@auth0/auth0-spa-js 1.18.0 → 1.19.3

package/dist/typings/Auth0Client.d.ts

@@ -1,4 +1,4 @@
-import { Auth0ClientOptions, RedirectLoginOptions, PopupLoginOptions, PopupConfigOptions, GetUserOptions, GetIdTokenClaimsOptions, RedirectLoginResult, GetTokenSilentlyOptions, GetTokenWithPopupOptions, LogoutOptions, CacheLocation, LogoutUrlOptions, User, IdToken } from './global';
+import { Auth0ClientOptions, RedirectLoginOptions, PopupLoginOptions, PopupConfigOptions, GetUserOptions, GetIdTokenClaimsOptions, RedirectLoginResult, GetTokenSilentlyOptions, GetTokenWithPopupOptions, LogoutOptions, CacheLocation, LogoutUrlOptions, User, IdToken, GetTokenSilentlyVerboseResponse } from './global';
 /**
  * Auth0 SDK for Single Page Applications using [Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce).
  */
@@ -15,6 +15,7 @@ export default class Auth0Client {
     private sessionCheckExpiryDays;
     private orgHintCookieName;
     private isAuthenticatedCookieName;
+    private nowProvider;
     cacheLocation: CacheLocation;
     private worker;
     constructor(options: Auth0ClientOptions);
@@ -89,7 +90,7 @@ export default class Auth0Client {
      *
      * @param options
      */
-    getIdTokenClaims(options?: GetIdTokenClaimsOptions): Promise<IdToken>;
+    getIdTokenClaims(options?: GetIdTokenClaimsOptions): Promise<IdToken | undefined>;
     /**
      * ```js
      * await auth0.loginWithRedirect(options);
@@ -101,14 +102,14 @@ export default class Auth0Client {
      *
      * @param options
      */
-    loginWithRedirect(options?: RedirectLoginOptions): Promise<void>;
+    loginWithRedirect<TAppState = any>(options?: RedirectLoginOptions<TAppState>): Promise<void>;
     /**
      * After the browser redirects back to the callback page,
      * call `handleRedirectCallback` to handle success and error
      * responses from Auth0. If the response is successful, results
      * will be valid according to their expiration times.
      */
-    handleRedirectCallback(url?: string): Promise<RedirectLoginResult>;
+    handleRedirectCallback<TAppState = any>(url?: string): Promise<RedirectLoginResult<TAppState>>;
     /**
      * ```js
      * await auth0.checkSession();
@@ -126,36 +127,29 @@ export default class Auth0Client {
      * `Auth0Client` constructor. You should not need this if you are using the
      * `createAuth0Client` factory.
      *
+     * **Note:** the cookie **may not** be present if running an app using a private tab, as some
+     * browsers clear JS cookie data and local storage when the tab or page is closed, or on page reload. This effectively
+     * means that `checkSession` could silently return without authenticating the user on page refresh when
+     * using a private tab, despite having previously logged in. As a workaround, use `getTokenSilently` instead
+     * and handle the possible `login_required` error [as shown in the readme](https://github.com/auth0/auth0-spa-js#creating-the-client).
+     *
      * @param options
      */
     checkSession(options?: GetTokenSilentlyOptions): Promise<void>;
     /**
-     * ```js
-     * const token = await auth0.getTokenSilently(options);
-     * ```
-     *
-     * If there's a valid token stored, return it. Otherwise, opens an
-     * iframe with the `/authorize` URL using the parameters provided
-     * as arguments. Random and secure `state` and `nonce` parameters
-     * will be auto-generated. If the response is successful, results
-     * will be valid according to their expiration times.
-     *
-     * If refresh tokens are used, the token endpoint is called directly with the
-     * 'refresh_token' grant. If no refresh token is available to make this call,
-     * the SDK falls back to using an iframe to the '/authorize' URL.
+     * Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.
      *
-     * This method may use a web worker to perform the token call if the in-memory
-     * cache is used.
-     *
-     * If an `audience` value is given to this function, the SDK always falls
-     * back to using an iframe to make the token exchange.
-     *
-     * Note that in all cases, falling back to an iframe requires access to
-     * the `auth0` cookie.
+     * @param options
+     */
+    getTokenSilently(options: GetTokenSilentlyOptions & {
+        detailedResponse: true;
+    }): Promise<GetTokenSilentlyVerboseResponse>;
+    /**
+     * Fetches a new access token and returns it.
      *
      * @param options
      */
-    getTokenSilently(options?: GetTokenSilentlyOptions): Promise<any>;
+    getTokenSilently(options?: GetTokenSilentlyOptions): Promise<string>;
     private _getTokenSilently;
     /**
      * ```js
@@ -210,4 +204,5 @@ export default class Auth0Client {
     logout(options?: LogoutOptions): Promise<void> | void;
     private _getTokenFromIFrame;
     private _getTokenUsingRefreshToken;
+    private _getEntryFromCache;
 }

package/dist/typings/api.d.ts

@@ -1,9 +1,2 @@
-import { TokenEndpointOptions } from './global';
-export declare type TokenEndpointResponse = {
-    id_token: string;
-    access_token: string;
-    refresh_token?: string;
-    expires_in: number;
-    scope?: string;
-};
+import { TokenEndpointOptions, TokenEndpointResponse } from './global';
 export declare function oauthToken({ baseUrl, timeout, audience, scope, auth0Client, useFormData, ...options }: TokenEndpointOptions, worker?: Worker): Promise<TokenEndpointResponse>;

package/dist/typings/cache/cache-manager.d.ts

@@ -3,7 +3,8 @@ import { CacheEntry, ICache, CacheKey } from './shared';
 export declare class CacheManager {
     private cache;
     private keyManifest?;
-    constructor(cache: ICache, keyManifest?: CacheKeyManifest);
+    private nowProvider?;
+    constructor(cache: ICache, keyManifest?: CacheKeyManifest, nowProvider?: () => number | Promise<number>);
     get(cacheKey: CacheKey, expiryAdjustmentSeconds?: number): Promise<Partial<CacheEntry> | undefined>;
     set(entry: CacheEntry): Promise<void>;
     clear(clientId?: string): Promise<void>;

package/dist/typings/cache/shared.d.ts

@@ -42,6 +42,7 @@ export declare type CacheEntry = {
     scope: string;
     client_id: string;
     refresh_token?: string;
+    oauthTokenScope?: string;
 };
 export declare type WrappedCacheEntry = {
     body: Partial<CacheEntry>;

package/dist/typings/constants.d.ts

@@ -51,3 +51,4 @@ export declare const DEFAULT_AUTH0_CLIENT: {
     name: string;
     version: string;
 };
+export declare const DEFAULT_NOW_PROVIDER: () => number;

package/dist/typings/errors.d.ts

@@ -1,3 +1,7 @@
+/**
+ * For context on the istanbul ignore statements below, see:
+ * https://github.com/gotwarlost/istanbul/issues/690
+ */
 /**
  * Thrown when network requests to the Auth server fail.
  */

package/dist/typings/global.d.ts

@@ -189,6 +189,12 @@ export interface Auth0ClientOptions extends BaseLoginOptions {
      * continue to work as intended.
      */
     useFormData?: boolean;
+    /**
+     * Modify the value used as the current time during the token validation.
+     *
+     * **Note**: Using this improperly can potentially compromise the token validation.
+     */
+    nowProvider?: () => Promise<number> | number;
 }
 /**
  * The possible locations where tokens can be stored
@@ -207,7 +213,7 @@ export interface AuthorizeOptions extends BaseLoginOptions {
     code_challenge: string;
     code_challenge_method: string;
 }
-export interface RedirectLoginOptions extends BaseLoginOptions {
+export interface RedirectLoginOptions<TAppState = any> extends BaseLoginOptions {
     /**
      * The URL where Auth0 will redirect your browser to with
      * the authentication result. It must be whitelisted in
@@ -218,7 +224,7 @@ export interface RedirectLoginOptions extends BaseLoginOptions {
     /**
      * Used to store state before doing the redirect
      */
-    appState?: any;
+    appState?: TAppState;
     /**
      * Used to add to the URL fragment before redirecting
      */
@@ -228,11 +234,11 @@ export interface RedirectLoginOptions extends BaseLoginOptions {
      */
     redirectMethod?: 'replace' | 'assign';
 }
-export interface RedirectLoginResult {
+export interface RedirectLoginResult<TAppState = any> {
     /**
      * State stored when the redirect request was made
      */
-    appState?: any;
+    appState?: TAppState;
 }
 export interface PopupLoginOptions extends BaseLoginOptions {
 }
@@ -297,6 +303,13 @@ export interface GetTokenSilentlyOptions {
      * Defaults to 60s.
      */
     timeoutInSeconds?: number;
+    /**
+     * If true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned
+     * (minus `refresh_token` if one was issued). Otherwise, just the access token is returned.
+     *
+     * The default is `false`.
+     */
+    detailedResponse?: boolean;
     /**
      * If you need to send custom parameters to the Authorization Server,
      * make sure to use the original parameter name.
@@ -304,6 +317,11 @@ export interface GetTokenSilentlyOptions {
     [key: string]: any;
 }
 export interface GetTokenWithPopupOptions extends PopupLoginOptions {
+    /**
+     * When `true`, ignores the cache and always sends a
+     * request to Auth0.
+     */
+    ignoreCache?: boolean;
 }
 export interface LogoutUrlOptions {
     /**
@@ -398,6 +416,16 @@ export interface TokenEndpointOptions {
     useFormData?: boolean;
     [key: string]: any;
 }
+/**
+ * @ignore
+ */
+export declare type TokenEndpointResponse = {
+    id_token: string;
+    access_token: string;
+    refresh_token?: string;
+    expires_in: number;
+    scope?: string;
+};
 /**
  * @ignore
  */
@@ -425,6 +453,7 @@ export interface JWTVerifyOptions {
     leeway?: number;
     max_age?: number;
     organizationId?: string;
+    now?: number;
 }
 /**
  * @ignore
@@ -502,4 +531,5 @@ export declare type FetchOptions = {
     body?: string;
     signal?: AbortSignal;
 };
+export declare type GetTokenSilentlyVerboseResponse = Omit<TokenEndpointResponse, 'refresh_token'>;
 export {};

package/dist/typings/index.d.ts

@@ -12,6 +12,15 @@ import Auth0Client from './Auth0Client';
 import { Auth0ClientOptions } from './global';
 import './global';
 export * from './global';
+/**
+ * Asynchronously creates the Auth0Client instance and calls `checkSession`.
+ *
+ * **Note:** There are caveats to using this in a private browser tab, which may not silently authenticae
+ * a user on page refresh. Please see [the checkSession docs](https://auth0.github.io/auth0-spa-js/classes/auth0client.html#checksession) for more info.
+ *
+ * @param options The client options
+ * @returns An instance of Auth0Client
+ */
 export default function createAuth0Client(options: Auth0ClientOptions): Promise<Auth0Client>;
 export { Auth0Client };
 export { GenericError, AuthenticationError, TimeoutError, PopupTimeoutError, PopupCancelledError, MfaRequiredError } from './errors';

package/dist/typings/storage.d.ts

@@ -5,7 +5,7 @@ interface ClientStorageOptions {
  * Defines a type that handles storage to/from a storage location
  */
 export declare type ClientStorage = {
-    get<T extends Object>(key: string): T;
+    get<T extends Object>(key: string): T | undefined;
     save(key: string, value: any, options?: ClientStorageOptions): void;
     remove(key: string): void;
 };

package/dist/typings/transaction-manager.d.ts

@@ -7,6 +7,7 @@ interface Transaction {
     code_verifier: string;
     redirect_uri: string;
     organizationId?: string;
+    state?: string;
 }
 export default class TransactionManager {
     private storage;
@@ -15,7 +16,7 @@ export default class TransactionManager {
     private storageKey;
     constructor(storage: ClientStorage, clientId: string);
     create(transaction: Transaction): void;
-    get(): Transaction;
+    get(): Transaction | undefined;
     remove(): void;
 }
 export {};

package/dist/typings/version.d.ts

@@ -1,2 +1,2 @@
-declare const _default: "1.18.0";
+declare const _default: "1.19.3";
 export default _default;

package/package.json

@@ -3,7 +3,7 @@
   "name": "@auth0/auth0-spa-js",
   "description": "Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE",
   "license": "MIT",
-  "version": "1.18.0",
+  "version": "1.19.3",
   "main": "dist/lib/auth0-spa-js.cjs.js",
   "types": "dist/typings/index.d.ts",
   "module": "dist/auth0-spa-js.production.esm.js",
@@ -21,7 +21,7 @@
     "test:watch:integration": "concurrently --raw npm:dev 'npm:test:open:integration'",
     "test:es-check": "npm run test:es-check:es5 && npm run test:es-check:es2015:module",
     "test:es-check:es5": "es-check es5 'dist/auth0-spa-js.production.js'",
-    "test:es-check:es2015:module": "es-check es2015 --module 'dist/auth0-spa-js.production.esm.js'",
+    "test:es-check:es2015:module": "es-check es2015 'dist/auth0-spa-js.production.esm.js' --module ",
     "test:integration:server": "npm run dev",
     "test:integration:tests": "wait-on http://localhost:3000/ && cypress run",
     "test:integration": "concurrently --raw --kill-others --success first npm:test:integration:server npm:test:integration:tests",
@@ -35,56 +35,56 @@
     "@auth0/component-cdn-uploader": "github:auth0/component-cdn-uploader#v2.2.2",
     "@rollup/plugin-replace": "^2.4.2",
     "@types/cypress": "^1.1.3",
-    "@types/jest": "^26.0.24",
-    "@typescript-eslint/eslint-plugin-tslint": "^4.28.4",
-    "@typescript-eslint/parser": "^4.28.4",
-    "browserstack-cypress-cli": "^1.8.1",
+    "@types/jest": "^27.0.2",
+    "@typescript-eslint/eslint-plugin-tslint": "^4.33.0",
+    "@typescript-eslint/parser": "^4.33.0",
+    "browserstack-cypress-cli": "1.8.1",
     "cli-table": "^0.3.6",
     "codecov": "^3.8.3",
-    "concurrently": "^5.3.0",
+    "concurrently": "^6.4.0",
     "cypress": "7.2.0",
-    "es-check": "^5.2.4",
-    "eslint": "^7.31.0",
-    "gzip-size": "^5.1.1",
-    "husky": "^4.3.8",
-    "idtoken-verifier": "^2.2.0",
-    "jest": "^26.6.3",
-    "jest-junit": "^12.2.0",
-    "jest-localstorage-mock": "^2.4.14",
+    "es-check": "^6.1.1",
+    "eslint": "^7.32.0",
+    "gzip-size": "^6.0.0",
+    "husky": "^7.0.4",
+    "idtoken-verifier": "^2.2.2",
+    "jest": "^27.3.1",
+    "jest-junit": "^13.0.0",
+    "jest-localstorage-mock": "^2.4.18",
     "jsonwebtoken": "^8.5.1",
-    "oidc-provider": "^7.5.4",
+    "oidc-provider": "^7.10.1",
     "pem": "^1.14.4",
-    "prettier": "^2.3.2",
-    "pretty-quick": "^3.1.1",
+    "prettier": "^2.4.1",
+    "pretty-quick": "^3.1.2",
     "qss": "^2.0.3",
     "rimraf": "^3.0.2",
-    "rollup": "^2.53.3",
-    "rollup-plugin-analyzer": "^3.3.0",
+    "rollup": "^2.60.0",
+    "rollup-plugin-analyzer": "^4.0.0",
     "rollup-plugin-commonjs": "^10.1.0",
     "rollup-plugin-dev": "^1.1.3",
     "rollup-plugin-livereload": "^2.0.5",
     "rollup-plugin-node-resolve": "^5.2.0",
     "rollup-plugin-sourcemaps": "^0.6.3",
     "rollup-plugin-terser": "^7.0.2",
-    "rollup-plugin-typescript2": "^0.27.3",
-    "rollup-plugin-visualizer": "^4.2.2",
+    "rollup-plugin-typescript2": "^0.30.0",
+    "rollup-plugin-visualizer": "^5.5.2",
     "rollup-plugin-web-worker-loader": "^1.6.1",
-    "serve": "^11.3.2",
-    "ts-jest": "^26.5.6",
-    "tslib": "^2.3.0",
+    "serve": "^12.0.1",
+    "ts-jest": "^27.0.7",
+    "tslib": "^2.3.1",
     "tslint": "^6.1.3",
     "tslint-config-security": "^1.16.0",
-    "typedoc": "^0.18.0",
-    "typescript": "^4.3.5",
-    "wait-on": "^5.3.0"
+    "typedoc": "0.18.0",
+    "typescript": "^4.4.4",
+    "wait-on": "^6.0.0"
   },
   "dependencies": {
     "abortcontroller-polyfill": "^1.7.3",
-    "browser-tabs-lock": "^1.2.14",
-    "core-js": "^3.16.3",
+    "browser-tabs-lock": "^1.2.15",
+    "core-js": "^3.19.0",
     "es-cookie": "^1.3.2",
     "fast-text-encoding": "^1.0.3",
-    "promise-polyfill": "^8.2.0",
+    "promise-polyfill": "^8.2.1",
     "unfetch": "^4.2.0"
   },
   "files": [