@asgardeo/auth-spa 0.2.21 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +111 -89
- package/dist/asgardeo-spa.production.esm.js +19 -16
- package/dist/asgardeo-spa.production.esm.js.map +1 -1
- package/dist/asgardeo-spa.production.js +19 -16
- package/dist/asgardeo-spa.production.js.map +1 -1
- package/dist/asgardeo-spa.production.min.js +1 -1
- package/dist/asgardeo-spa.production.min.js.map +1 -1
- package/dist/polyfilled/asgardeo-spa.production.esm.js +42 -39
- package/dist/polyfilled/asgardeo-spa.production.esm.js.map +1 -1
- package/dist/polyfilled/asgardeo-spa.production.js +42 -39
- package/dist/polyfilled/asgardeo-spa.production.js.map +1 -1
- package/dist/polyfilled/asgardeo-spa.production.min.js +1 -1
- package/dist/polyfilled/asgardeo-spa.production.min.js.map +1 -1
- package/dist/src/client.d.ts +6 -3
- package/dist/src/client.d.ts.map +1 -1
- package/dist/src/client.js +14 -11
- package/dist/src/client.js.map +1 -1
- package/dist/src/clients/main-thread-client.d.ts.map +1 -1
- package/dist/src/clients/main-thread-client.js +40 -34
- package/dist/src/clients/main-thread-client.js.map +1 -1
- package/dist/src/clients/web-worker-client.d.ts.map +1 -1
- package/dist/src/clients/web-worker-client.js +7 -9
- package/dist/src/clients/web-worker-client.js.map +1 -1
- package/dist/src/models/client.d.ts +2 -2
- package/dist/src/models/client.d.ts.map +1 -1
- package/dist/src/utils/crypto-utils.d.ts +2 -4
- package/dist/src/utils/crypto-utils.d.ts.map +1 -1
- package/dist/src/utils/crypto-utils.js +3 -6
- package/dist/src/utils/crypto-utils.js.map +1 -1
- package/dist/src/worker/client.worker.d.ts.map +1 -1
- package/dist/src/worker/client.worker.js +3 -3
- package/dist/src/worker/client.worker.js.map +1 -1
- package/dist/src/worker/worker-core.d.ts.map +1 -1
- package/dist/src/worker/worker-core.js +48 -42
- package/dist/src/worker/worker-core.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +2 -2
- package/src/client.ts +24 -35
- package/src/clients/main-thread-client.ts +63 -75
- package/src/clients/web-worker-client.ts +20 -30
- package/src/models/client.ts +2 -3
- package/src/utils/crypto-utils.ts +15 -19
- package/src/worker/client.worker.ts +5 -10
- package/src/worker/worker-core.ts +81 -89
- package/dist/src/exception/exception.d.ts +0 -27
- package/dist/src/exception/exception.d.ts.map +0 -1
- package/dist/src/exception/exception.js +0 -30
- package/dist/src/exception/exception.js.map +0 -1
- package/dist/src/exception/index.d.ts +0 -19
- package/dist/src/exception/index.d.ts.map +0 -1
- package/dist/src/exception/index.js +0 -19
- package/dist/src/exception/index.js.map +0 -1
- package/src/exception/exception.ts +0 -44
- package/src/exception/index.ts +0 -19
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
import {
|
|
20
20
|
AUTHORIZATION_CODE,
|
|
21
21
|
AsgardeoAuthClient,
|
|
22
|
+
AsgardeoAuthException,
|
|
22
23
|
AuthClientConfig,
|
|
23
24
|
AuthenticationUtils,
|
|
24
25
|
BasicUserInfo,
|
|
@@ -45,7 +46,6 @@ import {
|
|
|
45
46
|
SILENT_SIGN_IN_STATE,
|
|
46
47
|
Storage
|
|
47
48
|
} from "../constants";
|
|
48
|
-
import { AsgardeoSPAException } from "../exception";
|
|
49
49
|
import { SPAHelper, SessionManagementHelper } from "../helpers";
|
|
50
50
|
import { HttpClient, HttpClientInstance } from "../http-client";
|
|
51
51
|
import {
|
|
@@ -105,7 +105,7 @@ export const MainThreadClient = async (
|
|
|
105
105
|
if (requestConfig.attachToken) {
|
|
106
106
|
request.headers = {
|
|
107
107
|
...request.headers,
|
|
108
|
-
Authorization: `Bearer ${await _authenticationClient.getAccessToken()}`
|
|
108
|
+
Authorization: `Bearer ${ await _authenticationClient.getAccessToken() }`
|
|
109
109
|
};
|
|
110
110
|
}
|
|
111
111
|
};
|
|
@@ -132,9 +132,10 @@ export const MainThreadClient = async (
|
|
|
132
132
|
const httpRequest = async (requestConfig: HttpRequestConfig): Promise<HttpResponse> => {
|
|
133
133
|
let matches = false;
|
|
134
134
|
const config = await _dataLayer.getConfigData();
|
|
135
|
+
const serverOrigin = (config as any).baseUrl || (config as any).serverOrigin;
|
|
135
136
|
|
|
136
|
-
for (const baseUrl of [...((await config?.resourceServerURLs) ?? []),
|
|
137
|
-
if (requestConfig?.url?.startsWith(baseUrl)) {
|
|
137
|
+
for (const baseUrl of [ ...((await config?.resourceServerURLs) ?? []), serverOrigin ]) {
|
|
138
|
+
if (baseUrl && requestConfig?.url?.startsWith(baseUrl)) {
|
|
138
139
|
matches = true;
|
|
139
140
|
|
|
140
141
|
break;
|
|
@@ -163,15 +164,12 @@ export const MainThreadClient = async (
|
|
|
163
164
|
}
|
|
164
165
|
}
|
|
165
166
|
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
"",
|
|
173
|
-
refreshError
|
|
174
|
-
)
|
|
167
|
+
throw new AsgardeoAuthException(
|
|
168
|
+
"SPA-MAIN_THREAD_CLIENT-HR-SE01",
|
|
169
|
+
refreshError?.name ?? "Refresh token request failed.",
|
|
170
|
+
refreshError?.message ??
|
|
171
|
+
"An error occurred while trying to refresh the " +
|
|
172
|
+
"access token following a 401 response from the server."
|
|
175
173
|
);
|
|
176
174
|
}
|
|
177
175
|
|
|
@@ -207,16 +205,12 @@ export const MainThreadClient = async (
|
|
|
207
205
|
return Promise.reject(error);
|
|
208
206
|
});
|
|
209
207
|
} else {
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
217
|
-
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
218
|
-
"cannot be found among the `resourceServerURLs`"
|
|
219
|
-
)
|
|
208
|
+
throw new AsgardeoAuthException(
|
|
209
|
+
"SPA-MAIN_THREAD_CLIENT-HR-IV02",
|
|
210
|
+
"Request to the provided endpoint is prohibited.",
|
|
211
|
+
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
212
|
+
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
213
|
+
"cannot be found among the `resourceServerURLs`"
|
|
220
214
|
);
|
|
221
215
|
}
|
|
222
216
|
};
|
|
@@ -225,11 +219,16 @@ export const MainThreadClient = async (
|
|
|
225
219
|
let matches = true;
|
|
226
220
|
const config = await _dataLayer.getConfigData();
|
|
227
221
|
|
|
222
|
+
const serverOrigin = (config as any).baseUrl || (config as any).serverOrigin;
|
|
223
|
+
|
|
228
224
|
for (const requestConfig of requestConfigs) {
|
|
229
225
|
let urlMatches = false;
|
|
230
226
|
|
|
231
|
-
for (const baseUrl of [
|
|
232
|
-
|
|
227
|
+
for (const baseUrl of [
|
|
228
|
+
...((await config)?.resourceServerURLs ?? []),
|
|
229
|
+
serverOrigin
|
|
230
|
+
]) {
|
|
231
|
+
if (baseUrl && requestConfig.url?.startsWith(baseUrl)) {
|
|
233
232
|
urlMatches = true;
|
|
234
233
|
|
|
235
234
|
break;
|
|
@@ -259,7 +258,7 @@ export const MainThreadClient = async (
|
|
|
259
258
|
})
|
|
260
259
|
.catch(async (error: HttpError) => {
|
|
261
260
|
if (error?.response?.status === 401 || !error?.response) {
|
|
262
|
-
let refreshTokenResponse;
|
|
261
|
+
let refreshTokenResponse: TokenResponse;
|
|
263
262
|
try {
|
|
264
263
|
refreshTokenResponse = await _authenticationClient.refreshAccessToken();
|
|
265
264
|
} catch (refreshError: any) {
|
|
@@ -272,20 +271,18 @@ export const MainThreadClient = async (
|
|
|
272
271
|
}
|
|
273
272
|
}
|
|
274
273
|
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
"",
|
|
282
|
-
refreshError
|
|
283
|
-
)
|
|
274
|
+
throw new AsgardeoAuthException(
|
|
275
|
+
"SPA-MAIN_THREAD_CLIENT-HRA-SE01",
|
|
276
|
+
refreshError?.name ?? "Refresh token request failed.",
|
|
277
|
+
refreshError?.message ??
|
|
278
|
+
"An error occurred while trying to refresh the " +
|
|
279
|
+
"access token following a 401 response from the server."
|
|
284
280
|
);
|
|
285
281
|
}
|
|
286
282
|
|
|
287
283
|
if (refreshTokenResponse) {
|
|
288
|
-
return
|
|
284
|
+
return (
|
|
285
|
+
_httpClient.all &&
|
|
289
286
|
_httpClient
|
|
290
287
|
.all(requests)
|
|
291
288
|
.then((response) => {
|
|
@@ -302,7 +299,8 @@ export const MainThreadClient = async (
|
|
|
302
299
|
}
|
|
303
300
|
|
|
304
301
|
return Promise.reject(error);
|
|
305
|
-
})
|
|
302
|
+
})
|
|
303
|
+
);
|
|
306
304
|
}
|
|
307
305
|
}
|
|
308
306
|
|
|
@@ -319,16 +317,12 @@ export const MainThreadClient = async (
|
|
|
319
317
|
})
|
|
320
318
|
);
|
|
321
319
|
} else {
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
329
|
-
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
330
|
-
"cannot be found among the `resourceServerURLs`"
|
|
331
|
-
)
|
|
320
|
+
throw new AsgardeoAuthException(
|
|
321
|
+
"SPA-MAIN_THREAD_CLIENT-HRA-IV02",
|
|
322
|
+
"Request to the provided endpoint is prohibited.",
|
|
323
|
+
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
324
|
+
" attribute while initializing the SDK. The specified endpoint in this request " +
|
|
325
|
+
"cannot be found among the `resourceServerURLs`"
|
|
332
326
|
);
|
|
333
327
|
}
|
|
334
328
|
};
|
|
@@ -362,7 +356,7 @@ export const MainThreadClient = async (
|
|
|
362
356
|
config.checkSessionInterval ?? 3,
|
|
363
357
|
config.sessionRefreshInterval ?? 300,
|
|
364
358
|
config.signInRedirectURL,
|
|
365
|
-
async (params?: GetAuthURLConfig): Promise<string> =>
|
|
359
|
+
async (params?: GetAuthURLConfig): Promise<string> => _authenticationClient.getAuthorizationURL(params)
|
|
366
360
|
);
|
|
367
361
|
};
|
|
368
362
|
|
|
@@ -421,7 +415,7 @@ export const MainThreadClient = async (
|
|
|
421
415
|
SPAUtils.removeAuthorizationCode();
|
|
422
416
|
}
|
|
423
417
|
|
|
424
|
-
if (resolvedAuthorizationCode) {
|
|
418
|
+
if (resolvedAuthorizationCode && resolvedState) {
|
|
425
419
|
return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState);
|
|
426
420
|
}
|
|
427
421
|
|
|
@@ -435,15 +429,7 @@ export const MainThreadClient = async (
|
|
|
435
429
|
|
|
436
430
|
history.pushState(null, document.title, url.toString());
|
|
437
431
|
|
|
438
|
-
|
|
439
|
-
new AsgardeoSPAException(
|
|
440
|
-
"MAIN_THREAD_CLIENT-SI-BE",
|
|
441
|
-
"main-thread-client",
|
|
442
|
-
"signIn",
|
|
443
|
-
error,
|
|
444
|
-
errorDescription ?? ""
|
|
445
|
-
)
|
|
446
|
-
);
|
|
432
|
+
throw new AsgardeoAuthException("SPA-MAIN_THREAD_CLIENT-SI-SE01", error, errorDescription ?? "");
|
|
447
433
|
}
|
|
448
434
|
|
|
449
435
|
return _authenticationClient.getAuthorizationURL(signInConfig).then(async (url: string) => {
|
|
@@ -470,7 +456,7 @@ export const MainThreadClient = async (
|
|
|
470
456
|
};
|
|
471
457
|
|
|
472
458
|
const signOut = async (): Promise<boolean> => {
|
|
473
|
-
if (await _authenticationClient.isAuthenticated() && !_getSignOutURLFromSessionStorage) {
|
|
459
|
+
if ((await _authenticationClient.isAuthenticated()) && !_getSignOutURLFromSessionStorage) {
|
|
474
460
|
location.href = await _authenticationClient.signOut();
|
|
475
461
|
} else {
|
|
476
462
|
location.href = SPAUtils.getSignOutURL();
|
|
@@ -489,22 +475,24 @@ export const MainThreadClient = async (
|
|
|
489
475
|
const requestCustomGrant = async (config: SPACustomGrantConfig): Promise<BasicUserInfo | FetchResponse> => {
|
|
490
476
|
let useDefaultEndpoint = true;
|
|
491
477
|
let matches = false;
|
|
492
|
-
|
|
478
|
+
|
|
479
|
+
const serverOrigin = (config as any).baseUrl || (config as any).serverOrigin;
|
|
493
480
|
|
|
494
481
|
// If the config does not contains a token endpoint, default token endpoint will be used.
|
|
495
482
|
if (config?.tokenEndpoint) {
|
|
496
483
|
useDefaultEndpoint = false;
|
|
484
|
+
|
|
497
485
|
for (const baseUrl of [
|
|
498
486
|
...((await _dataLayer.getConfigData())?.resourceServerURLs ?? []),
|
|
499
|
-
|
|
487
|
+
serverOrigin
|
|
500
488
|
]) {
|
|
501
|
-
if (config.tokenEndpoint?.startsWith(baseUrl)) {
|
|
489
|
+
if (baseUrl && config.tokenEndpoint?.startsWith(baseUrl)) {
|
|
502
490
|
matches = true;
|
|
503
491
|
break;
|
|
504
492
|
}
|
|
505
493
|
}
|
|
506
494
|
}
|
|
507
|
-
if(config.shouldReplayAfterRefresh) {
|
|
495
|
+
if (config.shouldReplayAfterRefresh) {
|
|
508
496
|
_dataLayer.setTemporaryDataParameter(CUSTOM_GRANT_CONFIG, JSON.stringify(config));
|
|
509
497
|
}
|
|
510
498
|
if (useDefaultEndpoint || matches) {
|
|
@@ -528,14 +516,12 @@ export const MainThreadClient = async (
|
|
|
528
516
|
});
|
|
529
517
|
} else {
|
|
530
518
|
return Promise.reject(
|
|
531
|
-
new
|
|
532
|
-
"MAIN_THREAD_CLIENT-RCG-IV01",
|
|
533
|
-
"main-thread-client",
|
|
534
|
-
"requestCustomGrant",
|
|
519
|
+
new AsgardeoAuthException(
|
|
520
|
+
"SPA-MAIN_THREAD_CLIENT-RCG-IV01",
|
|
535
521
|
"Request to the provided endpoint is prohibited.",
|
|
536
522
|
"Requests can only be sent to resource servers specified by the `resourceServerURLs`" +
|
|
537
|
-
|
|
538
|
-
|
|
523
|
+
" attribute while initializing the SDK. The specified token endpoint in this request " +
|
|
524
|
+
"cannot be found among the `resourceServerURLs`"
|
|
539
525
|
)
|
|
540
526
|
);
|
|
541
527
|
}
|
|
@@ -580,7 +566,8 @@ export const MainThreadClient = async (
|
|
|
580
566
|
|
|
581
567
|
await _authenticationClient.setPKCECode(
|
|
582
568
|
AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState),
|
|
583
|
-
pkce
|
|
569
|
+
pkce
|
|
570
|
+
);
|
|
584
571
|
}
|
|
585
572
|
|
|
586
573
|
return _authenticationClient
|
|
@@ -652,8 +639,9 @@ export const MainThreadClient = async (
|
|
|
652
639
|
const state = urlObject.searchParams.get(STATE);
|
|
653
640
|
|
|
654
641
|
SPAUtils.setPKCE(
|
|
655
|
-
AuthenticationUtils.extractPKCEKeyFromStateParam(
|
|
656
|
-
(await _authenticationClient.getPKCECode(state ?? "")) as string
|
|
642
|
+
AuthenticationUtils.extractPKCEKeyFromStateParam(state ?? ""),
|
|
643
|
+
(await _authenticationClient.getPKCECode(state ?? "")) as string
|
|
644
|
+
);
|
|
657
645
|
}
|
|
658
646
|
|
|
659
647
|
promptNoneIFrame.src = url;
|
|
@@ -742,11 +730,11 @@ export const MainThreadClient = async (
|
|
|
742
730
|
};
|
|
743
731
|
|
|
744
732
|
const getCustomGrantConfigData = async (): Promise<AuthClientConfig<CustomGrantConfig> | null> => {
|
|
745
|
-
const configString =
|
|
746
|
-
if(configString) {
|
|
733
|
+
const configString = await _dataLayer.getTemporaryDataParameter(CUSTOM_GRANT_CONFIG);
|
|
734
|
+
if (configString) {
|
|
747
735
|
return JSON.parse(configString as string);
|
|
748
736
|
} else {
|
|
749
|
-
return null
|
|
737
|
+
return null;
|
|
750
738
|
}
|
|
751
739
|
};
|
|
752
740
|
|
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
|
|
19
19
|
import {
|
|
20
20
|
AUTHORIZATION_CODE,
|
|
21
|
+
AsgardeoAuthException,
|
|
21
22
|
AuthClientConfig,
|
|
22
23
|
AuthenticationUtils,
|
|
23
24
|
BasicUserInfo,
|
|
@@ -26,7 +27,6 @@ import {
|
|
|
26
27
|
FetchResponse,
|
|
27
28
|
GetAuthURLConfig,
|
|
28
29
|
OIDCEndpoints,
|
|
29
|
-
OIDCProviderMetaData,
|
|
30
30
|
ResponseMode,
|
|
31
31
|
SESSION_STATE,
|
|
32
32
|
STATE
|
|
@@ -65,7 +65,6 @@ import {
|
|
|
65
65
|
START_AUTO_REFRESH_TOKEN,
|
|
66
66
|
UPDATE_CONFIG
|
|
67
67
|
} from "../constants";
|
|
68
|
-
import { AsgardeoSPAException } from "../exception";
|
|
69
68
|
import { SessionManagementHelper } from "../helpers";
|
|
70
69
|
import {
|
|
71
70
|
AuthorizationInfo,
|
|
@@ -83,7 +82,8 @@ import { SPACustomGrantConfig } from "../models/request-custom-grant";
|
|
|
83
82
|
import { SPAUtils } from "../utils";
|
|
84
83
|
|
|
85
84
|
export const WebWorkerClient = async (
|
|
86
|
-
config: AuthClientConfig<WebWorkerClientConfig>
|
|
85
|
+
config: AuthClientConfig<WebWorkerClientConfig>
|
|
86
|
+
): Promise<WebWorkerClientInterface> => {
|
|
87
87
|
/**
|
|
88
88
|
* HttpClient handlers
|
|
89
89
|
*/
|
|
@@ -118,24 +118,22 @@ export const WebWorkerClient = async (
|
|
|
118
118
|
const communicate = <T, R>(message: Message<T>): Promise<R> => {
|
|
119
119
|
const channel = new MessageChannel();
|
|
120
120
|
|
|
121
|
-
worker.postMessage(message, [channel.port2]);
|
|
121
|
+
worker.postMessage(message, [ channel.port2 ]);
|
|
122
122
|
|
|
123
123
|
return new Promise((resolve, reject) => {
|
|
124
124
|
const timer = setTimeout(() => {
|
|
125
125
|
reject(
|
|
126
|
-
new
|
|
127
|
-
"WEB_WORKER_CLIENT-COM-
|
|
128
|
-
"web-worker-client",
|
|
129
|
-
"communicate",
|
|
126
|
+
new AsgardeoAuthException(
|
|
127
|
+
"SPA-WEB_WORKER_CLIENT-COM-TO01",
|
|
130
128
|
"Operation timed out.",
|
|
131
129
|
"No response was received from the web worker for " +
|
|
132
|
-
|
|
133
|
-
|
|
130
|
+
_requestTimeout / 1000 +
|
|
131
|
+
" since dispatching the request"
|
|
134
132
|
)
|
|
135
133
|
);
|
|
136
134
|
}, _requestTimeout);
|
|
137
135
|
|
|
138
|
-
return (channel.port1.onmessage = ({ data }: { data: ResponseMessage<string
|
|
136
|
+
return (channel.port1.onmessage = ({ data }: { data: ResponseMessage<string>; }) => {
|
|
139
137
|
clearTimeout(timer);
|
|
140
138
|
|
|
141
139
|
if (data?.success) {
|
|
@@ -466,13 +464,15 @@ export const WebWorkerClient = async (
|
|
|
466
464
|
async (response: AuthorizationResponse) => {
|
|
467
465
|
if (response.pkce && config.enablePKCE) {
|
|
468
466
|
const pkceKey: string = AuthenticationUtils.extractPKCEKeyFromStateParam(
|
|
469
|
-
new URL(response.authorizationURL).searchParams.get(STATE) ?? ""
|
|
467
|
+
new URL(response.authorizationURL).searchParams.get(STATE) ?? ""
|
|
468
|
+
);
|
|
470
469
|
|
|
471
470
|
SPAUtils.setPKCE(pkceKey, response.pkce);
|
|
472
471
|
}
|
|
473
472
|
|
|
474
473
|
return Promise.resolve(response);
|
|
475
|
-
|
|
474
|
+
}
|
|
475
|
+
);
|
|
476
476
|
};
|
|
477
477
|
|
|
478
478
|
const requestAccessToken = async (
|
|
@@ -486,9 +486,7 @@ export const WebWorkerClient = async (
|
|
|
486
486
|
const message: Message<AuthorizationInfo> = {
|
|
487
487
|
data: {
|
|
488
488
|
code: resolvedAuthorizationCode,
|
|
489
|
-
pkce: config.enablePKCE
|
|
490
|
-
? SPAUtils.getPKCE(pkceKey)
|
|
491
|
-
: undefined,
|
|
489
|
+
pkce: config.enablePKCE ? SPAUtils.getPKCE(pkceKey) : undefined,
|
|
492
490
|
sessionState: resolvedSessionState,
|
|
493
491
|
state: resolvedState
|
|
494
492
|
},
|
|
@@ -566,15 +564,7 @@ export const WebWorkerClient = async (
|
|
|
566
564
|
|
|
567
565
|
history.pushState(null, document.title, url.toString());
|
|
568
566
|
|
|
569
|
-
|
|
570
|
-
new AsgardeoSPAException(
|
|
571
|
-
"WEB_WORKER_CLIENT-SI-BE",
|
|
572
|
-
"web-worker-client",
|
|
573
|
-
"signIn",
|
|
574
|
-
error,
|
|
575
|
-
errorDescription ?? ""
|
|
576
|
-
)
|
|
577
|
-
);
|
|
567
|
+
throw new AsgardeoAuthException("SPA-WEB_WORKER_CLIENT-SI-SE01", error, errorDescription ?? "");
|
|
578
568
|
}
|
|
579
569
|
|
|
580
570
|
if (await isAuthenticated()) {
|
|
@@ -604,12 +594,12 @@ export const WebWorkerClient = async (
|
|
|
604
594
|
SPAUtils.removeAuthorizationCode();
|
|
605
595
|
}
|
|
606
596
|
|
|
607
|
-
if (resolvedAuthorizationCode) {
|
|
597
|
+
if (resolvedAuthorizationCode && resolvedState) {
|
|
608
598
|
return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState);
|
|
609
599
|
}
|
|
610
600
|
|
|
611
|
-
return getAuthorizationURL(params)
|
|
612
|
-
|
|
601
|
+
return getAuthorizationURL(params)
|
|
602
|
+
.then(async (response: AuthorizationResponse) => {
|
|
613
603
|
location.href = response.authorizationURL;
|
|
614
604
|
|
|
615
605
|
await SPAUtils.waitTillPageRedirect();
|
|
@@ -686,12 +676,12 @@ export const WebWorkerClient = async (
|
|
|
686
676
|
});
|
|
687
677
|
};
|
|
688
678
|
|
|
689
|
-
const getOIDCServiceEndpoints = (): Promise<
|
|
679
|
+
const getOIDCServiceEndpoints = (): Promise<OIDCEndpoints> => {
|
|
690
680
|
const message: Message<null> = {
|
|
691
681
|
type: GET_OIDC_SERVICE_ENDPOINTS
|
|
692
682
|
};
|
|
693
683
|
|
|
694
|
-
return communicate<null,
|
|
684
|
+
return communicate<null, OIDCEndpoints>(message)
|
|
695
685
|
.then((response) => {
|
|
696
686
|
return Promise.resolve(response);
|
|
697
687
|
})
|
package/src/models/client.ts
CHANGED
|
@@ -22,8 +22,7 @@ import {
|
|
|
22
22
|
CustomGrantConfig,
|
|
23
23
|
DecodedIDTokenPayload,
|
|
24
24
|
FetchResponse,
|
|
25
|
-
OIDCEndpoints
|
|
26
|
-
OIDCProviderMetaData
|
|
25
|
+
OIDCEndpoints
|
|
27
26
|
} from "@asgardeo/auth-js";
|
|
28
27
|
import {
|
|
29
28
|
HttpError,
|
|
@@ -80,7 +79,7 @@ export interface WebWorkerClientInterface {
|
|
|
80
79
|
): Promise<BasicUserInfo>;
|
|
81
80
|
signOut(signOutRedirectURL?: string): Promise<boolean>;
|
|
82
81
|
revokeAccessToken(): Promise<boolean>;
|
|
83
|
-
getOIDCServiceEndpoints(): Promise<
|
|
82
|
+
getOIDCServiceEndpoints(): Promise<OIDCEndpoints>;
|
|
84
83
|
getBasicUserInfo(): Promise<BasicUserInfo>;
|
|
85
84
|
getDecodedIDToken(): Promise<DecodedIDTokenPayload>;
|
|
86
85
|
getIDToken(): Promise<string>;
|
|
@@ -21,11 +21,9 @@ import { CryptoUtils, JWKInterface } from "@asgardeo/auth-js";
|
|
|
21
21
|
import base64url from "base64url";
|
|
22
22
|
import sha256 from "fast-sha256";
|
|
23
23
|
import { createLocalJWKSet, jwtVerify } from "jose";
|
|
24
|
-
import { FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters } from "jose/dist/types/types";
|
|
25
24
|
import randombytes from "randombytes";
|
|
26
25
|
|
|
27
|
-
export class SPACryptoUtils
|
|
28
|
-
implements CryptoUtils<Buffer | string, GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>>
|
|
26
|
+
export class SPACryptoUtils implements CryptoUtils<Buffer | string>
|
|
29
27
|
{
|
|
30
28
|
/**
|
|
31
29
|
* Get URL encoded string.
|
|
@@ -48,30 +46,28 @@ export class SPACryptoUtils
|
|
|
48
46
|
return randombytes(length);
|
|
49
47
|
}
|
|
50
48
|
|
|
51
|
-
public parseJwk(key: Partial<JWKInterface>): Promise<GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>> {
|
|
52
|
-
return Promise.resolve(
|
|
53
|
-
createLocalJWKSet({
|
|
54
|
-
keys: [ key ]
|
|
55
|
-
})
|
|
56
|
-
);
|
|
57
|
-
}
|
|
58
|
-
|
|
59
49
|
public verifyJwt(
|
|
60
50
|
idToken: string,
|
|
61
|
-
jwk:
|
|
51
|
+
jwk: Partial<JWKInterface>,
|
|
62
52
|
algorithms: string[],
|
|
63
53
|
clientID: string,
|
|
64
54
|
issuer: string,
|
|
65
55
|
subject: string,
|
|
66
56
|
clockTolerance?: number
|
|
67
57
|
): Promise<boolean> {
|
|
68
|
-
return jwtVerify(
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
58
|
+
return jwtVerify(
|
|
59
|
+
idToken,
|
|
60
|
+
createLocalJWKSet({
|
|
61
|
+
keys: [jwk]
|
|
62
|
+
}),
|
|
63
|
+
{
|
|
64
|
+
algorithms: algorithms,
|
|
65
|
+
audience: clientID,
|
|
66
|
+
clockTolerance: clockTolerance,
|
|
67
|
+
issuer: issuer,
|
|
68
|
+
subject: subject
|
|
69
|
+
}
|
|
70
|
+
).then(() => {
|
|
75
71
|
return Promise.resolve(true);
|
|
76
72
|
});
|
|
77
73
|
}
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
* under the License.
|
|
17
17
|
*/
|
|
18
18
|
|
|
19
|
-
import { AuthClientConfig, BasicUserInfo } from "@asgardeo/auth-js";
|
|
19
|
+
import { AsgardeoAuthException, AuthClientConfig, BasicUserInfo } from "@asgardeo/auth-js";
|
|
20
20
|
import { WebWorkerCore } from "./worker-core";
|
|
21
21
|
import {
|
|
22
22
|
DISABLE_HTTP_HANDLER,
|
|
@@ -44,7 +44,6 @@ import {
|
|
|
44
44
|
START_AUTO_REFRESH_TOKEN,
|
|
45
45
|
UPDATE_CONFIG
|
|
46
46
|
} from "../constants";
|
|
47
|
-
import { AsgardeoSPAException } from "../exception";
|
|
48
47
|
import {
|
|
49
48
|
AuthorizationResponse,
|
|
50
49
|
HttpResponse,
|
|
@@ -63,10 +62,8 @@ ctx.onmessage = async ({ data, ports }) => {
|
|
|
63
62
|
if (data.type !== INIT && !webWorker) {
|
|
64
63
|
port.postMessage(
|
|
65
64
|
MessageUtils.generateFailureMessage(
|
|
66
|
-
new
|
|
67
|
-
"CLIENT_WORKER-ONMSG-NF01",
|
|
68
|
-
"client.worker",
|
|
69
|
-
data.type,
|
|
65
|
+
new AsgardeoAuthException(
|
|
66
|
+
"SPA-CLIENT_WORKER-ONMSG-NF01",
|
|
70
67
|
"The web worker has not been initialized yet.",
|
|
71
68
|
"The initialize method needs to be called before the specified operation can be carried out."
|
|
72
69
|
)
|
|
@@ -264,10 +261,8 @@ ctx.onmessage = async ({ data, ports }) => {
|
|
|
264
261
|
default:
|
|
265
262
|
port?.postMessage(
|
|
266
263
|
MessageUtils.generateFailureMessage(
|
|
267
|
-
new
|
|
268
|
-
"CLIENT_WORKER-ONMSG-IV02",
|
|
269
|
-
"client.worker",
|
|
270
|
-
"onmessage",
|
|
264
|
+
new AsgardeoAuthException(
|
|
265
|
+
"SPA-CLIENT_WORKER-ONMSG-IV02",
|
|
271
266
|
"The message type is invalid.",
|
|
272
267
|
`The message type provided, ${data.type}, is invalid.`
|
|
273
268
|
)
|