@auth0/auth0-spa-js 2.11.1 → 2.11.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/dist/auth0-spa-js.development.js +59 -48
  2. package/dist/auth0-spa-js.development.js.map +1 -1
  3. package/dist/auth0-spa-js.production.esm.js +1 -1
  4. package/dist/auth0-spa-js.production.esm.js.map +1 -1
  5. package/dist/auth0-spa-js.production.js +1 -1
  6. package/dist/auth0-spa-js.production.js.map +1 -1
  7. package/dist/auth0-spa-js.worker.development.js.map +1 -1
  8. package/dist/auth0-spa-js.worker.production.js.map +1 -1
  9. package/dist/lib/auth0-spa-js.cjs.js +61 -48
  10. package/dist/lib/auth0-spa-js.cjs.js.map +1 -1
  11. package/dist/typings/Auth0Client.utils.d.ts +12 -0
  12. package/dist/typings/global.d.ts +23 -0
  13. package/dist/typings/version.d.ts +1 -1
  14. package/package.json +2 -2
  15. package/src/Auth0Client.ts +89 -70
  16. package/src/Auth0Client.utils.ts +15 -0
  17. package/src/cache/cache-manager.ts +1 -1
  18. package/src/global.ts +24 -0
  19. package/src/utils.ts +5 -1
  20. package/src/version.ts +1 -1
package/dist/auth0-spa-js.development.js CHANGED
@@ -540,7 +540,7 @@
540
540
  exports.default = SuperTokensLock;
541
541
  }));
542
542
  var Lock = unwrapExports(browserTabsLock);
543
- var version = "2.11.1";
543
+ var version = "2.11.3";
544
544
  const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
545
545
  const DEFAULT_POPUP_CONFIG_OPTIONS = {
546
546
  timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
@@ -720,7 +720,9 @@
720
720
  clearTimeout(timeoutId);
721
721
  clearInterval(popupTimer);
722
722
  window.removeEventListener("message", popupEventListener, false);
723
- config.popup.close();
723
+ if (config.closePopup !== false) {
724
+ config.popup.close();
725
+ }
724
726
  if (e.data.response.error) {
725
727
  return reject(GenericError.fromPayload(e.data.response));
726
728
  }
@@ -1400,7 +1402,7 @@
1400
1402
  if (matchedKey) {
1401
1403
  wrappedEntry = await this.cache.get(matchedKey);
1402
1404
  }
1403
- if (!matchedKey && useMrrt && cacheMode !== "cache-only") {
1405
+ if (!wrappedEntry && useMrrt && cacheMode !== "cache-only") {
1404
1406
  return this.getEntryWithRefreshToken(cacheKey, keys);
1405
1407
  }
1406
1408
  }
@@ -1925,7 +1927,9 @@
1925
1927
  }
1926
1928
  }
1927
1929
  const GET_TOKEN_SILENTLY_LOCK_KEY = "auth0.lock.getTokenSilently";
1930
+ const GET_TOKEN_FROM_IFRAME_LOCK_KEY = "auth0.lock.getTokenFromIFrame";
1928
1931
  const buildGetTokenSilentlyLockKey = (clientId, audience) => `${GET_TOKEN_SILENTLY_LOCK_KEY}.${clientId}.${audience}`;
1932
+ const buildIframeLockKey = clientId => `${GET_TOKEN_FROM_IFRAME_LOCK_KEY}.${clientId}`;
1929
1933
  const buildOrganizationHintCookieName = clientId => `auth0.${clientId}.organization_hint`;
1930
1934
  const OLD_IS_AUTHENTICATED_COOKIE_NAME = "auth0.is.authenticated";
1931
1935
  const buildIsAuthenticatedCookieName = clientId => `auth0.${clientId}.is.authenticated`;
@@ -2660,53 +2664,60 @@
2660
2664
  }
2661
2665
  }
2662
2666
  async _getTokenFromIFrame(options) {
2663
- const params = Object.assign(Object.assign({}, options.authorizationParams), {
2664
- prompt: "none"
2665
- });
2666
- const orgHint = this.cookieStorage.get(this.orgHintCookieName);
2667
- if (orgHint && !params.organization) {
2668
- params.organization = orgHint;
2669
- }
2670
- const {url: url, state: stateIn, nonce: nonceIn, code_verifier: code_verifier, redirect_uri: redirect_uri, scope: scope, audience: audience} = await this._prepareAuthorizeUrl(params, {
2671
- response_mode: "web_message"
2672
- }, window.location.origin);
2673
- try {
2674
- if (window.crossOriginIsolated) {
2675
- throw new GenericError("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
2676
- }
2677
- const authorizeTimeout = options.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
2678
- let eventOrigin;
2667
+ const iframeLockKey = buildIframeLockKey(this.options.clientId);
2668
+ if (await retryPromise((() => lock.acquireLock(iframeLockKey, 5e3)), 10)) {
2679
2669
  try {
2680
- eventOrigin = new URL(this.domainUrl).origin;
2681
- } catch (_a) {
2682
- eventOrigin = this.domainUrl;
2683
- }
2684
- const codeResult = await runIframe(url, eventOrigin, authorizeTimeout);
2685
- if (stateIn !== codeResult.state) {
2686
- throw new GenericError("state_mismatch", "Invalid state");
2687
- }
2688
- const tokenResult = await this._requestToken(Object.assign(Object.assign({}, options.authorizationParams), {
2689
- code_verifier: code_verifier,
2690
- code: codeResult.code,
2691
- grant_type: "authorization_code",
2692
- redirect_uri: redirect_uri,
2693
- timeout: options.authorizationParams.timeout || this.httpTimeoutMs
2694
- }), {
2695
- nonceIn: nonceIn,
2696
- organization: params.organization
2697
- });
2698
- return Object.assign(Object.assign({}, tokenResult), {
2699
- scope: scope,
2700
- oauthTokenScope: tokenResult.scope,
2701
- audience: audience
2702
- });
2703
- } catch (e) {
2704
- if (e.error === "login_required") {
2705
- this.logout({
2706
- openUrl: false
2670
+ const params = Object.assign(Object.assign({}, options.authorizationParams), {
2671
+ prompt: "none"
2707
2672
  });
2673
+ const orgHint = this.cookieStorage.get(this.orgHintCookieName);
2674
+ if (orgHint && !params.organization) {
2675
+ params.organization = orgHint;
2676
+ }
2677
+ const {url: url, state: stateIn, nonce: nonceIn, code_verifier: code_verifier, redirect_uri: redirect_uri, scope: scope, audience: audience} = await this._prepareAuthorizeUrl(params, {
2678
+ response_mode: "web_message"
2679
+ }, window.location.origin);
2680
+ if (window.crossOriginIsolated) {
2681
+ throw new GenericError("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
2682
+ }
2683
+ const authorizeTimeout = options.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
2684
+ let eventOrigin;
2685
+ try {
2686
+ eventOrigin = new URL(this.domainUrl).origin;
2687
+ } catch (_a) {
2688
+ eventOrigin = this.domainUrl;
2689
+ }
2690
+ const codeResult = await runIframe(url, eventOrigin, authorizeTimeout);
2691
+ if (stateIn !== codeResult.state) {
2692
+ throw new GenericError("state_mismatch", "Invalid state");
2693
+ }
2694
+ const tokenResult = await this._requestToken(Object.assign(Object.assign({}, options.authorizationParams), {
2695
+ code_verifier: code_verifier,
2696
+ code: codeResult.code,
2697
+ grant_type: "authorization_code",
2698
+ redirect_uri: redirect_uri,
2699
+ timeout: options.authorizationParams.timeout || this.httpTimeoutMs
2700
+ }), {
2701
+ nonceIn: nonceIn,
2702
+ organization: params.organization
2703
+ });
2704
+ return Object.assign(Object.assign({}, tokenResult), {
2705
+ scope: scope,
2706
+ oauthTokenScope: tokenResult.scope,
2707
+ audience: audience
2708
+ });
2709
+ } catch (e) {
2710
+ if (e.error === "login_required") {
2711
+ this.logout({
2712
+ openUrl: false
2713
+ });
2714
+ }
2715
+ throw e;
2716
+ } finally {
2717
+ await lock.releaseLock(iframeLockKey);
2708
2718
  }
2709
- throw e;
2719
+ } else {
2720
+ throw new TimeoutError;
2710
2721
  }
2711
2722
  }
2712
2723
  async _getTokenUsingRefreshToken(options) {
@@ -2734,7 +2745,7 @@
2734
2745
  }), {
2735
2746
  scopesToRequest: scopesToRequest
2736
2747
  });
2737
- if (tokenResult.refresh_token && this.options.useMrrt && (cache === null || cache === void 0 ? void 0 : cache.refresh_token)) {
2748
+ if (tokenResult.refresh_token && (cache === null || cache === void 0 ? void 0 : cache.refresh_token)) {
2738
2749
  await this.cacheManager.updateEntry(cache.refresh_token, tokenResult.refresh_token);
2739
2750
  }
2740
2751
  if (this.options.useMrrt) {