@asgardeo/auth-spa 0.2.19 → 0.2.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintrc.js +1 -2
- package/README.md +53 -24
- package/babel.config.js +1 -2
- package/dist/asgardeo-spa.production.esm.js +105 -44
- package/dist/asgardeo-spa.production.esm.js.map +1 -1
- package/dist/asgardeo-spa.production.js +106 -45
- package/dist/asgardeo-spa.production.js.map +1 -1
- package/dist/asgardeo-spa.production.min.js +1 -1
- package/dist/asgardeo-spa.production.min.js.map +1 -1
- package/dist/polyfilled/asgardeo-spa.production.esm.js +103 -42
- package/dist/polyfilled/asgardeo-spa.production.esm.js.map +1 -1
- package/dist/polyfilled/asgardeo-spa.production.js +103 -42
- package/dist/polyfilled/asgardeo-spa.production.js.map +1 -1
- package/dist/polyfilled/asgardeo-spa.production.min.js +1 -1
- package/dist/polyfilled/asgardeo-spa.production.min.js.map +1 -1
- package/dist/src/client.d.ts +10 -6
- package/dist/src/client.d.ts.map +1 -1
- package/dist/src/client.js +26 -14
- package/dist/src/client.js.map +1 -1
- package/dist/src/clients/main-thread-client.d.ts.map +1 -1
- package/dist/src/clients/main-thread-client.js +61 -48
- package/dist/src/clients/main-thread-client.js.map +1 -1
- package/dist/src/clients/web-worker-client.d.ts +1 -1
- package/dist/src/clients/web-worker-client.d.ts.map +1 -1
- package/dist/src/clients/web-worker-client.js +51 -32
- package/dist/src/clients/web-worker-client.js.map +1 -1
- package/dist/src/{exception/exception.d.ts → constants/errors.d.ts} +3 -11
- package/dist/src/constants/errors.d.ts.map +1 -0
- package/dist/src/{exception/exception.js → constants/errors.js} +3 -14
- package/dist/src/constants/errors.js.map +1 -0
- package/dist/src/constants/hooks.d.ts +2 -1
- package/dist/src/constants/hooks.d.ts.map +1 -1
- package/dist/src/constants/hooks.js +1 -0
- package/dist/src/constants/hooks.js.map +1 -1
- package/dist/src/constants/index.d.ts +1 -0
- package/dist/src/constants/index.d.ts.map +1 -1
- package/dist/src/constants/index.js +1 -0
- package/dist/src/constants/index.js.map +1 -1
- package/dist/src/constants/parameters.d.ts +1 -0
- package/dist/src/constants/parameters.d.ts.map +1 -1
- package/dist/src/constants/parameters.js +1 -0
- package/dist/src/constants/parameters.js.map +1 -1
- package/dist/src/helpers/session-management-helper.d.ts +1 -1
- package/dist/src/helpers/session-management-helper.d.ts.map +1 -1
- package/dist/src/helpers/session-management-helper.js +33 -43
- package/dist/src/helpers/session-management-helper.js.map +1 -1
- package/dist/src/index-polyfill.d.ts +0 -1
- package/dist/src/index-polyfill.d.ts.map +1 -1
- package/dist/src/index-polyfill.js +0 -1
- package/dist/src/index-polyfill.js.map +1 -1
- package/dist/src/models/client.d.ts +4 -4
- package/dist/src/models/client.d.ts.map +1 -1
- package/dist/src/models/http-client.d.ts +1 -1
- package/dist/src/models/http-client.d.ts.map +1 -1
- package/dist/src/models/index.d.ts +1 -0
- package/dist/src/models/index.d.ts.map +1 -1
- package/dist/src/models/index.js +1 -0
- package/dist/src/models/index.js.map +1 -1
- package/dist/src/models/message.d.ts +1 -0
- package/dist/src/models/message.d.ts.map +1 -1
- package/dist/src/models/session-management-helper.d.ts +2 -1
- package/dist/src/models/session-management-helper.d.ts.map +1 -1
- package/dist/src/{exception/index.js → models/sign-out-error.d.ts} +6 -3
- package/dist/src/models/sign-out-error.d.ts.map +1 -0
- package/{src/exception/index.ts → dist/src/models/sign-out-error.js} +3 -3
- package/dist/src/models/sign-out-error.js.map +1 -0
- package/dist/src/models/web-worker.d.ts +3 -3
- package/dist/src/models/web-worker.d.ts.map +1 -1
- package/dist/src/models/web-worker.js.map +1 -1
- package/dist/src/public-api.d.ts +1 -1
- package/dist/src/public-api.d.ts.map +1 -1
- package/dist/src/public-api.js +1 -1
- package/dist/src/public-api.js.map +1 -1
- package/dist/src/utils/crypto-utils.d.ts +33 -0
- package/dist/src/utils/crypto-utils.d.ts.map +1 -0
- package/dist/src/utils/crypto-utils.js +55 -0
- package/dist/src/utils/crypto-utils.js.map +1 -0
- package/dist/src/utils/spa-utils.d.ts +5 -3
- package/dist/src/utils/spa-utils.d.ts.map +1 -1
- package/dist/src/utils/spa-utils.js +26 -10
- package/dist/src/utils/spa-utils.js.map +1 -1
- package/dist/src/worker/client.worker.d.ts.map +1 -1
- package/dist/src/worker/client.worker.js +5 -5
- package/dist/src/worker/client.worker.js.map +1 -1
- package/dist/src/worker/worker-core.d.ts.map +1 -1
- package/dist/src/worker/worker-core.js +57 -49
- package/dist/src/worker/worker-core.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +31 -30
- package/rollup.config.js +3 -5
- package/src/client.ts +45 -50
- package/src/clients/main-thread-client.ts +96 -89
- package/src/clients/web-worker-client.ts +73 -48
- package/src/constants/errors.ts +19 -0
- package/src/constants/hooks.ts +2 -1
- package/src/constants/index.ts +1 -0
- package/src/constants/parameters.ts +1 -0
- package/src/helpers/session-management-helper.ts +31 -40
- package/src/index-polyfill.ts +0 -1
- package/src/models/client.ts +5 -5
- package/src/models/http-client.ts +3 -2
- package/src/models/index.ts +1 -0
- package/src/models/message.ts +1 -0
- package/src/models/session-management-helper.ts +3 -2
- package/{dist/src/exception/index.d.ts → src/models/sign-out-error.ts} +6 -3
- package/src/models/web-worker.ts +8 -2
- package/src/public-api.ts +2 -1
- package/src/utils/crypto-utils.ts +74 -0
- package/src/utils/spa-utils.ts +33 -10
- package/src/worker/client.worker.ts +6 -11
- package/src/worker/worker-core.ts +98 -101
- package/dist/src/exception/exception.d.ts.map +0 -1
- package/dist/src/exception/exception.js.map +0 -1
- package/dist/src/exception/index.d.ts.map +0 -1
- package/dist/src/exception/index.js.map +0 -1
- package/src/exception/exception.ts +0 -44
|
@@ -19,18 +19,23 @@
|
|
|
19
19
|
import {
|
|
20
20
|
AUTHORIZATION_CODE,
|
|
21
21
|
AsgardeoAuthClient,
|
|
22
|
+
AsgardeoAuthException,
|
|
22
23
|
AuthClientConfig,
|
|
24
|
+
AuthenticationUtils,
|
|
23
25
|
BasicUserInfo,
|
|
24
26
|
CustomGrantConfig,
|
|
25
27
|
DecodedIDTokenPayload,
|
|
28
|
+
FetchResponse,
|
|
26
29
|
GetAuthURLConfig,
|
|
27
30
|
OIDCEndpoints,
|
|
28
31
|
ResponseMode,
|
|
29
32
|
SESSION_STATE,
|
|
33
|
+
STATE,
|
|
30
34
|
Store,
|
|
31
35
|
TokenResponse
|
|
32
36
|
} from "@asgardeo/auth-js";
|
|
33
37
|
import {
|
|
38
|
+
ACCESS_TOKEN_INVALID,
|
|
34
39
|
CHECK_SESSION_SIGNED_IN,
|
|
35
40
|
CHECK_SESSION_SIGNED_OUT,
|
|
36
41
|
CUSTOM_GRANT_CONFIG,
|
|
@@ -41,7 +46,6 @@ import {
|
|
|
41
46
|
SILENT_SIGN_IN_STATE,
|
|
42
47
|
Storage
|
|
43
48
|
} from "../constants";
|
|
44
|
-
import { AsgardeoSPAException } from "../exception";
|
|
45
49
|
import { SPAHelper, SessionManagementHelper } from "../helpers";
|
|
46
50
|
import { HttpClient, HttpClientInstance } from "../http-client";
|
|
47
51
|
import {
|
|
@@ -56,6 +60,7 @@ import {
|
|
|
56
60
|
import { SPACustomGrantConfig } from "../models/request-custom-grant";
|
|
57
61
|
import { LocalStore, MemoryStore, SessionStore } from "../stores";
|
|
58
62
|
import { SPAUtils } from "../utils";
|
|
63
|
+
import { SPACryptoUtils } from "../utils/crypto-utils";
|
|
59
64
|
|
|
60
65
|
const initiateStore = (store: Storage | undefined): Store => {
|
|
61
66
|
switch (store) {
|
|
@@ -74,12 +79,13 @@ export const MainThreadClient = async (
|
|
|
74
79
|
config: AuthClientConfig<MainThreadClientConfig>
|
|
75
80
|
): Promise<MainThreadClientInterface> => {
|
|
76
81
|
const _store: Store = initiateStore(config.storage);
|
|
77
|
-
const
|
|
82
|
+
const _cryptoUtils: SPACryptoUtils = new SPACryptoUtils();
|
|
83
|
+
const _authenticationClient = new AsgardeoAuthClient<MainThreadClientConfig>(_store, _cryptoUtils);
|
|
78
84
|
await _authenticationClient.initialize(config);
|
|
79
85
|
|
|
80
86
|
const _spaHelper = new SPAHelper<MainThreadClientConfig>(_authenticationClient);
|
|
81
87
|
const _dataLayer = _authenticationClient.getDataLayer();
|
|
82
|
-
const _sessionManagementHelper = SessionManagementHelper(
|
|
88
|
+
const _sessionManagementHelper = await SessionManagementHelper(
|
|
83
89
|
async () => {
|
|
84
90
|
return _authenticationClient.signOut();
|
|
85
91
|
},
|
|
@@ -99,7 +105,7 @@ export const MainThreadClient = async (
|
|
|
99
105
|
if (requestConfig.attachToken) {
|
|
100
106
|
request.headers = {
|
|
101
107
|
...request.headers,
|
|
102
|
-
Authorization: `Bearer ${await _authenticationClient.getAccessToken()}`
|
|
108
|
+
Authorization: `Bearer ${ await _authenticationClient.getAccessToken() }`
|
|
103
109
|
};
|
|
104
110
|
}
|
|
105
111
|
};
|
|
@@ -126,9 +132,10 @@ export const MainThreadClient = async (
|
|
|
126
132
|
const httpRequest = async (requestConfig: HttpRequestConfig): Promise<HttpResponse> => {
|
|
127
133
|
let matches = false;
|
|
128
134
|
const config = await _dataLayer.getConfigData();
|
|
135
|
+
const serverOrigin = (config as any).baseUrl || (config as any).serverOrigin;
|
|
129
136
|
|
|
130
|
-
for (const baseUrl of [...((await config?.resourceServerURLs) ?? []),
|
|
131
|
-
if (requestConfig?.url?.startsWith(baseUrl)) {
|
|
137
|
+
for (const baseUrl of [ ...((await config?.resourceServerURLs) ?? []), serverOrigin ]) {
|
|
138
|
+
if (baseUrl && requestConfig?.url?.startsWith(baseUrl)) {
|
|
132
139
|
matches = true;
|
|
133
140
|
|
|
134
141
|
break;
|
|
@@ -150,22 +157,19 @@ export const MainThreadClient = async (
|
|
|
150
157
|
} catch (refreshError: any) {
|
|
151
158
|
if (_isHttpHandlerEnabled) {
|
|
152
159
|
if (typeof _httpErrorCallback === "function") {
|
|
153
|
-
await _httpErrorCallback(error);
|
|
160
|
+
await _httpErrorCallback({ ...error, code: ACCESS_TOKEN_INVALID });
|
|
154
161
|
}
|
|
155
162
|
if (typeof _httpFinishCallback === "function") {
|
|
156
163
|
_httpFinishCallback();
|
|
157
164
|
}
|
|
158
165
|
}
|
|
159
166
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
"",
|
|
167
|
-
refreshError
|
|
168
|
-
)
|
|
167
|
+
throw new AsgardeoAuthException(
|
|
168
|
+
"SPA-MAIN_THREAD_CLIENT-HR-SE01",
|
|
169
|
+
refreshError?.name ?? "Refresh token request failed.",
|
|
170
|
+
refreshError?.message ??
|
|
171
|
+
"An error occurred while trying to refresh the " +
|
|
172
|
+
"access token following a 401 response from the server."
|
|
169
173
|
);
|
|
170
174
|
}
|
|
171
175
|
|
|
@@ -201,16 +205,12 @@ export const MainThreadClient = async (
|
|
|
201
205
|
return Promise.reject(error);
|
|
202
206
|
});
|
|
203
207
|
} else {
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
211
|
-
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
212
|
-
"cannot be found among the `resourceServerURLs`"
|
|
213
|
-
)
|
|
208
|
+
throw new AsgardeoAuthException(
|
|
209
|
+
"SPA-MAIN_THREAD_CLIENT-HR-IV02",
|
|
210
|
+
"Request to the provided endpoint is prohibited.",
|
|
211
|
+
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
212
|
+
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
213
|
+
"cannot be found among the `resourceServerURLs`"
|
|
214
214
|
);
|
|
215
215
|
}
|
|
216
216
|
};
|
|
@@ -219,11 +219,16 @@ export const MainThreadClient = async (
|
|
|
219
219
|
let matches = true;
|
|
220
220
|
const config = await _dataLayer.getConfigData();
|
|
221
221
|
|
|
222
|
+
const serverOrigin = (config as any).baseUrl || (config as any).serverOrigin;
|
|
223
|
+
|
|
222
224
|
for (const requestConfig of requestConfigs) {
|
|
223
225
|
let urlMatches = false;
|
|
224
226
|
|
|
225
|
-
for (const baseUrl of [
|
|
226
|
-
|
|
227
|
+
for (const baseUrl of [
|
|
228
|
+
...((await config)?.resourceServerURLs ?? []),
|
|
229
|
+
serverOrigin
|
|
230
|
+
]) {
|
|
231
|
+
if (baseUrl && requestConfig.url?.startsWith(baseUrl)) {
|
|
227
232
|
urlMatches = true;
|
|
228
233
|
|
|
229
234
|
break;
|
|
@@ -253,33 +258,31 @@ export const MainThreadClient = async (
|
|
|
253
258
|
})
|
|
254
259
|
.catch(async (error: HttpError) => {
|
|
255
260
|
if (error?.response?.status === 401 || !error?.response) {
|
|
256
|
-
let refreshTokenResponse;
|
|
261
|
+
let refreshTokenResponse: TokenResponse;
|
|
257
262
|
try {
|
|
258
263
|
refreshTokenResponse = await _authenticationClient.refreshAccessToken();
|
|
259
264
|
} catch (refreshError: any) {
|
|
260
265
|
if (_isHttpHandlerEnabled) {
|
|
261
266
|
if (typeof _httpErrorCallback === "function") {
|
|
262
|
-
await _httpErrorCallback(error);
|
|
267
|
+
await _httpErrorCallback({ ...error, code: ACCESS_TOKEN_INVALID });
|
|
263
268
|
}
|
|
264
269
|
if (typeof _httpFinishCallback === "function") {
|
|
265
270
|
_httpFinishCallback();
|
|
266
271
|
}
|
|
267
272
|
}
|
|
268
273
|
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
"",
|
|
276
|
-
refreshError
|
|
277
|
-
)
|
|
274
|
+
throw new AsgardeoAuthException(
|
|
275
|
+
"SPA-MAIN_THREAD_CLIENT-HRA-SE01",
|
|
276
|
+
refreshError?.name ?? "Refresh token request failed.",
|
|
277
|
+
refreshError?.message ??
|
|
278
|
+
"An error occurred while trying to refresh the " +
|
|
279
|
+
"access token following a 401 response from the server."
|
|
278
280
|
);
|
|
279
281
|
}
|
|
280
282
|
|
|
281
283
|
if (refreshTokenResponse) {
|
|
282
|
-
return
|
|
284
|
+
return (
|
|
285
|
+
_httpClient.all &&
|
|
283
286
|
_httpClient
|
|
284
287
|
.all(requests)
|
|
285
288
|
.then((response) => {
|
|
@@ -296,7 +299,8 @@ export const MainThreadClient = async (
|
|
|
296
299
|
}
|
|
297
300
|
|
|
298
301
|
return Promise.reject(error);
|
|
299
|
-
})
|
|
302
|
+
})
|
|
303
|
+
);
|
|
300
304
|
}
|
|
301
305
|
}
|
|
302
306
|
|
|
@@ -313,16 +317,12 @@ export const MainThreadClient = async (
|
|
|
313
317
|
})
|
|
314
318
|
);
|
|
315
319
|
} else {
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
323
|
-
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
324
|
-
"cannot be found among the `resourceServerURLs`"
|
|
325
|
-
)
|
|
320
|
+
throw new AsgardeoAuthException(
|
|
321
|
+
"SPA-MAIN_THREAD_CLIENT-HRA-IV02",
|
|
322
|
+
"Request to the provided endpoint is prohibited.",
|
|
323
|
+
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
324
|
+
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
325
|
+
"cannot be found among the `resourceServerURLs`"
|
|
326
326
|
);
|
|
327
327
|
}
|
|
328
328
|
};
|
|
@@ -356,15 +356,15 @@ export const MainThreadClient = async (
|
|
|
356
356
|
config.checkSessionInterval ?? 3,
|
|
357
357
|
config.sessionRefreshInterval ?? 300,
|
|
358
358
|
config.signInRedirectURL,
|
|
359
|
-
|
|
360
|
-
config.enablePKCE
|
|
359
|
+
async (params?: GetAuthURLConfig): Promise<string> => _authenticationClient.getAuthorizationURL(params)
|
|
361
360
|
);
|
|
362
361
|
};
|
|
363
362
|
|
|
364
363
|
const signIn = async (
|
|
365
364
|
signInConfig?: GetAuthURLConfig,
|
|
366
365
|
authorizationCode?: string,
|
|
367
|
-
sessionState?: string
|
|
366
|
+
sessionState?: string,
|
|
367
|
+
state?: string
|
|
368
368
|
): Promise<BasicUserInfo> => {
|
|
369
369
|
const config = await _dataLayer.getConfigData();
|
|
370
370
|
|
|
@@ -401,18 +401,22 @@ export const MainThreadClient = async (
|
|
|
401
401
|
|
|
402
402
|
let resolvedAuthorizationCode: string;
|
|
403
403
|
let resolvedSessionState: string;
|
|
404
|
+
let resolvedState: string;
|
|
404
405
|
|
|
405
406
|
if (config?.responseMode === ResponseMode.formPost && authorizationCode) {
|
|
406
407
|
resolvedAuthorizationCode = authorizationCode;
|
|
407
408
|
resolvedSessionState = sessionState ?? "";
|
|
409
|
+
resolvedState = state ?? "";
|
|
408
410
|
} else {
|
|
409
411
|
resolvedAuthorizationCode = new URL(window.location.href).searchParams.get(AUTHORIZATION_CODE) ?? "";
|
|
410
412
|
resolvedSessionState = new URL(window.location.href).searchParams.get(SESSION_STATE) ?? "";
|
|
413
|
+
resolvedState = new URL(window.location.href).searchParams.get(STATE) ?? "";
|
|
414
|
+
|
|
411
415
|
SPAUtils.removeAuthorizationCode();
|
|
412
416
|
}
|
|
413
417
|
|
|
414
|
-
if (resolvedAuthorizationCode) {
|
|
415
|
-
return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState);
|
|
418
|
+
if (resolvedAuthorizationCode && resolvedState) {
|
|
419
|
+
return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState);
|
|
416
420
|
}
|
|
417
421
|
|
|
418
422
|
const error = new URL(window.location.href).searchParams.get(ERROR);
|
|
@@ -425,20 +429,14 @@ export const MainThreadClient = async (
|
|
|
425
429
|
|
|
426
430
|
history.pushState(null, document.title, url.toString());
|
|
427
431
|
|
|
428
|
-
|
|
429
|
-
new AsgardeoSPAException(
|
|
430
|
-
"MAIN_THREAD_CLIENT-SI-BE",
|
|
431
|
-
"main-thread-client",
|
|
432
|
-
"signIn",
|
|
433
|
-
error,
|
|
434
|
-
errorDescription ?? ""
|
|
435
|
-
)
|
|
436
|
-
);
|
|
432
|
+
throw new AsgardeoAuthException("SPA-MAIN_THREAD_CLIENT-SI-SE01", error, errorDescription ?? "");
|
|
437
433
|
}
|
|
438
434
|
|
|
439
435
|
return _authenticationClient.getAuthorizationURL(signInConfig).then(async (url: string) => {
|
|
440
436
|
if (config.storage === Storage.BrowserMemory && config.enablePKCE) {
|
|
441
|
-
|
|
437
|
+
const pkceKey: string = AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState);
|
|
438
|
+
|
|
439
|
+
SPAUtils.setPKCE(pkceKey, (await _authenticationClient.getPKCECode(resolvedState)) as string);
|
|
442
440
|
}
|
|
443
441
|
|
|
444
442
|
location.href = url;
|
|
@@ -458,7 +456,7 @@ export const MainThreadClient = async (
|
|
|
458
456
|
};
|
|
459
457
|
|
|
460
458
|
const signOut = async (): Promise<boolean> => {
|
|
461
|
-
if (await _authenticationClient.isAuthenticated() && !_getSignOutURLFromSessionStorage) {
|
|
459
|
+
if ((await _authenticationClient.isAuthenticated()) && !_getSignOutURLFromSessionStorage) {
|
|
462
460
|
location.href = await _authenticationClient.signOut();
|
|
463
461
|
} else {
|
|
464
462
|
location.href = SPAUtils.getSignOutURL();
|
|
@@ -474,31 +472,33 @@ export const MainThreadClient = async (
|
|
|
474
472
|
return true;
|
|
475
473
|
};
|
|
476
474
|
|
|
477
|
-
const requestCustomGrant = async (config: SPACustomGrantConfig): Promise<BasicUserInfo |
|
|
475
|
+
const requestCustomGrant = async (config: SPACustomGrantConfig): Promise<BasicUserInfo | FetchResponse> => {
|
|
478
476
|
let useDefaultEndpoint = true;
|
|
479
477
|
let matches = false;
|
|
480
|
-
|
|
478
|
+
|
|
479
|
+
const serverOrigin = (config as any).baseUrl || (config as any).serverOrigin;
|
|
481
480
|
|
|
482
481
|
// If the config does not contains a token endpoint, default token endpoint will be used.
|
|
483
482
|
if (config?.tokenEndpoint) {
|
|
484
483
|
useDefaultEndpoint = false;
|
|
484
|
+
|
|
485
485
|
for (const baseUrl of [
|
|
486
486
|
...((await _dataLayer.getConfigData())?.resourceServerURLs ?? []),
|
|
487
|
-
|
|
487
|
+
serverOrigin
|
|
488
488
|
]) {
|
|
489
|
-
if (config.tokenEndpoint?.startsWith(baseUrl)) {
|
|
489
|
+
if (baseUrl && config.tokenEndpoint?.startsWith(baseUrl)) {
|
|
490
490
|
matches = true;
|
|
491
491
|
break;
|
|
492
492
|
}
|
|
493
493
|
}
|
|
494
494
|
}
|
|
495
|
-
if(config.shouldReplayAfterRefresh) {
|
|
495
|
+
if (config.shouldReplayAfterRefresh) {
|
|
496
496
|
_dataLayer.setTemporaryDataParameter(CUSTOM_GRANT_CONFIG, JSON.stringify(config));
|
|
497
497
|
}
|
|
498
498
|
if (useDefaultEndpoint || matches) {
|
|
499
499
|
return _authenticationClient
|
|
500
500
|
.requestCustomGrant(config)
|
|
501
|
-
.then(async (response:
|
|
501
|
+
.then(async (response: FetchResponse | TokenResponse) => {
|
|
502
502
|
if (config.preventSignOutURLUpdate) {
|
|
503
503
|
_getSignOutURLFromSessionStorage = true;
|
|
504
504
|
}
|
|
@@ -508,7 +508,7 @@ export const MainThreadClient = async (
|
|
|
508
508
|
|
|
509
509
|
return _authenticationClient.getBasicUserInfo();
|
|
510
510
|
} else {
|
|
511
|
-
return response as
|
|
511
|
+
return response as FetchResponse;
|
|
512
512
|
}
|
|
513
513
|
})
|
|
514
514
|
.catch((error) => {
|
|
@@ -516,14 +516,12 @@ export const MainThreadClient = async (
|
|
|
516
516
|
});
|
|
517
517
|
} else {
|
|
518
518
|
return Promise.reject(
|
|
519
|
-
new
|
|
520
|
-
"MAIN_THREAD_CLIENT-RCG-IV01",
|
|
521
|
-
"main-thread-client",
|
|
522
|
-
"requestCustomGrant",
|
|
519
|
+
new AsgardeoAuthException(
|
|
520
|
+
"SPA-MAIN_THREAD_CLIENT-RCG-IV01",
|
|
523
521
|
"Request to the provided endpoint is prohibited.",
|
|
524
522
|
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
525
|
-
|
|
526
|
-
|
|
523
|
+
" attribute while initializing the SDK. The specified token endpoint in this request " +
|
|
524
|
+
"cannot be found among the `resourceServerURLs`"
|
|
527
525
|
)
|
|
528
526
|
);
|
|
529
527
|
}
|
|
@@ -558,18 +556,22 @@ export const MainThreadClient = async (
|
|
|
558
556
|
|
|
559
557
|
const requestAccessToken = async (
|
|
560
558
|
resolvedAuthorizationCode: string,
|
|
561
|
-
resolvedSessionState: string
|
|
559
|
+
resolvedSessionState: string,
|
|
560
|
+
resolvedState: string
|
|
562
561
|
): Promise<BasicUserInfo> => {
|
|
563
562
|
const config = await _dataLayer.getConfigData();
|
|
564
563
|
|
|
565
564
|
if (config.storage === Storage.BrowserMemory && config.enablePKCE) {
|
|
566
|
-
const pkce = SPAUtils.getPKCE();
|
|
565
|
+
const pkce = SPAUtils.getPKCE(AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState));
|
|
567
566
|
|
|
568
|
-
await _authenticationClient.setPKCECode(
|
|
567
|
+
await _authenticationClient.setPKCECode(
|
|
568
|
+
AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState),
|
|
569
|
+
pkce
|
|
570
|
+
);
|
|
569
571
|
}
|
|
570
572
|
|
|
571
573
|
return _authenticationClient
|
|
572
|
-
.requestAccessToken(resolvedAuthorizationCode, resolvedSessionState)
|
|
574
|
+
.requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState)
|
|
573
575
|
.then(async () => {
|
|
574
576
|
// Disable this temporarily
|
|
575
577
|
/* if (config.storage === Storage.BrowserMemory) {
|
|
@@ -634,7 +636,12 @@ export const MainThreadClient = async (
|
|
|
634
636
|
const url: string = urlObject.toString();
|
|
635
637
|
|
|
636
638
|
if (config.storage === Storage.BrowserMemory && config.enablePKCE) {
|
|
637
|
-
|
|
639
|
+
const state = urlObject.searchParams.get(STATE);
|
|
640
|
+
|
|
641
|
+
SPAUtils.setPKCE(
|
|
642
|
+
AuthenticationUtils.extractPKCEKeyFromStateParam(state ?? ""),
|
|
643
|
+
(await _authenticationClient.getPKCECode(state ?? "")) as string
|
|
644
|
+
);
|
|
638
645
|
}
|
|
639
646
|
|
|
640
647
|
promptNoneIFrame.src = url;
|
|
@@ -657,7 +664,7 @@ export const MainThreadClient = async (
|
|
|
657
664
|
}
|
|
658
665
|
|
|
659
666
|
if (data?.type == CHECK_SESSION_SIGNED_IN && data?.data?.code) {
|
|
660
|
-
requestAccessToken(data.data.code, data?.data?.sessionState)
|
|
667
|
+
requestAccessToken(data.data.code, data?.data?.sessionState, data?.data?.state)
|
|
661
668
|
.then((response: BasicUserInfo) => {
|
|
662
669
|
window.removeEventListener("message", listenToPromptNoneIFrame);
|
|
663
670
|
resolve(response);
|
|
@@ -723,11 +730,11 @@ export const MainThreadClient = async (
|
|
|
723
730
|
};
|
|
724
731
|
|
|
725
732
|
const getCustomGrantConfigData = async (): Promise<AuthClientConfig<CustomGrantConfig> | null> => {
|
|
726
|
-
const configString =
|
|
727
|
-
if(configString) {
|
|
733
|
+
const configString = await _dataLayer.getTemporaryDataParameter(CUSTOM_GRANT_CONFIG);
|
|
734
|
+
if (configString) {
|
|
728
735
|
return JSON.parse(configString as string);
|
|
729
736
|
} else {
|
|
730
|
-
return null
|
|
737
|
+
return null;
|
|
731
738
|
}
|
|
732
739
|
};
|
|
733
740
|
|