@auth0/auth0-spa-js 2.1.3 → 2.3.0

package/README.md

@@ -29,7 +29,7 @@ npm install @auth0/auth0-spa-js
 From the CDN:
 
 ```html
-<script src="https://cdn.auth0.com/js/auth0-spa-js/2.1/auth0-spa-js.production.js"></script>
+<script src="https://cdn.auth0.com/js/auth0-spa-js/2.3/auth0-spa-js.production.js"></script>
 ```
 
 ### Configure Auth0

package/dist/auth0-spa-js.development.js

@@ -540,7 +540,7 @@
         exports.default = SuperTokensLock;
     }));
     var Lock = unwrapExports(browserTabsLock);
-    var version = "2.1.3";
+    var version = "2.3.0";
     const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
     const DEFAULT_POPUP_CONFIG_OPTIONS = {
         timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
@@ -840,7 +840,13 @@
     }
     async function oauthToken(_a, worker) {
         var {baseUrl: baseUrl, timeout: timeout, audience: audience, scope: scope, auth0Client: auth0Client, useFormData: useFormData} = _a, options = __rest(_a, [ "baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData" ]);
-        const body = useFormData ? createQueryParams(options) : JSON.stringify(options);
+        const isTokenExchange = options.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange";
+        const allParams = Object.assign(Object.assign(Object.assign({}, options), isTokenExchange && audience && {
+            audience: audience
+        }), isTokenExchange && scope && {
+            scope: scope
+        });
+        const body = useFormData ? createQueryParams(allParams) : JSON.stringify(allParams);
         return await getJSON(`${baseUrl}/oauth/token`, timeout, audience || "default", scope, {
             method: "POST",
             body: body,
@@ -1819,7 +1825,13 @@
                     throw new GenericError("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
                 }
                 const authorizeTimeout = options.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
-                const codeResult = await runIframe(url, this.domainUrl, authorizeTimeout);
+                let eventOrigin;
+                try {
+                    eventOrigin = new URL(this.domainUrl).origin;
+                } catch (_a) {
+                    eventOrigin = this.domainUrl;
+                }
+                const codeResult = await runIframe(url, eventOrigin, authorizeTimeout);
                 if (stateIn !== codeResult.state) {
                     throw new GenericError("state_mismatch", "Invalid state");
                 }
@@ -1951,6 +1963,15 @@
                 decodedToken: decodedToken
             });
         }
+        async exchangeToken(options) {
+            return this._requestToken({
+                grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
+                subject_token: options.subject_token,
+                subject_token_type: options.subject_token_type,
+                scope: getUniqueScopes(options.scope, this.scope),
+                audience: options.audience || this.options.authorizationParams.audience
+            });
+        }
     }
     class User {}
     async function createAuth0Client(options) {