From b3169f43e4002af5eadc37d19e78587a2ccf3053 Mon Sep 17 00:00:00 2001
From: Mihaly Lengyel <mihaly@lengyel.tech>
Date: Sun, 24 Sep 2023 01:57:49 +0200
Subject: [PATCH 1/2] test: split interception.basic1 into multiple smaller
 test files to help with parallelization

---
 test/cross.auto_refresh.test.js         |  666 ++++++
 test/cross.basic_jwt.test.js            |  962 +++++++++
 test/cross.cross_domain.test.js         |  316 +++
 test/cross.disable_interception.test.js |  270 +++
 test/cross.resp_error.test.js           |  283 +++
 test/cross.token_migration.test.js      |  323 +++
 test/cross.unauthorised_event.test.js   |  304 +++
 test/interception.basic1.test.js        | 2496 +----------------------
 8 files changed, 3237 insertions(+), 2383 deletions(-)
 create mode 100644 test/cross.auto_refresh.test.js
 create mode 100644 test/cross.basic_jwt.test.js
 create mode 100644 test/cross.cross_domain.test.js
 create mode 100644 test/cross.disable_interception.test.js
 create mode 100644 test/cross.resp_error.test.js
 create mode 100644 test/cross.token_migration.test.js
 create mode 100644 test/cross.unauthorised_event.test.js

diff --git a/test/cross.auto_refresh.test.js b/test/cross.auto_refresh.test.js
new file mode 100644
index 00000000..16db4b6f
--- /dev/null
+++ b/test/cross.auto_refresh.test.js
@@ -0,0 +1,666 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: automatic session refresh`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        it("refresh session with invalid tokens should clear all cookies", async function () {
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+            });
+
+            // we save the cookies..
+            let originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
+
+            // we logout
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                await toTest({ url: `${BASE_URL}/logout`, method: "POST" });
+            });
+
+            // we set the old cookies with invalid access token
+            originalCookies = originalCookies.map(c =>
+                c.name === "sAccessToken" || c.name === "st-access-token" ? { ...c, value: "broken" } : c
+            );
+            await page.setCookie(...originalCookies);
+
+            // now we expect a 401.
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                let resp = await toTest({ url: `${BASE_URL}/`, method: "GET" });
+                assert.strictEqual(resp.statusCode, 401);
+                // assert.strictEqual(resp.url, `${BASE_URL}/auth/session/refresh`);
+            });
+
+            // and we assert that the only cookie that exists is the st-last-access-token-update
+            let newCookies = (await page._client.send("Network.getAllCookies")).cookies;
+
+            assert.strictEqual(newCookies.length, 1);
+            assert.strictEqual(newCookies[0].name, "st-last-access-token-update");
+        });
+
+        it("refresh session endpoint responding with 500 makes the original call resolve with refresh response", async function () {
+            await startST(100, true, "0.002");
+            await setup();
+
+            await page.setRequestInterception(true);
+            let firstGet = true;
+            let firstPost = true;
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/") {
+                    if (firstGet) {
+                        firstGet = false;
+                        req.respond({
+                            status: 401,
+                            body: JSON.stringify({
+                                message: "try refresh token"
+                            })
+                        });
+                    } else {
+                        req.respond({
+                            status: 200,
+                            body: JSON.stringify({
+                                success: true
+                            })
+                        });
+                    }
+                } else if (url === BASE_URL + "/auth/session/refresh") {
+                    if (firstPost) {
+                        req.respond({
+                            status: 401,
+                            body: JSON.stringify({
+                                message: "try refresh token"
+                            })
+                        });
+                        firstPost = false;
+                    } else {
+                        req.respond({
+                            status: 500,
+                            body: JSON.stringify({
+                                message: "test"
+                            })
+                        });
+                    }
+                } else {
+                    req.continue();
+                }
+            });
+
+            // page.on("console", l => console.log(l.text()));
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                let response = await toTest({ url: `${BASE_URL}/`, method: "GET" });
+                // assert.strictEqual(response.url, `${BASE_URL}/auth/session/refresh`);
+                assert.strictEqual(response.statusCode, 500);
+                const data = JSON.parse(response.responseText);
+                assert.strictEqual(data.message, "test");
+            });
+        });
+
+        it("no refresh call after 401 response that removes session", async function () {
+            await startST(100, true, "0.002");
+            await setup();
+            await page.setRequestInterception(true);
+            let refreshCalled = 0;
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/") {
+                    req.respond({
+                        status: 401,
+                        body: JSON.stringify({ message: "test" }),
+                        headers: {
+                            // Cookies don't actually matter as long as we clear the front-token
+                            // this is because the frontend will still have st-last-access-token-update w/ a removed front-token
+                            // This is interpreted as a logged-out state
+                            "front-token": "remove"
+                        }
+                    });
+                } else if (url === BASE_URL + "/auth/session/refresh") {
+                    ++refreshCalled;
+                    req.respond({
+                        status: 401,
+                        body: JSON.stringify({ message: "nope" })
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+                await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                const resp = await toTest({
+                    url: `${BASE_URL}/`,
+                    method: "GET",
+                    headers: { "Cache-Control": "no-cache, private" }
+                });
+
+                assertNotEqual(resp, undefined);
+                assert.strictEqual(resp.statusCode, 401);
+                const data = JSON.parse(resp.responseText);
+                assertNotEqual(data, undefined);
+                assert.strictEqual(data.message, "test");
+            });
+
+            // Calls it once before login, but it shouldn't after that
+            assert.equal(refreshCalled, 1);
+        });
+
+        it("original endpoint responding with 500 should not call refresh without cookies", async function () {
+            await startST(100, true, "0.002");
+            await setup();
+            await page.setRequestInterception(true);
+            let refreshCalled = 0;
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/") {
+                    req.respond({
+                        status: 500,
+                        body: JSON.stringify({
+                            message: "test"
+                        })
+                    });
+                } else if (url === BASE_URL + "/auth/session/refresh") {
+                    ++refreshCalled;
+                    req.respond({
+                        status: 500,
+                        body: JSON.stringify({
+                            message: "nope"
+                        })
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+
+            await page.evaluate(async () => {
+                let response = await toTest({ url: `${BASE_URL}/`, method: "GET" });
+                assert.strictEqual(response.url, `${BASE_URL}/`);
+                assert.strictEqual(response.statusCode, 500);
+                const data = JSON.parse(response.responseText);
+                assert.strictEqual(data.message, "test");
+            });
+            // It should call it once before the call - but after that doesn't work it should not try again after the API request
+            assert.strictEqual(refreshCalled, 1);
+        });
+
+        //If via interception, make sure that initially, just an endpoint is just hit twice in case of access token expiry*****
+        it("test that if via interception, initially an endpoint is hit just twice in case of access token expiary", async () => {
+            await startST(3);
+            await setup();
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                //wait for 3 seconds such that the session expires
+                await delay(5);
+
+                let getSessionResponse = await toTest({ url: `${BASE_URL}/` });
+                assert.strictEqual(getSessionResponse.responseText, userId);
+
+                //check that the number of times getSession was called is 1
+                assert.strictEqual(await getNumberOfTimesGetSessionCalled(), 1);
+
+                //check that the number of times refesh session was called is 1
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+            });
+        });
+
+        //- If you make an api call without cookies(logged out) api throws session expired , then make sure that refresh token api is not getting called , get 401 as the output****
+        it("test that an api call without cookies throws session expire, refresh api is not called and 401 is the output", async function () {
+            await startST(5);
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                let logoutResponse = await toTest({
+                    url: `${BASE_URL}/logout`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(logoutResponse.responseText, "success");
+
+                let getSessionResponse = await toTest({ url: `${BASE_URL}/` });
+
+                //check that the response to getSession without cookies is 401
+                assert.strictEqual(getSessionResponse.statusCode, 401);
+
+                assert.strictEqual(getSessionResponse.url, `${BASE_URL}/`);
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
+            });
+        });
+
+        //    - If via interception, make sure that initially, just an endpoint is just hit once in case of access token NOT expiry*****
+        it("test that via interception initially an endpoint is just hit once in case of valid access token", async function () {
+            await startST(5);
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                let getSessionResponse = await toTest({ url: `${BASE_URL}/` });
+                assert.strictEqual(getSessionResponse.responseText, userId);
+
+                //check that the number of times getSession was called is 1
+                assert.strictEqual(await getNumberOfTimesGetSessionCalled(), 1);
+
+                //check that the number of times refresh session was called is 0
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+            });
+        });
+
+        // multiple API calls in parallel when access token is expired (100 of them) and only 1 refresh should be called*****
+        it("test that multiple API calls in parallel when access token is expired, only 1 refresh should be called", async function () {
+            await startST(15);
+            await setup();
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+                assert.strictEqual(loginResponse.responseText, userId);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+
+                // wait for 7 seconds so that the accesstoken expires
+                await delay(17);
+
+                let promises = [];
+                let n = 100;
+
+                // create an array of 100 get session promises
+                for (let i = 0; i < n; i++) {
+                    promises.push(
+                        toTest({
+                            url: `${BASE_URL}/`,
+                            method: "GET",
+                            headers: { "Cache-Control": "no-cache, private" }
+                        })
+                    );
+                }
+
+                // send 100 get session requests
+                let multipleGetSessionResponse = await Promise.all(promises);
+
+                //check that reponse of all requests are success
+                let noOfResponeSuccesses = 0;
+                for (let i = 0; i < multipleGetSessionResponse.length; i++) {
+                    assert.strictEqual(await multipleGetSessionResponse[i].responseText, userId);
+                    noOfResponeSuccesses += 1;
+                }
+
+                //check that the number of times refresh is called is 1
+
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+                assert.strictEqual(noOfResponeSuccesses, n);
+            });
+        });
+
+        // multiple API calls in parallel when access token is expired (100 of them) and only 1 refresh should be called*****
+        it("test that multiple API calls in parallel when access token is expired, only 1 refresh should be called - with delayed calls", async function () {
+            await startST(15);
+            await setup();
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+                assert.strictEqual(loginResponse.responseText, userId);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+
+                // wait for 7 seconds so that the accesstoken expires
+                await delay(17);
+
+                let promises = [];
+                let n = 100;
+
+                // create an array of 100 get session promises
+                for (let i = 0; i < n; i++) {
+                    // this will make it so that there are calls to the / API during the refresh call.
+                    // these calls should not cause another refresh, cause the tokens would have changed.
+                    await new Promise(r => setTimeout(r, 3 * Math.random()));
+                    promises.push(
+                        toTest({
+                            url: `${BASE_URL}/`,
+                            method: "GET",
+                            headers: { "Cache-Control": "no-cache, private" }
+                        })
+                    );
+                }
+
+                // send 100 get session requests
+                let multipleGetSessionResponse = await Promise.all(promises);
+
+                //check that reponse of all requests are success
+                let noOfResponeSuccesses = 0;
+                for (let i = 0; i < multipleGetSessionResponse.length; i++) {
+                    assert.strictEqual(await multipleGetSessionResponse[i].responseText, userId);
+                    noOfResponeSuccesses += 1;
+                }
+
+                //check that the number of times refresh is called is 1
+
+                try {
+                    assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+                } catch (err) {
+                    // this happens sometimes for python testing where the number of refreshes is
+                    // 2.
+                    assert.strictEqual(await getNumberOfTimesRefreshCalled(), 2);
+                }
+                assert.strictEqual(noOfResponeSuccesses, n);
+            });
+        });
+
+        it("test refresh session", async function () {
+            await startST(3);
+            await setup();
+            await page.evaluate(async () => {
+                const userId = "testing-supertokens-website";
+                const loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.statusCode, 200);
+                assert.strictEqual(loginResponse.responseText, userId);
+                //delay for 5 seconds for access token validity expiry
+                await delay(5);
+
+                //check that the number of times the refreshAPI was called is 0
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+
+                let getResponse = await toTest({ url: `${BASE_URL}/` });
+                //check that the response to getSession was success
+                assert.strictEqual(getResponse.statusCode, 200);
+                assert.strictEqual(getResponse.responseText, userId);
+
+                //check that the number of time the refreshAPI was called is 1
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+            });
+        });
+
+        it("test refresh session with multiple 401s", async function () {
+            await startST(3);
+            await setup();
+            await page.setRequestInterception(true);
+            let getCount = 0;
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/") {
+                    if (getCount++ < 3) {
+                        req.respond({
+                            status: 401,
+                            body: JSON.stringify({
+                                message: "try refresh token"
+                            })
+                        });
+                    } else {
+                        req.respond({
+                            status: 200,
+                            body: JSON.stringify({
+                                success: true
+                            })
+                        });
+                    }
+                } else {
+                    req.continue();
+                }
+            });
+            await page.evaluate(async () => {
+                const userId = "testing-supertokens-website";
+                const loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.statusCode, 200);
+                assert.strictEqual(loginResponse.responseText, userId);
+                //delay for 5 seconds for access token validity expiry
+                await delay(5);
+
+                //check that the number of times the refreshAPI was called is 0
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+
+                let getResponse = await toTest({ url: `${BASE_URL}/` });
+                //check that the response to getSession was success
+                assert.strictEqual(getResponse.statusCode, 200);
+                assert.deepStrictEqual(JSON.parse(getResponse.responseText), { success: true });
+
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 3);
+            });
+            await page.setRequestInterception(false);
+        });
+    });
+});
diff --git a/test/cross.basic_jwt.test.js b/test/cross.basic_jwt.test.js
new file mode 100644
index 00000000..49224513
--- /dev/null
+++ b/test/cross.basic_jwt.test.js
@@ -0,0 +1,962 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: basic jwt handling`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        it("Test that the access token payload and the JWT have all valid claims after creating, refreshing and updating the payload", async function () {
+            await startSTWithJWTEnabled();
+            await setup();
+
+            let isJwtEnabled = await checkIfJWTIsEnabled();
+
+            if (!isJwtEnabled) {
+                return;
+            }
+
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/jsondecode") {
+                    let jwt = JSON.parse(req.postData()).jwt;
+                    let decodedJWT = decodeJWT(jwt);
+
+                    req.respond({
+                        status: 200,
+                        body: JSON.stringify(decodedJWT)
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+            await page.evaluate(async v3AccessTokenSupported => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let userId = "testing-supertokens-website";
+
+                // Create a session
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Verify access token payload
+                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+
+                assertEqual(accessTokenPayload.customClaim, "customValue");
+                let jwt;
+
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                // Decode the JWT
+                let decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                let decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify the JWT claims
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+
+                // Update access token payload
+                await toTest({
+                    url: `${BASE_URL}/update-jwt`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ newClaim: "newValue" })
+                });
+
+                // Get access token payload
+                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+                assertEqual(accessTokenPayload.customClaim, undefined);
+                assertEqual(accessTokenPayload.newClaim, "newValue");
+
+                // Verify new access token payload
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify new JWT
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.customClaim, undefined);
+                assert.strictEqual(decodedJWT.newClaim, "newValue");
+
+                let attemptRefresh = await supertokens.attemptRefreshingSession();
+                assert.strictEqual(attemptRefresh, true);
+
+                // Verify new access token payload
+                assertEqual(accessTokenPayload.customClaim, undefined);
+                assertEqual(accessTokenPayload.newClaim, "newValue");
+
+                // Verify new access token payload
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify new JWT
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.customClaim, undefined);
+                assert.strictEqual(decodedJWT.newClaim, "newValue");
+            }, v3AccessTokenSupported);
+        });
+
+        it("Test that the access token payload and the JWT have all valid claims after updating access token payload", async function () {
+            await startSTWithJWTEnabled();
+
+            let isJwtEnabled = await checkIfJWTIsEnabled();
+
+            if (!isJwtEnabled) {
+                return;
+            }
+
+            await setup();
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/jsondecode") {
+                    let jwt = JSON.parse(req.postData()).jwt;
+                    let decodedJWT = decodeJWT(jwt);
+
+                    req.respond({
+                        status: 200,
+                        body: JSON.stringify(decodedJWT)
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+            await page.evaluate(async v3AccessTokenSupported => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let userId = "testing-supertokens-website";
+
+                // Create a session
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Verify access token payload
+                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+                assertEqual(accessTokenPayload.customClaim, "customValue");
+                let jwt;
+
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                // Decode the JWT
+                let decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                let decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify the JWT claims
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+
+                // Update access token payload
+                await toTest({
+                    url: `${BASE_URL}/update-jwt`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({
+                        customClaim: undefined,
+                        newClaim: "newValue"
+                    })
+                });
+
+                // Get access token payload
+                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+                assert.strictEqual(accessTokenPayload.customClaim, undefined);
+                assert.strictEqual(accessTokenPayload.newClaim, "newValue");
+
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify new JWT
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.customClaim, undefined);
+                assert.strictEqual(decodedJWT.newClaim, "newValue");
+            }, v3AccessTokenSupported);
+        });
+
+        it("Test that access token payload and JWT are valid after the property name changes and payload is updated", async function () {
+            await startSTWithJWTEnabled();
+
+            let isJwtEnabled = await checkIfJWTIsEnabled();
+
+            if (!isJwtEnabled || v3AccessTokenSupported) {
+                return;
+            }
+
+            await setup();
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/jsondecode") {
+                    let jwt = JSON.parse(req.postData()).jwt;
+                    let decodedJWT = decodeJWT(jwt);
+
+                    req.respond({
+                        status: 200,
+                        body: JSON.stringify(decodedJWT)
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let userId = "testing-supertokens-website";
+
+                // Create a session
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Verify access token payload
+                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+
+                assertNotEqual(accessTokenPayload.jwt, undefined);
+                assert.strictEqual(accessTokenPayload.sub, undefined);
+                assert.strictEqual(accessTokenPayload._jwtPName, "jwt");
+                assert.strictEqual(accessTokenPayload.iss, undefined);
+                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+
+                let jwt = accessTokenPayload.jwt;
+
+                // Decode the JWT
+                let decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                let decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify the JWT claims
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+
+                await toTest({
+                    url: `${BASE_URL}/reinitialiseBackendConfig`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({
+                        jwtPropertyName: "customJWTProperty"
+                    })
+                });
+
+                // Update access token payload
+                await toTest({
+                    url: `${BASE_URL}/update-jwt`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ newClaim: "newValue" })
+                });
+
+                // Get access token payload
+                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+
+                // Verify new access token payload
+                assertNotEqual(accessTokenPayload.jwt, undefined);
+                assert.strictEqual(accessTokenPayload.sub, undefined);
+                assert.strictEqual(accessTokenPayload._jwtPName, "jwt");
+                assert.strictEqual(accessTokenPayload.iss, undefined);
+                assert.strictEqual(accessTokenPayload.customClaim, undefined);
+                assert.strictEqual(accessTokenPayload.customJWTProperty, undefined);
+                assert.strictEqual(accessTokenPayload.newClaim, "newValue");
+
+                jwt = accessTokenPayload.jwt;
+
+                decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify new JWT
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, undefined);
+                assert.strictEqual(decodedJWT.newClaim, "newValue");
+            });
+        });
+
+        it("Test that access token payload and JWT are valid after the property name changes and session is refreshed", async function () {
+            await startSTWithJWTEnabled();
+
+            let isJwtEnabled = await checkIfJWTIsEnabled();
+
+            if (!isJwtEnabled || v3AccessTokenSupported) {
+                return;
+            }
+
+            await setup();
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/jsondecode") {
+                    let jwt = JSON.parse(req.postData()).jwt;
+                    let decodedJWT = decodeJWT(jwt);
+
+                    req.respond({
+                        status: 200,
+                        body: JSON.stringify(decodedJWT)
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let userId = "testing-supertokens-website";
+
+                // Create a session
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Verify access token payload
+                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+
+                assertNotEqual(accessTokenPayload.jwt, undefined);
+                assert.strictEqual(accessTokenPayload.sub, undefined);
+                assert.strictEqual(accessTokenPayload._jwtPName, "jwt");
+                assert.strictEqual(accessTokenPayload.iss, undefined);
+                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+
+                let jwt = accessTokenPayload.jwt;
+
+                // Decode the JWT
+                let decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                let decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify the JWT claims
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+
+                await toTest({
+                    url: `${BASE_URL}/reinitialiseBackendConfig`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({
+                        jwtPropertyName: "customJWTProperty"
+                    })
+                });
+
+                let attemptRefresh = await supertokens.attemptRefreshingSession();
+                assert.strictEqual(attemptRefresh, true);
+
+                // Get access token payload
+                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+
+                // Verify new access token payload
+                assert.strictEqual(accessTokenPayload.jwt, undefined);
+                assertNotEqual(accessTokenPayload.customJWTProperty, undefined);
+                assert.strictEqual(accessTokenPayload.sub, undefined);
+                assert.strictEqual(accessTokenPayload._jwtPName, "customJWTProperty");
+                assert.strictEqual(accessTokenPayload.iss, undefined);
+                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+
+                jwt = accessTokenPayload.customJWTProperty;
+
+                decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify new JWT
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+            });
+        });
+
+        it("Test that access token payload and jwt are valid after the session has expired", async function () {
+            await startSTWithJWTEnabled(3);
+
+            let isJwtEnabled = await checkIfJWTIsEnabled();
+
+            if (!isJwtEnabled) {
+                return;
+            }
+
+            await setup();
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/jsondecode") {
+                    let jwt = JSON.parse(req.postData()).jwt;
+                    let decodedJWT = decodeJWT(jwt);
+
+                    req.respond({
+                        status: 200,
+                        body: JSON.stringify(decodedJWT)
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+            await page.evaluate(async v3AccessTokenSupported => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let userId = "testing-supertokens-website";
+
+                // Create a session
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Verify access token payload
+                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+
+                let jwt;
+
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                let decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                let decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                let jwtExpiry = decodedJWT.exp;
+
+                // Wait for access token to expire
+                await delay(5);
+
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+
+                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+
+                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify new JWT
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+
+                let newJwtExpiry = decodedJWT.exp;
+
+                assert.strictEqual(newJwtExpiry > Math.ceil(Date.now() / 1000), true);
+                assertNotEqual(jwtExpiry, newJwtExpiry);
+            }, v3AccessTokenSupported);
+        });
+
+        it("Test full JWT flow with open id discovery", async function () {
+            await startSTWithJWTEnabled(20);
+
+            let isJwtEnabled = await checkIfJWTIsEnabled();
+
+            if (!isJwtEnabled) {
+                return;
+            }
+
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/jsondecode") {
+                    let jwt = JSON.parse(req.postData()).jwt;
+                    let decodedJWT = decodeJWT(jwt);
+
+                    req.respond({
+                        status: 200,
+                        body: JSON.stringify(decodedJWT)
+                    });
+                } else if (url === BASE_URL + "/jwtVerify") {
+                    let data = JSON.parse(req.postData());
+                    let jwt = data.jwt;
+                    let jwksURL = data.jwksURL;
+                    let client = jwksClient({
+                        jwksUri: jwksURL
+                    });
+
+                    function getKey(header, callback) {
+                        client.getSigningKey(header.kid, function (err, key) {
+                            if (err) {
+                                callback(err, null);
+                                return;
+                            }
+
+                            var signingKey = key.publicKey || key.rsaPublicKey;
+                            callback(null, signingKey);
+                        });
+                    }
+
+                    verifyJWT(jwt, getKey, (err, decoded) => {
+                        if (err) {
+                            req.respond({
+                                status: 500,
+                                body: JSON.stringify({
+                                    error: err
+                                })
+                            });
+                            return;
+                        }
+
+                        req.respond({
+                            status: 200,
+                            body: JSON.stringify(decoded)
+                        });
+                    });
+                } else {
+                    req.continue();
+                }
+            });
+            await setup();
+            await page.evaluate(async v3AccessTokenSupported => {
+                let userId = "testing-supertokens-website";
+
+                // Create a session
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Verify access token payload
+                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
+                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+
+                let jwt;
+
+                if (v3AccessTokenSupported) {
+                    jwt = await supertokens.getAccessToken();
+                    assertEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, undefined);
+                } else {
+                    assertNotEqual(accessTokenPayload.jwt, undefined);
+                    assertEqual(accessTokenPayload.sub, undefined);
+                    assertEqual(accessTokenPayload._jwtPName, "jwt");
+                    assertEqual(accessTokenPayload.iss, undefined);
+
+                    jwt = accessTokenPayload.jwt;
+                }
+
+                let decodeResponse = await toTest({
+                    url: `${BASE_URL}/jsondecode`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ jwt })
+                });
+
+                let decodedJWT = JSON.parse(decodeResponse.responseText);
+
+                // Verify the JWT claims
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+
+                // Use the jwt issuer to get discovery configuration
+
+                let discoveryEndpoint = decodedJWT.iss + "/.well-known/openid-configuration";
+
+                let jwksEndpoint = (await (await fetch(discoveryEndpoint)).json()).jwks_uri;
+
+                let verifyResponse = await toTest({
+                    url: `${BASE_URL}/jwtVerify`,
+                    method: "POST",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({
+                        jwt,
+                        jwksURL: jwksEndpoint
+                    })
+                });
+
+                if (verifyResponse.statusCode !== 200) {
+                    throw new Error("JWT Verification failed");
+                }
+
+                decodedJWT = JSON.parse(verifyResponse.responseText);
+
+                assert.strictEqual(decodedJWT.sub, userId);
+                assert.strictEqual(decodedJWT._jwtPName, undefined);
+                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
+                assert.strictEqual(decodedJWT.customClaim, "customValue");
+            }, v3AccessTokenSupported);
+        });
+    });
+});
diff --git a/test/cross.cross_domain.test.js b/test/cross.cross_domain.test.js
new file mode 100644
index 00000000..59b26787
--- /dev/null
+++ b/test/cross.cross_domain.test.js
@@ -0,0 +1,316 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: cross domain calls`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        //cross domain login, userinfo, logout
+        it("test cross domain", async () => {
+            await startST(5);
+            await setup();
+
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    credentials: "include",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                //check that the userId which is returned in the response is the same as the one we sent
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // check that the session exists
+                assert.strictEqual(await supertokens.doesSessionExist(), true);
+
+                // check that the number of times session refresh is called is zero
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
+
+                //delay for 5 seconds so that we know accessToken expires
+
+                await delay(5);
+                // send a get session request , which should do a refresh session request
+                let getSessionResponse = await toTest({ url: `${BASE_URL}/`, method: "get", credentials: "include" });
+
+                // check that the getSession was successfull
+                assert.strictEqual(getSessionResponse.responseText, userId);
+
+                // check that the refresh session was called only once
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 1);
+
+                // do logout
+                let logoutResponse = await toTest({
+                    url: `${BASE_URL}/logout`,
+                    method: "post",
+                    credentials: "include",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+                assert.strictEqual(logoutResponse.responseText, "success");
+
+                //check that session does not exist
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+            });
+        });
+
+        //cross domain login, userinfo, logout
+        it("test cross domain, auto add credentials", async () => {
+            await startST(5);
+            await setup();
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                //check that the userId which is returned in the response is the same as the one we sent
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // check that the session exists
+                assert.strictEqual(await supertokens.doesSessionExist(), true);
+
+                // check that the number of times session refresh is called is zero
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
+
+                //delay for 5 seconds so that we know accessToken expires
+
+                await delay(5);
+                // send a get session request , which should do a refresh session request
+                let getSessionResponse = await toTest({ url: `${BASE_URL}/`, method: "get" });
+
+                // check that the getSession was successfull
+                assert.strictEqual(getSessionResponse.responseText, userId);
+
+                // check that the refresh session was called only once
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 1);
+
+                // do logout
+                let logoutResponse = await toTest({
+                    url: `${BASE_URL}/logout`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+                assert.strictEqual(logoutResponse.responseText, "success");
+
+                //check that session does not exist
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+            });
+        });
+
+        //cross domain login, userinfo, logout
+        it("test cross domain, no auto add credentials, fail", async () => {
+            await startST(5);
+            await setup();
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8082";
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    autoAddCredentials: false
+                });
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                //check that the userId which is returned in the response is the same as the one we sent
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // check that the session exists
+                assert.strictEqual(await supertokens.doesSessionExist(), true);
+
+                // check that the number of times session refresh is called is zero
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
+
+                //delay for 5 seconds so that we know accessToken expires
+
+                await delay(5);
+
+                let resp = await toTest({ url: `${BASE_URL}/`, method: "get" });
+                assert.strictEqual(resp.statusCode, 401);
+
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+
+                await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    credentials: "include",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                // send a get session request , which should do a refresh session request
+                let getSessionResponse = await toTest({ url: `${BASE_URL}/`, method: "get", credentials: "include" });
+
+                // check that the getSession was successfull
+                assert.strictEqual(getSessionResponse.responseText, userId);
+
+                // check that the refresh session was called only once
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
+
+                // do logout
+                let logoutResponse = await toTest({
+                    url: `${BASE_URL}/logout`,
+                    method: "post",
+                    credentials: "include",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+                assert.strictEqual(logoutResponse.responseText, "success");
+
+                //check that session does not exist
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+            });
+        });
+    });
+});
diff --git a/test/cross.disable_interception.test.js b/test/cross.disable_interception.test.js
new file mode 100644
index 00000000..9cbb8b33
--- /dev/null
+++ b/test/cross.disable_interception.test.js
@@ -0,0 +1,270 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: interception disabling`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        it("test interception should happen if api domain and website domain are the same and relative path is used", async function () {
+            await startST(5);
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                assert.strictEqual(await supertokens.doesSessionExist(), true);
+            });
+        });
+
+        it("test interception should not happen if api domain and website domain are different and relative path is used", async function () {
+            await startST(5);
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "https://google.com";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+            });
+        });
+
+        it("should not intercept if url contains superTokensDoNotDoInterception", async function () {
+            await startST(5);
+            await setup();
+
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `/login#superTokensDoNotDoInterception`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+            });
+        });
+
+        it("test disabled interception", async function () {
+            await startST();
+
+            await setup();
+            await page.evaluate(async () => {
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    postAPIHook: async context => {
+                        assert.strictEqual(context.action === "REFRESH_SESSION" || context.action === "SIGN_OUT", true);
+
+                        if (context.action === "REFRESH_SESSION" && context.fetchResponse.statusCode === 200) {
+                            const body = await context.fetchResponse.text();
+                            assert.strictEqual(body, "refresh success");
+
+                            const frontTokenInHeader = context.fetchResponse.headers.get("front-token");
+                            assertNotEqual(frontTokenInHeader, "");
+                            assertNotEqual(frontTokenInHeader, null);
+                        }
+
+                        if (context.action === "SIGN_OUT" && context.fetchResponse.statusCode === 200) {
+                            const body = await context.fetchResponse.json();
+                            assert.strictEqual(body.statusCode, "OK");
+
+                            const frontTokenInHeader = context.fetchResponse.headers.get("front-token");
+                            assert.strictEqual(frontTokenInHeader, "remove");
+                        }
+                    }
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+
+                await delay(2);
+                let attemptRefresh = await supertokens.attemptRefreshingSession();
+                assert.strictEqual(attemptRefresh, true);
+
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+                await supertokens.signOut();
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+            });
+        });
+
+        it("test that interception doesn't happen if the shouldDoInterceptionBasedOnUrl override returns false", async function () {
+            await setup({
+                override: ["shouldDoInterceptionBasedOnUrl"]
+            });
+
+            await page.evaluate(async () => {
+                let getResponse = await toTest({ url: `${BASE_URL}/check-rid-no-session` });
+                assert.strictEqual(getResponse.responseText, "fail");
+
+                let getWithOverrideResponse = await toTest({ url: `${BASE_URL}/check-rid-no-session?doOverride` });
+                assert.strictEqual(getWithOverrideResponse.responseText, "success");
+            });
+        });
+    });
+});
diff --git a/test/cross.resp_error.test.js b/test/cross.resp_error.test.js
new file mode 100644
index 00000000..a32355c5
--- /dev/null
+++ b/test/cross.resp_error.test.js
@@ -0,0 +1,283 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: error response handling`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        it("test that if an api throws an error it gets propagated to the user with interception", async () => {
+            await startST();
+            await setup();
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let val = await toTest({ url: `${BASE_URL}/testError` });
+                assert.strictEqual(val.responseText, "test error message");
+                assert.strictEqual(val.statusCode, 500);
+            });
+        });
+
+        it("test that if an api throws a 400 error it gets propagated to the user with interception", async () => {
+            await startST();
+            await setup();
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let val = await toTest({ url: `${BASE_URL}/testError?code=400` });
+                assert.strictEqual(val.responseText, "test error message");
+                assert.strictEqual(val.statusCode, 400);
+            });
+        });
+
+        it("test that if an api throws a 405 error it gets propagated to the user with interception", async () => {
+            await startST();
+            await setup();
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let val = await toTest({ url: `${BASE_URL}/testError?code=405` });
+                assert.strictEqual(val.responseText, "test error message");
+                assert.strictEqual(val.statusCode, 405);
+            });
+        });
+
+        it("test that if an api throws an error it gets propagated to the user without interception", async () => {
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let val = await toTest({ url: `${BASE_URL}/testError#superTokensDoNotDoInterception`, method: "get" });
+
+                assert.strictEqual(val.responseText, "test error message");
+                assert.strictEqual(val.statusCode, 500);
+            });
+        });
+
+        it("test that if an api throws a 400 error it gets propagated to the user without interception", async () => {
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let val = await toTest({
+                    url: `${BASE_URL}/testError?code=400#superTokensDoNotDoInterception`,
+                    method: "get"
+                });
+
+                assert.strictEqual(val.responseText, "test error message");
+                assert.strictEqual(val.statusCode, 400);
+            });
+        });
+
+        it("test that if an api throws a 405 error it gets propagated to the user without interception", async () => {
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let val = await toTest({ url: `${BASE_URL}/testError?code=405`, method: "get" });
+
+                assert.strictEqual(val.responseText, "test error message");
+                assert.strictEqual(val.statusCode, 405);
+            });
+        });
+
+        it("test that network errors are propagated to the user with interception", async () => {
+            await startST();
+            await setup();
+
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/testError") {
+                    req.abort();
+                } else {
+                    req.continue();
+                }
+            });
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let caught;
+                try {
+                    await toTest({ url: `${BASE_URL}/testError`, method: "get" });
+                } catch (ex) {
+                    caught = ex;
+                }
+
+                assert.ok(caught);
+            });
+        });
+
+        it("test that network errors are propagated to the user without interception", async () => {
+            await startST();
+            await setup();
+
+            await page.setRequestInterception(true);
+            page.on("request", req => {
+                const url = req.url();
+                if (url === BASE_URL + "/testError") {
+                    req.abort();
+                } else {
+                    req.continue();
+                }
+            });
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+
+                let caught;
+                try {
+                    await toTest({ url: `${BASE_URL}/testError#superTokensDoNotDoInterception`, method: "get" });
+                } catch (ex) {
+                    caught = ex;
+                }
+
+                assert.ok(caught);
+            });
+        });
+    });
+});
diff --git a/test/cross.token_migration.test.js b/test/cross.token_migration.test.js
new file mode 100644
index 00000000..14f24772
--- /dev/null
+++ b/test/cross.token_migration.test.js
@@ -0,0 +1,323 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: token migration`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        it("should work after refresh migrating old cookie based sessions", async function () {
+            if (transferMethod === "header") {
+                // We skip this in header mode, they can't have legacy sessions
+                this.skip();
+            }
+
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+            });
+
+            await page.setCookie({ name: "sIdRefreshToken", value: "asdf" });
+
+            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+            let originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
+            assert.notStrictEqual(
+                originalCookies.find(cookie => cookie.name === "sIdRefreshToken"),
+                undefined
+            );
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                let resp = await toTest({ url: `${BASE_URL}/`, method: "GET" });
+                assert.strictEqual(resp.statusCode, 200);
+            });
+            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+            let newCookies = (await page._client.send("Network.getAllCookies")).cookies;
+            assert.strictEqual(
+                newCookies.find(cookie => cookie.name === "sIdRefreshToken"),
+                undefined
+            );
+        });
+
+        it("should work after refresh migrating old cookie based sessions with expired access tokens", async function () {
+            if (transferMethod === "header") {
+                // We skip this in header mode, they can't have legacy sessions
+                this.skip();
+            }
+
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                let userId = "testing-supertokens-website";
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+            });
+
+            // This would work even without sIdRefreshToken since we don't actually check the body of the response, just call refresh on all 401s
+            await page.setCookie({ name: "sIdRefreshToken", value: "asdf" });
+            await page.setCookie({ name: "sAccessToken", value: "", expiry: 0 });
+
+            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+            let originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
+            assert.notStrictEqual(
+                originalCookies.find(cookie => cookie.name === "sIdRefreshToken"),
+                undefined
+            );
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                let resp = await toTest({ url: `${BASE_URL}/`, method: "GET" });
+                assert.strictEqual(resp.statusCode, 200);
+            });
+            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+            let newCookies = (await page._client.send("Network.getAllCookies")).cookies;
+            assert.notStrictEqual(
+                originalCookies.find(cookie => cookie.name === "sAccessToken"),
+                undefined
+            );
+            assert.strictEqual(
+                newCookies.find(cookie => cookie.name === "sIdRefreshToken"),
+                undefined
+            );
+        });
+
+        /**
+         * - Create a session with cookies and add sIdRefreshToken manually to simulate old cookies
+         * - Change the token method to headers
+         * - Get session information and make sure the API succeeds, refresh is called and sIdRefreshToken is removed
+         * - Make sure getAccessToken returns undefined because the backend should have used cookies
+         * - Sign out
+         * - Login again and make sure access token is present because backend should now use headers
+         */
+        it("should still work fine work fine if header based auth is enabled after a cookie based session", async function () {
+            if (transferMethod === "header") {
+                // We skip this in header mode, they can't have legacy sessions
+                this.skip();
+            }
+
+            await startST();
+            await setup();
+
+            await page.evaluate(async () => {
+                window.userId = "testing-supertokens";
+                window.BASE_URL = "http://localhost.org:8080";
+
+                // send api request to login
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // make sure there is no access token
+                let accessToken = await supertokens.getAccessToken();
+                assert.strictEqual(accessToken, undefined);
+
+                let getSessionResponse = await toTest({
+                    url: `${BASE_URL}/`,
+                    headers: {
+                        Authorization: `Bearer ${accessToken}`
+                    }
+                });
+
+                assert.strictEqual(getSessionResponse.statusCode, 200);
+                assert.strictEqual(getSessionResponse.responseText, userId);
+            });
+
+            // This would work even without sIdRefreshToken since we don't actually check the body of the response, just call refresh on all 401s
+            await page.setCookie({ name: "sIdRefreshToken", value: "asdf" });
+
+            const originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
+            assert.notStrictEqual(
+                originalCookies.find(cookie => cookie.name === "sIdRefreshToken"),
+                undefined
+            );
+
+            await page.evaluate(async () => {
+                // Switch to header based auth
+                // Re-initialization doesn't work for everything (i.e., overrides), but it's fine for this
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    tokenTransferMethod: "header"
+                });
+
+                let getResponse = await toTest({ url: `${BASE_URL}/`, method: "GET" });
+
+                //check that the response to getSession was success
+                assert.strictEqual(getResponse.responseText, userId);
+
+                //check that the number of time the refreshAPI was called is 1
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+            });
+
+            const refreshedCookies = (await page._client.send("Network.getAllCookies")).cookies;
+            assert.strictEqual(
+                refreshedCookies.find(cookie => cookie.name === "sIdRefreshToken"),
+                undefined
+            );
+
+            await page.evaluate(async () => {
+                // Make sure this is still undefined because the backend should continue using cookies
+                accessToken = await supertokens.getAccessToken();
+                assert.strictEqual(accessToken, undefined);
+
+                await supertokens.signOut();
+
+                // send api request to login
+                loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+
+                // Make sure now access token is present because it should use header based auth
+                accessToken = await supertokens.getAccessToken();
+                assert.notStrictEqual(accessToken, undefined);
+            });
+        });
+    });
+});
diff --git a/test/cross.unauthorised_event.test.js b/test/cross.unauthorised_event.test.js
new file mode 100644
index 00000000..f04a6ce4
--- /dev/null
+++ b/test/cross.unauthorised_event.test.js
@@ -0,0 +1,304 @@
+/* Copyright (c) 2020, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ * This software is licensed under the Apache License, Version 2.0 (the
+ * "License") as published by the Apache Software Foundation.
+ *
+ * You may not use this file except in compliance with the License. You may
+ * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+let axios = require("axios");
+let puppeteer = require("puppeteer");
+let decodeJWT = require("jsonwebtoken").decode;
+let verifyJWT = require("jsonwebtoken").verify;
+let jwksClient = require("jwks-rsa");
+let assert = require("assert");
+let {
+    delay,
+    getNumberOfTimesRefreshCalled,
+    startST,
+    startSTWithJWTEnabled,
+    getNumberOfTimesGetSessionCalled,
+    BASE_URL,
+    BASE_URL_FOR_ST,
+    coreTagEqualToOrAfter,
+    checkIfJWTIsEnabled,
+    checkIfV3AccessTokenIsSupported
+} = require("./utils");
+const { spawn } = require("child_process");
+const { addGenericTestCases: addTestCases } = require("./interception.testgen");
+
+/* setupFunc is called through page.evaluate at the start of each test
+    It should set window.toTest to a function that receives a config object with:
+        url
+        method
+        headers (as object)
+        body
+    and should return a response object with:
+        url
+        statusCode
+        headers (as Headers)
+        responseText (text)
+*/
+
+addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
+    describe(`${name}: unauthorised event`, function () {
+        let browser;
+        let page;
+        let v3AccessTokenSupported;
+
+        function setup(config = {}) {
+            // page.on("console", c => console.log(c.text()));
+            return page.evaluate(
+                setupFunc,
+                {
+                    // enableDebugLogs: true,
+                    ...config
+                },
+                ...setupArgs
+            );
+        }
+
+        before(async function () {
+            spawn(
+                "./test/startServer",
+                [process.env.INSTALL_PATH, process.env.NODE_PORT === undefined ? 8080 : process.env.NODE_PORT],
+                {
+                    // stdio: "inherit",
+                    // env: {
+                    //     ...process.env,
+                    //     DEBUG: "com.supertokens",
+                    // }
+                }
+            );
+            await new Promise(r => setTimeout(r, 1000));
+            v3AccessTokenSupported = await checkIfV3AccessTokenIsSupported();
+        });
+
+        after(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/after");
+            try {
+                await instance.get(BASE_URL_FOR_ST + "/stop");
+            } catch (err) {}
+        });
+
+        beforeEach(async function () {
+            let instance = axios.create();
+            await instance.post(BASE_URL_FOR_ST + "/beforeeach");
+            await instance.post("http://localhost.org:8082/beforeeach"); // for cross domain
+            await instance.post(BASE_URL + "/beforeeach");
+
+            let launchRetries = 0;
+            while (browser === undefined && launchRetries++ < 3) {
+                try {
+                    browser = await puppeteer.launch({
+                        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+                        headless: true
+                    });
+
+                    page = await browser.newPage();
+
+                    await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+                    await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
+                } catch {}
+            }
+        });
+
+        afterEach(async function () {
+            if (browser) {
+                await browser.close();
+                browser = undefined;
+            }
+        });
+
+        it("test that after login, and clearing all cookies, if we query a protected route, it fires unauthorised event", async function () {
+            await startST();
+            await setup();
+
+            let consoleLogs = [];
+            page.on("console", message => {
+                if (message.text().startsWith("ST_")) {
+                    consoleLogs.push(message.text());
+                }
+            });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    onHandleEvent: event => {
+                        console.log(`ST_${event.action}:${JSON.stringify(event)}`);
+                    }
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+            });
+
+            const client = await page.target().createCDPSession();
+            await client.send("Network.clearBrowserCookies");
+            await client.send("Network.clearBrowserCache");
+            let cookies = await page.cookies();
+            assert.strictEqual(cookies.length, 0);
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                let response = await toTest({ url: `${BASE_URL}/` });
+                assert.strictEqual(response.statusCode, 401);
+            });
+
+            assert.strictEqual(consoleLogs.length, 2);
+
+            assert.strict(consoleLogs[0].startsWith("ST_SESSION_CREATED"));
+
+            const eventName = "ST_UNAUTHORISED";
+            assert.strict(consoleLogs[1].startsWith(eventName));
+            const parsedEvent = JSON.parse(consoleLogs[1].substr(eventName.length + 1));
+            assert.strictEqual(parsedEvent.sessionExpiredOrRevoked, false);
+        });
+
+        it("test that after login, and clearing only httpOnly cookies, if we query a protected route, it fires unauthorised event", async function () {
+            if (transferMethod === "header") {
+                // We skip this in header mode: it should work the same without httpOnly cookies
+                this.skip();
+            }
+            await startST();
+            await setup();
+            let consoleLogs = [];
+            page.on("console", message => {
+                if (message.text().startsWith("ST_")) {
+                    consoleLogs.push(message.text());
+                }
+            });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    onHandleEvent: event => {
+                        console.log(`ST_${event.action}:${JSON.stringify(event)}`);
+                    }
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+            });
+
+            let originalCookies = (await page.cookies()).filter(c => !c.httpOnly);
+
+            const client = await page.target().createCDPSession();
+            await client.send("Network.clearBrowserCookies");
+            await client.send("Network.clearBrowserCache");
+
+            await page.setCookie(...originalCookies);
+            let cookies = await page.cookies();
+            assert.strictEqual(cookies.length, 3);
+
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                let response = await toTest({ url: `${BASE_URL}/` });
+                assert.strictEqual(response.statusCode, 401);
+            });
+
+            assert.strictEqual(consoleLogs.length, 2);
+
+            assert.strict(consoleLogs[0].startsWith("ST_SESSION_CREATED"));
+
+            const eventName = "ST_UNAUTHORISED";
+            assert.strict(consoleLogs[1].startsWith(eventName));
+            const parsedEvent = JSON.parse(consoleLogs[1].substr(eventName.length + 1));
+            assert.strict(parsedEvent.sessionExpiredOrRevoked);
+        });
+
+        it("test that unauthorised event is not fired on initial page load", async function () {
+            await startST();
+            await setup();
+            let consoleLogs = [];
+            page.on("console", message => {
+                if (message.text().startsWith("ST_")) {
+                    consoleLogs.push(message.text());
+                }
+            });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    onHandleEvent: event => {
+                        console.log("ST_" + event.action);
+                    }
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginResponse = await toTest({
+                    url: `${BASE_URL}/login`,
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assert.strictEqual(loginResponse.responseText, userId);
+            });
+            assert.strictEqual(consoleLogs.length, 1);
+            assert.strictEqual(consoleLogs[0], "ST_SESSION_CREATED");
+        });
+
+        it("test that unauthorised event is fired when calling protected route without a session", async function () {
+            await startST();
+            await setup();
+            let consoleLogs = [];
+            page.on("console", message => {
+                if (message.text().startsWith("ST_")) {
+                    consoleLogs.push(message.text());
+                }
+            });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL,
+                    onHandleEvent: event => {
+                        console.log(`ST_${event.action}:${JSON.stringify(event)}`);
+                    }
+                });
+                let response = await toTest({ url: `${BASE_URL}/` });
+                assert.strictEqual(response.statusCode, 401);
+            });
+
+            assert.strictEqual(consoleLogs.length, 1);
+
+            const eventName = "ST_UNAUTHORISED";
+
+            assert.strict(consoleLogs[0].startsWith(eventName));
+            const parsedEvent = JSON.parse(consoleLogs[0].substr(eventName.length + 1));
+            assert.strictEqual(parsedEvent.sessionExpiredOrRevoked, false);
+        });
+    });
+});
diff --git a/test/interception.basic1.test.js b/test/interception.basic1.test.js
index 1b7c8093..23c18d68 100644
--- a/test/interception.basic1.test.js
+++ b/test/interception.basic1.test.js
@@ -122,7 +122,8 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
 
                     await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
                     await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
-                    page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await page.evaluate(BASE_URL => (window.BASE_URL = BASE_URL), BASE_URL);
+                    await new Promise(r => setTimeout(r, 100));
                 } catch {}
             }
         });
@@ -170,96 +171,6 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
             });
         });
 
-        it("test refresh session", async function () {
-            await startST(3);
-            await setup();
-            await page.evaluate(async () => {
-                const userId = "testing-supertokens-website";
-                const loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.statusCode, 200);
-                assert.strictEqual(loginResponse.responseText, userId);
-                //delay for 5 seconds for access token validity expiry
-                await delay(5);
-
-                //check that the number of times the refreshAPI was called is 0
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                let getResponse = await toTest({ url: `${BASE_URL}/` });
-                //check that the response to getSession was success
-                assert.strictEqual(getResponse.statusCode, 200);
-                assert.strictEqual(getResponse.responseText, userId);
-
-                //check that the number of time the refreshAPI was called is 1
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-            });
-        });
-
-        it("test refresh session with multiple 401s", async function () {
-            await startST(3);
-            await setup();
-            await page.setRequestInterception(true);
-            let getCount = 0;
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/") {
-                    if (getCount++ < 3) {
-                        req.respond({
-                            status: 401,
-                            body: JSON.stringify({
-                                message: "try refresh token"
-                            })
-                        });
-                    } else {
-                        req.respond({
-                            status: 200,
-                            body: JSON.stringify({
-                                success: true
-                            })
-                        });
-                    }
-                } else {
-                    req.continue();
-                }
-            });
-            await page.evaluate(async () => {
-                const userId = "testing-supertokens-website";
-                const loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.statusCode, 200);
-                assert.strictEqual(loginResponse.responseText, userId);
-                //delay for 5 seconds for access token validity expiry
-                await delay(5);
-
-                //check that the number of times the refreshAPI was called is 0
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                let getResponse = await toTest({ url: `${BASE_URL}/` });
-                //check that the response to getSession was success
-                assert.strictEqual(getResponse.statusCode, 200);
-                assert.deepStrictEqual(JSON.parse(getResponse.responseText), { success: true });
-
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 3);
-            });
-            await page.setRequestInterception(false);
-        });
-
         it("test session after signing key change", async function () {
             // We can have access tokens valid for longer than the signing key update interval
             await startST(100, true, "0.002");
@@ -732,123 +643,6 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
             });
         });
 
-        // multiple API calls in parallel when access token is expired (100 of them) and only 1 refresh should be called*****
-        it("test that multiple API calls in parallel when access token is expired, only 1 refresh should be called", async function () {
-            await startST(15);
-            await setup();
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-                assert.strictEqual(loginResponse.responseText, userId);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                // wait for 7 seconds so that the accesstoken expires
-                await delay(17);
-
-                let promises = [];
-                let n = 100;
-
-                // create an array of 100 get session promises
-                for (let i = 0; i < n; i++) {
-                    promises.push(
-                        toTest({
-                            url: `${BASE_URL}/`,
-                            method: "GET",
-                            headers: { "Cache-Control": "no-cache, private" }
-                        })
-                    );
-                }
-
-                // send 100 get session requests
-                let multipleGetSessionResponse = await Promise.all(promises);
-
-                //check that reponse of all requests are success
-                let noOfResponeSuccesses = 0;
-                for (let i = 0; i < multipleGetSessionResponse.length; i++) {
-                    assert.strictEqual(await multipleGetSessionResponse[i].responseText, userId);
-                    noOfResponeSuccesses += 1;
-                }
-
-                //check that the number of times refresh is called is 1
-
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-                assert.strictEqual(noOfResponeSuccesses, n);
-            });
-        });
-
-        // multiple API calls in parallel when access token is expired (100 of them) and only 1 refresh should be called*****
-        it("test that multiple API calls in parallel when access token is expired, only 1 refresh should be called - with delayed calls", async function () {
-            await startST(15);
-            await setup();
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-                assert.strictEqual(loginResponse.responseText, userId);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                // wait for 7 seconds so that the accesstoken expires
-                await delay(17);
-
-                let promises = [];
-                let n = 100;
-
-                // create an array of 100 get session promises
-                for (let i = 0; i < n; i++) {
-                    // this will make it so that there are calls to the / API during the refresh call.
-                    // these calls should not cause another refresh, cause the tokens would have changed.
-                    await new Promise(r => setTimeout(r, 3 * Math.random()));
-                    promises.push(
-                        toTest({
-                            url: `${BASE_URL}/`,
-                            method: "GET",
-                            headers: { "Cache-Control": "no-cache, private" }
-                        })
-                    );
-                }
-
-                // send 100 get session requests
-                let multipleGetSessionResponse = await Promise.all(promises);
-
-                //check that reponse of all requests are success
-                let noOfResponeSuccesses = 0;
-                for (let i = 0; i < multipleGetSessionResponse.length; i++) {
-                    assert.strictEqual(await multipleGetSessionResponse[i].responseText, userId);
-                    noOfResponeSuccesses += 1;
-                }
-
-                //check that the number of times refresh is called is 1
-
-                try {
-                    assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-                } catch (err) {
-                    // this happens sometimes for python testing where the number of refreshes is
-                    // 2.
-                    assert.strictEqual(await getNumberOfTimesRefreshCalled(), 2);
-                }
-                assert.strictEqual(noOfResponeSuccesses, n);
-            });
-        });
-
         // - Things should work if anti-csrf is disabled.******
         it("test that things should work correctly if anti-csrf is disabled", async function () {
             await startST(3, false);
@@ -893,168 +687,6 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
             });
         });
 
-        // if any API throws error, it gets propagated to the user properly (with and without interception)******
-        it("test that if an api throws an error it gets propagated to the user with interception", async () => {
-            await startST();
-            await setup();
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let val = await toTest({ url: `${BASE_URL}/testError` });
-                assert.strictEqual(val.responseText, "test error message");
-                assert.strictEqual(val.statusCode, 500);
-            });
-        });
-
-        it("test that if an api throws a 400 error it gets propagated to the user with interception", async () => {
-            await startST();
-            await setup();
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let val = await toTest({ url: `${BASE_URL}/testError?code=400` });
-                assert.strictEqual(val.responseText, "test error message");
-                assert.strictEqual(val.statusCode, 400);
-            });
-        });
-
-        it("test that if an api throws a 405 error it gets propagated to the user with interception", async () => {
-            await startST();
-            await setup();
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let val = await toTest({ url: `${BASE_URL}/testError?code=405` });
-                assert.strictEqual(val.responseText, "test error message");
-                assert.strictEqual(val.statusCode, 405);
-            });
-        });
-
-        it("test that if an api throws an error it gets propagated to the user without interception", async () => {
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let val = await toTest({ url: `${BASE_URL}/testError#superTokensDoNotDoInterception`, method: "get" });
-
-                assert.strictEqual(val.responseText, "test error message");
-                assert.strictEqual(val.statusCode, 500);
-            });
-        });
-
-        it("test that if an api throws a 400 error it gets propagated to the user without interception", async () => {
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let val = await toTest({
-                    url: `${BASE_URL}/testError?code=400#superTokensDoNotDoInterception`,
-                    method: "get"
-                });
-
-                assert.strictEqual(val.responseText, "test error message");
-                assert.strictEqual(val.statusCode, 400);
-            });
-        });
-
-        it("test that if an api throws a 405 error it gets propagated to the user without interception", async () => {
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let val = await toTest({ url: `${BASE_URL}/testError?code=405`, method: "get" });
-
-                assert.strictEqual(val.responseText, "test error message");
-                assert.strictEqual(val.statusCode, 405);
-            });
-        });
-
-        it("test that network errors are propagated to the user with interception", async () => {
-            await startST();
-            await setup();
-
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/testError") {
-                    req.abort();
-                } else {
-                    req.continue();
-                }
-            });
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let caught;
-                try {
-                    await toTest({ url: `${BASE_URL}/testError`, method: "get" });
-                } catch (ex) {
-                    caught = ex;
-                }
-
-                assert.ok(caught);
-            });
-        });
-
-        it("test that network errors are propagated to the user without interception", async () => {
-            await startST();
-            await setup();
-
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/testError") {
-                    req.abort();
-                } else {
-                    req.continue();
-                }
-            });
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let caught;
-                try {
-                    await toTest({ url: `${BASE_URL}/testError#superTokensDoNotDoInterception`, method: "get" });
-                } catch (ex) {
-                    caught = ex;
-                }
-
-                assert.ok(caught);
-            });
-        });
-
         //    - Calling SuperTokens.init more than once works!*******
         it("test that calling SuperTokens.init more than once works", async () => {
             await startST();
@@ -1110,70 +742,33 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
             });
         });
 
-        //If via interception, make sure that initially, just an endpoint is just hit twice in case of access token expiry*****
-        it("test that if via interception, initially an endpoint is hit just twice in case of access token expiary", async () => {
-            await startST(3);
+        it("check sessionDoes exist calls refresh API just once", async function () {
+            await startST();
             await setup();
+
             await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
                 let userId = "testing-supertokens-website";
 
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                //wait for 3 seconds such that the session expires
-                await delay(5);
-
-                let getSessionResponse = await toTest({ url: `${BASE_URL}/` });
-                assert.strictEqual(getSessionResponse.responseText, userId);
-
-                //check that the number of times getSession was called is 1
-                assert.strictEqual(await getNumberOfTimesGetSessionCalled(), 1);
-
-                //check that the number of times refesh session was called is 1
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-            });
-        });
-
-        //- If you make an api call without cookies(logged out) api throws session expired , then make sure that refresh token api is not getting called , get 401 as the output****
-        it("test that an api call without cookies throws session expire, refresh api is not called and 401 is the output", async function () {
-            await startST(5);
-            await setup();
+                // check document cookie = ""
+                assert.strictEqual(document.cookie, "");
 
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-                let userId = "testing-supertokens-website";
+                // call sessionDoesExist
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
 
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
+                // check refresh API was called once + document.cookie has removed
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+                // assert.strictEqual(document.cookie, "sIRTFrontend=remove");
 
-                assert.strictEqual(loginResponse.responseText, userId);
+                // call sessionDoesExist
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+                // check refresh API not called
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+                // assert.strictEqual(document.cookie, "sIRTFrontend=remove");
 
-                let logoutResponse = await toTest({
-                    url: `${BASE_URL}/logout`,
+                await toTest({
+                    url: `/login`,
                     method: "post",
                     headers: {
                         Accept: "application/json",
@@ -1182,95 +777,41 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
                     body: JSON.stringify({ userId })
                 });
 
-                assert.strictEqual(logoutResponse.responseText, "success");
-
-                let getSessionResponse = await toTest({ url: `${BASE_URL}/` });
-
-                //check that the response to getSession without cookies is 401
-                assert.strictEqual(getSessionResponse.statusCode, 401);
-
-                assert.strictEqual(getSessionResponse.url, `${BASE_URL}/`);
+                // call sessionDoesExist
+                assert.strictEqual(await supertokens.doesSessionExist(), true);
+                // check refresh API not called
                 assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+                // assert.notEqual(document.cookie, "sIRTFrontend=remove");
             });
         });
 
-        //    - If via interception, make sure that initially, just an endpoint is just hit once in case of access token NOT expiry*****
-        it("test that via interception initially an endpoint is just hit once in case of valid access token", async function () {
-            await startST(5);
-            await setup();
+        it("check clearing all frontend set cookies still works (without anti-csrf)", async function () {
+            await startST(3, false);
 
+            await setup();
             await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                let getSessionResponse = await toTest({ url: `${BASE_URL}/` });
-                assert.strictEqual(getSessionResponse.responseText, userId);
-
-                //check that the number of times getSession was called is 1
-                assert.strictEqual(await getNumberOfTimesGetSessionCalled(), 1);
-
-                //check that the number of times refresh session was called is 0
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-            });
-        });
+                function deleteAllCookies() {
+                    var cookies = document.cookie.split(";");
 
-        it("test interception should happen if api domain and website domain are the same and relative path is used", async function () {
-            await startST(5);
-            await setup();
+                    for (var i = 0; i < cookies.length; i++) {
+                        var cookie = cookies[i];
+                        var eqPos = cookie.indexOf("=");
+                        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
+                        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
+                    }
+                }
 
-            await page.evaluate(async () => {
                 let BASE_URL = "http://localhost.org:8080";
                 supertokens.init({
                     apiDomain: BASE_URL
                 });
                 let userId = "testing-supertokens-website";
 
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                assert.strictEqual(await supertokens.doesSessionExist(), true);
-            });
-        });
-
-        it("test interception should not happen if api domain and website domain are different and relative path is used", async function () {
-            await startST(5);
-            await setup();
-
-            await page.evaluate(async () => {
-                let BASE_URL = "https://google.com";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-                let userId = "testing-supertokens-website";
+                // check document cookie = ""
+                assert.strictEqual(document.cookie, "");
 
-                // send api request to login
-                let loginResponse = await toTest({
+                await toTest({
                     url: `/login`,
                     method: "post",
                     headers: {
@@ -1280,1645 +821,103 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
                     body: JSON.stringify({ userId })
                 });
 
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-            });
-        });
-
-        it("should not intercept if url contains superTokensDoNotDoInterception", async function () {
-            await startST(5);
-            await setup();
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `/login#superTokensDoNotDoInterception`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-            });
-        });
-
-        //cross domain login, userinfo, logout
-        it("test cross domain", async () => {
-            await startST(5);
-            await setup();
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    credentials: "include",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                //check that the userId which is returned in the response is the same as the one we sent
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // check that the session exists
+                // call sessionDoesExist
                 assert.strictEqual(await supertokens.doesSessionExist(), true);
+                // check refresh API not called
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1); // it's one here since it gets called during login..
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+                // assert.notEqual(document.cookie, "sIRTFrontend=remove");
 
-                // check that the number of times session refresh is called is zero
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
-
-                //delay for 5 seconds so that we know accessToken expires
-
-                await delay(5);
-                // send a get session request , which should do a refresh session request
-                let getSessionResponse = await toTest({ url: `${BASE_URL}/`, method: "get", credentials: "include" });
-
-                // check that the getSession was successfull
-                assert.strictEqual(getSessionResponse.responseText, userId);
-
-                // check that the refresh session was called only once
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 1);
-
-                // do logout
-                let logoutResponse = await toTest({
-                    url: `${BASE_URL}/logout`,
-                    method: "post",
-                    credentials: "include",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-                assert.strictEqual(logoutResponse.responseText, "success");
-
-                //check that session does not exist
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-            });
-        });
-
-        //cross domain login, userinfo, logout
-        it("test cross domain, auto add credentials", async () => {
-            await startST(5);
-            await setup();
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                //check that the userId which is returned in the response is the same as the one we sent
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // check that the session exists
+                // clear all cookies
+                deleteAllCookies();
+                // call sessionDoesExist (returns true) + call to refresh
                 assert.strictEqual(await supertokens.doesSessionExist(), true);
-
-                // check that the number of times session refresh is called is zero
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
-
-                //delay for 5 seconds so that we know accessToken expires
-
-                await delay(5);
-                // send a get session request , which should do a refresh session request
-                let getSessionResponse = await toTest({ url: `${BASE_URL}/`, method: "get" });
-
-                // check that the getSession was successfull
-                assert.strictEqual(getSessionResponse.responseText, userId);
-
-                // check that the refresh session was called only once
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 1);
-
-                // do logout
-                let logoutResponse = await toTest({
-                    url: `${BASE_URL}/logout`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-                assert.strictEqual(logoutResponse.responseText, "success");
-
-                //check that session does not exist
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-            });
-        });
-
-        //cross domain login, userinfo, logout
-        it("test cross domain, no auto add credentials, fail", async () => {
-            await startST(5);
-            await setup();
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8082";
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    autoAddCredentials: false
-                });
-                let userId = "testing-supertokens-website";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                //check that the userId which is returned in the response is the same as the one we sent
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // check that the session exists
-                assert.strictEqual(await supertokens.doesSessionExist(), true);
-
-                // check that the number of times session refresh is called is zero
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
-
-                //delay for 5 seconds so that we know accessToken expires
-
-                await delay(5);
-
-                let resp = await toTest({ url: `${BASE_URL}/`, method: "get" });
-                assert.strictEqual(resp.statusCode, 401);
-
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-
-                await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    credentials: "include",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                // send a get session request , which should do a refresh session request
-                let getSessionResponse = await toTest({ url: `${BASE_URL}/`, method: "get", credentials: "include" });
-
-                // check that the getSession was successfull
-                assert.strictEqual(getSessionResponse.responseText, userId);
-
-                // check that the refresh session was called only once
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(BASE_URL), 0);
-
-                // do logout
-                let logoutResponse = await toTest({
-                    url: `${BASE_URL}/logout`,
-                    method: "post",
-                    credentials: "include",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-                assert.strictEqual(logoutResponse.responseText, "success");
-
-                //check that session does not exist
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-            });
-        });
-
-        it("check sessionDoes exist calls refresh API just once", async function () {
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-
-                // check document cookie = ""
-                assert.strictEqual(document.cookie, "");
-
-                // call sessionDoesExist
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-
-                // check refresh API was called once + document.cookie has removed
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-                // assert.strictEqual(document.cookie, "sIRTFrontend=remove");
-
-                // call sessionDoesExist
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-                // check refresh API not called
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-                // assert.strictEqual(document.cookie, "sIRTFrontend=remove");
-
-                await toTest({
-                    url: `/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                // call sessionDoesExist
-                assert.strictEqual(await supertokens.doesSessionExist(), true);
-                // check refresh API not called
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-                // assert.notEqual(document.cookie, "sIRTFrontend=remove");
-            });
-        });
-
-        it("check clearing all frontend set cookies still works (without anti-csrf)", async function () {
-            await startST(3, false);
-
-            await setup();
-            await page.evaluate(async () => {
-                function deleteAllCookies() {
-                    var cookies = document.cookie.split(";");
-
-                    for (var i = 0; i < cookies.length; i++) {
-                        var cookie = cookies[i];
-                        var eqPos = cookie.indexOf("=");
-                        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
-                        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
-                    }
-                }
-
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-                let userId = "testing-supertokens-website";
-
-                // check document cookie = ""
-                assert.strictEqual(document.cookie, "");
-
-                await toTest({
-                    url: `/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                // call sessionDoesExist
-                assert.strictEqual(await supertokens.doesSessionExist(), true);
-                // check refresh API not called
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1); // it's one here since it gets called during login..
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-                // assert.notEqual(document.cookie, "sIRTFrontend=remove");
-
-                // clear all cookies
-                deleteAllCookies();
-                // call sessionDoesExist (returns true) + call to refresh
-                assert.strictEqual(await supertokens.doesSessionExist(), true);
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
 
                 // call sessionDoesExist (returns true) + no call to refresh
                 assert.strictEqual(await supertokens.doesSessionExist(), true);
                 assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-            });
-        });
-
-        it("check clearing all frontend set cookies logs our user (with anti-csrf)", async function () {
-            await startST();
-
-            await setup();
-            await page.evaluate(async () => {
-                function deleteAllCookies() {
-                    var cookies = document.cookie.split(";");
-
-                    for (var i = 0; i < cookies.length; i++) {
-                        var cookie = cookies[i];
-                        var eqPos = cookie.indexOf("=");
-                        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
-                        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
-                    }
-                }
-
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-                let userId = "testing-supertokens-website";
-
-                // check document cookie = ""
-                assert.strictEqual(document.cookie, "");
-
-                await toTest({
-                    url: `/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                // call sessionDoesExist
-                assert.strictEqual(await supertokens.doesSessionExist(), true);
-                // check refresh API not called
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1); // it's one here since it gets called during login..
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-                // assert.notEqual(document.cookie, "sIRTFrontend=remove");
-
-                // clear all cookies
-                deleteAllCookies();
-                // call sessionDoesExist (returns false) + call to refresh
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                // call sessionDoesExist (returns false) + no call to refresh
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-            });
-        });
-
-        it("test that unauthorised event is not fired on initial page load", async function () {
-            await startST();
-            await setup();
-            let consoleLogs = [];
-            page.on("console", message => {
-                if (message.text().startsWith("ST_")) {
-                    consoleLogs.push(message.text());
-                }
-            });
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    onHandleEvent: event => {
-                        console.log("ST_" + event.action);
-                    }
-                });
-                let userId = "testing-supertokens-website";
-
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-            });
-            assert.strictEqual(consoleLogs.length, 1);
-            assert.strictEqual(consoleLogs[0], "ST_SESSION_CREATED");
-        });
-
-        it("test that unauthorised event is fired when calling protected route without a session", async function () {
-            await startST();
-            await setup();
-            let consoleLogs = [];
-            page.on("console", message => {
-                if (message.text().startsWith("ST_")) {
-                    consoleLogs.push(message.text());
-                }
-            });
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    onHandleEvent: event => {
-                        console.log(`ST_${event.action}:${JSON.stringify(event)}`);
-                    }
-                });
-                let response = await toTest({ url: `${BASE_URL}/` });
-                assert.strictEqual(response.statusCode, 401);
-            });
-
-            assert.strictEqual(consoleLogs.length, 1);
-
-            const eventName = "ST_UNAUTHORISED";
-
-            assert.strict(consoleLogs[0].startsWith(eventName));
-            const parsedEvent = JSON.parse(consoleLogs[0].substr(eventName.length + 1));
-            assert.strictEqual(parsedEvent.sessionExpiredOrRevoked, false);
-        });
-
-        it("test that setting headers works", async function () {
-            await setup();
-            const [_, req2, req3] = await Promise.all([
-                page.evaluate(async () => {
-                    let BASE_URL = "http://localhost.org:8080";
-                    supertokens.init({
-                        apiDomain: BASE_URL
-                    });
-                    await toTest({ url: `${BASE_URL}/test2`, headers: { asdf2: "123" } });
-                    await toTest({ url: `${BASE_URL}/test3` });
-                }),
-                page.waitForRequest(`${BASE_URL}/test2`),
-                page.waitForRequest(`${BASE_URL}/test3`)
-            ]);
-
-            assert.equal(req2.headers()["rid"], "anti-csrf");
-            assert.equal(req2.headers()["asdf2"], "123");
-
-            assert.equal(req3.headers()["rid"], "anti-csrf");
-            assert.equal(req3.headers()["asdf"], undefined);
-        });
-
-        it("test that after login, and clearing all cookies, if we query a protected route, it fires unauthorised event", async function () {
-            await startST();
-            await setup();
-
-            let consoleLogs = [];
-            page.on("console", message => {
-                if (message.text().startsWith("ST_")) {
-                    consoleLogs.push(message.text());
-                }
-            });
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    onHandleEvent: event => {
-                        console.log(`ST_${event.action}:${JSON.stringify(event)}`);
-                    }
-                });
-                let userId = "testing-supertokens-website";
-
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-            });
-
-            const client = await page.target().createCDPSession();
-            await client.send("Network.clearBrowserCookies");
-            await client.send("Network.clearBrowserCache");
-            let cookies = await page.cookies();
-            assert.strictEqual(cookies.length, 0);
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                let response = await toTest({ url: `${BASE_URL}/` });
-                assert.strictEqual(response.statusCode, 401);
-            });
-
-            assert.strictEqual(consoleLogs.length, 2);
-
-            assert.strict(consoleLogs[0].startsWith("ST_SESSION_CREATED"));
-
-            const eventName = "ST_UNAUTHORISED";
-            assert.strict(consoleLogs[1].startsWith(eventName));
-            const parsedEvent = JSON.parse(consoleLogs[1].substr(eventName.length + 1));
-            assert.strictEqual(parsedEvent.sessionExpiredOrRevoked, false);
-        });
-
-        it("test that after login, and clearing only httpOnly cookies, if we query a protected route, it fires unauthorised event", async function () {
-            if (transferMethod === "header") {
-                // We skip this in header mode: it should work the same without httpOnly cookies
-                this.skip();
-            }
-            await startST();
-            await setup();
-            let consoleLogs = [];
-            page.on("console", message => {
-                if (message.text().startsWith("ST_")) {
-                    consoleLogs.push(message.text());
-                }
-            });
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    onHandleEvent: event => {
-                        console.log(`ST_${event.action}:${JSON.stringify(event)}`);
-                    }
-                });
-                let userId = "testing-supertokens-website";
-
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-            });
-
-            let originalCookies = (await page.cookies()).filter(c => !c.httpOnly);
-
-            const client = await page.target().createCDPSession();
-            await client.send("Network.clearBrowserCookies");
-            await client.send("Network.clearBrowserCache");
-
-            await page.setCookie(...originalCookies);
-            let cookies = await page.cookies();
-            assert.strictEqual(cookies.length, 3);
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                let response = await toTest({ url: `${BASE_URL}/` });
-                assert.strictEqual(response.statusCode, 401);
-            });
-
-            assert.strictEqual(consoleLogs.length, 2);
-
-            assert.strict(consoleLogs[0].startsWith("ST_SESSION_CREATED"));
-
-            const eventName = "ST_UNAUTHORISED";
-            assert.strict(consoleLogs[1].startsWith(eventName));
-            const parsedEvent = JSON.parse(consoleLogs[1].substr(eventName.length + 1));
-            assert.strict(parsedEvent.sessionExpiredOrRevoked);
-        });
-
-        it("refresh session with invalid tokens should clear all cookies", async function () {
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-            });
-
-            // we save the cookies..
-            let originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
-
-            // we logout
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                await toTest({ url: `${BASE_URL}/logout`, method: "POST" });
-            });
-
-            // we set the old cookies with invalid access token
-            originalCookies = originalCookies.map(c =>
-                c.name === "sAccessToken" || c.name === "st-access-token" ? { ...c, value: "broken" } : c
-            );
-            await page.setCookie(...originalCookies);
-
-            // now we expect a 401.
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                let resp = await toTest({ url: `${BASE_URL}/`, method: "GET" });
-                assert.strictEqual(resp.statusCode, 401);
-                // assert.strictEqual(resp.url, `${BASE_URL}/auth/session/refresh`);
-            });
-
-            // and we assert that the only cookie that exists is the st-last-access-token-update
-            let newCookies = (await page._client.send("Network.getAllCookies")).cookies;
-
-            assert.strictEqual(newCookies.length, 1);
-            assert.strictEqual(newCookies[0].name, "st-last-access-token-update");
-        });
-
-        it("refresh session endpoint responding with 500 makes the original call resolve with refresh response", async function () {
-            await startST(100, true, "0.002");
-            await setup();
-
-            await page.setRequestInterception(true);
-            let firstGet = true;
-            let firstPost = true;
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/") {
-                    if (firstGet) {
-                        firstGet = false;
-                        req.respond({
-                            status: 401,
-                            body: JSON.stringify({
-                                message: "try refresh token"
-                            })
-                        });
-                    } else {
-                        req.respond({
-                            status: 200,
-                            body: JSON.stringify({
-                                success: true
-                            })
-                        });
-                    }
-                } else if (url === BASE_URL + "/auth/session/refresh") {
-                    if (firstPost) {
-                        req.respond({
-                            status: 401,
-                            body: JSON.stringify({
-                                message: "try refresh token"
-                            })
-                        });
-                        firstPost = false;
-                    } else {
-                        req.respond({
-                            status: 500,
-                            body: JSON.stringify({
-                                message: "test"
-                            })
-                        });
-                    }
-                } else {
-                    req.continue();
-                }
-            });
-
-            // page.on("console", l => console.log(l.text()));
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-                let userId = "testing-supertokens-website";
-
-                await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                let response = await toTest({ url: `${BASE_URL}/`, method: "GET" });
-                // assert.strictEqual(response.url, `${BASE_URL}/auth/session/refresh`);
-                assert.strictEqual(response.statusCode, 500);
-                const data = JSON.parse(response.responseText);
-                assert.strictEqual(data.message, "test");
-            });
-        });
-
-        it("no refresh call after 401 response that removes session", async function () {
-            await startST(100, true, "0.002");
-            await setup();
-            await page.setRequestInterception(true);
-            let refreshCalled = 0;
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/") {
-                    req.respond({
-                        status: 401,
-                        body: JSON.stringify({ message: "test" }),
-                        headers: {
-                            // Cookies don't actually matter as long as we clear the front-token
-                            // this is because the frontend will still have st-last-access-token-update w/ a removed front-token
-                            // This is interpreted as a logged-out state
-                            "front-token": "remove"
-                        }
-                    });
-                } else if (url === BASE_URL + "/auth/session/refresh") {
-                    ++refreshCalled;
-                    req.respond({
-                        status: 401,
-                        body: JSON.stringify({ message: "nope" })
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-                await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                const resp = await toTest({
-                    url: `${BASE_URL}/`,
-                    method: "GET",
-                    headers: { "Cache-Control": "no-cache, private" }
-                });
-
-                assertNotEqual(resp, undefined);
-                assert.strictEqual(resp.statusCode, 401);
-                const data = JSON.parse(resp.responseText);
-                assertNotEqual(data, undefined);
-                assert.strictEqual(data.message, "test");
-            });
-
-            // Calls it once before login, but it shouldn't after that
-            assert.equal(refreshCalled, 1);
-        });
-
-        it("original endpoint responding with 500 should not call refresh without cookies", async function () {
-            await startST(100, true, "0.002");
-            await setup();
-            await page.setRequestInterception(true);
-            let refreshCalled = 0;
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/") {
-                    req.respond({
-                        status: 500,
-                        body: JSON.stringify({
-                            message: "test"
-                        })
-                    });
-                } else if (url === BASE_URL + "/auth/session/refresh") {
-                    ++refreshCalled;
-                    req.respond({
-                        status: 500,
-                        body: JSON.stringify({
-                            message: "nope"
-                        })
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-
-            await page.evaluate(async () => {
-                let response = await toTest({ url: `${BASE_URL}/`, method: "GET" });
-                assert.strictEqual(response.url, `${BASE_URL}/`);
-                assert.strictEqual(response.statusCode, 500);
-                const data = JSON.parse(response.responseText);
-                assert.strictEqual(data.message, "test");
-            });
-            // It should call it once before the call - but after that doesn't work it should not try again after the API request
-            assert.strictEqual(refreshCalled, 1);
-        });
-
-        it("Test that the access token payload and the JWT have all valid claims after creating, refreshing and updating the payload", async function () {
-            await startSTWithJWTEnabled();
-            await setup();
-
-            let isJwtEnabled = await checkIfJWTIsEnabled();
-
-            if (!isJwtEnabled) {
-                return;
-            }
-
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/jsondecode") {
-                    let jwt = JSON.parse(req.postData()).jwt;
-                    let decodedJWT = decodeJWT(jwt);
-
-                    req.respond({
-                        status: 200,
-                        body: JSON.stringify(decodedJWT)
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-            await page.evaluate(async v3AccessTokenSupported => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let userId = "testing-supertokens-website";
-
-                // Create a session
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // Verify access token payload
-                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-
-                assertEqual(accessTokenPayload.customClaim, "customValue");
-                let jwt;
-
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                // Decode the JWT
-                let decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                let decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify the JWT claims
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-
-                // Update access token payload
-                await toTest({
-                    url: `${BASE_URL}/update-jwt`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ newClaim: "newValue" })
-                });
-
-                // Get access token payload
-                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-                assertEqual(accessTokenPayload.customClaim, undefined);
-                assertEqual(accessTokenPayload.newClaim, "newValue");
-
-                // Verify new access token payload
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify new JWT
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.customClaim, undefined);
-                assert.strictEqual(decodedJWT.newClaim, "newValue");
-
-                let attemptRefresh = await supertokens.attemptRefreshingSession();
-                assert.strictEqual(attemptRefresh, true);
-
-                // Verify new access token payload
-                assertEqual(accessTokenPayload.customClaim, undefined);
-                assertEqual(accessTokenPayload.newClaim, "newValue");
-
-                // Verify new access token payload
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify new JWT
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.customClaim, undefined);
-                assert.strictEqual(decodedJWT.newClaim, "newValue");
-            }, v3AccessTokenSupported);
-        });
-
-        it("Test that the access token payload and the JWT have all valid claims after updating access token payload", async function () {
-            await startSTWithJWTEnabled();
-
-            let isJwtEnabled = await checkIfJWTIsEnabled();
-
-            if (!isJwtEnabled) {
-                return;
-            }
-
-            await setup();
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/jsondecode") {
-                    let jwt = JSON.parse(req.postData()).jwt;
-                    let decodedJWT = decodeJWT(jwt);
-
-                    req.respond({
-                        status: 200,
-                        body: JSON.stringify(decodedJWT)
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-            await page.evaluate(async v3AccessTokenSupported => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let userId = "testing-supertokens-website";
-
-                // Create a session
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // Verify access token payload
-                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-                assertEqual(accessTokenPayload.customClaim, "customValue");
-                let jwt;
-
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                // Decode the JWT
-                let decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                let decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify the JWT claims
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-
-                // Update access token payload
-                await toTest({
-                    url: `${BASE_URL}/update-jwt`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({
-                        customClaim: undefined,
-                        newClaim: "newValue"
-                    })
-                });
-
-                // Get access token payload
-                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-                assert.strictEqual(accessTokenPayload.customClaim, undefined);
-                assert.strictEqual(accessTokenPayload.newClaim, "newValue");
-
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify new JWT
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.customClaim, undefined);
-                assert.strictEqual(decodedJWT.newClaim, "newValue");
-            }, v3AccessTokenSupported);
-        });
-
-        it("Test that access token payload and JWT are valid after the property name changes and payload is updated", async function () {
-            await startSTWithJWTEnabled();
-
-            let isJwtEnabled = await checkIfJWTIsEnabled();
-
-            if (!isJwtEnabled || v3AccessTokenSupported) {
-                return;
-            }
-
-            await setup();
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/jsondecode") {
-                    let jwt = JSON.parse(req.postData()).jwt;
-                    let decodedJWT = decodeJWT(jwt);
-
-                    req.respond({
-                        status: 200,
-                        body: JSON.stringify(decodedJWT)
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let userId = "testing-supertokens-website";
-
-                // Create a session
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // Verify access token payload
-                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-
-                assertNotEqual(accessTokenPayload.jwt, undefined);
-                assert.strictEqual(accessTokenPayload.sub, undefined);
-                assert.strictEqual(accessTokenPayload._jwtPName, "jwt");
-                assert.strictEqual(accessTokenPayload.iss, undefined);
-                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
-
-                let jwt = accessTokenPayload.jwt;
-
-                // Decode the JWT
-                let decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                let decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify the JWT claims
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-
-                await toTest({
-                    url: `${BASE_URL}/reinitialiseBackendConfig`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({
-                        jwtPropertyName: "customJWTProperty"
-                    })
-                });
-
-                // Update access token payload
-                await toTest({
-                    url: `${BASE_URL}/update-jwt`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ newClaim: "newValue" })
-                });
-
-                // Get access token payload
-                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-
-                // Verify new access token payload
-                assertNotEqual(accessTokenPayload.jwt, undefined);
-                assert.strictEqual(accessTokenPayload.sub, undefined);
-                assert.strictEqual(accessTokenPayload._jwtPName, "jwt");
-                assert.strictEqual(accessTokenPayload.iss, undefined);
-                assert.strictEqual(accessTokenPayload.customClaim, undefined);
-                assert.strictEqual(accessTokenPayload.customJWTProperty, undefined);
-                assert.strictEqual(accessTokenPayload.newClaim, "newValue");
-
-                jwt = accessTokenPayload.jwt;
-
-                decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify new JWT
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, undefined);
-                assert.strictEqual(decodedJWT.newClaim, "newValue");
-            });
-        });
-
-        it("Test that access token payload and JWT are valid after the property name changes and session is refreshed", async function () {
-            await startSTWithJWTEnabled();
-
-            let isJwtEnabled = await checkIfJWTIsEnabled();
-
-            if (!isJwtEnabled || v3AccessTokenSupported) {
-                return;
-            }
-
-            await setup();
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/jsondecode") {
-                    let jwt = JSON.parse(req.postData()).jwt;
-                    let decodedJWT = decodeJWT(jwt);
-
-                    req.respond({
-                        status: 200,
-                        body: JSON.stringify(decodedJWT)
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let userId = "testing-supertokens-website";
-
-                // Create a session
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // Verify access token payload
-                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-
-                assertNotEqual(accessTokenPayload.jwt, undefined);
-                assert.strictEqual(accessTokenPayload.sub, undefined);
-                assert.strictEqual(accessTokenPayload._jwtPName, "jwt");
-                assert.strictEqual(accessTokenPayload.iss, undefined);
-                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
-
-                let jwt = accessTokenPayload.jwt;
-
-                // Decode the JWT
-                let decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                let decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify the JWT claims
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-
-                await toTest({
-                    url: `${BASE_URL}/reinitialiseBackendConfig`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({
-                        jwtPropertyName: "customJWTProperty"
-                    })
-                });
-
-                let attemptRefresh = await supertokens.attemptRefreshingSession();
-                assert.strictEqual(attemptRefresh, true);
-
-                // Get access token payload
-                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-
-                // Verify new access token payload
-                assert.strictEqual(accessTokenPayload.jwt, undefined);
-                assertNotEqual(accessTokenPayload.customJWTProperty, undefined);
-                assert.strictEqual(accessTokenPayload.sub, undefined);
-                assert.strictEqual(accessTokenPayload._jwtPName, "customJWTProperty");
-                assert.strictEqual(accessTokenPayload.iss, undefined);
-                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
-
-                jwt = accessTokenPayload.customJWTProperty;
-
-                decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify new JWT
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-            });
-        });
-
-        it("Test that access token payload and jwt are valid after the session has expired", async function () {
-            await startSTWithJWTEnabled(3);
-
-            let isJwtEnabled = await checkIfJWTIsEnabled();
-
-            if (!isJwtEnabled) {
-                return;
-            }
-
-            await setup();
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/jsondecode") {
-                    let jwt = JSON.parse(req.postData()).jwt;
-                    let decodedJWT = decodeJWT(jwt);
-
-                    req.respond({
-                        status: 200,
-                        body: JSON.stringify(decodedJWT)
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-            await page.evaluate(async v3AccessTokenSupported => {
-                let BASE_URL = "http://localhost.org:8080";
-                supertokens.init({
-                    apiDomain: BASE_URL
-                });
-
-                let userId = "testing-supertokens-website";
-
-                // Create a session
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // Verify access token payload
-                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
-
-                let jwt;
-
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                let decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                let decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                let jwtExpiry = decodedJWT.exp;
-
-                // Wait for access token to expire
-                await delay(5);
-
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-
-                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
-
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
-
-                    jwt = accessTokenPayload.jwt;
-                }
-
-                decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ jwt })
-                });
-
-                decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify new JWT
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-
-                let newJwtExpiry = decodedJWT.exp;
-
-                assert.strictEqual(newJwtExpiry > Math.ceil(Date.now() / 1000), true);
-                assertNotEqual(jwtExpiry, newJwtExpiry);
-            }, v3AccessTokenSupported);
-        });
-
-        it("Test full JWT flow with open id discovery", async function () {
-            await startSTWithJWTEnabled(20);
-
-            let isJwtEnabled = await checkIfJWTIsEnabled();
-
-            if (!isJwtEnabled) {
-                return;
-            }
-
-            await page.setRequestInterception(true);
-            page.on("request", req => {
-                const url = req.url();
-                if (url === BASE_URL + "/jsondecode") {
-                    let jwt = JSON.parse(req.postData()).jwt;
-                    let decodedJWT = decodeJWT(jwt);
-
-                    req.respond({
-                        status: 200,
-                        body: JSON.stringify(decodedJWT)
-                    });
-                } else if (url === BASE_URL + "/jwtVerify") {
-                    let data = JSON.parse(req.postData());
-                    let jwt = data.jwt;
-                    let jwksURL = data.jwksURL;
-                    let client = jwksClient({
-                        jwksUri: jwksURL
-                    });
-
-                    function getKey(header, callback) {
-                        client.getSigningKey(header.kid, function (err, key) {
-                            if (err) {
-                                callback(err, null);
-                                return;
-                            }
-
-                            var signingKey = key.publicKey || key.rsaPublicKey;
-                            callback(null, signingKey);
-                        });
-                    }
-
-                    verifyJWT(jwt, getKey, (err, decoded) => {
-                        if (err) {
-                            req.respond({
-                                status: 500,
-                                body: JSON.stringify({
-                                    error: err
-                                })
-                            });
-                            return;
-                        }
-
-                        req.respond({
-                            status: 200,
-                            body: JSON.stringify(decoded)
-                        });
-                    });
-                } else {
-                    req.continue();
-                }
-            });
-            await setup();
-            await page.evaluate(async v3AccessTokenSupported => {
-                let userId = "testing-supertokens-website";
-
-                // Create a session
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
+            });
+        });
 
-                assert.strictEqual(loginResponse.responseText, userId);
+        it("check clearing all frontend set cookies logs our user (with anti-csrf)", async function () {
+            await startST();
 
-                // Verify access token payload
-                let accessTokenPayload = await supertokens.getAccessTokenPayloadSecurely();
-                assert.strictEqual(accessTokenPayload.customClaim, "customValue");
+            await setup();
+            await page.evaluate(async () => {
+                function deleteAllCookies() {
+                    var cookies = document.cookie.split(";");
 
-                let jwt;
+                    for (var i = 0; i < cookies.length; i++) {
+                        var cookie = cookies[i];
+                        var eqPos = cookie.indexOf("=");
+                        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
+                        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
+                    }
+                }
 
-                if (v3AccessTokenSupported) {
-                    jwt = await supertokens.getAccessToken();
-                    assertEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, undefined);
-                } else {
-                    assertNotEqual(accessTokenPayload.jwt, undefined);
-                    assertEqual(accessTokenPayload.sub, undefined);
-                    assertEqual(accessTokenPayload._jwtPName, "jwt");
-                    assertEqual(accessTokenPayload.iss, undefined);
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
 
-                    jwt = accessTokenPayload.jwt;
-                }
+                // check document cookie = ""
+                assert.strictEqual(document.cookie, "");
 
-                let decodeResponse = await toTest({
-                    url: `${BASE_URL}/jsondecode`,
+                await toTest({
+                    url: `/login`,
                     method: "post",
                     headers: {
                         Accept: "application/json",
                         "Content-Type": "application/json"
                     },
-                    body: JSON.stringify({ jwt })
+                    body: JSON.stringify({ userId })
                 });
 
-                let decodedJWT = JSON.parse(decodeResponse.responseText);
-
-                // Verify the JWT claims
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-
-                // Use the jwt issuer to get discovery configuration
-
-                let discoveryEndpoint = decodedJWT.iss + "/.well-known/openid-configuration";
+                // call sessionDoesExist
+                assert.strictEqual(await supertokens.doesSessionExist(), true);
+                // check refresh API not called
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 1); // it's one here since it gets called during login..
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+                // assert.notEqual(document.cookie, "sIRTFrontend=remove");
 
-                let jwksEndpoint = (await (await fetch(discoveryEndpoint)).json()).jwks_uri;
+                // clear all cookies
+                deleteAllCookies();
+                // call sessionDoesExist (returns false) + call to refresh
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
 
-                let verifyResponse = await toTest({
-                    url: `${BASE_URL}/jwtVerify`,
-                    method: "POST",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({
-                        jwt,
-                        jwksURL: jwksEndpoint
-                    })
-                });
+                // call sessionDoesExist (returns false) + no call to refresh
+                assert.strictEqual(await supertokens.doesSessionExist(), false);
+                assert.strictEqual(await getNumberOfTimesRefreshAttempted(), 2);
+                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
+            });
+        });
 
-                if (verifyResponse.statusCode !== 200) {
-                    throw new Error("JWT Verification failed");
-                }
+        it("test that setting headers works", async function () {
+            await setup();
+            const [_, req2, req3] = await Promise.all([
+                page.evaluate(async () => {
+                    let BASE_URL = "http://localhost.org:8080";
+                    supertokens.init({
+                        apiDomain: BASE_URL
+                    });
+                    await toTest({ url: `${BASE_URL}/test2`, headers: { asdf2: "123" } });
+                    await toTest({ url: `${BASE_URL}/test3` });
+                }),
+                page.waitForRequest(`${BASE_URL}/test2`),
+                page.waitForRequest(`${BASE_URL}/test3`)
+            ]);
 
-                decodedJWT = JSON.parse(verifyResponse.responseText);
+            assert.equal(req2.headers()["rid"], "anti-csrf");
+            assert.equal(req2.headers()["asdf2"], "123");
 
-                assert.strictEqual(decodedJWT.sub, userId);
-                assert.strictEqual(decodedJWT._jwtPName, undefined);
-                assert.strictEqual(decodedJWT.iss, "http://0.0.0.0:8080/auth");
-                assert.strictEqual(decodedJWT.customClaim, "customValue");
-            }, v3AccessTokenSupported);
+            assert.equal(req3.headers()["rid"], "anti-csrf");
+            assert.equal(req3.headers()["asdf"], undefined);
         });
 
         it("test when ACCESS_TOKEN_PAYLOAD_UPDATED is fired", async function () {
@@ -3192,261 +1191,6 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
             });
         });
 
-        it("test disabled interception", async function () {
-            await startST();
-
-            await setup();
-            await page.evaluate(async () => {
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    postAPIHook: async context => {
-                        assert.strictEqual(context.action === "REFRESH_SESSION" || context.action === "SIGN_OUT", true);
-
-                        if (context.action === "REFRESH_SESSION" && context.fetchResponse.statusCode === 200) {
-                            const body = await context.fetchResponse.text();
-                            assert.strictEqual(body, "refresh success");
-
-                            const frontTokenInHeader = context.fetchResponse.headers.get("front-token");
-                            assertNotEqual(frontTokenInHeader, "");
-                            assertNotEqual(frontTokenInHeader, null);
-                        }
-
-                        if (context.action === "SIGN_OUT" && context.fetchResponse.statusCode === 200) {
-                            const body = await context.fetchResponse.json();
-                            assert.strictEqual(body.statusCode, "OK");
-
-                            const frontTokenInHeader = context.fetchResponse.headers.get("front-token");
-                            assert.strictEqual(frontTokenInHeader, "remove");
-                        }
-                    }
-                });
-                let userId = "testing-supertokens-website";
-
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-
-                await delay(2);
-                let attemptRefresh = await supertokens.attemptRefreshingSession();
-                assert.strictEqual(attemptRefresh, true);
-
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-                await supertokens.signOut();
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-                assert.strictEqual(await supertokens.doesSessionExist(), false);
-            });
-        });
-
-        it("should work after refresh migrating old cookie based sessions", async function () {
-            if (transferMethod === "header") {
-                // We skip this in header mode, they can't have legacy sessions
-                this.skip();
-            }
-
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-            });
-
-            await page.setCookie({ name: "sIdRefreshToken", value: "asdf" });
-
-            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-            let originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
-            assert.notStrictEqual(
-                originalCookies.find(cookie => cookie.name === "sIdRefreshToken"),
-                undefined
-            );
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                let resp = await toTest({ url: `${BASE_URL}/`, method: "GET" });
-                assert.strictEqual(resp.statusCode, 200);
-            });
-            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-            let newCookies = (await page._client.send("Network.getAllCookies")).cookies;
-            assert.strictEqual(
-                newCookies.find(cookie => cookie.name === "sIdRefreshToken"),
-                undefined
-            );
-        });
-
-        it("should work after refresh migrating old cookie based sessions with expired access tokens", async function () {
-            if (transferMethod === "header") {
-                // We skip this in header mode, they can't have legacy sessions
-                this.skip();
-            }
-
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                let userId = "testing-supertokens-website";
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-            });
-
-            // This would work even without sIdRefreshToken since we don't actually check the body of the response, just call refresh on all 401s
-            await page.setCookie({ name: "sIdRefreshToken", value: "asdf" });
-            await page.setCookie({ name: "sAccessToken", value: "", expiry: 0 });
-
-            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 0);
-            let originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
-            assert.notStrictEqual(
-                originalCookies.find(cookie => cookie.name === "sIdRefreshToken"),
-                undefined
-            );
-
-            await page.evaluate(async () => {
-                let BASE_URL = "http://localhost.org:8080";
-                let resp = await toTest({ url: `${BASE_URL}/`, method: "GET" });
-                assert.strictEqual(resp.statusCode, 200);
-            });
-            assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-            let newCookies = (await page._client.send("Network.getAllCookies")).cookies;
-            assert.notStrictEqual(
-                originalCookies.find(cookie => cookie.name === "sAccessToken"),
-                undefined
-            );
-            assert.strictEqual(
-                newCookies.find(cookie => cookie.name === "sIdRefreshToken"),
-                undefined
-            );
-        });
-
-        /**
-         * - Create a session with cookies and add sIdRefreshToken manually to simulate old cookies
-         * - Change the token method to headers
-         * - Get session information and make sure the API succeeds, refresh is called and sIdRefreshToken is removed
-         * - Make sure getAccessToken returns undefined because the backend should have used cookies
-         * - Sign out
-         * - Login again and make sure access token is present because backend should now use headers
-         */
-        it("should still work fine work fine if header based auth is enabled after a cookie based session", async function () {
-            if (transferMethod === "header") {
-                // We skip this in header mode, they can't have legacy sessions
-                this.skip();
-            }
-
-            await startST();
-            await setup();
-
-            await page.evaluate(async () => {
-                window.userId = "testing-supertokens";
-                window.BASE_URL = "http://localhost.org:8080";
-
-                // send api request to login
-                let loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // make sure there is no access token
-                let accessToken = await supertokens.getAccessToken();
-                assert.strictEqual(accessToken, undefined);
-
-                let getSessionResponse = await toTest({
-                    url: `${BASE_URL}/`,
-                    headers: {
-                        Authorization: `Bearer ${accessToken}`
-                    }
-                });
-
-                assert.strictEqual(getSessionResponse.statusCode, 200);
-                assert.strictEqual(getSessionResponse.responseText, userId);
-            });
-
-            // This would work even without sIdRefreshToken since we don't actually check the body of the response, just call refresh on all 401s
-            await page.setCookie({ name: "sIdRefreshToken", value: "asdf" });
-
-            const originalCookies = (await page._client.send("Network.getAllCookies")).cookies;
-            assert.notStrictEqual(
-                originalCookies.find(cookie => cookie.name === "sIdRefreshToken"),
-                undefined
-            );
-
-            await page.evaluate(async () => {
-                // Switch to header based auth
-                // Re-initialization doesn't work for everything (i.e., overrides), but it's fine for this
-                supertokens.init({
-                    apiDomain: BASE_URL,
-                    tokenTransferMethod: "header"
-                });
-
-                let getResponse = await toTest({ url: `${BASE_URL}/`, method: "GET" });
-
-                //check that the response to getSession was success
-                assert.strictEqual(getResponse.responseText, userId);
-
-                //check that the number of time the refreshAPI was called is 1
-                assert.strictEqual(await getNumberOfTimesRefreshCalled(), 1);
-            });
-
-            const refreshedCookies = (await page._client.send("Network.getAllCookies")).cookies;
-            assert.strictEqual(
-                refreshedCookies.find(cookie => cookie.name === "sIdRefreshToken"),
-                undefined
-            );
-
-            await page.evaluate(async () => {
-                // Make sure this is still undefined because the backend should continue using cookies
-                accessToken = await supertokens.getAccessToken();
-                assert.strictEqual(accessToken, undefined);
-
-                await supertokens.signOut();
-
-                // send api request to login
-                loginResponse = await toTest({
-                    url: `${BASE_URL}/login`,
-                    method: "post",
-                    headers: {
-                        Accept: "application/json",
-                        "Content-Type": "application/json"
-                    },
-                    body: JSON.stringify({ userId })
-                });
-
-                assert.strictEqual(loginResponse.responseText, userId);
-
-                // Make sure now access token is present because it should use header based auth
-                accessToken = await supertokens.getAccessToken();
-                assert.notStrictEqual(accessToken, undefined);
-            });
-        });
-
         it("should work fine if the last header is empty", async () => {
             await startST();
             await setup();
@@ -3532,19 +1276,5 @@ addTestCases((name, transferMethod, setupFunc, setupArgs = []) => {
             });
             await page.setRequestInterception(false);
         });
-
-        it("test that interception doesn't happen if the shouldDoInterceptionBasedOnUrl override returns false", async function () {
-            await setup({
-                override: ["shouldDoInterceptionBasedOnUrl"]
-            });
-
-            await page.evaluate(async () => {
-                let getResponse = await toTest({ url: `${BASE_URL}/check-rid-no-session` });
-                assert.strictEqual(getResponse.responseText, "fail");
-
-                let getWithOverrideResponse = await toTest({ url: `${BASE_URL}/check-rid-no-session?doOverride` });
-                assert.strictEqual(getWithOverrideResponse.responseText, "success");
-            });
-        });
     });
 });

From 8ec7098243ce5d07b84dbf6358cd3fbe9570868c Mon Sep 17 00:00:00 2001
From: Mihaly Lengyel <mihaly@lengyel.tech>
Date: Sun, 24 Sep 2023 11:35:26 +0200
Subject: [PATCH 2/2] chore: bump patch version

---
 CHANGELOG.md           | 6 ++++++
 bundle/bundle.js       | 2 +-
 lib/build/version.d.ts | 2 +-
 lib/build/version.js   | 2 +-
 lib/ts/version.ts      | 2 +-
 package-lock.json      | 4 ++--
 package.json           | 2 +-
 7 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f21a2df..d9522b88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [17.0.4] - 2023-09-24
+
+### Test changes
+
+-   Split some test suites into multiple files to help with test parallelization
+
 ## [17.0.3] - 2023-09-XX
 
 ### Changes
diff --git a/bundle/bundle.js b/bundle/bundle.js
index 36d18250..840e5aca 100644
--- a/bundle/bundle.js
+++ b/bundle/bundle.js
@@ -1 +1 @@
-var supertokens;(()=>{"use strict";var e={759:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.responseErrorInterceptor=t.responseInterceptor=t.interceptorFunctionRequestFulfilled=void 0;var i=n(600),a=n(379),u=n(743),c=n(958),l=n(845);function d(e){var t=void 0===e.url?"":e.url,n=e.baseURL;return void 0!==n&&(t="/"===t.charAt(0)&&"/"===n.charAt(n.length-1)?n+t.substr(1):"/"!==t.charAt(0)&&"/"!==n.charAt(n.length-1)?n+"/"+t:n+t),t}t.interceptorFunctionRequestFulfilled=function(e){return o(this,void 0,void 0,(function(){var t,n,o,i,f,h;return s(this,(function(s){switch(s.label){case 0:(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: started axios interception"),t=d(e),n=!1;try{n="string"==typeof t&&!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(t,a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Trying shouldDoInterceptionBasedOnUrl with location.origin"),n=!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)}return(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Value of doNotDoInterception: "+n),n?((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Returning config unchanged"),[2,e]):((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Modifying config"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_REQUEST),[4,(0,a.getLocalSessionState)(!0)]);case 1:return o=s.sent(),i=e,"EXISTS"!==o.status?[3,3]:[4,a.AntiCsrfToken.getToken(o.lastAccessTokenUpdate)];case 2:void 0!==(f=s.sent())&&((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding anti-csrf token to request"),i=r(r({},i),{headers:void 0===i?{"anti-csrf":f}:r(r({},i.headers),{"anti-csrf":f})})),s.label=3;case 3:return a.default.config.autoAddCredentials&&void 0===i.withCredentials&&((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding credentials include"),i=r(r({},i),{withCredentials:!0})),(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding rid header: anti-csrf (it may be overriden by the user's provided rid)"),i=r(r({},i),{headers:void 0===i?{rid:"anti-csrf"}:r({rid:"anti-csrf"},i.headers)}),h=a.default.config.tokenTransferMethod,(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding st-auth-mode header: "+h),i.headers["st-auth-mode"]=h,[4,p(i)];case 4:return[4,g(i=s.sent())];case 5:return s.sent(),(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: returning modified config"),[2,i]}}))}))},t.responseInterceptor=function(e){var t=this;return function(n){return o(t,void 0,void 0,(function(){var t,r,o,i,g;return s(this,(function(s){switch(s.label){case 0:t=!1,s.label=1;case 1:if(s.trys.push([1,,8,14]),!a.default.initCalled)throw new Error("init function not called");(0,l.logDebugMessage)("responseInterceptor: started"),(0,l.logDebugMessage)("responseInterceptor: already intercepted: "+n.headers["x-supertokens-xhr-intercepted"]),r=d(n.config);try{t="string"==typeof r&&!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(r,a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)||!!n.headers["x-supertokens-xhr-intercepted"]}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,l.logDebugMessage)("responseInterceptor: Trying shouldDoInterceptionBasedOnUrl with location.origin"),t=!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)||!!n.headers["x-supertokens-xhr-intercepted"]}return(0,l.logDebugMessage)("responseInterceptor: Value of doNotDoInterception: "+t),t?((0,l.logDebugMessage)("responseInterceptor: Returning without interception"),[2,n]):((0,l.logDebugMessage)("responseInterceptor: Interception started"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_RESPONSE),[4,(0,a.getLocalSessionState)(!1)]);case 2:return o=s.sent(),[4,h(n)];case 3:return s.sent(),(0,a.fireSessionUpdateEventsIfNecessary)("EXISTS"===o.status,n.status,n.headers["front-token"]),n.status!==a.default.config.sessionExpiredStatusCode?[3,4]:((0,l.logDebugMessage)("responseInterceptor: Status code is: "+n.status),i=n.config,[2,f.doRequest((function(t){return e(t)}),i,r,n,void 0,!0)]);case 4:return n.status!==a.default.config.invalidClaimStatusCode?[3,6]:[4,(0,a.onInvalidClaimResponse)(n)];case 5:s.sent(),s.label=6;case 6:return[2,n];case 7:return[3,14];case 8:return(g=!t)?[4,(0,a.getLocalSessionState)(!0)]:[3,10];case 9:g=!("EXISTS"===s.sent().status),s.label=10;case 10:return g?((0,l.logDebugMessage)("responseInterceptor: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,a.AntiCsrfToken.removeToken()]):[3,13];case 11:return s.sent(),[4,a.FrontToken.removeToken()];case 12:s.sent(),s.label=13;case 13:return[7];case 14:return[2]}}))}))}},t.responseErrorInterceptor=function(e){var t=this;return function(n){return o(t,void 0,void 0,(function(){var t;return s(this,(function(r){switch(r.label){case 0:if((0,l.logDebugMessage)("responseErrorInterceptor: called"),(0,l.logDebugMessage)("responseErrorInterceptor: already intercepted: "+(n.response&&n.response.headers["x-supertokens-xhr-intercepted"])),n.response.headers["x-supertokens-xhr-intercepted"])throw n;return void 0===n.response||n.response.status!==a.default.config.sessionExpiredStatusCode?[3,1]:((0,l.logDebugMessage)("responseErrorInterceptor: Status code is: "+n.response.status),t=n.config,[2,f.doRequest((function(t){return e(t)}),t,d(t),void 0,n,!0)]);case 1:return void 0===n.response||n.response.status!==a.default.config.invalidClaimStatusCode?[3,3]:[4,(0,a.onInvalidClaimResponse)(n.response)];case 2:r.sent(),r.label=3;case 3:throw n}}))}))}};var f=function(){function e(){}var t;return t=e,e.doRequest=function(e,n,u,d,f,v){return void 0===v&&(v=!1),o(void 0,void 0,void 0,(function(){var o,b,m,y,w,k,S,I,T,R,D,E,x,M;return s(t,(function(t){switch(t.label){case 0:if(!a.default.initCalled)throw Error("init function not called");(0,l.logDebugMessage)("doRequest: called"),o=!1;try{o="string"==typeof u&&!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(u,a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)&&v}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,l.logDebugMessage)("doRequest: Trying shouldDoInterceptionBasedOnUrl with location.origin"),o=!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)&&v}if((0,l.logDebugMessage)("doRequest: Value of doNotDoInterception: "+o),!o)return[3,2];if((0,l.logDebugMessage)("doRequest: Returning without interception"),void 0!==f)throw f;return void 0!==d?[2,d]:[4,e(n)];case 1:return[2,t.sent()];case 2:return(0,l.logDebugMessage)("doRequest: Interception started"),[4,p(n)];case 3:n=t.sent(),t.label=4;case 4:t.trys.push([4,,40,45]),b=void 0,t.label=5;case 5:return[4,(0,a.getLocalSessionState)(!0)];case 6:return m=t.sent(),y=n,"EXISTS"!==m.status?[3,8]:[4,a.AntiCsrfToken.getToken(m.lastAccessTokenUpdate)];case 7:void 0!==(w=t.sent())&&((0,l.logDebugMessage)("doRequest: Adding anti-csrf token to request"),y=r(r({},y),{headers:void 0===y?{"anti-csrf":w}:r(r({},y.headers),{"anti-csrf":w})})),t.label=8;case 8:return a.default.config.autoAddCredentials&&void 0===y.withCredentials&&((0,l.logDebugMessage)("doRequest: Adding credentials include"),y=r(r({},y),{withCredentials:!0})),(0,l.logDebugMessage)("doRequest: Adding rid header: anti-csrf (May get overriden by user's rid)"),y=r(r({},y),{headers:void 0===y?{rid:"anti-csrf"}:r({rid:"anti-csrf"},y.headers)}),k=a.default.config.tokenTransferMethod,(0,l.logDebugMessage)("doRequest: Adding st-auth-mode header: "+k),y.headers["st-auth-mode"]=k,[4,g(y)];case 9:t.sent(),t.label=10;case 10:if(t.trys.push([10,25,,38]),S=f,I=d,f=void 0,d=void 0,void 0!==S)throw(0,l.logDebugMessage)("doRequest: Not making call because localPrevError is not undefined"),S;return void 0!==I?(0,l.logDebugMessage)("doRequest: Not making call because localPrevResponse is not undefined"):(0,l.logDebugMessage)("doRequest: Making user's http call"),void 0!==I?[3,12]:[4,e(y)];case 11:return T=t.sent(),[3,13];case 12:T=I,t.label=13;case 13:return E=T,(0,l.logDebugMessage)("doRequest: User's http call ended"),[4,h(E)];case 14:return t.sent(),(0,a.fireSessionUpdateEventsIfNecessary)("EXISTS"===m.status,E.status,E.headers["front-token"]),E.status!==a.default.config.sessionExpiredStatusCode?[3,21]:((0,l.logDebugMessage)("doRequest: Status code is: "+E.status),[4,(0,a.onUnauthorisedResponse)(m)]);case 15:return"RETRY"===(x=t.sent()).result?[3,20]:((0,l.logDebugMessage)("doRequest: Not retrying original request"),x.error?[4,(0,i.createAxiosErrorFromFetchResp)(x.error)]:[3,17]);case 16:return R=t.sent(),[3,19];case 17:return[4,(0,i.createAxiosErrorFromAxiosResp)(E)];case 18:R=t.sent(),t.label=19;case 19:return b=R,[3,39];case 20:return(0,l.logDebugMessage)("doRequest: Retrying original request"),[3,24];case 21:return E.status!==a.default.config.invalidClaimStatusCode?[3,23]:[4,(0,a.onInvalidClaimResponse)(E)];case 22:t.sent(),t.label=23;case 23:return[2,E];case 24:return[3,38];case 25:return D=t.sent(),void 0===(E=D.response)?[3,36]:[4,h(E)];case 26:return t.sent(),(0,a.fireSessionUpdateEventsIfNecessary)("EXISTS"===m.status,E.status,E.headers["front-token"]),E.status!==a.default.config.sessionExpiredStatusCode?[3,32]:((0,l.logDebugMessage)("doRequest: Status code is: "+E.status),[4,(0,a.onUnauthorisedResponse)(m)]);case 27:return"RETRY"===(x=t.sent()).result?[3,31]:((0,l.logDebugMessage)("doRequest: Not retrying original request"),void 0===x.error?[3,29]:[4,(0,i.createAxiosErrorFromFetchResp)(x.error)]);case 28:return M=t.sent(),[3,30];case 29:M=D,t.label=30;case 30:return b=M,[3,39];case 31:return(0,l.logDebugMessage)("doRequest: Retrying original request"),[3,35];case 32:return E.status!==a.default.config.invalidClaimStatusCode?[3,34]:[4,(0,a.onInvalidClaimResponse)(E)];case 33:t.sent(),t.label=34;case 34:throw D;case 35:return[3,37];case 36:throw D;case 37:return[3,38];case 38:return[3,5];case 39:throw b;case 40:return[4,(0,a.getLocalSessionState)(!1)];case 41:return"NOT_EXISTS"!==t.sent().status?[3,44]:((0,l.logDebugMessage)("doRequest: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,a.AntiCsrfToken.removeToken()]);case 42:return t.sent(),[4,a.FrontToken.removeToken()];case 43:t.sent(),t.label=44;case 44:return[7];case 45:return[2]}}))}))},e}();function g(e){return o(this,void 0,void 0,(function(){var t,n;return s(this,(function(o){switch(o.label){case 0:return void 0===e.headers&&(e.headers={}),(0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: adding existing tokens as header"),[4,(0,a.getTokenForHeaderAuth)("access")];case 1:return t=o.sent(),[4,(0,a.getTokenForHeaderAuth)("refresh")];case 2:return n=o.sent(),void 0!==t&&void 0!==n?void 0!==e.headers.Authorization||void 0!==e.headers.authorization?(0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: Authorization header defined by the user, not adding"):((0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: added authorization header"),e.headers=r(r({},e.headers),{Authorization:"Bearer ".concat(t)}),e.__supertokensAddedAuthHeader=!0):(0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: token for header based auth not found"),[2]}}))}))}function h(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i;return s(this,(function(s){switch(s.label){case 0:return(0,l.logDebugMessage)("saveTokensFromHeaders: Saving updated tokens from the response"),void 0===(t=e.headers["st-refresh-token"])?[3,2]:((0,l.logDebugMessage)("saveTokensFromHeaders: saving new refresh token"),[4,(0,a.setToken)("refresh",t)]);case 1:s.sent(),s.label=2;case 2:return void 0===(n=e.headers["st-access-token"])?[3,4]:((0,l.logDebugMessage)("saveTokensFromHeaders: saving new access token"),[4,(0,a.setToken)("access",n)]);case 3:s.sent(),s.label=4;case 4:return void 0===(r=e.headers["front-token"])?[3,6]:((0,l.logDebugMessage)("doRequest: Setting sFrontToken: "+r),[4,a.FrontToken.setItem(r)]);case 5:s.sent(),s.label=6;case 6:return void 0===(o=e.headers["anti-csrf"])?[3,9]:[4,(0,a.getLocalSessionState)(!0)];case 7:return"EXISTS"!==(i=s.sent()).status?[3,9]:((0,l.logDebugMessage)("doRequest: Setting anti-csrf token"),[4,a.AntiCsrfToken.setItem(i.lastAccessTokenUpdate,o)]);case 8:s.sent(),s.label=9;case 9:return[2]}}))}))}function p(e){return o(this,void 0,void 0,(function(){var t,n,o,i;return s(this,(function(s){switch(s.label){case 0:return[4,(0,a.getTokenForHeaderAuth)("access")];case 1:return t=s.sent(),[4,(0,a.getTokenForHeaderAuth)("refresh")];case 2:return n=s.sent(),o=e.headers.Authorization||e.headers.authorization,void 0===t||void 0===n||o!=="Bearer ".concat(t)&&!("__supertokensAddedAuthHeader"in e)?[2,e]:((0,l.logDebugMessage)("removeAuthHeaderIfMatchesLocalToken: Removing Authorization from user provided headers because it contains our access token"),delete(i=r(r({},e),{headers:r({},e.headers)})).headers.authorization,delete i.headers.Authorization,[2,i])}}))}))}t.default=f},600:function(e,t){var n=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},r=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};function o(e,t,n,r,o){return e.config=t,n&&(e.code=n),e.request=r,e.response=o,e.isAxiosError=!0,e.toJSON=function(){return{message:this.message,name:this.name,description:this.description,number:this.number,fileName:this.fileName,lineNumber:this.lineNumber,columnNumber:this.columnNumber,stack:this.stack,config:this.config,code:this.code}},e}Object.defineProperty(t,"__esModule",{value:!0}),t.createAxiosErrorFromAxiosResp=t.createAxiosErrorFromFetchResp=void 0,t.createAxiosErrorFromFetchResp=function(e){return n(this,void 0,void 0,(function(){var t,n,s,i;return r(this,(function(r){switch(r.label){case 0:if(t={url:e.url,headers:e.headers},null!==(n=e.headers.get("content-type")))return[3,5];r.label=1;case 1:return r.trys.push([1,3,,4]),[4,e.text()];case 2:return s=r.sent(),[3,4];case 3:return r.sent(),s="",[3,4];case 4:return[3,11];case 5:return n.includes("application/json")?[4,e.json()]:[3,7];case 6:return s=r.sent(),[3,11];case 7:return n.includes("text/")?[4,e.text()]:[3,9];case 8:return s=r.sent(),[3,11];case 9:return[4,e.blob()];case 10:s=r.sent(),r.label=11;case 11:return i={data:s,status:e.status,statusText:e.statusText,headers:e.headers,config:t,request:void 0},[2,o(new Error("Request failed with status code "+e.status),t,void 0,void 0,i)]}}))}))},t.createAxiosErrorFromAxiosResp=function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o(new Error("Request failed with status code "+e.status),e.config,void 0,e.request,e)]}))}))}},280:function(e,t,n){var r=this&&this.__createBinding||(Object.create?function(e,t,n,r){void 0===r&&(r=n);var o=Object.getOwnPropertyDescriptor(t,n);o&&!("get"in o?!t.__esModule:o.writable||o.configurable)||(o={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,o)}:function(e,t,n,r){void 0===r&&(r=n),e[r]=t[n]}),o=this&&this.__exportStar||function(e,t){for(var n in e)"default"===n||Object.prototype.hasOwnProperty.call(t,n)||r(t,e,n)};Object.defineProperty(t,"__esModule",{value:!0}),o(n(569),t)},491:function(e,t,n){var r,o=this&&this.__extends||(r=function(e,t){return r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},r(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function n(){this.constructor=e}r(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}),s=this&&this.__assign||function(){return s=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},s.apply(this,arguments)};Object.defineProperty(t,"__esModule",{value:!0}),t.BooleanClaim=void 0;var i=function(e){function t(t){var n=e.call(this,t)||this;return n.validators=s(s({},n.validators),{isTrue:function(e){return n.validators.hasValue(!0,e)},isFalse:function(e){return n.validators.hasValue(!1,e)}}),n}return o(t,e),t}(n(911).PrimitiveClaim);t.BooleanClaim=i},748:function(e,t){var n=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},r=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.PrimitiveArrayClaim=void 0;var o=function(){function e(e){var t=this;this.validators={includes:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:t.includes(e)?[2,{isValid:!0}]:[2,{isValid:!1,reason:{message:"wrong value",expectedToInclude:e,actualValue:t}}])}))}))}}},excludes:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToNotInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:t.includes(e)?[2,{isValid:!1,reason:{message:"wrong value",expectedToNotInclude:e,actualValue:t}}]:[2,{isValid:!0}])}))}))}}},includesAll:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n,a,u;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:(a=new Set(t),[2,(u=e.every((function(e){return a.has(e)})))?{isValid:u}:{isValid:u,reason:{message:"wrong value",expectedToInclude:e,actualValue:t}}]))}))}))}}},includesAny:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n,a,u;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:(a=new Set(t),[2,(u=e.some((function(e){return a.has(e)})))?{isValid:u}:{isValid:u,reason:{message:"wrong value",expectedToIncludeAtLeastOneOf:e,actualValue:t}}]))}))}))}}},excludesAll:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n,a,u;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToNotInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:(a=new Set(t),[2,(u=e.every((function(e){return!a.has(e)})))?{isValid:u}:{isValid:u,reason:{message:"wrong value",expectedToNotInclude:e,actualValue:t}}]))}))}))}}}},this.id=e.id,this.refresh=e.refresh,this.defaultMaxAgeInSeconds=e.defaultMaxAgeInSeconds}return e.prototype.getValueFromPayload=function(e,t){return void 0!==e[this.id]?e[this.id].v:void 0},e.prototype.getLastFetchedTime=function(e,t){return void 0!==e[this.id]?e[this.id].t:void 0},e}();t.PrimitiveArrayClaim=o},911:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.PrimitiveClaim=void 0;var n=function(){function e(e){var t=this;this.validators={hasValue:function(e,n,r){return void 0===n&&(n=t.defaultMaxAgeInSeconds),{id:void 0!==r?r:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,r){return void 0===t.getValueFromPayload(e,r)||void 0!==n&&e[t.id].t<Date.now()-1e3*n},validate:function(r,o){var s=t.getValueFromPayload(r,o);if(void 0===s)return{isValid:!1,reason:{message:"value does not exist",expectedValue:e,actualValue:s}};var i=(Date.now()-t.getLastFetchedTime(r,o))/1e3;return void 0!==n&&i>n?{isValid:!1,reason:{message:"expired",ageInSeconds:i,maxAgeInSeconds:n}}:s!==e?{isValid:!1,reason:{message:"wrong value",expectedValue:e,actualValue:s}}:{isValid:!0}}}}},this.id=e.id,this.refresh=e.refresh,this.defaultMaxAgeInSeconds=e.defaultMaxAgeInSeconds}return e.prototype.getValueFromPayload=function(e,t){return void 0!==e[this.id]?e[this.id].v:void 0},e.prototype.getLastFetchedTime=function(e,t){return void 0!==e[this.id]?e[this.id].t:void 0},e}();t.PrimitiveClaim=n},173:function(e,t){var n,r=this&&this.__extends||(n=function(e,t){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},n(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)});Object.defineProperty(t,"__esModule",{value:!0}),t.STGeneralError=void 0;var o=function(e){function t(t){var n=e.call(this,t)||this;return n.isSuperTokensGeneralError=!0,n}return r(t,e),t.isThisError=function(e){return!0===e.isSuperTokensGeneralError},t}(Error);t.STGeneralError=o},379:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.fireSessionUpdateEventsIfNecessary=t.setFrontToken=t.getFrontToken=t.setAntiCSRF=t.saveLastAccessTokenUpdate=t.getTokenForHeaderAuth=t.setToken=t.getStorageNameForToken=t.getLocalSessionState=t.onInvalidClaimResponse=t.onTokenUpdate=t.onUnauthorisedResponse=t.FrontToken=t.AntiCsrfToken=void 0;var i=n(743),a=n(255),u=n(501),c=n(958),l=n(941),d=n(845),f=function(){function e(){}return e.getToken=function(t){return o(this,void 0,void 0,(function(){var n;return s(this,(function(r){switch(r.label){case 0:return(0,d.logDebugMessage)("AntiCsrfToken.getToken: called"),void 0===t?(e.tokenInfo=void 0,(0,d.logDebugMessage)("AntiCsrfToken.getToken: returning undefined"),[2,void 0]):void 0!==e.tokenInfo?[3,2]:[4,A()];case 1:return null===(n=r.sent())?((0,d.logDebugMessage)("AntiCsrfToken.getToken: returning undefined"),[2,void 0]):(e.tokenInfo={antiCsrf:n,associatedAccessTokenUpdate:t},[3,4]);case 2:return e.tokenInfo.associatedAccessTokenUpdate===t?[3,4]:(e.tokenInfo=void 0,[4,e.getToken(t)]);case 3:return[2,r.sent()];case 4:return(0,d.logDebugMessage)("AntiCsrfToken.getToken: returning: "+e.tokenInfo.antiCsrf),[2,e.tokenInfo.antiCsrf]}}))}))},e.removeToken=function(){return o(this,void 0,void 0,(function(){return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("AntiCsrfToken.removeToken: called"),e.tokenInfo=void 0,[4,_(void 0)];case 1:return t.sent(),[2]}}))}))},e.setItem=function(t,n){return o(this,void 0,void 0,(function(){return s(this,(function(r){switch(r.label){case 0:return void 0===t?(e.tokenInfo=void 0,[2]):((0,d.logDebugMessage)("AntiCsrfToken.setItem: called"),[4,_(n)]);case 1:return r.sent(),e.tokenInfo={antiCsrf:n,associatedAccessTokenUpdate:t},[2]}}))}))},e}();t.AntiCsrfToken=f;var g=function(){function e(){}return e.getTokenInfo=function(){return o(this,void 0,void 0,(function(){var t,n;return s(this,(function(r){switch(r.label){case 0:return(0,d.logDebugMessage)("FrontToken.getTokenInfo: called"),[4,P()];case 1:return null!==(t=r.sent())?[3,5]:[4,k(!1)];case 2:return"EXISTS"!==r.sent().status?[3,4]:[4,new Promise((function(t){e.waiters.push(t)}))];case 3:return r.sent(),[2,e.getTokenInfo()];case 4:return[2,void 0];case 5:return n=O(t),(0,d.logDebugMessage)("FrontToken.getTokenInfo: returning ate: "+n.ate),(0,d.logDebugMessage)("FrontToken.getTokenInfo: returning uid: "+n.uid),(0,d.logDebugMessage)("FrontToken.getTokenInfo: returning up: "+n.up),[2,n]}}))}))},e.removeToken=function(){return o(this,void 0,void 0,(function(){return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("FrontToken.removeToken: called"),[4,H(void 0)];case 1:return t.sent(),[4,I("access","")];case 2:return t.sent(),[4,I("refresh","")];case 3:return t.sent(),e.waiters.forEach((function(e){return e(void 0)})),e.waiters=[],[2]}}))}))},e.setItem=function(t){return o(this,void 0,void 0,(function(){return s(this,(function(n){switch(n.label){case 0:return[4,M()];case 1:return n.sent(),"remove"===t?[2,e.removeToken()]:((0,d.logDebugMessage)("FrontToken.setItem: called"),[4,H(t)]);case 2:return n.sent(),e.waiters.forEach((function(e){return e(void 0)})),e.waiters=[],[2]}}))}))},e.doesTokenExists=function(){return o(this,void 0,void 0,(function(){return s(this,(function(e){switch(e.label){case 0:return[4,C()];case 1:return[2,null!==e.sent()]}}))}))},e.waiters=[],e}();t.FrontToken=g;var h=function(){function e(){}var t;return e.init=function(t,r){(0,d.logDebugMessage)("init: called"),(0,d.logDebugMessage)("init: Input apiBasePath: "+t.apiBasePath),(0,d.logDebugMessage)("init: Input apiDomain: "+t.apiDomain),(0,d.logDebugMessage)("init: Input autoAddCredentials: "+t.autoAddCredentials),(0,d.logDebugMessage)("init: Input sessionTokenBackendDomain: "+t.sessionTokenBackendDomain),(0,d.logDebugMessage)("init: Input isInIframe: "+t.isInIframe),(0,d.logDebugMessage)("init: Input sessionExpiredStatusCode: "+t.sessionExpiredStatusCode),(0,d.logDebugMessage)("init: Input sessionTokenFrontendDomain: "+t.sessionTokenFrontendDomain),(0,d.logDebugMessage)("init: Input tokenTransferMethod: "+t.tokenTransferMethod);var o=c.default.getReferenceOrThrow().windowHandler.getWindowUnsafe();e.env=void 0===o||void 0===o.fetch?n.g:o,e.refreshTokenUrl=t.apiDomain+t.apiBasePath+"/session/refresh",e.signOutUrl=t.apiDomain+t.apiBasePath+"/signout",e.rid="session",e.config=t,void 0===e.env.__supertokensOriginalFetch&&((0,d.logDebugMessage)("init: __supertokensOriginalFetch is undefined"),e.env.__supertokensOriginalFetch=e.env.fetch.bind(e.env),e.env.__supertokensSessionRecipe=r,e.env.fetch=e.env.__supertokensSessionRecipe.addFetchInterceptorsAndReturnModifiedFetch({originalFetch:e.env.__supertokensOriginalFetch,userContext:{}}),e.env.__supertokensSessionRecipe.addXMLHttpRequestInterceptor({userContext:{}})),e.recipeImpl=e.env.__supertokensSessionRecipe,e.initCalled=!0},t=e,e.initCalled=!1,e.doRequest=function(n,a,u){return o(void 0,void 0,void 0,(function(){var o,l,h,p,v,b,y,S,I,T,D,M,A;return s(t,(function(t){switch(t.label){case 0:if(!e.initCalled)throw Error("init function not called");(0,d.logDebugMessage)("doRequest: start of fetch interception"),o=!1;try{l=void 0,"string"==typeof u?l=u:"object"==typeof u&&("string"==typeof u.url?l=u.url:"string"==typeof u.href&&(l=u.href)),o=!e.recipeImpl.shouldDoInterceptionBasedOnUrl(l,e.config.apiDomain,e.config.sessionTokenBackendDomain)}catch(t){if("Please provide a valid domain name"!==t.message)throw t;(0,d.logDebugMessage)("doRequest: Trying shouldDoInterceptionBasedOnUrl with location.origin"),o=!e.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),e.config.apiDomain,e.config.sessionTokenBackendDomain)}return(0,d.logDebugMessage)("doRequest: Value of doNotDoInterception: "+o),o?((0,d.logDebugMessage)("doRequest: Returning without interception"),[4,n(a)]):[3,2];case 1:return[2,t.sent()];case 2:return(h=new Headers(void 0!==a&&void 0!==a.headers?a.headers:u.headers)).has("Authorization")?[4,R("access")]:[3,5];case 3:return p=t.sent(),[4,R("refresh")];case 4:v=t.sent(),void 0!==p&&void 0!==v&&h.get("Authorization")==="Bearer ".concat(p)&&((0,d.logDebugMessage)("doRequest: Removing Authorization from user provided headers because it contains our access token"),h.delete("Authorization")),t.label=5;case 5:(0,d.logDebugMessage)("doRequest: Interception started"),i.ProcessState.getInstance().addState(i.PROCESS_STATE.CALLING_INTERCEPTION_REQUEST),t.label=6;case 6:t.trys.push([6,,20,25]),b=void 0,t.label=7;case 7:return[4,k(!0)];case 8:return y=t.sent(),S=new Headers(h),I=r(r({},a),{headers:S}),"EXISTS"!==y.status?[3,10]:[4,f.getToken(y.lastAccessTokenUpdate)];case 9:void 0!==(T=t.sent())&&((0,d.logDebugMessage)("doRequest: Adding anti-csrf token to request"),S.set("anti-csrf",T)),t.label=10;case 10:return e.config.autoAddCredentials&&((0,d.logDebugMessage)("doRequest: Adding credentials include"),void 0===I?I={credentials:"include"}:void 0===I.credentials&&(I=r(r({},I),{credentials:"include"}))),S.has("rid")?(0,d.logDebugMessage)("doRequest: rid header was already there in request"):((0,d.logDebugMessage)("doRequest: Adding rid header: anti-csrf"),S.set("rid","anti-csrf")),D=e.config.tokenTransferMethod,(0,d.logDebugMessage)("doRequest: Adding st-auth-mode header: "+D),S.set("st-auth-mode",D),[4,E(S)];case 11:return t.sent(),(0,d.logDebugMessage)("doRequest: Making user's http call"),[4,n(I)];case 12:return M=t.sent(),(0,d.logDebugMessage)("doRequest: User's http call ended"),[4,x(M)];case 13:return t.sent(),F("EXISTS"===y.status,M.status,M.headers.get("front-token")),M.status!==e.config.sessionExpiredStatusCode?[3,15]:((0,d.logDebugMessage)("doRequest: Status code is: "+M.status),[4,m(y)]);case 14:return"RETRY"!==(A=t.sent()).result?((0,d.logDebugMessage)("doRequest: Not retrying original request"),b=void 0!==A.error?A.error:M,[3,19]):((0,d.logDebugMessage)("doRequest: Retrying original request"),[3,18]);case 15:return M.status!==e.config.invalidClaimStatusCode?[3,17]:[4,w(M)];case 16:t.sent(),t.label=17;case 17:return[2,M];case 18:return[3,7];case 19:return[2,b];case 20:return[4,k(!1)];case 21:return"NOT_EXISTS"!==t.sent().status?[3,24]:((0,d.logDebugMessage)("doRequest: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,f.removeToken()]);case 22:return t.sent(),[4,g.removeToken()];case 23:t.sent(),t.label=24;case 24:return[7];case 25:return[2]}}))}))},e.attemptRefreshingSession=function(){return o(void 0,void 0,void 0,(function(){var n;return s(t,(function(t){switch(t.label){case 0:if(!e.initCalled)throw Error("init function not called");return[4,k(!1)];case 1:return[4,m(t.sent())];case 2:if("API_ERROR"===(n=t.sent()).result)throw n.error;return[2,"RETRY"===n.result]}}))}))},e}();t.default=h;var p="st-last-access-token-update",v="sAntiCsrf",b="sFrontToken";function m(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i,u,c,p,v,b;return s(this,(function(s){switch(s.label){case 0:return[4,l.default.getReferenceOrThrow().lockFactory()];case 1:t=s.sent(),s.label=2;case 2:return(0,d.logDebugMessage)("onUnauthorisedResponse: trying to acquire lock"),[4,t.acquireLock("REFRESH_TOKEN_USE",1e3)];case 3:if(!s.sent())return[3,22];(0,d.logDebugMessage)("onUnauthorisedResponse: lock acquired"),s.label=4;case 4:return s.trys.push([4,14,16,22]),[4,k(!1)];case 5:return"NOT_EXISTS"===(n=s.sent()).status?((0,d.logDebugMessage)("onUnauthorisedResponse: Not refreshing because local session state is NOT_EXISTS"),h.config.onHandleEvent({action:"UNAUTHORISED",sessionExpiredOrRevoked:!1,userContext:{}}),[2,{result:"SESSION_EXPIRED"}]):n.status!==e.status||"EXISTS"===n.status&&"EXISTS"===e.status&&n.lastAccessTokenUpdate!==e.lastAccessTokenUpdate?((0,d.logDebugMessage)("onUnauthorisedResponse: Retrying early because pre and post id refresh tokens don't match"),[2,{result:"RETRY"}]):(r=new Headers,"EXISTS"!==e.status?[3,7]:[4,f.getToken(e.lastAccessTokenUpdate)]);case 6:void 0!==(o=s.sent())&&((0,d.logDebugMessage)("onUnauthorisedResponse: Adding anti-csrf token to refresh API call"),r.set("anti-csrf",o)),s.label=7;case 7:return(0,d.logDebugMessage)("onUnauthorisedResponse: Adding rid and fdi-versions to refresh call header"),r.set("rid",h.rid),r.set("fdi-version",a.supported_fdi.join(",")),i=h.config.tokenTransferMethod,(0,d.logDebugMessage)("onUnauthorisedResponse: Adding st-auth-mode header: "+i),r.set("st-auth-mode",i),[4,E(r,!0)];case 8:return s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Calling refresh pre API hook"),[4,h.config.preAPIHook({action:"REFRESH_SESSION",requestInit:{method:"post",credentials:"include",headers:r},url:h.refreshTokenUrl,userContext:{}})];case 9:return u=s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Making refresh call"),[4,h.env.__supertokensOriginalFetch(u.url,u.requestInit)];case 10:return c=s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Refresh call ended"),[4,x(c)];case 11:if(s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Refresh status code is: "+c.status),(p=c.status===h.config.sessionExpiredStatusCode)&&null===c.headers.get("front-token")&&g.setItem("remove"),F("EXISTS"===e.status,c.status,p&&null===c.headers.get("front-token")?"remove":c.headers.get("front-token")),c.status>=300)throw c;return[4,h.config.postAPIHook({action:"REFRESH_SESSION",fetchResponse:c.clone(),requestInit:u.requestInit,url:u.url,userContext:{}})];case 12:return s.sent(),[4,k(!1)];case 13:return"NOT_EXISTS"===s.sent().status?((0,d.logDebugMessage)("onUnauthorisedResponse: local session doesn't exist, so returning session expired"),[2,{result:"SESSION_EXPIRED"}]):(h.config.onHandleEvent({action:"REFRESH_SESSION",userContext:{}}),(0,d.logDebugMessage)("onUnauthorisedResponse: Sending RETRY signal"),[2,{result:"RETRY"}]);case 14:return v=s.sent(),[4,k(!1)];case 15:return"NOT_EXISTS"===s.sent().status?((0,d.logDebugMessage)("onUnauthorisedResponse: local session doesn't exist, so returning session expired"),[2,{result:"SESSION_EXPIRED",error:v}]):((0,d.logDebugMessage)("onUnauthorisedResponse: sending API_ERROR"),[2,{result:"API_ERROR",error:v}]);case 16:return[4,t.releaseLock("REFRESH_TOKEN_USE")];case 17:return s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Released lock"),[4,k(!1)];case 18:return"NOT_EXISTS"!==s.sent().status?[3,21]:((0,d.logDebugMessage)("onUnauthorisedResponse: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,f.removeToken()]);case 19:return s.sent(),[4,g.removeToken()];case 20:s.sent(),s.label=21;case 21:return[7];case 22:return[4,k(!1)];case 23:return"NOT_EXISTS"===(b=s.sent()).status?((0,d.logDebugMessage)("onUnauthorisedResponse: lock acquired failed and local session doesn't exist, so sending SESSION_EXPIRED"),[2,{result:"SESSION_EXPIRED"}]):b.status!==e.status||"EXISTS"===b.status&&"EXISTS"===e.status&&b.lastAccessTokenUpdate!==e.lastAccessTokenUpdate?((0,d.logDebugMessage)("onUnauthorisedResponse: lock acquired failed and retrying early because pre and post id refresh tokens don't match"),[2,{result:"RETRY"}]):[3,2];case 24:return[2]}}))}))}function y(){(0,d.logDebugMessage)("onTokenUpdate: firing ACCESS_TOKEN_PAYLOAD_UPDATED event"),h.config.onHandleEvent({action:"ACCESS_TOKEN_PAYLOAD_UPDATED",userContext:{}})}function w(e){return o(this,void 0,void 0,(function(){var t;return s(this,(function(n){switch(n.label){case 0:return n.trys.push([0,2,,3]),[4,h.recipeImpl.getInvalidClaimsFromResponse({response:e,userContext:{}})];case 1:return(t=n.sent())&&h.config.onHandleEvent({action:"API_INVALID_CLAIM",claimValidationErrors:t,userContext:{}}),[3,3];case 2:return n.sent(),[3,3];case 3:return[2]}}))}))}function k(e){return o(this,void 0,void 0,(function(){var t,n,r;return s(this,(function(o){switch(o.label){case 0:return(0,d.logDebugMessage)("getLocalSessionState: called"),[4,D(p)];case 1:return t=o.sent(),[4,g.doesTokenExists()];case 2:return o.sent()&&void 0!==t?((0,d.logDebugMessage)("getLocalSessionState: returning EXISTS since both frontToken and lastAccessTokenUpdate exists"),[2,{status:"EXISTS",lastAccessTokenUpdate:t}]):[3,3];case 3:return t?((0,d.logDebugMessage)("getLocalSessionState: returning NOT_EXISTS since frontToken was cleared but lastAccessTokenUpdate exists"),[2,{status:"NOT_EXISTS"}]):[3,4];case 4:return n={status:"MAY_EXIST"},e?((0,d.logDebugMessage)("getLocalSessionState: trying to refresh"),[4,m(n)]):[3,7];case 5:return"RETRY"!==(r=o.sent()).result?((0,d.logDebugMessage)("getLocalSessionState: return NOT_EXISTS in case error from backend"+r.result),[2,{status:"NOT_EXISTS"}]):((0,d.logDebugMessage)("getLocalSessionState: Retrying post refresh"),[4,k(e)]);case 6:return[2,o.sent()];case 7:return(0,d.logDebugMessage)("getLocalSessionState: returning: "+n.status),[2,n]}}))}))}function S(e){switch(e){case"access":return"st-access-token";case"refresh":return"st-refresh-token"}}function I(e,t){var n=S(e);return""!==t?((0,d.logDebugMessage)("setToken: saved ".concat(e," token into cookies")),T(n,t,Date.now()+31536e5)):((0,d.logDebugMessage)("setToken: cleared ".concat(e," token from cookies")),T(n,t,0))}function T(e,t,n){var r="Fri, 31 Dec 9999 23:59:59 GMT";n!==Number.MAX_SAFE_INTEGER&&(r=new Date(n).toUTCString());var o=h.config.sessionTokenFrontendDomain;return"localhost"===o||o===c.default.getReferenceOrThrow().windowHandler.location.getHostName()?u.default.getReferenceOrThrow().cookieHandler.setCookie("".concat(e,"=").concat(t,";expires=").concat(r,";path=/;samesite=").concat(h.config.isInIframe?"none;secure":"lax")):u.default.getReferenceOrThrow().cookieHandler.setCookie("".concat(e,"=").concat(t,";expires=").concat(r,";domain=").concat(o,";path=/;samesite=").concat(h.config.isInIframe?"none;secure":"lax"))}function R(e){return o(this,void 0,void 0,(function(){return s(this,(function(t){return[2,D(S(e))]}))}))}function D(e){return o(this,void 0,void 0,(function(){var t,n,r,o;return s(this,(function(s){switch(s.label){case 0:return n="; ",[4,u.default.getReferenceOrThrow().cookieHandler.getCookie()];case 1:return t=n+s.sent(),(r=t.split("; "+e+"=")).length>=2&&void 0!==(o=r.pop())?[2,o.split(";").shift()]:[2,void 0]}}))}))}function E(e,t){return void 0===t&&(t=!1),o(this,void 0,void 0,(function(){var n,r;return s(this,(function(o){switch(o.label){case 0:return(0,d.logDebugMessage)("setTokenHeaders: adding existing tokens as header"),[4,R("access")];case 1:return n=o.sent(),[4,R("refresh")];case 2:return r=o.sent(),!t&&void 0===n||void 0===r?(0,d.logDebugMessage)("setAuthorizationHeaderIfRequired: token for header based auth not found"):e.has("Authorization")?(0,d.logDebugMessage)("setAuthorizationHeaderIfRequired: Authorization header defined by the user, not adding"):((0,d.logDebugMessage)("setAuthorizationHeaderIfRequired: added authorization header"),e.set("Authorization","Bearer ".concat(t?r:n))),[2]}}))}))}function x(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i;return s(this,(function(s){switch(s.label){case 0:return(0,d.logDebugMessage)("saveTokensFromHeaders: Saving updated tokens from the response headers"),null===(t=e.headers.get("st-refresh-token"))?[3,2]:((0,d.logDebugMessage)("saveTokensFromHeaders: saving new refresh token"),[4,I("refresh",t)]);case 1:s.sent(),s.label=2;case 2:return null===(n=e.headers.get("st-access-token"))?[3,4]:((0,d.logDebugMessage)("saveTokensFromHeaders: saving new access token"),[4,I("access",n)]);case 3:s.sent(),s.label=4;case 4:return null===(r=e.headers.get("front-token"))?[3,6]:((0,d.logDebugMessage)("saveTokensFromHeaders: Setting sFrontToken: "+r),[4,g.setItem(r)]);case 5:s.sent(),s.label=6;case 6:return null===(o=e.headers.get("anti-csrf"))?[3,9]:[4,k(!0)];case 7:return"EXISTS"!==(i=s.sent()).status?[3,9]:((0,d.logDebugMessage)("saveTokensFromHeaders: Setting anti-csrf token"),[4,f.setItem(i.lastAccessTokenUpdate,o)]);case 8:s.sent(),s.label=9;case 9:return[2]}}))}))}function M(){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("saveLastAccessTokenUpdate: called"),e=Date.now().toString(),(0,d.logDebugMessage)("saveLastAccessTokenUpdate: setting "+e),[4,T(p,e,Number.MAX_SAFE_INTEGER)];case 1:return t.sent(),[4,T("sIRTFrontend","",0)];case 2:return t.sent(),[2]}}))}))}function A(){return o(this,void 0,void 0,(function(){function e(){return o(this,void 0,void 0,(function(){var e,t,n,r,o;return s(this,(function(s){switch(s.label){case 0:return t="; ",[4,u.default.getReferenceOrThrow().cookieHandler.getCookie()];case 1:return e=t+s.sent(),(n=e.split("; sAntiCsrf=")).length>=2&&void 0!==(r=n.pop())?void 0===(o=r.split(";").shift())?[2,null]:[2,o]:[2,null]}}))}))}var t;return s(this,(function(n){switch(n.label){case 0:return(0,d.logDebugMessage)("getAntiCSRFToken: called"),[4,k(!0)];case 1:return"EXISTS"!==n.sent().status?((0,d.logDebugMessage)("getAntiCSRFToken: Returning because local session state != EXISTS"),[2,null]):[4,e()];case 2:return t=n.sent(),(0,d.logDebugMessage)("getAntiCSRFToken: returning: "+t),[2,t]}}))}))}function _(e){return o(this,void 0,void 0,(function(){return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("setAntiCSRF: called: "+e),void 0===e?[3,2]:[4,T(v,e,Number.MAX_SAFE_INTEGER)];case 1:return t.sent(),[3,4];case 2:return[4,T(v,"",0)];case 3:t.sent(),t.label=4;case 4:return[2]}}))}))}function C(){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("getFrontTokenFromCookie: called"),[4,D(b)];case 1:return[2,void 0===(e=t.sent())?null:e]}}))}))}function O(e){return JSON.parse(decodeURIComponent(escape(atob(e))))}function P(){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("getFrontToken: called"),[4,k(!0)];case 1:return"EXISTS"!==t.sent().status?((0,d.logDebugMessage)("getFrontToken: Returning because sIRTFrontend != EXISTS"),[2,null]):[4,C()];case 2:return e=t.sent(),(0,d.logDebugMessage)("getFrontToken: returning: "+e),[2,e]}}))}))}function H(e){return o(this,void 0,void 0,(function(){var t,n,r;return s(this,(function(o){switch(o.label){case 0:return(0,d.logDebugMessage)("setFrontToken: called"),[4,C()];case 1:return null!==(t=o.sent())&&void 0!==e&&(n=O(t).up,r=O(e).up,JSON.stringify(n)!==JSON.stringify(r)&&y()),void 0!==e?[3,3]:[4,T(b,"",0)];case 2:return o.sent(),[3,5];case 3:return[4,T(b,e,Number.MAX_SAFE_INTEGER)];case 4:o.sent(),o.label=5;case 5:return[2]}}))}))}function F(e,t,n){if(null!=n){var r="remove"!==n;(0,d.logDebugMessage)("fireSessionUpdateEventsIfNecessary wasLoggedIn: ".concat(e," frontTokenExistsAfter: ").concat(r," status: ").concat(t)),e?r||(t===h.config.sessionExpiredStatusCode?((0,d.logDebugMessage)("onUnauthorisedResponse: firing UNAUTHORISED event"),h.config.onHandleEvent({action:"UNAUTHORISED",sessionExpiredOrRevoked:!0,userContext:{}})):((0,d.logDebugMessage)("onUnauthorisedResponse: firing SIGN_OUT event"),h.config.onHandleEvent({action:"SIGN_OUT",userContext:{}}))):r&&((0,d.logDebugMessage)("onUnauthorisedResponse: firing SESSION_CREATED event"),h.config.onHandleEvent({action:"SESSION_CREATED",userContext:{}}))}else(0,d.logDebugMessage)("fireSessionUpdateEventsIfNecessary returning early because the front token was not updated")}t.onUnauthorisedResponse=m,t.onTokenUpdate=y,t.onInvalidClaimResponse=w,t.getLocalSessionState=k,t.getStorageNameForToken=S,t.setToken=I,t.getTokenForHeaderAuth=R,t.saveLastAccessTokenUpdate=M,t.setAntiCSRF=_,t.getFrontToken=P,t.setFrontToken=H,t.fireSessionUpdateEventsIfNecessary=F},569:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.BooleanClaim=t.PrimitiveArrayClaim=t.PrimitiveClaim=t.getInvalidClaimsFromResponse=t.getClaimValue=t.validateClaims=t.signOut=t.addAxiosInterceptors=t.doesSessionExist=t.attemptRefreshingSession=t.getAccessToken=t.getAccessTokenPayloadSecurely=t.getUserId=t.init=void 0;var s=n(379),i=n(994),a=n(333),u=n(318),c=n(501),l=n(958),d=n(941),f=n(153),g=function(){function e(){}var t;return e.init=function(t){c.default.init(t.cookieHandler),l.default.init(t.windowHandler),d.default.init(t.lockFactory,l.default.getReferenceOrThrow().windowHandler.localStorage);var n=(0,u.validateAndNormaliseInputOrThrowError)(t),r=new a.default((0,i.default)({onHandleEvent:n.onHandleEvent,preAPIHook:n.preAPIHook,postAPIHook:n.postAPIHook,sessionExpiredStatusCode:n.sessionExpiredStatusCode})).override(n.override.functions).build();s.default.init(n,r),e.axiosInterceptorQueue.forEach((function(e){e()})),e.axiosInterceptorQueue=[]},e.getUserId=function(e){return s.default.recipeImpl.getUserId({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})},e.getAccessTokenPayloadSecurely=function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){return[2,s.default.recipeImpl.getAccessTokenPayloadSecurely({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})]}))}))},t=e,e.axiosInterceptorQueue=[],e.attemptRefreshingSession=function(){return r(void 0,void 0,void 0,(function(){return o(t,(function(e){return[2,s.default.attemptRefreshingSession()]}))}))},e.doesSessionExist=function(e){return s.default.recipeImpl.doesSessionExist({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})},e.addAxiosInterceptors=function(t,n){s.default.initCalled?s.default.recipeImpl.addAxiosInterceptors({axiosInstance:t,userContext:(0,u.getNormalisedUserContext)(n)}):e.axiosInterceptorQueue.push((function(){s.default.recipeImpl.addAxiosInterceptors({axiosInstance:t,userContext:(0,u.getNormalisedUserContext)(n)})}))},e.signOut=function(e){return s.default.recipeImpl.signOut({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})},e.getInvalidClaimsFromResponse=function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){return[2,s.default.recipeImpl.getInvalidClaimsFromResponse({response:e.response,userContext:(0,u.getNormalisedUserContext)(e.userContext)})]}))}))},e.getClaimValue=function(t){return r(this,void 0,void 0,(function(){var n,r;return o(this,(function(o){switch(o.label){case 0:return n=(0,u.getNormalisedUserContext)(void 0===t?void 0:t.userContext),[4,e.getAccessTokenPayloadSecurely({userContext:n})];case 1:return r=o.sent(),[2,t.claim.getValueFromPayload(r,n)]}}))}))},e.validateClaims=function(e,t){var n=(0,u.getNormalisedUserContext)(t),r=f.SessionClaimValidatorStore.getClaimValidatorsAddedByOtherRecipes(),o=s.default.recipeImpl.getGlobalClaimValidators({claimValidatorsAddedByOtherRecipes:r,userContext:n}),i=void 0!==e?e(o,n):o;return 0===i.length?[]:s.default.recipeImpl.validateClaims({claimValidators:i,userContext:(0,u.getNormalisedUserContext)(t)})},e.getAccessToken=function(e){return r(void 0,void 0,void 0,(function(){return o(t,(function(t){switch(t.label){case 0:return[4,s.default.recipeImpl.doesSessionExist({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})];case 1:return t.sent()?[2,(0,s.getTokenForHeaderAuth)("access")]:[2,void 0]}}))}))},e}();t.default=g,t.init=g.init,t.getUserId=g.getUserId,t.getAccessTokenPayloadSecurely=g.getAccessTokenPayloadSecurely,t.getAccessToken=g.getAccessToken,t.attemptRefreshingSession=g.attemptRefreshingSession,t.doesSessionExist=g.doesSessionExist,t.addAxiosInterceptors=g.addAxiosInterceptors,t.signOut=g.signOut,t.validateClaims=g.validateClaims,t.getClaimValue=g.getClaimValue,t.getInvalidClaimsFromResponse=g.getInvalidClaimsFromResponse;var h=n(911);Object.defineProperty(t,"PrimitiveClaim",{enumerable:!0,get:function(){return h.PrimitiveClaim}});var p=n(748);Object.defineProperty(t,"PrimitiveArrayClaim",{enumerable:!0,get:function(){return p.PrimitiveArrayClaim}});var v=n(491);Object.defineProperty(t,"BooleanClaim",{enumerable:!0,get:function(){return v.BooleanClaim}})},845:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.logDebugMessage=t.disableLogging=t.enableLogging=void 0;var r=n(255),o=!1;t.enableLogging=function(){o=!0},t.disableLogging=function(){o=!1},t.logDebugMessage=function(e){o&&console.log("".concat("com.supertokens",' {t: "').concat((new Date).toISOString(),'", message: "').concat(e,'", supertokens-website-ver: "').concat(r.package_version,'"}'))}},992:(e,t)=>{function n(e){return/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/.test(e)}Object.defineProperty(t,"__esModule",{value:!0}),t.isAnIpAddress=void 0,t.isAnIpAddress=n;function r(e,t){void 0===t&&(t=!1),e=e.trim();try{if(!e.startsWith("http://")&&!e.startsWith("https://"))throw new Error("converting to proper URL");var o=new URL(e);return t?o.hostname.startsWith("localhost")||n(o.hostname)?"http://"+o.host:"https://"+o.host:o.protocol+"//"+o.host}catch(e){}if(e.startsWith("/"))throw new Error("Please provide a valid domain name");if(0===e.indexOf(".")&&(e=e.substr(1)),(-1!==e.indexOf(".")||e.startsWith("localhost"))&&!e.startsWith("http://")&&!e.startsWith("https://")){e="https://"+e;try{return new URL(e),r(e,!0)}catch(e){}}throw new Error("Please provide a valid domain name")}t.default=function(e){var t=this;this.getAsStringDangerous=function(){return t.value},this.value=r(e)}},260:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});function n(e){e=e.trim();try{if(!e.startsWith("http://")&&!e.startsWith("https://"))throw new Error("converting to proper URL");return"/"===(e=new URL(e).pathname).charAt(e.length-1)?e.substr(0,e.length-1):e}catch(e){}if((function(e){if(-1===e.indexOf(".")||e.startsWith("/"))return!1;try{return-1!==new URL(e).hostname.indexOf(".")}catch(e){}try{return-1!==new URL("http://"+e).hostname.indexOf(".")}catch(e){}return!1}(e)||e.startsWith("localhost"))&&!e.startsWith("http://")&&!e.startsWith("https://"))return n(e="http://"+e);"/"!==e.charAt(0)&&(e="/"+e);try{return new URL("http://example.com"+e),n("http://example.com"+e)}catch(e){throw new Error("Please provide a valid URL path")}}t.default=function e(t){var r=this;this.startsWith=function(e){return r.value.startsWith(e.value)},this.appendPath=function(t){return new e(r.value+t.value)},this.getAsStringDangerous=function(){return r.value},this.value=n(t)}},743:function(e,t){var n,r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.ProcessState=t.PROCESS_STATE=void 0,(n=t.PROCESS_STATE||(t.PROCESS_STATE={}))[n.CALLING_INTERCEPTION_REQUEST=0]="CALLING_INTERCEPTION_REQUEST",n[n.CALLING_INTERCEPTION_RESPONSE=1]="CALLING_INTERCEPTION_RESPONSE";var s=function(){function e(){var e=this;this.history=[],this.addState=function(t){try{void 0!==process&&void 0!==process.env&&"testing"===process.env.TEST_MODE&&e.history.push(t)}catch(e){}},this.getEventByLastEventByName=function(t){for(var n=e.history.length-1;n>=0;n--)if(e.history[n]==t)return e.history[n]},this.reset=function(){e.history=[]},this.waitForEvent=function(t,n){return void 0===n&&(n=7e3),r(e,void 0,void 0,(function(){var e,r=this;return o(this,(function(o){return e=Date.now(),[2,new Promise((function(o){var s=r;!function r(){var i=s.getEventByLastEventByName(t);void 0===i?Date.now()-e>n?o(void 0):setTimeout(r,1e3):o(i)}()}))]}))}))}}return e.getInstance=function(){return null==e.instance&&(e.instance=new e),e.instance},e}();t.ProcessState=s},994:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0});var i=n(379),a=n(759),u=n(255),c=n(845),l=n(173),d=n(648),f=n(318);t.default=function(e){return{addXMLHttpRequestInterceptor:function(e){(0,c.logDebugMessage)("addXMLHttpRequestInterceptorAndReturnModified: called"),(0,d.addInterceptorsToXMLHttpRequest)()},addFetchInterceptorsAndReturnModifiedFetch:function(e){return(0,c.logDebugMessage)("addFetchInterceptorsAndReturnModifiedFetch: called"),function(t,n){return o(this,void 0,void 0,(function(){return s(this,(function(o){switch(o.label){case 0:return[4,i.default.doRequest((function(n){return e.originalFetch("object"==typeof t&&"clone"in t?t.clone():t,r({},n))}),n,t)];case 1:return[2,o.sent()]}}))}))}},addAxiosInterceptors:function(e){if((0,c.logDebugMessage)("addAxiosInterceptors: called"),XMLHttpRequest.__interceptedBySuperTokens)return console.warn("Not adding axios interceptor since XMLHttpRequest is already added. This is just a warning."),console.warn("Our axios and XMLHttpRequest interceptors cannot be used at the same time."),console.warn("Since XMLHttpRequest is added automatically and supports axios by default, you can just remove addAxiosInterceptors from your code."),console.warn("If you want to continue using our axios interceptor, you can override addXMLHttpRequestInterceptor with an empty function."),void(0,c.logDebugMessage)("addAxiosInterceptors: not adding, because XHR interceptors are already in place");for(var t=e.axiosInstance.interceptors.request,n=0;n<t.handlers.length;n++)if(t.handlers[n].fulfilled===a.interceptorFunctionRequestFulfilled)return void(0,c.logDebugMessage)("addAxiosInterceptors: not adding because already added on this instance");e.axiosInstance.interceptors.request.use(a.interceptorFunctionRequestFulfilled,(function(e){return o(this,void 0,void 0,(function(){return s(this,(function(t){throw e}))}))})),e.axiosInstance.interceptors.response.use((0,a.responseInterceptor)(e.axiosInstance),(0,a.responseErrorInterceptor)(e.axiosInstance))},getUserId:function(e){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,c.logDebugMessage)("getUserId: called"),[4,i.FrontToken.getTokenInfo()];case 1:if(void 0===(e=t.sent()))throw new Error("No session exists");return(0,c.logDebugMessage)("getUserId: returning: "+e.uid),[2,e.uid]}}))}))},getAccessTokenPayloadSecurely:function(e){return o(this,void 0,void 0,(function(){var t;return s(this,(function(n){switch(n.label){case 0:return(0,c.logDebugMessage)("getAccessTokenPayloadSecurely: called"),[4,i.FrontToken.getTokenInfo()];case 1:if(void 0===(t=n.sent()))throw new Error("No session exists");return t.ate<Date.now()?((0,c.logDebugMessage)("getAccessTokenPayloadSecurely: access token expired. Refreshing session"),[4,i.default.attemptRefreshingSession()]):[3,5];case 2:return n.sent()?[4,this.getAccessTokenPayloadSecurely({userContext:e.userContext})]:[3,4];case 3:return[2,n.sent()];case 4:throw new Error("Could not refresh session");case 5:return(0,c.logDebugMessage)("getAccessTokenPayloadSecurely: returning: "+JSON.stringify(t.up)),[2,t.up]}}))}))},doesSessionExist:function(e){return o(this,void 0,void 0,(function(){var e,t;return s(this,(function(n){switch(n.label){case 0:return(0,c.logDebugMessage)("doesSessionExist: called"),[4,i.FrontToken.getTokenInfo()];case 1:return void 0===(e=n.sent())?((0,c.logDebugMessage)("doesSessionExist: access token does not exist locally"),[2,!1]):e.ate<Date.now()?((0,c.logDebugMessage)("doesSessionExist: access token expired. Refreshing session"),[4,(0,i.getLocalSessionState)(!1)]):[3,4];case 2:return t=n.sent(),[4,(0,i.onUnauthorisedResponse)(t)];case 3:return[2,"RETRY"===n.sent().result];case 4:return[2,!0]}}))}))},signOut:function(t){return o(this,void 0,void 0,(function(){var n,r,o,a;return s(this,(function(s){switch(s.label){case 0:return(0,c.logDebugMessage)("signOut: called"),[4,this.doesSessionExist(t)];case 1:return s.sent()?((0,c.logDebugMessage)("signOut: Calling refresh pre API hook"),[4,e.preAPIHook({action:"SIGN_OUT",requestInit:{method:"post",headers:{"fdi-version":u.supported_fdi.join(","),rid:i.default.rid}},url:i.default.signOutUrl,userContext:t.userContext})]):((0,c.logDebugMessage)("signOut: exiting early because session does not exist"),(0,c.logDebugMessage)("signOut: firing SIGN_OUT event"),e.onHandleEvent({action:"SIGN_OUT",userContext:t.userContext}),[2]);case 2:return n=s.sent(),(0,c.logDebugMessage)("signOut: Calling API"),[4,fetch(n.url,n.requestInit)];case 3:if(r=s.sent(),(0,c.logDebugMessage)("signOut: API ended"),(0,c.logDebugMessage)("signOut: API responded with status code: "+r.status),r.status===e.sessionExpiredStatusCode)return[2];if(r.status>=300)throw r;return[4,e.postAPIHook({action:"SIGN_OUT",requestInit:n.requestInit,url:n.url,fetchResponse:r.clone(),userContext:t.userContext})];case 4:return s.sent(),[4,r.clone().json()];case 5:if("GENERAL_ERROR"===(o=s.sent()).status)throw(0,c.logDebugMessage)("doRequest: Throwing general error"),a=void 0===o.message?"No Error Message Provided":o.message,new l.STGeneralError(a);return[2]}}))}))},getInvalidClaimsFromResponse:function(e){return o(this,void 0,void 0,(function(){var t;return s(this,(function(n){switch(n.label){case 0:return"body"in e.response?[4,e.response.clone().json()]:[3,2];case 1:return t=n.sent(),[3,3];case 2:t="string"==typeof e.response.data?JSON.parse(e.response.data):e.response.data,n.label=3;case 3:return[2,t.claimValidationErrors]}}))}))},getGlobalClaimValidators:function(e){return e.claimValidatorsAddedByOtherRecipes},validateClaims:function(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i,a,u,c,l;return s(this,(function(s){switch(s.label){case 0:return[4,this.getAccessTokenPayloadSecurely({userContext:e.userContext})];case 1:t=s.sent(),n=0,r=e.claimValidators,s.label=2;case 2:return n<r.length?[4,(c=r[n]).shouldRefresh(t,e.userContext)]:[3,10];case 3:if(!s.sent())return[3,9];s.label=4;case 4:return s.trys.push([4,6,,7]),[4,c.refresh(e.userContext)];case 5:return s.sent(),[3,7];case 6:return o=s.sent(),console.error("Encountered an error while refreshing validator ".concat(c.id),o),[3,7];case 7:return[4,this.getAccessTokenPayloadSecurely({userContext:e.userContext})];case 8:t=s.sent(),s.label=9;case 9:return n++,[3,2];case 10:i=[],a=0,u=e.claimValidators,s.label=11;case 11:return a<u.length?[4,(c=u[a]).validate(t,e.userContext)]:[3,14];case 12:(l=s.sent()).isValid||i.push({validatorId:c.id,reason:l.reason}),s.label=13;case 13:return a++,[3,11];case 14:return[2,i]}}))}))},shouldDoInterceptionBasedOnUrl:function(e,t,n){if((0,c.logDebugMessage)("shouldDoInterceptionBasedOnUrl: toCheckUrl: "+e+" apiDomain: "+t+" sessionTokenBackendDomain: "+n),e.includes("superTokensDoNotDoInterception"))return!1;e=(0,f.normaliseURLDomainOrThrowError)(e);var r=new URL(e),o=r.hostname;if(void 0===n){o=""===r.port?o:o+":"+r.port,t=(0,f.normaliseURLDomainOrThrowError)(t);var s=new URL(t);return o===(""===s.port?s.hostname:s.hostname+":"+s.port)}var i,a=(0,f.normaliseSessionScopeOrThrowError)(n);if(n.split(":").length>1){var u=n.split(":")[n.split(":").length-1];"string"!=typeof(i=u)||isNaN(i)||isNaN(parseFloat(i))||(a+=":"+u,o=""===r.port?o:o+":"+r.port)}return n.startsWith(".")?("."+o).endsWith(a):o===a}}}},272:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.defaultCookieHandlerImplementation=void 0;var s=n(958);t.defaultCookieHandlerImplementation={getCookie:function(){return r(this,void 0,void 0,(function(){return o(this,(function(e){return[2,s.default.getReferenceOrThrow().windowHandler.getWindowUnsafe().document.cookie]}))}))},setCookie:function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){return s.default.getReferenceOrThrow().windowHandler.getWindowUnsafe().document.cookie=e,[2]}))}))}}},501:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.CookieHandlerReference=void 0;var r=n(272),o=function(){function e(e){var t=function(e){return e};void 0!==e&&(t=e),this.cookieHandler=t(r.defaultCookieHandlerImplementation)}return e.init=function(t){void 0===e.instance&&(e.instance=new e(t))},e.getReferenceOrThrow=function(){if(void 0===e.instance)throw new Error("SuperTokensCookieHandler must be initialized before calling this method.");return e.instance},e}();t.CookieHandlerReference=o,t.default=o},318:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.getNormalisedUserContext=t.validateAndNormaliseInputOrThrowError=t.normaliseSessionScopeOrThrowError=t.normaliseURLPathOrThrowError=t.normaliseURLDomainOrThrowError=void 0;var i=n(992),a=n(260),u=n(958),c=n(845);function l(e){return new i.default(e).getAsStringDangerous()}function d(e){return new a.default(e).getAsStringDangerous()}function f(e){var t=function(e){(e=e.trim().toLowerCase()).startsWith(".")&&(e=e.substr(1)),e.startsWith("http://")||e.startsWith("https://")||(e="http://"+e);try{return(e=new URL(e).hostname).startsWith(".")&&(e=e.substr(1)),e}catch(e){throw new Error("Please provide a valid sessionTokenFrontendDomain")}}(e);return"localhost"===t||(0,i.isAnIpAddress)(t)?t:e.startsWith(".")?"."+t:t}t.normaliseURLDomainOrThrowError=l,t.normaliseURLPathOrThrowError=d,t.normaliseSessionScopeOrThrowError=f,t.validateAndNormaliseInputOrThrowError=function(e){var t=this,n=l(e.apiDomain),i=d("/auth");void 0!==e.apiBasePath&&(i=d(e.apiBasePath));var a=u.default.getReferenceOrThrow().windowHandler.location.getHostName(),g=f(void 0!==e&&void 0!==e.sessionTokenFrontendDomain?e.sessionTokenFrontendDomain:a),h=401;void 0!==e.sessionExpiredStatusCode&&(h=e.sessionExpiredStatusCode);var p=403;if(void 0!==e.invalidClaimStatusCode&&(p=e.invalidClaimStatusCode),h===p)throw new Error("sessionExpiredStatusCode and invalidClaimStatusCode cannot be the same.");var v=!0;void 0!==e.autoAddCredentials&&(v=e.autoAddCredentials);var b=!1;void 0!==e.isInIframe&&(b=e.isInIframe);var m=void 0;void 0!==e.sessionTokenBackendDomain&&(m=f(e.sessionTokenBackendDomain));var y=function(e){return o(t,void 0,void 0,(function(){return s(this,(function(t){return[2,{url:e.url,requestInit:e.requestInit}]}))}))};void 0!==e.preAPIHook&&(y=e.preAPIHook);var w=function(){return o(t,void 0,void 0,(function(){return s(this,(function(e){return[2]}))}))};void 0!==e.postAPIHook&&(w=e.postAPIHook);var k=function(){};void 0!==e.onHandleEvent&&(k=e.onHandleEvent);var S=r({functions:function(e){return e}},e.override);return void 0!==e.enableDebugLogs&&e.enableDebugLogs&&(0,c.enableLogging)(),{apiDomain:n,apiBasePath:i,sessionTokenFrontendDomain:g,sessionExpiredStatusCode:h,invalidClaimStatusCode:p,autoAddCredentials:v,isInIframe:b,tokenTransferMethod:void 0!==e.tokenTransferMethod?e.tokenTransferMethod:"cookie",sessionTokenBackendDomain:m,preAPIHook:y,postAPIHook:w,onHandleEvent:k,override:S}},t.getNormalisedUserContext=function(e){return void 0===e?{}:e}},941:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.LockFactoryReference=void 0;var r=n(895),o=function(){function e(e){this.lockFactory=e}return e.init=function(t,n){void 0===this.instance&&(this.instance=new e(null!=t?t:function(e){return function(){return Promise.resolve(new r.default(e))}}(n)))},e.getReferenceOrThrow=function(){if(void 0===e.instance)throw new Error("SuperTokensLockReference must be initialized before calling this method.");return e.instance},e}();t.LockFactoryReference=o,t.default=o},153:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.SessionClaimValidatorStore=void 0;var n=function(){function e(){}return e.claimValidatorsAddedByOtherRecipes=[],e.addClaimValidatorFromOtherRecipe=function(t){e.claimValidatorsAddedByOtherRecipes.push(t)},e.getClaimValidatorsAddedByOtherRecipes=function(){return e.claimValidatorsAddedByOtherRecipes},e}();t.SessionClaimValidatorStore=n,t.default=n},586:function(e,t){var n=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},r=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};function o(){if("undefined"==typeof window)throw Error("If you are using this package with server-side rendering, please make sure that you are checking if the window object is defined.");return window}Object.defineProperty(t,"__esModule",{value:!0}),t.defaultWindowHandlerImplementation=void 0;var s={key:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().localStorage.key(e)]}))}))},clear:function(){return n(this,void 0,void 0,(function(){return r(this,(function(e){return[2,o().localStorage.clear()]}))}))},getItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().localStorage.getItem(e)]}))}))},removeItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().localStorage.removeItem(e)]}))}))},setItem:function(e,t){return n(this,void 0,void 0,(function(){return r(this,(function(n){return[2,o().localStorage.setItem(e,t)]}))}))},keySync:function(e){return o().localStorage.key(e)},clearSync:function(){return o().localStorage.clear()},getItemSync:function(e){return o().localStorage.getItem(e)},removeItemSync:function(e){return o().localStorage.removeItem(e)},setItemSync:function(e,t){return o().localStorage.setItem(e,t)}},i={key:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().sessionStorage.key(e)]}))}))},clear:function(){return n(this,void 0,void 0,(function(){return r(this,(function(e){return[2,o().sessionStorage.clear()]}))}))},getItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().sessionStorage.getItem(e)]}))}))},removeItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().sessionStorage.removeItem(e)]}))}))},setItem:function(e,t){return n(this,void 0,void 0,(function(){return r(this,(function(n){return[2,o().sessionStorage.setItem(e,t)]}))}))},keySync:function(e){return o().sessionStorage.key(e)},clearSync:function(){return o().sessionStorage.clear()},getItemSync:function(e){return o().sessionStorage.getItem(e)},removeItemSync:function(e){return o().sessionStorage.removeItem(e)},setItemSync:function(e,t){return o().sessionStorage.setItem(e,t)}};t.defaultWindowHandlerImplementation={history:{replaceState:function(e,t,n){return o().history.replaceState(e,t,n)},getState:function(){return o().history.state}},location:{getHref:function(){return o().location.href},setHref:function(e){o().location.href=e},getSearch:function(){return o().location.search},getHash:function(){return o().location.hash},getPathName:function(){return o().location.pathname},assign:function(e){o().location.assign(e)},getHostName:function(){return o().location.hostname},getHost:function(){return o().location.host},getOrigin:function(){return o().location.origin}},getDocument:function(){return o().document},getWindowUnsafe:function(){return o().window},localStorage:s,sessionStorage:i}},958:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.WindowHandlerReference=void 0;var r=n(586),o=function(){function e(e){var t=function(e){return e};void 0!==e&&(t=e),this.windowHandler=t(r.defaultWindowHandlerImplementation)}return e.init=function(t){void 0===e.instance&&(e.instance=new e(t))},e.getReferenceOrThrow=function(){if(void 0===e.instance)throw new Error("SuperTokensWindowHandler must be initialized before calling this method.");return e.instance},e}();t.WindowHandlerReference=o,t.default=o},255:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.supported_fdi=t.package_version=void 0,t.package_version="17.0.3",t.supported_fdi=["1.16","1.17","1.18"]},648:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.addInterceptorsToXMLHttpRequest=void 0;var s=n(379),i=n(845),a=n(958),u=n(743),c=["readystatechange","abort","error","load","loadend","loadstart","progress","timeout"];function l(e){return r(this,void 0,void 0,(function(){var t,n,r,s,i;return o(this,(function(o){switch(o.label){case 0:if(t=e.headers.get("content-type"),n="",r="text",null!==t)return[3,5];o.label=1;case 1:return o.trys.push([1,3,,4]),[4,e.text()];case 2:return n=o.sent(),[3,4];case 3:return o.sent(),n="",[3,4];case 4:return[3,9];case 5:return t.includes("application/json")?(r="json",i=(s=JSON).stringify,[4,e.json()]):[3,7];case 6:return n=i.apply(s,[o.sent()]),[3,9];case 7:return t.includes("text/")?[4,e.text()]:[3,9];case 8:n=o.sent(),o.label=9;case 9:return[2,{status:e.status,responseText:n,statusText:e.statusText,responseType:r,headers:e.headers}]}}))}))}function d(e,t){return r(this,void 0,void 0,(function(){var n,r;return o(this,(function(o){switch(o.label){case 0:return(0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: adding existing tokens as header"),[4,(0,s.getTokenForHeaderAuth)("access")];case 1:return n=o.sent(),[4,(0,s.getTokenForHeaderAuth)("refresh")];case 2:return r=o.sent(),void 0!==n&&void 0!==r?t.some((function(e){return"authorization"===e.name.toLowerCase()}))?(0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: Authorization header defined by the user, not adding"):void 0!==n&&((0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: added authorization header"),e.setRequestHeader("Authorization","Bearer ".concat(n))):(0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: token for header based auth not found"),[2]}}))}))}function f(e){return r(this,void 0,void 0,(function(){var t,n,r,a,u;return o(this,(function(o){switch(o.label){case 0:return(0,i.logDebugMessage)("saveTokensFromHeaders: Saving updated tokens from the response"),null===(t=e.get("st-refresh-token"))?[3,2]:((0,i.logDebugMessage)("saveTokensFromHeaders: saving new refresh token"),[4,(0,s.setToken)("refresh",t)]);case 1:o.sent(),o.label=2;case 2:return null===(n=e.get("st-access-token"))?[3,4]:((0,i.logDebugMessage)("saveTokensFromHeaders: saving new access token"),[4,(0,s.setToken)("access",n)]);case 3:o.sent(),o.label=4;case 4:return null===(r=e.get("front-token"))?[3,6]:((0,i.logDebugMessage)("saveTokensFromHeaders: Setting sFrontToken: "+r),[4,s.FrontToken.setItem(r)]);case 5:o.sent(),o.label=6;case 6:return null===(a=e.get("anti-csrf"))?[3,9]:[4,(0,s.getLocalSessionState)(!0)];case 7:return"EXISTS"!==(u=o.sent()).status?[3,9]:((0,i.logDebugMessage)("saveTokensFromHeaders: Setting anti-csrf token"),[4,s.AntiCsrfToken.setItem(u.lastAccessTokenUpdate,a)]);case 8:o.sent(),o.label=9;case 9:return[2]}}))}))}t.addInterceptorsToXMLHttpRequest=function(){var e=new Promise((function(e){return setTimeout(e,0)})),t=XMLHttpRequest;(0,i.logDebugMessage)("addInterceptorsToXMLHttpRequest called"),XMLHttpRequest=function(){var n=new t,g=e;function h(e){g=g.finally((function(){var t;return null===(t=e())||void 0===t?void 0:t.catch(console.error)}))}var p,v,b=this,m=[],y=[],w={},k=new Map,S="",I=!1,T=void 0;function R(e,t){var n=k.get(e);(0,i.logDebugMessage)("XHRInterceptor dispatching ".concat(t.type," to ").concat(n?n.size:0," listeners")),n&&Array.from(n).forEach((function(e){return e.apply(b,[t])}))}function D(){return r(this,void 0,void 0,(function(){var e,n;return o(this,(function(r){switch(r.label){case 0:if(void 0===T)throw new Error("Should never come here..");return(0,i.logDebugMessage)("XHRInterceptor.handleRetryPostRefreshing: preRequestLSS "+T.status),[4,(0,s.onUnauthorisedResponse)(T)];case 1:if("RETRY"!==(e=r.sent()).result){if((0,i.logDebugMessage)("XHRInterceptor.handleRetryPostRefreshing: Not retrying original request "+!!e.error),void 0!==e.error)throw e.error;return[2,!0]}return(0,i.logDebugMessage)("XHRInterceptor.handleRetryPostRefreshing: Retrying original request"),n=new t,M(b,n,!0),m.forEach((function(e){e(n)})),A(n,v),[2,!1]}}))}))}function E(e){return r(this,void 0,void 0,(function(){var t,n,r,a;return o(this,(function(o){switch(o.label){case 0:if(I)return(0,i.logDebugMessage)("XHRInterceptor.handleResponse: Returning without interception"),[2,!0];o.label=1;case 1:o.trys.push([1,14,,18]),o.label=2;case 2:return o.trys.push([2,,8,13]),(0,i.logDebugMessage)("XHRInterceptor.handleResponse: Interception started"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_RESPONSE),t=e.status,n=function(e){return new Headers(e.getAllResponseHeaders().split("\r\n").map((function(e){var t=e.indexOf(": ");return-1===t?["",""]:[e.slice(0,t),e.slice(t+2)]})).filter((function(e){return 0!==e[0].length})))}(e),[4,f(n)];case 3:return o.sent(),(0,s.fireSessionUpdateEventsIfNecessary)("EXISTS"===T.status,t,n.get("front-token")),t!==s.default.config.sessionExpiredStatusCode?[3,5]:((0,i.logDebugMessage)("responseInterceptor: Status code is: "+t),[4,D()]);case 4:return[2,o.sent()];case 5:return t!==s.default.config.invalidClaimStatusCode?[3,7]:[4,(0,s.onInvalidClaimResponse)({data:JSON.parse(e.responseText)})];case 6:o.sent(),o.label=7;case 7:return[2,!0];case 8:return(0,i.logDebugMessage)("XHRInterceptor.handleResponse: doFinallyCheck running"),[4,(0,s.getLocalSessionState)(!1)];case 9:return"EXISTS"===o.sent().status?[3,12]:((0,i.logDebugMessage)("XHRInterceptor.handleResponse: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,s.AntiCsrfToken.removeToken()]);case 10:return o.sent(),[4,s.FrontToken.removeToken()];case 11:o.sent(),o.label=12;case 12:return[7];case 13:return[3,18];case 14:return r=o.sent(),(0,i.logDebugMessage)("XHRInterceptor.handleResponse: caught error"),void 0===r.status?[3,16]:[4,l(r)];case 15:if(a=o.sent(),w.status=a.status,w.statusText=a.statusText,w.responseType=a.responseType,p=a.headers,"json"===a.responseType)try{w.response=JSON.parse(a.responseText)}catch(e){w.response=a.responseText}else w.response=a.responseText;return w.responseText=a.responseText,[3,17];case 16:R("error",new Event("error")),o.label=17;case 17:return[2,!0];case 18:return[2]}}))}))}b.onload=null,b.onreadystatechange=null,b.onloadend=null,b.addEventListener=function(e,t,n){var r=k.get(e);void 0===r&&(r=new Set,k.set(e,r)),r.add(t)},b.removeEventListener=function(e,t){var n=k.get(e);void 0===n&&(n=new Set,k.set(e,n)),n.delete(t)},b.open=function(e,t){(0,i.logDebugMessage)("XHRInterceptor.open called");var r=arguments;S=t;try{I="string"==typeof S&&!s.default.recipeImpl.shouldDoInterceptionBasedOnUrl(S,s.default.config.apiDomain,s.default.config.sessionTokenBackendDomain)||"string"!=typeof S&&!s.default.recipeImpl.shouldDoInterceptionBasedOnUrl(S.toString(),s.default.config.apiDomain,s.default.config.sessionTokenBackendDomain)}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,i.logDebugMessage)("XHRInterceptor.open: Trying shouldDoInterceptionBasedOnUrl with location.origin"),I=!s.default.recipeImpl.shouldDoInterceptionBasedOnUrl(a.default.getReferenceOrThrow().windowHandler.location.getOrigin(),s.default.config.apiDomain,s.default.config.sessionTokenBackendDomain)}h((function(){m.push((function(e){e.open.apply(e,r)})),n.open.apply(n,r)}))},b.send=function(e){A(n,v=e)},b.setRequestHeader=function(e,t){var a=this;(0,i.logDebugMessage)("XHRInterceptor.setRequestHeader: Called with ".concat(e)),I?h((function(){return n.setRequestHeader(e,t)})):"anti-csrf"!==e&&h((function(){return r(a,void 0,void 0,(function(){var r,a;return o(this,(function(o){switch(o.label){case 0:return"authorization"!==e.toLowerCase()?[3,3]:((0,i.logDebugMessage)("XHRInterceptor.setRequestHeader: checking if user provided auth header matches local token"),[4,(0,s.getTokenForHeaderAuth)("access")]);case 1:return r=o.sent(),[4,(0,s.getTokenForHeaderAuth)("refresh")];case 2:if(a=o.sent(),void 0!==r&&void 0!==a&&t==="Bearer ".concat(r))return(0,i.logDebugMessage)("XHRInterceptor.setRequestHeader: skipping Authorization from user provided headers because it contains our access token"),[2];o.label=3;case 3:return m.push((function(n){n.setRequestHeader(e,t)})),y.push({name:e,value:t}),n.setRequestHeader(e,t),[2]}}))}))}))};var x=void 0;function M(e,n,r){var o,s=["load","loadend","readystatechange"];(0,i.logDebugMessage)("XHRInterceptor.setUpXHR called");for(var a=function(e){(0,i.logDebugMessage)("XHRInterceptor added listener for event ".concat(e)),n.addEventListener(e,(function(t){(0,i.logDebugMessage)("XHRInterceptor got event ".concat(e)),s.includes(e)||R(e,t)}))},u=0,l=c;u<l.length;u++)a(l[u]);if(n.onload=function(t){void 0===o&&(o=E(n)),o.then((function(n){n&&(e.onload&&e.onload(t),R("load",t))}))},n.onreadystatechange=function(r){n.readyState===t.DONE?(void 0===o&&(o=E(n)),o.then((function(t){t&&(e.onreadystatechange&&e.onreadystatechange(r),R("readystatechange",r))}))):(e.onreadystatechange&&e.onreadystatechange(r),R("readystatechange",r))},n.onloadend=function(t){void 0===o&&(o=E(n)),o.then((function(n){n&&(e.onloadend&&e.onloadend(t),R("loadend",t))}))},e.getAllResponseHeaders=function(){var e;return p?(e="",p.forEach((function(t,n){return e+="".concat(n,": ").concat(t,"\r\n")}))):e=n.getAllResponseHeaders(),e+"x-supertokens-xhr-intercepted: true\r\n"},e.getResponseHeader=function(e){return"x-supertokens-xhr-intercepted"===e?"true":p?p.get(e):n.getResponseHeader(e)},void 0===x)for(var d in x=[],n)d in e||x.push(d);for(var f=function(t){"function"==typeof n[t]?Object.defineProperty(e,t,{configurable:!0,value:function(){var e=arguments;return r||m.push((function(n){n[t].apply(n,e)})),n[t].apply(n,e)}}):Object.defineProperty(e,t,{configurable:!0,get:function(){return void 0!==w[t]?w[t]:n[t]},set:function(e){r||m.push((function(n){n[t]=e})),(0,i.logDebugMessage)("XHRInterceptor.set[".concat(t,"] = ").concat(e)),n[t]=e}})},g=0,h=x;g<h.length;g++)f(d=h[g])}function A(e,t){var n=this;if((0,i.logDebugMessage)("XHRInterceptor.send: called"),(0,i.logDebugMessage)("XHRInterceptor.send: Value of doNotDoInterception: "+I),I)return(0,i.logDebugMessage)("XHRInterceptor.send: Returning without interception"),void h((function(){return e.send(t)}));(0,i.logDebugMessage)("XHRInterceptor.send: Interception started"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_REQUEST),h((function(){return r(n,void 0,void 0,(function(){var n,r;return o(this,(function(o){switch(o.label){case 0:return[4,(0,s.getLocalSessionState)(!0)];case 1:return"EXISTS"!==(T=o.sent()).status?[3,3]:[4,s.AntiCsrfToken.getToken(T.lastAccessTokenUpdate)];case 2:void 0!==(n=o.sent())&&((0,i.logDebugMessage)("XHRInterceptor.send: Adding anti-csrf token to request"),e.setRequestHeader("anti-csrf",n)),o.label=3;case 3:return s.default.config.autoAddCredentials&&((0,i.logDebugMessage)("XHRInterceptor.send: Adding credentials include"),b.withCredentials=!0),y.some((function(e){return"rid"===e.name}))?(0,i.logDebugMessage)("XHRInterceptor.send: rid header was already there in request"):((0,i.logDebugMessage)("XHRInterceptor.send: Adding rid header: anti-csrf"),e.setRequestHeader("rid","anti-csrf")),r=s.default.config.tokenTransferMethod,y.some((function(e){return"st-auth-mode"===e.name}))?(0,i.logDebugMessage)("XHRInterceptor.send: st-auth-mode header was already there in request"):((0,i.logDebugMessage)("XHRInterceptor.send: Adding st-auth-mode header: "+r),e.setRequestHeader("st-auth-mode",r)),[4,d(e,y)];case 4:return o.sent(),(0,i.logDebugMessage)("XHRInterceptor.send: Making user's http call"),[2,e.send(t)]}}))}))}))}M(b,n,!1)},XMLHttpRequest.__interceptedBySuperTokens=!0,XMLHttpRequest.__original=t}},895:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){e.done?o(e.value):new n((function(t){t(e.value)})).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}},s=this;Object.defineProperty(t,"__esModule",{value:!0});var i=n(142),a="browser-tabs-lock-key",u={key:function(e){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},getItem:function(e){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},clear:function(){return r(s,void 0,void 0,(function(){return o(this,(function(e){return[2,window.localStorage.clear()]}))}))},removeItem:function(e){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},setItem:function(e,t){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},keySync:function(e){return window.localStorage.key(e)},getItemSync:function(e){return window.localStorage.getItem(e)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(e){return window.localStorage.removeItem(e)},setItemSync:function(e,t){return window.localStorage.setItem(e,t)}};function c(e){return new Promise((function(t){return setTimeout(t,e)}))}function l(e){for(var t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",n="",r=0;r<e;r++)n+=t[Math.floor(Math.random()*t.length)];return n}var d=function(){function e(t){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+l(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=t,void 0===e.waiters&&(e.waiters=[])}return e.prototype.acquireLock=function(t,n){return void 0===n&&(n=5e3),r(this,void 0,void 0,(function(){var r,s,i,d,f,g,h;return o(this,(function(o){switch(o.label){case 0:r=Date.now()+l(4),s=Date.now()+n,i=a+"-"+t,d=void 0===this.storageHandler?u:this.storageHandler,o.label=1;case 1:return Date.now()<s?[4,c(30)]:[3,8];case 2:return o.sent(),null!==d.getItemSync(i)?[3,5]:(f=this.id+"-"+t+"-"+r,[4,c(Math.floor(25*Math.random()))]);case 3:return o.sent(),d.setItemSync(i,JSON.stringify({id:this.id,iat:r,timeoutKey:f,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,c(30)];case 4:return o.sent(),null!==(g=d.getItemSync(i))&&(h=JSON.parse(g)).id===this.id&&h.iat===r?(this.acquiredIatSet.add(r),this.refreshLockWhileAcquired(i,r),[2,!0]):[3,7];case 5:return e.lockCorrector(void 0===this.storageHandler?u:this.storageHandler),[4,this.waitForSomethingToChange(s)];case 6:o.sent(),o.label=7;case 7:return r=Date.now()+l(4),[3,1];case 8:return[2,!1]}}))}))},e.prototype.refreshLockWhileAcquired=function(e,t){return r(this,void 0,void 0,(function(){var n=this;return o(this,(function(s){return setTimeout((function(){return r(n,void 0,void 0,(function(){var n,r,s;return o(this,(function(o){switch(o.label){case 0:return[4,i.default().lock(t)];case 1:return o.sent(),this.acquiredIatSet.has(t)?(n=void 0===this.storageHandler?u:this.storageHandler,null===(r=n.getItemSync(e))?(i.default().unlock(t),[2]):((s=JSON.parse(r)).timeRefreshed=Date.now(),n.setItemSync(e,JSON.stringify(s)),i.default().unlock(t),this.refreshLockWhileAcquired(e,t),[2])):(i.default().unlock(t),[2])}}))}))}),1e3),[2]}))}))},e.prototype.waitForSomethingToChange=function(t){return r(this,void 0,void 0,(function(){return o(this,(function(n){switch(n.label){case 0:return[4,new Promise((function(n){var r=!1,o=Date.now(),s=!1;function i(){if(s||(window.removeEventListener("storage",i),e.removeFromWaiting(i),clearTimeout(a),s=!0),!r){r=!0;var t=50-(Date.now()-o);t>0?setTimeout(n,t):n(null)}}window.addEventListener("storage",i),e.addToWaiting(i);var a=setTimeout(i,Math.max(0,t-Date.now()))}))];case 1:return n.sent(),[2]}}))}))},e.addToWaiting=function(t){this.removeFromWaiting(t),void 0!==e.waiters&&e.waiters.push(t)},e.removeFromWaiting=function(t){void 0!==e.waiters&&(e.waiters=e.waiters.filter((function(e){return e!==t})))},e.notifyWaiters=function(){void 0!==e.waiters&&e.waiters.slice().forEach((function(e){return e()}))},e.prototype.releaseLock=function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){switch(t.label){case 0:return[4,this.releaseLock__private__(e)];case 1:return[2,t.sent()]}}))}))},e.prototype.releaseLock__private__=function(t){return r(this,void 0,void 0,(function(){var n,r,s,c;return o(this,(function(o){switch(o.label){case 0:return n=void 0===this.storageHandler?u:this.storageHandler,r=a+"-"+t,null===(s=n.getItemSync(r))?[2]:(c=JSON.parse(s)).id!==this.id?[3,2]:[4,i.default().lock(c.iat)];case 1:o.sent(),this.acquiredIatSet.delete(c.iat),n.removeItemSync(r),i.default().unlock(c.iat),e.notifyWaiters(),o.label=2;case 2:return[2]}}))}))},e.lockCorrector=function(t){for(var n=Date.now()-5e3,r=t,o=[],s=0;;){var i=r.keySync(s);if(null===i)break;o.push(i),s++}for(var u=!1,c=0;c<o.length;c++){var l=o[c];if(l.includes(a)){var d=r.getItemSync(l);if(null!==d){var f=JSON.parse(d);(void 0===f.timeRefreshed&&f.timeAcquired<n||void 0!==f.timeRefreshed&&f.timeRefreshed<n)&&(r.removeItemSync(l),u=!0)}}}u&&e.notifyWaiters()},e.waiters=void 0,e}();t.default=d},142:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});var n=function(){function e(){var e=this;this.locked=new Map,this.addToLocked=function(t,n){var r=e.locked.get(t);void 0===r?void 0===n?e.locked.set(t,[]):e.locked.set(t,[n]):void 0!==n&&(r.unshift(n),e.locked.set(t,r))},this.isLocked=function(t){return e.locked.has(t)},this.lock=function(t){return new Promise((function(n,r){e.isLocked(t)?e.addToLocked(t,n):(e.addToLocked(t),n())}))},this.unlock=function(t){var n=e.locked.get(t);if(void 0!==n&&0!==n.length){var r=n.pop();e.locked.set(t,n),void 0!==r&&setTimeout(r,0)}else e.locked.delete(t)}}return e.getInstance=function(){return void 0===e.instance&&(e.instance=new e),e.instance},e}();t.default=function(){return n.getInstance()}},225:function(e,t){var n=this&&this.__assign||function(){return n=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},n.apply(this,arguments)};Object.defineProperty(t,"__esModule",{value:!0}),t.getProxyObject=void 0,t.getProxyObject=function(e){for(var t=n(n({},e),{_call:function(e,t){throw new Error("This function should only be called through the recipe object")}}),r=function(e){"_call"!==e&&(t[e]=function(){for(var t=[],n=0;n<arguments.length;n++)t[n]=arguments[n];return this._call(e,t)})},o=0,s=Object.keys(t);o<s.length;o++)r(s[o]);return t}},333:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.OverrideableBuilder=void 0;var r=n(225),o=function(){function e(e){this.layers=[e],this.proxies=[]}return e.prototype.override=function(e){for(var t=(0,r.getProxyObject)(this.layers[0]),n=e(t,this),o=0,s=Object.keys(this.layers[0]);o<s.length;o++){var i=s[o];n[i]===t[i]||"_call"===i?delete n[i]:void 0===n[i]&&(n[i]=null)}return this.layers.push(n),this.proxies.push(t),this},e.prototype.build=function(){var e=this;if(this.result)return this.result;this.result={};for(var t=0,n=this.layers;t<n.length;t++)for(var r=n[t],o=0,s=Object.keys(r);o<s.length;o++){var i=s[o],a=r[i];void 0!==a&&(this.result[i]=null===a?void 0:"function"==typeof a?a.bind(this.result):a)}for(var u=function(t){c.proxies[t]._call=function(n,r){for(var o=t;o>=0;--o){var s=e.layers[o][n];if(null!=s)return s.bind(e.result).apply(void 0,r)}}},c=this,l=0;l<this.proxies.length;++l)u(l);return this.result},e}();t.OverrideableBuilder=o,t.default=o}},t={};function n(r){var o=t[r];if(void 0!==o)return o.exports;var s=t[r]={exports:{}};return e[r].call(s.exports,s,s.exports,n),s.exports}n.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}();var r=n(280);supertokens=r})();
\ No newline at end of file
+var supertokens;(()=>{"use strict";var e={759:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.responseErrorInterceptor=t.responseInterceptor=t.interceptorFunctionRequestFulfilled=void 0;var i=n(600),a=n(379),u=n(743),c=n(958),l=n(845);function d(e){var t=void 0===e.url?"":e.url,n=e.baseURL;return void 0!==n&&(t="/"===t.charAt(0)&&"/"===n.charAt(n.length-1)?n+t.substr(1):"/"!==t.charAt(0)&&"/"!==n.charAt(n.length-1)?n+"/"+t:n+t),t}t.interceptorFunctionRequestFulfilled=function(e){return o(this,void 0,void 0,(function(){var t,n,o,i,f,h;return s(this,(function(s){switch(s.label){case 0:(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: started axios interception"),t=d(e),n=!1;try{n="string"==typeof t&&!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(t,a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Trying shouldDoInterceptionBasedOnUrl with location.origin"),n=!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)}return(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Value of doNotDoInterception: "+n),n?((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Returning config unchanged"),[2,e]):((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Modifying config"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_REQUEST),[4,(0,a.getLocalSessionState)(!0)]);case 1:return o=s.sent(),i=e,"EXISTS"!==o.status?[3,3]:[4,a.AntiCsrfToken.getToken(o.lastAccessTokenUpdate)];case 2:void 0!==(f=s.sent())&&((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding anti-csrf token to request"),i=r(r({},i),{headers:void 0===i?{"anti-csrf":f}:r(r({},i.headers),{"anti-csrf":f})})),s.label=3;case 3:return a.default.config.autoAddCredentials&&void 0===i.withCredentials&&((0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding credentials include"),i=r(r({},i),{withCredentials:!0})),(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding rid header: anti-csrf (it may be overriden by the user's provided rid)"),i=r(r({},i),{headers:void 0===i?{rid:"anti-csrf"}:r({rid:"anti-csrf"},i.headers)}),h=a.default.config.tokenTransferMethod,(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: Adding st-auth-mode header: "+h),i.headers["st-auth-mode"]=h,[4,p(i)];case 4:return[4,g(i=s.sent())];case 5:return s.sent(),(0,l.logDebugMessage)("interceptorFunctionRequestFulfilled: returning modified config"),[2,i]}}))}))},t.responseInterceptor=function(e){var t=this;return function(n){return o(t,void 0,void 0,(function(){var t,r,o,i,g;return s(this,(function(s){switch(s.label){case 0:t=!1,s.label=1;case 1:if(s.trys.push([1,,8,14]),!a.default.initCalled)throw new Error("init function not called");(0,l.logDebugMessage)("responseInterceptor: started"),(0,l.logDebugMessage)("responseInterceptor: already intercepted: "+n.headers["x-supertokens-xhr-intercepted"]),r=d(n.config);try{t="string"==typeof r&&!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(r,a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)||!!n.headers["x-supertokens-xhr-intercepted"]}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,l.logDebugMessage)("responseInterceptor: Trying shouldDoInterceptionBasedOnUrl with location.origin"),t=!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)||!!n.headers["x-supertokens-xhr-intercepted"]}return(0,l.logDebugMessage)("responseInterceptor: Value of doNotDoInterception: "+t),t?((0,l.logDebugMessage)("responseInterceptor: Returning without interception"),[2,n]):((0,l.logDebugMessage)("responseInterceptor: Interception started"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_RESPONSE),[4,(0,a.getLocalSessionState)(!1)]);case 2:return o=s.sent(),[4,h(n)];case 3:return s.sent(),(0,a.fireSessionUpdateEventsIfNecessary)("EXISTS"===o.status,n.status,n.headers["front-token"]),n.status!==a.default.config.sessionExpiredStatusCode?[3,4]:((0,l.logDebugMessage)("responseInterceptor: Status code is: "+n.status),i=n.config,[2,f.doRequest((function(t){return e(t)}),i,r,n,void 0,!0)]);case 4:return n.status!==a.default.config.invalidClaimStatusCode?[3,6]:[4,(0,a.onInvalidClaimResponse)(n)];case 5:s.sent(),s.label=6;case 6:return[2,n];case 7:return[3,14];case 8:return(g=!t)?[4,(0,a.getLocalSessionState)(!0)]:[3,10];case 9:g=!("EXISTS"===s.sent().status),s.label=10;case 10:return g?((0,l.logDebugMessage)("responseInterceptor: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,a.AntiCsrfToken.removeToken()]):[3,13];case 11:return s.sent(),[4,a.FrontToken.removeToken()];case 12:s.sent(),s.label=13;case 13:return[7];case 14:return[2]}}))}))}},t.responseErrorInterceptor=function(e){var t=this;return function(n){return o(t,void 0,void 0,(function(){var t;return s(this,(function(r){switch(r.label){case 0:if((0,l.logDebugMessage)("responseErrorInterceptor: called"),(0,l.logDebugMessage)("responseErrorInterceptor: already intercepted: "+(n.response&&n.response.headers["x-supertokens-xhr-intercepted"])),n.response.headers["x-supertokens-xhr-intercepted"])throw n;return void 0===n.response||n.response.status!==a.default.config.sessionExpiredStatusCode?[3,1]:((0,l.logDebugMessage)("responseErrorInterceptor: Status code is: "+n.response.status),t=n.config,[2,f.doRequest((function(t){return e(t)}),t,d(t),void 0,n,!0)]);case 1:return void 0===n.response||n.response.status!==a.default.config.invalidClaimStatusCode?[3,3]:[4,(0,a.onInvalidClaimResponse)(n.response)];case 2:r.sent(),r.label=3;case 3:throw n}}))}))}};var f=function(){function e(){}var t;return t=e,e.doRequest=function(e,n,u,d,f,v){return void 0===v&&(v=!1),o(void 0,void 0,void 0,(function(){var o,b,m,y,w,k,S,I,T,R,D,E,x,M;return s(t,(function(t){switch(t.label){case 0:if(!a.default.initCalled)throw Error("init function not called");(0,l.logDebugMessage)("doRequest: called"),o=!1;try{o="string"==typeof u&&!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(u,a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)&&v}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,l.logDebugMessage)("doRequest: Trying shouldDoInterceptionBasedOnUrl with location.origin"),o=!a.default.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),a.default.config.apiDomain,a.default.config.sessionTokenBackendDomain)&&v}if((0,l.logDebugMessage)("doRequest: Value of doNotDoInterception: "+o),!o)return[3,2];if((0,l.logDebugMessage)("doRequest: Returning without interception"),void 0!==f)throw f;return void 0!==d?[2,d]:[4,e(n)];case 1:return[2,t.sent()];case 2:return(0,l.logDebugMessage)("doRequest: Interception started"),[4,p(n)];case 3:n=t.sent(),t.label=4;case 4:t.trys.push([4,,40,45]),b=void 0,t.label=5;case 5:return[4,(0,a.getLocalSessionState)(!0)];case 6:return m=t.sent(),y=n,"EXISTS"!==m.status?[3,8]:[4,a.AntiCsrfToken.getToken(m.lastAccessTokenUpdate)];case 7:void 0!==(w=t.sent())&&((0,l.logDebugMessage)("doRequest: Adding anti-csrf token to request"),y=r(r({},y),{headers:void 0===y?{"anti-csrf":w}:r(r({},y.headers),{"anti-csrf":w})})),t.label=8;case 8:return a.default.config.autoAddCredentials&&void 0===y.withCredentials&&((0,l.logDebugMessage)("doRequest: Adding credentials include"),y=r(r({},y),{withCredentials:!0})),(0,l.logDebugMessage)("doRequest: Adding rid header: anti-csrf (May get overriden by user's rid)"),y=r(r({},y),{headers:void 0===y?{rid:"anti-csrf"}:r({rid:"anti-csrf"},y.headers)}),k=a.default.config.tokenTransferMethod,(0,l.logDebugMessage)("doRequest: Adding st-auth-mode header: "+k),y.headers["st-auth-mode"]=k,[4,g(y)];case 9:t.sent(),t.label=10;case 10:if(t.trys.push([10,25,,38]),S=f,I=d,f=void 0,d=void 0,void 0!==S)throw(0,l.logDebugMessage)("doRequest: Not making call because localPrevError is not undefined"),S;return void 0!==I?(0,l.logDebugMessage)("doRequest: Not making call because localPrevResponse is not undefined"):(0,l.logDebugMessage)("doRequest: Making user's http call"),void 0!==I?[3,12]:[4,e(y)];case 11:return T=t.sent(),[3,13];case 12:T=I,t.label=13;case 13:return E=T,(0,l.logDebugMessage)("doRequest: User's http call ended"),[4,h(E)];case 14:return t.sent(),(0,a.fireSessionUpdateEventsIfNecessary)("EXISTS"===m.status,E.status,E.headers["front-token"]),E.status!==a.default.config.sessionExpiredStatusCode?[3,21]:((0,l.logDebugMessage)("doRequest: Status code is: "+E.status),[4,(0,a.onUnauthorisedResponse)(m)]);case 15:return"RETRY"===(x=t.sent()).result?[3,20]:((0,l.logDebugMessage)("doRequest: Not retrying original request"),x.error?[4,(0,i.createAxiosErrorFromFetchResp)(x.error)]:[3,17]);case 16:return R=t.sent(),[3,19];case 17:return[4,(0,i.createAxiosErrorFromAxiosResp)(E)];case 18:R=t.sent(),t.label=19;case 19:return b=R,[3,39];case 20:return(0,l.logDebugMessage)("doRequest: Retrying original request"),[3,24];case 21:return E.status!==a.default.config.invalidClaimStatusCode?[3,23]:[4,(0,a.onInvalidClaimResponse)(E)];case 22:t.sent(),t.label=23;case 23:return[2,E];case 24:return[3,38];case 25:return D=t.sent(),void 0===(E=D.response)?[3,36]:[4,h(E)];case 26:return t.sent(),(0,a.fireSessionUpdateEventsIfNecessary)("EXISTS"===m.status,E.status,E.headers["front-token"]),E.status!==a.default.config.sessionExpiredStatusCode?[3,32]:((0,l.logDebugMessage)("doRequest: Status code is: "+E.status),[4,(0,a.onUnauthorisedResponse)(m)]);case 27:return"RETRY"===(x=t.sent()).result?[3,31]:((0,l.logDebugMessage)("doRequest: Not retrying original request"),void 0===x.error?[3,29]:[4,(0,i.createAxiosErrorFromFetchResp)(x.error)]);case 28:return M=t.sent(),[3,30];case 29:M=D,t.label=30;case 30:return b=M,[3,39];case 31:return(0,l.logDebugMessage)("doRequest: Retrying original request"),[3,35];case 32:return E.status!==a.default.config.invalidClaimStatusCode?[3,34]:[4,(0,a.onInvalidClaimResponse)(E)];case 33:t.sent(),t.label=34;case 34:throw D;case 35:return[3,37];case 36:throw D;case 37:return[3,38];case 38:return[3,5];case 39:throw b;case 40:return[4,(0,a.getLocalSessionState)(!1)];case 41:return"NOT_EXISTS"!==t.sent().status?[3,44]:((0,l.logDebugMessage)("doRequest: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,a.AntiCsrfToken.removeToken()]);case 42:return t.sent(),[4,a.FrontToken.removeToken()];case 43:t.sent(),t.label=44;case 44:return[7];case 45:return[2]}}))}))},e}();function g(e){return o(this,void 0,void 0,(function(){var t,n;return s(this,(function(o){switch(o.label){case 0:return void 0===e.headers&&(e.headers={}),(0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: adding existing tokens as header"),[4,(0,a.getTokenForHeaderAuth)("access")];case 1:return t=o.sent(),[4,(0,a.getTokenForHeaderAuth)("refresh")];case 2:return n=o.sent(),void 0!==t&&void 0!==n?void 0!==e.headers.Authorization||void 0!==e.headers.authorization?(0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: Authorization header defined by the user, not adding"):((0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: added authorization header"),e.headers=r(r({},e.headers),{Authorization:"Bearer ".concat(t)}),e.__supertokensAddedAuthHeader=!0):(0,l.logDebugMessage)("setAuthorizationHeaderIfRequired: token for header based auth not found"),[2]}}))}))}function h(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i;return s(this,(function(s){switch(s.label){case 0:return(0,l.logDebugMessage)("saveTokensFromHeaders: Saving updated tokens from the response"),void 0===(t=e.headers["st-refresh-token"])?[3,2]:((0,l.logDebugMessage)("saveTokensFromHeaders: saving new refresh token"),[4,(0,a.setToken)("refresh",t)]);case 1:s.sent(),s.label=2;case 2:return void 0===(n=e.headers["st-access-token"])?[3,4]:((0,l.logDebugMessage)("saveTokensFromHeaders: saving new access token"),[4,(0,a.setToken)("access",n)]);case 3:s.sent(),s.label=4;case 4:return void 0===(r=e.headers["front-token"])?[3,6]:((0,l.logDebugMessage)("doRequest: Setting sFrontToken: "+r),[4,a.FrontToken.setItem(r)]);case 5:s.sent(),s.label=6;case 6:return void 0===(o=e.headers["anti-csrf"])?[3,9]:[4,(0,a.getLocalSessionState)(!0)];case 7:return"EXISTS"!==(i=s.sent()).status?[3,9]:((0,l.logDebugMessage)("doRequest: Setting anti-csrf token"),[4,a.AntiCsrfToken.setItem(i.lastAccessTokenUpdate,o)]);case 8:s.sent(),s.label=9;case 9:return[2]}}))}))}function p(e){return o(this,void 0,void 0,(function(){var t,n,o,i;return s(this,(function(s){switch(s.label){case 0:return[4,(0,a.getTokenForHeaderAuth)("access")];case 1:return t=s.sent(),[4,(0,a.getTokenForHeaderAuth)("refresh")];case 2:return n=s.sent(),o=e.headers.Authorization||e.headers.authorization,void 0===t||void 0===n||o!=="Bearer ".concat(t)&&!("__supertokensAddedAuthHeader"in e)?[2,e]:((0,l.logDebugMessage)("removeAuthHeaderIfMatchesLocalToken: Removing Authorization from user provided headers because it contains our access token"),delete(i=r(r({},e),{headers:r({},e.headers)})).headers.authorization,delete i.headers.Authorization,[2,i])}}))}))}t.default=f},600:function(e,t){var n=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},r=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};function o(e,t,n,r,o){return e.config=t,n&&(e.code=n),e.request=r,e.response=o,e.isAxiosError=!0,e.toJSON=function(){return{message:this.message,name:this.name,description:this.description,number:this.number,fileName:this.fileName,lineNumber:this.lineNumber,columnNumber:this.columnNumber,stack:this.stack,config:this.config,code:this.code}},e}Object.defineProperty(t,"__esModule",{value:!0}),t.createAxiosErrorFromAxiosResp=t.createAxiosErrorFromFetchResp=void 0,t.createAxiosErrorFromFetchResp=function(e){return n(this,void 0,void 0,(function(){var t,n,s,i;return r(this,(function(r){switch(r.label){case 0:if(t={url:e.url,headers:e.headers},null!==(n=e.headers.get("content-type")))return[3,5];r.label=1;case 1:return r.trys.push([1,3,,4]),[4,e.text()];case 2:return s=r.sent(),[3,4];case 3:return r.sent(),s="",[3,4];case 4:return[3,11];case 5:return n.includes("application/json")?[4,e.json()]:[3,7];case 6:return s=r.sent(),[3,11];case 7:return n.includes("text/")?[4,e.text()]:[3,9];case 8:return s=r.sent(),[3,11];case 9:return[4,e.blob()];case 10:s=r.sent(),r.label=11;case 11:return i={data:s,status:e.status,statusText:e.statusText,headers:e.headers,config:t,request:void 0},[2,o(new Error("Request failed with status code "+e.status),t,void 0,void 0,i)]}}))}))},t.createAxiosErrorFromAxiosResp=function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o(new Error("Request failed with status code "+e.status),e.config,void 0,e.request,e)]}))}))}},280:function(e,t,n){var r=this&&this.__createBinding||(Object.create?function(e,t,n,r){void 0===r&&(r=n);var o=Object.getOwnPropertyDescriptor(t,n);o&&!("get"in o?!t.__esModule:o.writable||o.configurable)||(o={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,o)}:function(e,t,n,r){void 0===r&&(r=n),e[r]=t[n]}),o=this&&this.__exportStar||function(e,t){for(var n in e)"default"===n||Object.prototype.hasOwnProperty.call(t,n)||r(t,e,n)};Object.defineProperty(t,"__esModule",{value:!0}),o(n(569),t)},491:function(e,t,n){var r,o=this&&this.__extends||(r=function(e,t){return r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},r(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function n(){this.constructor=e}r(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}),s=this&&this.__assign||function(){return s=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},s.apply(this,arguments)};Object.defineProperty(t,"__esModule",{value:!0}),t.BooleanClaim=void 0;var i=function(e){function t(t){var n=e.call(this,t)||this;return n.validators=s(s({},n.validators),{isTrue:function(e){return n.validators.hasValue(!0,e)},isFalse:function(e){return n.validators.hasValue(!1,e)}}),n}return o(t,e),t}(n(911).PrimitiveClaim);t.BooleanClaim=i},748:function(e,t){var n=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},r=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.PrimitiveArrayClaim=void 0;var o=function(){function e(e){var t=this;this.validators={includes:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:t.includes(e)?[2,{isValid:!0}]:[2,{isValid:!1,reason:{message:"wrong value",expectedToInclude:e,actualValue:t}}])}))}))}}},excludes:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToNotInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:t.includes(e)?[2,{isValid:!1,reason:{message:"wrong value",expectedToNotInclude:e,actualValue:t}}]:[2,{isValid:!0}])}))}))}}},includesAll:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n,a,u;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:(a=new Set(t),[2,(u=e.every((function(e){return a.has(e)})))?{isValid:u}:{isValid:u,reason:{message:"wrong value",expectedToInclude:e,actualValue:t}}]))}))}))}}},includesAny:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n,a,u;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:(a=new Set(t),[2,(u=e.some((function(e){return a.has(e)})))?{isValid:u}:{isValid:u,reason:{message:"wrong value",expectedToIncludeAtLeastOneOf:e,actualValue:t}}]))}))}))}}},excludesAll:function(e,o,s){return void 0===o&&(o=t.defaultMaxAgeInSeconds),{id:void 0!==s?s:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,n){return void 0===t.getValueFromPayload(e,n)||void 0!==o&&e[t.id].t<Date.now()-1e3*o},validate:function(s,i){return n(t,void 0,void 0,(function(){var t,n,a,u;return r(this,(function(r){return void 0===(t=this.getValueFromPayload(s,i))?[2,{isValid:!1,reason:{message:"value does not exist",expectedToNotInclude:e,actualValue:t}}]:(n=(Date.now()-this.getLastFetchedTime(s,i))/1e3,void 0!==o&&n>o?[2,{isValid:!1,reason:{message:"expired",ageInSeconds:n,maxAgeInSeconds:o}}]:(a=new Set(t),[2,(u=e.every((function(e){return!a.has(e)})))?{isValid:u}:{isValid:u,reason:{message:"wrong value",expectedToNotInclude:e,actualValue:t}}]))}))}))}}}},this.id=e.id,this.refresh=e.refresh,this.defaultMaxAgeInSeconds=e.defaultMaxAgeInSeconds}return e.prototype.getValueFromPayload=function(e,t){return void 0!==e[this.id]?e[this.id].v:void 0},e.prototype.getLastFetchedTime=function(e,t){return void 0!==e[this.id]?e[this.id].t:void 0},e}();t.PrimitiveArrayClaim=o},911:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.PrimitiveClaim=void 0;var n=function(){function e(e){var t=this;this.validators={hasValue:function(e,n,r){return void 0===n&&(n=t.defaultMaxAgeInSeconds),{id:void 0!==r?r:t.id,refresh:function(e){return t.refresh(e)},shouldRefresh:function(e,r){return void 0===t.getValueFromPayload(e,r)||void 0!==n&&e[t.id].t<Date.now()-1e3*n},validate:function(r,o){var s=t.getValueFromPayload(r,o);if(void 0===s)return{isValid:!1,reason:{message:"value does not exist",expectedValue:e,actualValue:s}};var i=(Date.now()-t.getLastFetchedTime(r,o))/1e3;return void 0!==n&&i>n?{isValid:!1,reason:{message:"expired",ageInSeconds:i,maxAgeInSeconds:n}}:s!==e?{isValid:!1,reason:{message:"wrong value",expectedValue:e,actualValue:s}}:{isValid:!0}}}}},this.id=e.id,this.refresh=e.refresh,this.defaultMaxAgeInSeconds=e.defaultMaxAgeInSeconds}return e.prototype.getValueFromPayload=function(e,t){return void 0!==e[this.id]?e[this.id].v:void 0},e.prototype.getLastFetchedTime=function(e,t){return void 0!==e[this.id]?e[this.id].t:void 0},e}();t.PrimitiveClaim=n},173:function(e,t){var n,r=this&&this.__extends||(n=function(e,t){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n])},n(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)});Object.defineProperty(t,"__esModule",{value:!0}),t.STGeneralError=void 0;var o=function(e){function t(t){var n=e.call(this,t)||this;return n.isSuperTokensGeneralError=!0,n}return r(t,e),t.isThisError=function(e){return!0===e.isSuperTokensGeneralError},t}(Error);t.STGeneralError=o},379:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.fireSessionUpdateEventsIfNecessary=t.setFrontToken=t.getFrontToken=t.setAntiCSRF=t.saveLastAccessTokenUpdate=t.getTokenForHeaderAuth=t.setToken=t.getStorageNameForToken=t.getLocalSessionState=t.onInvalidClaimResponse=t.onTokenUpdate=t.onUnauthorisedResponse=t.FrontToken=t.AntiCsrfToken=void 0;var i=n(743),a=n(255),u=n(501),c=n(958),l=n(941),d=n(845),f=function(){function e(){}return e.getToken=function(t){return o(this,void 0,void 0,(function(){var n;return s(this,(function(r){switch(r.label){case 0:return(0,d.logDebugMessage)("AntiCsrfToken.getToken: called"),void 0===t?(e.tokenInfo=void 0,(0,d.logDebugMessage)("AntiCsrfToken.getToken: returning undefined"),[2,void 0]):void 0!==e.tokenInfo?[3,2]:[4,A()];case 1:return null===(n=r.sent())?((0,d.logDebugMessage)("AntiCsrfToken.getToken: returning undefined"),[2,void 0]):(e.tokenInfo={antiCsrf:n,associatedAccessTokenUpdate:t},[3,4]);case 2:return e.tokenInfo.associatedAccessTokenUpdate===t?[3,4]:(e.tokenInfo=void 0,[4,e.getToken(t)]);case 3:return[2,r.sent()];case 4:return(0,d.logDebugMessage)("AntiCsrfToken.getToken: returning: "+e.tokenInfo.antiCsrf),[2,e.tokenInfo.antiCsrf]}}))}))},e.removeToken=function(){return o(this,void 0,void 0,(function(){return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("AntiCsrfToken.removeToken: called"),e.tokenInfo=void 0,[4,_(void 0)];case 1:return t.sent(),[2]}}))}))},e.setItem=function(t,n){return o(this,void 0,void 0,(function(){return s(this,(function(r){switch(r.label){case 0:return void 0===t?(e.tokenInfo=void 0,[2]):((0,d.logDebugMessage)("AntiCsrfToken.setItem: called"),[4,_(n)]);case 1:return r.sent(),e.tokenInfo={antiCsrf:n,associatedAccessTokenUpdate:t},[2]}}))}))},e}();t.AntiCsrfToken=f;var g=function(){function e(){}return e.getTokenInfo=function(){return o(this,void 0,void 0,(function(){var t,n;return s(this,(function(r){switch(r.label){case 0:return(0,d.logDebugMessage)("FrontToken.getTokenInfo: called"),[4,P()];case 1:return null!==(t=r.sent())?[3,5]:[4,k(!1)];case 2:return"EXISTS"!==r.sent().status?[3,4]:[4,new Promise((function(t){e.waiters.push(t)}))];case 3:return r.sent(),[2,e.getTokenInfo()];case 4:return[2,void 0];case 5:return n=O(t),(0,d.logDebugMessage)("FrontToken.getTokenInfo: returning ate: "+n.ate),(0,d.logDebugMessage)("FrontToken.getTokenInfo: returning uid: "+n.uid),(0,d.logDebugMessage)("FrontToken.getTokenInfo: returning up: "+n.up),[2,n]}}))}))},e.removeToken=function(){return o(this,void 0,void 0,(function(){return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("FrontToken.removeToken: called"),[4,H(void 0)];case 1:return t.sent(),[4,I("access","")];case 2:return t.sent(),[4,I("refresh","")];case 3:return t.sent(),e.waiters.forEach((function(e){return e(void 0)})),e.waiters=[],[2]}}))}))},e.setItem=function(t){return o(this,void 0,void 0,(function(){return s(this,(function(n){switch(n.label){case 0:return[4,M()];case 1:return n.sent(),"remove"===t?[2,e.removeToken()]:((0,d.logDebugMessage)("FrontToken.setItem: called"),[4,H(t)]);case 2:return n.sent(),e.waiters.forEach((function(e){return e(void 0)})),e.waiters=[],[2]}}))}))},e.doesTokenExists=function(){return o(this,void 0,void 0,(function(){return s(this,(function(e){switch(e.label){case 0:return[4,C()];case 1:return[2,null!==e.sent()]}}))}))},e.waiters=[],e}();t.FrontToken=g;var h=function(){function e(){}var t;return e.init=function(t,r){(0,d.logDebugMessage)("init: called"),(0,d.logDebugMessage)("init: Input apiBasePath: "+t.apiBasePath),(0,d.logDebugMessage)("init: Input apiDomain: "+t.apiDomain),(0,d.logDebugMessage)("init: Input autoAddCredentials: "+t.autoAddCredentials),(0,d.logDebugMessage)("init: Input sessionTokenBackendDomain: "+t.sessionTokenBackendDomain),(0,d.logDebugMessage)("init: Input isInIframe: "+t.isInIframe),(0,d.logDebugMessage)("init: Input sessionExpiredStatusCode: "+t.sessionExpiredStatusCode),(0,d.logDebugMessage)("init: Input sessionTokenFrontendDomain: "+t.sessionTokenFrontendDomain),(0,d.logDebugMessage)("init: Input tokenTransferMethod: "+t.tokenTransferMethod);var o=c.default.getReferenceOrThrow().windowHandler.getWindowUnsafe();e.env=void 0===o||void 0===o.fetch?n.g:o,e.refreshTokenUrl=t.apiDomain+t.apiBasePath+"/session/refresh",e.signOutUrl=t.apiDomain+t.apiBasePath+"/signout",e.rid="session",e.config=t,void 0===e.env.__supertokensOriginalFetch&&((0,d.logDebugMessage)("init: __supertokensOriginalFetch is undefined"),e.env.__supertokensOriginalFetch=e.env.fetch.bind(e.env),e.env.__supertokensSessionRecipe=r,e.env.fetch=e.env.__supertokensSessionRecipe.addFetchInterceptorsAndReturnModifiedFetch({originalFetch:e.env.__supertokensOriginalFetch,userContext:{}}),e.env.__supertokensSessionRecipe.addXMLHttpRequestInterceptor({userContext:{}})),e.recipeImpl=e.env.__supertokensSessionRecipe,e.initCalled=!0},t=e,e.initCalled=!1,e.doRequest=function(n,a,u){return o(void 0,void 0,void 0,(function(){var o,l,h,p,v,b,y,S,I,T,D,M,A;return s(t,(function(t){switch(t.label){case 0:if(!e.initCalled)throw Error("init function not called");(0,d.logDebugMessage)("doRequest: start of fetch interception"),o=!1;try{l=void 0,"string"==typeof u?l=u:"object"==typeof u&&("string"==typeof u.url?l=u.url:"string"==typeof u.href&&(l=u.href)),o=!e.recipeImpl.shouldDoInterceptionBasedOnUrl(l,e.config.apiDomain,e.config.sessionTokenBackendDomain)}catch(t){if("Please provide a valid domain name"!==t.message)throw t;(0,d.logDebugMessage)("doRequest: Trying shouldDoInterceptionBasedOnUrl with location.origin"),o=!e.recipeImpl.shouldDoInterceptionBasedOnUrl(c.default.getReferenceOrThrow().windowHandler.location.getOrigin(),e.config.apiDomain,e.config.sessionTokenBackendDomain)}return(0,d.logDebugMessage)("doRequest: Value of doNotDoInterception: "+o),o?((0,d.logDebugMessage)("doRequest: Returning without interception"),[4,n(a)]):[3,2];case 1:return[2,t.sent()];case 2:return(h=new Headers(void 0!==a&&void 0!==a.headers?a.headers:u.headers)).has("Authorization")?[4,R("access")]:[3,5];case 3:return p=t.sent(),[4,R("refresh")];case 4:v=t.sent(),void 0!==p&&void 0!==v&&h.get("Authorization")==="Bearer ".concat(p)&&((0,d.logDebugMessage)("doRequest: Removing Authorization from user provided headers because it contains our access token"),h.delete("Authorization")),t.label=5;case 5:(0,d.logDebugMessage)("doRequest: Interception started"),i.ProcessState.getInstance().addState(i.PROCESS_STATE.CALLING_INTERCEPTION_REQUEST),t.label=6;case 6:t.trys.push([6,,20,25]),b=void 0,t.label=7;case 7:return[4,k(!0)];case 8:return y=t.sent(),S=new Headers(h),I=r(r({},a),{headers:S}),"EXISTS"!==y.status?[3,10]:[4,f.getToken(y.lastAccessTokenUpdate)];case 9:void 0!==(T=t.sent())&&((0,d.logDebugMessage)("doRequest: Adding anti-csrf token to request"),S.set("anti-csrf",T)),t.label=10;case 10:return e.config.autoAddCredentials&&((0,d.logDebugMessage)("doRequest: Adding credentials include"),void 0===I?I={credentials:"include"}:void 0===I.credentials&&(I=r(r({},I),{credentials:"include"}))),S.has("rid")?(0,d.logDebugMessage)("doRequest: rid header was already there in request"):((0,d.logDebugMessage)("doRequest: Adding rid header: anti-csrf"),S.set("rid","anti-csrf")),D=e.config.tokenTransferMethod,(0,d.logDebugMessage)("doRequest: Adding st-auth-mode header: "+D),S.set("st-auth-mode",D),[4,E(S)];case 11:return t.sent(),(0,d.logDebugMessage)("doRequest: Making user's http call"),[4,n(I)];case 12:return M=t.sent(),(0,d.logDebugMessage)("doRequest: User's http call ended"),[4,x(M)];case 13:return t.sent(),F("EXISTS"===y.status,M.status,M.headers.get("front-token")),M.status!==e.config.sessionExpiredStatusCode?[3,15]:((0,d.logDebugMessage)("doRequest: Status code is: "+M.status),[4,m(y)]);case 14:return"RETRY"!==(A=t.sent()).result?((0,d.logDebugMessage)("doRequest: Not retrying original request"),b=void 0!==A.error?A.error:M,[3,19]):((0,d.logDebugMessage)("doRequest: Retrying original request"),[3,18]);case 15:return M.status!==e.config.invalidClaimStatusCode?[3,17]:[4,w(M)];case 16:t.sent(),t.label=17;case 17:return[2,M];case 18:return[3,7];case 19:return[2,b];case 20:return[4,k(!1)];case 21:return"NOT_EXISTS"!==t.sent().status?[3,24]:((0,d.logDebugMessage)("doRequest: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,f.removeToken()]);case 22:return t.sent(),[4,g.removeToken()];case 23:t.sent(),t.label=24;case 24:return[7];case 25:return[2]}}))}))},e.attemptRefreshingSession=function(){return o(void 0,void 0,void 0,(function(){var n;return s(t,(function(t){switch(t.label){case 0:if(!e.initCalled)throw Error("init function not called");return[4,k(!1)];case 1:return[4,m(t.sent())];case 2:if("API_ERROR"===(n=t.sent()).result)throw n.error;return[2,"RETRY"===n.result]}}))}))},e}();t.default=h;var p="st-last-access-token-update",v="sAntiCsrf",b="sFrontToken";function m(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i,u,c,p,v,b;return s(this,(function(s){switch(s.label){case 0:return[4,l.default.getReferenceOrThrow().lockFactory()];case 1:t=s.sent(),s.label=2;case 2:return(0,d.logDebugMessage)("onUnauthorisedResponse: trying to acquire lock"),[4,t.acquireLock("REFRESH_TOKEN_USE",1e3)];case 3:if(!s.sent())return[3,22];(0,d.logDebugMessage)("onUnauthorisedResponse: lock acquired"),s.label=4;case 4:return s.trys.push([4,14,16,22]),[4,k(!1)];case 5:return"NOT_EXISTS"===(n=s.sent()).status?((0,d.logDebugMessage)("onUnauthorisedResponse: Not refreshing because local session state is NOT_EXISTS"),h.config.onHandleEvent({action:"UNAUTHORISED",sessionExpiredOrRevoked:!1,userContext:{}}),[2,{result:"SESSION_EXPIRED"}]):n.status!==e.status||"EXISTS"===n.status&&"EXISTS"===e.status&&n.lastAccessTokenUpdate!==e.lastAccessTokenUpdate?((0,d.logDebugMessage)("onUnauthorisedResponse: Retrying early because pre and post id refresh tokens don't match"),[2,{result:"RETRY"}]):(r=new Headers,"EXISTS"!==e.status?[3,7]:[4,f.getToken(e.lastAccessTokenUpdate)]);case 6:void 0!==(o=s.sent())&&((0,d.logDebugMessage)("onUnauthorisedResponse: Adding anti-csrf token to refresh API call"),r.set("anti-csrf",o)),s.label=7;case 7:return(0,d.logDebugMessage)("onUnauthorisedResponse: Adding rid and fdi-versions to refresh call header"),r.set("rid",h.rid),r.set("fdi-version",a.supported_fdi.join(",")),i=h.config.tokenTransferMethod,(0,d.logDebugMessage)("onUnauthorisedResponse: Adding st-auth-mode header: "+i),r.set("st-auth-mode",i),[4,E(r,!0)];case 8:return s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Calling refresh pre API hook"),[4,h.config.preAPIHook({action:"REFRESH_SESSION",requestInit:{method:"post",credentials:"include",headers:r},url:h.refreshTokenUrl,userContext:{}})];case 9:return u=s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Making refresh call"),[4,h.env.__supertokensOriginalFetch(u.url,u.requestInit)];case 10:return c=s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Refresh call ended"),[4,x(c)];case 11:if(s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Refresh status code is: "+c.status),(p=c.status===h.config.sessionExpiredStatusCode)&&null===c.headers.get("front-token")&&g.setItem("remove"),F("EXISTS"===e.status,c.status,p&&null===c.headers.get("front-token")?"remove":c.headers.get("front-token")),c.status>=300)throw c;return[4,h.config.postAPIHook({action:"REFRESH_SESSION",fetchResponse:c.clone(),requestInit:u.requestInit,url:u.url,userContext:{}})];case 12:return s.sent(),[4,k(!1)];case 13:return"NOT_EXISTS"===s.sent().status?((0,d.logDebugMessage)("onUnauthorisedResponse: local session doesn't exist, so returning session expired"),[2,{result:"SESSION_EXPIRED"}]):(h.config.onHandleEvent({action:"REFRESH_SESSION",userContext:{}}),(0,d.logDebugMessage)("onUnauthorisedResponse: Sending RETRY signal"),[2,{result:"RETRY"}]);case 14:return v=s.sent(),[4,k(!1)];case 15:return"NOT_EXISTS"===s.sent().status?((0,d.logDebugMessage)("onUnauthorisedResponse: local session doesn't exist, so returning session expired"),[2,{result:"SESSION_EXPIRED",error:v}]):((0,d.logDebugMessage)("onUnauthorisedResponse: sending API_ERROR"),[2,{result:"API_ERROR",error:v}]);case 16:return[4,t.releaseLock("REFRESH_TOKEN_USE")];case 17:return s.sent(),(0,d.logDebugMessage)("onUnauthorisedResponse: Released lock"),[4,k(!1)];case 18:return"NOT_EXISTS"!==s.sent().status?[3,21]:((0,d.logDebugMessage)("onUnauthorisedResponse: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,f.removeToken()]);case 19:return s.sent(),[4,g.removeToken()];case 20:s.sent(),s.label=21;case 21:return[7];case 22:return[4,k(!1)];case 23:return"NOT_EXISTS"===(b=s.sent()).status?((0,d.logDebugMessage)("onUnauthorisedResponse: lock acquired failed and local session doesn't exist, so sending SESSION_EXPIRED"),[2,{result:"SESSION_EXPIRED"}]):b.status!==e.status||"EXISTS"===b.status&&"EXISTS"===e.status&&b.lastAccessTokenUpdate!==e.lastAccessTokenUpdate?((0,d.logDebugMessage)("onUnauthorisedResponse: lock acquired failed and retrying early because pre and post id refresh tokens don't match"),[2,{result:"RETRY"}]):[3,2];case 24:return[2]}}))}))}function y(){(0,d.logDebugMessage)("onTokenUpdate: firing ACCESS_TOKEN_PAYLOAD_UPDATED event"),h.config.onHandleEvent({action:"ACCESS_TOKEN_PAYLOAD_UPDATED",userContext:{}})}function w(e){return o(this,void 0,void 0,(function(){var t;return s(this,(function(n){switch(n.label){case 0:return n.trys.push([0,2,,3]),[4,h.recipeImpl.getInvalidClaimsFromResponse({response:e,userContext:{}})];case 1:return(t=n.sent())&&h.config.onHandleEvent({action:"API_INVALID_CLAIM",claimValidationErrors:t,userContext:{}}),[3,3];case 2:return n.sent(),[3,3];case 3:return[2]}}))}))}function k(e){return o(this,void 0,void 0,(function(){var t,n,r;return s(this,(function(o){switch(o.label){case 0:return(0,d.logDebugMessage)("getLocalSessionState: called"),[4,D(p)];case 1:return t=o.sent(),[4,g.doesTokenExists()];case 2:return o.sent()&&void 0!==t?((0,d.logDebugMessage)("getLocalSessionState: returning EXISTS since both frontToken and lastAccessTokenUpdate exists"),[2,{status:"EXISTS",lastAccessTokenUpdate:t}]):[3,3];case 3:return t?((0,d.logDebugMessage)("getLocalSessionState: returning NOT_EXISTS since frontToken was cleared but lastAccessTokenUpdate exists"),[2,{status:"NOT_EXISTS"}]):[3,4];case 4:return n={status:"MAY_EXIST"},e?((0,d.logDebugMessage)("getLocalSessionState: trying to refresh"),[4,m(n)]):[3,7];case 5:return"RETRY"!==(r=o.sent()).result?((0,d.logDebugMessage)("getLocalSessionState: return NOT_EXISTS in case error from backend"+r.result),[2,{status:"NOT_EXISTS"}]):((0,d.logDebugMessage)("getLocalSessionState: Retrying post refresh"),[4,k(e)]);case 6:return[2,o.sent()];case 7:return(0,d.logDebugMessage)("getLocalSessionState: returning: "+n.status),[2,n]}}))}))}function S(e){switch(e){case"access":return"st-access-token";case"refresh":return"st-refresh-token"}}function I(e,t){var n=S(e);return""!==t?((0,d.logDebugMessage)("setToken: saved ".concat(e," token into cookies")),T(n,t,Date.now()+31536e5)):((0,d.logDebugMessage)("setToken: cleared ".concat(e," token from cookies")),T(n,t,0))}function T(e,t,n){var r="Fri, 31 Dec 9999 23:59:59 GMT";n!==Number.MAX_SAFE_INTEGER&&(r=new Date(n).toUTCString());var o=h.config.sessionTokenFrontendDomain;return"localhost"===o||o===c.default.getReferenceOrThrow().windowHandler.location.getHostName()?u.default.getReferenceOrThrow().cookieHandler.setCookie("".concat(e,"=").concat(t,";expires=").concat(r,";path=/;samesite=").concat(h.config.isInIframe?"none;secure":"lax")):u.default.getReferenceOrThrow().cookieHandler.setCookie("".concat(e,"=").concat(t,";expires=").concat(r,";domain=").concat(o,";path=/;samesite=").concat(h.config.isInIframe?"none;secure":"lax"))}function R(e){return o(this,void 0,void 0,(function(){return s(this,(function(t){return[2,D(S(e))]}))}))}function D(e){return o(this,void 0,void 0,(function(){var t,n,r,o;return s(this,(function(s){switch(s.label){case 0:return n="; ",[4,u.default.getReferenceOrThrow().cookieHandler.getCookie()];case 1:return t=n+s.sent(),(r=t.split("; "+e+"=")).length>=2&&void 0!==(o=r.pop())?[2,o.split(";").shift()]:[2,void 0]}}))}))}function E(e,t){return void 0===t&&(t=!1),o(this,void 0,void 0,(function(){var n,r;return s(this,(function(o){switch(o.label){case 0:return(0,d.logDebugMessage)("setTokenHeaders: adding existing tokens as header"),[4,R("access")];case 1:return n=o.sent(),[4,R("refresh")];case 2:return r=o.sent(),!t&&void 0===n||void 0===r?(0,d.logDebugMessage)("setAuthorizationHeaderIfRequired: token for header based auth not found"):e.has("Authorization")?(0,d.logDebugMessage)("setAuthorizationHeaderIfRequired: Authorization header defined by the user, not adding"):((0,d.logDebugMessage)("setAuthorizationHeaderIfRequired: added authorization header"),e.set("Authorization","Bearer ".concat(t?r:n))),[2]}}))}))}function x(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i;return s(this,(function(s){switch(s.label){case 0:return(0,d.logDebugMessage)("saveTokensFromHeaders: Saving updated tokens from the response headers"),null===(t=e.headers.get("st-refresh-token"))?[3,2]:((0,d.logDebugMessage)("saveTokensFromHeaders: saving new refresh token"),[4,I("refresh",t)]);case 1:s.sent(),s.label=2;case 2:return null===(n=e.headers.get("st-access-token"))?[3,4]:((0,d.logDebugMessage)("saveTokensFromHeaders: saving new access token"),[4,I("access",n)]);case 3:s.sent(),s.label=4;case 4:return null===(r=e.headers.get("front-token"))?[3,6]:((0,d.logDebugMessage)("saveTokensFromHeaders: Setting sFrontToken: "+r),[4,g.setItem(r)]);case 5:s.sent(),s.label=6;case 6:return null===(o=e.headers.get("anti-csrf"))?[3,9]:[4,k(!0)];case 7:return"EXISTS"!==(i=s.sent()).status?[3,9]:((0,d.logDebugMessage)("saveTokensFromHeaders: Setting anti-csrf token"),[4,f.setItem(i.lastAccessTokenUpdate,o)]);case 8:s.sent(),s.label=9;case 9:return[2]}}))}))}function M(){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("saveLastAccessTokenUpdate: called"),e=Date.now().toString(),(0,d.logDebugMessage)("saveLastAccessTokenUpdate: setting "+e),[4,T(p,e,Number.MAX_SAFE_INTEGER)];case 1:return t.sent(),[4,T("sIRTFrontend","",0)];case 2:return t.sent(),[2]}}))}))}function A(){return o(this,void 0,void 0,(function(){function e(){return o(this,void 0,void 0,(function(){var e,t,n,r,o;return s(this,(function(s){switch(s.label){case 0:return t="; ",[4,u.default.getReferenceOrThrow().cookieHandler.getCookie()];case 1:return e=t+s.sent(),(n=e.split("; sAntiCsrf=")).length>=2&&void 0!==(r=n.pop())?void 0===(o=r.split(";").shift())?[2,null]:[2,o]:[2,null]}}))}))}var t;return s(this,(function(n){switch(n.label){case 0:return(0,d.logDebugMessage)("getAntiCSRFToken: called"),[4,k(!0)];case 1:return"EXISTS"!==n.sent().status?((0,d.logDebugMessage)("getAntiCSRFToken: Returning because local session state != EXISTS"),[2,null]):[4,e()];case 2:return t=n.sent(),(0,d.logDebugMessage)("getAntiCSRFToken: returning: "+t),[2,t]}}))}))}function _(e){return o(this,void 0,void 0,(function(){return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("setAntiCSRF: called: "+e),void 0===e?[3,2]:[4,T(v,e,Number.MAX_SAFE_INTEGER)];case 1:return t.sent(),[3,4];case 2:return[4,T(v,"",0)];case 3:t.sent(),t.label=4;case 4:return[2]}}))}))}function C(){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("getFrontTokenFromCookie: called"),[4,D(b)];case 1:return[2,void 0===(e=t.sent())?null:e]}}))}))}function O(e){return JSON.parse(decodeURIComponent(escape(atob(e))))}function P(){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,d.logDebugMessage)("getFrontToken: called"),[4,k(!0)];case 1:return"EXISTS"!==t.sent().status?((0,d.logDebugMessage)("getFrontToken: Returning because sIRTFrontend != EXISTS"),[2,null]):[4,C()];case 2:return e=t.sent(),(0,d.logDebugMessage)("getFrontToken: returning: "+e),[2,e]}}))}))}function H(e){return o(this,void 0,void 0,(function(){var t,n,r;return s(this,(function(o){switch(o.label){case 0:return(0,d.logDebugMessage)("setFrontToken: called"),[4,C()];case 1:return null!==(t=o.sent())&&void 0!==e&&(n=O(t).up,r=O(e).up,JSON.stringify(n)!==JSON.stringify(r)&&y()),void 0!==e?[3,3]:[4,T(b,"",0)];case 2:return o.sent(),[3,5];case 3:return[4,T(b,e,Number.MAX_SAFE_INTEGER)];case 4:o.sent(),o.label=5;case 5:return[2]}}))}))}function F(e,t,n){if(null!=n){var r="remove"!==n;(0,d.logDebugMessage)("fireSessionUpdateEventsIfNecessary wasLoggedIn: ".concat(e," frontTokenExistsAfter: ").concat(r," status: ").concat(t)),e?r||(t===h.config.sessionExpiredStatusCode?((0,d.logDebugMessage)("onUnauthorisedResponse: firing UNAUTHORISED event"),h.config.onHandleEvent({action:"UNAUTHORISED",sessionExpiredOrRevoked:!0,userContext:{}})):((0,d.logDebugMessage)("onUnauthorisedResponse: firing SIGN_OUT event"),h.config.onHandleEvent({action:"SIGN_OUT",userContext:{}}))):r&&((0,d.logDebugMessage)("onUnauthorisedResponse: firing SESSION_CREATED event"),h.config.onHandleEvent({action:"SESSION_CREATED",userContext:{}}))}else(0,d.logDebugMessage)("fireSessionUpdateEventsIfNecessary returning early because the front token was not updated")}t.onUnauthorisedResponse=m,t.onTokenUpdate=y,t.onInvalidClaimResponse=w,t.getLocalSessionState=k,t.getStorageNameForToken=S,t.setToken=I,t.getTokenForHeaderAuth=R,t.saveLastAccessTokenUpdate=M,t.setAntiCSRF=_,t.getFrontToken=P,t.setFrontToken=H,t.fireSessionUpdateEventsIfNecessary=F},569:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.BooleanClaim=t.PrimitiveArrayClaim=t.PrimitiveClaim=t.getInvalidClaimsFromResponse=t.getClaimValue=t.validateClaims=t.signOut=t.addAxiosInterceptors=t.doesSessionExist=t.attemptRefreshingSession=t.getAccessToken=t.getAccessTokenPayloadSecurely=t.getUserId=t.init=void 0;var s=n(379),i=n(994),a=n(333),u=n(318),c=n(501),l=n(958),d=n(941),f=n(153),g=function(){function e(){}var t;return e.init=function(t){c.default.init(t.cookieHandler),l.default.init(t.windowHandler),d.default.init(t.lockFactory,l.default.getReferenceOrThrow().windowHandler.localStorage);var n=(0,u.validateAndNormaliseInputOrThrowError)(t),r=new a.default((0,i.default)({onHandleEvent:n.onHandleEvent,preAPIHook:n.preAPIHook,postAPIHook:n.postAPIHook,sessionExpiredStatusCode:n.sessionExpiredStatusCode})).override(n.override.functions).build();s.default.init(n,r),e.axiosInterceptorQueue.forEach((function(e){e()})),e.axiosInterceptorQueue=[]},e.getUserId=function(e){return s.default.recipeImpl.getUserId({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})},e.getAccessTokenPayloadSecurely=function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){return[2,s.default.recipeImpl.getAccessTokenPayloadSecurely({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})]}))}))},t=e,e.axiosInterceptorQueue=[],e.attemptRefreshingSession=function(){return r(void 0,void 0,void 0,(function(){return o(t,(function(e){return[2,s.default.attemptRefreshingSession()]}))}))},e.doesSessionExist=function(e){return s.default.recipeImpl.doesSessionExist({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})},e.addAxiosInterceptors=function(t,n){s.default.initCalled?s.default.recipeImpl.addAxiosInterceptors({axiosInstance:t,userContext:(0,u.getNormalisedUserContext)(n)}):e.axiosInterceptorQueue.push((function(){s.default.recipeImpl.addAxiosInterceptors({axiosInstance:t,userContext:(0,u.getNormalisedUserContext)(n)})}))},e.signOut=function(e){return s.default.recipeImpl.signOut({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})},e.getInvalidClaimsFromResponse=function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){return[2,s.default.recipeImpl.getInvalidClaimsFromResponse({response:e.response,userContext:(0,u.getNormalisedUserContext)(e.userContext)})]}))}))},e.getClaimValue=function(t){return r(this,void 0,void 0,(function(){var n,r;return o(this,(function(o){switch(o.label){case 0:return n=(0,u.getNormalisedUserContext)(void 0===t?void 0:t.userContext),[4,e.getAccessTokenPayloadSecurely({userContext:n})];case 1:return r=o.sent(),[2,t.claim.getValueFromPayload(r,n)]}}))}))},e.validateClaims=function(e,t){var n=(0,u.getNormalisedUserContext)(t),r=f.SessionClaimValidatorStore.getClaimValidatorsAddedByOtherRecipes(),o=s.default.recipeImpl.getGlobalClaimValidators({claimValidatorsAddedByOtherRecipes:r,userContext:n}),i=void 0!==e?e(o,n):o;return 0===i.length?[]:s.default.recipeImpl.validateClaims({claimValidators:i,userContext:(0,u.getNormalisedUserContext)(t)})},e.getAccessToken=function(e){return r(void 0,void 0,void 0,(function(){return o(t,(function(t){switch(t.label){case 0:return[4,s.default.recipeImpl.doesSessionExist({userContext:(0,u.getNormalisedUserContext)(void 0===e?void 0:e.userContext)})];case 1:return t.sent()?[2,(0,s.getTokenForHeaderAuth)("access")]:[2,void 0]}}))}))},e}();t.default=g,t.init=g.init,t.getUserId=g.getUserId,t.getAccessTokenPayloadSecurely=g.getAccessTokenPayloadSecurely,t.getAccessToken=g.getAccessToken,t.attemptRefreshingSession=g.attemptRefreshingSession,t.doesSessionExist=g.doesSessionExist,t.addAxiosInterceptors=g.addAxiosInterceptors,t.signOut=g.signOut,t.validateClaims=g.validateClaims,t.getClaimValue=g.getClaimValue,t.getInvalidClaimsFromResponse=g.getInvalidClaimsFromResponse;var h=n(911);Object.defineProperty(t,"PrimitiveClaim",{enumerable:!0,get:function(){return h.PrimitiveClaim}});var p=n(748);Object.defineProperty(t,"PrimitiveArrayClaim",{enumerable:!0,get:function(){return p.PrimitiveArrayClaim}});var v=n(491);Object.defineProperty(t,"BooleanClaim",{enumerable:!0,get:function(){return v.BooleanClaim}})},845:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.logDebugMessage=t.disableLogging=t.enableLogging=void 0;var r=n(255),o=!1;t.enableLogging=function(){o=!0},t.disableLogging=function(){o=!1},t.logDebugMessage=function(e){o&&console.log("".concat("com.supertokens",' {t: "').concat((new Date).toISOString(),'", message: "').concat(e,'", supertokens-website-ver: "').concat(r.package_version,'"}'))}},992:(e,t)=>{function n(e){return/^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/.test(e)}Object.defineProperty(t,"__esModule",{value:!0}),t.isAnIpAddress=void 0,t.isAnIpAddress=n;function r(e,t){void 0===t&&(t=!1),e=e.trim();try{if(!e.startsWith("http://")&&!e.startsWith("https://"))throw new Error("converting to proper URL");var o=new URL(e);return t?o.hostname.startsWith("localhost")||n(o.hostname)?"http://"+o.host:"https://"+o.host:o.protocol+"//"+o.host}catch(e){}if(e.startsWith("/"))throw new Error("Please provide a valid domain name");if(0===e.indexOf(".")&&(e=e.substr(1)),(-1!==e.indexOf(".")||e.startsWith("localhost"))&&!e.startsWith("http://")&&!e.startsWith("https://")){e="https://"+e;try{return new URL(e),r(e,!0)}catch(e){}}throw new Error("Please provide a valid domain name")}t.default=function(e){var t=this;this.getAsStringDangerous=function(){return t.value},this.value=r(e)}},260:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});function n(e){e=e.trim();try{if(!e.startsWith("http://")&&!e.startsWith("https://"))throw new Error("converting to proper URL");return"/"===(e=new URL(e).pathname).charAt(e.length-1)?e.substr(0,e.length-1):e}catch(e){}if((function(e){if(-1===e.indexOf(".")||e.startsWith("/"))return!1;try{return-1!==new URL(e).hostname.indexOf(".")}catch(e){}try{return-1!==new URL("http://"+e).hostname.indexOf(".")}catch(e){}return!1}(e)||e.startsWith("localhost"))&&!e.startsWith("http://")&&!e.startsWith("https://"))return n(e="http://"+e);"/"!==e.charAt(0)&&(e="/"+e);try{return new URL("http://example.com"+e),n("http://example.com"+e)}catch(e){throw new Error("Please provide a valid URL path")}}t.default=function e(t){var r=this;this.startsWith=function(e){return r.value.startsWith(e.value)},this.appendPath=function(t){return new e(r.value+t.value)},this.getAsStringDangerous=function(){return r.value},this.value=n(t)}},743:function(e,t){var n,r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.ProcessState=t.PROCESS_STATE=void 0,(n=t.PROCESS_STATE||(t.PROCESS_STATE={}))[n.CALLING_INTERCEPTION_REQUEST=0]="CALLING_INTERCEPTION_REQUEST",n[n.CALLING_INTERCEPTION_RESPONSE=1]="CALLING_INTERCEPTION_RESPONSE";var s=function(){function e(){var e=this;this.history=[],this.addState=function(t){try{void 0!==process&&void 0!==process.env&&"testing"===process.env.TEST_MODE&&e.history.push(t)}catch(e){}},this.getEventByLastEventByName=function(t){for(var n=e.history.length-1;n>=0;n--)if(e.history[n]==t)return e.history[n]},this.reset=function(){e.history=[]},this.waitForEvent=function(t,n){return void 0===n&&(n=7e3),r(e,void 0,void 0,(function(){var e,r=this;return o(this,(function(o){return e=Date.now(),[2,new Promise((function(o){var s=r;!function r(){var i=s.getEventByLastEventByName(t);void 0===i?Date.now()-e>n?o(void 0):setTimeout(r,1e3):o(i)}()}))]}))}))}}return e.getInstance=function(){return null==e.instance&&(e.instance=new e),e.instance},e}();t.ProcessState=s},994:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0});var i=n(379),a=n(759),u=n(255),c=n(845),l=n(173),d=n(648),f=n(318);t.default=function(e){return{addXMLHttpRequestInterceptor:function(e){(0,c.logDebugMessage)("addXMLHttpRequestInterceptorAndReturnModified: called"),(0,d.addInterceptorsToXMLHttpRequest)()},addFetchInterceptorsAndReturnModifiedFetch:function(e){return(0,c.logDebugMessage)("addFetchInterceptorsAndReturnModifiedFetch: called"),function(t,n){return o(this,void 0,void 0,(function(){return s(this,(function(o){switch(o.label){case 0:return[4,i.default.doRequest((function(n){return e.originalFetch("object"==typeof t&&"clone"in t?t.clone():t,r({},n))}),n,t)];case 1:return[2,o.sent()]}}))}))}},addAxiosInterceptors:function(e){if((0,c.logDebugMessage)("addAxiosInterceptors: called"),XMLHttpRequest.__interceptedBySuperTokens)return console.warn("Not adding axios interceptor since XMLHttpRequest is already added. This is just a warning."),console.warn("Our axios and XMLHttpRequest interceptors cannot be used at the same time."),console.warn("Since XMLHttpRequest is added automatically and supports axios by default, you can just remove addAxiosInterceptors from your code."),console.warn("If you want to continue using our axios interceptor, you can override addXMLHttpRequestInterceptor with an empty function."),void(0,c.logDebugMessage)("addAxiosInterceptors: not adding, because XHR interceptors are already in place");for(var t=e.axiosInstance.interceptors.request,n=0;n<t.handlers.length;n++)if(t.handlers[n].fulfilled===a.interceptorFunctionRequestFulfilled)return void(0,c.logDebugMessage)("addAxiosInterceptors: not adding because already added on this instance");e.axiosInstance.interceptors.request.use(a.interceptorFunctionRequestFulfilled,(function(e){return o(this,void 0,void 0,(function(){return s(this,(function(t){throw e}))}))})),e.axiosInstance.interceptors.response.use((0,a.responseInterceptor)(e.axiosInstance),(0,a.responseErrorInterceptor)(e.axiosInstance))},getUserId:function(e){return o(this,void 0,void 0,(function(){var e;return s(this,(function(t){switch(t.label){case 0:return(0,c.logDebugMessage)("getUserId: called"),[4,i.FrontToken.getTokenInfo()];case 1:if(void 0===(e=t.sent()))throw new Error("No session exists");return(0,c.logDebugMessage)("getUserId: returning: "+e.uid),[2,e.uid]}}))}))},getAccessTokenPayloadSecurely:function(e){return o(this,void 0,void 0,(function(){var t;return s(this,(function(n){switch(n.label){case 0:return(0,c.logDebugMessage)("getAccessTokenPayloadSecurely: called"),[4,i.FrontToken.getTokenInfo()];case 1:if(void 0===(t=n.sent()))throw new Error("No session exists");return t.ate<Date.now()?((0,c.logDebugMessage)("getAccessTokenPayloadSecurely: access token expired. Refreshing session"),[4,i.default.attemptRefreshingSession()]):[3,5];case 2:return n.sent()?[4,this.getAccessTokenPayloadSecurely({userContext:e.userContext})]:[3,4];case 3:return[2,n.sent()];case 4:throw new Error("Could not refresh session");case 5:return(0,c.logDebugMessage)("getAccessTokenPayloadSecurely: returning: "+JSON.stringify(t.up)),[2,t.up]}}))}))},doesSessionExist:function(e){return o(this,void 0,void 0,(function(){var e,t;return s(this,(function(n){switch(n.label){case 0:return(0,c.logDebugMessage)("doesSessionExist: called"),[4,i.FrontToken.getTokenInfo()];case 1:return void 0===(e=n.sent())?((0,c.logDebugMessage)("doesSessionExist: access token does not exist locally"),[2,!1]):e.ate<Date.now()?((0,c.logDebugMessage)("doesSessionExist: access token expired. Refreshing session"),[4,(0,i.getLocalSessionState)(!1)]):[3,4];case 2:return t=n.sent(),[4,(0,i.onUnauthorisedResponse)(t)];case 3:return[2,"RETRY"===n.sent().result];case 4:return[2,!0]}}))}))},signOut:function(t){return o(this,void 0,void 0,(function(){var n,r,o,a;return s(this,(function(s){switch(s.label){case 0:return(0,c.logDebugMessage)("signOut: called"),[4,this.doesSessionExist(t)];case 1:return s.sent()?((0,c.logDebugMessage)("signOut: Calling refresh pre API hook"),[4,e.preAPIHook({action:"SIGN_OUT",requestInit:{method:"post",headers:{"fdi-version":u.supported_fdi.join(","),rid:i.default.rid}},url:i.default.signOutUrl,userContext:t.userContext})]):((0,c.logDebugMessage)("signOut: exiting early because session does not exist"),(0,c.logDebugMessage)("signOut: firing SIGN_OUT event"),e.onHandleEvent({action:"SIGN_OUT",userContext:t.userContext}),[2]);case 2:return n=s.sent(),(0,c.logDebugMessage)("signOut: Calling API"),[4,fetch(n.url,n.requestInit)];case 3:if(r=s.sent(),(0,c.logDebugMessage)("signOut: API ended"),(0,c.logDebugMessage)("signOut: API responded with status code: "+r.status),r.status===e.sessionExpiredStatusCode)return[2];if(r.status>=300)throw r;return[4,e.postAPIHook({action:"SIGN_OUT",requestInit:n.requestInit,url:n.url,fetchResponse:r.clone(),userContext:t.userContext})];case 4:return s.sent(),[4,r.clone().json()];case 5:if("GENERAL_ERROR"===(o=s.sent()).status)throw(0,c.logDebugMessage)("doRequest: Throwing general error"),a=void 0===o.message?"No Error Message Provided":o.message,new l.STGeneralError(a);return[2]}}))}))},getInvalidClaimsFromResponse:function(e){return o(this,void 0,void 0,(function(){var t;return s(this,(function(n){switch(n.label){case 0:return"body"in e.response?[4,e.response.clone().json()]:[3,2];case 1:return t=n.sent(),[3,3];case 2:t="string"==typeof e.response.data?JSON.parse(e.response.data):e.response.data,n.label=3;case 3:return[2,t.claimValidationErrors]}}))}))},getGlobalClaimValidators:function(e){return e.claimValidatorsAddedByOtherRecipes},validateClaims:function(e){return o(this,void 0,void 0,(function(){var t,n,r,o,i,a,u,c,l;return s(this,(function(s){switch(s.label){case 0:return[4,this.getAccessTokenPayloadSecurely({userContext:e.userContext})];case 1:t=s.sent(),n=0,r=e.claimValidators,s.label=2;case 2:return n<r.length?[4,(c=r[n]).shouldRefresh(t,e.userContext)]:[3,10];case 3:if(!s.sent())return[3,9];s.label=4;case 4:return s.trys.push([4,6,,7]),[4,c.refresh(e.userContext)];case 5:return s.sent(),[3,7];case 6:return o=s.sent(),console.error("Encountered an error while refreshing validator ".concat(c.id),o),[3,7];case 7:return[4,this.getAccessTokenPayloadSecurely({userContext:e.userContext})];case 8:t=s.sent(),s.label=9;case 9:return n++,[3,2];case 10:i=[],a=0,u=e.claimValidators,s.label=11;case 11:return a<u.length?[4,(c=u[a]).validate(t,e.userContext)]:[3,14];case 12:(l=s.sent()).isValid||i.push({validatorId:c.id,reason:l.reason}),s.label=13;case 13:return a++,[3,11];case 14:return[2,i]}}))}))},shouldDoInterceptionBasedOnUrl:function(e,t,n){if((0,c.logDebugMessage)("shouldDoInterceptionBasedOnUrl: toCheckUrl: "+e+" apiDomain: "+t+" sessionTokenBackendDomain: "+n),e.includes("superTokensDoNotDoInterception"))return!1;e=(0,f.normaliseURLDomainOrThrowError)(e);var r=new URL(e),o=r.hostname;if(void 0===n){o=""===r.port?o:o+":"+r.port,t=(0,f.normaliseURLDomainOrThrowError)(t);var s=new URL(t);return o===(""===s.port?s.hostname:s.hostname+":"+s.port)}var i,a=(0,f.normaliseSessionScopeOrThrowError)(n);if(n.split(":").length>1){var u=n.split(":")[n.split(":").length-1];"string"!=typeof(i=u)||isNaN(i)||isNaN(parseFloat(i))||(a+=":"+u,o=""===r.port?o:o+":"+r.port)}return n.startsWith(".")?("."+o).endsWith(a):o===a}}}},272:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.defaultCookieHandlerImplementation=void 0;var s=n(958);t.defaultCookieHandlerImplementation={getCookie:function(){return r(this,void 0,void 0,(function(){return o(this,(function(e){return[2,s.default.getReferenceOrThrow().windowHandler.getWindowUnsafe().document.cookie]}))}))},setCookie:function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){return s.default.getReferenceOrThrow().windowHandler.getWindowUnsafe().document.cookie=e,[2]}))}))}}},501:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.CookieHandlerReference=void 0;var r=n(272),o=function(){function e(e){var t=function(e){return e};void 0!==e&&(t=e),this.cookieHandler=t(r.defaultCookieHandlerImplementation)}return e.init=function(t){void 0===e.instance&&(e.instance=new e(t))},e.getReferenceOrThrow=function(){if(void 0===e.instance)throw new Error("SuperTokensCookieHandler must be initialized before calling this method.");return e.instance},e}();t.CookieHandlerReference=o,t.default=o},318:function(e,t,n){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},r.apply(this,arguments)},o=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},s=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.getNormalisedUserContext=t.validateAndNormaliseInputOrThrowError=t.normaliseSessionScopeOrThrowError=t.normaliseURLPathOrThrowError=t.normaliseURLDomainOrThrowError=void 0;var i=n(992),a=n(260),u=n(958),c=n(845);function l(e){return new i.default(e).getAsStringDangerous()}function d(e){return new a.default(e).getAsStringDangerous()}function f(e){var t=function(e){(e=e.trim().toLowerCase()).startsWith(".")&&(e=e.substr(1)),e.startsWith("http://")||e.startsWith("https://")||(e="http://"+e);try{return(e=new URL(e).hostname).startsWith(".")&&(e=e.substr(1)),e}catch(e){throw new Error("Please provide a valid sessionTokenFrontendDomain")}}(e);return"localhost"===t||(0,i.isAnIpAddress)(t)?t:e.startsWith(".")?"."+t:t}t.normaliseURLDomainOrThrowError=l,t.normaliseURLPathOrThrowError=d,t.normaliseSessionScopeOrThrowError=f,t.validateAndNormaliseInputOrThrowError=function(e){var t=this,n=l(e.apiDomain),i=d("/auth");void 0!==e.apiBasePath&&(i=d(e.apiBasePath));var a=u.default.getReferenceOrThrow().windowHandler.location.getHostName(),g=f(void 0!==e&&void 0!==e.sessionTokenFrontendDomain?e.sessionTokenFrontendDomain:a),h=401;void 0!==e.sessionExpiredStatusCode&&(h=e.sessionExpiredStatusCode);var p=403;if(void 0!==e.invalidClaimStatusCode&&(p=e.invalidClaimStatusCode),h===p)throw new Error("sessionExpiredStatusCode and invalidClaimStatusCode cannot be the same.");var v=!0;void 0!==e.autoAddCredentials&&(v=e.autoAddCredentials);var b=!1;void 0!==e.isInIframe&&(b=e.isInIframe);var m=void 0;void 0!==e.sessionTokenBackendDomain&&(m=f(e.sessionTokenBackendDomain));var y=function(e){return o(t,void 0,void 0,(function(){return s(this,(function(t){return[2,{url:e.url,requestInit:e.requestInit}]}))}))};void 0!==e.preAPIHook&&(y=e.preAPIHook);var w=function(){return o(t,void 0,void 0,(function(){return s(this,(function(e){return[2]}))}))};void 0!==e.postAPIHook&&(w=e.postAPIHook);var k=function(){};void 0!==e.onHandleEvent&&(k=e.onHandleEvent);var S=r({functions:function(e){return e}},e.override);return void 0!==e.enableDebugLogs&&e.enableDebugLogs&&(0,c.enableLogging)(),{apiDomain:n,apiBasePath:i,sessionTokenFrontendDomain:g,sessionExpiredStatusCode:h,invalidClaimStatusCode:p,autoAddCredentials:v,isInIframe:b,tokenTransferMethod:void 0!==e.tokenTransferMethod?e.tokenTransferMethod:"cookie",sessionTokenBackendDomain:m,preAPIHook:y,postAPIHook:w,onHandleEvent:k,override:S}},t.getNormalisedUserContext=function(e){return void 0===e?{}:e}},941:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.LockFactoryReference=void 0;var r=n(895),o=function(){function e(e){this.lockFactory=e}return e.init=function(t,n){void 0===this.instance&&(this.instance=new e(null!=t?t:function(e){return function(){return Promise.resolve(new r.default(e))}}(n)))},e.getReferenceOrThrow=function(){if(void 0===e.instance)throw new Error("SuperTokensLockReference must be initialized before calling this method.");return e.instance},e}();t.LockFactoryReference=o,t.default=o},153:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.SessionClaimValidatorStore=void 0;var n=function(){function e(){}return e.claimValidatorsAddedByOtherRecipes=[],e.addClaimValidatorFromOtherRecipe=function(t){e.claimValidatorsAddedByOtherRecipes.push(t)},e.getClaimValidatorsAddedByOtherRecipes=function(){return e.claimValidatorsAddedByOtherRecipes},e}();t.SessionClaimValidatorStore=n,t.default=n},586:function(e,t){var n=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},r=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};function o(){if("undefined"==typeof window)throw Error("If you are using this package with server-side rendering, please make sure that you are checking if the window object is defined.");return window}Object.defineProperty(t,"__esModule",{value:!0}),t.defaultWindowHandlerImplementation=void 0;var s={key:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().localStorage.key(e)]}))}))},clear:function(){return n(this,void 0,void 0,(function(){return r(this,(function(e){return[2,o().localStorage.clear()]}))}))},getItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().localStorage.getItem(e)]}))}))},removeItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().localStorage.removeItem(e)]}))}))},setItem:function(e,t){return n(this,void 0,void 0,(function(){return r(this,(function(n){return[2,o().localStorage.setItem(e,t)]}))}))},keySync:function(e){return o().localStorage.key(e)},clearSync:function(){return o().localStorage.clear()},getItemSync:function(e){return o().localStorage.getItem(e)},removeItemSync:function(e){return o().localStorage.removeItem(e)},setItemSync:function(e,t){return o().localStorage.setItem(e,t)}},i={key:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().sessionStorage.key(e)]}))}))},clear:function(){return n(this,void 0,void 0,(function(){return r(this,(function(e){return[2,o().sessionStorage.clear()]}))}))},getItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().sessionStorage.getItem(e)]}))}))},removeItem:function(e){return n(this,void 0,void 0,(function(){return r(this,(function(t){return[2,o().sessionStorage.removeItem(e)]}))}))},setItem:function(e,t){return n(this,void 0,void 0,(function(){return r(this,(function(n){return[2,o().sessionStorage.setItem(e,t)]}))}))},keySync:function(e){return o().sessionStorage.key(e)},clearSync:function(){return o().sessionStorage.clear()},getItemSync:function(e){return o().sessionStorage.getItem(e)},removeItemSync:function(e){return o().sessionStorage.removeItem(e)},setItemSync:function(e,t){return o().sessionStorage.setItem(e,t)}};t.defaultWindowHandlerImplementation={history:{replaceState:function(e,t,n){return o().history.replaceState(e,t,n)},getState:function(){return o().history.state}},location:{getHref:function(){return o().location.href},setHref:function(e){o().location.href=e},getSearch:function(){return o().location.search},getHash:function(){return o().location.hash},getPathName:function(){return o().location.pathname},assign:function(e){o().location.assign(e)},getHostName:function(){return o().location.hostname},getHost:function(){return o().location.host},getOrigin:function(){return o().location.origin}},getDocument:function(){return o().document},getWindowUnsafe:function(){return o().window},localStorage:s,sessionStorage:i}},958:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.WindowHandlerReference=void 0;var r=n(586),o=function(){function e(e){var t=function(e){return e};void 0!==e&&(t=e),this.windowHandler=t(r.defaultWindowHandlerImplementation)}return e.init=function(t){void 0===e.instance&&(e.instance=new e(t))},e.getReferenceOrThrow=function(){if(void 0===e.instance)throw new Error("SuperTokensWindowHandler must be initialized before calling this method.");return e.instance},e}();t.WindowHandlerReference=o,t.default=o},255:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.supported_fdi=t.package_version=void 0,t.package_version="17.0.4",t.supported_fdi=["1.16","1.17","1.18"]},648:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){var t;e.done?o(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}};Object.defineProperty(t,"__esModule",{value:!0}),t.addInterceptorsToXMLHttpRequest=void 0;var s=n(379),i=n(845),a=n(958),u=n(743),c=["readystatechange","abort","error","load","loadend","loadstart","progress","timeout"];function l(e){return r(this,void 0,void 0,(function(){var t,n,r,s,i;return o(this,(function(o){switch(o.label){case 0:if(t=e.headers.get("content-type"),n="",r="text",null!==t)return[3,5];o.label=1;case 1:return o.trys.push([1,3,,4]),[4,e.text()];case 2:return n=o.sent(),[3,4];case 3:return o.sent(),n="",[3,4];case 4:return[3,9];case 5:return t.includes("application/json")?(r="json",i=(s=JSON).stringify,[4,e.json()]):[3,7];case 6:return n=i.apply(s,[o.sent()]),[3,9];case 7:return t.includes("text/")?[4,e.text()]:[3,9];case 8:n=o.sent(),o.label=9;case 9:return[2,{status:e.status,responseText:n,statusText:e.statusText,responseType:r,headers:e.headers}]}}))}))}function d(e,t){return r(this,void 0,void 0,(function(){var n,r;return o(this,(function(o){switch(o.label){case 0:return(0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: adding existing tokens as header"),[4,(0,s.getTokenForHeaderAuth)("access")];case 1:return n=o.sent(),[4,(0,s.getTokenForHeaderAuth)("refresh")];case 2:return r=o.sent(),void 0!==n&&void 0!==r?t.some((function(e){return"authorization"===e.name.toLowerCase()}))?(0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: Authorization header defined by the user, not adding"):void 0!==n&&((0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: added authorization header"),e.setRequestHeader("Authorization","Bearer ".concat(n))):(0,i.logDebugMessage)("setAuthorizationHeaderIfRequired: token for header based auth not found"),[2]}}))}))}function f(e){return r(this,void 0,void 0,(function(){var t,n,r,a,u;return o(this,(function(o){switch(o.label){case 0:return(0,i.logDebugMessage)("saveTokensFromHeaders: Saving updated tokens from the response"),null===(t=e.get("st-refresh-token"))?[3,2]:((0,i.logDebugMessage)("saveTokensFromHeaders: saving new refresh token"),[4,(0,s.setToken)("refresh",t)]);case 1:o.sent(),o.label=2;case 2:return null===(n=e.get("st-access-token"))?[3,4]:((0,i.logDebugMessage)("saveTokensFromHeaders: saving new access token"),[4,(0,s.setToken)("access",n)]);case 3:o.sent(),o.label=4;case 4:return null===(r=e.get("front-token"))?[3,6]:((0,i.logDebugMessage)("saveTokensFromHeaders: Setting sFrontToken: "+r),[4,s.FrontToken.setItem(r)]);case 5:o.sent(),o.label=6;case 6:return null===(a=e.get("anti-csrf"))?[3,9]:[4,(0,s.getLocalSessionState)(!0)];case 7:return"EXISTS"!==(u=o.sent()).status?[3,9]:((0,i.logDebugMessage)("saveTokensFromHeaders: Setting anti-csrf token"),[4,s.AntiCsrfToken.setItem(u.lastAccessTokenUpdate,a)]);case 8:o.sent(),o.label=9;case 9:return[2]}}))}))}t.addInterceptorsToXMLHttpRequest=function(){var e=new Promise((function(e){return setTimeout(e,0)})),t=XMLHttpRequest;(0,i.logDebugMessage)("addInterceptorsToXMLHttpRequest called"),XMLHttpRequest=function(){var n=new t,g=e;function h(e){g=g.finally((function(){var t;return null===(t=e())||void 0===t?void 0:t.catch(console.error)}))}var p,v,b=this,m=[],y=[],w={},k=new Map,S="",I=!1,T=void 0;function R(e,t){var n=k.get(e);(0,i.logDebugMessage)("XHRInterceptor dispatching ".concat(t.type," to ").concat(n?n.size:0," listeners")),n&&Array.from(n).forEach((function(e){return e.apply(b,[t])}))}function D(){return r(this,void 0,void 0,(function(){var e,n;return o(this,(function(r){switch(r.label){case 0:if(void 0===T)throw new Error("Should never come here..");return(0,i.logDebugMessage)("XHRInterceptor.handleRetryPostRefreshing: preRequestLSS "+T.status),[4,(0,s.onUnauthorisedResponse)(T)];case 1:if("RETRY"!==(e=r.sent()).result){if((0,i.logDebugMessage)("XHRInterceptor.handleRetryPostRefreshing: Not retrying original request "+!!e.error),void 0!==e.error)throw e.error;return[2,!0]}return(0,i.logDebugMessage)("XHRInterceptor.handleRetryPostRefreshing: Retrying original request"),n=new t,M(b,n,!0),m.forEach((function(e){e(n)})),A(n,v),[2,!1]}}))}))}function E(e){return r(this,void 0,void 0,(function(){var t,n,r,a;return o(this,(function(o){switch(o.label){case 0:if(I)return(0,i.logDebugMessage)("XHRInterceptor.handleResponse: Returning without interception"),[2,!0];o.label=1;case 1:o.trys.push([1,14,,18]),o.label=2;case 2:return o.trys.push([2,,8,13]),(0,i.logDebugMessage)("XHRInterceptor.handleResponse: Interception started"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_RESPONSE),t=e.status,n=function(e){return new Headers(e.getAllResponseHeaders().split("\r\n").map((function(e){var t=e.indexOf(": ");return-1===t?["",""]:[e.slice(0,t),e.slice(t+2)]})).filter((function(e){return 0!==e[0].length})))}(e),[4,f(n)];case 3:return o.sent(),(0,s.fireSessionUpdateEventsIfNecessary)("EXISTS"===T.status,t,n.get("front-token")),t!==s.default.config.sessionExpiredStatusCode?[3,5]:((0,i.logDebugMessage)("responseInterceptor: Status code is: "+t),[4,D()]);case 4:return[2,o.sent()];case 5:return t!==s.default.config.invalidClaimStatusCode?[3,7]:[4,(0,s.onInvalidClaimResponse)({data:JSON.parse(e.responseText)})];case 6:o.sent(),o.label=7;case 7:return[2,!0];case 8:return(0,i.logDebugMessage)("XHRInterceptor.handleResponse: doFinallyCheck running"),[4,(0,s.getLocalSessionState)(!1)];case 9:return"EXISTS"===o.sent().status?[3,12]:((0,i.logDebugMessage)("XHRInterceptor.handleResponse: local session doesn't exist, so removing anti-csrf and sFrontToken"),[4,s.AntiCsrfToken.removeToken()]);case 10:return o.sent(),[4,s.FrontToken.removeToken()];case 11:o.sent(),o.label=12;case 12:return[7];case 13:return[3,18];case 14:return r=o.sent(),(0,i.logDebugMessage)("XHRInterceptor.handleResponse: caught error"),void 0===r.status?[3,16]:[4,l(r)];case 15:if(a=o.sent(),w.status=a.status,w.statusText=a.statusText,w.responseType=a.responseType,p=a.headers,"json"===a.responseType)try{w.response=JSON.parse(a.responseText)}catch(e){w.response=a.responseText}else w.response=a.responseText;return w.responseText=a.responseText,[3,17];case 16:R("error",new Event("error")),o.label=17;case 17:return[2,!0];case 18:return[2]}}))}))}b.onload=null,b.onreadystatechange=null,b.onloadend=null,b.addEventListener=function(e,t,n){var r=k.get(e);void 0===r&&(r=new Set,k.set(e,r)),r.add(t)},b.removeEventListener=function(e,t){var n=k.get(e);void 0===n&&(n=new Set,k.set(e,n)),n.delete(t)},b.open=function(e,t){(0,i.logDebugMessage)("XHRInterceptor.open called");var r=arguments;S=t;try{I="string"==typeof S&&!s.default.recipeImpl.shouldDoInterceptionBasedOnUrl(S,s.default.config.apiDomain,s.default.config.sessionTokenBackendDomain)||"string"!=typeof S&&!s.default.recipeImpl.shouldDoInterceptionBasedOnUrl(S.toString(),s.default.config.apiDomain,s.default.config.sessionTokenBackendDomain)}catch(e){if("Please provide a valid domain name"!==e.message)throw e;(0,i.logDebugMessage)("XHRInterceptor.open: Trying shouldDoInterceptionBasedOnUrl with location.origin"),I=!s.default.recipeImpl.shouldDoInterceptionBasedOnUrl(a.default.getReferenceOrThrow().windowHandler.location.getOrigin(),s.default.config.apiDomain,s.default.config.sessionTokenBackendDomain)}h((function(){m.push((function(e){e.open.apply(e,r)})),n.open.apply(n,r)}))},b.send=function(e){A(n,v=e)},b.setRequestHeader=function(e,t){var a=this;(0,i.logDebugMessage)("XHRInterceptor.setRequestHeader: Called with ".concat(e)),I?h((function(){return n.setRequestHeader(e,t)})):"anti-csrf"!==e&&h((function(){return r(a,void 0,void 0,(function(){var r,a;return o(this,(function(o){switch(o.label){case 0:return"authorization"!==e.toLowerCase()?[3,3]:((0,i.logDebugMessage)("XHRInterceptor.setRequestHeader: checking if user provided auth header matches local token"),[4,(0,s.getTokenForHeaderAuth)("access")]);case 1:return r=o.sent(),[4,(0,s.getTokenForHeaderAuth)("refresh")];case 2:if(a=o.sent(),void 0!==r&&void 0!==a&&t==="Bearer ".concat(r))return(0,i.logDebugMessage)("XHRInterceptor.setRequestHeader: skipping Authorization from user provided headers because it contains our access token"),[2];o.label=3;case 3:return m.push((function(n){n.setRequestHeader(e,t)})),y.push({name:e,value:t}),n.setRequestHeader(e,t),[2]}}))}))}))};var x=void 0;function M(e,n,r){var o,s=["load","loadend","readystatechange"];(0,i.logDebugMessage)("XHRInterceptor.setUpXHR called");for(var a=function(e){(0,i.logDebugMessage)("XHRInterceptor added listener for event ".concat(e)),n.addEventListener(e,(function(t){(0,i.logDebugMessage)("XHRInterceptor got event ".concat(e)),s.includes(e)||R(e,t)}))},u=0,l=c;u<l.length;u++)a(l[u]);if(n.onload=function(t){void 0===o&&(o=E(n)),o.then((function(n){n&&(e.onload&&e.onload(t),R("load",t))}))},n.onreadystatechange=function(r){n.readyState===t.DONE?(void 0===o&&(o=E(n)),o.then((function(t){t&&(e.onreadystatechange&&e.onreadystatechange(r),R("readystatechange",r))}))):(e.onreadystatechange&&e.onreadystatechange(r),R("readystatechange",r))},n.onloadend=function(t){void 0===o&&(o=E(n)),o.then((function(n){n&&(e.onloadend&&e.onloadend(t),R("loadend",t))}))},e.getAllResponseHeaders=function(){var e;return p?(e="",p.forEach((function(t,n){return e+="".concat(n,": ").concat(t,"\r\n")}))):e=n.getAllResponseHeaders(),e+"x-supertokens-xhr-intercepted: true\r\n"},e.getResponseHeader=function(e){return"x-supertokens-xhr-intercepted"===e?"true":p?p.get(e):n.getResponseHeader(e)},void 0===x)for(var d in x=[],n)d in e||x.push(d);for(var f=function(t){"function"==typeof n[t]?Object.defineProperty(e,t,{configurable:!0,value:function(){var e=arguments;return r||m.push((function(n){n[t].apply(n,e)})),n[t].apply(n,e)}}):Object.defineProperty(e,t,{configurable:!0,get:function(){return void 0!==w[t]?w[t]:n[t]},set:function(e){r||m.push((function(n){n[t]=e})),(0,i.logDebugMessage)("XHRInterceptor.set[".concat(t,"] = ").concat(e)),n[t]=e}})},g=0,h=x;g<h.length;g++)f(d=h[g])}function A(e,t){var n=this;if((0,i.logDebugMessage)("XHRInterceptor.send: called"),(0,i.logDebugMessage)("XHRInterceptor.send: Value of doNotDoInterception: "+I),I)return(0,i.logDebugMessage)("XHRInterceptor.send: Returning without interception"),void h((function(){return e.send(t)}));(0,i.logDebugMessage)("XHRInterceptor.send: Interception started"),u.ProcessState.getInstance().addState(u.PROCESS_STATE.CALLING_INTERCEPTION_REQUEST),h((function(){return r(n,void 0,void 0,(function(){var n,r;return o(this,(function(o){switch(o.label){case 0:return[4,(0,s.getLocalSessionState)(!0)];case 1:return"EXISTS"!==(T=o.sent()).status?[3,3]:[4,s.AntiCsrfToken.getToken(T.lastAccessTokenUpdate)];case 2:void 0!==(n=o.sent())&&((0,i.logDebugMessage)("XHRInterceptor.send: Adding anti-csrf token to request"),e.setRequestHeader("anti-csrf",n)),o.label=3;case 3:return s.default.config.autoAddCredentials&&((0,i.logDebugMessage)("XHRInterceptor.send: Adding credentials include"),b.withCredentials=!0),y.some((function(e){return"rid"===e.name}))?(0,i.logDebugMessage)("XHRInterceptor.send: rid header was already there in request"):((0,i.logDebugMessage)("XHRInterceptor.send: Adding rid header: anti-csrf"),e.setRequestHeader("rid","anti-csrf")),r=s.default.config.tokenTransferMethod,y.some((function(e){return"st-auth-mode"===e.name}))?(0,i.logDebugMessage)("XHRInterceptor.send: st-auth-mode header was already there in request"):((0,i.logDebugMessage)("XHRInterceptor.send: Adding st-auth-mode header: "+r),e.setRequestHeader("st-auth-mode",r)),[4,d(e,y)];case 4:return o.sent(),(0,i.logDebugMessage)("XHRInterceptor.send: Making user's http call"),[2,e.send(t)]}}))}))}))}M(b,n,!1)},XMLHttpRequest.__interceptedBySuperTokens=!0,XMLHttpRequest.__original=t}},895:function(e,t,n){var r=this&&this.__awaiter||function(e,t,n,r){return new(n||(n=Promise))((function(o,s){function i(e){try{u(r.next(e))}catch(e){s(e)}}function a(e){try{u(r.throw(e))}catch(e){s(e)}}function u(e){e.done?o(e.value):new n((function(t){t(e.value)})).then(i,a)}u((r=r.apply(e,t||[])).next())}))},o=this&&this.__generator||function(e,t){var n,r,o,s,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return s={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(s[Symbol.iterator]=function(){return this}),s;function a(s){return function(a){return function(s){if(n)throw new TypeError("Generator is already executing.");for(;i;)try{if(n=1,r&&(o=2&s[0]?r.return:s[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,s[1])).done)return o;switch(r=0,o&&(s=[2&s[0],o.value]),s[0]){case 0:case 1:o=s;break;case 4:return i.label++,{value:s[1],done:!1};case 5:i.label++,r=s[1],s=[0];continue;case 7:s=i.ops.pop(),i.trys.pop();continue;default:if(!((o=(o=i.trys).length>0&&o[o.length-1])||6!==s[0]&&2!==s[0])){i=0;continue}if(3===s[0]&&(!o||s[1]>o[0]&&s[1]<o[3])){i.label=s[1];break}if(6===s[0]&&i.label<o[1]){i.label=o[1],o=s;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(s);break}o[2]&&i.ops.pop(),i.trys.pop();continue}s=t.call(e,i)}catch(e){s=[6,e],r=0}finally{n=o=0}if(5&s[0])throw s[1];return{value:s[0]?s[1]:void 0,done:!0}}([s,a])}}},s=this;Object.defineProperty(t,"__esModule",{value:!0});var i=n(142),a="browser-tabs-lock-key",u={key:function(e){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},getItem:function(e){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},clear:function(){return r(s,void 0,void 0,(function(){return o(this,(function(e){return[2,window.localStorage.clear()]}))}))},removeItem:function(e){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},setItem:function(e,t){return r(s,void 0,void 0,(function(){return o(this,(function(e){throw new Error("Unsupported")}))}))},keySync:function(e){return window.localStorage.key(e)},getItemSync:function(e){return window.localStorage.getItem(e)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(e){return window.localStorage.removeItem(e)},setItemSync:function(e,t){return window.localStorage.setItem(e,t)}};function c(e){return new Promise((function(t){return setTimeout(t,e)}))}function l(e){for(var t="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",n="",r=0;r<e;r++)n+=t[Math.floor(Math.random()*t.length)];return n}var d=function(){function e(t){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+l(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=t,void 0===e.waiters&&(e.waiters=[])}return e.prototype.acquireLock=function(t,n){return void 0===n&&(n=5e3),r(this,void 0,void 0,(function(){var r,s,i,d,f,g,h;return o(this,(function(o){switch(o.label){case 0:r=Date.now()+l(4),s=Date.now()+n,i=a+"-"+t,d=void 0===this.storageHandler?u:this.storageHandler,o.label=1;case 1:return Date.now()<s?[4,c(30)]:[3,8];case 2:return o.sent(),null!==d.getItemSync(i)?[3,5]:(f=this.id+"-"+t+"-"+r,[4,c(Math.floor(25*Math.random()))]);case 3:return o.sent(),d.setItemSync(i,JSON.stringify({id:this.id,iat:r,timeoutKey:f,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,c(30)];case 4:return o.sent(),null!==(g=d.getItemSync(i))&&(h=JSON.parse(g)).id===this.id&&h.iat===r?(this.acquiredIatSet.add(r),this.refreshLockWhileAcquired(i,r),[2,!0]):[3,7];case 5:return e.lockCorrector(void 0===this.storageHandler?u:this.storageHandler),[4,this.waitForSomethingToChange(s)];case 6:o.sent(),o.label=7;case 7:return r=Date.now()+l(4),[3,1];case 8:return[2,!1]}}))}))},e.prototype.refreshLockWhileAcquired=function(e,t){return r(this,void 0,void 0,(function(){var n=this;return o(this,(function(s){return setTimeout((function(){return r(n,void 0,void 0,(function(){var n,r,s;return o(this,(function(o){switch(o.label){case 0:return[4,i.default().lock(t)];case 1:return o.sent(),this.acquiredIatSet.has(t)?(n=void 0===this.storageHandler?u:this.storageHandler,null===(r=n.getItemSync(e))?(i.default().unlock(t),[2]):((s=JSON.parse(r)).timeRefreshed=Date.now(),n.setItemSync(e,JSON.stringify(s)),i.default().unlock(t),this.refreshLockWhileAcquired(e,t),[2])):(i.default().unlock(t),[2])}}))}))}),1e3),[2]}))}))},e.prototype.waitForSomethingToChange=function(t){return r(this,void 0,void 0,(function(){return o(this,(function(n){switch(n.label){case 0:return[4,new Promise((function(n){var r=!1,o=Date.now(),s=!1;function i(){if(s||(window.removeEventListener("storage",i),e.removeFromWaiting(i),clearTimeout(a),s=!0),!r){r=!0;var t=50-(Date.now()-o);t>0?setTimeout(n,t):n(null)}}window.addEventListener("storage",i),e.addToWaiting(i);var a=setTimeout(i,Math.max(0,t-Date.now()))}))];case 1:return n.sent(),[2]}}))}))},e.addToWaiting=function(t){this.removeFromWaiting(t),void 0!==e.waiters&&e.waiters.push(t)},e.removeFromWaiting=function(t){void 0!==e.waiters&&(e.waiters=e.waiters.filter((function(e){return e!==t})))},e.notifyWaiters=function(){void 0!==e.waiters&&e.waiters.slice().forEach((function(e){return e()}))},e.prototype.releaseLock=function(e){return r(this,void 0,void 0,(function(){return o(this,(function(t){switch(t.label){case 0:return[4,this.releaseLock__private__(e)];case 1:return[2,t.sent()]}}))}))},e.prototype.releaseLock__private__=function(t){return r(this,void 0,void 0,(function(){var n,r,s,c;return o(this,(function(o){switch(o.label){case 0:return n=void 0===this.storageHandler?u:this.storageHandler,r=a+"-"+t,null===(s=n.getItemSync(r))?[2]:(c=JSON.parse(s)).id!==this.id?[3,2]:[4,i.default().lock(c.iat)];case 1:o.sent(),this.acquiredIatSet.delete(c.iat),n.removeItemSync(r),i.default().unlock(c.iat),e.notifyWaiters(),o.label=2;case 2:return[2]}}))}))},e.lockCorrector=function(t){for(var n=Date.now()-5e3,r=t,o=[],s=0;;){var i=r.keySync(s);if(null===i)break;o.push(i),s++}for(var u=!1,c=0;c<o.length;c++){var l=o[c];if(l.includes(a)){var d=r.getItemSync(l);if(null!==d){var f=JSON.parse(d);(void 0===f.timeRefreshed&&f.timeAcquired<n||void 0!==f.timeRefreshed&&f.timeRefreshed<n)&&(r.removeItemSync(l),u=!0)}}}u&&e.notifyWaiters()},e.waiters=void 0,e}();t.default=d},142:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0});var n=function(){function e(){var e=this;this.locked=new Map,this.addToLocked=function(t,n){var r=e.locked.get(t);void 0===r?void 0===n?e.locked.set(t,[]):e.locked.set(t,[n]):void 0!==n&&(r.unshift(n),e.locked.set(t,r))},this.isLocked=function(t){return e.locked.has(t)},this.lock=function(t){return new Promise((function(n,r){e.isLocked(t)?e.addToLocked(t,n):(e.addToLocked(t),n())}))},this.unlock=function(t){var n=e.locked.get(t);if(void 0!==n&&0!==n.length){var r=n.pop();e.locked.set(t,n),void 0!==r&&setTimeout(r,0)}else e.locked.delete(t)}}return e.getInstance=function(){return void 0===e.instance&&(e.instance=new e),e.instance},e}();t.default=function(){return n.getInstance()}},225:function(e,t){var n=this&&this.__assign||function(){return n=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e},n.apply(this,arguments)};Object.defineProperty(t,"__esModule",{value:!0}),t.getProxyObject=void 0,t.getProxyObject=function(e){for(var t=n(n({},e),{_call:function(e,t){throw new Error("This function should only be called through the recipe object")}}),r=function(e){"_call"!==e&&(t[e]=function(){for(var t=[],n=0;n<arguments.length;n++)t[n]=arguments[n];return this._call(e,t)})},o=0,s=Object.keys(t);o<s.length;o++)r(s[o]);return t}},333:(e,t,n)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.OverrideableBuilder=void 0;var r=n(225),o=function(){function e(e){this.layers=[e],this.proxies=[]}return e.prototype.override=function(e){for(var t=(0,r.getProxyObject)(this.layers[0]),n=e(t,this),o=0,s=Object.keys(this.layers[0]);o<s.length;o++){var i=s[o];n[i]===t[i]||"_call"===i?delete n[i]:void 0===n[i]&&(n[i]=null)}return this.layers.push(n),this.proxies.push(t),this},e.prototype.build=function(){var e=this;if(this.result)return this.result;this.result={};for(var t=0,n=this.layers;t<n.length;t++)for(var r=n[t],o=0,s=Object.keys(r);o<s.length;o++){var i=s[o],a=r[i];void 0!==a&&(this.result[i]=null===a?void 0:"function"==typeof a?a.bind(this.result):a)}for(var u=function(t){c.proxies[t]._call=function(n,r){for(var o=t;o>=0;--o){var s=e.layers[o][n];if(null!=s)return s.bind(e.result).apply(void 0,r)}}},c=this,l=0;l<this.proxies.length;++l)u(l);return this.result},e}();t.OverrideableBuilder=o,t.default=o}},t={};function n(r){var o=t[r];if(void 0!==o)return o.exports;var s=t[r]={exports:{}};return e[r].call(s.exports,s,s.exports,n),s.exports}n.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}();var r=n(280);supertokens=r})();
\ No newline at end of file
diff --git a/lib/build/version.d.ts b/lib/build/version.d.ts
index 6539c36f..2ccb3936 100644
--- a/lib/build/version.d.ts
+++ b/lib/build/version.d.ts
@@ -1,2 +1,2 @@
-export declare const package_version = "17.0.3";
+export declare const package_version = "17.0.4";
 export declare const supported_fdi: string[];
diff --git a/lib/build/version.js b/lib/build/version.js
index db89333b..f0cdb9ae 100644
--- a/lib/build/version.js
+++ b/lib/build/version.js
@@ -15,5 +15,5 @@ exports.supported_fdi = exports.package_version = void 0;
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-exports.package_version = "17.0.3";
+exports.package_version = "17.0.4";
 exports.supported_fdi = ["1.16", "1.17", "1.18"];
diff --git a/lib/ts/version.ts b/lib/ts/version.ts
index ccfbe55c..2df5b271 100644
--- a/lib/ts/version.ts
+++ b/lib/ts/version.ts
@@ -12,6 +12,6 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-export const package_version = "17.0.3";
+export const package_version = "17.0.4";
 
 export const supported_fdi = ["1.16", "1.17", "1.18"];
diff --git a/package-lock.json b/package-lock.json
index a6c08d47..8d148627 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "supertokens-website",
-  "version": "17.0.3",
+  "version": "17.0.4",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "supertokens-website",
-      "version": "17.0.3",
+      "version": "17.0.4",
       "license": "Apache-2.0",
       "dependencies": {
         "browser-tabs-lock": "^1.3.0",
diff --git a/package.json b/package.json
index 55bc0ed0..a6334893 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "supertokens-website",
-  "version": "17.0.3",
+  "version": "17.0.4",
   "description": "frontend sdk for website to be used for auth solution.",
   "main": "index.js",
   "dependencies": {