@auth0/auth0-spa-js 2.0.8 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/README.md +1 -1
  2. package/dist/auth0-spa-js.development.js +37 -25
  3. package/dist/auth0-spa-js.development.js.map +1 -1
  4. package/dist/auth0-spa-js.production.esm.js +1 -1
  5. package/dist/auth0-spa-js.production.esm.js.map +1 -1
  6. package/dist/auth0-spa-js.production.js +1 -1
  7. package/dist/auth0-spa-js.production.js.map +1 -1
  8. package/dist/lib/auth0-spa-js.cjs.js +37 -25
  9. package/dist/lib/auth0-spa-js.cjs.js.map +1 -1
  10. package/dist/typings/Auth0Client.d.ts +1 -1
  11. package/dist/typings/global.d.ts +9 -5
  12. package/dist/typings/transaction-manager.d.ts +1 -1
  13. package/dist/typings/version.d.ts +1 -1
  14. package/package.json +1 -1
  15. package/src/Auth0Client.ts +21 -20
  16. package/src/global.ts +9 -5
  17. package/src/jwt.ts +25 -9
  18. package/src/transaction-manager.ts +1 -1
  19. package/src/version.ts +1 -1
package/README.md CHANGED
@@ -29,7 +29,7 @@ npm install @auth0/auth0-spa-js
29
29
  From the CDN:
30
30
 
31
31
  ```html
32
- <script src="https://cdn.auth0.com/js/auth0-spa-js/2.0/auth0-spa-js.production.js"></script>
32
+ <script src="https://cdn.auth0.com/js/auth0-spa-js/2.1/auth0-spa-js.production.js"></script>
33
33
  ```
34
34
 
35
35
  ### Configure Auth0
package/dist/auth0-spa-js.development.js CHANGED
@@ -472,7 +472,7 @@
472
472
  exports.default = SuperTokensLock;
473
473
  }));
474
474
  var Lock = unwrapExports(browserTabsLock);
475
- var version = "2.0.8";
475
+ var version = "2.1.0";
476
476
  const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
477
477
  const DEFAULT_POPUP_CONFIG_OPTIONS = {
478
478
  timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
@@ -1108,11 +1108,22 @@
1108
1108
  throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${now}) is after last auth at ${authTimeDate}`);
1109
1109
  }
1110
1110
  }
1111
- if (options.organizationId) {
1112
- if (!decoded.claims.org_id) {
1113
- throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
1114
- } else if (options.organizationId !== decoded.claims.org_id) {
1115
- throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${options.organizationId}", found "${decoded.claims.org_id}"`);
1111
+ if (options.organization) {
1112
+ const org = options.organization.trim();
1113
+ if (org.startsWith("org_")) {
1114
+ const orgId = org;
1115
+ if (!decoded.claims.org_id) {
1116
+ throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
1117
+ } else if (orgId !== decoded.claims.org_id) {
1118
+ throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${orgId}", found "${decoded.claims.org_id}"`);
1119
+ }
1120
+ } else {
1121
+ const orgName = org.toLowerCase();
1122
+ if (!decoded.claims.org_name) {
1123
+ throw new Error("Organization Name (org_name) claim must be a string present in the ID token");
1124
+ } else if (orgName !== decoded.claims.org_name.toLowerCase()) {
1125
+ throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${orgName}", found "${decoded.claims.org_name.toLowerCase()}"`);
1126
+ }
1116
1127
  }
1117
1128
  }
1118
1129
  return decoded;
@@ -1453,22 +1464,22 @@
1453
1464
  _authorizeUrl(authorizeOptions) {
1454
1465
  return this._url(`/authorize?${createQueryParams(authorizeOptions)}`);
1455
1466
  }
1456
- async _verifyIdToken(id_token, nonce, organizationId) {
1467
+ async _verifyIdToken(id_token, nonce, organization) {
1457
1468
  const now = await this.nowProvider();
1458
1469
  return verify({
1459
1470
  iss: this.tokenIssuer,
1460
1471
  aud: this.options.clientId,
1461
1472
  id_token: id_token,
1462
1473
  nonce: nonce,
1463
- organizationId: organizationId,
1474
+ organization: organization,
1464
1475
  leeway: this.options.leeway,
1465
1476
  max_age: parseNumber(this.options.authorizationParams.max_age),
1466
1477
  now: now
1467
1478
  });
1468
1479
  }
1469
- _processOrgIdHint(organizationId) {
1470
- if (organizationId) {
1471
- this.cookieStorage.save(this.orgHintCookieName, organizationId, {
1480
+ _processOrgHint(organization) {
1481
+ if (organization) {
1482
+ this.cookieStorage.save(this.orgHintCookieName, organization, {
1472
1483
  daysUntilExpire: this.sessionCheckExpiryDays,
1473
1484
  cookieDomain: this.options.cookieDomain
1474
1485
  });
@@ -1516,7 +1527,7 @@
1516
1527
  if (params.state !== codeResult.state) {
1517
1528
  throw new GenericError("state_mismatch", "Invalid state");
1518
1529
  }
1519
- const organizationId = ((_a = options.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
1530
+ const organization = ((_a = options.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
1520
1531
  await this._requestToken({
1521
1532
  audience: params.audience,
1522
1533
  scope: params.scope,
@@ -1526,7 +1537,7 @@
1526
1537
  redirect_uri: params.redirect_uri
1527
1538
  }, {
1528
1539
  nonceIn: params.nonce,
1529
- organizationId: organizationId
1540
+ organization: organization
1530
1541
  });
1531
1542
  }
1532
1543
  async getUser() {
@@ -1542,12 +1553,12 @@
1542
1553
  async loginWithRedirect(options = {}) {
1543
1554
  var _a;
1544
1555
  const _b = patchOpenUrlWithOnRedirect(options), {openUrl: openUrl, fragment: fragment, appState: appState} = _b, urlOptions = __rest(_b, [ "openUrl", "fragment", "appState" ]);
1545
- const organizationId = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
1556
+ const organization = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
1546
1557
  const _c = await this._prepareAuthorizeUrl(urlOptions.authorizationParams || {}), {url: url} = _c, transaction = __rest(_c, [ "url" ]);
1547
1558
  this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, transaction), {
1548
1559
  appState: appState
1549
- }), organizationId && {
1550
- organizationId: organizationId
1560
+ }), organization && {
1561
+ organization: organization
1551
1562
  }));
1552
1563
  const urlWithFragment = fragment ? `${url}#${fragment}` : url;
1553
1564
  if (openUrl) {
@@ -1573,7 +1584,7 @@
1573
1584
  if (!transaction.code_verifier || transaction.state && transaction.state !== state) {
1574
1585
  throw new GenericError("state_mismatch", "Invalid state");
1575
1586
  }
1576
- const organizationId = transaction.organizationId;
1587
+ const organization = transaction.organization;
1577
1588
  const nonceIn = transaction.nonce;
1578
1589
  const redirect_uri = transaction.redirect_uri;
1579
1590
  await this._requestToken(Object.assign({
@@ -1586,7 +1597,7 @@
1586
1597
  redirect_uri: redirect_uri
1587
1598
  } : {}), {
1588
1599
  nonceIn: nonceIn,
1589
- organizationId: organizationId
1600
+ organization: organization
1590
1601
  });
1591
1602
  return {
1592
1603
  appState: transaction.appState
@@ -1724,9 +1735,9 @@
1724
1735
  const params = Object.assign(Object.assign({}, options.authorizationParams), {
1725
1736
  prompt: "none"
1726
1737
  });
1727
- const orgIdHint = this.cookieStorage.get(this.orgHintCookieName);
1728
- if (orgIdHint && !params.organization) {
1729
- params.organization = orgIdHint;
1738
+ const orgHint = this.cookieStorage.get(this.orgHintCookieName);
1739
+ if (orgHint && !params.organization) {
1740
+ params.organization = orgHint;
1730
1741
  }
1731
1742
  const {url: url, state: stateIn, nonce: nonceIn, code_verifier: code_verifier, redirect_uri: redirect_uri, scope: scope, audience: audience} = await this._prepareAuthorizeUrl(params, {
1732
1743
  response_mode: "web_message"
@@ -1747,7 +1758,8 @@
1747
1758
  redirect_uri: redirect_uri,
1748
1759
  timeout: options.authorizationParams.timeout || this.httpTimeoutMs
1749
1760
  }), {
1750
- nonceIn: nonceIn
1761
+ nonceIn: nonceIn,
1762
+ organization: params.organization
1751
1763
  });
1752
1764
  return Object.assign(Object.assign({}, tokenResult), {
1753
1765
  scope: scope,
@@ -1840,7 +1852,7 @@
1840
1852
  }
1841
1853
  }
1842
1854
  async _requestToken(options, additionalParameters) {
1843
- const {nonceIn: nonceIn, organizationId: organizationId} = additionalParameters || {};
1855
+ const {nonceIn: nonceIn, organization: organization} = additionalParameters || {};
1844
1856
  const authResult = await oauthToken(Object.assign({
1845
1857
  baseUrl: this.domainUrl,
1846
1858
  client_id: this.options.clientId,
@@ -1848,7 +1860,7 @@
1848
1860
  useFormData: this.options.useFormData,
1849
1861
  timeout: this.httpTimeoutMs
1850
1862
  }, options), this.worker);
1851
- const decodedToken = await this._verifyIdToken(authResult.id_token, nonceIn, organizationId);
1863
+ const decodedToken = await this._verifyIdToken(authResult.id_token, nonceIn, organization);
1852
1864
  await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, authResult), {
1853
1865
  decodedToken: decodedToken,
1854
1866
  scope: options.scope,
@@ -1862,7 +1874,7 @@
1862
1874
  daysUntilExpire: this.sessionCheckExpiryDays,
1863
1875
  cookieDomain: this.options.cookieDomain
1864
1876
  });
1865
- this._processOrgIdHint(decodedToken.claims.org_id);
1877
+ this._processOrgHint(organization);
1866
1878
  return Object.assign(Object.assign({}, authResult), {
1867
1879
  decodedToken: decodedToken
1868
1880
  });