@auth0/auth0-spa-js 2.5.0 → 2.6.0

package/README.md

@@ -29,7 +29,7 @@ npm install @auth0/auth0-spa-js
 From the CDN:
 
 ```html
-<script src="https://cdn.auth0.com/js/auth0-spa-js/2.5/auth0-spa-js.production.js"></script>
+<script src="https://cdn.auth0.com/js/auth0-spa-js/2.6/auth0-spa-js.production.js"></script>
 ```
 
 ### Configure Auth0

package/dist/auth0-spa-js.development.js

@@ -540,7 +540,7 @@
         exports.default = SuperTokensLock;
     }));
     var Lock = unwrapExports(browserTabsLock);
-    var version = "2.5.0";
+    var version = "2.6.0";
     const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
     const DEFAULT_POPUP_CONFIG_OPTIONS = {
         timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
@@ -577,6 +577,15 @@
             Object.setPrototypeOf(this, AuthenticationError.prototype);
         }
     }
+    class ConnectError extends GenericError {
+        constructor(error, error_description, connection, state, appState = null) {
+            super(error, error_description);
+            this.connection = connection;
+            this.state = state;
+            this.appState = appState;
+            Object.setPrototypeOf(this, ConnectError.prototype);
+        }
+    }
     class TimeoutError extends GenericError {
         constructor() {
             super("timeout", "Timeout");
@@ -630,6 +639,7 @@
         return {
             state: searchParams.get("state"),
             code: searchParams.get("code") || undefined,
+            connect_code: searchParams.get("connect_code") || undefined,
             error: searchParams.get("error") || undefined,
             error_description: searchParams.get("error_description") || undefined
         };
@@ -1756,6 +1766,12 @@
             sessionStorage.removeItem(key);
         }
     };
+    exports.ResponseType = void 0;
+    (function(ResponseType) {
+        ResponseType["Code"] = "code";
+        ResponseType["ConnectCode"] = "connect_code";
+    })(exports.ResponseType || (exports.ResponseType = {}));
+    class User {}
     function decodeBase64(base64, enableUnicode) {
         var binaryString = atob(base64);
         if (enableUnicode) {
@@ -2033,7 +2049,7 @@
             }
             return new Request(this.buildUrl(this.config.baseUrl, request.url), request);
         }
-        async setAuthorizationHeader(request, accessToken) {
+        setAuthorizationHeader(request, accessToken) {
             request.headers.set("authorization", `${this.config.dpopNonceId ? "DPoP" : "Bearer"} ${accessToken}`);
         }
         async setDpopProofHeader(request, accessToken) {
@@ -2098,6 +2114,63 @@
             return this.internalFetchWithAuth(info, init, callbacks, authParams);
         }
     }
+    class MyAccountApiClient {
+        constructor(myAccountFetcher, apiBase) {
+            this.myAccountFetcher = myAccountFetcher;
+            this.apiBase = apiBase;
+        }
+        async connectAccount(params) {
+            const res = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json"
+                },
+                body: JSON.stringify(params)
+            });
+            return this._handleResponse(res);
+        }
+        async completeAccount(params) {
+            const res = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json"
+                },
+                body: JSON.stringify(params)
+            });
+            return this._handleResponse(res);
+        }
+        async _handleResponse(res) {
+            let body;
+            try {
+                body = await res.text();
+                body = JSON.parse(body);
+            } catch (err) {
+                throw new MyAccountApiError({
+                    type: "invalid_json",
+                    status: res.status,
+                    title: "Invalid JSON response",
+                    detail: body || String(err)
+                });
+            }
+            if (res.ok) {
+                return body;
+            } else {
+                throw new MyAccountApiError(body);
+            }
+        }
+    }
+    class MyAccountApiError extends Error {
+        constructor({type: type, status: status, title: title, detail: detail, validation_errors: validation_errors}) {
+            super(detail);
+            this.name = "MyAccountApiError";
+            this.type = type;
+            this.status = status;
+            this.title = title;
+            this.detail = detail;
+            this.validation_errors = validation_errors;
+            Object.setPrototypeOf(this, MyAccountApiError.prototype);
+        }
+    }
     const lock = new Lock;
     class Auth0Client {
         constructor(options) {
@@ -2144,6 +2217,18 @@
             this.dpop = this.options.useDpop ? new Dpop(this.options.clientId) : undefined;
             this.domainUrl = getDomain(this.options.domain);
             this.tokenIssuer = getTokenIssuer(this.options.issuer, this.domainUrl);
+            const myAccountApiIdentifier = `${this.domainUrl}/me/`;
+            const myAccountFetcher = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && {
+                dpopNonceId: "__auth0_my_account_api__"
+            }), {
+                getAccessToken: () => this.getTokenSilently({
+                    authorizationParams: {
+                        scope: "create:me:connected_accounts",
+                        audience: myAccountApiIdentifier
+                    }
+                })
+            }));
+            this.myAccountApi = new MyAccountApiClient(myAccountFetcher, myAccountApiIdentifier);
             if (typeof window !== "undefined" && window.Worker && this.options.useRefreshTokens && cacheLocation === CACHE_LOCATION_MEMORY) {
                 if (this.options.workerUrl) {
                     this.worker = new Worker(this.options.workerUrl);
@@ -2253,7 +2338,8 @@
             const organization = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
             const _c = await this._prepareAuthorizeUrl(urlOptions.authorizationParams || {}), {url: url} = _c, transaction = __rest(_c, [ "url" ]);
             this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, transaction), {
-                appState: appState
+                appState: appState,
+                response_type: exports.ResponseType.Code
             }), organization && {
                 organization: organization
             }));
@@ -2269,12 +2355,19 @@
             if (queryStringFragments.length === 0) {
                 throw new Error("There are no query params available for parsing.");
             }
-            const {state: state, code: code, error: error, error_description: error_description} = parseAuthenticationResult(queryStringFragments.join(""));
             const transaction = this.transactionManager.get();
             if (!transaction) {
                 throw new GenericError("missing_transaction", "Invalid state");
             }
             this.transactionManager.remove();
+            const authenticationResult = parseAuthenticationResult(queryStringFragments.join(""));
+            if (transaction.response_type === exports.ResponseType.ConnectCode) {
+                return this._handleConnectAccountRedirectCallback(authenticationResult, transaction);
+            }
+            return this._handleLoginRedirectCallback(authenticationResult, transaction);
+        }
+        async _handleLoginRedirectCallback(authenticationResult, transaction) {
+            const {code: code, state: state, error: error, error_description: error_description} = authenticationResult;
             if (error) {
                 throw new AuthenticationError(error, error_description || error, state, transaction.appState);
             }
@@ -2297,9 +2390,32 @@
                 organization: organization
             });
             return {
-                appState: transaction.appState
+                appState: transaction.appState,
+                response_type: exports.ResponseType.Code
             };
         }
+        async _handleConnectAccountRedirectCallback(connectResult, transaction) {
+            const {connect_code: connect_code, state: state, error: error, error_description: error_description} = connectResult;
+            if (error) {
+                throw new ConnectError(error, error_description || error, transaction.connection, state, transaction.appState);
+            }
+            if (!connect_code) {
+                throw new GenericError("missing_connect_code", "Missing connect code");
+            }
+            if (!transaction.code_verifier || !transaction.state || !transaction.auth_session || !transaction.redirect_uri || transaction.state !== state) {
+                throw new GenericError("state_mismatch", "Invalid state");
+            }
+            const data = await this.myAccountApi.completeAccount({
+                auth_session: transaction.auth_session,
+                connect_code: connect_code,
+                redirect_uri: transaction.redirect_uri,
+                code_verifier: transaction.code_verifier
+            });
+            return Object.assign(Object.assign({}, data), {
+                appState: transaction.appState,
+                response_type: exports.ResponseType.ConnectCode
+            });
+        }
         async checkSession(options) {
             if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
                 if (!this.cookieStorage.get(OLD_IS_AUTHENTICATED_COOKIE_NAME)) {
@@ -2651,12 +2767,51 @@
                     });
                 },
                 getDpopNonce: () => this.getDpopNonce(config.dpopNonceId),
-                setDpopNonce: nonce => this.setDpopNonce(nonce),
+                setDpopNonce: nonce => this.setDpopNonce(nonce, config.dpopNonceId),
                 generateDpopProof: params => this.generateDpopProof(params)
             });
         }
+        async connectAccountWithRedirect(options) {
+            if (!this.options.useDpop) {
+                throw new Error("`useDpop` option must be enabled before using connectAccountWithRedirect.");
+            }
+            if (!this.options.useMrrt) {
+                throw new Error("`useMrrt` option must be enabled before using connectAccountWithRedirect.");
+            }
+            const {openUrl: openUrl, appState: appState, connection: connection, authorization_params: authorization_params, redirectUri: redirectUri = this.options.authorizationParams.redirect_uri || window.location.origin} = options;
+            if (!connection) {
+                throw new Error("connection is required");
+            }
+            const state = encode(createRandomString());
+            const code_verifier = createRandomString();
+            const code_challengeBuffer = await sha256(code_verifier);
+            const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);
+            const {connect_uri: connect_uri, connect_params: connect_params, auth_session: auth_session} = await this.myAccountApi.connectAccount({
+                connection: connection,
+                redirect_uri: redirectUri,
+                state: state,
+                code_challenge: code_challenge,
+                code_challenge_method: "S256",
+                authorization_params: authorization_params
+            });
+            this.transactionManager.create({
+                state: state,
+                code_verifier: code_verifier,
+                auth_session: auth_session,
+                redirect_uri: redirectUri,
+                appState: appState,
+                connection: connection,
+                response_type: exports.ResponseType.ConnectCode
+            });
+            const url = new URL(connect_uri);
+            url.searchParams.set("ticket", connect_params.ticket);
+            if (openUrl) {
+                await openUrl(url.toString());
+            } else {
+                window.location.assign(url);
+            }
+        }
     }
-    class User {}
     async function createAuth0Client(options) {
         const auth0 = new Auth0Client(options);
         await auth0.checkSession();
@@ -2665,11 +2820,13 @@
     exports.Auth0Client = Auth0Client;
     exports.AuthenticationError = AuthenticationError;
     exports.CacheKey = CacheKey;
+    exports.ConnectError = ConnectError;
     exports.GenericError = GenericError;
     exports.InMemoryCache = InMemoryCache;
     exports.LocalStorageCache = LocalStorageCache;
     exports.MfaRequiredError = MfaRequiredError;
     exports.MissingRefreshTokenError = MissingRefreshTokenError;
+    exports.MyAccountApiError = MyAccountApiError;
     exports.PopupCancelledError = PopupCancelledError;
     exports.PopupTimeoutError = PopupTimeoutError;
     exports.TimeoutError = TimeoutError;