@auth0/auth0-spa-js 2.18.0 → 2.18.2

package/dist/typings/utils.d.ts

@@ -1,36 +1,36 @@
-import { AuthenticationResult, PopupConfigOptions } from './global';
-export declare const parseAuthenticationResult: (queryString: string) => AuthenticationResult;
-export declare const runIframe: (authorizeUrl: string, eventOrigin: string, timeoutInSeconds?: number) => Promise<AuthenticationResult>;
-export declare const openPopup: (url: string) => Window | null;
-export declare const runPopup: (config: PopupConfigOptions) => Promise<AuthenticationResult>;
-export declare const getCrypto: () => Crypto;
-export declare const createRandomString: () => string;
-export declare const encode: (value: string) => string;
-export declare const decode: (value: string) => string;
-/**
- * Strips any property that is not present in ALLOWED_AUTH0CLIENT_PROPERTIES
- * @param auth0Client - The full auth0Client object
- * @param excludeEnv - If true, excludes the 'env' property from the result
- * @returns The stripped auth0Client object
- */
-export declare const stripAuth0Client: (auth0Client: any, excludeEnv?: boolean) => any;
-export declare const createQueryParams: ({ clientId: client_id, ...params }: any) => string;
-export declare const sha256: (s: string) => Promise<any>;
-export declare const urlDecodeB64: (input: string) => string;
-export declare const bufferToBase64UrlEncoded: (input: number[] | Uint8Array) => string;
-export declare const validateCrypto: () => void;
-/**
- * @ignore
- */
-export declare const getDomain: (domainUrl: string) => string;
-/**
- * @ignore
- */
-export declare const getTokenIssuer: (issuer: string | undefined, domainUrl: string) => string;
-export declare const parseNumber: (value: any) => number | undefined;
-/**
- * Ponyfill for `Object.fromEntries()`, which is not available until ES2020.
- *
- * When the target of this project reaches ES2020, this can be removed.
- */
-export declare const fromEntries: <T = any>(iterable: Iterable<[PropertyKey, T]>) => Record<PropertyKey, T>;
+import { AuthenticationResult, PopupConfigOptions } from './global';
+export declare const parseAuthenticationResult: (queryString: string) => AuthenticationResult;
+export declare const runIframe: (authorizeUrl: string, eventOrigin: string, timeoutInSeconds?: number) => Promise<AuthenticationResult>;
+export declare const openPopup: (url: string) => Window | null;
+export declare const runPopup: (config: PopupConfigOptions, eventOrigin: string) => Promise<AuthenticationResult>;
+export declare const getCrypto: () => Crypto;
+export declare const createRandomString: () => string;
+export declare const encode: (value: string) => string;
+export declare const decode: (value: string) => string;
+/**
+ * Strips any property that is not present in ALLOWED_AUTH0CLIENT_PROPERTIES
+ * @param auth0Client - The full auth0Client object
+ * @param excludeEnv - If true, excludes the 'env' property from the result
+ * @returns The stripped auth0Client object
+ */
+export declare const stripAuth0Client: (auth0Client: any, excludeEnv?: boolean) => any;
+export declare const createQueryParams: ({ clientId: client_id, ...params }: any) => string;
+export declare const sha256: (s: string) => Promise<any>;
+export declare const urlDecodeB64: (input: string) => string;
+export declare const bufferToBase64UrlEncoded: (input: number[] | Uint8Array) => string;
+export declare const validateCrypto: () => void;
+/**
+ * @ignore
+ */
+export declare const getDomain: (domainUrl: string) => string;
+/**
+ * @ignore
+ */
+export declare const getTokenIssuer: (issuer: string | undefined, domainUrl: string) => string;
+export declare const parseNumber: (value: any) => number | undefined;
+/**
+ * Ponyfill for `Object.fromEntries()`, which is not available until ES2020.
+ *
+ * When the target of this project reaches ES2020, this can be removed.
+ */
+export declare const fromEntries: <T = any>(iterable: Iterable<[PropertyKey, T]>) => Record<PropertyKey, T>;

package/dist/typings/version.d.ts

@@ -1,2 +1,2 @@
-declare const _default: "2.18.0";
-export default _default;
+declare const _default: "2.18.2";
+export default _default;

package/dist/typings/worker/token.worker.d.ts

@@ -1 +1 @@
-export {};
+export {};

package/dist/typings/worker/worker.types.d.ts

@@ -1,15 +1,15 @@
-import { FetchOptions } from '../global';
-/**
- * @ts-ignore
- */
-export type WorkerRefreshTokenMessage = {
-    timeout: number;
-    fetchUrl: string;
-    fetchOptions: FetchOptions;
-    useFormData?: boolean;
-    useMrrt?: boolean;
-    auth: {
-        audience: string;
-        scope: string;
-    };
-};
+import { FetchOptions } from '../global';
+/**
+ * @ts-ignore
+ */
+export type WorkerRefreshTokenMessage = {
+    timeout: number;
+    fetchUrl: string;
+    fetchOptions: FetchOptions;
+    useFormData?: boolean;
+    useMrrt?: boolean;
+    auth: {
+        audience: string;
+        scope: string;
+    };
+};

package/dist/typings/worker/worker.utils.d.ts

@@ -1,7 +1,7 @@
-import { WorkerRefreshTokenMessage } from './worker.types';
-/**
- * Sends the specified message to the web worker
- * @param message The message to send
- * @param to The worker to send the message to
- */
-export declare const sendMessage: (message: WorkerRefreshTokenMessage, to: Worker) => Promise<unknown>;
+import { WorkerRefreshTokenMessage } from './worker.types';
+/**
+ * Sends the specified message to the web worker
+ * @param message The message to send
+ * @param to The worker to send the message to
+ */
+export declare const sendMessage: (message: WorkerRefreshTokenMessage, to: Worker) => Promise<unknown>;

package/package.json

@@ -3,7 +3,7 @@
   "name": "@auth0/auth0-spa-js",
   "description": "Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE",
   "license": "MIT",
-  "version": "2.18.0",
+  "version": "2.18.2",
   "main": "dist/lib/auth0-spa-js.cjs.js",
   "types": "dist/typings/index.d.ts",
   "module": "dist/auth0-spa-js.production.esm.js",
@@ -23,7 +23,7 @@
     }
   },
   "dependencies": {
-    "@auth0/auth0-auth-js": "1.5.0",
+    "@auth0/auth0-auth-js": "1.6.0",
     "browser-tabs-lock": "1.3.0",
     "dpop": "2.1.1",
     "es-cookie": "1.3.2"
@@ -33,6 +33,7 @@
     "start": "npm run dev",
     "docs": "typedoc --options ./typedoc.js src",
     "build": "rimraf dist && rollup -m -c --environment NODE_ENV:production && npm run test:es-check",
+    "build:types": "tsc --project tsconfig.types.json",
     "build:stats": "rimraf dist && rollup -m -c --environment NODE_ENV:production --environment WITH_STATS:true && npm run test:es-check && open bundle-stats/index.html",
     "lint": "eslint --ext .jsx,.js src/",
     "lint:security": "eslint ./src --ext ts --no-eslintrc --config ./.eslintrc.security",
@@ -50,13 +51,14 @@
     "serve:coverage": "serve coverage/lcov-report -n",
     "serve:stats": "serve bundle-stats -n",
     "print-bundle-size": "node ./scripts/print-bundle-size.mjs",
-    "prepack": "npm run build && node ./scripts/prepack",
+    "prepack": "npm run build && npm run build:types && node ./scripts/prepack",
     "publish:cdn": "ccu --trace"
   },
   "devDependencies": {
-    "@auth0/component-cdn-uploader": "^2.4.2",
+    "@auth0/component-cdn-uploader": "^3.0.2",
     "@babel/core": "^7.28.5",
     "@babel/preset-env": "^7.28.5",
+    "@babel/preset-typescript": "^7.28.5",
     "@rollup/plugin-babel": "^6.1.0",
     "@rollup/plugin-commonjs": "^21.1.0",
     "@rollup/plugin-node-resolve": "^16.0.3",

package/src/Auth0Client.ts

@@ -524,13 +524,16 @@ export class Auth0Client {
 
     config.popup.location.href = params.url;
 
-    const codeResult = await runPopup({
-      ...config,
-      timeoutInSeconds:
-        config.timeoutInSeconds ||
-        this.options.authorizeTimeoutInSeconds ||
-        DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
-    });
+    const codeResult = await runPopup(
+      {
+        ...config,
+        timeoutInSeconds:
+          config.timeoutInSeconds ||
+          this.options.authorizeTimeoutInSeconds ||
+          DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
+      },
+      new URL(params.url).origin
+    );
 
     if (params.state !== codeResult.state) {
       throw new GenericError('state_mismatch', 'Invalid state');

package/src/index.ts

@@ -58,16 +58,19 @@ export type {
 } from './mfa';
 
 export {
-  ICache,
   LocalStorageCache,
   InMemoryCache,
+  CacheKey
+} from './cache';
+
+export type {
+  ICache,
   Cacheable,
   DecodedToken,
   CacheEntry,
   WrappedCacheEntry,
   KeyManifestEntry,
   MaybePromise,
-  CacheKey,
   CacheKeyData
 } from './cache';
 
@@ -79,4 +82,4 @@ export type {
 
 export { MyAccountApiError } from './MyAccountApiClient';
 
-export { CustomTokenExchangeOptions } from './TokenExchange';
+export type { CustomTokenExchangeOptions } from './TokenExchange';

package/src/utils.ts

@@ -97,7 +97,7 @@ export const openPopup = (url: string) => {
   );
 };
 
-export const runPopup = (config: PopupConfigOptions) => {
+export const runPopup = (config: PopupConfigOptions, eventOrigin: string) => {
   return new Promise<AuthenticationResult>((resolve, reject) => {
     let popupEventListener: (e: MessageEvent) => void;
 
@@ -118,6 +118,7 @@ export const runPopup = (config: PopupConfigOptions) => {
     }, (config.timeoutInSeconds || DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) * 1000);
 
     popupEventListener = function (e: MessageEvent) {
+      if (e.origin !== eventOrigin) return;
       if (!e.data || e.data.type !== 'authorization_response') {
         return;
       }

package/src/version.ts

@@ -1 +1 @@
-export default '2.18.0';
+export default '2.18.2';