@auth0/auth0-spa-js 2.0.7 → 2.1.0

package/README.md

@@ -29,7 +29,7 @@ npm install @auth0/auth0-spa-js
 From the CDN:
 
 ```html
-<script src="https://cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js"></script>
+<script src="https://cdn.auth0.com/js/auth0-spa-js/2.1/auth0-spa-js.production.js"></script>
 ```
 
 ### Configure Auth0

package/dist/auth0-spa-js.development.js

@@ -472,7 +472,7 @@
         exports.default = SuperTokensLock;
     }));
     var Lock = unwrapExports(browserTabsLock);
-    var version = "2.0.7";
+    var version = "2.1.0";
     const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
     const DEFAULT_POPUP_CONFIG_OPTIONS = {
         timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
@@ -989,20 +989,17 @@
             this.clientId = clientId;
             this.cookieDomain = cookieDomain;
             this.storageKey = `${TRANSACTION_STORAGE_KEY_PREFIX}.${this.clientId}`;
-            this.transaction = this.storage.get(this.storageKey);
         }
         create(transaction) {
-            this.transaction = transaction;
             this.storage.save(this.storageKey, transaction, {
                 daysUntilExpire: 1,
                 cookieDomain: this.cookieDomain
             });
         }
         get() {
-            return this.transaction;
+            return this.storage.get(this.storageKey);
         }
         remove() {
-            delete this.transaction;
             this.storage.remove(this.storageKey, {
                 cookieDomain: this.cookieDomain
             });
@@ -1111,11 +1108,22 @@
                 throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${now}) is after last auth at ${authTimeDate}`);
             }
         }
-        if (options.organizationId) {
-            if (!decoded.claims.org_id) {
-                throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
-            } else if (options.organizationId !== decoded.claims.org_id) {
-                throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${options.organizationId}", found "${decoded.claims.org_id}"`);
+        if (options.organization) {
+            const org = options.organization.trim();
+            if (org.startsWith("org_")) {
+                const orgId = org;
+                if (!decoded.claims.org_id) {
+                    throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
+                } else if (orgId !== decoded.claims.org_id) {
+                    throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${orgId}", found "${decoded.claims.org_id}"`);
+                }
+            } else {
+                const orgName = org.toLowerCase();
+                if (!decoded.claims.org_name) {
+                    throw new Error("Organization Name (org_name) claim must be a string present in the ID token");
+                } else if (orgName !== decoded.claims.org_name.toLowerCase()) {
+                    throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${orgName}", found "${decoded.claims.org_name.toLowerCase()}"`);
+                }
             }
         }
         return decoded;
@@ -1456,22 +1464,22 @@
         _authorizeUrl(authorizeOptions) {
             return this._url(`/authorize?${createQueryParams(authorizeOptions)}`);
         }
-        async _verifyIdToken(id_token, nonce, organizationId) {
+        async _verifyIdToken(id_token, nonce, organization) {
             const now = await this.nowProvider();
             return verify({
                 iss: this.tokenIssuer,
                 aud: this.options.clientId,
                 id_token: id_token,
                 nonce: nonce,
-                organizationId: organizationId,
+                organization: organization,
                 leeway: this.options.leeway,
                 max_age: parseNumber(this.options.authorizationParams.max_age),
                 now: now
             });
         }
-        _processOrgIdHint(organizationId) {
-            if (organizationId) {
-                this.cookieStorage.save(this.orgHintCookieName, organizationId, {
+        _processOrgHint(organization) {
+            if (organization) {
+                this.cookieStorage.save(this.orgHintCookieName, organization, {
                     daysUntilExpire: this.sessionCheckExpiryDays,
                     cookieDomain: this.options.cookieDomain
                 });
@@ -1519,7 +1527,7 @@
             if (params.state !== codeResult.state) {
                 throw new GenericError("state_mismatch", "Invalid state");
             }
-            const organizationId = ((_a = options.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
+            const organization = ((_a = options.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
             await this._requestToken({
                 audience: params.audience,
                 scope: params.scope,
@@ -1529,7 +1537,7 @@
                 redirect_uri: params.redirect_uri
             }, {
                 nonceIn: params.nonce,
-                organizationId: organizationId
+                organization: organization
             });
         }
         async getUser() {
@@ -1545,12 +1553,12 @@
         async loginWithRedirect(options = {}) {
             var _a;
             const _b = patchOpenUrlWithOnRedirect(options), {openUrl: openUrl, fragment: fragment, appState: appState} = _b, urlOptions = __rest(_b, [ "openUrl", "fragment", "appState" ]);
-            const organizationId = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
+            const organization = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
             const _c = await this._prepareAuthorizeUrl(urlOptions.authorizationParams || {}), {url: url} = _c, transaction = __rest(_c, [ "url" ]);
             this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, transaction), {
                 appState: appState
-            }), organizationId && {
-                organizationId: organizationId
+            }), organization && {
+                organization: organization
             }));
             const urlWithFragment = fragment ? `${url}#${fragment}` : url;
             if (openUrl) {
@@ -1576,7 +1584,7 @@
             if (!transaction.code_verifier || transaction.state && transaction.state !== state) {
                 throw new GenericError("state_mismatch", "Invalid state");
             }
-            const organizationId = transaction.organizationId;
+            const organization = transaction.organization;
             const nonceIn = transaction.nonce;
             const redirect_uri = transaction.redirect_uri;
             await this._requestToken(Object.assign({
@@ -1589,7 +1597,7 @@
                 redirect_uri: redirect_uri
             } : {}), {
                 nonceIn: nonceIn,
-                organizationId: organizationId
+                organization: organization
             });
             return {
                 appState: transaction.appState
@@ -1727,9 +1735,9 @@
             const params = Object.assign(Object.assign({}, options.authorizationParams), {
                 prompt: "none"
             });
-            const orgIdHint = this.cookieStorage.get(this.orgHintCookieName);
-            if (orgIdHint && !params.organization) {
-                params.organization = orgIdHint;
+            const orgHint = this.cookieStorage.get(this.orgHintCookieName);
+            if (orgHint && !params.organization) {
+                params.organization = orgHint;
             }
             const {url: url, state: stateIn, nonce: nonceIn, code_verifier: code_verifier, redirect_uri: redirect_uri, scope: scope, audience: audience} = await this._prepareAuthorizeUrl(params, {
                 response_mode: "web_message"
@@ -1750,7 +1758,8 @@
                     redirect_uri: redirect_uri,
                     timeout: options.authorizationParams.timeout || this.httpTimeoutMs
                 }), {
-                    nonceIn: nonceIn
+                    nonceIn: nonceIn,
+                    organization: params.organization
                 });
                 return Object.assign(Object.assign({}, tokenResult), {
                     scope: scope,
@@ -1843,7 +1852,7 @@
             }
         }
         async _requestToken(options, additionalParameters) {
-            const {nonceIn: nonceIn, organizationId: organizationId} = additionalParameters || {};
+            const {nonceIn: nonceIn, organization: organization} = additionalParameters || {};
             const authResult = await oauthToken(Object.assign({
                 baseUrl: this.domainUrl,
                 client_id: this.options.clientId,
@@ -1851,7 +1860,7 @@
                 useFormData: this.options.useFormData,
                 timeout: this.httpTimeoutMs
             }, options), this.worker);
-            const decodedToken = await this._verifyIdToken(authResult.id_token, nonceIn, organizationId);
+            const decodedToken = await this._verifyIdToken(authResult.id_token, nonceIn, organization);
             await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, authResult), {
                 decodedToken: decodedToken,
                 scope: options.scope,
@@ -1865,7 +1874,7 @@
                 daysUntilExpire: this.sessionCheckExpiryDays,
                 cookieDomain: this.options.cookieDomain
             });
-            this._processOrgIdHint(decodedToken.claims.org_id);
+            this._processOrgHint(organization);
             return Object.assign(Object.assign({}, authResult), {
                 decodedToken: decodedToken
             });