@asgardeo/auth-spa 0.2.17 → 0.2.20

package/src/helpers/session-management-helper.ts

@@ -16,7 +16,7 @@
  * under the License.
  */
 
-import { SESSION_STATE } from "@asgardeo/auth-js";
+import { GetAuthURLConfig, SESSION_STATE } from "@asgardeo/auth-js";
 import {
     CHECK_SESSION_SIGNED_IN,
     CHECK_SESSION_SIGNED_OUT,
@@ -27,6 +27,7 @@ import {
     SET_SESSION_STATE_FROM_IFRAME,
     SILENT_SIGN_IN_STATE,
     STATE,
+    STATE_QUERY,
     Storage
 } from "../constants";
 import { AuthorizationInfo, Message, SessionManagementHelperInterface } from "../models";
@@ -38,14 +39,13 @@ export const SessionManagementHelper = (() => {
     let _sessionState: () => Promise<string>;
     let _interval: number;
     let _redirectURL: string;
-    let _authorizationEndpoint: string;
     let _sessionRefreshInterval: number;
     let _signOut: () => Promise<string>;
     let _sessionRefreshIntervalTimeout: number;
     let _checkSessionIntervalTimeout: number;
     let _storage: Storage;
     let _setSessionState: (sessionState: string) => void;
-    let _isPKCEEnabled: boolean;
+    let _getAuthorizationURL: (params?: GetAuthURLConfig) => Promise<string>;
 
     const initialize = (
         clientID: string,
@@ -54,17 +54,15 @@ export const SessionManagementHelper = (() => {
         interval: number,
         sessionRefreshInterval: number,
         redirectURL: string,
-        authorizationEndpoint: string,
-        isPKCEEnabled: boolean
+        getAuthorizationURL: (params?: GetAuthURLConfig) => Promise<string>
     ): void => {
         _clientID = clientID;
         _checkSessionEndpoint = checkSessionEndpoint;
         _sessionState = getSessionState;
         _interval = interval;
         _redirectURL = redirectURL;
-        _authorizationEndpoint = authorizationEndpoint;
         _sessionRefreshInterval = sessionRefreshInterval;
-        _isPKCEEnabled = isPKCEEnabled;
+        _getAuthorizationURL = getAuthorizationURL;
 
         if (_interval > -1) {
             initiateCheckSession();
@@ -115,17 +113,6 @@ export const SessionManagementHelper = (() => {
         clearInterval(_sessionRefreshIntervalTimeout);
     }
 
-    const getRandomPKCEChallenge = (): string => {
-        const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz-_";
-        const stringLength = 43;
-        let randomString = "";
-        for (let i = 0; i < stringLength; i++) {
-            const rnum = Math.floor(Math.random() * chars.length);
-            randomString += chars.substring(rnum, rnum + 1);
-        }
-        return randomString;
-    };
-
     const listenToResponseFromOPIFrame = (): void => {
         async function receiveMessage(e: MessageEvent) {
             const targetOrigin = _checkSessionEndpoint;
@@ -149,7 +136,7 @@ export const SessionManagementHelper = (() => {
         window?.addEventListener("message", receiveMessage, false);
     };
 
-    const sendPromptNoneRequest = () => {
+    const sendPromptNoneRequest = async () => {
         const rpIFrame = document.getElementById(RP_IFRAME) as HTMLIFrameElement;
 
         const promptNoneIFrame: HTMLIFrameElement = rpIFrame?.contentDocument?.getElementById(
@@ -170,20 +157,12 @@ export const SessionManagementHelper = (() => {
                 window?.addEventListener("message", receiveMessageListener);
             }
 
-            const promptNoneURL = new URL(_authorizationEndpoint);
-            promptNoneURL.searchParams.set("response_type", "code");
-            promptNoneURL.searchParams.set("client_id", _clientID);
-            promptNoneURL.searchParams.set("scope", "openid");
-            promptNoneURL.searchParams.set("redirect_uri", _redirectURL);
-            promptNoneURL.searchParams.set("state", STATE);
-            promptNoneURL.searchParams.set("prompt", "none");
-
-            if(_isPKCEEnabled){
-                promptNoneURL.searchParams.set("code_challenge_method", "S256");
-                promptNoneURL.searchParams.set("code_challenge", getRandomPKCEChallenge());
-            }
+            const promptNoneURL: string = await _getAuthorizationURL({
+                prompt: "none",
+                state: STATE
+            });
 
-            promptNoneIFrame.src = promptNoneURL.toString();
+            promptNoneIFrame.src = promptNoneURL;
         }
     };
 
@@ -196,20 +175,21 @@ export const SessionManagementHelper = (() => {
     const receivePromptNoneResponse = async (
         setSessionState?: (sessionState: string | null) => Promise<void>
     ): Promise<boolean> => {
-        const state = new URL(window.location.href).searchParams.get("state");
+        const state = new URL(window.location.href).searchParams.get(STATE_QUERY);
         const sessionState = new URL(window.location.href).searchParams.get(SESSION_STATE);
         const parent = window.parent.parent;
 
-        if (state !== null && (state === STATE || state === SILENT_SIGN_IN_STATE)) {
+        if (state !== null && (state.includes(STATE) || state.includes(SILENT_SIGN_IN_STATE))) {
             // Prompt none response.
             const code = new URL(window.location.href).searchParams.get("code");
 
             if (code !== null && code.length !== 0) {
-                if (state === SILENT_SIGN_IN_STATE) {
+                if (state.includes(SILENT_SIGN_IN_STATE)) {
                     const message: Message<AuthorizationInfo> = {
                         data: {
                             code,
-                            sessionState: sessionState ?? ""
+                            sessionState: sessionState ?? "",
+                            state
                         },
                         type: CHECK_SESSION_SIGNED_IN
                     };
@@ -228,7 +208,7 @@ export const SessionManagementHelper = (() => {
                 const newSessionState = new URL(window.location.href).searchParams.get("session_state");
 
                 if (_storage === Storage.LocalStorage || _storage === Storage.SessionStorage) {
-                    setSessionState && await setSessionState(newSessionState);
+                    setSessionState && (await setSessionState(newSessionState));
                 } else {
                     const message: Message<string> = {
                         data: newSessionState ?? "",
@@ -246,7 +226,7 @@ export const SessionManagementHelper = (() => {
 
                 return true;
             } else {
-                if (state === SILENT_SIGN_IN_STATE) {
+                if (state.includes(SILENT_SIGN_IN_STATE)) {
                     const message: Message<null> = {
                         type: CHECK_SESSION_SIGNED_OUT
                     };
@@ -275,15 +255,16 @@ export const SessionManagementHelper = (() => {
         return false;
     };
 
-    return (
+    return async (
         signOut: () => Promise<string>,
         storage: Storage,
         setSessionState: (sessionState: string) => void
-    ): SessionManagementHelperInterface => {
+    ): Promise<SessionManagementHelperInterface> => {
         let rpIFrame = document.createElement("iframe");
         rpIFrame.setAttribute("id", RP_IFRAME);
         rpIFrame.style.display = "none";
 
+        let rpIframeLoaded: boolean = false;
         rpIFrame.onload = () => {
             rpIFrame = document.getElementById(RP_IFRAME) as HTMLIFrameElement;
 
@@ -303,6 +284,8 @@ export const SessionManagementHelper = (() => {
 
             opIFrame && rpIFrame?.contentDocument?.body?.appendChild(opIFrame);
             promptNoneIFrame && rpIFrame?.contentDocument?.body?.appendChild(promptNoneIFrame);
+
+            rpIframeLoaded = true;
         }
 
         document?.body?.appendChild(rpIFrame);
@@ -312,6 +295,14 @@ export const SessionManagementHelper = (() => {
         _storage = storage;
         _setSessionState = setSessionState;
 
+        const sleep = (): Promise<any> => {
+            return new Promise((resolve) => setTimeout(resolve, 1));
+        };
+
+        while (rpIframeLoaded === false) {
+            await sleep();
+        }
+
         return {
             initialize,
             receivePromptNoneResponse,

package/src/index-polyfill.ts

@@ -17,7 +17,6 @@
  */
 
 import "core-js/stable";
-import "regenerator-runtime/runtime";
 
 // Export the public API.
 export * from "./public-api";

package/src/models/client.ts

@@ -21,6 +21,7 @@ import {
     BasicUserInfo,
     CustomGrantConfig,
     DecodedIDTokenPayload,
+    FetchResponse,
     OIDCEndpoints,
     OIDCProviderMetaData
 } from "@asgardeo/auth-js";
@@ -51,7 +52,7 @@ export interface MainThreadClientInterface {
         signInRedirectURL?: string
     ): Promise<BasicUserInfo>;
     signOut(signOutRedirectURL?: string): Promise<boolean>;
-    requestCustomGrant(config: CustomGrantConfig): Promise<BasicUserInfo | HttpResponse>;
+    requestCustomGrant(config: CustomGrantConfig): Promise<BasicUserInfo | FetchResponse>;
     refreshAccessToken(): Promise<BasicUserInfo>;
     revokeAccessToken(): Promise<boolean>;
     getBasicUserInfo(): Promise<BasicUserInfo>;
@@ -65,7 +66,7 @@ export interface MainThreadClientInterface {
 }
 
 export interface WebWorkerClientInterface {
-    requestCustomGrant(requestParams: CustomGrantConfig): Promise<HttpResponse | BasicUserInfo>;
+    requestCustomGrant(requestParams: CustomGrantConfig): Promise<FetchResponse | BasicUserInfo>;
     httpRequest<T = any>(config: HttpRequestConfig): Promise<HttpResponse<T>>;
     httpRequestAll<T = any>(configs: HttpRequestConfig[]): Promise<HttpResponse<T>[]>;
     enableHttpHandler(): Promise<boolean>;

package/src/models/http-client.ts

@@ -33,8 +33,9 @@ export interface HttpRequestConfig extends AxiosRequestConfig {
 
 export {
     AxiosResponse as HttpResponse,
-    Method,
-    AxiosTransformer as HttpTransformer,
+    Method as HttpMethod,
+    AxiosRequestTransformer as HttpRequestTransformer,
+    AxiosResponseTransformer as HttpResponseTransformer,
     AxiosAdapter as HttpAdapter,
     AxiosBasicCredentials as HttpBasicCredentials,
     ResponseType,

package/src/models/index.ts

@@ -23,3 +23,4 @@ export * from "./web-worker";
 export * from "./session-management-helper";
 export * from "./client-config";
 export * from "./sign-in";
+export * from "./sign-out-error";

package/src/models/message.ts

@@ -66,6 +66,7 @@ export interface AuthorizationInfo {
     code: string;
     sessionState: string;
     pkce?: string;
+    state: string;
 }
 
 export type MessageType =

package/src/models/request-custom-grant.ts

@@ -0,0 +1,26 @@
+/**
+* Copyright (c) 2022, WSO2 Inc. (http://www.wso2.com) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+import { CustomGrantConfig } from "@asgardeo/auth-js";
+
+/**
+ * SPA Custom Request Grant config model
+ */
+export interface SPACustomGrantConfig extends CustomGrantConfig {
+    preventSignOutURLUpdate?: boolean;
+}

package/src/models/session-management-helper.ts

@@ -16,6 +16,8 @@
  * under the License.
  */
 
+import { GetAuthURLConfig } from "..";
+
 export interface SessionManagementHelperInterface {
     initialize(
         clientID: string,
@@ -24,8 +26,7 @@ export interface SessionManagementHelperInterface {
         interval: number,
         sessionRefreshInterval: number,
         redirectURL: string,
-        authorizationEndpoint: string,
-        isPKCEEnabled?: boolean
+        getAuthorizationURL: (params?: GetAuthURLConfig) => Promise<string>
     ): void;
     receivePromptNoneResponse(
         setSessionState?: (sessionState: string | null) => Promise<void>

package/src/models/sign-out-error.ts

@@ -0,0 +1,22 @@
+/**
+* Copyright (c) 2022, WSO2 Inc. (http://www.wso2.com) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+export interface SignOutError {
+    error: string;
+    description: string;
+}

package/src/models/web-worker.ts

@@ -22,6 +22,7 @@ import {
     BasicUserInfo,
     CustomGrantConfig,
     DecodedIDTokenPayload,
+    FetchResponse,
     OIDCEndpoints
 } from "@asgardeo/auth-js";
 import { HttpRequestConfig, HttpResponse, Message } from ".";
@@ -44,10 +45,15 @@ export interface WebWorkerCoreInterface {
     enableHttpHandler(): void;
     disableHttpHandler(): void;
     getAuthorizationURL(params?: AuthorizationURLParams, signInRedirectURL?: string): Promise<AuthorizationResponse>;
-    requestAccessToken(authorizationCode?: string, sessionState?: string, pkce?: string): Promise<BasicUserInfo>;
+    requestAccessToken(
+        authorizationCode?: string,
+        sessionState?: string,
+        pkce?: string,
+        state?: string
+    ): Promise<BasicUserInfo>;
     signOut(signOutRedirectURL?: string): Promise<string>;
     getSignOutURL(signOutRedirectURL?: string): Promise<string>;
-    requestCustomGrant(config: CustomGrantConfig): Promise<BasicUserInfo | HttpResponse>;
+    requestCustomGrant(config: CustomGrantConfig): Promise<BasicUserInfo | FetchResponse>;
     refreshAccessToken(): Promise<BasicUserInfo>;
     revokeAccessToken(): Promise<boolean>;
     getBasicUserInfo(): Promise<BasicUserInfo>;

package/src/public-api.ts

@@ -26,6 +26,7 @@ export * from "./models";
 export * from "./utils/spa-utils"
 
 // Constants
-export * from "@asgardeo/auth-js";
 export * from "./constants/storage";
 export * from "./constants/hooks";
+
+export * from "@asgardeo/auth-js";

package/src/utils/crypto-utils.ts

@@ -0,0 +1,78 @@
+/**
+ * Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { Buffer } from "buffer";
+import { CryptoUtils, JWKInterface } from "@asgardeo/auth-js";
+import base64url from "base64url";
+import sha256 from "fast-sha256";
+import { createLocalJWKSet, jwtVerify } from "jose";
+import { FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters } from "jose/dist/types/types";
+import randombytes from "randombytes";
+
+export class SPACryptoUtils
+    implements CryptoUtils<Buffer | string, GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>>
+{
+    /**
+     * Get URL encoded string.
+     *
+     * @returns {string} base 64 url encoded value.
+     */
+    public base64URLEncode(value: Buffer | string): string {
+        return base64url.encode(value).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+    }
+
+    public base64URLDecode(value: string): string {
+        return base64url.decode(value).toString();
+    }
+
+    public hashSha256(data: string): string | Buffer {
+        return Buffer.from(sha256(new TextEncoder().encode(data)));
+    }
+
+    public generateRandomBytes(length: number): string | Buffer {
+        return randombytes(length);
+    }
+
+    public parseJwk(key: Partial<JWKInterface>): Promise<GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>> {
+        return Promise.resolve(
+            createLocalJWKSet({
+                keys: [ key ]
+            })
+        );
+    }
+
+    public verifyJwt(
+        idToken: string,
+        jwk: GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>,
+        algorithms: string[],
+        clientID: string,
+        issuer: string,
+        subject: string,
+        clockTolerance?: number
+    ): Promise<boolean> {
+        return jwtVerify(idToken, jwk, {
+            algorithms: algorithms,
+            audience: clientID,
+            clockTolerance: clockTolerance,
+            issuer: issuer,
+            subject: subject
+        }).then(() => {
+            return Promise.resolve(true);
+        });
+    }
+}

package/src/utils/spa-utils.ts

@@ -16,12 +16,15 @@
  * under the License.
  */
 
-import { AsgardeoAuthClient, PKCE_CODE_VERIFIER, SIGN_OUT_URL } from "@asgardeo/auth-js";
+import { AsgardeoAuthClient, SIGN_OUT_SUCCESS_PARAM, SIGN_OUT_URL } from "@asgardeo/auth-js";
+import { SignOutError } from "..";
 import {
     ERROR,
+    ERROR_DESCRIPTION,
     INITIALIZED_SILENT_SIGN_IN,
     PROMPT_NONE_REQUEST_SENT,
-    SILENT_SIGN_IN_STATE
+    SILENT_SIGN_IN_STATE,
+    STATE_QUERY
 } from "../constants";
 
 export class SPAUtils {
@@ -34,12 +37,12 @@ export class SPAUtils {
         history.pushState({}, document.title, url.replace(/\?code=.*$/, ""));
     }
 
-    public static getPKCE(): string {
-        return sessionStorage.getItem(PKCE_CODE_VERIFIER) ?? "";
+    public static getPKCE(pkceKey: string): string {
+        return sessionStorage.getItem(pkceKey) ?? "";
     }
 
-    public static setPKCE(pkce: string): void {
-        sessionStorage.setItem(PKCE_CODE_VERIFIER, pkce);
+    public static setPKCE(pkceKey: string, pkce: string): void {
+        sessionStorage.setItem(pkceKey, pkce);
     }
 
     public static setSignOutURL(url: string): void {
@@ -50,8 +53,8 @@ export class SPAUtils {
         return sessionStorage.getItem(SIGN_OUT_URL) ?? "";
     }
 
-    public static removePKCE(): void {
-        sessionStorage.removeItem(PKCE_CODE_VERIFIER);
+    public static removePKCE(pkceKey: string): void {
+        sessionStorage.removeItem(pkceKey);
     }
 
     /**
@@ -121,6 +124,23 @@ export class SPAUtils {
         return false;
     }
 
+    public static didSignOutFail(): boolean | SignOutError {
+        if (AsgardeoAuthClient.didSignOutFail(window.location.href)) {
+            const url: URL = new URL(window.location.href);
+            const error: string | null = url.searchParams.get(ERROR);
+            const description: string | null = url.searchParams.get(ERROR_DESCRIPTION);
+            const newUrl = window.location.href.split("?")[0];
+            history.pushState({}, document.title, newUrl);
+
+            return {
+                description: description ?? "",
+                error: error ?? ""
+            };
+        }
+
+        return false;
+    }
+
     /**
      * Checks if the URL the user agent is redirected to after an authorization request has the state parameter.
      *
@@ -129,7 +149,7 @@ export class SPAUtils {
     public static isSilentStatePresentInURL(): boolean {
         const state = new URL(window.location.href).searchParams.get("state");
 
-        return state === SILENT_SIGN_IN_STATE;
+        return state?.includes(SILENT_SIGN_IN_STATE) ?? false;
     }
 
     /**
@@ -153,7 +173,10 @@ export class SPAUtils {
      * @returns {boolean} - True if the URL contains an error.
      */
     public static hasErrorInURL(url: string = window.location.href): boolean {
-        return !!new URL(url).searchParams.get(ERROR);
+        const urlObject: URL = new URL(url);
+        return (
+            !!urlObject.searchParams.get(ERROR) && urlObject.searchParams.get(STATE_QUERY) !== SIGN_OUT_SUCCESS_PARAM
+        );
     }
 
     /**

package/src/worker/client.worker.ts

@@ -103,7 +103,7 @@ ctx.onmessage = async ({ data, ports }) => {
             break;
         case REQUEST_ACCESS_TOKEN:
             webWorker
-                .requestAccessToken(data?.data?.code, data?.data?.sessionState, data?.data?.pkce)
+                .requestAccessToken(data?.data?.code, data?.data?.sessionState, data?.data?.pkce, data?.data?.state)
                 .then((response: BasicUserInfo) => {
                     port.postMessage(MessageUtils.generateSuccessMessage(response));
                 })

package/src/worker/worker-core.ts

@@ -23,8 +23,10 @@ import {
     BasicUserInfo,
     CustomGrantConfig,
     DecodedIDTokenPayload,
+    FetchResponse,
     OIDCEndpoints,
     SESSION_STATE,
+    STATE,
     Store,
     TokenResponse
 } from "@asgardeo/auth-js";
@@ -41,21 +43,19 @@ import {
     WebWorkerCoreInterface
 } from "../models";
 import { MemoryStore } from "../stores";
+import { SPACryptoUtils } from "../utils/crypto-utils";
 
 export const WebWorkerCore = async (
     config: AuthClientConfig<WebWorkerClientConfig>
 ): Promise<WebWorkerCoreInterface> => {
     const _store: Store = new MemoryStore();
-    const _authenticationClient = new AsgardeoAuthClient<WebWorkerClientConfig>(_store);
+    const _cryptoUtils: SPACryptoUtils = new SPACryptoUtils();
+    const _authenticationClient = new AsgardeoAuthClient<WebWorkerClientConfig>(_store, _cryptoUtils);
     await _authenticationClient.initialize(config);
 
     const _spaHelper = new SPAHelper<WebWorkerClientConfig>(_authenticationClient);
     const _dataLayer = _authenticationClient.getDataLayer();
 
-    let _onHttpRequestStart: () => void;
-    let _onHttpRequestSuccess: (response: HttpResponse) => void;
-    let _onHttpRequestFinish: () => void;
-    let _onHttpRequestError: (error: HttpError) => void;
     const _httpClient: HttpClientInstance = HttpClient.getInstance();
 
     const attachToken = async (request: HttpRequestConfig): Promise<void> => {
@@ -247,7 +247,11 @@ export const WebWorkerCore = async (
         return _authenticationClient
             .getAuthorizationURL(params)
             .then(async (url: string) => {
-                return { authorizationURL: url, pkce: (await _authenticationClient.getPKCECode()) as string };
+                const urlObject: URL = new URL(url);
+                const state: string = urlObject.searchParams.get(STATE) ?? "";
+                const pkce: string = await _authenticationClient.getPKCECode(state);
+
+                return { authorizationURL: url, pkce: pkce };
             })
             .catch((error) => Promise.reject(error));
     };
@@ -262,17 +266,18 @@ export const WebWorkerCore = async (
     const requestAccessToken = async (
         authorizationCode?: string,
         sessionState?: string,
-        pkce?: string
+        pkce?: string,
+        state?: string
     ): Promise<BasicUserInfo> => {
         const config = await _dataLayer.getConfigData();
 
         if (pkce && config.enablePKCE) {
-            await _authenticationClient.setPKCECode(pkce);
+            await _authenticationClient.setPKCECode(pkce, state ?? "");
         }
 
         if (authorizationCode) {
             return _authenticationClient
-                .requestAccessToken(authorizationCode, sessionState ?? "")
+                .requestAccessToken(authorizationCode, sessionState ?? "", state ?? "'")
                 .then(() => {
                     _spaHelper.refreshAccessTokenAutomatically();
 
@@ -304,7 +309,7 @@ export const WebWorkerCore = async (
         return await _authenticationClient.getSignOutURL();
     };
 
-    const requestCustomGrant = async (config: CustomGrantConfig): Promise<BasicUserInfo | HttpResponse> => {
+    const requestCustomGrant = async (config: CustomGrantConfig): Promise<BasicUserInfo | FetchResponse> => {
         let useDefaultEndpoint = true;
         let matches = false;
         const clientConfig = await _dataLayer.getConfigData();
@@ -329,13 +334,13 @@ export const WebWorkerCore = async (
         if (useDefaultEndpoint || matches) {
             return _authenticationClient
                 .requestCustomGrant(config)
-                .then(async (response: HttpResponse | TokenResponse) => {
+                .then(async (response: FetchResponse | TokenResponse) => {
                     if (config.returnsSession) {
                         _spaHelper.refreshAccessTokenAutomatically();
 
                         return _authenticationClient.getBasicUserInfo();
                     } else {
-                        return response as HttpResponse;
+                        return response as FetchResponse;
                     }
                 })
                 .catch((error) => {
@@ -356,22 +361,19 @@ export const WebWorkerCore = async (
         }
     };
 
-    const refreshAccessToken = (): Promise<BasicUserInfo> => {
-        return _authenticationClient
-            .refreshAccessToken()
-            .then(() => {
-                getCustomGrantConfigData().then((customGrantConfig) => {
-                    if(customGrantConfig) {
-                        requestCustomGrant(customGrantConfig)
-                    }
-                });
-                _spaHelper.refreshAccessTokenAutomatically();
+    const refreshAccessToken = async (): Promise<BasicUserInfo> => {
+        try {
+            await _authenticationClient.refreshAccessToken();
+            const customGrantConfig = await getCustomGrantConfigData();
+            if (customGrantConfig) {
+                await requestCustomGrant(customGrantConfig);
+            }
+            _spaHelper.refreshAccessTokenAutomatically();
 
-                return _authenticationClient.getBasicUserInfo();
-            })
-            .catch((error) => {
-                return Promise.reject(error);
-            });
+            return _authenticationClient.getBasicUserInfo();
+        } catch (error) {
+            return Promise.reject(error);
+        }
     };
 
     const revokeAccessToken = (): Promise<boolean> => {