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            preferred_username?: string

                                                                                                                                                                                                                                                                            Preferred username.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            profile?: string

                                                                                                                                                                                                                                                                            URL of the user's profile page.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            s_hash?: string

                                                                                                                                                                                                                                                                            State hash (used in some hybrid flow validations).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            sub: string

                                                                                                                                                                                                                                                                            Subject identifier — uniquely identifies the authenticated user.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            updated_at?: number

                                                                                                                                                                                                                                                                            Time the user's information was last updated (seconds since epoch).

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            website?: string

                                                                                                                                                                                                                                                                            URL of the user's website.

                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                            zoneinfo?: string

                                                                                                                                                                                                                                                                            Time zone name.

                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                                                            On This Page

                                                                                                                                                                                                                                                                            Properties
                                                                                                                                                                                                                                                                            diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.IssuerMetadata.html b/docs/html/interfaces/_monocloud_auth-node-core.index.IssuerMetadata.html index 371a014d..3213e242 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.IssuerMetadata.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.IssuerMetadata.html @@ -1,5 +1,5 @@ IssuerMetadata | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                                                                                              Interface IssuerMetadata

                                                                                                                                                                                                                                                                              OpenID Connect Discovery metadata published by the authorization server.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              interface IssuerMetadata {
                                                                                                                                                                                                                                                                                  authorization_endpoint: string;
                                                                                                                                                                                                                                                                                  backchannel_logout_session_supported: boolean;
                                                                                                                                                                                                                                                                                  backchannel_logout_supported: boolean;
                                                                                                                                                                                                                                                                                  check_session_iframe: string;
                                                                                                                                                                                                                                                                                  claims_supported: string[];
                                                                                                                                                                                                                                                                                  code_challenge_methods_supported: string[];
                                                                                                                                                                                                                                                                                  device_authorization_endpoint: string;
                                                                                                                                                                                                                                                                                  end_session_endpoint: string;
                                                                                                                                                                                                                                                                                  frontchannel_logout_session_supported: boolean;
                                                                                                                                                                                                                                                                                  frontchannel_logout_supported: boolean;
                                                                                                                                                                                                                                                                                  grant_types_supported: string[];
                                                                                                                                                                                                                                                                                  id_token_signing_alg_values_supported: string[];
                                                                                                                                                                                                                                                                                  introspection_endpoint: string;
                                                                                                                                                                                                                                                                                  issuer: string;
                                                                                                                                                                                                                                                                                  jwks_uri: string;
                                                                                                                                                                                                                                                                                  pushed_authorization_request_endpoint?: string;
                                                                                                                                                                                                                                                                                  request_object_signing_alg_values_supported: string[];
                                                                                                                                                                                                                                                                                  request_parameter_supported: boolean;
                                                                                                                                                                                                                                                                                  request_uri_parameter_supported: boolean;
                                                                                                                                                                                                                                                                                  require_pushed_authorization_requests: boolean;
                                                                                                                                                                                                                                                                                  response_modes_supported: string[];
                                                                                                                                                                                                                                                                                  response_types_supported: string[];
                                                                                                                                                                                                                                                                                  revocation_endpoint: string;
                                                                                                                                                                                                                                                                                  scopes_supported: string[];
                                                                                                                                                                                                                                                                                  subject_types_supported: string[];
                                                                                                                                                                                                                                                                                  token_endpoint: string;
                                                                                                                                                                                                                                                                                  token_endpoint_auth_methods_supported: string[];
                                                                                                                                                                                                                                                                                  userinfo_endpoint: string;
                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                              Index

                                                                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                                                                              authorization_endpoint +
                                                                                                                                                                                                                                                                              interface IssuerMetadata {
                                                                                                                                                                                                                                                                                  authorization_endpoint: string;
                                                                                                                                                                                                                                                                                  backchannel_logout_session_supported: boolean;
                                                                                                                                                                                                                                                                                  backchannel_logout_supported: boolean;
                                                                                                                                                                                                                                                                                  check_session_iframe: string;
                                                                                                                                                                                                                                                                                  claims_supported: string[];
                                                                                                                                                                                                                                                                                  code_challenge_methods_supported: string[];
                                                                                                                                                                                                                                                                                  device_authorization_endpoint: string;
                                                                                                                                                                                                                                                                                  end_session_endpoint: string;
                                                                                                                                                                                                                                                                                  frontchannel_logout_session_supported: boolean;
                                                                                                                                                                                                                                                                                  frontchannel_logout_supported: boolean;
                                                                                                                                                                                                                                                                                  grant_types_supported: string[];
                                                                                                                                                                                                                                                                                  id_token_signing_alg_values_supported: string[];
                                                                                                                                                                                                                                                                                  introspection_endpoint: string;
                                                                                                                                                                                                                                                                                  issuer: string;
                                                                                                                                                                                                                                                                                  jwks_uri: string;
                                                                                                                                                                                                                                                                                  pushed_authorization_request_endpoint?: string;
                                                                                                                                                                                                                                                                                  request_object_signing_alg_values_supported: string[];
                                                                                                                                                                                                                                                                                  request_parameter_supported: boolean;
                                                                                                                                                                                                                                                                                  request_uri_parameter_supported: boolean;
                                                                                                                                                                                                                                                                                  require_pushed_authorization_requests: boolean;
                                                                                                                                                                                                                                                                                  response_modes_supported: string[];
                                                                                                                                                                                                                                                                                  response_types_supported: string[];
                                                                                                                                                                                                                                                                                  revocation_endpoint: string;
                                                                                                                                                                                                                                                                                  scopes_supported: string[];
                                                                                                                                                                                                                                                                                  subject_types_supported: string[];
                                                                                                                                                                                                                                                                                  token_endpoint: string;
                                                                                                                                                                                                                                                                                  token_endpoint_auth_methods_supported: string[];
                                                                                                                                                                                                                                                                                  userinfo_endpoint: string;
                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                              Index

                                                                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                                                                              authorization_endpoint backchannel_logout_session_supported backchannel_logout_supported check_session_iframe @@ -28,31 +28,31 @@ token_endpoint_auth_methods_supported userinfo_endpoint

                                                                                                                                                                                                                                                                              Properties

                                                                                                                                                                                                                                                                              authorization_endpoint: string

                                                                                                                                                                                                                                                                              Authorization endpoint used to initiate authentication requests.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              backchannel_logout_session_supported: boolean

                                                                                                                                                                                                                                                                              Indicates back-channel logout session support.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              backchannel_logout_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for back-channel logout.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              check_session_iframe: string

                                                                                                                                                                                                                                                                              Session management iframe endpoint.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              claims_supported: string[]

                                                                                                                                                                                                                                                                              Claims that may be returned in tokens or UserInfo responses.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              code_challenge_methods_supported: string[]

                                                                                                                                                                                                                                                                              Supported PKCE code challenge methods.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              device_authorization_endpoint: string

                                                                                                                                                                                                                                                                              Device Authorization Grant endpoint.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              end_session_endpoint: string

                                                                                                                                                                                                                                                                              End-session endpoint used to initiate logout.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              frontchannel_logout_session_supported: boolean

                                                                                                                                                                                                                                                                              Indicates front-channel logout session support.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              frontchannel_logout_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for front-channel logout.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              grant_types_supported: string[]

                                                                                                                                                                                                                                                                              Supported OAuth grant types.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              id_token_signing_alg_values_supported: string[]

                                                                                                                                                                                                                                                                              Supported signing algorithms for ID tokens.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              introspection_endpoint: string

                                                                                                                                                                                                                                                                              Token introspection endpoint.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              issuer: string

                                                                                                                                                                                                                                                                              The issuer identifier for the authorization server.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              jwks_uri: string

                                                                                                                                                                                                                                                                              JSON Web Key Set (JWKS) endpoint used to obtain signing keys.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              pushed_authorization_request_endpoint?: string

                                                                                                                                                                                                                                                                              Pushed Authorization Request (PAR) endpoint.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              request_object_signing_alg_values_supported: string[]

                                                                                                                                                                                                                                                                              Supported signing algorithms for request objects.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              request_parameter_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for request objects passed by value.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              request_uri_parameter_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for request objects passed by reference (request_uri).

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              require_pushed_authorization_requests: boolean

                                                                                                                                                                                                                                                                              Indicates whether PAR is required for authorization requests.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              response_modes_supported: string[]

                                                                                                                                                                                                                                                                              Supported response modes.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              response_types_supported: string[]

                                                                                                                                                                                                                                                                              Supported OAuth/OIDC response types.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              revocation_endpoint: string

                                                                                                                                                                                                                                                                              Token revocation endpoint.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              scopes_supported: string[]

                                                                                                                                                                                                                                                                              OAuth scopes supported by the authorization server.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              subject_types_supported: string[]

                                                                                                                                                                                                                                                                              Supported subject identifier types.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              token_endpoint: string

                                                                                                                                                                                                                                                                              Token endpoint used to exchange authorization codes for tokens.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              token_endpoint_auth_methods_supported: string[]

                                                                                                                                                                                                                                                                              Supported authentication methods for the token endpoint.

                                                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                                                              userinfo_endpoint: string

                                                                                                                                                                                                                                                                              UserInfo endpoint used to retrieve user profile claims.

                                                                                                                                                                                                                                                                              -

                                                                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                                                                              On This Page

                                                                                                                                                                                                                                                                              Properties
                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              backchannel_logout_session_supported: boolean

                                                                                                                                                                                                                                                                              Indicates back-channel logout session support.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              backchannel_logout_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for back-channel logout.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              check_session_iframe: string

                                                                                                                                                                                                                                                                              Session management iframe endpoint.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              claims_supported: string[]

                                                                                                                                                                                                                                                                              Claims that may be returned in tokens or UserInfo responses.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              code_challenge_methods_supported: string[]

                                                                                                                                                                                                                                                                              Supported PKCE code challenge methods.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              device_authorization_endpoint: string

                                                                                                                                                                                                                                                                              Device Authorization Grant endpoint.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              end_session_endpoint: string

                                                                                                                                                                                                                                                                              End-session endpoint used to initiate logout.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              frontchannel_logout_session_supported: boolean

                                                                                                                                                                                                                                                                              Indicates front-channel logout session support.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              frontchannel_logout_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for front-channel logout.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              grant_types_supported: string[]

                                                                                                                                                                                                                                                                              Supported OAuth grant types.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              id_token_signing_alg_values_supported: string[]

                                                                                                                                                                                                                                                                              Supported signing algorithms for ID tokens.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              introspection_endpoint: string

                                                                                                                                                                                                                                                                              Token introspection endpoint.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              issuer: string

                                                                                                                                                                                                                                                                              The issuer identifier for the authorization server.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              jwks_uri: string

                                                                                                                                                                                                                                                                              JSON Web Key Set (JWKS) endpoint used to obtain signing keys.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              pushed_authorization_request_endpoint?: string

                                                                                                                                                                                                                                                                              Pushed Authorization Request (PAR) endpoint.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              request_object_signing_alg_values_supported: string[]

                                                                                                                                                                                                                                                                              Supported signing algorithms for request objects.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              request_parameter_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for request objects passed by value.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              request_uri_parameter_supported: boolean

                                                                                                                                                                                                                                                                              Indicates support for request objects passed by reference (request_uri).

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              require_pushed_authorization_requests: boolean

                                                                                                                                                                                                                                                                              Indicates whether PAR is required for authorization requests.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              response_modes_supported: string[]

                                                                                                                                                                                                                                                                              Supported response modes.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              response_types_supported: string[]

                                                                                                                                                                                                                                                                              Supported OAuth/OIDC response types.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              revocation_endpoint: string

                                                                                                                                                                                                                                                                              Token revocation endpoint.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              scopes_supported: string[]

                                                                                                                                                                                                                                                                              OAuth scopes supported by the authorization server.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              subject_types_supported: string[]

                                                                                                                                                                                                                                                                              Supported subject identifier types.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              token_endpoint: string

                                                                                                                                                                                                                                                                              Token endpoint used to exchange authorization codes for tokens.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              token_endpoint_auth_methods_supported: string[]

                                                                                                                                                                                                                                                                              Supported authentication methods for the token endpoint.

                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                              userinfo_endpoint: string

                                                                                                                                                                                                                                                                              UserInfo endpoint used to retrieve user profile claims.

                                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                                                                              On This Page

                                                                                                                                                                                                                                                                              Properties
                                                                                                                                                                                                                                                                              diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.Jwk.html b/docs/html/interfaces/_monocloud_auth-node-core.index.Jwk.html index 4038094c..83e8d2c2 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.Jwk.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.Jwk.html @@ -1,7 +1,7 @@ Jwk | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                                                                                Interface Jwk

                                                                                                                                                                                                                                                                                Represents a JSON Web Key (JWK) as defined by RFC 7517.

                                                                                                                                                                                                                                                                                A JWK describes a cryptographic key used to verify or encrypt JSON Web Tokens (JWTs) as obtained from the JWKS (JSON Web Key Set) endpoint exposed by the authorization server.

                                                                                                                                                                                                                                                                                The available properties depend on the key type (kty).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                interface Jwk {
                                                                                                                                                                                                                                                                                    alg?: string;
                                                                                                                                                                                                                                                                                    crv?: string;
                                                                                                                                                                                                                                                                                    d?: string;
                                                                                                                                                                                                                                                                                    dp?: string;
                                                                                                                                                                                                                                                                                    dq?: string;
                                                                                                                                                                                                                                                                                    e?: string;
                                                                                                                                                                                                                                                                                    ext?: boolean;
                                                                                                                                                                                                                                                                                    k?: string;
                                                                                                                                                                                                                                                                                    key_ops?: string[];
                                                                                                                                                                                                                                                                                    kid?: string;
                                                                                                                                                                                                                                                                                    kty: string;
                                                                                                                                                                                                                                                                                    n?: string;
                                                                                                                                                                                                                                                                                    oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                                                                                                                                                                                    p?: string;
                                                                                                                                                                                                                                                                                    q?: string;
                                                                                                                                                                                                                                                                                    qi?: string;
                                                                                                                                                                                                                                                                                    use?: string;
                                                                                                                                                                                                                                                                                    x?: string;
                                                                                                                                                                                                                                                                                    x5c?: string[];
                                                                                                                                                                                                                                                                                    x5t?: string;
                                                                                                                                                                                                                                                                                    "x5t#S256"?: string;
                                                                                                                                                                                                                                                                                    x5u?: string;
                                                                                                                                                                                                                                                                                    y?: string;
                                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                                                alg? +
                                                                                                                                                                                                                                                                                interface Jwk {
                                                                                                                                                                                                                                                                                    alg?: string;
                                                                                                                                                                                                                                                                                    crv?: string;
                                                                                                                                                                                                                                                                                    d?: string;
                                                                                                                                                                                                                                                                                    dp?: string;
                                                                                                                                                                                                                                                                                    dq?: string;
                                                                                                                                                                                                                                                                                    e?: string;
                                                                                                                                                                                                                                                                                    ext?: boolean;
                                                                                                                                                                                                                                                                                    k?: string;
                                                                                                                                                                                                                                                                                    key_ops?: string[];
                                                                                                                                                                                                                                                                                    kid?: string;
                                                                                                                                                                                                                                                                                    kty: string;
                                                                                                                                                                                                                                                                                    n?: string;
                                                                                                                                                                                                                                                                                    oth?: { d?: string; r?: string; t?: string }[];
                                                                                                                                                                                                                                                                                    p?: string;
                                                                                                                                                                                                                                                                                    q?: string;
                                                                                                                                                                                                                                                                                    qi?: string;
                                                                                                                                                                                                                                                                                    use?: string;
                                                                                                                                                                                                                                                                                    x?: string;
                                                                                                                                                                                                                                                                                    x5c?: string[];
                                                                                                                                                                                                                                                                                    x5t?: string;
                                                                                                                                                                                                                                                                                    "x5t#S256"?: string;
                                                                                                                                                                                                                                                                                    x5u?: string;
                                                                                                                                                                                                                                                                                    y?: string;
                                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                                Index

                                                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                                                alg? crv? d? dp? @@ -25,26 +25,26 @@ x5u? y?

                                                                                                                                                                                                                                                                                Properties

                                                                                                                                                                                                                                                                                alg?: string

                                                                                                                                                                                                                                                                                Intended algorithm for the key (for example: RS256).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                crv?: string

                                                                                                                                                                                                                                                                                Elliptic curve name (for example: P-256).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                d?: string

                                                                                                                                                                                                                                                                                RSA private exponent.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                dp?: string

                                                                                                                                                                                                                                                                                RSA first factor CRT exponent.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                dq?: string

                                                                                                                                                                                                                                                                                RSA second factor CRT exponent.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                e?: string

                                                                                                                                                                                                                                                                                RSA public exponent.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                ext?: boolean

                                                                                                                                                                                                                                                                                Indicates whether the key is extractable.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                k?: string

                                                                                                                                                                                                                                                                                Symmetric key value (base64url encoded).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                key_ops?: string[]

                                                                                                                                                                                                                                                                                Allowed operations for the key (e.g. sign, verify, encrypt).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                kid?: string

                                                                                                                                                                                                                                                                                Key identifier used to match keys during verification.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                kty: string

                                                                                                                                                                                                                                                                                Key type (for example: RSA, or EC).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                n?: string

                                                                                                                                                                                                                                                                                RSA modulus.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                oth?: { d?: string; r?: string; t?: string }[]

                                                                                                                                                                                                                                                                                Additional prime information (multi-prime RSA).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                p?: string

                                                                                                                                                                                                                                                                                RSA first prime factor.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                q?: string

                                                                                                                                                                                                                                                                                RSA second prime factor.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                qi?: string

                                                                                                                                                                                                                                                                                RSA CRT coefficient.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                use?: string

                                                                                                                                                                                                                                                                                Public key use (sig for signature or enc for encryption).

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                x?: string

                                                                                                                                                                                                                                                                                X coordinate for EC public keys.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                x5c?: string[]

                                                                                                                                                                                                                                                                                X.509 certificate chain.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                x5t?: string

                                                                                                                                                                                                                                                                                X.509 certificate SHA-1 thumbprint.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                "x5t#S256"?: string

                                                                                                                                                                                                                                                                                X.509 certificate SHA-256 thumbprint.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                x5u?: string

                                                                                                                                                                                                                                                                                URL referencing the X.509 certificate.

                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                y?: string

                                                                                                                                                                                                                                                                                Y coordinate for EC public keys.

                                                                                                                                                                                                                                                                                -

                                                                                                                                                                                                                                                                                Settings

                                                                                                                                                                                                                                                                                On This Page

                                                                                                                                                                                                                                                                                Properties
                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                crv?: string

                                                                                                                                                                                                                                                                                Elliptic curve name (for example: P-256).

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                d?: string

                                                                                                                                                                                                                                                                                RSA private exponent.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                dp?: string

                                                                                                                                                                                                                                                                                RSA first factor CRT exponent.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                dq?: string

                                                                                                                                                                                                                                                                                RSA second factor CRT exponent.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                e?: string

                                                                                                                                                                                                                                                                                RSA public exponent.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                ext?: boolean

                                                                                                                                                                                                                                                                                Indicates whether the key is extractable.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                k?: string

                                                                                                                                                                                                                                                                                Symmetric key value (base64url encoded).

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                key_ops?: string[]

                                                                                                                                                                                                                                                                                Allowed operations for the key (e.g. sign, verify, encrypt).

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                kid?: string

                                                                                                                                                                                                                                                                                Key identifier used to match keys during verification.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                kty: string

                                                                                                                                                                                                                                                                                Key type (for example: RSA, or EC).

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                n?: string

                                                                                                                                                                                                                                                                                RSA modulus.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                oth?: { d?: string; r?: string; t?: string }[]

                                                                                                                                                                                                                                                                                Additional prime information (multi-prime RSA).

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                p?: string

                                                                                                                                                                                                                                                                                RSA first prime factor.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                q?: string

                                                                                                                                                                                                                                                                                RSA second prime factor.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                qi?: string

                                                                                                                                                                                                                                                                                RSA CRT coefficient.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                use?: string

                                                                                                                                                                                                                                                                                Public key use (sig for signature or enc for encryption).

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                x?: string

                                                                                                                                                                                                                                                                                X coordinate for EC public keys.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                x5c?: string[]

                                                                                                                                                                                                                                                                                X.509 certificate chain.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                x5t?: string

                                                                                                                                                                                                                                                                                X.509 certificate SHA-1 thumbprint.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                "x5t#S256"?: string

                                                                                                                                                                                                                                                                                X.509 certificate SHA-256 thumbprint.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                x5u?: string

                                                                                                                                                                                                                                                                                URL referencing the X.509 certificate.

                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                y?: string

                                                                                                                                                                                                                                                                                Y coordinate for EC public keys.

                                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                                Settings

                                                                                                                                                                                                                                                                                On This Page

                                                                                                                                                                                                                                                                                Properties
                                                                                                                                                                                                                                                                                diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.Jwks.html b/docs/html/interfaces/_monocloud_auth-node-core.index.Jwks.html index 2a7c3fad..edbefb51 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.Jwks.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.Jwks.html @@ -1,5 +1,5 @@ Jwks | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                                                                                                  Interface Jwks

                                                                                                                                                                                                                                                                                  Represents a JSON Web Key Set (JWKS).

                                                                                                                                                                                                                                                                                  A JWKS is a collection of public JSON Web Keys used to verify signatures of JSON Web Tokens (JWTs).

                                                                                                                                                                                                                                                                                  -
                                                                                                                                                                                                                                                                                  interface Jwks {
                                                                                                                                                                                                                                                                                      keys: Jwk[];
                                                                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                                                  keys +
                                                                                                                                                                                                                                                                                  interface Jwks {
                                                                                                                                                                                                                                                                                      keys: Jwk[];
                                                                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                                                                  Index

                                                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                                                  keys

                                                                                                                                                                                                                                                                                  Properties

                                                                                                                                                                                                                                                                                  keys: Jwk[]

                                                                                                                                                                                                                                                                                  The list of public keys contained in this key set.

                                                                                                                                                                                                                                                                                  -

                                                                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                                                                  On This Page

                                                                                                                                                                                                                                                                                  Properties
                                                                                                                                                                                                                                                                                  diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.JwsHeaderParameters.html b/docs/html/interfaces/_monocloud_auth-node-core.index.JwsHeaderParameters.html index 198f7f6f..d96e9b3f 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.JwsHeaderParameters.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.JwsHeaderParameters.html @@ -1,12 +1,12 @@ JwsHeaderParameters | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                                                                                    Interface JwsHeaderParameters

                                                                                                                                                                                                                                                                                    Parameters contained in a JSON Web Signature (JWS) header.

                                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                                    interface JwsHeaderParameters {
                                                                                                                                                                                                                                                                                        alg: SecurityAlgorithms;
                                                                                                                                                                                                                                                                                        crit?: string[];
                                                                                                                                                                                                                                                                                        jwk?: Jwk;
                                                                                                                                                                                                                                                                                        kid?: string;
                                                                                                                                                                                                                                                                                        typ?: string;
                                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                                                    alg +
                                                                                                                                                                                                                                                                                    interface JwsHeaderParameters {
                                                                                                                                                                                                                                                                                        alg: SecurityAlgorithms;
                                                                                                                                                                                                                                                                                        crit?: string[];
                                                                                                                                                                                                                                                                                        jwk?: Jwk;
                                                                                                                                                                                                                                                                                        kid?: string;
                                                                                                                                                                                                                                                                                        typ?: string;
                                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                                    Index

                                                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                                                    alg crit? jwk? kid? typ?

                                                                                                                                                                                                                                                                                    Properties

                                                                                                                                                                                                                                                                                    alg: SecurityAlgorithms

                                                                                                                                                                                                                                                                                    The cryptographic algorithm used to sign the token.

                                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                                    crit?: string[]

                                                                                                                                                                                                                                                                                    List of header parameters that are marked as critical and must be understood by the token processor.

                                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                                    jwk?: Jwk

                                                                                                                                                                                                                                                                                    An embedded JSON Web Key (JWK) containing the signing key.

                                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                                    kid?: string

                                                                                                                                                                                                                                                                                    Identifier of the key used to sign the token.

                                                                                                                                                                                                                                                                                    -
                                                                                                                                                                                                                                                                                    typ?: string

                                                                                                                                                                                                                                                                                    The token type.

                                                                                                                                                                                                                                                                                    -

                                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                                                                                                    Properties
                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                    crit?: string[]

                                                                                                                                                                                                                                                                                    List of header parameters that are marked as critical and must be understood by the token processor.

                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                    jwk?: Jwk

                                                                                                                                                                                                                                                                                    An embedded JSON Web Key (JWK) containing the signing key.

                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                    kid?: string

                                                                                                                                                                                                                                                                                    Identifier of the key used to sign the token.

                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                    typ?: string

                                                                                                                                                                                                                                                                                    The token type.

                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                                    On This Page

                                                                                                                                                                                                                                                                                    Properties
                                                                                                                                                                                                                                                                                    diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudClientOptions.html b/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudClientOptions.html index 439131d3..a3b17175 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudClientOptions.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudClientOptions.html @@ -1,23 +1,23 @@ MonoCloudClientOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                                                                                      Interface MonoCloudClientOptions

                                                                                                                                                                                                                                                                                      Configuration options used to initialize the MonoCloudClient.

                                                                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                                                                      interface MonoCloudClientOptions {
                                                                                                                                                                                                                                                                                          clientAuthMethod?: ClientAuthMethod;
                                                                                                                                                                                                                                                                                          clientSecret?: string | Jwk;
                                                                                                                                                                                                                                                                                          idTokenSigningAlgorithm?: SecurityAlgorithms;
                                                                                                                                                                                                                                                                                          jwksCacheDuration?: number;
                                                                                                                                                                                                                                                                                          metadataCacheDuration?: number;
                                                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                                                      Index

                                                                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                                                                      clientAuthMethod? +
                                                                                                                                                                                                                                                                                      interface MonoCloudClientOptions {
                                                                                                                                                                                                                                                                                          clientAuthMethod?: ClientAuthMethod;
                                                                                                                                                                                                                                                                                          clientSecret?: string | Jwk;
                                                                                                                                                                                                                                                                                          idTokenSigningAlgorithm?: SecurityAlgorithms;
                                                                                                                                                                                                                                                                                          jwksCacheDuration?: number;
                                                                                                                                                                                                                                                                                          metadataCacheDuration?: number;
                                                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                                                      Index

                                                                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                                                                      clientAuthMethod? clientSecret? idTokenSigningAlgorithm? jwksCacheDuration? metadataCacheDuration?

                                                                                                                                                                                                                                                                                      Properties

                                                                                                                                                                                                                                                                                      clientAuthMethod?: ClientAuthMethod

                                                                                                                                                                                                                                                                                      Client authentication method used when communicating with the token endpoint.

                                                                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                                                                      clientSecret?: string | Jwk

                                                                                                                                                                                                                                                                                      Client secret used for client authentication.

                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                      clientSecret?: string | Jwk

                                                                                                                                                                                                                                                                                      Client secret used for client authentication.

                                                                                                                                                                                                                                                                                      When clientAuthMethod is client_secret_jwt and a plain-text secret is provided, the default signing algorithm is HS256.

                                                                                                                                                                                                                                                                                      To use a different algorithm, provide a symmetric JSON Web Key (JWK) (kty: "oct") with the desired algorithm specified in its alg property.

                                                                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                                                                      idTokenSigningAlgorithm?: SecurityAlgorithms

                                                                                                                                                                                                                                                                                      Expected signing algorithm for validating ID tokens.

                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                      idTokenSigningAlgorithm?: SecurityAlgorithms

                                                                                                                                                                                                                                                                                      Expected signing algorithm for validating ID tokens.

                                                                                                                                                                                                                                                                                      'RS256'
                                                                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                                                                      jwksCacheDuration?: number

                                                                                                                                                                                                                                                                                      Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server.

                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                      jwksCacheDuration?: number

                                                                                                                                                                                                                                                                                      Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server.

                                                                                                                                                                                                                                                                                      300
                                                                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                                                                      metadataCacheDuration?: number

                                                                                                                                                                                                                                                                                      Duration (in seconds) to cache OpenID Connect discovery metadata.

                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                      metadataCacheDuration?: number

                                                                                                                                                                                                                                                                                      Duration (in seconds) to cache OpenID Connect discovery metadata.

                                                                                                                                                                                                                                                                                      300
                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                      On This Page

                                                                                                                                                                                                                                                                                      Properties
                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                      On This Page

                                                                                                                                                                                                                                                                                      Properties
                                                                                                                                                                                                                                                                                      diff --git a/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudOptions.html b/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudOptions.html index b375c246..5f2b0e46 100644 --- a/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudOptions.html +++ b/docs/html/interfaces/_monocloud_auth-node-core.index.MonoCloudOptions.html @@ -229,7 +229,7 @@

                                                                                                                                                                                                                                                                                      Returns Promise<void> | void

                                                                                                                                                                                                                                                                                      Returns a promise or void. Execution continues once the callback completes.

                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-core.index.SecurityAlgorithms.html b/docs/html/types/_monocloud_auth-core.index.SecurityAlgorithms.html index 6a7eb6a0..5c20841f 100644 --- a/docs/html/types/_monocloud_auth-core.index.SecurityAlgorithms.html +++ b/docs/html/types/_monocloud_auth-core.index.SecurityAlgorithms.html @@ -12,4 +12,4 @@

                                                                                                                                                                                                                                                                                      Produces smaller tokens and faster verification.

                                                                                                                                                                                                                                                                                    • "ES384"

                                                                                                                                                                                                                                                                                      ECDSA using P-384 curve and SHA-384.

                                                                                                                                                                                                                                                                                    • "ES512"

                                                                                                                                                                                                                                                                                      ECDSA using P-521 curve and SHA-512.

                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                      • Settings

                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-js-core.index.ApplicationState.html b/docs/html/types/_monocloud_auth-js-core.index.ApplicationState.html new file mode 100644 index 00000000..102c3768 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.ApplicationState.html @@ -0,0 +1,2 @@ +ApplicationState | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                                                                                        Type Alias ApplicationState

                                                                                                                                                                                                                                                                                        ApplicationState: Record<string, any>

                                                                                                                                                                                                                                                                                        Custom application state passed through authentication flows.

                                                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                        diff --git a/docs/html/types/_monocloud_auth-js-core.index.Authenticators.html b/docs/html/types/_monocloud_auth-js-core.index.Authenticators.html new file mode 100644 index 00000000..caaf364b --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.Authenticators.html @@ -0,0 +1,16 @@ +Authenticators | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                                                                                                          Type Alias Authenticators

                                                                                                                                                                                                                                                                                          Authenticators:
                                                                                                                                                                                                                                                                                              | "password"
                                                                                                                                                                                                                                                                                              | "passkey"
                                                                                                                                                                                                                                                                                              | "email"
                                                                                                                                                                                                                                                                                              | "phone"
                                                                                                                                                                                                                                                                                              | "google"
                                                                                                                                                                                                                                                                                              | "apple"
                                                                                                                                                                                                                                                                                              | "facebook"
                                                                                                                                                                                                                                                                                              | "microsoft"
                                                                                                                                                                                                                                                                                              | "github"
                                                                                                                                                                                                                                                                                              | "gitlab"
                                                                                                                                                                                                                                                                                              | "discord"
                                                                                                                                                                                                                                                                                              | "twitter"
                                                                                                                                                                                                                                                                                              | "linkedin"
                                                                                                                                                                                                                                                                                              | "xero"

                                                                                                                                                                                                                                                                                          Supported authentication methods and identity providers.

                                                                                                                                                                                                                                                                                          +

                                                                                                                                                                                                                                                                                          Type Declaration

                                                                                                                                                                                                                                                                                          • "password"

                                                                                                                                                                                                                                                                                            Username/password authentication.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "passkey"

                                                                                                                                                                                                                                                                                            Passkey (WebAuthn / FIDO2) authentication.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "email"

                                                                                                                                                                                                                                                                                            Email-based authentication (magic link or OTP).

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "phone"

                                                                                                                                                                                                                                                                                            Phone-based authentication (SMS OTP).

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "google"

                                                                                                                                                                                                                                                                                            Google identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "apple"

                                                                                                                                                                                                                                                                                            Apple identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "facebook"

                                                                                                                                                                                                                                                                                            Facebook identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "microsoft"

                                                                                                                                                                                                                                                                                            Microsoft identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "github"

                                                                                                                                                                                                                                                                                            GitHub identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "gitlab"

                                                                                                                                                                                                                                                                                            GitLab identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "discord"

                                                                                                                                                                                                                                                                                            Discord identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "twitter"

                                                                                                                                                                                                                                                                                            Twitter (X) identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "linkedin"

                                                                                                                                                                                                                                                                                            LinkedIn identity provider.

                                                                                                                                                                                                                                                                                            +
                                                                                                                                                                                                                                                                                          • "xero"

                                                                                                                                                                                                                                                                                            Xero identity provider.

                                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                                                                          diff --git a/docs/html/types/_monocloud_auth-js-core.index.ClientAuthMethod.html b/docs/html/types/_monocloud_auth-js-core.index.ClientAuthMethod.html new file mode 100644 index 00000000..4308227f --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.ClientAuthMethod.html @@ -0,0 +1,7 @@ +ClientAuthMethod | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                                                                                                            Type Alias ClientAuthMethod

                                                                                                                                                                                                                                                                                            ClientAuthMethod:
                                                                                                                                                                                                                                                                                                | "client_secret_basic"
                                                                                                                                                                                                                                                                                                | "client_secret_post"
                                                                                                                                                                                                                                                                                                | "client_secret_jwt"
                                                                                                                                                                                                                                                                                                | "private_key_jwt"

                                                                                                                                                                                                                                                                                            Supported OAuth 2.0 client authentication methods.

                                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                                            These methods define how a client authenticates itself when calling the authorization server token endpoint.

                                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                                            Type Declaration

                                                                                                                                                                                                                                                                                            • "client_secret_basic"

                                                                                                                                                                                                                                                                                              Client credentials are sent using HTTP Basic authentication

                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                            • "client_secret_post"

                                                                                                                                                                                                                                                                                              Client credentials are included in the request body as form parameters.

                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                            • "client_secret_jwt"

                                                                                                                                                                                                                                                                                              Client authenticates using a signed JWT created with the client secret.

                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                            • "private_key_jwt"

                                                                                                                                                                                                                                                                                              Client authenticates using a signed JWT created with a private key.

                                                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                                                                            diff --git a/docs/html/types/_monocloud_auth-js-core.index.CodeChallengeMethod.html b/docs/html/types/_monocloud_auth-js-core.index.CodeChallengeMethod.html new file mode 100644 index 00000000..cca80a93 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.CodeChallengeMethod.html @@ -0,0 +1,5 @@ +CodeChallengeMethod | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                                                                                                              Type Alias CodeChallengeMethod

                                                                                                                                                                                                                                                                                              CodeChallengeMethod: "plain" | "S256"

                                                                                                                                                                                                                                                                                              Supported PKCE (Proof Key for Code Exchange) code challenge methods.

                                                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                                                              PKCE protects authorization code flows by binding the authorization request to the token exchange using a cryptographic verifier.

                                                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                                                              Type Declaration

                                                                                                                                                                                                                                                                                              • "plain"

                                                                                                                                                                                                                                                                                                Uses the code verifier directly as the challenge. Not recommended for production use.

                                                                                                                                                                                                                                                                                                +
                                                                                                                                                                                                                                                                                              • "S256"

                                                                                                                                                                                                                                                                                                Uses a SHA-256 hash of the code verifier.

                                                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                                                                                              diff --git a/docs/html/types/_monocloud_auth-js-core.index.DisplayOptions.html b/docs/html/types/_monocloud_auth-js-core.index.DisplayOptions.html new file mode 100644 index 00000000..30e5ef48 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.DisplayOptions.html @@ -0,0 +1,7 @@ +DisplayOptions | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                                                                                                Type Alias DisplayOptions

                                                                                                                                                                                                                                                                                                DisplayOptions: "page" | "popup" | "touch" | "wap"

                                                                                                                                                                                                                                                                                                Supported OpenID Connect display parameter values.

                                                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                                                The display parameter hints to the authorization server how the authentication or consent UI should be presented to the user.

                                                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                                                Type Declaration

                                                                                                                                                                                                                                                                                                • "page"

                                                                                                                                                                                                                                                                                                  Full-page authentication experience in the browser.

                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                • "popup"

                                                                                                                                                                                                                                                                                                  Authentication optimized for popup windows.

                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                • "touch"

                                                                                                                                                                                                                                                                                                  Authentication optimized for touch-based devices.

                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                • "wap"

                                                                                                                                                                                                                                                                                                  Authentication optimized for legacy mobile or constrained browsers.

                                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                                Settings

                                                                                                                                                                                                                                                                                                diff --git a/docs/html/types/_monocloud_auth-js-core.index.Group.html b/docs/html/types/_monocloud_auth-js-core.index.Group.html new file mode 100644 index 00000000..815146a7 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.Group.html @@ -0,0 +1,4 @@ +Group | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                                                                                                                  Type Alias Group

                                                                                                                                                                                                                                                                                                  Group: { id: string; name: string } | string

                                                                                                                                                                                                                                                                                                  Represents a user group included in the authenticated session.

                                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                                  Type Declaration

                                                                                                                                                                                                                                                                                                  • { id: string; name: string }

                                                                                                                                                                                                                                                                                                    Structured group representation.

                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                  • string

                                                                                                                                                                                                                                                                                                    Group identifier or group name.

                                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                                                                                  diff --git a/docs/html/types/_monocloud_auth-js-core.index.InteractionMode.html b/docs/html/types/_monocloud_auth-js-core.index.InteractionMode.html new file mode 100644 index 00000000..a73950d0 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.InteractionMode.html @@ -0,0 +1,2 @@ +InteractionMode | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                                                                                                    Type Alias InteractionMode

                                                                                                                                                                                                                                                                                                    InteractionMode: "popup" | "redirect"

                                                                                                                                                                                                                                                                                                    Interaction modes supported for sign-in and sign-out flows.

                                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                                                    diff --git a/docs/html/types/_monocloud_auth-js-core.index.OnSessionCreating.html b/docs/html/types/_monocloud_auth-js-core.index.OnSessionCreating.html new file mode 100644 index 00000000..224b7b37 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.OnSessionCreating.html @@ -0,0 +1,7 @@ +OnSessionCreating | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                                                                                                      Type Alias OnSessionCreating

                                                                                                                                                                                                                                                                                                      OnSessionCreating: (
                                                                                                                                                                                                                                                                                                          session: MonoCloudSession,
                                                                                                                                                                                                                                                                                                          idToken?: Partial<IdTokenClaims>,
                                                                                                                                                                                                                                                                                                          userInfo?: UserinfoResponse,
                                                                                                                                                                                                                                                                                                          state?: ApplicationState,
                                                                                                                                                                                                                                                                                                      ) => Promise<void> | void

                                                                                                                                                                                                                                                                                                      Callback invoked when a session is being created or updated.

                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                      Type Declaration

                                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-js-core.index.PostCallback.html b/docs/html/types/_monocloud_auth-js-core.index.PostCallback.html new file mode 100644 index 00000000..21274c2d --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.PostCallback.html @@ -0,0 +1,4 @@ +PostCallback | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                                                                                                        Type Alias PostCallback

                                                                                                                                                                                                                                                                                                        PostCallback: (state: PostCallbackParams) => Promise<void> | void

                                                                                                                                                                                                                                                                                                        Callback executed after sign-in or sign-out callback processing.

                                                                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                                                                        Type Declaration

                                                                                                                                                                                                                                                                                                          • (state: PostCallbackParams): Promise<void> | void

                                                                                                                                                                                                                                                                                                          • Parameters

                                                                                                                                                                                                                                                                                                            Returns Promise<void> | void

                                                                                                                                                                                                                                                                                                            Returns void or a Promise<void>.

                                                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                                        diff --git a/docs/html/types/_monocloud_auth-js-core.index.PostCallbackParams.html b/docs/html/types/_monocloud_auth-js-core.index.PostCallbackParams.html new file mode 100644 index 00000000..dddd0743 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.PostCallbackParams.html @@ -0,0 +1,2 @@ +PostCallbackParams | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                        MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                          Preparing search index...

                                                                                                                                                                                                                                                                                                          Type Alias PostCallbackParams

                                                                                                                                                                                                                                                                                                          PostCallbackParams:
                                                                                                                                                                                                                                                                                                              | {
                                                                                                                                                                                                                                                                                                                  mode: InteractionMode
                                                                                                                                                                                                                                                                                                                  | "silent";
                                                                                                                                                                                                                                                                                                                  returnUrl?: string;
                                                                                                                                                                                                                                                                                                                  type: "signIn";
                                                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                                              | { mode: InteractionMode; returnUrl?: string; type: "signOut" }

                                                                                                                                                                                                                                                                                                          Metadata passed to PostCallback after callback processing.

                                                                                                                                                                                                                                                                                                          +

                                                                                                                                                                                                                                                                                                          Settings

                                                                                                                                                                                                                                                                                                          diff --git a/docs/html/types/_monocloud_auth-js-core.index.Prompt.html b/docs/html/types/_monocloud_auth-js-core.index.Prompt.html new file mode 100644 index 00000000..1513c5c2 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.Prompt.html @@ -0,0 +1,8 @@ +Prompt | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                          MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                            Preparing search index...

                                                                                                                                                                                                                                                                                                            Type Alias Prompt

                                                                                                                                                                                                                                                                                                            Prompt: "none" | "login" | "consent" | "select_account" | "create"

                                                                                                                                                                                                                                                                                                            Supported OpenID Connect prompt parameter values.

                                                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                                                            The prompt parameter controls whether the authorization server should force specific user interactions during authentication.

                                                                                                                                                                                                                                                                                                            +

                                                                                                                                                                                                                                                                                                            Type Declaration

                                                                                                                                                                                                                                                                                                            • "none"

                                                                                                                                                                                                                                                                                                              Do not display any authentication or consent UI.

                                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                                            • "login"

                                                                                                                                                                                                                                                                                                              Forces the user to re-authenticate even if an active session exists.

                                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                                            • "consent"

                                                                                                                                                                                                                                                                                                              Forces the consent screen to be displayed to the user.

                                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                                            • "select_account"

                                                                                                                                                                                                                                                                                                              Prompts the user to choose an account when multiple sessions exist.

                                                                                                                                                                                                                                                                                                              +
                                                                                                                                                                                                                                                                                                            • "create"

                                                                                                                                                                                                                                                                                                              Prompts the user to create a new account (sign-up flow).

                                                                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                                                                            Settings

                                                                                                                                                                                                                                                                                                            diff --git a/docs/html/types/_monocloud_auth-js-core.index.RefreshMode.html b/docs/html/types/_monocloud_auth-js-core.index.RefreshMode.html new file mode 100644 index 00000000..4df8b8b3 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.RefreshMode.html @@ -0,0 +1,2 @@ +RefreshMode | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                            MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                              Preparing search index...

                                                                                                                                                                                                                                                                                                              Type Alias RefreshMode

                                                                                                                                                                                                                                                                                                              RefreshMode: "popup" | "refresh_token" | "silent"

                                                                                                                                                                                                                                                                                                              Interaction modes supported by refreshSession().

                                                                                                                                                                                                                                                                                                              +

                                                                                                                                                                                                                                                                                                              Settings

                                                                                                                                                                                                                                                                                                              diff --git a/docs/html/types/_monocloud_auth-js-core.index.ResponseModes.html b/docs/html/types/_monocloud_auth-js-core.index.ResponseModes.html new file mode 100644 index 00000000..affff449 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.ResponseModes.html @@ -0,0 +1,6 @@ +ResponseModes | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                              MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                Preparing search index...

                                                                                                                                                                                                                                                                                                                Type Alias ResponseModes

                                                                                                                                                                                                                                                                                                                ResponseModes: "form_post" | "query" | "fragment"

                                                                                                                                                                                                                                                                                                                Supported OAuth 2.0 / OpenID Connect response_mode values.

                                                                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                                                                The response mode determines how authorization results are returned from the authorization endpoint to the client application.

                                                                                                                                                                                                                                                                                                                +

                                                                                                                                                                                                                                                                                                                Type Declaration

                                                                                                                                                                                                                                                                                                                • "form_post"

                                                                                                                                                                                                                                                                                                                  Returns authorization results using an HTTP POST request with parameters encoded in the request body.

                                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                                • "query"

                                                                                                                                                                                                                                                                                                                  Returns authorization results as URL query parameters.

                                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                                • "fragment"

                                                                                                                                                                                                                                                                                                                  Returns authorization results in the URL fragment.

                                                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                                                Settings

                                                                                                                                                                                                                                                                                                                diff --git a/docs/html/types/_monocloud_auth-js-core.index.ResponseTypes.html b/docs/html/types/_monocloud_auth-js-core.index.ResponseTypes.html new file mode 100644 index 00000000..db74db39 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.ResponseTypes.html @@ -0,0 +1,13 @@ +ResponseTypes | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                  Preparing search index...

                                                                                                                                                                                                                                                                                                                  Type Alias ResponseTypes

                                                                                                                                                                                                                                                                                                                  ResponseTypes:
                                                                                                                                                                                                                                                                                                                      | "code"
                                                                                                                                                                                                                                                                                                                      | "token"
                                                                                                                                                                                                                                                                                                                      | "id_token"
                                                                                                                                                                                                                                                                                                                      | "id_token token"
                                                                                                                                                                                                                                                                                                                      | "code id_token"
                                                                                                                                                                                                                                                                                                                      | "code token"
                                                                                                                                                                                                                                                                                                                      | "code id_token token"

                                                                                                                                                                                                                                                                                                                  Supported OAuth 2.0 / OpenID Connect response types.

                                                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                                                  Response types determine which artifacts are returned from the authorization endpoint during authentication.

                                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                                                  Modern applications should prefer the Authorization Code Flow (code) with PKCE. Implicit flow variants are included for compatibility with legacy or specialized scenarios.

                                                                                                                                                                                                                                                                                                                  +
                                                                                                                                                                                                                                                                                                                  +

                                                                                                                                                                                                                                                                                                                  Type Declaration

                                                                                                                                                                                                                                                                                                                  • "code"

                                                                                                                                                                                                                                                                                                                    Authorization Code Flow (recommended). Returns an authorization code that is exchanged for tokens server-side.

                                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                                  • "token"

                                                                                                                                                                                                                                                                                                                    Implicit Flow returning an access token directly from the authorization endpoint.

                                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                                  • "id_token"

                                                                                                                                                                                                                                                                                                                    Implicit Flow returning an ID token.

                                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                                  • "id_token token"

                                                                                                                                                                                                                                                                                                                    Implicit Flow returning both an ID token and an access token.

                                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                                  • "code id_token"

                                                                                                                                                                                                                                                                                                                    Hybrid Flow returning an authorization code and an ID token.

                                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                                  • "code token"

                                                                                                                                                                                                                                                                                                                    Hybrid Flow returning an authorization code and an access token.

                                                                                                                                                                                                                                                                                                                    +
                                                                                                                                                                                                                                                                                                                  • "code id_token token"

                                                                                                                                                                                                                                                                                                                    Hybrid Flow returning an authorization code, ID token, and access token.

                                                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                                                  Settings

                                                                                                                                                                                                                                                                                                                  diff --git a/docs/html/types/_monocloud_auth-js-core.index.SecurityAlgorithms.html b/docs/html/types/_monocloud_auth-js-core.index.SecurityAlgorithms.html new file mode 100644 index 00000000..0022a8c4 --- /dev/null +++ b/docs/html/types/_monocloud_auth-js-core.index.SecurityAlgorithms.html @@ -0,0 +1,15 @@ +SecurityAlgorithms | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                  MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                    Preparing search index...

                                                                                                                                                                                                                                                                                                                    Type Alias SecurityAlgorithms

                                                                                                                                                                                                                                                                                                                    SecurityAlgorithms:
                                                                                                                                                                                                                                                                                                                        | "RS256"
                                                                                                                                                                                                                                                                                                                        | "RS384"
                                                                                                                                                                                                                                                                                                                        | "RS512"
                                                                                                                                                                                                                                                                                                                        | "PS256"
                                                                                                                                                                                                                                                                                                                        | "PS384"
                                                                                                                                                                                                                                                                                                                        | "PS512"
                                                                                                                                                                                                                                                                                                                        | "ES256"
                                                                                                                                                                                                                                                                                                                        | "ES384"
                                                                                                                                                                                                                                                                                                                        | "ES512"

                                                                                                                                                                                                                                                                                                                    Supported JSON Web Signature (JWS) algorithms used to sign tokens.

                                                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                                                    These algorithms define how tokens issued by MonoCloud are cryptographically signed and verified. The expected algorithm should match the configuration of your MonoCloud application.

                                                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                                                    Type Declaration

                                                                                                                                                                                                                                                                                                                    • "RS256"

                                                                                                                                                                                                                                                                                                                      RSA using SHA-256.

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Default and most commonly used signing algorithm.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "RS384"

                                                                                                                                                                                                                                                                                                                      RSA using SHA-384.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "RS512"

                                                                                                                                                                                                                                                                                                                      RSA using SHA-512.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "PS256"

                                                                                                                                                                                                                                                                                                                      RSA-PSS using SHA-256.

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Provides stronger cryptographic padding than RS256.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "PS384"

                                                                                                                                                                                                                                                                                                                      RSA-PSS using SHA-384.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "PS512"

                                                                                                                                                                                                                                                                                                                      RSA-PSS using SHA-512.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "ES256"

                                                                                                                                                                                                                                                                                                                      ECDSA using P-256 curve and SHA-256.

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Produces smaller tokens and faster verification.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "ES384"

                                                                                                                                                                                                                                                                                                                      ECDSA using P-384 curve and SHA-384.

                                                                                                                                                                                                                                                                                                                      +
                                                                                                                                                                                                                                                                                                                    • "ES512"

                                                                                                                                                                                                                                                                                                                      ECDSA using P-521 curve and SHA-512.

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                                                                    diff --git a/docs/html/types/_monocloud_auth-nextjs.index.Authenticators.html b/docs/html/types/_monocloud_auth-nextjs.index.Authenticators.html index 4e675cea..4da3b63b 100644 --- a/docs/html/types/_monocloud_auth-nextjs.index.Authenticators.html +++ b/docs/html/types/_monocloud_auth-nextjs.index.Authenticators.html @@ -13,4 +13,4 @@
                                                                                                                                                                                                                                                                                                                  • "twitter"

                                                                                                                                                                                                                                                                                                                    Twitter (X) identity provider.

                                                                                                                                                                                                                                                                                                                  • "linkedin"

                                                                                                                                                                                                                                                                                                                    LinkedIn identity provider.

                                                                                                                                                                                                                                                                                                                  • "xero"

                                                                                                                                                                                                                                                                                                                    Xero identity provider.

                                                                                                                                                                                                                                                                                                                    -

                                                                                                                                                                                                                                                                                                                    • Settings

                                                                                                                                                                                                                                                                                                                    +

                                                                                                                                                                                                                                                                                                                    Settings

                                                                                                                                                                                                                                                                                                                    diff --git a/docs/html/types/_monocloud_auth-nextjs.index.Group.html b/docs/html/types/_monocloud_auth-nextjs.index.Group.html index e191efea..419f3ec7 100644 --- a/docs/html/types/_monocloud_auth-nextjs.index.Group.html +++ b/docs/html/types/_monocloud_auth-nextjs.index.Group.html @@ -1,4 +1,4 @@ Group | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                    MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                      Preparing search index...

                                                                                                                                                                                                                                                                                                                      Type Alias Group

                                                                                                                                                                                                                                                                                                                      Group: { id: string; name: string } | string

                                                                                                                                                                                                                                                                                                                      Represents a user group included in the authenticated session.

                                                                                                                                                                                                                                                                                                                      Type Declaration

                                                                                                                                                                                                                                                                                                                      • { id: string; name: string }

                                                                                                                                                                                                                                                                                                                        Structured group representation.

                                                                                                                                                                                                                                                                                                                      • string

                                                                                                                                                                                                                                                                                                                        Group identifier or group name.

                                                                                                                                                                                                                                                                                                                        -

                                                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-nextjs.index.SecurityAlgorithms.html b/docs/html/types/_monocloud_auth-nextjs.index.SecurityAlgorithms.html index 56d4e4d2..02902e71 100644 --- a/docs/html/types/_monocloud_auth-nextjs.index.SecurityAlgorithms.html +++ b/docs/html/types/_monocloud_auth-nextjs.index.SecurityAlgorithms.html @@ -12,4 +12,4 @@

                                                                                                                                                                                                                                                                                                                      Produces smaller tokens and faster verification.

                                                                                                                                                                                                                                                                                                                    • "ES384"

                                                                                                                                                                                                                                                                                                                      ECDSA using P-384 curve and SHA-384.

                                                                                                                                                                                                                                                                                                                    • "ES512"

                                                                                                                                                                                                                                                                                                                      ECDSA using P-521 curve and SHA-512.

                                                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                                                      • Settings

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-node-core.index.Authenticators.html b/docs/html/types/_monocloud_auth-node-core.index.Authenticators.html index 3a1c7ffa..4a22dc73 100644 --- a/docs/html/types/_monocloud_auth-node-core.index.Authenticators.html +++ b/docs/html/types/_monocloud_auth-node-core.index.Authenticators.html @@ -13,4 +13,4 @@
                                                                                                                                                                                                                                                                                                                    • "twitter"

                                                                                                                                                                                                                                                                                                                      Twitter (X) identity provider.

                                                                                                                                                                                                                                                                                                                    • "linkedin"

                                                                                                                                                                                                                                                                                                                      LinkedIn identity provider.

                                                                                                                                                                                                                                                                                                                    • "xero"

                                                                                                                                                                                                                                                                                                                      Xero identity provider.

                                                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                                                      • Settings

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-node-core.index.ClientAuthMethod.html b/docs/html/types/_monocloud_auth-node-core.index.ClientAuthMethod.html index c9586e52..84a1e8ae 100644 --- a/docs/html/types/_monocloud_auth-node-core.index.ClientAuthMethod.html +++ b/docs/html/types/_monocloud_auth-node-core.index.ClientAuthMethod.html @@ -4,4 +4,4 @@
                                                                                                                                                                                                                                                                                                                    • "client_secret_post"

                                                                                                                                                                                                                                                                                                                      Client credentials are included in the request body as form parameters.

                                                                                                                                                                                                                                                                                                                    • "client_secret_jwt"

                                                                                                                                                                                                                                                                                                                      Client authenticates using a signed JWT created with the client secret.

                                                                                                                                                                                                                                                                                                                    • "private_key_jwt"

                                                                                                                                                                                                                                                                                                                      Client authenticates using a signed JWT created with a private key.

                                                                                                                                                                                                                                                                                                                      -

                                                                                                                                                                                                                                                                                                                      • Settings

                                                                                                                                                                                                                                                                                                                      +

                                                                                                                                                                                                                                                                                                                      Settings

                                                                                                                                                                                                                                                                                                                      diff --git a/docs/html/types/_monocloud_auth-node-core.index.Group.html b/docs/html/types/_monocloud_auth-node-core.index.Group.html index ac72309f..afb028d6 100644 --- a/docs/html/types/_monocloud_auth-node-core.index.Group.html +++ b/docs/html/types/_monocloud_auth-node-core.index.Group.html @@ -1,4 +1,4 @@ Group | MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                      MonoCloud Authentication SDK
                                                                                                                                                                                                                                                                                                                        Preparing search index...

                                                                                                                                                                                                                                                                                                                        Type Alias Group

                                                                                                                                                                                                                                                                                                                        Group: { id: string; name: string } | string

                                                                                                                                                                                                                                                                                                                        Represents a user group included in the authenticated session.

                                                                                                                                                                                                                                                                                                                        Type Declaration

                                                                                                                                                                                                                                                                                                                        • { id: string; name: string }

                                                                                                                                                                                                                                                                                                                          Structured group representation.

                                                                                                                                                                                                                                                                                                                        • string

                                                                                                                                                                                                                                                                                                                          Group identifier or group name.

                                                                                                                                                                                                                                                                                                                          -

                                                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                                                        diff --git a/docs/html/types/_monocloud_auth-node-core.index.OnCoreSessionCreating.html b/docs/html/types/_monocloud_auth-node-core.index.OnCoreSessionCreating.html index 1d04d806..d3d82a12 100644 --- a/docs/html/types/_monocloud_auth-node-core.index.OnCoreSessionCreating.html +++ b/docs/html/types/_monocloud_auth-node-core.index.OnCoreSessionCreating.html @@ -4,4 +4,4 @@
                                                                                                                                                                                                                                                                                                                      • OptionalidToken: Partial<IdTokenClaims>

                                                                                                                                                                                                                                                                                                                        Optional. Claims extracted from the ID token.

                                                                                                                                                                                                                                                                                                                      • OptionaluserInfo: UserinfoResponse

                                                                                                                                                                                                                                                                                                                        Optional. Claims returned from the UserInfo endpoint.

                                                                                                                                                                                                                                                                                                                        • Returns Promise<void> | void

                                                                                                                                                                                                                                                                                                                        Returns a promise or void. Execution continues once the callback completes.

                                                                                                                                                                                                                                                                                                                        -

                                                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                                                        diff --git a/docs/html/types/_monocloud_auth-node-core.index.SecurityAlgorithms.html b/docs/html/types/_monocloud_auth-node-core.index.SecurityAlgorithms.html index d151edcf..f1ea37d8 100644 --- a/docs/html/types/_monocloud_auth-node-core.index.SecurityAlgorithms.html +++ b/docs/html/types/_monocloud_auth-node-core.index.SecurityAlgorithms.html @@ -12,4 +12,4 @@

                                                                                                                                                                                                                                                                                                                        Produces smaller tokens and faster verification.

                                                                                                                                                                                                                                                                                                                      • "ES384"

                                                                                                                                                                                                                                                                                                                        ECDSA using P-384 curve and SHA-384.

                                                                                                                                                                                                                                                                                                                      • "ES512"

                                                                                                                                                                                                                                                                                                                        ECDSA using P-521 curve and SHA-512.

                                                                                                                                                                                                                                                                                                                        -

                                                                                                                                                                                                                                                                                                                        • Settings

                                                                                                                                                                                                                                                                                                                        +

                                                                                                                                                                                                                                                                                                                        Settings

                                                                                                                                                                                                                                                                                                                        diff --git a/docs/markdown/Classes/_monocloud_auth-js-core.index.LocalStorage.md b/docs/markdown/Classes/_monocloud_auth-js-core.index.LocalStorage.md new file mode 100644 index 00000000..77792f5f --- /dev/null +++ b/docs/markdown/Classes/_monocloud_auth-js-core.index.LocalStorage.md @@ -0,0 +1,94 @@ +--- +rootSdk: js-core +title: "LocalStorage" +category: Classes +--- + +# Class: LocalStorage + +`window.localStorage`-backed implementation of [IStorage](/sdks/js-core/api-reference/types/istorage). + +This is the default storage used by `MonoCloudJSCoreClient`. + +## Implements + +- [`IStorage`](/sdks/js-core/api-reference/types/istorage) + +## Constructors + +### Constructor + +> **new LocalStorage**(): `LocalStorage` + +#### Returns + +`LocalStorage` + +## Methods + +### getItem() + +> **getItem**(`key`: `string`): `Promise`\<`string` \| `null`\> + +Retrieves the value associated with the given key. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ------------------------------------------ | +| `key` | `string` | The unique identifier for the stored item. | + +#### Returns + +`Promise`\<`string` \| `null`\> + +The stored value as a string, or `null` if the key does not exist. + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`getItem`](/sdks/js-core/api-reference/types/istorage#getitem) + +--- + +### removeItem() + +> **removeItem**(`key`: `string`): `Promise`\<`void`\> + +Removes the item associated with the specified key from storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | -------------------------------------------- | +| `key` | `string` | The unique identifier of the item to remove. | + +#### Returns + +`Promise`\<`void`\> + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`removeItem`](/sdks/js-core/api-reference/types/istorage#removeitem) + +--- + +### setItem() + +> **setItem**(`key`: `string`, `value`: `string`): `Promise`\<`void`\> + +Stores a key-value pair in the storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ----------------------------------- | +| `key` | `string` | The unique identifier for the item. | +| `value` | `string` | The string value to store. | + +#### Returns + +`Promise`\<`void`\> + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`setItem`](/sdks/js-core/api-reference/types/istorage#setitem) diff --git a/docs/markdown/Classes/_monocloud_auth-js-core.index.MemoryStorage.md b/docs/markdown/Classes/_monocloud_auth-js-core.index.MemoryStorage.md new file mode 100644 index 00000000..a7b55b7f --- /dev/null +++ b/docs/markdown/Classes/_monocloud_auth-js-core.index.MemoryStorage.md @@ -0,0 +1,94 @@ +--- +rootSdk: js-core +title: "MemoryStorage" +category: Classes +--- + +# Class: MemoryStorage + +In-memory implementation of [IStorage](/sdks/js-core/api-reference/types/istorage). + +Useful for testing or for sessions that should not persist across page reloads. + +## Implements + +- [`IStorage`](/sdks/js-core/api-reference/types/istorage) + +## Constructors + +### Constructor + +> **new MemoryStorage**(): `MemoryStorage` + +#### Returns + +`MemoryStorage` + +## Methods + +### getItem() + +> **getItem**(`key`: `string`): `Promise`\<`string` \| `null`\> + +Retrieves the value associated with the given key. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ------------------------------------------ | +| `key` | `string` | The unique identifier for the stored item. | + +#### Returns + +`Promise`\<`string` \| `null`\> + +The stored value as a string, or `null` if the key does not exist. + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`getItem`](/sdks/js-core/api-reference/types/istorage#getitem) + +--- + +### removeItem() + +> **removeItem**(`key`: `string`): `Promise`\<`void`\> + +Removes the item associated with the specified key from storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | -------------------------------------------- | +| `key` | `string` | The unique identifier of the item to remove. | + +#### Returns + +`Promise`\<`void`\> + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`removeItem`](/sdks/js-core/api-reference/types/istorage#removeitem) + +--- + +### setItem() + +> **setItem**(`key`: `string`, `value`: `string`): `Promise`\<`void`\> + +Stores a key-value pair in the storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ----------------------------------- | +| `key` | `string` | The unique identifier for the item. | +| `value` | `string` | The string value to store. | + +#### Returns + +`Promise`\<`void`\> + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`setItem`](/sdks/js-core/api-reference/types/istorage#setitem) diff --git a/docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.md b/docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.md new file mode 100644 index 00000000..ba3e6d2d --- /dev/null +++ b/docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudJSCoreClient.md @@ -0,0 +1,338 @@ +--- +rootSdk: js-core +title: "MonoCloudJSCoreClient" +category: Classes +--- + +# Class: MonoCloudJSCoreClient + +`MonoCloudJSCoreClient` is the core SDK entry point for integrating MonoCloud authentication into single-page applications (SPAs) and other browser-based JavaScript environments. + +It provides: + +- Redirection and popup-based sign-in and sign-out. +- Session and token management. +- Automatic PKCE and state validation. +- Silent and explicit token refreshing. + +## Initialization + +```typescript:src/auth.ts +import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; + +export const client = new MonoCloudJSCoreClient({ +tenantDomain: 'your-tenant.monocloud.com', +clientId: 'your-client-id', +appUrl: 'http://localhost:3000', +callbackPath: '/callback', +signOutCallbackPath: '/logout' +}); +``` + +## Constructors + +### Constructor + +> **new MonoCloudJSCoreClient**(`options`: [`MonoCloudJSCoreClientOptions`](/sdks/js-core/api-reference/types/monocloudjscoreclientoptions), `storage`: [`IStorage`](/sdks/js-core/api-reference/types/istorage), `postCallbackFn?`: [`PostCallback`](/sdks/js-core/api-reference/handler-types/postcallback), `onSessionCreating?`: [`OnSessionCreating`](/sdks/js-core/api-reference/handler-types/onsessioncreating)): `MonoCloudJSCoreClient` + +Initializes a new instance of the MonoCloudJSCoreClient. + +#### Parameters + +| Parameter | Type | Description | +| -------------------- | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| `options` | [`MonoCloudJSCoreClientOptions`](/sdks/js-core/api-reference/types/monocloudjscoreclientoptions) | Configuration options for the client. | +| `storage` | [`IStorage`](/sdks/js-core/api-reference/types/istorage) | Custom storage implementation for session persistence. Defaults to `new LocalStorage()`. | +| `postCallbackFn?` | [`PostCallback`](/sdks/js-core/api-reference/handler-types/postcallback) | A callback function executed after a successful sign-in or sign-out. Useful for client-side routing integration. | +| `onSessionCreating?` | [`OnSessionCreating`](/sdks/js-core/api-reference/handler-types/onsessioncreating) | A hook used to modify or validate the session during creation. | + +#### Returns + +`MonoCloudJSCoreClient` + +#### Examples + +```typescript:src/auth.ts tab="Default Integration" tab-group="constructor" +import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; + +const client = new MonoCloudJSCoreClient({ +tenantDomain: 'your-tenant.monocloud.com', +clientId: 'your-client-id', +appUrl: 'http://localhost:3000', +}); +``` + +```typescript:src/auth.ts tab="Custom Storage & Router" tab-group="constructor" +import { MonoCloudJSCoreClient } from '@monocloud/auth-js-core'; +import { MemoryStorage } from './storage'; +import { router } from './router'; + +const client = new MonoCloudJSCoreClient( +options, +new MemoryStorage(), +(state) => { + // Use router to navigate instead of full page reload. + router.push(state.returnUrl || '/dashboard'); +} +); +``` + +## Properties + +| Property | Type | Description | +| ------------------------------------ | ----------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- | +| `oidcClient` | [`MonoCloudOidcClient`](/sdks/js-core/api-reference/classes/monocloudoidcclient) | Underlying OpenID Connect client used for advanced authorization and token operations. | + +## Methods + +### getSession() + +> **getSession**(): `Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession) \| `undefined`\> + +Retrieves the current session object from configured storage. + +#### Returns + +`Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession) \| `undefined`\> + +The active session or `undefined` if not authenticated. + +#### Example + +```typescript:src/app.ts +const session = await client.getSession(); +if (session) { + console.log('User is logged in:', session.user); +} +``` + +--- + +### getTokens() + +> **getTokens**(`options?`: [`GetTokensOptions`](/sdks/js-core/api-reference/types/gettokensoptions)): `Promise`\<[`MonoCloudTokens`](/sdks/js-core/api-reference/types/monocloudtokens)\> + +Retrieves the active tokens for the session. + +If the tokens are expired or about to expire, this method will attempt to refresh them automatically before returning. + +#### Parameters + +| Parameter | Type | Description | +| ---------- | -------------------------------------------------------------------------------- | --------------------------------------------------------- | +| `options?` | [`GetTokensOptions`](/sdks/js-core/api-reference/types/gettokensoptions) | Options to control token retrieval (e.g., force refresh). | + +#### Returns + +`Promise`\<[`MonoCloudTokens`](/sdks/js-core/api-reference/types/monocloudtokens)\> + +The active tokens. + +#### Examples + +```typescript:src/app.ts tab="Default Tokens" tab-group="getTokens" +const tokens = await client.getTokens(); +console.log(tokens.accessToken); +``` + +```typescript:src/app.ts tab="Force Refresh" tab-group="getTokens" +const tokens = await client.getTokens({ forceRefresh: true }); +``` + +```typescript:src/app.ts tab="Specific Resource" tab-group="getTokens" +const tokens = await client.getTokens({ + resource: 'https://api.example.com', + scopes: 'read:data' +}); +``` + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) If the session does not exist. + +--- + +### processCallback() + +> **processCallback**(): `Promise`\<`void`\> + +Processes the authentication callback. + +This method must be called on application startup (usually in the entry point or router) +to handle the response from the identity provider after a redirect flow. + +- **Main Window:** Validates the state and code, exchanges them for tokens, and establishes the session. +- **Popup/Iframe:** Posts the callback URL back to the parent/opener window to complete the flow. + +#### Returns + +`Promise`\<`void`\> + +A promise that resolves when the callback processing is complete. + +#### Example + +```typescript:src/main.ts +import { client } from './auth'; + +async function init() { + // Process any pending redirect callbacks before rendering. + await client.processCallback(); + + // Continue mounting the app. + renderApp(); +} + +init(); +``` + +--- + +### refetchUserInfo() + +> **refetchUserInfo**(): `Promise`\<`void`\> + +Refetches user information from the UserInfo endpoint and updates the local session. + +#### Returns + +`Promise`\<`void`\> + +#### Example + +```typescript:src/app.ts +await client.refetchUserInfo(); +const session = await client.getSession(); +console.log('Updated user data:', session.user); +``` + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) If the session is invalid or the default token is missing. + +--- + +### refreshSession() + +> **refreshSession**(`refreshOptions?`: [`RefreshOptions`](/sdks/js-core/api-reference/types/refreshoptions)): `Promise`\<`void`\> + +Refreshes the user's session. + +This method can be used to explicitly refresh tokens using various methods: + +- `silent`: Uses a hidden iframe (requires third-party cookies). +- `refresh_token`: Uses the Refresh Token Grant (requires `offline_access` scope). +- `popup`: Opens a transient popup to refresh the session interactively. + +#### Parameters + +| Parameter | Type | Description | +| ----------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | +| `refreshOptions?` | [`RefreshOptions`](/sdks/js-core/api-reference/types/refreshoptions) | Optional configuration for the refresh flow. | + +#### Returns + +`Promise`\<`void`\> + +#### Examples + +```typescript:src/app.ts tab="Silent (Iframe)" tab-group="refreshSession" +await client.refreshSession({ mode: 'silent' }); +``` + +```typescript:src/app.ts tab="Refresh Token" tab-group="refreshSession" +await client.refreshSession({ mode: 'refresh_token' }); +``` + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) If the session is invalid or missing required tokens. + +#### Throws + +[MonoCloudJsError](/sdks/js-core/api-reference/error-classes/monocloudjserror) If called from within a popup or iframe. + +--- + +### signIn() + +> **signIn**(`signInOptions?`: [`SignInOptions`](/sdks/js-core/api-reference/types/signinoptions)): `Promise`\<`void`\> + +Initiates the sign-in flow. + +#### Parameters + +| Parameter | Type | Description | +| ---------------- | -------------------------------------------------------------------------- | ----------------------------------------------- | +| `signInOptions?` | [`SignInOptions`](/sdks/js-core/api-reference/types/signinoptions) | Optional configuration for the sign-in request. | + +#### Returns + +`Promise`\<`void`\> + +#### Examples + +```typescript:src/app.ts tab="Redirect Flow" tab-group="signIn" +document.getElementById('login-btn').addEventListener('click', async () => { + // Standard top-level redirect to the authorization server. + await client.signIn(); +}); +``` + +```typescript:src/app.ts tab="Popup Flow" tab-group="signIn" +document.getElementById('login-popup-btn').addEventListener('click', async () => { + // Opens a centered popup for authentication. + await client.signIn({ mode: 'popup' }); + console.log('User finished popup flow!'); +}); +``` + +```typescript:src/app.ts tab="Sign Up" tab-group="signIn" +document.getElementById('register-btn').addEventListener('click', async () => { + // Forces the identity provider to show the registration/sign-up screen. + await client.signIn({ signUp: true }); +}); +``` + +#### Throws + +[MonoCloudJsError](/sdks/js-core/api-reference/error-classes/monocloudjserror) If called from within a popup or iframe. + +--- + +### signOut() + +> **signOut**(`signOutOptions?`: [`SignOutOptions`](/sdks/js-core/api-reference/types/signoutoptions)): `Promise`\<`void`\> + +Initiates the sign-out flow. + +Clears the local session and optionally redirects the user to the identity provider to end the session there (Federated Sign-Out). + +#### Parameters + +| Parameter | Type | Description | +| ----------------- | ---------------------------------------------------------------------------- | ------------------------------------------------ | +| `signOutOptions?` | [`SignOutOptions`](/sdks/js-core/api-reference/types/signoutoptions) | Optional configuration for the sign-out request. | + +#### Returns + +`Promise`\<`void`\> + +#### Examples + +```typescript:src/app.ts tab="Redirect Flow" tab-group="signOut" +document.getElementById('logout-btn').addEventListener('click', async () => { + await client.signOut(); +}); +``` + +```typescript:src/app.ts tab="Popup Flow" tab-group="signOut" +document.getElementById('logout-popup-btn').addEventListener('click', async () => { + // Opens a popup to perform federated sign-out and keep the user on the current page. + await client.signOut({ mode: 'popup' }); +}); +``` + +#### Throws + +[MonoCloudJsError](/sdks/js-core/api-reference/error-classes/monocloudjserror) If called from within a popup or iframe. diff --git a/docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.md b/docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.md new file mode 100644 index 00000000..42d9a136 --- /dev/null +++ b/docs/markdown/Classes/_monocloud_auth-js-core.index.MonoCloudOidcClient.md @@ -0,0 +1,474 @@ +--- +rootSdk: js-core +title: "MonoCloudOidcClient" +category: Classes +--- + +# Class: MonoCloudOidcClient + +## Constructors + +### Constructor + +> **new MonoCloudOidcClient**(`tenantDomain`: `string`, `clientId`: `string`, `options?`: [`MonoCloudClientOptions`](/sdks/js-core/api-reference/types/monocloudclientoptions)): `MonoCloudOidcClient` + +#### Parameters + +| Parameter | Type | +| -------------- | -------------------------------------------------------------------------------------------- | +| `tenantDomain` | `string` | +| `clientId` | `string` | +| `options?` | [`MonoCloudClientOptions`](/sdks/js-core/api-reference/types/monocloudclientoptions) | + +#### Returns + +`MonoCloudOidcClient` + +## Methods + +### authenticate() + +> **authenticate**(`code`: `string`, `redirectUri`: `string`, `requestedScopes`: `string`, `resource?`: `string`, `options?`: [`AuthenticateOptions`](/sdks/js-core/api-reference/types/authenticateoptions)): `Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +Generates a session with user and tokens by exchanging authorization code from callback params. + +#### Parameters + +| Parameter | Type | Description | +| ----------------- | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `code` | `string` | The authorization code received from the callback. | +| `redirectUri` | `string` | The redirect URI that was used in the authorization request. | +| `requestedScopes` | `string` | A space-separated list of scopes originally requested via the `/authorize` endpoint. This is stored in the session to ensure the correct access token can be identified and refreshed during `refreshSession()`. | +| `resource?` | `string` | A space-separated list of resource indicators originally requested via the `/authorize` endpoint. Used alongside scopes to uniquely identify and refresh the specific access token associated with these resources. | +| `options?` | [`AuthenticateOptions`](/sdks/js-core/api-reference/types/authenticateoptions) | Options for authenticating a user with authorization code. | + +#### Returns + +`Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +The user's session containing authentication tokens and user information. + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) - When the token scope does not contain the openid scope, +or if 'expires_in' or 'scope' is missing from the token response. + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized. +OAuth 2.0 error response. + +#### Throws + +[MonoCloudTokenError](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) - If ID Token validation fails. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### authorizationUrl() + +> **authorizationUrl**(`params`: [`AuthorizationParams`](/sdks/js-core/api-reference/types/authorizationparams)): `Promise`\<`string`\> + +Generates an authorization URL with specified parameters. + +If no values are provided for `responseType`, or `codeChallengeMethod`, they default to `code`, and `S256`, respectively. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------------------------------------------------------------------------------------- | ----------------------------- | +| `params` | [`AuthorizationParams`](/sdks/js-core/api-reference/types/authorizationparams) | Authorization URL parameters. | + +#### Returns + +`Promise`\<`string`\> + +Tenant's authorization URL. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### decodeJwt() + +> `static` **decodeJwt**(`jwt`: `string`): [`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims) + +Decodes the payload of a JSON Web Token (JWT) and returns it as an object. + +> Note: THIS METHOD DOES NOT VERIFY JWT TOKENS. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | -------------- | +| `jwt` | `string` | JWT to decode. | + +#### Returns + +[`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims) + +Decoded payload. + +#### Throws + +[MonoCloudTokenError](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) - If decoding fails + +--- + +### endSessionUrl() + +> **endSessionUrl**(`params`: [`EndSessionParameters`](/sdks/js-core/api-reference/types/endsessionparameters)): `Promise`\<`string`\> + +Generates OpenID end session URL for signing out. + +Note - The `state` is added only when `postLogoutRedirectUri` is present. + +#### Parameters + +| Parameter | Type | Description | +| --------- | ---------------------------------------------------------------------------------------- | ------------------------------------ | +| `params` | [`EndSessionParameters`](/sdks/js-core/api-reference/types/endsessionparameters) | Parameters to build end session URL. | + +#### Returns + +`Promise`\<`string`\> + +Tenant's end session URL. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### exchangeAuthorizationCode() + +> **exchangeAuthorizationCode**(`code`: `string`, `redirectUri`: `string`, `codeVerifier?`: `string`, `resource?`: `string`): `Promise`\<[`Tokens`](/sdks/js-core/api-reference/types/tokens)\> + +Exchanges an authorization code for tokens. + +#### Parameters + +| Parameter | Type | Description | +| --------------- | -------- | ----------------------------------------------------------------------- | +| `code` | `string` | The authorization code received from the authorization server. | +| `redirectUri` | `string` | The redirect URI used in the initial authorization request. | +| `codeVerifier?` | `string` | Code verifier for PKCE. | +| `resource?` | `string` | Space-separated list of resources the access token should be scoped to. | + +#### Returns + +`Promise`\<[`Tokens`](/sdks/js-core/api-reference/types/tokens)\> + +Tokens obtained by exchanging an authorization code at the token endpoint. + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized +OAuth 2.0 error response. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### getJwks() + +> **getJwks**(`forceRefresh`: `boolean`): `Promise`\<[`Jwks`](/sdks/js-core/api-reference/types/jwks)\> + +Fetches the JSON Web Keys used to sign the ID token. +The JWKS is cached for 1 minute. + +#### Parameters + +| Parameter | Type | Description | +| -------------- | --------- | ---------------------------------------------------------------------------- | +| `forceRefresh` | `boolean` | If `true`, bypasses the cache and fetches fresh set of JWKS from the server. | + +#### Returns + +`Promise`\<[`Jwks`](/sdks/js-core/api-reference/types/jwks)\> + +The JSON Web Key Set containing the public keys for token verification. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### getMetadata() + +> **getMetadata**(`forceRefresh`: `boolean`): `Promise`\<[`IssuerMetadata`](/sdks/js-core/api-reference/types/issuermetadata)\> + +Fetches the authorization server metadata from the .well-known endpoint. +The metadata is cached for 1 minute. + +#### Parameters + +| Parameter | Type | Description | +| -------------- | --------- | ------------------------------------------------------------------------- | +| `forceRefresh` | `boolean` | If `true`, bypasses the cache and fetches fresh metadata from the server. | + +#### Returns + +`Promise`\<[`IssuerMetadata`](/sdks/js-core/api-reference/types/issuermetadata)\> + +The issuer metadata for the tenant, retrieved from the OpenID Connect discovery endpoint. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### pushedAuthorizationRequest() + +> **pushedAuthorizationRequest**(`params`: [`PushedAuthorizationParams`](/sdks/js-core/api-reference/types/pushedauthorizationparams)): `Promise`\<[`ParResponse`](/sdks/js-core/api-reference/types/parresponse)\> + +Performs a pushed authorization request. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------------------------------------------------------------------------------------------------- | ------------------------- | +| `params` | [`PushedAuthorizationParams`](/sdks/js-core/api-reference/types/pushedauthorizationparams) | Authorization Parameters. | + +#### Returns + +`Promise`\<[`ParResponse`](/sdks/js-core/api-reference/types/parresponse)\> + +Response from Pushed Authorization Request (PAR) endpoint. + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the request is invalid. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### refetchUserInfo() + +> **refetchUserInfo**(`accessToken`: [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken), `session`: [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession), `options?`: [`RefetchUserInfoOptions`](/sdks/js-core/api-reference/types/refetchuserinfooptions)): `Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +Refetches user information for an existing session using the userinfo endpoint. +Updates the session's user object with the latest user information while preserving existing properties. + +#### Parameters + +| Parameter | Type | Description | +| ------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------- | +| `accessToken` | [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken) | Access token used to fetch the userinfo. | +| `session` | [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession) | The current MonoCloudSession. | +| `options?` | [`RefetchUserInfoOptions`](/sdks/js-core/api-reference/types/refetchuserinfooptions) | Userinfo refetch options. | + +#### Returns + +`Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +Updated session with the latest userinfo. + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) - When the token scope does not contain openid scope + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized +OAuth 2.0 error response. + +#### Throws + +[MonoCloudTokenError](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) - If ID Token validation fails + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### refreshGrant() + +> **refreshGrant**(`refreshToken`: `string`, `options?`: [`RefreshGrantOptions`](/sdks/js-core/api-reference/types/refreshgrantoptions)): `Promise`\<[`Tokens`](/sdks/js-core/api-reference/types/tokens)\> + +Exchanges a refresh token for new tokens. + +#### Parameters + +| Parameter | Type | Description | +| -------------- | -------------------------------------------------------------------------------------- | --------------------------------------------- | +| `refreshToken` | `string` | The refresh token used to request new tokens. | +| `options?` | [`RefreshGrantOptions`](/sdks/js-core/api-reference/types/refreshgrantoptions) | Refresh grant options. | + +#### Returns + +`Promise`\<[`Tokens`](/sdks/js-core/api-reference/types/tokens)\> + +Tokens obtained by exchanging a refresh token at the token endpoint. + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized +OAuth 2.0 error response. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### refreshSession() + +> **refreshSession**(`session`: [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession), `options?`: [`RefreshSessionOptions`](/sdks/js-core/api-reference/types/refreshsessionoptions)): `Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +Refreshes an existing session using the refresh token. +This function requests new tokens using the refresh token and optionally updates user information. + +#### Parameters + +| Parameter | Type | Description | +| ---------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | +| `session` | [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession) | The current MonoCloudSession containing the refresh token. | +| `options?` | [`RefreshSessionOptions`](/sdks/js-core/api-reference/types/refreshsessionoptions) | Session refresh options. | + +#### Returns + +`Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +User's session containing refreshed authentication tokens and user information. + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) - If the refresh token is not present in the session, +or if 'expires_in' or 'scope' (including the openid scope) is missing from the token response. + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized +OAuth 2.0 error response. + +#### Throws + +[MonoCloudTokenError](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) - If ID Token validation fails + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### revokeToken() + +> **revokeToken**(`token`: `string`, `tokenType?`: `string`): `Promise`\<`void`\> + +Revokes an access token or refresh token, rendering it invalid for future use. + +#### Parameters + +| Parameter | Type | Description | +| ------------ | -------- | -------------------------------------------------------------- | +| `token` | `string` | The token string to be revoked. | +| `tokenType?` | `string` | Hint about the token type ('access_token' or 'refresh_token'). | + +#### Returns + +`Promise`\<`void`\> + +If token revocation succeeded. + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) - If token is invalid or unsupported token type + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized +OAuth 2.0 error response. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +--- + +### userinfo() + +> **userinfo**(`accessToken`: `string`): `Promise`\<[`UserinfoResponse`](/sdks/js-core/api-reference/types/userinforesponse)\<[`Address`](/sdks/nodejs/api-reference/types/address)\>\> + +Fetches userinfo associated with the provided access token. + +#### Parameters + +| Parameter | Type | Description | +| ------------- | -------- | ----------------------------------------------- | +| `accessToken` | `string` | A valid access token used to retrieve userinfo. | + +#### Returns + +`Promise`\<[`UserinfoResponse`](/sdks/js-core/api-reference/types/userinforesponse)\<[`Address`](/sdks/nodejs/api-reference/types/address)\>\> + +The authenticated user's claims. + +#### Throws + +[MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) - When the OpenID Provider returns a standardized +OAuth 2.0 error (e.g., 'invalid_token') in the 'WWW-Authenticate' header +following a 401 Unauthorized response. + +#### Throws + +[MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) - Thrown if there is a network error during the request or +unexpected status code during the request or a serialization error while processing the response. + +#### Throws + +[MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) - When the access token is invalid. + +--- + +### validateIdToken() + +> **validateIdToken**(`idToken`: `string`, `jwks`: [`Jwk`](/sdks/js-core/api-reference/types/jwk)[], `clockSkew`: `number`, `clockTolerance`: `number`, `maxAge?`: `number`, `nonce?`: `string`): `Promise`\<[`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims)\> + +Validates an ID Token. + +#### Parameters + +| Parameter | Type | Description | +| ---------------- | -------------------------------------------------------- | ------------------------------------------------------------------------------ | +| `idToken` | `string` | The ID Token JWT string to validate. | +| `jwks` | [`Jwk`](/sdks/js-core/api-reference/types/jwk)[] | Array of JSON Web Keys (JWK) used to verify the token's signature. | +| `clockSkew` | `number` | Number of seconds to adjust the current time to account for clock differences. | +| `clockTolerance` | `number` | Additional time tolerance in seconds for time-based claim validation. | +| `maxAge?` | `number` | Maximum authentication age in seconds. | +| `nonce?` | `string` | Nonce value to validate against the token's nonce claim. | + +#### Returns + +`Promise`\<[`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims)\> + +Validated ID Token claims. + +#### Throws + +[MonoCloudTokenError](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) - If ID Token validation fails diff --git a/docs/markdown/Classes/_monocloud_auth-js-core.index.SessionStorage.md b/docs/markdown/Classes/_monocloud_auth-js-core.index.SessionStorage.md new file mode 100644 index 00000000..bb0de317 --- /dev/null +++ b/docs/markdown/Classes/_monocloud_auth-js-core.index.SessionStorage.md @@ -0,0 +1,94 @@ +--- +rootSdk: js-core +title: "SessionStorage" +category: Classes +--- + +# Class: SessionStorage + +`window.sessionStorage`-backed implementation of [IStorage](/sdks/js-core/api-reference/types/istorage). + +Data persists for the lifetime of the current browser tab. + +## Implements + +- [`IStorage`](/sdks/js-core/api-reference/types/istorage) + +## Constructors + +### Constructor + +> **new SessionStorage**(): `SessionStorage` + +#### Returns + +`SessionStorage` + +## Methods + +### getItem() + +> **getItem**(`key`: `string`): `Promise`\<`string` \| `null`\> + +Retrieves the value associated with the given key. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ------------------------------------------ | +| `key` | `string` | The unique identifier for the stored item. | + +#### Returns + +`Promise`\<`string` \| `null`\> + +The stored value as a string, or `null` if the key does not exist. + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`getItem`](/sdks/js-core/api-reference/types/istorage#getitem) + +--- + +### removeItem() + +> **removeItem**(`key`: `string`): `Promise`\<`void`\> + +Removes the item associated with the specified key from storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | -------------------------------------------- | +| `key` | `string` | The unique identifier of the item to remove. | + +#### Returns + +`Promise`\<`void`\> + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`removeItem`](/sdks/js-core/api-reference/types/istorage#removeitem) + +--- + +### setItem() + +> **setItem**(`key`: `string`, `value`: `string`): `Promise`\<`void`\> + +Stores a key-value pair in the storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ----------------------------------- | +| `key` | `string` | The unique identifier for the item. | +| `value` | `string` | The string value to store. | + +#### Returns + +`Promise`\<`void`\> + +#### Implementation of + +[`IStorage`](/sdks/js-core/api-reference/types/istorage).[`setItem`](/sdks/js-core/api-reference/types/istorage#setitem) diff --git a/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.md b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.md new file mode 100644 index 00000000..ae245e3c --- /dev/null +++ b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudAuthBaseError.md @@ -0,0 +1,43 @@ +--- +rootSdk: js-core +title: "MonoCloudAuthBaseError" +category: Error Classes +--- + +# Error Class: MonoCloudAuthBaseError + +Base class for all MonoCloud authentication errors. + +All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using `instanceof`. + +## Extends + +- `Error` + +## Extended by + +- [`MonoCloudTokenError`](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) +- [`MonoCloudHttpError`](/sdks/js-core/api-reference/error-classes/monocloudhttperror) +- [`MonoCloudOPError`](/sdks/js-core/api-reference/error-classes/monocloudoperror) +- [`MonoCloudValidationError`](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) +- [`MonoCloudJsError`](/sdks/js-core/api-reference/error-classes/monocloudjserror) + +## Constructors + +### Constructor + +> **new MonoCloudAuthBaseError**(`message?`: `string`): `MonoCloudAuthBaseError` + +#### Parameters + +| Parameter | Type | +| ---------- | -------- | +| `message?` | `string` | + +#### Returns + +`MonoCloudAuthBaseError` + +#### Inherited from + +`Error.constructor` diff --git a/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudHttpError.md b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudHttpError.md new file mode 100644 index 00000000..dc6340e0 --- /dev/null +++ b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudHttpError.md @@ -0,0 +1,35 @@ +--- +rootSdk: js-core +title: "MonoCloudHttpError" +category: Error Classes +--- + +# Error Class: MonoCloudHttpError + +Error thrown when a request to the MonoCloud authorization server fails. + +This error typically indicates a network failure, an unexpected HTTP response, or an unsuccessful response returned by the authorization server. + +## Extends + +- [`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror) + +## Constructors + +### Constructor + +> **new MonoCloudHttpError**(`message?`: `string`): `MonoCloudHttpError` + +#### Parameters + +| Parameter | Type | +| ---------- | -------- | +| `message?` | `string` | + +#### Returns + +`MonoCloudHttpError` + +#### Inherited from + +[`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror).[`constructor`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror#constructor) diff --git a/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudJsError.md b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudJsError.md new file mode 100644 index 00000000..d883c831 --- /dev/null +++ b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudJsError.md @@ -0,0 +1,35 @@ +--- +rootSdk: js-core +title: "MonoCloudJsError" +category: Error Classes +--- + +# Error Class: MonoCloudJsError + +Base class for all MonoCloud authentication errors. + +All errors thrown by the MonoCloud SDK extend this class, allowing applications to safely detect and handle MonoCloud-specific failures using `instanceof`. + +## Extends + +- [`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror) + +## Constructors + +### Constructor + +> **new MonoCloudJsError**(`message?`: `string`): `MonoCloudJsError` + +#### Parameters + +| Parameter | Type | +| ---------- | -------- | +| `message?` | `string` | + +#### Returns + +`MonoCloudJsError` + +#### Inherited from + +[`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror).[`constructor`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror#constructor) diff --git a/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudOPError.md b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudOPError.md new file mode 100644 index 00000000..fbd7dd04 --- /dev/null +++ b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudOPError.md @@ -0,0 +1,43 @@ +--- +rootSdk: js-core +title: "MonoCloudOPError" +category: Error Classes +--- + +# Error Class: MonoCloudOPError + +OAuth error returned by the authorization server during an authentication or token request. + +These errors correspond to standard OAuth / OpenID Connect error responses such as `invalid_request`, `access_denied`, or `invalid_grant`. + +## Extends + +- [`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror) + +## Constructors + +### Constructor + +> **new MonoCloudOPError**(`error`: `string`, `errorDescription?`: `string`): `MonoCloudOPError` + +#### Parameters + +| Parameter | Type | +| ------------------- | -------- | +| `error` | `string` | +| `errorDescription?` | `string` | + +#### Returns + +`MonoCloudOPError` + +#### Overrides + +[`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror).[`constructor`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror#constructor) + +## Properties + +| Property | Type | Description | +| ------------------------------------------------- | -------- | ------------------------------------------------------ | +| `error` | `string` | OAuth error code returned by the authorization server. | +| `errorDescription?` | `string` | Human-readable description of the error. | diff --git a/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudTokenError.md b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudTokenError.md new file mode 100644 index 00000000..3a8ec469 --- /dev/null +++ b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudTokenError.md @@ -0,0 +1,33 @@ +--- +rootSdk: js-core +title: "MonoCloudTokenError" +category: Error Classes +--- + +# Error Class: MonoCloudTokenError + +Error thrown when a token operation fails. + +## Extends + +- [`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror) + +## Constructors + +### Constructor + +> **new MonoCloudTokenError**(`message?`: `string`): `MonoCloudTokenError` + +#### Parameters + +| Parameter | Type | +| ---------- | -------- | +| `message?` | `string` | + +#### Returns + +`MonoCloudTokenError` + +#### Inherited from + +[`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror).[`constructor`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror#constructor) diff --git a/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudValidationError.md b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudValidationError.md new file mode 100644 index 00000000..46db843e --- /dev/null +++ b/docs/markdown/Error_Classes/_monocloud_auth-js-core.index.MonoCloudValidationError.md @@ -0,0 +1,33 @@ +--- +rootSdk: js-core +title: "MonoCloudValidationError" +category: Error Classes +--- + +# Error Class: MonoCloudValidationError + +Error thrown when validation fails. + +## Extends + +- [`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror) + +## Constructors + +### Constructor + +> **new MonoCloudValidationError**(`message?`: `string`): `MonoCloudValidationError` + +#### Parameters + +| Parameter | Type | +| ---------- | -------- | +| `message?` | `string` | + +#### Returns + +`MonoCloudValidationError` + +#### Inherited from + +[`MonoCloudAuthBaseError`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror).[`constructor`](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror#constructor) diff --git a/docs/markdown/Other/_monocloud_auth-js-core.index.md b/docs/markdown/Other/_monocloud_auth-js-core.index.md new file mode 100644 index 00000000..8bdc378e --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.index.md @@ -0,0 +1,78 @@ +--- +rootSdk: js-core +title: "index" +category: Other +--- + +# index + +## Classes + +- [LocalStorage](/sdks/js-core/api-reference/classes/localstorage) +- [MemoryStorage](/sdks/js-core/api-reference/classes/memorystorage) +- [MonoCloudJSCoreClient](/sdks/js-core/api-reference/classes/monocloudjscoreclient) +- [MonoCloudOidcClient](/sdks/js-core/api-reference/classes/monocloudoidcclient) +- [SessionStorage](/sdks/js-core/api-reference/classes/sessionstorage) + +## Error Classes + +- [MonoCloudAuthBaseError](/sdks/js-core/api-reference/error-classes/monocloudauthbaseerror) +- [MonoCloudHttpError](/sdks/js-core/api-reference/error-classes/monocloudhttperror) +- [MonoCloudJsError](/sdks/js-core/api-reference/error-classes/monocloudjserror) +- [MonoCloudOPError](/sdks/js-core/api-reference/error-classes/monocloudoperror) +- [MonoCloudTokenError](/sdks/js-core/api-reference/error-classes/monocloudtokenerror) +- [MonoCloudValidationError](/sdks/js-core/api-reference/error-classes/monocloudvalidationerror) + +## Types + +- [AccessToken](/sdks/js-core/api-reference/types/accesstoken) +- [ApplicationState](/sdks/js-core/api-reference/types/applicationstate) +- [AuthenticateOptions](/sdks/js-core/api-reference/types/authenticateoptions) +- [AuthorizationParams](/sdks/js-core/api-reference/types/authorizationparams) +- [AuthState](/sdks/js-core/api-reference/types/authstate) +- [CallbackParams](/sdks/js-core/api-reference/types/callbackparams) +- [CallbackState](/sdks/js-core/api-reference/types/callbackstate) +- [EndSessionParameters](/sdks/js-core/api-reference/types/endsessionparameters) +- [GetTokensOptions](/sdks/js-core/api-reference/types/gettokensoptions) +- [Group](/sdks/js-core/api-reference/types/group) +- [IdTokenClaims](/sdks/js-core/api-reference/types/idtokenclaims) +- [Indicator](/sdks/js-core/api-reference/types/indicator) +- [IssuerMetadata](/sdks/js-core/api-reference/types/issuermetadata) +- [IStorage](/sdks/js-core/api-reference/types/istorage) +- [Jwk](/sdks/js-core/api-reference/types/jwk) +- [Jwks](/sdks/js-core/api-reference/types/jwks) +- [JwsHeaderParameters](/sdks/js-core/api-reference/types/jwsheaderparameters) +- [MonoCloudClientOptions](/sdks/js-core/api-reference/types/monocloudclientoptions) +- [MonoCloudJSCoreClientOptions](/sdks/js-core/api-reference/types/monocloudjscoreclientoptions) +- [MonoCloudSession](/sdks/js-core/api-reference/types/monocloudsession) +- [MonoCloudTokens](/sdks/js-core/api-reference/types/monocloudtokens) +- [MonoCloudUser](/sdks/js-core/api-reference/types/monoclouduser) +- [ParResponse](/sdks/js-core/api-reference/types/parresponse) +- [PostCallbackParams](/sdks/js-core/api-reference/types/postcallbackparams) +- [PushedAuthorizationParams](/sdks/js-core/api-reference/types/pushedauthorizationparams) +- [RefetchUserInfoOptions](/sdks/js-core/api-reference/types/refetchuserinfooptions) +- [RefreshGrantOptions](/sdks/js-core/api-reference/types/refreshgrantoptions) +- [RefreshOptions](/sdks/js-core/api-reference/types/refreshoptions) +- [RefreshSessionOptions](/sdks/js-core/api-reference/types/refreshsessionoptions) +- [SignInOptions](/sdks/js-core/api-reference/types/signinoptions) +- [SignOutOptions](/sdks/js-core/api-reference/types/signoutoptions) +- [Tokens](/sdks/js-core/api-reference/types/tokens) +- [UserinfoResponse](/sdks/js-core/api-reference/types/userinforesponse) + +## Types (Enums) + +- [Authenticators](/sdks/js-core/api-reference/enums/authenticators) +- [ClientAuthMethod](/sdks/js-core/api-reference/enums/clientauthmethod) +- [CodeChallengeMethod](/sdks/js-core/api-reference/enums/codechallengemethod) +- [DisplayOptions](/sdks/js-core/api-reference/enums/displayoptions) +- [InteractionMode](/sdks/js-core/api-reference/enums/interactionmode) +- [Prompt](/sdks/js-core/api-reference/enums/prompt) +- [RefreshMode](/sdks/js-core/api-reference/enums/refreshmode) +- [ResponseModes](/sdks/js-core/api-reference/enums/responsemodes) +- [ResponseTypes](/sdks/js-core/api-reference/enums/responsetypes) +- [SecurityAlgorithms](/sdks/js-core/api-reference/enums/securityalgorithms) + +## Types (Handler) + +- [OnSessionCreating](/sdks/js-core/api-reference/handler-types/onsessioncreating) +- [PostCallback](/sdks/js-core/api-reference/handler-types/postcallback) diff --git a/docs/markdown/Other/_monocloud_auth-js-core.md b/docs/markdown/Other/_monocloud_auth-js-core.md new file mode 100644 index 00000000..01f71d4d --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.md @@ -0,0 +1,13 @@ +--- +rootSdk: js-core +title: "@monocloud/auth-js-core" +category: Other +--- + +# auth-js-core + +## Modules + +- [index](/sdks/js-core/api-reference/undefined/index) +- [utils](/sdks/js-core/api-reference/undefined/utils) +- [utils/internal](/sdks/js-core/api-reference/undefined/utils_internal) diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.decrypt.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.decrypt.md new file mode 100644 index 00000000..2dbfee1c --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.decrypt.md @@ -0,0 +1,24 @@ +--- +rootSdk: js-core +title: "decrypt" +category: Other +--- + +# decrypt + +> **decrypt**(`encrypted`: `string`, `secret`: `string`): `Promise`\<`string` \| `undefined`\> + +Decrypts an encrypted string using a secret with AES-GCM. + +## Parameters + +| Parameter | Type | Description | +| ----------- | -------- | --------------------------------------------- | +| `encrypted` | `string` | The ciphertext to decrypt. | +| `secret` | `string` | The secret used to derive the decryption key. | + +## Returns + +`Promise`\<`string` \| `undefined`\> + +Decrypted plaintext string or undefined if decryption fails. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.decryptAuthState.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.decryptAuthState.md new file mode 100644 index 00000000..f84c097c --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.decryptAuthState.md @@ -0,0 +1,34 @@ +--- +rootSdk: js-core +title: "decryptAuthState" +category: Other +--- + +# decryptAuthState + +> **decryptAuthState**\<`T`\>(`encryptedAuthState`: `string`, `secret`: `string`): `Promise`\<`T`\> + +Decrypts an encrypted AuthState. + +## Type Parameters + +| Type Parameter | +| -------------------------------------------------------------------------------- | +| `T` _extends_ [`AuthState`](/sdks/js-core/api-reference/types/authstate) | + +## Parameters + +| Parameter | Type | Description | +| -------------------- | -------- | ------------------------------------------- | +| `encryptedAuthState` | `string` | The encrypted auth state string to decrypt. | +| `secret` | `string` | The secret used for decryption. | + +## Returns + +`Promise`\<`T`\> + +State object on success. + +## Throws + +If decryption fails or the auth state has expired. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.decryptSession.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.decryptSession.md new file mode 100644 index 00000000..88dd0bf5 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.decryptSession.md @@ -0,0 +1,28 @@ +--- +rootSdk: js-core +title: "decryptSession" +category: Other +--- + +# decryptSession + +> **decryptSession**(`encryptedSession`: `string`, `secret`: `string`): `Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +Decrypts an encrypted MonoCloud session. + +## Parameters + +| Parameter | Type | Description | +| ------------------ | -------- | ---------------------------------------- | +| `encryptedSession` | `string` | The encrypted session string to decrypt. | +| `secret` | `string` | The secret used for decryption. | + +## Returns + +`Promise`\<[`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession)\> + +Session object on success. + +## Throws + +If decryption fails or the session has expired. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.encrypt.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.encrypt.md new file mode 100644 index 00000000..1f12475e --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.encrypt.md @@ -0,0 +1,24 @@ +--- +rootSdk: js-core +title: "encrypt" +category: Other +--- + +# encrypt + +> **encrypt**(`data`: `string`, `secret`: `string`): `Promise`\<`string`\> + +Encrypts a given string using a secret with AES-GCM. + +## Parameters + +| Parameter | Type | Description | +| --------- | -------- | --------------------------------------------- | +| `data` | `string` | The plaintext data to encrypt. | +| `secret` | `string` | The secret used to derive the encryption key. | + +## Returns + +`Promise`\<`string`\> + +Base64-encoded ciphertext. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.encryptAuthState.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.encryptAuthState.md new file mode 100644 index 00000000..dfc9b8cd --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.encryptAuthState.md @@ -0,0 +1,31 @@ +--- +rootSdk: js-core +title: "encryptAuthState" +category: Other +--- + +# encryptAuthState + +> **encryptAuthState**\<`T`\>(`authState`: `T`, `secret`: `string`, `ttl?`: `number`): `Promise`\<`string`\> + +Encrypts an AuthState object with a secret and optional time-to-live (TTL). + +## Type Parameters + +| Type Parameter | +| -------------------------------------------------------------------------------- | +| `T` _extends_ [`AuthState`](/sdks/js-core/api-reference/types/authstate) | + +## Parameters + +| Parameter | Type | Description | +| ----------- | -------- | --------------------------------------------------------------------- | +| `authState` | `T` | A type that extends the AuthState interface. | +| `secret` | `string` | The secret used for encryption. | +| `ttl?` | `number` | Optional time-to-live in seconds, after which the auth state expires. | + +## Returns + +`Promise`\<`string`\> + +Encrypted auth state string. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.encryptSession.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.encryptSession.md new file mode 100644 index 00000000..d4aa30b6 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.encryptSession.md @@ -0,0 +1,25 @@ +--- +rootSdk: js-core +title: "encryptSession" +category: Other +--- + +# encryptSession + +> **encryptSession**(`session`: [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession), `secret`: `string`, `ttl?`: `number`): `Promise`\<`string`\> + +Encrypts a MonoCloud session object with a secret and optional time-to-live (TTL). + +## Parameters + +| Parameter | Type | Description | +| --------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------ | +| `session` | [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession) | The session object to encrypt. | +| `secret` | `string` | The secret used for encryption. | +| `ttl?` | `number` | Optional time-to-live in seconds, after which the session expires. | + +## Returns + +`Promise`\<`string`\> + +Encrypted session string. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.generateNonce.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.generateNonce.md new file mode 100644 index 00000000..fa4f6e32 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.generateNonce.md @@ -0,0 +1,15 @@ +--- +rootSdk: js-core +title: "generateNonce" +category: Other +--- + +# generateNonce + +> **generateNonce**(): `string` + +Generates a random nonce string. + +## Returns + +`string` diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.generatePKCE.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.generatePKCE.md new file mode 100644 index 00000000..bf680041 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.generatePKCE.md @@ -0,0 +1,15 @@ +--- +rootSdk: js-core +title: "generatePKCE" +category: Other +--- + +# generatePKCE + +> **generatePKCE**(): `Promise`\<\{ `codeChallenge`: `string`; `codeVerifier`: `string`; \}\> + +Generates a PKCE (Proof Key for Code Exchange) code verifier and code challenge. + +## Returns + +`Promise`\<\{ `codeChallenge`: `string`; `codeVerifier`: `string`; \}\> diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.generateState.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.generateState.md new file mode 100644 index 00000000..07e97418 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.generateState.md @@ -0,0 +1,15 @@ +--- +rootSdk: js-core +title: "generateState" +category: Other +--- + +# generateState + +> **generateState**(): `string` + +Generates a random state string. + +## Returns + +`string` diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.isUserInGroup.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.isUserInGroup.md new file mode 100644 index 00000000..d6f74b8e --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.isUserInGroup.md @@ -0,0 +1,26 @@ +--- +rootSdk: js-core +title: "isUserInGroup" +category: Other +--- + +# isUserInGroup + +> **isUserInGroup**(`user`: [`MonoCloudUser`](/sdks/js-core/api-reference/types/monoclouduser) \| [`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims), `groups`: `string`[], `groupsClaim`: `string`, `matchAll`: `boolean`): `boolean` + +Checks if a user is a member of a specified group or groups. + +## Parameters + +| Parameter | Type | Description | +| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | +| `user` | [`MonoCloudUser`](/sdks/js-core/api-reference/types/monoclouduser) \| [`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims) | The user. | +| `groups` | `string`[] | An array of group names or IDs to check membership against. | +| `groupsClaim` | `string` | The claim in the user object that contains groups. | +| `matchAll` | `boolean` | If `true`, requires the user to be in all specified groups; if `false`, checks if the user is in at least one of the groups. | + +## Returns + +`boolean` + +`true` if the user is in the specified groups, `false` otherwise. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.md new file mode 100644 index 00000000..9534d9d0 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.md @@ -0,0 +1,21 @@ +--- +rootSdk: js-core +title: "utils" +category: Other +--- + +# utils + +## Functions + +- [decrypt](/sdks/js-core/api-reference/undefined/decrypt) +- [decryptAuthState](/sdks/js-core/api-reference/undefined/decryptauthstate) +- [decryptSession](/sdks/js-core/api-reference/undefined/decryptsession) +- [encrypt](/sdks/js-core/api-reference/undefined/encrypt) +- [encryptAuthState](/sdks/js-core/api-reference/undefined/encryptauthstate) +- [encryptSession](/sdks/js-core/api-reference/undefined/encryptsession) +- [generateNonce](/sdks/js-core/api-reference/undefined/generatenonce) +- [generatePKCE](/sdks/js-core/api-reference/undefined/generatepkce) +- [generateState](/sdks/js-core/api-reference/undefined/generatestate) +- [isUserInGroup](/sdks/js-core/api-reference/undefined/isuseringroup) +- [parseCallbackParams](/sdks/js-core/api-reference/undefined/parsecallbackparams) diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils.parseCallbackParams.md b/docs/markdown/Other/_monocloud_auth-js-core.utils.parseCallbackParams.md new file mode 100644 index 00000000..4e23c7df --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils.parseCallbackParams.md @@ -0,0 +1,21 @@ +--- +rootSdk: js-core +title: "parseCallbackParams" +category: Other +--- + +# parseCallbackParams + +> **parseCallbackParams**(`queryOrUrl`: `string` \| `URL` \| `URLSearchParams`): [`CallbackParams`](/sdks/js-core/api-reference/types/callbackparams) + +Parses callback parameters from a URL, a URLSearchParams object, or a query string. + +## Parameters + +| Parameter | Type | +| ------------ | -------------------------------------- | +| `queryOrUrl` | `string` \| `URL` \| `URLSearchParams` | + +## Returns + +[`CallbackParams`](/sdks/js-core/api-reference/types/callbackparams) diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.findToken.md b/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.findToken.md new file mode 100644 index 00000000..2ba969ab --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.findToken.md @@ -0,0 +1,25 @@ +--- +rootSdk: js-core +title: "findToken" +category: Other +--- + +# findToken + +> **findToken**(`tokens?`: [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken)[], `resource?`: `string`, `scopes?`: `string`): [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken) \| `undefined` + +Finds a specific access token in an array based on resource and scopes. + +## Parameters + +| Parameter | Type | Description | +| ----------- | ------------------------------------------------------------------------ | ------------------------------------ | +| `tokens?` | [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken)[] | The array of access tokens. | +| `resource?` | `string` | Space-separated resource indicators. | +| `scopes?` | `string` | Space-separated scopes. | + +## Returns + +[`AccessToken`](/sdks/js-core/api-reference/types/accesstoken) \| `undefined` + +The matching AccessToken, or `undefined` if not found. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.md b/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.md new file mode 100644 index 00000000..4688552f --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.getPublicSigKeyFromIssuerJwks.md @@ -0,0 +1,28 @@ +--- +rootSdk: js-core +title: "getPublicSigKeyFromIssuerJwks" +category: Other +--- + +# getPublicSigKeyFromIssuerJwks + +> **getPublicSigKeyFromIssuerJwks**(`jwks`: [`Jwk`](/sdks/js-core/api-reference/types/jwk)[], `header`: [`JwsHeaderParameters`](/sdks/js-core/api-reference/types/jwsheaderparameters)): `Promise`\<`CryptoKey`\> + +Retrieves a public CryptoKey from a JWK set based on the JWS header. + +## Parameters + +| Parameter | Type | Description | +| --------- | -------------------------------------------------------------------------------------- | --------------------------------------------------- | +| `jwks` | [`Jwk`](/sdks/js-core/api-reference/types/jwk)[] | The set of JSON Web Keys. | +| `header` | [`JwsHeaderParameters`](/sdks/js-core/api-reference/types/jwsheaderparameters) | The JWS header containing the algorithm and key ID. | + +## Returns + +`Promise`\<`CryptoKey`\> + +A promise that resolves to the CryptoKey. + +## Throws + +If no applicable key or multiple keys are found or the algorithm is unsupported. diff --git a/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.md b/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.md new file mode 100644 index 00000000..40e0bec9 --- /dev/null +++ b/docs/markdown/Other/_monocloud_auth-js-core.utils_internal.md @@ -0,0 +1,12 @@ +--- +rootSdk: js-core +title: "utils/internal" +category: Other +--- + +# internal + +## Functions + +- [findToken](/sdks/js-core/api-reference/undefined/findtoken) +- [getPublicSigKeyFromIssuerJwks](/sdks/js-core/api-reference/undefined/getpublicsigkeyfromissuerjwks) diff --git a/docs/markdown/Types/_monocloud_auth-core.index.CallbackParams.md b/docs/markdown/Types/_monocloud_auth-core.index.CallbackParams.md index 2150223e..b7bec971 100644 --- a/docs/markdown/Types/_monocloud_auth-core.index.CallbackParams.md +++ b/docs/markdown/Types/_monocloud_auth-core.index.CallbackParams.md @@ -19,5 +19,6 @@ Parameters returned to the application after the authorization server redirects | `expiresIn?` | `number` | Lifetime of the access token in seconds. | | `idToken?` | `string` | ID token issued by the authorization server. | | `refreshToken?` | `string` | Refresh token issued during authorization (if enabled). | +| `scope?` | `string` | Access token scopes (Implicit Flow) | | `sessionState?` | `string` | OIDC session state value used for session monitoring and front-channel session management. | | `state?` | `string` | The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.AccessToken.md b/docs/markdown/Types/_monocloud_auth-js-core.index.AccessToken.md new file mode 100644 index 00000000..650c336a --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.AccessToken.md @@ -0,0 +1,23 @@ +--- +rootSdk: js-core +title: "AccessToken" +category: Types +--- + +# Type: AccessToken + +Represents an OAuth 2.0 access token and its associated metadata. + +## Extended by + +- [`MonoCloudTokens`](/sdks/js-core/api-reference/types/monocloudtokens) + +## Properties + +| Property | Type | Description | +| ---------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------- | +| `accessToken` | `string` | The issued access token. | +| `accessTokenExpiration` | `number` | The expiration time of the access token (Unix epoch, in seconds). | +| `requestedScopes?` | `string` | Optional space-separated list of scopes originally requested during token acquisition. | +| `resource?` | `string` | Optional resource (audience) that the access token is scoped for. | +| `scopes` | `string` | Space-separated list of scopes granted to the access token. These represent the effective permissions approved by the authorization server. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.ApplicationState.md b/docs/markdown/Types/_monocloud_auth-js-core.index.ApplicationState.md new file mode 100644 index 00000000..70aa6873 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.ApplicationState.md @@ -0,0 +1,11 @@ +--- +rootSdk: js-core +title: "ApplicationState" +category: Types +--- + +# Type: ApplicationState + +> **ApplicationState** = `Record`\<`string`, `any`\> + +Custom application state passed through authentication flows. diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.AuthState.md b/docs/markdown/Types/_monocloud_auth-js-core.index.AuthState.md new file mode 100644 index 00000000..fe7121ef --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.AuthState.md @@ -0,0 +1,20 @@ +--- +rootSdk: js-core +title: "AuthState" +category: Types +--- + +# Type: AuthState + +Represents the authentication transaction state stored between the authorization request and the callback. + +## Properties + +| Property | Type | Description | +| ----------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------- | +| `codeVerifier?` | `string` | Optional. PKCE code verifier used to validate the authorization code exchange. | +| `maxAge?` | `number` | Optional. Maximum allowed time (in seconds) since the user's last authentication. | +| `nonce` | `string` | A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks. | +| `resource?` | `string` | Optional. Space-separated list of resource indicators requested for the access token. | +| `scopes` | `string` | Space-separated list of scopes requested during authorization. | +| `state` | `string` | A unique value used to correlate the authorization request with the callback and protect against CSRF attacks. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.AuthenticateOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.AuthenticateOptions.md new file mode 100644 index 00000000..18b88477 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.AuthenticateOptions.md @@ -0,0 +1,24 @@ +--- +rootSdk: js-core +title: "AuthenticateOptions" +category: Types +--- + +# Type: AuthenticateOptions + +Options used when authenticating a user via the Authorization Code flow. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `codeVerifier?` | `string` | PKCE code verifier associated with the authorization request. | +| `fetchUserInfo?` | `boolean` | When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object. | +| `filteredIdTokenClaims?` | `string`[] | List of ID token claims to remove before storing the session. | +| `idTokenClockSkew?` | `number` | Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server. | +| `idTokenClockTolerance?` | `number` | Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as `exp`, `iat`, and `nbf`. | +| `idTokenMaxAge?` | `number` | Maximum allowed authentication age (in seconds) for the ID token. | +| `idTokenNonce?` | `string` | Nonce value expected in the ID token. Used to prevent replay attacks. | +| `jwks?` | [`Jwks`](/sdks/js-core/api-reference/types/jwks) | JSON Web Key Set used to validate the ID token signature. If not provided, the JWKS is automatically fetched from the authorization server metadata. | +| `onSessionCreating?` | [`OnSessionCreating`](/sdks/nodejs/api-reference/handler-types/onsessioncreating) | Callback invoked before a session is created or updated. Allows customization or enrichment of the session. | +| `validateIdToken?` | `boolean` | Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.AuthorizationParams.md b/docs/markdown/Types/_monocloud_auth-js-core.index.AuthorizationParams.md new file mode 100644 index 00000000..7763cf41 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.AuthorizationParams.md @@ -0,0 +1,32 @@ +--- +rootSdk: js-core +title: "AuthorizationParams" +category: Types +--- + +# Type: AuthorizationParams + +Parameters used to construct an OAuth 2.0 / OpenID Connect authorization request. + +## Properties + +| Property | Type | Description | +| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `acrValues?` | `string`[] | Authentication Context Class Reference (ACR) values requesting specific authentication assurance levels or methods. | +| `authenticatorHint?` | [`Authenticators`](/sdks/js-core/api-reference/enums/authenticators) | Hint to the authorization server indicating which authenticator or connection should be used. | +| `codeChallenge?` | `string` | PKCE code challenge derived from the code verifier. Used to secure authorization code exchanges. | +| `codeChallengeMethod?` | [`CodeChallengeMethod`](/sdks/js-core/api-reference/enums/codechallengemethod) | Method used to generate the PKCE code challenge. | +| `display?` | [`DisplayOptions`](/sdks/js-core/api-reference/enums/displayoptions) | Preferred display mode for the authentication UI. | +| `loginHint?` | `string` | Hint identifying the user (for example, email or username). Used to prefill or optimize the sign-in experience. | +| `maxAge?` | `number` | Maximum acceptable time (in seconds) since the user last authenticated. If exceeded, the user may be required to sign in again. | +| `nonce?` | `string` | A cryptographically random value included in the ID token to prevent replay attacks. | +| `prompt?` | [`Prompt`](/sdks/js-core/api-reference/enums/prompt) | Controls authentication interaction behavior. For example, forcing login or consent. | +| `redirectUri?` | `string` | The redirect URI where the authorization server sends the user after authentication completes. | +| `request?` | `string` | A signed JWT containing authorization request parameters. | +| `requestUri?` | `string` | URI referencing a previously created authorization request (typically via Pushed Authorization Requests — PAR). When set, other authorization parameters may be ignored. | +| `resource?` | `string` | Space-separated list of resource indicators that scope the issued access token. | +| `responseMode?` | [`ResponseModes`](/sdks/js-core/api-reference/enums/responsemodes) | Specifies how the authorization response is returned to the client. | +| `responseType?` | [`ResponseTypes`](/sdks/js-core/api-reference/enums/responsetypes) | Determines which artifacts are returned from the authorization endpoint. | +| `scopes?` | `string` | Space-separated list of scopes requested during authentication. | +| `state?` | `string` | A cryptographically random value used to maintain request state and protect against CSRF attacks. | +| `uiLocales?` | `string` | Preferred UI language. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.CallbackParams.md b/docs/markdown/Types/_monocloud_auth-js-core.index.CallbackParams.md new file mode 100644 index 00000000..fcef5261 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.CallbackParams.md @@ -0,0 +1,24 @@ +--- +rootSdk: js-core +title: "CallbackParams" +category: Types +--- + +# Type: CallbackParams + +Parameters returned to the application after the authorization server redirects the user back to the callback URL. + +## Properties + +| Property | Type | Description | +| ------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------- | +| `accessToken?` | `string` | Access token returned directly by implicit or hybrid flows. | +| `code?` | `string` | Authorization code returned when using the Authorization Code Flow. | +| `error?` | `string` | Error code returned when authorization fails. | +| `errorDescription?` | `string` | Human-readable description providing additional information about the authorization error. | +| `expiresIn?` | `number` | Lifetime of the access token in seconds. | +| `idToken?` | `string` | ID token issued by the authorization server. | +| `refreshToken?` | `string` | Refresh token issued during authorization (if enabled). | +| `scope?` | `string` | Access token scopes (Implicit Flow) | +| `sessionState?` | `string` | OIDC session state value used for session monitoring and front-channel session management. | +| `state?` | `string` | The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.CallbackState.md b/docs/markdown/Types/_monocloud_auth-js-core.index.CallbackState.md new file mode 100644 index 00000000..764765b7 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.CallbackState.md @@ -0,0 +1,29 @@ +--- +rootSdk: js-core +title: "CallbackState" +category: Types +--- + +# Type: CallbackState + +Internal state persisted between authorization start and callback processing. + +## Extends + +- `Partial`\<[`AuthState`](/sdks/js-core/api-reference/types/authstate)\> + +## Properties + +| Property | Type | Description | +| ----------------------------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | +| `appState?` | [`ApplicationState`](/sdks/js-core/api-reference/types/applicationstate) | - | +| `codeVerifier?` | `string` | Optional. PKCE code verifier used to validate the authorization code exchange. | +| `maxAge?` | `number` | Optional. Maximum allowed time (in seconds) since the user's last authentication. | +| `mode` | `"popup"` \| `"redirect"` \| `"silent"` | - | +| `nonce?` | `string` | A cryptographic value used to associate the ID token with the original authentication request and prevent replay attacks. | +| `resource?` | `string` | Optional. Space-separated list of resource indicators requested for the access token. | +| `responseType?` | [`ResponseTypes`](/sdks/js-core/api-reference/enums/responsetypes) | - | +| `returnUrl?` | `string` | - | +| `scopes?` | `string` | Space-separated list of scopes requested during authorization. | +| `signOut?` | `boolean` | - | +| `state?` | `string` | A unique value used to correlate the authorization request with the callback and protect against CSRF attacks. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.EndSessionParameters.md b/docs/markdown/Types/_monocloud_auth-js-core.index.EndSessionParameters.md new file mode 100644 index 00000000..4cec3da0 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.EndSessionParameters.md @@ -0,0 +1,17 @@ +--- +rootSdk: js-core +title: "EndSessionParameters" +category: Types +--- + +# Type: EndSessionParameters + +Parameters used to construct an OpenID Connect end-session (sign-out) request. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `idToken?` | `string` | ID token hint identifying the session to terminate. When provided, the authorization server can use this value to determine which user session should be signed out. | +| `postLogoutRedirectUri?` | `string` | The URL the authorization server should redirect the user to after a successful sign-out. | +| `state?` | `string` | Optional state value returned to the application after sign-out. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.GetTokensOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.GetTokensOptions.md new file mode 100644 index 00000000..43e6d9e1 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.GetTokensOptions.md @@ -0,0 +1,22 @@ +--- +rootSdk: js-core +title: "GetTokensOptions" +category: Types +--- + +# Type: GetTokensOptions + +Options for `getTokens()`. + +## Extends + +- [`RefreshGrantOptions`](/sdks/js-core/api-reference/types/refreshgrantoptions) + +## Properties + +| Property | Type | Description | +| ----------------------------------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `forceRefresh?` | `boolean` | Specifies whether to force the refresh of the access token. | +| `refetchUserInfo?` | `boolean` | Determines whether to refetch the user information. | +| `resource?` | `string` | Space-separated list of resource indicators that the new access token should be issued for. The requested resources must have been previously granted during the original authorization flow. | +| `scopes?` | `string` | Space-separated list of scopes to request for the refreshed access token. The requested scopes must have been granted during the original authorization flow. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.Group.md b/docs/markdown/Types/_monocloud_auth-js-core.index.Group.md new file mode 100644 index 00000000..a86ea4d8 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.Group.md @@ -0,0 +1,26 @@ +--- +rootSdk: js-core +title: "Group" +category: Types +--- + +# Type: Group + +> **Group** = \{ `id`: `string`; `name`: `string`; \} \| `string` + +Represents a user group included in the authenticated session. + +## Type Declaration + +\{ `id`: `string`; `name`: `string`; \} + +| Name | Type | +| ------ | -------- | +| `id` | `string` | +| `name` | `string` | + +Structured group representation. + +`string` + +Group identifier or group name. diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.IStorage.md b/docs/markdown/Types/_monocloud_auth-js-core.index.IStorage.md new file mode 100644 index 00000000..20d120e4 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.IStorage.md @@ -0,0 +1,66 @@ +--- +rootSdk: js-core +title: "IStorage" +category: Types +--- + +# Type: IStorage + +Defines a storage adapter used to persist session data. + +## Methods + +### getItem() + +> **getItem**(`key`: `string`): `Promise`\<`string` \| `null`\> + +Retrieves the value associated with the given key. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ------------------------------------------ | +| `key` | `string` | The unique identifier for the stored item. | + +#### Returns + +`Promise`\<`string` \| `null`\> + +The stored value as a string, or `null` if the key does not exist. + +--- + +### removeItem() + +> **removeItem**(`key`: `string`): `Promise`\<`void`\> + +Removes the item associated with the specified key from storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | -------------------------------------------- | +| `key` | `string` | The unique identifier of the item to remove. | + +#### Returns + +`Promise`\<`void`\> + +--- + +### setItem() + +> **setItem**(`key`: `string`, `value`: `string`): `Promise`\<`void`\> + +Stores a key-value pair in the storage. + +#### Parameters + +| Parameter | Type | Description | +| --------- | -------- | ----------------------------------- | +| `key` | `string` | The unique identifier for the item. | +| `value` | `string` | The string value to store. | + +#### Returns + +`Promise`\<`void`\> diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.IdTokenClaims.md b/docs/markdown/Types/_monocloud_auth-js-core.index.IdTokenClaims.md new file mode 100644 index 00000000..f5ed5e17 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.IdTokenClaims.md @@ -0,0 +1,57 @@ +--- +rootSdk: js-core +title: "IdTokenClaims" +category: Types +--- + +# Type: IdTokenClaims + +Standard OpenID Connect ID Token claims. + +## Extends + +- [`UserinfoResponse`](/sdks/js-core/api-reference/types/userinforesponse) + +## Indexable + +\[`key`: `string`\]: `unknown` + +Additional custom or provider-specific claims. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| `acr?` | `string` | Authentication Context Class Reference. Indicates the assurance level of the authentication performed. | +| `address?` | [`Address`](/sdks/nodejs/api-reference/types/address) | Postal address. | +| `amr?` | `string`[] | Authentication Methods References. Lists the authentication methods used (for example: `pwd`, `mfa`, `otp`). | +| `at_hash?` | `string` | Access token hash. Used to validate access tokens returned alongside the ID token. | +| `aud` | `string` \| `string`[] | Intended audience(s) of the ID token. | +| `auth_time?` | `number` | Time when the end-user authentication occurred (Unix epoch seconds). | +| `azp?` | `string` | Authorized party - identifies the client to which the ID token was issued. | +| `birthdate?` | `string` | Birthday. | +| `c_hash?` | `string` | Authorization code hash. Used to validate authorization codes returned with hybrid flows. | +| `email?` | `string` | Email address. | +| `email_verified?` | `boolean` | Whether the email address has been verified by the provider. | +| `exp` | `number` | Expiration time of the ID token (Unix epoch seconds). | +| `family_name?` | `string` | Surname(s) / last name. | +| `gender?` | `string` | Gender. | +| `given_name?` | `string` | Given name(s) / first name. | +| `groups?` | [`Group`](/sdks/js-core/api-reference/types/group)[] | Group memberships for the user. | +| `iat` | `number` | Time at which the ID token was issued (Unix epoch seconds). | +| `iss` | `string` | Issuer identifier - the authorization server that issued the token. | +| `locale?` | `string` | Locale. | +| `middle_name?` | `string` | Middle name(s). | +| `name?` | `string` | Full name of the user (e.g. "Jane Doe"). | +| `nickname?` | `string` | Casual name used by the user. | +| `nonce?` | `string` | Nonce value used to associate the authentication request with the issued ID token and prevent replay attacks. | +| `phone_number?` | `string` | Phone number (formatted in E.164 standard). | +| `phone_number_verified?` | `boolean` | Whether the phone number has been verified by the provider. | +| `picture?` | `string` | URL of the user's profile picture. | +| `preferred_username?` | `string` | Preferred username. | +| `profile?` | `string` | URL of the user's profile page. | +| `s_hash?` | `string` | State hash (used in some hybrid flow validations). | +| `sub` | `string` | Subject identifier — uniquely identifies the authenticated user. | +| `updated_at?` | `number` | Time the user's information was last updated (seconds since epoch). | +| `website?` | `string` | URL of the user's website. | +| `zoneinfo?` | `string` | Time zone name. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.Indicator.md b/docs/markdown/Types/_monocloud_auth-js-core.index.Indicator.md new file mode 100644 index 00000000..5a095300 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.Indicator.md @@ -0,0 +1,16 @@ +--- +rootSdk: js-core +title: "Indicator" +category: Types +--- + +# Type: Indicator + +Represents an additional resource indicator that can be requested when acquiring tokens. + +## Properties + +| Property | Type | Description | +| -------------------------------- | -------- | --------------------------------------------------------------- | +| `resource` | `string` | Space-separated list of resources to scope the access token to. | +| `scopes?` | `string` | Optional space-separated list of scopes to request. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.IssuerMetadata.md b/docs/markdown/Types/_monocloud_auth-js-core.index.IssuerMetadata.md new file mode 100644 index 00000000..278615c1 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.IssuerMetadata.md @@ -0,0 +1,42 @@ +--- +rootSdk: js-core +title: "IssuerMetadata" +category: Types +--- + +# Type: IssuerMetadata + +OpenID Connect Discovery metadata published by the authorization server. + +## Properties + +| Property | Type | Description | +| ------------------------------------------------------------------------------------------------------ | ---------- | ------------------------------------------------------------------------ | +| `authorization_endpoint` | `string` | Authorization endpoint used to initiate authentication requests. | +| `backchannel_logout_session_supported` | `boolean` | Indicates back-channel logout session support. | +| `backchannel_logout_supported` | `boolean` | Indicates support for back-channel logout. | +| `check_session_iframe` | `string` | Session management iframe endpoint. | +| `claims_supported` | `string`[] | Claims that may be returned in tokens or UserInfo responses. | +| `code_challenge_methods_supported` | `string`[] | Supported PKCE code challenge methods. | +| `device_authorization_endpoint` | `string` | Device Authorization Grant endpoint. | +| `end_session_endpoint` | `string` | End-session endpoint used to initiate logout. | +| `frontchannel_logout_session_supported` | `boolean` | Indicates front-channel logout session support. | +| `frontchannel_logout_supported` | `boolean` | Indicates support for front-channel logout. | +| `grant_types_supported` | `string`[] | Supported OAuth grant types. | +| `id_token_signing_alg_values_supported` | `string`[] | Supported signing algorithms for ID tokens. | +| `introspection_endpoint` | `string` | Token introspection endpoint. | +| `issuer` | `string` | The issuer identifier for the authorization server. | +| `jwks_uri` | `string` | JSON Web Key Set (JWKS) endpoint used to obtain signing keys. | +| `pushed_authorization_request_endpoint?` | `string` | Pushed Authorization Request (PAR) endpoint. | +| `request_object_signing_alg_values_supported` | `string`[] | Supported signing algorithms for request objects. | +| `request_parameter_supported` | `boolean` | Indicates support for request objects passed by value. | +| `request_uri_parameter_supported` | `boolean` | Indicates support for request objects passed by reference (request_uri). | +| `require_pushed_authorization_requests` | `boolean` | Indicates whether PAR is required for authorization requests. | +| `response_modes_supported` | `string`[] | Supported response modes. | +| `response_types_supported` | `string`[] | Supported OAuth/OIDC response types. | +| `revocation_endpoint` | `string` | Token revocation endpoint. | +| `scopes_supported` | `string`[] | OAuth scopes supported by the authorization server. | +| `subject_types_supported` | `string`[] | Supported subject identifier types. | +| `token_endpoint` | `string` | Token endpoint used to exchange authorization codes for tokens. | +| `token_endpoint_auth_methods_supported` | `string`[] | Supported authentication methods for the token endpoint. | +| `userinfo_endpoint` | `string` | UserInfo endpoint used to retrieve user profile claims. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.Jwk.md b/docs/markdown/Types/_monocloud_auth-js-core.index.Jwk.md new file mode 100644 index 00000000..dd99fd8c --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.Jwk.md @@ -0,0 +1,41 @@ +--- +rootSdk: js-core +title: "Jwk" +category: Types +--- + +# Type: Jwk + +Represents a JSON Web Key (JWK) as defined by RFC 7517. + +A JWK describes a cryptographic key used to verify or encrypt JSON Web Tokens (JWTs) as obtained from the JWKS (JSON Web Key Set) endpoint exposed by the authorization server. + +The available properties depend on the key type (`kty`). + +## Properties + +| Property | Type | Description | +| -------------------------------- | ------------------------------------------------------- | ------------------------------------------------------------------ | +| `alg?` | `string` | Intended algorithm for the key (for example: `RS256`). | +| `crv?` | `string` | Elliptic curve name (for example: `P-256`). | +| `d?` | `string` | RSA private exponent. | +| `dp?` | `string` | RSA first factor CRT exponent. | +| `dq?` | `string` | RSA second factor CRT exponent. | +| `e?` | `string` | RSA public exponent. | +| `ext?` | `boolean` | Indicates whether the key is extractable. | +| `k?` | `string` | Symmetric key value (base64url encoded). | +| `key_ops?` | `string`[] | Allowed operations for the key (e.g. `sign`, `verify`, `encrypt`). | +| `kid?` | `string` | Key identifier used to match keys during verification. | +| `kty` | `string` | Key type (for example: `RSA`, or `EC`). | +| `n?` | `string` | RSA modulus. | +| `oth?` | \{ `d?`: `string`; `r?`: `string`; `t?`: `string`; \}[] | Additional prime information (multi-prime RSA). | +| `p?` | `string` | RSA first prime factor. | +| `q?` | `string` | RSA second prime factor. | +| `qi?` | `string` | RSA CRT coefficient. | +| `use?` | `string` | Public key use (`sig` for signature or `enc` for encryption). | +| `x?` | `string` | X coordinate for EC public keys. | +| `x5c?` | `string`[] | X.509 certificate chain. | +| `x5t?` | `string` | X.509 certificate SHA-1 thumbprint. | +| `x5t#S256?` | `string` | X.509 certificate SHA-256 thumbprint. | +| `x5u?` | `string` | URL referencing the X.509 certificate. | +| `y?` | `string` | Y coordinate for EC public keys. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.Jwks.md b/docs/markdown/Types/_monocloud_auth-js-core.index.Jwks.md new file mode 100644 index 00000000..ebfecb84 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.Jwks.md @@ -0,0 +1,17 @@ +--- +rootSdk: js-core +title: "Jwks" +category: Types +--- + +# Type: Jwks + +Represents a JSON Web Key Set (JWKS). + +A JWKS is a collection of public JSON Web Keys used to verify signatures of JSON Web Tokens (JWTs). + +## Properties + +| Property | Type | Description | +| ------------------------ | ----------------------------------------------- | -------------------------------------------------- | +| `keys` | [`Jwk`](/sdks/js-core/api-reference/types/jwk)[] | The list of public keys contained in this key set. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.JwsHeaderParameters.md b/docs/markdown/Types/_monocloud_auth-js-core.index.JwsHeaderParameters.md new file mode 100644 index 00000000..e2da962f --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.JwsHeaderParameters.md @@ -0,0 +1,19 @@ +--- +rootSdk: js-core +title: "JwsHeaderParameters" +category: Types +--- + +# Type: JwsHeaderParameters + +Parameters contained in a JSON Web Signature (JWS) header. + +## Properties + +| Property | Type | Description | +| ------------------------- | ---------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | +| `alg` | [`SecurityAlgorithms`](/sdks/js-core/api-reference/enums/securityalgorithms) | The cryptographic algorithm used to sign the token. | +| `crit?` | `string`[] | List of header parameters that are marked as critical and must be understood by the token processor. | +| `jwk?` | [`Jwk`](/sdks/js-core/api-reference/types/jwk) | An embedded JSON Web Key (JWK) containing the signing key. | +| `kid?` | `string` | Identifier of the key used to sign the token. | +| `typ?` | `string` | The token type. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudClientOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudClientOptions.md new file mode 100644 index 00000000..3d415b1b --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudClientOptions.md @@ -0,0 +1,19 @@ +--- +rootSdk: js-core +title: "MonoCloudClientOptions" +category: Types +--- + +# Type: MonoCloudClientOptions + +Configuration options used to initialize the MonoCloudClient. + +## Properties + +| Property | Type | Description | +| --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `clientAuthMethod?` | [`ClientAuthMethod`](/sdks/js-core/api-reference/enums/clientauthmethod) | Client authentication method used when communicating with the token endpoint. | +| `clientSecret?` | `string` \| [`Jwk`](/sdks/js-core/api-reference/types/jwk) | Client secret used for client authentication. When `clientAuthMethod` is `client_secret_jwt` and a plain-text secret is provided, the default signing algorithm is `HS256`. To use a different algorithm, provide a symmetric JSON Web Key (JWK) (`kty: "oct"`) with the desired algorithm specified in its `alg` property. | +| `idTokenSigningAlgorithm?` | [`SecurityAlgorithms`](/sdks/js-core/api-reference/enums/securityalgorithms) | Expected signing algorithm for validating ID tokens. | +| `jwksCacheDuration?` | `number` | Duration (in seconds) to cache the JSON Web Key Set (JWKS) retrieved from the authorization server. | +| `metadataCacheDuration?` | `number` | Duration (in seconds) to cache OpenID Connect discovery metadata. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.md new file mode 100644 index 00000000..a29ac117 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudJSCoreClientOptions.md @@ -0,0 +1,37 @@ +--- +rootSdk: js-core +title: "MonoCloudJSCoreClientOptions" +category: Types +--- + +# Type: MonoCloudJSCoreClientOptions + +Configuration options for initializing `MonoCloudJSCoreClient`. + +## Properties + +| Property | Type | Description | +| --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `appUrl` | `string` | The base URL of the application implementing authentication. **Example** `"https://example.com"` | +| `authWindowTimeout?` | `number` | Timeout duration (in seconds) for popups and iframes. | +| `callbackPath?` | `string` | Relative callback path where MonoCloud redirects the user after sign-in. This URL must be registered in the application's callback URL settings. If omitted, the callback URL defaults to `appUrl` with path `/`. **Example** `/callback` | +| `clientAuthMethod?` | [`ClientAuthMethod`](/sdks/js-core/api-reference/enums/clientauthmethod) | Method used for client authentication. | +| `clientId` | `string` | Client identifier of the application registered in MonoCloud. | +| `clientSecret?` | `string` \| [`Jwk`](/sdks/js-core/api-reference/types/jwk) | Client secret or JSON Web Key for client authentication. | +| `clockSkew?` | `number` | The maximum allowed clock skew (in seconds) for token validation. | +| `clockTolerance?` | `number` | The maximum allowed clock tolerance for date-time-based claims. | +| `defaultAuthParams?` | [`AuthorizationParams`](/sdks/js-core/api-reference/types/authorizationparams) | Default authorization parameters to include in authentication requests. | +| `federatedSignOut?` | `boolean` | When `true`, signs the user out from both the app and MonoCloud. | +| `fetchUserinfo?` | `boolean` | Determines whether to fetch UserInfo after authentication. | +| `filteredIdTokenClaims?` | `string`[] | List of ID token claims to exclude when constructing the final user object. | +| `idTokenSigningAlgorithm?` | [`SecurityAlgorithms`](/sdks/js-core/api-reference/enums/securityalgorithms) | Algorithm used for verifying ID token signature. | +| `jwksCacheDuration?` | `number` | The duration in seconds to cache the JWKS document after it is fetched. | +| `metadataCacheDuration?` | `number` | Time in seconds to cache the metadata document after it is fetched. | +| `popupWindowHeight?` | `number` | The height of the popup window in pixels. This value is used to size and center the window when `signIn` or `signOut` is called with `mode: 'popup'`. | +| `popupWindowWidth?` | `number` | The width of the popup window in pixels. This value is used to size and center the window when `signIn` or `signOut` is called with `mode: 'popup'`. | +| `resources?` | [`Indicator`](/sdks/js-core/api-reference/types/indicator)[] | Additional resources that can be requested in `getTokens()`. | +| `responseType?` | [`ResponseTypes`](/sdks/js-core/api-reference/enums/responsetypes) | Specifies the OpenID Connect response type for the authentication flow. | +| `sessionKey?` | `string` | A unique identifier that differentiates sessions when multiple clients are used within the same application. This key is appended to the internal session key to prevent conflicts. | +| `signOutCallbackPath?` | `string` \| `null` | Relative path where MonoCloud redirects the user after sign-out. **Example** `/signout` | +| `tenantDomain` | `string` | MonoCloud tenant domain. **Example** `"https://your-domain.as.monocloud.com"` | +| `validateIdToken?` | `boolean` | Whether the ID token should be validated. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudSession.md b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudSession.md new file mode 100644 index 00000000..e148824a --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudSession.md @@ -0,0 +1,27 @@ +--- +rootSdk: js-core +title: "MonoCloudSession" +category: Types +--- + +# Type: MonoCloudSession + +Represents an authenticated session, containing the authenticated user profile along with the tokens and metadata issued during authentication. + +## Indexable + +\[`key`: `string`\]: `unknown` + +Additional custom properties attached to the session. + +These may be added via hooks such as `onSessionCreating`. + +## Properties + +| Property | Type | Description | +| ------------------------------------------------- | ----------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| `accessTokens?` | [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken)[] | Access tokens associated with the session. Multiple tokens may exist when access tokens are issued for different resources or scope sets. | +| `authorizedScopes?` | `string` | Space-separated list of scopes authorized for the session. | +| `idToken?` | `string` | Optional ID token issued during authentication. | +| `refreshToken?` | `string` | Optional refresh token used to obtain new access tokens without requiring the user to re-authenticate. | +| `user` | [`MonoCloudUser`](/sdks/js-core/api-reference/types/monoclouduser) | The authenticated user profile, typically derived from ID token claims and/or the `UserInfo` endpoint. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudTokens.md b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudTokens.md new file mode 100644 index 00000000..145dd268 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudTokens.md @@ -0,0 +1,26 @@ +--- +rootSdk: js-core +title: "MonoCloudTokens" +category: Types +--- + +# Type: MonoCloudTokens + +Tokens available in the current session. + +## Extends + +- [`AccessToken`](/sdks/js-core/api-reference/types/accesstoken) + +## Properties + +| Property | Type | Description | +| ---------------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------- | +| `accessToken` | `string` | The issued access token. | +| `accessTokenExpiration` | `number` | The expiration time of the access token (Unix epoch, in seconds). | +| `idToken?` | `string` | The ID token obtained during authentication. | +| `isExpired` | `boolean` | Specifies if the access token has expired. | +| `refreshToken?` | `string` | The refresh token obtained during authentication. | +| `requestedScopes?` | `string` | Optional space-separated list of scopes originally requested during token acquisition. | +| `resource?` | `string` | Optional resource (audience) that the access token is scoped for. | +| `scopes` | `string` | Space-separated list of scopes granted to the access token. These represent the effective permissions approved by the authorization server. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudUser.md b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudUser.md new file mode 100644 index 00000000..e76fbb20 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.MonoCloudUser.md @@ -0,0 +1,47 @@ +--- +rootSdk: js-core +title: "MonoCloudUser" +category: Types +--- + +# Type: MonoCloudUser + +Represents the authenticated user stored in a MonoCloud session. + +## Extends + +- [`UserinfoResponse`](/sdks/js-core/api-reference/types/userinforesponse) + +## Indexable + +\[`key`: `string`\]: `unknown` + +Additional provider-specific claims. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------------------------------------- | +| `address?` | [`Address`](/sdks/nodejs/api-reference/types/address) | Postal address. | +| `amr?` | `string`[] | Authentication Methods References (AMR). Indicates how the user authenticated. | +| `birthdate?` | `string` | Birthday. | +| `email?` | `string` | Email address. | +| `email_verified?` | `boolean` | Whether the email address has been verified by the provider. | +| `family_name?` | `string` | Surname(s) / last name. | +| `gender?` | `string` | Gender. | +| `given_name?` | `string` | Given name(s) / first name. | +| `groups?` | [`Group`](/sdks/js-core/api-reference/types/group)[] | Group memberships for the user. | +| `idp?` | `string` | Identity Provider (IdP) identifier. Specifies the upstream provider used to authenticate the user. | +| `locale?` | `string` | Locale. | +| `middle_name?` | `string` | Middle name(s). | +| `name?` | `string` | Full name of the user (e.g. "Jane Doe"). | +| `nickname?` | `string` | Casual name used by the user. | +| `phone_number?` | `string` | Phone number (formatted in E.164 standard). | +| `phone_number_verified?` | `boolean` | Whether the phone number has been verified by the provider. | +| `picture?` | `string` | URL of the user's profile picture. | +| `preferred_username?` | `string` | Preferred username. | +| `profile?` | `string` | URL of the user's profile page. | +| `sub` | `string` | Subject identifier - a unique, stable identifier for the user within the issuer. | +| `updated_at?` | `number` | Time the user's information was last updated (seconds since epoch). | +| `website?` | `string` | URL of the user's website. | +| `zoneinfo?` | `string` | Time zone name. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.ParResponse.md b/docs/markdown/Types/_monocloud_auth-js-core.index.ParResponse.md new file mode 100644 index 00000000..8699d18c --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.ParResponse.md @@ -0,0 +1,16 @@ +--- +rootSdk: js-core +title: "ParResponse" +category: Types +--- + +# Type: ParResponse + +Response returned from the Pushed Authorization Request (PAR) endpoint. + +## Properties + +| Property | Type | Description | +| -------------------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `expires_in` | `number` | Lifetime of the `request_uri`, in seconds. After this duration expires, the authorization request becomes invalid. | +| `request_uri` | `string` | The URI reference identifying the pushed authorization request. This value must be supplied as the `request_uri` parameter when redirecting the user to the authorization endpoint. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.PostCallbackParams.md b/docs/markdown/Types/_monocloud_auth-js-core.index.PostCallbackParams.md new file mode 100644 index 00000000..80d9f0f5 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.PostCallbackParams.md @@ -0,0 +1,11 @@ +--- +rootSdk: js-core +title: "PostCallbackParams" +category: Types +--- + +# Type: PostCallbackParams + +> **PostCallbackParams** = \{ `mode`: [`InteractionMode`](/sdks/js-core/api-reference/enums/interactionmode) \| `"silent"`; `returnUrl?`: `string`; `type`: `"signIn"`; \} \| \{ `mode`: [`InteractionMode`](/sdks/js-core/api-reference/enums/interactionmode); `returnUrl?`: `string`; `type`: `"signOut"`; \} + +Metadata passed to `PostCallback` after callback processing. diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.PushedAuthorizationParams.md b/docs/markdown/Types/_monocloud_auth-js-core.index.PushedAuthorizationParams.md new file mode 100644 index 00000000..d5170020 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.PushedAuthorizationParams.md @@ -0,0 +1,39 @@ +--- +rootSdk: js-core +title: "PushedAuthorizationParams" +category: Types +--- + +# Type: PushedAuthorizationParams + +Parameters used when creating a Pushed Authorization Request (PAR). + +This type mirrors [AuthorizationParams](/sdks/js-core/api-reference/types/authorizationparams) but excludes `requestUri`, +since the `request_uri` value is generated by the authorization server +after a successful PAR request and must not be supplied by the client. + +## Extends + +- `Omit`\<[`AuthorizationParams`](/sdks/js-core/api-reference/types/authorizationparams), `"requestUri"`\> + +## Properties + +| Property | Type | Description | +| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | +| `acrValues?` | `string`[] | Authentication Context Class Reference (ACR) values requesting specific authentication assurance levels or methods. | +| `authenticatorHint?` | [`Authenticators`](/sdks/js-core/api-reference/enums/authenticators) | Hint to the authorization server indicating which authenticator or connection should be used. | +| `codeChallenge?` | `string` | PKCE code challenge derived from the code verifier. Used to secure authorization code exchanges. | +| `codeChallengeMethod?` | [`CodeChallengeMethod`](/sdks/js-core/api-reference/enums/codechallengemethod) | Method used to generate the PKCE code challenge. | +| `display?` | [`DisplayOptions`](/sdks/js-core/api-reference/enums/displayoptions) | Preferred display mode for the authentication UI. | +| `loginHint?` | `string` | Hint identifying the user (for example, email or username). Used to prefill or optimize the sign-in experience. | +| `maxAge?` | `number` | Maximum acceptable time (in seconds) since the user last authenticated. If exceeded, the user may be required to sign in again. | +| `nonce?` | `string` | A cryptographically random value included in the ID token to prevent replay attacks. | +| `prompt?` | [`Prompt`](/sdks/js-core/api-reference/enums/prompt) | Controls authentication interaction behavior. For example, forcing login or consent. | +| `redirectUri?` | `string` | The redirect URI where the authorization server sends the user after authentication completes. | +| `request?` | `string` | A signed JWT containing authorization request parameters. | +| `resource?` | `string` | Space-separated list of resource indicators that scope the issued access token. | +| `responseMode?` | [`ResponseModes`](/sdks/js-core/api-reference/enums/responsemodes) | Specifies how the authorization response is returned to the client. | +| `responseType?` | [`ResponseTypes`](/sdks/js-core/api-reference/enums/responsetypes) | Determines which artifacts are returned from the authorization endpoint. | +| `scopes?` | `string` | Space-separated list of scopes requested during authentication. | +| `state?` | `string` | A cryptographically random value used to maintain request state and protect against CSRF attacks. | +| `uiLocales?` | `string` | Preferred UI language. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.RefetchUserInfoOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.RefetchUserInfoOptions.md new file mode 100644 index 00000000..47bc4aad --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.RefetchUserInfoOptions.md @@ -0,0 +1,15 @@ +--- +rootSdk: js-core +title: "RefetchUserInfoOptions" +category: Types +--- + +# Type: RefetchUserInfoOptions + +Options used when refetching user profile data from the UserInfo endpoint. + +## Properties + +| Property | Type | Description | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | +| `onSessionCreating?` | [`OnSessionCreating`](/sdks/nodejs/api-reference/handler-types/onsessioncreating) | Callback invoked before a session is created or updated. Allows customization or enrichment of the session. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshGrantOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshGrantOptions.md new file mode 100644 index 00000000..85b6465c --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshGrantOptions.md @@ -0,0 +1,22 @@ +--- +rootSdk: js-core +title: "RefreshGrantOptions" +category: Types +--- + +# Type: RefreshGrantOptions + +Options used when exchanging a refresh token for a new access token. + +These parameters allow requesting an access token scoped to specific resources or scopes that were previously authorized by the user. + +## Extended by + +- [`GetTokensOptions`](/sdks/js-core/api-reference/types/gettokensoptions) + +## Properties + +| Property | Type | Description | +| --------------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `resource?` | `string` | Space-separated list of resource indicators that the new access token should be issued for. The requested resources must have been previously granted during the original authorization flow. | +| `scopes?` | `string` | Space-separated list of scopes to request for the refreshed access token. The requested scopes must have been granted during the original authorization flow. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshOptions.md new file mode 100644 index 00000000..a147eb63 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshOptions.md @@ -0,0 +1,17 @@ +--- +rootSdk: js-core +title: "RefreshOptions" +category: Types +--- + +# Type: RefreshOptions + +Options for `refreshSession()`. + +## Properties + +| Property | Type | Description | +| ------------------------------------------------------- | -------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `appState?` | [`ApplicationState`](/sdks/js-core/api-reference/types/applicationstate) | Additional custom application-specific state information. | +| `mode?` | [`RefreshMode`](/sdks/js-core/api-reference/enums/refreshmode) | Determines the interaction mode for the session refresh process. Using `popup` or `silent` starts a new authorization request and replaces the current session. | +| `refreshGrantOptions?` | [`RefreshGrantOptions`](/sdks/js-core/api-reference/types/refreshgrantoptions) | Configuration specific to the Refresh Token Grant flow. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshSessionOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshSessionOptions.md new file mode 100644 index 00000000..a884596b --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.RefreshSessionOptions.md @@ -0,0 +1,22 @@ +--- +rootSdk: js-core +title: "RefreshSessionOptions" +category: Types +--- + +# Type: RefreshSessionOptions + +Options used when refreshing an existing MonoCloud session. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `fetchUserInfo?` | `boolean` | When enabled, user profile data is fetched from the UserInfo endpoint and merged into the session user object. | +| `filteredIdTokenClaims?` | `string`[] | List of ID token claims to remove before storing the session. | +| `idTokenClockSkew?` | `number` | Clock skew adjustment (in seconds) applied when validating ID token timestamps against the authorization server. | +| `idTokenClockTolerance?` | `number` | Additional allowed clock tolerance (in seconds) when validating time-based ID token claims such as `exp`, `iat`, and `nbf`. | +| `jwks?` | [`Jwks`](/sdks/js-core/api-reference/types/jwks) | JSON Web Key Set used to validate the ID token signature. If not provided, the JWKS is automatically fetched from the authorization server metadata. | +| `onSessionCreating?` | [`OnSessionCreating`](/sdks/nodejs/api-reference/handler-types/onsessioncreating) | Callback invoked before a session is created or updated. Allows customization or enrichment of the session. | +| `refreshGrantOptions?` | [`RefreshGrantOptions`](/sdks/js-core/api-reference/types/refreshgrantoptions) | Options applied to the refresh token grant request, such as requesting tokens for specific resources or scopes. | +| `validateIdToken?` | `boolean` | Determines whether the ID token signature and claims should be validated. Disabling validation is not recommended except for advanced or controlled environments. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.SignInOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.SignInOptions.md new file mode 100644 index 00000000..974db79a --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.SignInOptions.md @@ -0,0 +1,27 @@ +--- +rootSdk: js-core +title: "SignInOptions" +category: Types +--- + +# Type: SignInOptions + +Options for `signIn()`. + +## Properties + +| Property | Type | Description | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | +| `acrValues?` | `string`[] | An array of authentication context class references (ACRs). | +| `appState?` | [`ApplicationState`](/sdks/js-core/api-reference/types/applicationstate) | Additional custom application-specific state information. | +| `authenticatorHint?` | [`Authenticators`](/sdks/js-core/api-reference/enums/authenticators) | Specifies the preferred authenticator for sign-in. | +| `display?` | [`DisplayOptions`](/sdks/js-core/api-reference/enums/displayoptions) | The desired user interface mode. | +| `loginHint?` | `string` | Provides a hint about the user's login identifier. Used to pre-fill or suggest a username. **Example** `"user@example.com"` | +| `maxAge?` | `number` | Maximum allowed time (in seconds) since the user's last authentication. Used to force re-authentication if the last login exceeds this time. | +| `mode?` | [`InteractionMode`](/sdks/js-core/api-reference/enums/interactionmode) | Determines the interaction mode for sign-in. | +| `prompt?` | [`Prompt`](/sdks/js-core/api-reference/enums/prompt) | The desired authentication behavior. | +| `resource?` | `string` | Space-separated resources the access token should be scoped to. | +| `returnUrl?` | `string` | Relative path to return to after sign-in. | +| `scopes?` | `string` | Space-separated scopes requested from the authorization server. | +| `signUp?` | `boolean` | When `true`, starts the sign-up flow. | +| `uiLocales?` | `string` | Specifies preferred locales for the sign-in page. **Example** `"en-US"` | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.SignOutOptions.md b/docs/markdown/Types/_monocloud_auth-js-core.index.SignOutOptions.md new file mode 100644 index 00000000..cf188686 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.SignOutOptions.md @@ -0,0 +1,17 @@ +--- +rootSdk: js-core +title: "SignOutOptions" +category: Types +--- + +# Type: SignOutOptions + +Options for `signOut()`. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | +| `mode?` | [`InteractionMode`](/sdks/js-core/api-reference/enums/interactionmode) | Determines the interaction mode for the sign-out process. | +| `postLogoutRedirectUri?` | `string` | URI to redirect to after successful sign-out. This URI must be configured in the application's allowed sign-out callback URLs. | +| `returnUrl?` | `string` | Relative path to return to after sign-out. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.Tokens.md b/docs/markdown/Types/_monocloud_auth-js-core.index.Tokens.md new file mode 100644 index 00000000..1c62949c --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.Tokens.md @@ -0,0 +1,20 @@ +--- +rootSdk: js-core +title: "Tokens" +category: Types +--- + +# Type: Tokens + +OAuth 2.0 / OpenID Connect token endpoint response. + +## Properties + +| Property | Type | Description | +| ------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------- | +| `access_token` | `string` | Access token issued by the authorization server. | +| `expires_in?` | `number` | Lifetime of the access token (in seconds) from the time the response was issued. | +| `id_token?` | `string` | Optional ID token containing authentication claims about the user. | +| `refresh_token?` | `string` | Optional refresh token used to obtain new access tokens without requiring user re-authentication. | +| `scope?` | `string` | Space-separated list of scopes granted for the access token. | +| `token_type?` | `string` | Token type issued. | diff --git a/docs/markdown/Types/_monocloud_auth-js-core.index.UserinfoResponse.md b/docs/markdown/Types/_monocloud_auth-js-core.index.UserinfoResponse.md new file mode 100644 index 00000000..d41c0e33 --- /dev/null +++ b/docs/markdown/Types/_monocloud_auth-js-core.index.UserinfoResponse.md @@ -0,0 +1,52 @@ +--- +rootSdk: js-core +title: "UserinfoResponse" +category: Types +--- + +# Type: UserinfoResponse + +Represents the OpenID Connect **UserInfo** response. + +## Extended by + +- [`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims) +- [`MonoCloudUser`](/sdks/js-core/api-reference/types/monoclouduser) + +## Type Parameters + +| Type Parameter | Description | +| ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | +| `TAddress` _extends_ [`Address`](/sdks/nodejs/api-reference/types/address) | The shape of the `address` claim. Defaults to [Address](/sdks/nodejs/api-reference/types/address). | + +## Indexable + +\[`key`: `string`\]: `unknown` + +Additional provider-specific claims. + +## Properties + +| Property | Type | Description | +| ----------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------------------- | +| `address?` | `TAddress` | Postal address. | +| `birthdate?` | `string` | Birthday. | +| `email?` | `string` | Email address. | +| `email_verified?` | `boolean` | Whether the email address has been verified by the provider. | +| `family_name?` | `string` | Surname(s) / last name. | +| `gender?` | `string` | Gender. | +| `given_name?` | `string` | Given name(s) / first name. | +| `groups?` | [`Group`](/sdks/js-core/api-reference/types/group)[] | Group memberships for the user. | +| `locale?` | `string` | Locale. | +| `middle_name?` | `string` | Middle name(s). | +| `name?` | `string` | Full name of the user (e.g. "Jane Doe"). | +| `nickname?` | `string` | Casual name used by the user. | +| `phone_number?` | `string` | Phone number (formatted in E.164 standard). | +| `phone_number_verified?` | `boolean` | Whether the phone number has been verified by the provider. | +| `picture?` | `string` | URL of the user's profile picture. | +| `preferred_username?` | `string` | Preferred username. | +| `profile?` | `string` | URL of the user's profile page. | +| `sub` | `string` | Subject identifier - a unique, stable identifier for the user within the issuer. | +| `updated_at?` | `number` | Time the user's information was last updated (seconds since epoch). | +| `website?` | `string` | URL of the user's website. | +| `zoneinfo?` | `string` | Time zone name. | diff --git a/docs/markdown/Types/_monocloud_auth-node-core.index.CallbackParams.md b/docs/markdown/Types/_monocloud_auth-node-core.index.CallbackParams.md index 28d99fc5..e3e69a06 100644 --- a/docs/markdown/Types/_monocloud_auth-node-core.index.CallbackParams.md +++ b/docs/markdown/Types/_monocloud_auth-node-core.index.CallbackParams.md @@ -19,5 +19,6 @@ Parameters returned to the application after the authorization server redirects | `expiresIn?` | `number` | Lifetime of the access token in seconds. | | `idToken?` | `string` | ID token issued by the authorization server. | | `refreshToken?` | `string` | Refresh token issued during authorization (if enabled). | +| `scope?` | `string` | Access token scopes (Implicit Flow) | | `sessionState?` | `string` | OIDC session state value used for session monitoring and front-channel session management. | | `state?` | `string` | The state value originally sent in the authorization request. Used to validate request integrity and prevent CSRF attacks. | diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Authenticators.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Authenticators.md new file mode 100644 index 00000000..4d2d0d9b --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Authenticators.md @@ -0,0 +1,28 @@ +--- +rootSdk: js-core +title: "Authenticators" +category: Enums +--- + +# Enum: Authenticators + +> **Authenticators** = `"password"` \| `"passkey"` \| `"email"` \| `"phone"` \| `"google"` \| `"apple"` \| `"facebook"` \| `"microsoft"` \| `"github"` \| `"gitlab"` \| `"discord"` \| `"twitter"` \| `"linkedin"` \| `"xero"` + +Supported authentication methods and identity providers. + +## Type Declaration + +- `password` - Username/password authentication. +- `passkey` - Passkey (WebAuthn / FIDO2) authentication. +- `email` - Email-based authentication (magic link or OTP). +- `phone` - Phone-based authentication (SMS OTP). +- `google` - Google identity provider. +- `apple` - Apple identity provider. +- `facebook` - Facebook identity provider. +- `microsoft` - Microsoft identity provider. +- `github` - GitHub identity provider. +- `gitlab` - GitLab identity provider. +- `discord` - Discord identity provider. +- `twitter` - Twitter (X) identity provider. +- `linkedin` - LinkedIn identity provider. +- `xero` - Xero identity provider. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ClientAuthMethod.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ClientAuthMethod.md new file mode 100644 index 00000000..6935f2ca --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ClientAuthMethod.md @@ -0,0 +1,20 @@ +--- +rootSdk: js-core +title: "ClientAuthMethod" +category: Enums +--- + +# Enum: ClientAuthMethod + +> **ClientAuthMethod** = `"client_secret_basic"` \| `"client_secret_post"` \| `"client_secret_jwt"` \| `"private_key_jwt"` + +Supported OAuth 2.0 client authentication methods. + +These methods define how a client authenticates itself when calling the authorization server token endpoint. + +## Type Declaration + +- `client_secret_basic` - Client credentials are sent using HTTP Basic authentication +- `client_secret_post` - Client credentials are included in the request body as form parameters. +- `client_secret_jwt` - Client authenticates using a signed JWT created with the client secret. +- `private_key_jwt` - Client authenticates using a signed JWT created with a private key. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.CodeChallengeMethod.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.CodeChallengeMethod.md new file mode 100644 index 00000000..62d70c22 --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.CodeChallengeMethod.md @@ -0,0 +1,18 @@ +--- +rootSdk: js-core +title: "CodeChallengeMethod" +category: Enums +--- + +# Enum: CodeChallengeMethod + +> **CodeChallengeMethod** = `"plain"` \| `"S256"` + +Supported PKCE (Proof Key for Code Exchange) code challenge methods. + +PKCE protects authorization code flows by binding the authorization request to the token exchange using a cryptographic verifier. + +## Type Declaration + +- `plain` - Uses the code verifier directly as the challenge. Not recommended for production use. +- `S256` - Uses a SHA-256 hash of the code verifier. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.DisplayOptions.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.DisplayOptions.md new file mode 100644 index 00000000..62775429 --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.DisplayOptions.md @@ -0,0 +1,20 @@ +--- +rootSdk: js-core +title: "DisplayOptions" +category: Enums +--- + +# Enum: DisplayOptions + +> **DisplayOptions** = `"page"` \| `"popup"` \| `"touch"` \| `"wap"` + +Supported OpenID Connect `display` parameter values. + +The display parameter hints to the authorization server how the authentication or consent UI should be presented to the user. + +## Type Declaration + +- `page` - Full-page authentication experience in the browser. +- `popup` - Authentication optimized for popup windows. +- `touch` - Authentication optimized for touch-based devices. +- `wap` - Authentication optimized for legacy mobile or constrained browsers. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.InteractionMode.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.InteractionMode.md new file mode 100644 index 00000000..6c738528 --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.InteractionMode.md @@ -0,0 +1,13 @@ +--- +rootSdk: js-core +title: "InteractionMode" +category: Enums +--- + +# Enum: InteractionMode + +> **InteractionMode** = `"popup"` \| `"redirect"` + +Interaction modes supported for sign-in and sign-out flows. + +## Type Declaration diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Prompt.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Prompt.md new file mode 100644 index 00000000..6c856351 --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.Prompt.md @@ -0,0 +1,21 @@ +--- +rootSdk: js-core +title: "Prompt" +category: Enums +--- + +# Enum: Prompt + +> **Prompt** = `"none"` \| `"login"` \| `"consent"` \| `"select_account"` \| `"create"` + +Supported OpenID Connect `prompt` parameter values. + +The `prompt` parameter controls whether the authorization server should force specific user interactions during authentication. + +## Type Declaration + +- `none` - Do not display any authentication or consent UI. +- `login` - Forces the user to re-authenticate even if an active session exists. +- `consent` - Forces the consent screen to be displayed to the user. +- `select_account` - Prompts the user to choose an account when multiple sessions exist. +- `create` - Prompts the user to create a new account (sign-up flow). diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.RefreshMode.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.RefreshMode.md new file mode 100644 index 00000000..c4188c05 --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.RefreshMode.md @@ -0,0 +1,13 @@ +--- +rootSdk: js-core +title: "RefreshMode" +category: Enums +--- + +# Enum: RefreshMode + +> **RefreshMode** = `"popup"` \| `"refresh_token"` \| `"silent"` + +Interaction modes supported by `refreshSession()`. + +## Type Declaration diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseModes.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseModes.md new file mode 100644 index 00000000..7cc6840e --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseModes.md @@ -0,0 +1,19 @@ +--- +rootSdk: js-core +title: "ResponseModes" +category: Enums +--- + +# Enum: ResponseModes + +> **ResponseModes** = `"form_post"` \| `"query"` \| `"fragment"` + +Supported OAuth 2.0 / OpenID Connect `response_mode` values. + +The response mode determines how authorization results are returned from the authorization endpoint to the client application. + +## Type Declaration + +- `form_post` - Returns authorization results using an HTTP POST request with parameters encoded in the request body. +- `query` - Returns authorization results as URL query parameters. +- `fragment` - Returns authorization results in the URL fragment. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseTypes.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseTypes.md new file mode 100644 index 00000000..a3d063fb --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.ResponseTypes.md @@ -0,0 +1,25 @@ +--- +rootSdk: js-core +title: "ResponseTypes" +category: Enums +--- + +# Enum: ResponseTypes + +> **ResponseTypes** = `"code"` \| `"token"` \| `"id_token"` \| `"id_token token"` \| `"code id_token"` \| `"code token"` \| `"code id_token token"` + +Supported OAuth 2.0 / OpenID Connect response types. + +Response types determine which artifacts are returned from the authorization endpoint during authentication. + +> Modern applications should prefer the Authorization Code Flow (`code`) with PKCE. Implicit flow variants are included for compatibility with legacy or specialized scenarios. + +## Type Declaration + +- `code` - Authorization Code Flow (recommended). Returns an authorization code that is exchanged for tokens server-side. +- `token` - Implicit Flow returning an access token directly from the authorization endpoint. +- `id_token` - Implicit Flow returning an ID token. +- `id_token token` - Implicit Flow returning both an ID token and an access token. +- `code id_token` - Hybrid Flow returning an authorization code and an ID token. +- `code token` - Hybrid Flow returning an authorization code and an access token. +- `code id_token token` - Hybrid Flow returning an authorization code, ID token, and access token. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.SecurityAlgorithms.md b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.SecurityAlgorithms.md new file mode 100644 index 00000000..9409e7f9 --- /dev/null +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-js-core.index.SecurityAlgorithms.md @@ -0,0 +1,25 @@ +--- +rootSdk: js-core +title: "SecurityAlgorithms" +category: Enums +--- + +# Enum: SecurityAlgorithms + +> **SecurityAlgorithms** = `"RS256"` \| `"RS384"` \| `"RS512"` \| `"PS256"` \| `"PS384"` \| `"PS512"` \| `"ES256"` \| `"ES384"` \| `"ES512"` + +Supported JSON Web Signature (JWS) algorithms used to sign tokens. + +These algorithms define how tokens issued by MonoCloud are cryptographically signed and verified. The expected algorithm should match the configuration of your MonoCloud application. + +## Type Declaration + +- `RS256` - RSA using SHA-256. Default and most commonly used signing algorithm. +- `RS384` - RSA using SHA-384. +- `RS512` - RSA using SHA-512. +- `PS256` - RSA-PSS using SHA-256. Provides stronger cryptographic padding than RS256. +- `PS384` - RSA-PSS using SHA-384. +- `PS512` - RSA-PSS using SHA-512. +- `ES256` - ECDSA using P-256 curve and SHA-256. Produces smaller tokens and faster verification. +- `ES384` - ECDSA using P-384 curve and SHA-384. +- `ES512` - ECDSA using P-521 curve and SHA-512. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-nextjs.index.SameSiteValues.md b/docs/markdown/Types_(Enums)/_monocloud_auth-nextjs.index.SameSiteValues.md index 5eb2747f..8115cc47 100644 --- a/docs/markdown/Types_(Enums)/_monocloud_auth-nextjs.index.SameSiteValues.md +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-nextjs.index.SameSiteValues.md @@ -16,4 +16,4 @@ The `SameSite` setting controls when cookies are included in cross-site requests - `strict` - Cookies are only sent for same-site requests. Cookies will NOT be included in cross-site navigations, redirects, or embedded requests. Provides the strongest CSRF protection but may break authentication flows that rely on cross-site redirects. - `lax` - Cookies are sent for same-site requests and top-level cross-site navigations (for example, following a link). This is the recommended default for most authentication flows. -- `none` - Cookies are sent with all requests, including cross-site requests. Must be used together with +- `none` - Cookies are sent with all requests, including cross-site requests. Must be used together with `Secure=true` (HTTPS only). Required for some third-party or cross-origin authentication scenarios. diff --git a/docs/markdown/Types_(Enums)/_monocloud_auth-node-core.index.SameSiteValues.md b/docs/markdown/Types_(Enums)/_monocloud_auth-node-core.index.SameSiteValues.md index 81d7677e..2c393e72 100644 --- a/docs/markdown/Types_(Enums)/_monocloud_auth-node-core.index.SameSiteValues.md +++ b/docs/markdown/Types_(Enums)/_monocloud_auth-node-core.index.SameSiteValues.md @@ -16,4 +16,4 @@ The `SameSite` setting controls when cookies are included in cross-site requests - `strict` - Cookies are only sent for same-site requests. Cookies will NOT be included in cross-site navigations, redirects, or embedded requests. Provides the strongest CSRF protection but may break authentication flows that rely on cross-site redirects. - `lax` - Cookies are sent for same-site requests and top-level cross-site navigations (for example, following a link). This is the recommended default for most authentication flows. -- `none` - Cookies are sent with all requests, including cross-site requests. Must be used together with +- `none` - Cookies are sent with all requests, including cross-site requests. Must be used together with `Secure=true` (HTTPS only). Required for some third-party or cross-origin authentication scenarios. diff --git a/docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.OnSessionCreating.md b/docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.OnSessionCreating.md new file mode 100644 index 00000000..23128ce3 --- /dev/null +++ b/docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.OnSessionCreating.md @@ -0,0 +1,26 @@ +--- +rootSdk: js-core +title: "OnSessionCreating" +category: Handler Types +--- + +# Handler Type: OnSessionCreating + +> **OnSessionCreating** = (`session`: [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession), `idToken?`: `Partial`\<[`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims)\>, `userInfo?`: [`UserinfoResponse`](/sdks/js-core/api-reference/types/userinforesponse), `state?`: [`ApplicationState`](/sdks/js-core/api-reference/types/applicationstate)) => `Promise`\<`void`\> \| `void` + +Callback invoked when a session is being created or updated. + +## Parameters + +| Parameter | Type | Description | +| ----------- | --------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | +| `session` | [`MonoCloudSession`](/sdks/js-core/api-reference/types/monocloudsession) | The session object being created. | +| `idToken?` | `Partial`\<[`IdTokenClaims`](/sdks/js-core/api-reference/types/idtokenclaims)\> | Optional claims from the ID token received during authentication. | +| `userInfo?` | [`UserinfoResponse`](/sdks/js-core/api-reference/types/userinforesponse) | Optional claims from the UserInfo response. | +| `state?` | [`ApplicationState`](/sdks/js-core/api-reference/types/applicationstate) | Optional application state associated with the session. | + +## Returns + +`Promise`\<`void`\> \| `void` + +Returns `void` or a `Promise`. diff --git a/docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.PostCallback.md b/docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.PostCallback.md new file mode 100644 index 00000000..2311b4ce --- /dev/null +++ b/docs/markdown/Types_(Handler)/_monocloud_auth-js-core.index.PostCallback.md @@ -0,0 +1,23 @@ +--- +rootSdk: js-core +title: "PostCallback" +category: Handler Types +--- + +# Handler Type: PostCallback + +> **PostCallback** = (`state`: [`PostCallbackParams`](/sdks/js-core/api-reference/types/postcallbackparams)) => `Promise`\<`void`\> \| `void` + +Callback executed after sign-in or sign-out callback processing. + +## Parameters + +| Parameter | Type | Description | +| --------- | ------------------------------------------------------------------------------------ | --------------------------------------- | +| `state` | [`PostCallbackParams`](/sdks/js-core/api-reference/types/postcallbackparams) | Metadata describing the completed flow. | + +## Returns + +`Promise`\<`void`\> \| `void` + +Returns `void` or a `Promise`. diff --git a/docs/markdown/modules.md b/docs/markdown/modules.md index 217de03e..b699563b 100644 --- a/docs/markdown/modules.md +++ b/docs/markdown/modules.md @@ -11,3 +11,4 @@ category: Other - [@monocloud/auth-core](/sdks/nodejs/api-reference/undefined/_monocloud_auth-core) - [@monocloud/auth-node-core](/sdks/nodejs-core/api-reference/undefined/_monocloud_auth-node-core) - [@monocloud/auth-nextjs](/sdks/nextjs/api-reference/undefined/_monocloud_auth-nextjs) +- [@monocloud/auth-js-core](/sdks/js-core/api-reference/undefined/_monocloud_auth-js-core)