@auth0/auth0-spa-js 2.5.0 → 2.6.0

package/dist/lib/auth0-spa-js.cjs.js

@@ -550,7 +550,7 @@ var browserTabsLock = createCommonjsModule((function(module, exports) {
 
 var Lock = unwrapExports(browserTabsLock);
 
-var version = "2.5.0";
+var version = "2.6.0";
 
 const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
 
@@ -602,6 +602,16 @@ class AuthenticationError extends GenericError {
     }
 }
 
+class ConnectError extends GenericError {
+    constructor(error, error_description, connection, state, appState = null) {
+        super(error, error_description);
+        this.connection = connection;
+        this.state = state;
+        this.appState = appState;
+        Object.setPrototypeOf(this, ConnectError.prototype);
+    }
+}
+
 class TimeoutError extends GenericError {
     constructor() {
         super("timeout", "Timeout");
@@ -662,6 +672,7 @@ const parseAuthenticationResult = queryString => {
     return {
         state: searchParams.get("state"),
         code: searchParams.get("code") || undefined,
+        connect_code: searchParams.get("connect_code") || undefined,
         error: searchParams.get("error") || undefined,
         error_description: searchParams.get("error_description") || undefined
     };
@@ -1873,6 +1884,15 @@ const SessionStorage = {
     }
 };
 
+exports.ResponseType = void 0;
+
+(function(ResponseType) {
+    ResponseType["Code"] = "code";
+    ResponseType["ConnectCode"] = "connect_code";
+})(exports.ResponseType || (exports.ResponseType = {}));
+
+class User {}
+
 function decodeBase64(base64, enableUnicode) {
     var binaryString = atob(base64);
     if (enableUnicode) {
@@ -2175,7 +2195,7 @@ class Fetcher {
         }
         return new Request(this.buildUrl(this.config.baseUrl, request.url), request);
     }
-    async setAuthorizationHeader(request, accessToken) {
+    setAuthorizationHeader(request, accessToken) {
         request.headers.set("authorization", `${this.config.dpopNonceId ? "DPoP" : "Bearer"} ${accessToken}`);
     }
     async setDpopProofHeader(request, accessToken) {
@@ -2241,6 +2261,65 @@ class Fetcher {
     }
 }
 
+class MyAccountApiClient {
+    constructor(myAccountFetcher, apiBase) {
+        this.myAccountFetcher = myAccountFetcher;
+        this.apiBase = apiBase;
+    }
+    async connectAccount(params) {
+        const res = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify(params)
+        });
+        return this._handleResponse(res);
+    }
+    async completeAccount(params) {
+        const res = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify(params)
+        });
+        return this._handleResponse(res);
+    }
+    async _handleResponse(res) {
+        let body;
+        try {
+            body = await res.text();
+            body = JSON.parse(body);
+        } catch (err) {
+            throw new MyAccountApiError({
+                type: "invalid_json",
+                status: res.status,
+                title: "Invalid JSON response",
+                detail: body || String(err)
+            });
+        }
+        if (res.ok) {
+            return body;
+        } else {
+            throw new MyAccountApiError(body);
+        }
+    }
+}
+
+class MyAccountApiError extends Error {
+    constructor({type: type, status: status, title: title, detail: detail, validation_errors: validation_errors}) {
+        super(detail);
+        this.name = "MyAccountApiError";
+        this.type = type;
+        this.status = status;
+        this.title = title;
+        this.detail = detail;
+        this.validation_errors = validation_errors;
+        Object.setPrototypeOf(this, MyAccountApiError.prototype);
+    }
+}
+
 const lock = new Lock;
 
 class Auth0Client {
@@ -2288,6 +2367,18 @@ class Auth0Client {
         this.dpop = this.options.useDpop ? new Dpop(this.options.clientId) : undefined;
         this.domainUrl = getDomain(this.options.domain);
         this.tokenIssuer = getTokenIssuer(this.options.issuer, this.domainUrl);
+        const myAccountApiIdentifier = `${this.domainUrl}/me/`;
+        const myAccountFetcher = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && {
+            dpopNonceId: "__auth0_my_account_api__"
+        }), {
+            getAccessToken: () => this.getTokenSilently({
+                authorizationParams: {
+                    scope: "create:me:connected_accounts",
+                    audience: myAccountApiIdentifier
+                }
+            })
+        }));
+        this.myAccountApi = new MyAccountApiClient(myAccountFetcher, myAccountApiIdentifier);
         if (typeof window !== "undefined" && window.Worker && this.options.useRefreshTokens && cacheLocation === CACHE_LOCATION_MEMORY) {
             if (this.options.workerUrl) {
                 this.worker = new Worker(this.options.workerUrl);
@@ -2397,7 +2488,8 @@ class Auth0Client {
         const organization = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
         const _c = await this._prepareAuthorizeUrl(urlOptions.authorizationParams || {}), {url: url} = _c, transaction = __rest(_c, [ "url" ]);
         this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, transaction), {
-            appState: appState
+            appState: appState,
+            response_type: exports.ResponseType.Code
         }), organization && {
             organization: organization
         }));
@@ -2413,12 +2505,19 @@ class Auth0Client {
         if (queryStringFragments.length === 0) {
             throw new Error("There are no query params available for parsing.");
         }
-        const {state: state, code: code, error: error, error_description: error_description} = parseAuthenticationResult(queryStringFragments.join(""));
         const transaction = this.transactionManager.get();
         if (!transaction) {
             throw new GenericError("missing_transaction", "Invalid state");
         }
         this.transactionManager.remove();
+        const authenticationResult = parseAuthenticationResult(queryStringFragments.join(""));
+        if (transaction.response_type === exports.ResponseType.ConnectCode) {
+            return this._handleConnectAccountRedirectCallback(authenticationResult, transaction);
+        }
+        return this._handleLoginRedirectCallback(authenticationResult, transaction);
+    }
+    async _handleLoginRedirectCallback(authenticationResult, transaction) {
+        const {code: code, state: state, error: error, error_description: error_description} = authenticationResult;
         if (error) {
             throw new AuthenticationError(error, error_description || error, state, transaction.appState);
         }
@@ -2441,9 +2540,32 @@ class Auth0Client {
             organization: organization
         });
         return {
-            appState: transaction.appState
+            appState: transaction.appState,
+            response_type: exports.ResponseType.Code
         };
     }
+    async _handleConnectAccountRedirectCallback(connectResult, transaction) {
+        const {connect_code: connect_code, state: state, error: error, error_description: error_description} = connectResult;
+        if (error) {
+            throw new ConnectError(error, error_description || error, transaction.connection, state, transaction.appState);
+        }
+        if (!connect_code) {
+            throw new GenericError("missing_connect_code", "Missing connect code");
+        }
+        if (!transaction.code_verifier || !transaction.state || !transaction.auth_session || !transaction.redirect_uri || transaction.state !== state) {
+            throw new GenericError("state_mismatch", "Invalid state");
+        }
+        const data = await this.myAccountApi.completeAccount({
+            auth_session: transaction.auth_session,
+            connect_code: connect_code,
+            redirect_uri: transaction.redirect_uri,
+            code_verifier: transaction.code_verifier
+        });
+        return Object.assign(Object.assign({}, data), {
+            appState: transaction.appState,
+            response_type: exports.ResponseType.ConnectCode
+        });
+    }
     async checkSession(options) {
         if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
             if (!this.cookieStorage.get(OLD_IS_AUTHENTICATED_COOKIE_NAME)) {
@@ -2795,14 +2917,52 @@ class Auth0Client {
                 });
             },
             getDpopNonce: () => this.getDpopNonce(config.dpopNonceId),
-            setDpopNonce: nonce => this.setDpopNonce(nonce),
+            setDpopNonce: nonce => this.setDpopNonce(nonce, config.dpopNonceId),
             generateDpopProof: params => this.generateDpopProof(params)
         });
     }
+    async connectAccountWithRedirect(options) {
+        if (!this.options.useDpop) {
+            throw new Error("`useDpop` option must be enabled before using connectAccountWithRedirect.");
+        }
+        if (!this.options.useMrrt) {
+            throw new Error("`useMrrt` option must be enabled before using connectAccountWithRedirect.");
+        }
+        const {openUrl: openUrl, appState: appState, connection: connection, authorization_params: authorization_params, redirectUri: redirectUri = this.options.authorizationParams.redirect_uri || window.location.origin} = options;
+        if (!connection) {
+            throw new Error("connection is required");
+        }
+        const state = encode(createRandomString());
+        const code_verifier = createRandomString();
+        const code_challengeBuffer = await sha256(code_verifier);
+        const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);
+        const {connect_uri: connect_uri, connect_params: connect_params, auth_session: auth_session} = await this.myAccountApi.connectAccount({
+            connection: connection,
+            redirect_uri: redirectUri,
+            state: state,
+            code_challenge: code_challenge,
+            code_challenge_method: "S256",
+            authorization_params: authorization_params
+        });
+        this.transactionManager.create({
+            state: state,
+            code_verifier: code_verifier,
+            auth_session: auth_session,
+            redirect_uri: redirectUri,
+            appState: appState,
+            connection: connection,
+            response_type: exports.ResponseType.ConnectCode
+        });
+        const url = new URL(connect_uri);
+        url.searchParams.set("ticket", connect_params.ticket);
+        if (openUrl) {
+            await openUrl(url.toString());
+        } else {
+            window.location.assign(url);
+        }
+    }
 }
 
-class User {}
-
 async function createAuth0Client(options) {
     const auth0 = new Auth0Client(options);
     await auth0.checkSession();
@@ -2815,6 +2975,8 @@ exports.AuthenticationError = AuthenticationError;
 
 exports.CacheKey = CacheKey;
 
+exports.ConnectError = ConnectError;
+
 exports.GenericError = GenericError;
 
 exports.InMemoryCache = InMemoryCache;
@@ -2825,6 +2987,8 @@ exports.MfaRequiredError = MfaRequiredError;
 
 exports.MissingRefreshTokenError = MissingRefreshTokenError;
 
+exports.MyAccountApiError = MyAccountApiError;
+
 exports.PopupCancelledError = PopupCancelledError;
 
 exports.PopupTimeoutError = PopupTimeoutError;