@alien_org/sso-sdk-core 1.0.20 → 1.0.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.esm.js +77 -74
- package/dist/index.umd.js +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
"use strict";var h=(d,e,o)=>new Promise((r
|
|
1
|
+
"use strict";var h=(d,e,o)=>new Promise((s,r)=>{var a=l=>{try{c(o.next(l))}catch(S){r(S)}},n=l=>{try{c(o.throw(l))}catch(S){r(S)}},c=l=>l.done?s(l.value):Promise.resolve(l.value).then(a,n);c((o=o.apply(d,e)).next())});Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const t=require("zod/v4-mini"),I=require("js-sha256"),y=t.z.object({deep_link:t.z.string(),polling_code:t.z.string(),expired_at:t.z.number()}),T=t.z.object({polling_code:t.z.string()}),j=["pending","authorized","rejected","expired"],x=t.z.enum(j),z=t.z.object({status:x,authorization_code:t.z.optional(t.z.string())}),m=t.z.object({access_token:t.z.string(),token_type:t.z.string(),expires_in:t.z.number(),id_token:t.z.optional(t.z.string()),refresh_token:t.z.string()}),A=t.z.object({sub:t.z.string()}),R=t.z.object({iss:t.z.string(),sub:t.z.string(),aud:t.z.union([t.z.string(),t.z.array(t.z.string())]),exp:t.z.number(),iat:t.z.number(),nonce:t.z.optional(t.z.string()),auth_time:t.z.optional(t.z.number())}),E=m;function _(d){return btoa(d).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function w(d){let e=d.replace(/-/g,"+").replace(/_/g,"/");for(;e.length%4;)e+="=";return atob(e)}const v="https://sso.alien.com",P=5e3,i="alien-sso_",g=i+"refresh_token",p=i+"token_expiry",f=(d,e)=>new URL(e,d).toString(),b=t.z.object({ssoBaseUrl:t.z.url(),providerAddress:t.z.string(),pollingInterval:t.z.optional(t.z.number())}),u=class u{constructor(e){this.config=b.parse(e),this.ssoBaseUrl=this.config.ssoBaseUrl||v,this.providerAddress=this.config.providerAddress,this.pollingInterval=this.config.pollingInterval||P}generateCodeVerifier(e=128){let o;const s=typeof window!="undefined"&&window.crypto;if(s&&s.getRandomValues)o=new Uint8Array(e),s.getRandomValues(o);else{o=new Uint8Array(e);for(let a=0;a<e;a++)o[a]=Math.floor(Math.random()*256)}let r="";for(let a=0;a<o.length;a++)r+=String.fromCharCode(o[a]);return _(r)}generateCodeChallenge(e){const o=I.sha256.array(e),s=String.fromCharCode(...o);return _(s)}generateDeeplink(){return h(this,null,function*(){const e=this.generateCodeVerifier(),o=this.generateCodeChallenge(e);sessionStorage.setItem(i+"code_verifier",e);const s=new URLSearchParams({response_type:"code",response_mode:"json",client_id:this.providerAddress,scope:"openid",code_challenge:o,code_challenge_method:"S256"}),r=`${this.config.ssoBaseUrl}/oauth/authorize?${s.toString()}`,a=yield fetch(r,{method:"GET"});if(!a.ok){const c=yield a.json().catch(()=>({error:a.statusText}));throw new Error(`Authorize failed: ${c.error_description||c.error||a.statusText}`)}const n=yield a.json();return y.parse(n)})}pollAuth(e){return h(this,null,function*(){const o={polling_code:e};T.parse(o);const s=yield fetch(f(this.config.ssoBaseUrl,"/oauth/poll"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(o)});if(!s.ok)throw new Error(`Poll failed: ${s.statusText}`);const r=yield s.json();return z.parse(r)})}exchangeToken(e){return h(this,null,function*(){const o=sessionStorage.getItem(i+"code_verifier");if(!o)throw new Error("Missing code verifier.");const s=new URLSearchParams({grant_type:"authorization_code",code:e,client_id:this.providerAddress,code_verifier:o}),r=yield fetch(f(this.config.ssoBaseUrl,"/oauth/token"),{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:s.toString()});if(!r.ok){const l=yield r.json().catch(()=>({error:r.statusText}));throw new Error(`Token exchange failed: ${l.error_description||l.error||r.statusText}`)}const a=yield r.json(),n=m.parse(a);localStorage.setItem(i+"access_token",n.access_token),n.id_token&&localStorage.setItem(i+"id_token",n.id_token),localStorage.setItem(g,n.refresh_token);const c=Date.now()+n.expires_in*1e3;return localStorage.setItem(p,c.toString()),sessionStorage.removeItem(i+"code_verifier"),n})}verifyAuth(){return h(this,null,function*(){return this.withAutoRefresh(()=>h(this,null,function*(){const e=this.getAccessToken();if(!e)return null;const o=yield fetch(f(this.config.ssoBaseUrl,"/oauth/userinfo"),{method:"GET",headers:{Authorization:`Bearer ${e}`}});if(!o.ok){if(o.status===401){const r=new Error("Unauthorized");throw r.response={status:401},r}return null}const s=yield o.json();return A.parse(s)}))})}getAccessToken(){return localStorage.getItem(i+"access_token")}getIdToken(){return localStorage.getItem(i+"id_token")}getAuthData(){const e=this.getIdToken()||this.getAccessToken();if(!e)return null;const o=e.split(".");if(o.length!==3)return null;let s;try{const n=w(o[0]);s=JSON.parse(n)}catch(n){return null}if(s.alg!=="RS256"||s.typ!=="JWT")return null;let r;try{const n=JSON.parse(w(o[1]));r=R.parse(n)}catch(n){return null}return(Array.isArray(r.aud)?r.aud:[r.aud]).includes(this.providerAddress)?r:null}getSubject(){const e=this.getAuthData();return(e==null?void 0:e.sub)||null}isTokenExpired(){const e=this.getAuthData();return e?Date.now()/1e3>e.exp:!0}logout(){localStorage.removeItem(i+"access_token"),localStorage.removeItem(i+"id_token"),localStorage.removeItem(g),localStorage.removeItem(p),sessionStorage.removeItem(i+"code_verifier")}getRefreshToken(){return localStorage.getItem(g)}hasRefreshToken(){return!!this.getRefreshToken()}isAccessTokenExpired(){const e=localStorage.getItem(p);if(!e)return!0;const o=parseInt(e,10),s=Date.now(),r=300*1e3;return s>=o-r}refreshAccessToken(){return h(this,null,function*(){return u.refreshPromise||(u.refreshPromise=this.doRefreshAccessToken().finally(()=>{u.refreshPromise=null})),u.refreshPromise})}doRefreshAccessToken(){return h(this,null,function*(){const e=this.getRefreshToken();if(console.log("[AlienSsoClient] doRefreshAccessToken, hasRefreshToken:",!!e),!e)throw new Error("No refresh token available");const o=new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:this.providerAddress}),s=yield fetch(f(this.config.ssoBaseUrl,"/oauth/token"),{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:o.toString()});if(console.log("[AlienSsoClient] /oauth/token response status:",s.status),!s.ok){const c=yield s.json().catch(()=>({error:s.statusText}));throw console.log("[AlienSsoClient] /oauth/token error:",c),this.logout(),new Error(`Token refresh failed: ${c.error_description||c.error||s.statusText}`)}const r=yield s.json();console.log("[AlienSsoClient] /oauth/token json keys:",Object.keys(r));const a=m.parse(r);localStorage.setItem(i+"access_token",a.access_token),a.id_token&&localStorage.setItem(i+"id_token",a.id_token),localStorage.setItem(g,a.refresh_token);const n=Date.now()+a.expires_in*1e3;return localStorage.setItem(p,n.toString()),a})}withAutoRefresh(e,o=1){return h(this,null,function*(){var s,r,a;try{return yield e()}catch(n){if((((s=n==null?void 0:n.response)==null?void 0:s.status)===401||((r=n==null?void 0:n.message)==null?void 0:r.includes("401"))||((a=n==null?void 0:n.message)==null?void 0:a.includes("Unauthorized")))&&o>0&&this.hasRefreshToken())try{return yield this.refreshAccessToken(),yield e()}catch(l){throw n}throw n}})}};u.refreshPromise=null;let k=u;exports.AlienSsoClient=k;exports.AlienSsoClientSchema=b;exports.AuthorizeResponseSchema=y;exports.ExchangeCodeResponseSchema=E;exports.PollRequestSchema=T;exports.PollResponseSchema=z;exports.TokenInfoSchema=R;exports.TokenResponseSchema=m;exports.UserInfoResponseSchema=A;
|
package/dist/index.d.ts
CHANGED
|
@@ -111,7 +111,7 @@ export declare const ExchangeCodeResponseSchema: z.ZodMiniObject<{
|
|
|
111
111
|
access_token: z.ZodMiniString<string>;
|
|
112
112
|
token_type: z.ZodMiniString<string>;
|
|
113
113
|
expires_in: z.ZodMiniNumber<number>;
|
|
114
|
-
id_token: z.ZodMiniString<string
|
|
114
|
+
id_token: z.ZodMiniOptional<z.ZodMiniString<string>>;
|
|
115
115
|
refresh_token: z.ZodMiniString<string>;
|
|
116
116
|
}, z.core.$strip>;
|
|
117
117
|
|
|
@@ -169,7 +169,7 @@ export declare const TokenResponseSchema: z.ZodMiniObject<{
|
|
|
169
169
|
access_token: z.ZodMiniString<string>;
|
|
170
170
|
token_type: z.ZodMiniString<string>;
|
|
171
171
|
expires_in: z.ZodMiniNumber<number>;
|
|
172
|
-
id_token: z.ZodMiniString<string
|
|
172
|
+
id_token: z.ZodMiniOptional<z.ZodMiniString<string>>;
|
|
173
173
|
refresh_token: z.ZodMiniString<string>;
|
|
174
174
|
}, z.core.$strip>;
|
|
175
175
|
|
package/dist/index.esm.js
CHANGED
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
var h = (u, e,
|
|
1
|
+
var h = (u, e, o) => new Promise((r, s) => {
|
|
2
2
|
var a = (l) => {
|
|
3
3
|
try {
|
|
4
|
-
c(
|
|
4
|
+
c(o.next(l));
|
|
5
5
|
} catch (m) {
|
|
6
6
|
s(m);
|
|
7
7
|
}
|
|
8
8
|
}, n = (l) => {
|
|
9
9
|
try {
|
|
10
|
-
c(
|
|
10
|
+
c(o.throw(l));
|
|
11
11
|
} catch (m) {
|
|
12
12
|
s(m);
|
|
13
13
|
}
|
|
14
|
-
}, c = (l) => l.done ?
|
|
15
|
-
c((
|
|
14
|
+
}, c = (l) => l.done ? r(l.value) : Promise.resolve(l.value).then(a, n);
|
|
15
|
+
c((o = o.apply(u, e)).next());
|
|
16
16
|
});
|
|
17
17
|
import { z as t } from "zod/v4-mini";
|
|
18
18
|
import { sha256 as y } from "js-sha256";
|
|
@@ -20,20 +20,21 @@ const T = t.object({
|
|
|
20
20
|
deep_link: t.string(),
|
|
21
21
|
polling_code: t.string(),
|
|
22
22
|
expired_at: t.number()
|
|
23
|
-
}),
|
|
23
|
+
}), A = t.object({
|
|
24
24
|
polling_code: t.string()
|
|
25
|
-
}),
|
|
26
|
-
status:
|
|
25
|
+
}), b = ["pending", "authorized", "rejected", "expired"], R = t.enum(b), I = t.object({
|
|
26
|
+
status: R,
|
|
27
27
|
authorization_code: t.optional(t.string())
|
|
28
28
|
}), k = t.object({
|
|
29
29
|
access_token: t.string(),
|
|
30
30
|
token_type: t.string(),
|
|
31
31
|
expires_in: t.number(),
|
|
32
|
-
id_token: t.string(),
|
|
32
|
+
id_token: t.optional(t.string()),
|
|
33
|
+
// Optional - not returned on refresh_token grant
|
|
33
34
|
refresh_token: t.string()
|
|
34
|
-
}), x = t.object({
|
|
35
|
-
sub: t.string()
|
|
36
35
|
}), j = t.object({
|
|
36
|
+
sub: t.string()
|
|
37
|
+
}), x = t.object({
|
|
37
38
|
iss: t.string(),
|
|
38
39
|
sub: t.string(),
|
|
39
40
|
aud: t.union([t.string(), t.array(t.string())]),
|
|
@@ -42,7 +43,7 @@ const T = t.object({
|
|
|
42
43
|
nonce: t.optional(t.string()),
|
|
43
44
|
auth_time: t.optional(t.number())
|
|
44
45
|
}), z = k;
|
|
45
|
-
function
|
|
46
|
+
function S(u) {
|
|
46
47
|
return btoa(u).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
|
|
47
48
|
}
|
|
48
49
|
function _(u) {
|
|
@@ -60,23 +61,23 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
60
61
|
this.config = U.parse(e), this.ssoBaseUrl = this.config.ssoBaseUrl || E, this.providerAddress = this.config.providerAddress, this.pollingInterval = this.config.pollingInterval || v;
|
|
61
62
|
}
|
|
62
63
|
generateCodeVerifier(e = 128) {
|
|
63
|
-
let
|
|
64
|
-
const
|
|
65
|
-
if (
|
|
66
|
-
|
|
64
|
+
let o;
|
|
65
|
+
const r = typeof window != "undefined" && window.crypto;
|
|
66
|
+
if (r && r.getRandomValues)
|
|
67
|
+
o = new Uint8Array(e), r.getRandomValues(o);
|
|
67
68
|
else {
|
|
68
|
-
|
|
69
|
+
o = new Uint8Array(e);
|
|
69
70
|
for (let a = 0; a < e; a++)
|
|
70
|
-
|
|
71
|
+
o[a] = Math.floor(Math.random() * 256);
|
|
71
72
|
}
|
|
72
73
|
let s = "";
|
|
73
|
-
for (let a = 0; a <
|
|
74
|
-
s += String.fromCharCode(
|
|
75
|
-
return
|
|
74
|
+
for (let a = 0; a < o.length; a++)
|
|
75
|
+
s += String.fromCharCode(o[a]);
|
|
76
|
+
return S(s);
|
|
76
77
|
}
|
|
77
78
|
generateCodeChallenge(e) {
|
|
78
|
-
const
|
|
79
|
-
return
|
|
79
|
+
const o = y.array(e), r = String.fromCharCode(...o);
|
|
80
|
+
return S(r);
|
|
80
81
|
}
|
|
81
82
|
/**
|
|
82
83
|
* Initiates OAuth2 authorization flow with response_mode=json for SPA
|
|
@@ -84,16 +85,16 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
84
85
|
*/
|
|
85
86
|
generateDeeplink() {
|
|
86
87
|
return h(this, null, function* () {
|
|
87
|
-
const e = this.generateCodeVerifier(),
|
|
88
|
+
const e = this.generateCodeVerifier(), o = this.generateCodeChallenge(e);
|
|
88
89
|
sessionStorage.setItem(i + "code_verifier", e);
|
|
89
|
-
const
|
|
90
|
+
const r = new URLSearchParams({
|
|
90
91
|
response_type: "code",
|
|
91
92
|
response_mode: "json",
|
|
92
93
|
client_id: this.providerAddress,
|
|
93
94
|
scope: "openid",
|
|
94
|
-
code_challenge:
|
|
95
|
+
code_challenge: o,
|
|
95
96
|
code_challenge_method: "S256"
|
|
96
|
-
}), s = `${this.config.ssoBaseUrl}/oauth/authorize?${
|
|
97
|
+
}), s = `${this.config.ssoBaseUrl}/oauth/authorize?${r.toString()}`, a = yield fetch(s, {
|
|
97
98
|
method: "GET"
|
|
98
99
|
});
|
|
99
100
|
if (!a.ok) {
|
|
@@ -110,21 +111,21 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
110
111
|
*/
|
|
111
112
|
pollAuth(e) {
|
|
112
113
|
return h(this, null, function* () {
|
|
113
|
-
const
|
|
114
|
+
const o = {
|
|
114
115
|
polling_code: e
|
|
115
116
|
};
|
|
116
|
-
|
|
117
|
-
const
|
|
117
|
+
A.parse(o);
|
|
118
|
+
const r = yield fetch(f(this.config.ssoBaseUrl, "/oauth/poll"), {
|
|
118
119
|
method: "POST",
|
|
119
120
|
headers: {
|
|
120
121
|
"Content-Type": "application/json"
|
|
121
122
|
},
|
|
122
|
-
body: JSON.stringify(
|
|
123
|
+
body: JSON.stringify(o)
|
|
123
124
|
});
|
|
124
|
-
if (!
|
|
125
|
-
throw new Error(`Poll failed: ${
|
|
126
|
-
const s = yield
|
|
127
|
-
return
|
|
125
|
+
if (!r.ok)
|
|
126
|
+
throw new Error(`Poll failed: ${r.statusText}`);
|
|
127
|
+
const s = yield r.json();
|
|
128
|
+
return I.parse(s);
|
|
128
129
|
});
|
|
129
130
|
}
|
|
130
131
|
/**
|
|
@@ -134,13 +135,13 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
134
135
|
*/
|
|
135
136
|
exchangeToken(e) {
|
|
136
137
|
return h(this, null, function* () {
|
|
137
|
-
const
|
|
138
|
-
if (!
|
|
139
|
-
const
|
|
138
|
+
const o = sessionStorage.getItem(i + "code_verifier");
|
|
139
|
+
if (!o) throw new Error("Missing code verifier.");
|
|
140
|
+
const r = new URLSearchParams({
|
|
140
141
|
grant_type: "authorization_code",
|
|
141
142
|
code: e,
|
|
142
143
|
client_id: this.providerAddress,
|
|
143
|
-
code_verifier:
|
|
144
|
+
code_verifier: o
|
|
144
145
|
}), s = yield fetch(
|
|
145
146
|
f(this.config.ssoBaseUrl, "/oauth/token"),
|
|
146
147
|
{
|
|
@@ -148,7 +149,7 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
148
149
|
headers: {
|
|
149
150
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
150
151
|
},
|
|
151
|
-
body:
|
|
152
|
+
body: r.toString()
|
|
152
153
|
}
|
|
153
154
|
);
|
|
154
155
|
if (!s.ok) {
|
|
@@ -156,7 +157,7 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
156
157
|
throw new Error(`Token exchange failed: ${l.error_description || l.error || s.statusText}`);
|
|
157
158
|
}
|
|
158
159
|
const a = yield s.json(), n = k.parse(a);
|
|
159
|
-
localStorage.setItem(i + "access_token", n.access_token), localStorage.setItem(i + "id_token", n.id_token), localStorage.setItem(g, n.refresh_token);
|
|
160
|
+
localStorage.setItem(i + "access_token", n.access_token), n.id_token && localStorage.setItem(i + "id_token", n.id_token), localStorage.setItem(g, n.refresh_token);
|
|
160
161
|
const c = Date.now() + n.expires_in * 1e3;
|
|
161
162
|
return localStorage.setItem(p, c.toString()), sessionStorage.removeItem(i + "code_verifier"), n;
|
|
162
163
|
});
|
|
@@ -172,7 +173,7 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
172
173
|
const e = this.getAccessToken();
|
|
173
174
|
if (!e)
|
|
174
175
|
return null;
|
|
175
|
-
const
|
|
176
|
+
const o = yield fetch(
|
|
176
177
|
f(this.config.ssoBaseUrl, "/oauth/userinfo"),
|
|
177
178
|
{
|
|
178
179
|
method: "GET",
|
|
@@ -181,15 +182,15 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
181
182
|
}
|
|
182
183
|
}
|
|
183
184
|
);
|
|
184
|
-
if (!
|
|
185
|
-
if (
|
|
185
|
+
if (!o.ok) {
|
|
186
|
+
if (o.status === 401) {
|
|
186
187
|
const s = new Error("Unauthorized");
|
|
187
188
|
throw s.response = { status: 401 }, s;
|
|
188
189
|
}
|
|
189
190
|
return null;
|
|
190
191
|
}
|
|
191
|
-
const
|
|
192
|
-
return
|
|
192
|
+
const r = yield o.json();
|
|
193
|
+
return j.parse(r);
|
|
193
194
|
}));
|
|
194
195
|
});
|
|
195
196
|
}
|
|
@@ -212,22 +213,22 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
212
213
|
getAuthData() {
|
|
213
214
|
const e = this.getIdToken() || this.getAccessToken();
|
|
214
215
|
if (!e) return null;
|
|
215
|
-
const
|
|
216
|
-
if (
|
|
216
|
+
const o = e.split(".");
|
|
217
|
+
if (o.length !== 3)
|
|
217
218
|
return null;
|
|
218
|
-
let
|
|
219
|
+
let r;
|
|
219
220
|
try {
|
|
220
|
-
const n = _(
|
|
221
|
-
|
|
221
|
+
const n = _(o[0]);
|
|
222
|
+
r = JSON.parse(n);
|
|
222
223
|
} catch (n) {
|
|
223
224
|
return null;
|
|
224
225
|
}
|
|
225
|
-
if (
|
|
226
|
+
if (r.alg !== "RS256" || r.typ !== "JWT")
|
|
226
227
|
return null;
|
|
227
228
|
let s;
|
|
228
229
|
try {
|
|
229
|
-
const n = JSON.parse(_(
|
|
230
|
-
s =
|
|
230
|
+
const n = JSON.parse(_(o[1]));
|
|
231
|
+
s = x.parse(n);
|
|
231
232
|
} catch (n) {
|
|
232
233
|
return null;
|
|
233
234
|
}
|
|
@@ -271,8 +272,8 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
271
272
|
isAccessTokenExpired() {
|
|
272
273
|
const e = localStorage.getItem(p);
|
|
273
274
|
if (!e) return !0;
|
|
274
|
-
const
|
|
275
|
-
return
|
|
275
|
+
const o = parseInt(e, 10), r = Date.now(), s = 300 * 1e3;
|
|
276
|
+
return r >= o - s;
|
|
276
277
|
}
|
|
277
278
|
/**
|
|
278
279
|
* Refreshes the access token using the stored refresh token
|
|
@@ -292,28 +293,30 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
292
293
|
doRefreshAccessToken() {
|
|
293
294
|
return h(this, null, function* () {
|
|
294
295
|
const e = this.getRefreshToken();
|
|
295
|
-
if (!e)
|
|
296
|
+
if (console.log("[AlienSsoClient] doRefreshAccessToken, hasRefreshToken:", !!e), !e)
|
|
296
297
|
throw new Error("No refresh token available");
|
|
297
|
-
const
|
|
298
|
+
const o = new URLSearchParams({
|
|
298
299
|
grant_type: "refresh_token",
|
|
299
300
|
refresh_token: e,
|
|
300
301
|
client_id: this.providerAddress
|
|
301
|
-
}),
|
|
302
|
+
}), r = yield fetch(
|
|
302
303
|
f(this.config.ssoBaseUrl, "/oauth/token"),
|
|
303
304
|
{
|
|
304
305
|
method: "POST",
|
|
305
306
|
headers: {
|
|
306
307
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
307
308
|
},
|
|
308
|
-
body:
|
|
309
|
+
body: o.toString()
|
|
309
310
|
}
|
|
310
311
|
);
|
|
311
|
-
if (!
|
|
312
|
-
const c = yield
|
|
313
|
-
throw this.logout(), new Error(`Token refresh failed: ${c.error_description || c.error ||
|
|
312
|
+
if (console.log("[AlienSsoClient] /oauth/token response status:", r.status), !r.ok) {
|
|
313
|
+
const c = yield r.json().catch(() => ({ error: r.statusText }));
|
|
314
|
+
throw console.log("[AlienSsoClient] /oauth/token error:", c), this.logout(), new Error(`Token refresh failed: ${c.error_description || c.error || r.statusText}`);
|
|
314
315
|
}
|
|
315
|
-
const s = yield
|
|
316
|
-
|
|
316
|
+
const s = yield r.json();
|
|
317
|
+
console.log("[AlienSsoClient] /oauth/token json keys:", Object.keys(s));
|
|
318
|
+
const a = k.parse(s);
|
|
319
|
+
localStorage.setItem(i + "access_token", a.access_token), a.id_token && localStorage.setItem(i + "id_token", a.id_token), localStorage.setItem(g, a.refresh_token);
|
|
317
320
|
const n = Date.now() + a.expires_in * 1e3;
|
|
318
321
|
return localStorage.setItem(p, n.toString()), a;
|
|
319
322
|
});
|
|
@@ -322,13 +325,13 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
322
325
|
* Executes a function that makes an authenticated request
|
|
323
326
|
* Automatically refreshes token and retries on 401 error
|
|
324
327
|
*/
|
|
325
|
-
withAutoRefresh(e,
|
|
328
|
+
withAutoRefresh(e, o = 1) {
|
|
326
329
|
return h(this, null, function* () {
|
|
327
|
-
var
|
|
330
|
+
var r, s, a;
|
|
328
331
|
try {
|
|
329
332
|
return yield e();
|
|
330
333
|
} catch (n) {
|
|
331
|
-
if ((((
|
|
334
|
+
if ((((r = n == null ? void 0 : n.response) == null ? void 0 : r.status) === 401 || ((s = n == null ? void 0 : n.message) == null ? void 0 : s.includes("401")) || ((a = n == null ? void 0 : n.message) == null ? void 0 : a.includes("Unauthorized"))) && o > 0 && this.hasRefreshToken())
|
|
332
335
|
try {
|
|
333
336
|
return yield this.refreshAccessToken(), yield e();
|
|
334
337
|
} catch (l) {
|
|
@@ -340,15 +343,15 @@ const E = "https://sso.alien.com", v = 5e3, i = "alien-sso_", g = i + "refresh_t
|
|
|
340
343
|
}
|
|
341
344
|
};
|
|
342
345
|
d.refreshPromise = null;
|
|
343
|
-
let
|
|
346
|
+
let w = d;
|
|
344
347
|
export {
|
|
345
|
-
|
|
348
|
+
w as AlienSsoClient,
|
|
346
349
|
U as AlienSsoClientSchema,
|
|
347
350
|
T as AuthorizeResponseSchema,
|
|
348
351
|
z as ExchangeCodeResponseSchema,
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
+
A as PollRequestSchema,
|
|
353
|
+
I as PollResponseSchema,
|
|
354
|
+
x as TokenInfoSchema,
|
|
352
355
|
k as TokenResponseSchema,
|
|
353
|
-
|
|
356
|
+
j as UserInfoResponseSchema
|
|
354
357
|
};
|
package/dist/index.umd.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
(function(c,t){typeof exports=="object"&&typeof module!="undefined"?t(exports,require("zod/v4-mini"),require("js-sha256")):typeof define=="function"&&define.amd?define(["exports","zod/v4-mini","js-sha256"],t):(c=typeof globalThis!="undefined"?globalThis:c||self,t(c.AlienSsoCore={},c.Zod,c.jsSha256))})(this,(function(c,t,g){"use strict";var
|
|
1
|
+
(function(c,t){typeof exports=="object"&&typeof module!="undefined"?t(exports,require("zod/v4-mini"),require("js-sha256")):typeof define=="function"&&define.amd?define(["exports","zod/v4-mini","js-sha256"],t):(c=typeof globalThis!="undefined"?globalThis:c||self,t(c.AlienSsoCore={},c.Zod,c.jsSha256))})(this,(function(c,t,g){"use strict";var d=(c,t,g)=>new Promise((k,m)=>{var T=l=>{try{f(g.next(l))}catch(p){m(p)}},z=l=>{try{f(g.throw(l))}catch(p){m(p)}},f=l=>l.done?k(l.value):Promise.resolve(l.value).then(T,z);f((g=g.apply(c,t)).next())});const k=t.z.object({deep_link:t.z.string(),polling_code:t.z.string(),expired_at:t.z.number()}),m=t.z.object({polling_code:t.z.string()}),T=["pending","authorized","rejected","expired"],z=t.z.enum(T),f=t.z.object({status:z,authorization_code:t.z.optional(t.z.string())}),l=t.z.object({access_token:t.z.string(),token_type:t.z.string(),expires_in:t.z.number(),id_token:t.z.optional(t.z.string()),refresh_token:t.z.string()}),p=t.z.object({sub:t.z.string()}),b=t.z.object({iss:t.z.string(),sub:t.z.string(),aud:t.z.union([t.z.string(),t.z.array(t.z.string())]),exp:t.z.number(),iat:t.z.number(),nonce:t.z.optional(t.z.string()),auth_time:t.z.optional(t.z.number())}),C=l;function j(S){return btoa(S).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")}function I(S){let e=S.replace(/-/g,"+").replace(/_/g,"/");for(;e.length%4;)e+="=";return atob(e)}const P="https://sso.alien.com",x=5e3,i="alien-sso_",_=i+"refresh_token",w=i+"token_expiry",y=(S,e)=>new URL(e,S).toString(),E=t.z.object({ssoBaseUrl:t.z.url(),providerAddress:t.z.string(),pollingInterval:t.z.optional(t.z.number())}),u=class u{constructor(e){this.config=E.parse(e),this.ssoBaseUrl=this.config.ssoBaseUrl||P,this.providerAddress=this.config.providerAddress,this.pollingInterval=this.config.pollingInterval||x}generateCodeVerifier(e=128){let s;const o=typeof window!="undefined"&&window.crypto;if(o&&o.getRandomValues)s=new Uint8Array(e),o.getRandomValues(s);else{s=new Uint8Array(e);for(let a=0;a<e;a++)s[a]=Math.floor(Math.random()*256)}let r="";for(let a=0;a<s.length;a++)r+=String.fromCharCode(s[a]);return j(r)}generateCodeChallenge(e){const s=g.sha256.array(e),o=String.fromCharCode(...s);return j(o)}generateDeeplink(){return d(this,null,function*(){const e=this.generateCodeVerifier(),s=this.generateCodeChallenge(e);sessionStorage.setItem(i+"code_verifier",e);const o=new URLSearchParams({response_type:"code",response_mode:"json",client_id:this.providerAddress,scope:"openid",code_challenge:s,code_challenge_method:"S256"}),r=`${this.config.ssoBaseUrl}/oauth/authorize?${o.toString()}`,a=yield fetch(r,{method:"GET"});if(!a.ok){const h=yield a.json().catch(()=>({error:a.statusText}));throw new Error(`Authorize failed: ${h.error_description||h.error||a.statusText}`)}const n=yield a.json();return k.parse(n)})}pollAuth(e){return d(this,null,function*(){const s={polling_code:e};m.parse(s);const o=yield fetch(y(this.config.ssoBaseUrl,"/oauth/poll"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(s)});if(!o.ok)throw new Error(`Poll failed: ${o.statusText}`);const r=yield o.json();return f.parse(r)})}exchangeToken(e){return d(this,null,function*(){const s=sessionStorage.getItem(i+"code_verifier");if(!s)throw new Error("Missing code verifier.");const o=new URLSearchParams({grant_type:"authorization_code",code:e,client_id:this.providerAddress,code_verifier:s}),r=yield fetch(y(this.config.ssoBaseUrl,"/oauth/token"),{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:o.toString()});if(!r.ok){const R=yield r.json().catch(()=>({error:r.statusText}));throw new Error(`Token exchange failed: ${R.error_description||R.error||r.statusText}`)}const a=yield r.json(),n=l.parse(a);localStorage.setItem(i+"access_token",n.access_token),n.id_token&&localStorage.setItem(i+"id_token",n.id_token),localStorage.setItem(_,n.refresh_token);const h=Date.now()+n.expires_in*1e3;return localStorage.setItem(w,h.toString()),sessionStorage.removeItem(i+"code_verifier"),n})}verifyAuth(){return d(this,null,function*(){return this.withAutoRefresh(()=>d(this,null,function*(){const e=this.getAccessToken();if(!e)return null;const s=yield fetch(y(this.config.ssoBaseUrl,"/oauth/userinfo"),{method:"GET",headers:{Authorization:`Bearer ${e}`}});if(!s.ok){if(s.status===401){const r=new Error("Unauthorized");throw r.response={status:401},r}return null}const o=yield s.json();return p.parse(o)}))})}getAccessToken(){return localStorage.getItem(i+"access_token")}getIdToken(){return localStorage.getItem(i+"id_token")}getAuthData(){const e=this.getIdToken()||this.getAccessToken();if(!e)return null;const s=e.split(".");if(s.length!==3)return null;let o;try{const n=I(s[0]);o=JSON.parse(n)}catch(n){return null}if(o.alg!=="RS256"||o.typ!=="JWT")return null;let r;try{const n=JSON.parse(I(s[1]));r=b.parse(n)}catch(n){return null}return(Array.isArray(r.aud)?r.aud:[r.aud]).includes(this.providerAddress)?r:null}getSubject(){const e=this.getAuthData();return(e==null?void 0:e.sub)||null}isTokenExpired(){const e=this.getAuthData();return e?Date.now()/1e3>e.exp:!0}logout(){localStorage.removeItem(i+"access_token"),localStorage.removeItem(i+"id_token"),localStorage.removeItem(_),localStorage.removeItem(w),sessionStorage.removeItem(i+"code_verifier")}getRefreshToken(){return localStorage.getItem(_)}hasRefreshToken(){return!!this.getRefreshToken()}isAccessTokenExpired(){const e=localStorage.getItem(w);if(!e)return!0;const s=parseInt(e,10),o=Date.now(),r=300*1e3;return o>=s-r}refreshAccessToken(){return d(this,null,function*(){return u.refreshPromise||(u.refreshPromise=this.doRefreshAccessToken().finally(()=>{u.refreshPromise=null})),u.refreshPromise})}doRefreshAccessToken(){return d(this,null,function*(){const e=this.getRefreshToken();if(console.log("[AlienSsoClient] doRefreshAccessToken, hasRefreshToken:",!!e),!e)throw new Error("No refresh token available");const s=new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:this.providerAddress}),o=yield fetch(y(this.config.ssoBaseUrl,"/oauth/token"),{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:s.toString()});if(console.log("[AlienSsoClient] /oauth/token response status:",o.status),!o.ok){const h=yield o.json().catch(()=>({error:o.statusText}));throw console.log("[AlienSsoClient] /oauth/token error:",h),this.logout(),new Error(`Token refresh failed: ${h.error_description||h.error||o.statusText}`)}const r=yield o.json();console.log("[AlienSsoClient] /oauth/token json keys:",Object.keys(r));const a=l.parse(r);localStorage.setItem(i+"access_token",a.access_token),a.id_token&&localStorage.setItem(i+"id_token",a.id_token),localStorage.setItem(_,a.refresh_token);const n=Date.now()+a.expires_in*1e3;return localStorage.setItem(w,n.toString()),a})}withAutoRefresh(e,s=1){return d(this,null,function*(){var o,r,a;try{return yield e()}catch(n){if((((o=n==null?void 0:n.response)==null?void 0:o.status)===401||((r=n==null?void 0:n.message)==null?void 0:r.includes("401"))||((a=n==null?void 0:n.message)==null?void 0:a.includes("Unauthorized")))&&s>0&&this.hasRefreshToken())try{return yield this.refreshAccessToken(),yield e()}catch(R){throw n}throw n}})}};u.refreshPromise=null;let A=u;c.AlienSsoClient=A,c.AlienSsoClientSchema=E,c.AuthorizeResponseSchema=k,c.ExchangeCodeResponseSchema=C,c.PollRequestSchema=m,c.PollResponseSchema=f,c.TokenInfoSchema=b,c.TokenResponseSchema=l,c.UserInfoResponseSchema=p,Object.defineProperty(c,Symbol.toStringTag,{value:"Module"})}));
|