@auth0/auth0-spa-js 2.18.3 → 2.19.1

package/dist/typings/cache/cache-manager.d.ts

@@ -1,56 +1,69 @@
-import { CacheKeyManifest } from './key-manifest';
-import { CacheEntry, ICache, CacheKey, DecodedToken, IdTokenEntry } from './shared';
-export declare class CacheManager {
-    private cache;
-    private keyManifest?;
-    private nowProvider;
-    constructor(cache: ICache, keyManifest?: CacheKeyManifest | undefined, nowProvider?: () => number | Promise<number>);
-    setIdToken(clientId: string, idToken: string, decodedToken: DecodedToken): Promise<void>;
-    getIdToken(cacheKey: CacheKey): Promise<IdTokenEntry | undefined>;
-    get(cacheKey: CacheKey, expiryAdjustmentSeconds?: number, useMrrt?: boolean, cacheMode?: string): Promise<Partial<CacheEntry> | undefined>;
-    private modifiedCachedEntry;
-    set(entry: CacheEntry): Promise<void>;
-    remove(client_id: string, audience?: string, scope?: string): Promise<void>;
-    clear(clientId?: string): Promise<void>;
-    private wrapCacheEntry;
-    private getCacheKeys;
-    /**
-     * Returns the cache key to be used to store the id token
-     * @param clientId The client id used to link to the id token
-     * @returns The constructed cache key, as a string, to store the id token
-     */
-    private getIdTokenCacheKey;
-    /**
-     * Finds the corresponding key in the cache based on the provided cache key.
-     * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.
-     * The first key in the cache that satisfies the following conditions is returned
-     *  - `prefix` is strict equal to Auth0's internally configured `keyPrefix`
-     *  - `clientId` is strict equal to the `cacheKey.clientId`
-     *  - `audience` is strict equal to the `cacheKey.audience`
-     *  - `scope` contains at least all the `cacheKey.scope` values
-     *  *
-     * @param keyToMatch The provided cache key
-     * @param allKeys A list of existing cache keys
-     */
-    private matchExistingCacheKey;
-    /**
-     * Returns the first entry that contains a refresh_token that satisfies the following conditions
-     * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.
-     * - `prefix` is strict equal to Auth0's internally configured `keyPrefix`
-     * - `clientId` is strict equal to the `cacheKey.clientId`
-     * @param keyToMatch The provided cache key
-     * @param allKeys A list of existing cache keys
-     */
-    private getEntryWithRefreshToken;
-    /**
-     * Updates the refresh token in all cache entries that contain the old refresh token.
-     *
-     * When a refresh token is rotated, multiple cache entries (for different audiences/scopes)
-     * may share the same refresh token. This method propagates the new refresh token to all
-     * matching entries.
-     *
-     * @param oldRefreshToken The refresh token that was used and is now invalid
-     * @param newRefreshToken The new refresh token received from the server
-     */
-    updateEntry(oldRefreshToken: string, newRefreshToken: string): Promise<void>;
-}
+import { CacheKeyManifest } from './key-manifest';
+import { CacheEntry, ICache, CacheKey, DecodedToken, IdTokenEntry } from './shared';
+export declare class CacheManager {
+    private cache;
+    private keyManifest?;
+    private nowProvider;
+    constructor(cache: ICache, keyManifest?: CacheKeyManifest | undefined, nowProvider?: () => number | Promise<number>);
+    setIdToken(clientId: string, idToken: string, decodedToken: DecodedToken): Promise<void>;
+    getIdToken(cacheKey: CacheKey): Promise<IdTokenEntry | undefined>;
+    get(cacheKey: CacheKey, expiryAdjustmentSeconds?: number, useMrrt?: boolean, cacheMode?: string): Promise<Partial<CacheEntry> | undefined>;
+    private modifiedCachedEntry;
+    set(entry: CacheEntry): Promise<void>;
+    remove(client_id: string, audience?: string, scope?: string): Promise<void>;
+    stripRefreshToken(refreshToken: string): Promise<void>;
+    clear(clientId?: string): Promise<void>;
+    private wrapCacheEntry;
+    private getCacheKeys;
+    /**
+     * Returns the cache key to be used to store the id token
+     * @param clientId The client id used to link to the id token
+     * @returns The constructed cache key, as a string, to store the id token
+     */
+    private getIdTokenCacheKey;
+    /**
+     * Finds the corresponding key in the cache based on the provided cache key.
+     * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.
+     * The first key in the cache that satisfies the following conditions is returned
+     *  - `prefix` is strict equal to Auth0's internally configured `keyPrefix`
+     *  - `clientId` is strict equal to the `cacheKey.clientId`
+     *  - `audience` is strict equal to the `cacheKey.audience`
+     *  - `scope` contains at least all the `cacheKey.scope` values
+     *  *
+     * @param keyToMatch The provided cache key
+     * @param allKeys A list of existing cache keys
+     */
+    private matchExistingCacheKey;
+    /**
+     * Returns the first entry that contains a refresh_token that satisfies the following conditions
+     * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.
+     * - `prefix` is strict equal to Auth0's internally configured `keyPrefix`
+     * - `clientId` is strict equal to the `cacheKey.clientId`
+     * @param keyToMatch The provided cache key
+     * @param allKeys A list of existing cache keys
+     */
+    private getEntryWithRefreshToken;
+    /**
+     * Returns all distinct refresh tokens stored for a given audience and client.
+     *
+     * Multiple cache entries may exist for the same audience when different scope
+     * combinations were obtained via separate authorization flows, each potentially
+     * carrying a different refresh token. A Set is used to deduplicate tokens that
+     * are shared across entries (e.g. MRRT).
+     *
+     * @param audience The audience to look up
+     * @param clientId The client id to scope the lookup
+     */
+    getRefreshTokensByAudience(audience: string, clientId: string): Promise<string[]>;
+    /**
+     * Updates the refresh token in all cache entries that contain the old refresh token.
+     *
+     * When a refresh token is rotated, multiple cache entries (for different audiences/scopes)
+     * may share the same refresh token. This method propagates the new refresh token to all
+     * matching entries.
+     *
+     * @param oldRefreshToken The refresh token that was used and is now invalid
+     * @param newRefreshToken The new refresh token received from the server
+     */
+    updateEntry(oldRefreshToken: string, newRefreshToken: string): Promise<void>;
+}

package/dist/typings/cache/cache-memory.d.ts

@@ -1,4 +1,4 @@
-import { ICache } from './shared';
-export declare class InMemoryCache {
-    enclosedCache: ICache;
-}
+import { ICache } from './shared';
+export declare class InMemoryCache {
+    enclosedCache: ICache;
+}

package/dist/typings/cache/index.d.ts

@@ -1,4 +1,4 @@
-export * from './cache-localstorage';
-export * from './cache-memory';
-export * from './cache-manager';
-export * from './shared';
+export * from './cache-localstorage';
+export * from './cache-memory';
+export * from './cache-manager';
+export * from './shared';

package/dist/typings/cache/key-manifest.d.ts

@@ -1,12 +1,12 @@
-import { ICache, KeyManifestEntry, MaybePromise } from './shared';
-export declare class CacheKeyManifest {
-    private cache;
-    private clientId;
-    private readonly manifestKey;
-    constructor(cache: ICache, clientId: string);
-    add(key: string): Promise<void>;
-    remove(key: string): Promise<void>;
-    get(): MaybePromise<KeyManifestEntry | undefined>;
-    clear(): MaybePromise<void>;
-    private createManifestKeyFrom;
-}
+import { ICache, KeyManifestEntry, MaybePromise } from './shared';
+export declare class CacheKeyManifest {
+    private cache;
+    private clientId;
+    private readonly manifestKey;
+    constructor(cache: ICache, clientId: string);
+    add(key: string): Promise<void>;
+    remove(key: string): Promise<void>;
+    get(): MaybePromise<KeyManifestEntry | undefined>;
+    clear(): MaybePromise<void>;
+    private createManifestKeyFrom;
+}

package/dist/typings/cache/shared.d.ts

@@ -1,68 +1,68 @@
-import { IdToken, User } from '../global';
-export declare const CACHE_KEY_PREFIX = "@@auth0spajs@@";
-export declare const CACHE_KEY_ID_TOKEN_SUFFIX = "@@user@@";
-export type CacheKeyData = {
-    audience?: string;
-    scope?: string;
-    clientId: string;
-};
-export declare class CacheKey {
-    prefix: string;
-    suffix?: string | undefined;
-    clientId: string;
-    scope?: string;
-    audience?: string;
-    constructor(data: CacheKeyData, prefix?: string, suffix?: string | undefined);
-    /**
-     * Converts this `CacheKey` instance into a string for use in a cache
-     * @returns A string representation of the key
-     */
-    toKey(): string;
-    /**
-     * Converts a cache key string into a `CacheKey` instance.
-     * @param key The key to convert
-     * @returns An instance of `CacheKey`
-     */
-    static fromKey(key: string): CacheKey;
-    /**
-     * Utility function to build a `CacheKey` instance from a cache entry
-     * @param entry The entry
-     * @returns An instance of `CacheKey`
-     */
-    static fromCacheEntry(entry: CacheEntry): CacheKey;
-}
-export interface DecodedToken {
-    claims: IdToken;
-    user: User;
-}
-export interface IdTokenEntry {
-    id_token: string;
-    decodedToken: DecodedToken;
-}
-export type CacheEntry = {
-    id_token?: string;
-    token_type?: string;
-    access_token: string;
-    expires_in: number;
-    decodedToken?: DecodedToken;
-    audience: string;
-    scope: string;
-    client_id: string;
-    refresh_token?: string;
-    oauthTokenScope?: string;
-};
-export type WrappedCacheEntry = {
-    body: Partial<CacheEntry>;
-    expiresAt: number;
-};
-export type KeyManifestEntry = {
-    keys: string[];
-};
-export type Cacheable = WrappedCacheEntry | KeyManifestEntry;
-export type MaybePromise<T> = Promise<T> | T;
-export interface ICache {
-    set<T = Cacheable>(key: string, entry: T): MaybePromise<void>;
-    get<T = Cacheable>(key: string): MaybePromise<T | undefined>;
-    remove(key: string): MaybePromise<void>;
-    allKeys?(): MaybePromise<string[]>;
-}
+import { IdToken, User } from '../global';
+export declare const CACHE_KEY_PREFIX = "@@auth0spajs@@";
+export declare const CACHE_KEY_ID_TOKEN_SUFFIX = "@@user@@";
+export type CacheKeyData = {
+    audience?: string;
+    scope?: string;
+    clientId: string;
+};
+export declare class CacheKey {
+    prefix: string;
+    suffix?: string | undefined;
+    clientId: string;
+    scope?: string;
+    audience?: string;
+    constructor(data: CacheKeyData, prefix?: string, suffix?: string | undefined);
+    /**
+     * Converts this `CacheKey` instance into a string for use in a cache
+     * @returns A string representation of the key
+     */
+    toKey(): string;
+    /**
+     * Converts a cache key string into a `CacheKey` instance.
+     * @param key The key to convert
+     * @returns An instance of `CacheKey`
+     */
+    static fromKey(key: string): CacheKey;
+    /**
+     * Utility function to build a `CacheKey` instance from a cache entry
+     * @param entry The entry
+     * @returns An instance of `CacheKey`
+     */
+    static fromCacheEntry(entry: CacheEntry): CacheKey;
+}
+export interface DecodedToken {
+    claims: IdToken;
+    user: User;
+}
+export interface IdTokenEntry {
+    id_token: string;
+    decodedToken: DecodedToken;
+}
+export type CacheEntry = {
+    id_token?: string;
+    token_type?: string;
+    access_token: string;
+    expires_in: number;
+    decodedToken?: DecodedToken;
+    audience: string;
+    scope: string;
+    client_id: string;
+    refresh_token?: string;
+    oauthTokenScope?: string;
+};
+export type WrappedCacheEntry = {
+    body: Partial<CacheEntry>;
+    expiresAt: number;
+};
+export type KeyManifestEntry = {
+    keys: string[];
+};
+export type Cacheable = WrappedCacheEntry | KeyManifestEntry;
+export type MaybePromise<T> = Promise<T> | T;
+export interface ICache {
+    set<T = Cacheable>(key: string, entry: T): MaybePromise<void>;
+    get<T = Cacheable>(key: string): MaybePromise<T | undefined>;
+    remove(key: string): MaybePromise<void>;
+    allKeys?(): MaybePromise<string[]>;
+}

package/dist/typings/constants.d.ts

@@ -1,58 +1,58 @@
-import { PopupConfigOptions } from './global';
-/**
- * @ignore
- */
-export declare const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
-/**
- * @ignore
- */
-export declare const DEFAULT_POPUP_CONFIG_OPTIONS: PopupConfigOptions;
-/**
- * @ignore
- */
-export declare const DEFAULT_SILENT_TOKEN_RETRY_COUNT = 3;
-/**
- * @ignore
- */
-export declare const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;
-/**
- * @ignore
- */
-export declare const DEFAULT_FETCH_TIMEOUT_MS = 10000;
-export declare const CACHE_LOCATION_MEMORY = "memory";
-export declare const CACHE_LOCATION_LOCAL_STORAGE = "localstorage";
-/**
- * @ignore
- */
-export declare const MISSING_REFRESH_TOKEN_ERROR_MESSAGE = "Missing Refresh Token";
-/**
- * @ignore
- */
-export declare const INVALID_REFRESH_TOKEN_ERROR_MESSAGE = "invalid refresh token";
-/**
- * @ignore
- */
-export declare const USER_BLOCKED_ERROR_MESSAGE = "user is blocked";
-/**
- * @ignore
- * The error_description returned by the /authorize endpoint when MFA is required
- * but prompt=none prevents interaction (iframe silent auth flow).
- */
-export declare const MFA_STEP_UP_ERROR_DESCRIPTION = "Multifactor authentication required";
-/**
- * @ignore
- */
-export declare const DEFAULT_SCOPE = "openid profile email";
-/**
- * @ignore
- */
-export declare const DEFAULT_SESSION_CHECK_EXPIRY_DAYS = 1;
-/**
- * @ignore
- */
-export declare const DEFAULT_AUTH0_CLIENT: {
-    name: string;
-    version: string;
-};
-export declare const DEFAULT_NOW_PROVIDER: () => number;
-export declare const DEFAULT_AUDIENCE = "default";
+import { PopupConfigOptions } from './global';
+/**
+ * @ignore
+ */
+export declare const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
+/**
+ * @ignore
+ */
+export declare const DEFAULT_POPUP_CONFIG_OPTIONS: PopupConfigOptions;
+/**
+ * @ignore
+ */
+export declare const DEFAULT_SILENT_TOKEN_RETRY_COUNT = 3;
+/**
+ * @ignore
+ */
+export declare const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;
+/**
+ * @ignore
+ */
+export declare const DEFAULT_FETCH_TIMEOUT_MS = 10000;
+export declare const CACHE_LOCATION_MEMORY = "memory";
+export declare const CACHE_LOCATION_LOCAL_STORAGE = "localstorage";
+/**
+ * @ignore
+ */
+export declare const MISSING_REFRESH_TOKEN_ERROR_MESSAGE = "Missing Refresh Token";
+/**
+ * @ignore
+ */
+export declare const INVALID_REFRESH_TOKEN_ERROR_MESSAGE = "invalid refresh token";
+/**
+ * @ignore
+ */
+export declare const USER_BLOCKED_ERROR_MESSAGE = "user is blocked";
+/**
+ * @ignore
+ * The error_description returned by the /authorize endpoint when MFA is required
+ * but prompt=none prevents interaction (iframe silent auth flow).
+ */
+export declare const MFA_STEP_UP_ERROR_DESCRIPTION = "Multifactor authentication required";
+/**
+ * @ignore
+ */
+export declare const DEFAULT_SCOPE = "openid profile email";
+/**
+ * @ignore
+ */
+export declare const DEFAULT_SESSION_CHECK_EXPIRY_DAYS = 1;
+/**
+ * @ignore
+ */
+export declare const DEFAULT_AUTH0_CLIENT: {
+    name: string;
+    version: string;
+};
+export declare const DEFAULT_NOW_PROVIDER: () => number;
+export declare const DEFAULT_AUDIENCE = "default";

package/dist/typings/dpop/dpop.d.ts

@@ -1,17 +1,17 @@
-import { DpopStorage } from './storage';
-import * as dpopUtils from './utils';
-export declare class Dpop {
-    protected readonly storage: DpopStorage;
-    constructor(clientId: string);
-    getNonce(id?: string): Promise<string | undefined>;
-    setNonce(nonce: string, id?: string): Promise<void>;
-    protected getOrGenerateKeyPair(): Promise<dpopUtils.KeyPair>;
-    generateProof(params: {
-        url: string;
-        method: string;
-        nonce?: string;
-        accessToken?: string;
-    }): Promise<string>;
-    calculateThumbprint(): Promise<string>;
-    clear(): Promise<void>;
-}
+import { DpopStorage } from './storage';
+import * as dpopUtils from './utils';
+export declare class Dpop {
+    protected readonly storage: DpopStorage;
+    constructor(clientId: string);
+    getNonce(id?: string): Promise<string | undefined>;
+    setNonce(nonce: string, id?: string): Promise<void>;
+    protected getOrGenerateKeyPair(): Promise<dpopUtils.KeyPair>;
+    generateProof(params: {
+        url: string;
+        method: string;
+        nonce?: string;
+        accessToken?: string;
+    }): Promise<string>;
+    calculateThumbprint(): Promise<string>;
+    clear(): Promise<void>;
+}

package/dist/typings/dpop/storage.d.ts

@@ -1,27 +1,27 @@
-import { type KeyPair } from './utils';
-declare const TABLES: {
-    readonly NONCE: "nonce";
-    readonly KEYPAIR: "keypair";
-};
-type Table = (typeof TABLES)[keyof typeof TABLES];
-export declare class DpopStorage {
-    protected readonly clientId: string;
-    protected dbHandle: IDBDatabase | undefined;
-    constructor(clientId: string);
-    protected getVersion(): number;
-    protected createDbHandle(): Promise<IDBDatabase>;
-    protected getDbHandle(): Promise<IDBDatabase>;
-    protected executeDbRequest<T = unknown>(table: string, mode: IDBTransactionMode, requestFactory: (table: IDBObjectStore) => IDBRequest<T>): Promise<T>;
-    protected buildKey(id?: string): string;
-    setNonce(nonce: string, id?: string): Promise<void>;
-    setKeyPair(keyPair: KeyPair): Promise<void>;
-    protected save(table: Table, key: IDBValidKey, obj: unknown): Promise<void>;
-    findNonce(id?: string): Promise<string | undefined>;
-    findKeyPair(): Promise<KeyPair | undefined>;
-    protected find<T = unknown>(table: Table, key: IDBValidKey): Promise<T | undefined>;
-    protected deleteBy(table: Table, predicate: (key: IDBValidKey) => boolean): Promise<void>;
-    protected deleteByClientId(table: Table, clientId: string): Promise<void>;
-    clearNonces(): Promise<void>;
-    clearKeyPairs(): Promise<void>;
-}
-export {};
+import { type KeyPair } from './utils';
+declare const TABLES: {
+    readonly NONCE: "nonce";
+    readonly KEYPAIR: "keypair";
+};
+type Table = (typeof TABLES)[keyof typeof TABLES];
+export declare class DpopStorage {
+    protected readonly clientId: string;
+    protected dbHandle: IDBDatabase | undefined;
+    constructor(clientId: string);
+    protected getVersion(): number;
+    protected createDbHandle(): Promise<IDBDatabase>;
+    protected getDbHandle(): Promise<IDBDatabase>;
+    protected executeDbRequest<T = unknown>(table: string, mode: IDBTransactionMode, requestFactory: (table: IDBObjectStore) => IDBRequest<T>): Promise<T>;
+    protected buildKey(id?: string): string;
+    setNonce(nonce: string, id?: string): Promise<void>;
+    setKeyPair(keyPair: KeyPair): Promise<void>;
+    protected save(table: Table, key: IDBValidKey, obj: unknown): Promise<void>;
+    findNonce(id?: string): Promise<string | undefined>;
+    findKeyPair(): Promise<KeyPair | undefined>;
+    protected find<T = unknown>(table: Table, key: IDBValidKey): Promise<T | undefined>;
+    protected deleteBy(table: Table, predicate: (key: IDBValidKey) => boolean): Promise<void>;
+    protected deleteByClientId(table: Table, clientId: string): Promise<void>;
+    clearNonces(): Promise<void>;
+    clearKeyPairs(): Promise<void>;
+}
+export {};

package/dist/typings/dpop/utils.d.ts

@@ -1,15 +1,15 @@
-import * as dpopLib from 'dpop';
-export declare const DPOP_NONCE_HEADER = "dpop-nonce";
-export type KeyPair = Readonly<dpopLib.KeyPair>;
-type GenerateProofParams = {
-    keyPair: KeyPair;
-    url: string;
-    method: string;
-    nonce?: string;
-    accessToken?: string;
-};
-export declare function generateKeyPair(): Promise<KeyPair>;
-export declare function calculateThumbprint(keyPair: Pick<KeyPair, 'publicKey'>): Promise<string>;
-export declare function generateProof({ keyPair, url, method, nonce, accessToken }: GenerateProofParams): Promise<string>;
-export declare function isGrantTypeSupported(grantType: string): boolean;
-export {};
+import * as dpopLib from 'dpop';
+export declare const DPOP_NONCE_HEADER = "dpop-nonce";
+export type KeyPair = Readonly<dpopLib.KeyPair>;
+type GenerateProofParams = {
+    keyPair: KeyPair;
+    url: string;
+    method: string;
+    nonce?: string;
+    accessToken?: string;
+};
+export declare function generateKeyPair(): Promise<KeyPair>;
+export declare function calculateThumbprint(keyPair: Pick<KeyPair, 'publicKey'>): Promise<string>;
+export declare function generateProof({ keyPair, url, method, nonce, accessToken }: GenerateProofParams): Promise<string>;
+export declare function isGrantTypeSupported(grantType: string): boolean;
+export {};