@auth0/auth0-spa-js 2.6.0 → 2.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -3
- package/dist/auth0-spa-js.development.js +147 -47
- package/dist/auth0-spa-js.development.js.map +1 -1
- package/dist/auth0-spa-js.production.esm.js +1 -1
- package/dist/auth0-spa-js.production.esm.js.map +1 -1
- package/dist/auth0-spa-js.production.js +1 -1
- package/dist/auth0-spa-js.production.js.map +1 -1
- package/dist/auth0-spa-js.worker.development.js +1 -1
- package/dist/auth0-spa-js.worker.development.js.map +1 -1
- package/dist/auth0-spa-js.worker.production.js +1 -1
- package/dist/auth0-spa-js.worker.production.js.map +1 -1
- package/dist/lib/auth0-spa-js.cjs.js +157 -47
- package/dist/lib/auth0-spa-js.cjs.js.map +1 -1
- package/dist/typings/Auth0Client.d.ts +2 -1
- package/dist/typings/Auth0Client.utils.d.ts +15 -3
- package/dist/typings/cache/cache-manager.d.ts +1 -0
- package/dist/typings/constants.d.ts +1 -0
- package/dist/typings/errors.d.ts +8 -0
- package/dist/typings/fetcher.d.ts +5 -3
- package/dist/typings/global.d.ts +9 -1
- package/dist/typings/scope.d.ts +25 -0
- package/dist/typings/utils.d.ts +6 -0
- package/dist/typings/version.d.ts +1 -1
- package/package.json +1 -1
- package/src/Auth0Client.ts +87 -53
- package/src/Auth0Client.utils.ts +28 -5
- package/src/api.ts +5 -6
- package/src/cache/cache-manager.ts +14 -0
- package/src/constants.ts +2 -0
- package/src/errors.ts +15 -0
- package/src/fetcher.ts +51 -16
- package/src/global.ts +11 -1
- package/src/scope.ts +57 -0
- package/src/utils.ts +36 -0
- package/src/version.ts +1 -1
- package/src/worker/token.worker.ts +1 -1
package/README.md
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
|
|
2
2
|
|
|
3
|
-
](https://www.npmjs.com/package/@auth0/auth0-spa-js)
|
|
4
4
|
[](https://codecov.io/gh/auth0/auth0-spa-js)
|
|
5
|
+
[](https://deepwiki.com/auth0/auth0-spa-js)
|
|
5
6
|
|
|
6
7
|
[](https://opensource.org/licenses/MIT)
|
|
7
8
|
|
|
@@ -29,7 +30,7 @@ npm install @auth0/auth0-spa-js
|
|
|
29
30
|
From the CDN:
|
|
30
31
|
|
|
31
32
|
```html
|
|
32
|
-
<script src="https://cdn.auth0.com/js/auth0-spa-js/2.
|
|
33
|
+
<script src="https://cdn.auth0.com/js/auth0-spa-js/2.8/auth0-spa-js.production.js"></script>
|
|
33
34
|
```
|
|
34
35
|
|
|
35
36
|
### Configure Auth0
|
|
@@ -156,4 +157,4 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
|
|
|
156
157
|
</p>
|
|
157
158
|
<p align="center">
|
|
158
159
|
This project is licensed under the MIT license. See the <a href="https://github.com/auth0/auth0-spa-js/blob/main/LICENSE"> LICENSE</a> file for more info.
|
|
159
|
-
</p>
|
|
160
|
+
</p>
|
|
@@ -540,7 +540,7 @@
|
|
|
540
540
|
exports.default = SuperTokensLock;
|
|
541
541
|
}));
|
|
542
542
|
var Lock = unwrapExports(browserTabsLock);
|
|
543
|
-
var version = "2.
|
|
543
|
+
var version = "2.8.0";
|
|
544
544
|
const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
|
|
545
545
|
const DEFAULT_POPUP_CONFIG_OPTIONS = {
|
|
546
546
|
timeoutInSeconds: DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS
|
|
@@ -558,6 +558,7 @@
|
|
|
558
558
|
version: version
|
|
559
559
|
};
|
|
560
560
|
const DEFAULT_NOW_PROVIDER = () => Date.now();
|
|
561
|
+
const DEFAULT_AUDIENCE = "default";
|
|
561
562
|
class GenericError extends Error {
|
|
562
563
|
constructor(error, error_description) {
|
|
563
564
|
super(error_description);
|
|
@@ -621,6 +622,14 @@
|
|
|
621
622
|
Object.setPrototypeOf(this, MissingRefreshTokenError.prototype);
|
|
622
623
|
}
|
|
623
624
|
}
|
|
625
|
+
class MissingScopesError extends GenericError {
|
|
626
|
+
constructor(audience, scope) {
|
|
627
|
+
super("missing_scopes", `Missing requested scopes after refresh (audience: '${valueOrEmptyString(audience, [ "default" ])}', missing scope: '${valueOrEmptyString(scope)}')`);
|
|
628
|
+
this.audience = audience;
|
|
629
|
+
this.scope = scope;
|
|
630
|
+
Object.setPrototypeOf(this, MissingScopesError.prototype);
|
|
631
|
+
}
|
|
632
|
+
}
|
|
624
633
|
class UseDpopNonceError extends GenericError {
|
|
625
634
|
constructor(newDpopNonce) {
|
|
626
635
|
super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce");
|
|
@@ -725,6 +734,23 @@
|
|
|
725
734
|
const stripUndefined = params => Object.keys(params).filter((k => typeof params[k] !== "undefined")).reduce(((acc, key) => Object.assign(Object.assign({}, acc), {
|
|
726
735
|
[key]: params[key]
|
|
727
736
|
})), {});
|
|
737
|
+
const ALLOWED_AUTH0CLIENT_PROPERTIES = [ {
|
|
738
|
+
key: "name",
|
|
739
|
+
type: [ "string" ]
|
|
740
|
+
}, {
|
|
741
|
+
key: "version",
|
|
742
|
+
type: [ "string", "number" ]
|
|
743
|
+
}, {
|
|
744
|
+
key: "env",
|
|
745
|
+
type: [ "object" ]
|
|
746
|
+
} ];
|
|
747
|
+
const stripAuth0Client = auth0Client => Object.keys(auth0Client).reduce(((acc, key) => {
|
|
748
|
+
const allowedProperty = ALLOWED_AUTH0CLIENT_PROPERTIES.find((p => p.key === key));
|
|
749
|
+
if (allowedProperty && allowedProperty.type.includes(typeof auth0Client[key])) {
|
|
750
|
+
acc[key] = auth0Client[key];
|
|
751
|
+
}
|
|
752
|
+
return acc;
|
|
753
|
+
}), {});
|
|
728
754
|
const createQueryParams = _a => {
|
|
729
755
|
var {clientId: client_id} = _a, params = __rest(_a, [ "clientId" ]);
|
|
730
756
|
return new URLSearchParams(stripUndefined(Object.assign({
|
|
@@ -1207,17 +1233,42 @@
|
|
|
1207
1233
|
});
|
|
1208
1234
|
const body = useFormData ? createQueryParams(allParams) : JSON.stringify(allParams);
|
|
1209
1235
|
const isDpopSupported = isGrantTypeSupported(options.grant_type);
|
|
1210
|
-
return await getJSON(`${baseUrl}/oauth/token`, timeout, audience ||
|
|
1236
|
+
return await getJSON(`${baseUrl}/oauth/token`, timeout, audience || DEFAULT_AUDIENCE, scope, {
|
|
1211
1237
|
method: "POST",
|
|
1212
1238
|
body: body,
|
|
1213
1239
|
headers: {
|
|
1214
1240
|
"Content-Type": useFormData ? "application/x-www-form-urlencoded" : "application/json",
|
|
1215
|
-
"Auth0-Client": btoa(JSON.stringify(auth0Client || DEFAULT_AUTH0_CLIENT))
|
|
1241
|
+
"Auth0-Client": btoa(JSON.stringify(stripAuth0Client(auth0Client || DEFAULT_AUTH0_CLIENT)))
|
|
1216
1242
|
}
|
|
1217
1243
|
}, worker, useFormData, useMrrt, isDpopSupported ? dpop : undefined);
|
|
1218
1244
|
}
|
|
1219
1245
|
const dedupe = arr => Array.from(new Set(arr));
|
|
1220
1246
|
const getUniqueScopes = (...scopes) => dedupe(scopes.filter(Boolean).join(" ").trim().split(/\s+/)).join(" ");
|
|
1247
|
+
const injectDefaultScopes = (authScopes, openIdScope, ...extraScopes) => {
|
|
1248
|
+
if (typeof authScopes !== "object") {
|
|
1249
|
+
return {
|
|
1250
|
+
[DEFAULT_AUDIENCE]: getUniqueScopes(openIdScope, authScopes, ...extraScopes)
|
|
1251
|
+
};
|
|
1252
|
+
}
|
|
1253
|
+
let requestedScopes = {
|
|
1254
|
+
[DEFAULT_AUDIENCE]: getUniqueScopes(openIdScope, ...extraScopes)
|
|
1255
|
+
};
|
|
1256
|
+
Object.keys(authScopes).forEach((key => {
|
|
1257
|
+
const audienceScopes = authScopes[key];
|
|
1258
|
+
requestedScopes[key] = getUniqueScopes(openIdScope, audienceScopes, ...extraScopes);
|
|
1259
|
+
}));
|
|
1260
|
+
return requestedScopes;
|
|
1261
|
+
};
|
|
1262
|
+
const scopesToRequest = (authScopes, methodScopes, audience) => {
|
|
1263
|
+
let scope;
|
|
1264
|
+
if (audience) {
|
|
1265
|
+
scope = authScopes[audience];
|
|
1266
|
+
}
|
|
1267
|
+
if (!scope) {
|
|
1268
|
+
scope = authScopes[DEFAULT_AUDIENCE];
|
|
1269
|
+
}
|
|
1270
|
+
return getUniqueScopes(scope, methodScopes);
|
|
1271
|
+
};
|
|
1221
1272
|
const CACHE_KEY_PREFIX = "@@auth0spajs@@";
|
|
1222
1273
|
const CACHE_KEY_ID_TOKEN_SUFFIX = "@@user@@";
|
|
1223
1274
|
class CacheKey {
|
|
@@ -1386,6 +1437,14 @@
|
|
|
1386
1437
|
await this.cache.set(cacheKey.toKey(), wrappedEntry);
|
|
1387
1438
|
await ((_a = this.keyManifest) === null || _a === void 0 ? void 0 : _a.add(cacheKey.toKey()));
|
|
1388
1439
|
}
|
|
1440
|
+
async remove(client_id, audience, scope) {
|
|
1441
|
+
const cacheKey = new CacheKey({
|
|
1442
|
+
clientId: client_id,
|
|
1443
|
+
scope: scope,
|
|
1444
|
+
audience: audience
|
|
1445
|
+
});
|
|
1446
|
+
await this.cache.remove(cacheKey.toKey());
|
|
1447
|
+
}
|
|
1389
1448
|
async clear(clientId) {
|
|
1390
1449
|
var _a;
|
|
1391
1450
|
const keys = await this.getCacheKeys();
|
|
@@ -1801,7 +1860,7 @@
|
|
|
1801
1860
|
return new Worker(url, options);
|
|
1802
1861
|
};
|
|
1803
1862
|
}
|
|
1804
|
-
var WorkerFactory = createBase64WorkerFactory("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwooZnVuY3Rpb24oKSB7CiAgICAidXNlIHN0cmljdCI7CiAgICBjbGFzcyBHZW5lcmljRXJyb3IgZXh0ZW5kcyBFcnJvciB7CiAgICAgICAgY29uc3RydWN0b3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKSB7CiAgICAgICAgICAgIHN1cGVyKGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICAgICAgdGhpcy5lcnJvciA9IGVycm9yOwogICAgICAgICAgICB0aGlzLmVycm9yX2Rlc2NyaXB0aW9uID0gZXJyb3JfZGVzY3JpcHRpb247CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBHZW5lcmljRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICAgICAgc3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjogZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uOiBlcnJvcl9kZXNjcmlwdGlvbn0pIHsKICAgICAgICAgICAgcmV0dXJuIG5ldyBHZW5lcmljRXJyb3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICB9CiAgICB9CiAgICBjbGFzcyBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IgZXh0ZW5kcyBHZW5lcmljRXJyb3IgewogICAgICAgIGNvbnN0cnVjdG9yKGF1ZGllbmNlLCBzY29wZSkgewogICAgICAgICAgICBzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIiwgYE1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhhdWRpZW5jZSwgWyAiZGVmYXVsdCIgXSl9Jywgc2NvcGU6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhzY29wZSl9JylgKTsKICAgICAgICAgICAgdGhpcy5hdWRpZW5jZSA9IGF1ZGllbmNlOwogICAgICAgICAgICB0aGlzLnNjb3BlID0gc2NvcGU7CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICB9CiAgICBmdW5jdGlvbiB2YWx1ZU9yRW1wdHlTdHJpbmcodmFsdWUsIGV4Y2x1ZGUgPSBbXSkgewogICAgICAgIHJldHVybiB2YWx1ZSAmJiAhZXhjbHVkZS5pbmNsdWRlcyh2YWx1ZSkgPyB2YWx1ZSA6ICIiOwogICAgfQogICAgZnVuY3Rpb24gX19yZXN0KHMsIGUpIHsKICAgICAgICB2YXIgdCA9IHt9OwogICAgICAgIGZvciAodmFyIHAgaW4gcykgaWYgKE9iamVjdC5wcm90b3R5cGUuaGFzT3duUHJvcGVydHkuY2FsbChzLCBwKSAmJiBlLmluZGV4T2YocCkgPCAwKSB0W3BdID0gc1twXTsKICAgICAgICBpZiAocyAhPSBudWxsICYmIHR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzID09PSAiZnVuY3Rpb24iKSBmb3IgKHZhciBpID0gMCwgcCA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMocyk7IGkgPCBwLmxlbmd0aDsgaSsrKSB7CiAgICAgICAgICAgIGlmIChlLmluZGV4T2YocFtpXSkgPCAwICYmIE9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChzLCBwW2ldKSkgdFtwW2ldXSA9IHNbcFtpXV07CiAgICAgICAgfQogICAgICAgIHJldHVybiB0OwogICAgfQogICAgdHlwZW9mIFN1cHByZXNzZWRFcnJvciA9PT0gImZ1bmN0aW9uIiA/IFN1cHByZXNzZWRFcnJvciA6IGZ1bmN0aW9uKGVycm9yLCBzdXBwcmVzc2VkLCBtZXNzYWdlKSB7CiAgICAgICAgdmFyIGUgPSBuZXcgRXJyb3IobWVzc2FnZSk7CiAgICAgICAgcmV0dXJuIGUubmFtZSA9ICJTdXBwcmVzc2VkRXJyb3IiLCBlLmVycm9yID0gZXJyb3IsIGUuc3VwcHJlc3NlZCA9IHN1cHByZXNzZWQsIGU7CiAgICB9OwogICAgY29uc3Qgc3RyaXBVbmRlZmluZWQgPSBwYXJhbXMgPT4gT2JqZWN0LmtleXMocGFyYW1zKS5maWx0ZXIoKGsgPT4gdHlwZW9mIHBhcmFtc1trXSAhPT0gInVuZGVmaW5lZCIpKS5yZWR1Y2UoKChhY2MsIGtleSkgPT4gT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LCBhY2MpLCB7CiAgICAgICAgW2tleV06IHBhcmFtc1trZXldCiAgICB9KSksIHt9KTsKICAgIGNvbnN0IGNyZWF0ZVF1ZXJ5UGFyYW1zID0gX2EgPT4gewogICAgICAgIHZhciB7Y2xpZW50SWQ6IGNsaWVudF9pZH0gPSBfYSwgcGFyYW1zID0gX19yZXN0KF9hLCBbICJjbGllbnRJZCIgXSk7CiAgICAgICAgcmV0dXJuIG5ldyBVUkxTZWFyY2hQYXJhbXMoc3RyaXBVbmRlZmluZWQoT2JqZWN0LmFzc2lnbih7CiAgICAgICAgICAgIGNsaWVudF9pZDogY2xpZW50X2lkCiAgICAgICAgfSwgcGFyYW1zKSkpLnRvU3RyaW5nKCk7CiAgICB9OwogICAgY29uc3QgZnJvbUVudHJpZXMgPSBpdGVyYWJsZSA9PiBbIC4uLml0ZXJhYmxlIF0ucmVkdWNlKCgob2JqLCBba2V5LCB2YWxdKSA9PiB7CiAgICAgICAgb2JqW2tleV0gPSB2YWw7CiAgICAgICAgcmV0dXJuIG9iajsKICAgIH0pLCB7fSk7CiAgICBsZXQgcmVmcmVzaFRva2VucyA9IHt9OwogICAgY29uc3QgY2FjaGVLZXkgPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiBgJHthdWRpZW5jZX18JHtzY29wZX1gOwogICAgY29uc3QgY2FjaGVLZXlDb250YWluc0F1ZGllbmNlID0gKGF1ZGllbmNlLCBjYWNoZUtleSkgPT4gY2FjaGVLZXkuc3RhcnRzV2l0aChgJHthdWRpZW5jZX18YCk7CiAgICBjb25zdCBnZXRSZWZyZXNoVG9rZW4gPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldOwogICAgY29uc3Qgc2V0UmVmcmVzaFRva2VuID0gKHJlZnJlc2hUb2tlbiwgYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldID0gcmVmcmVzaFRva2VuOwogICAgY29uc3QgZGVsZXRlUmVmcmVzaFRva2VuID0gKGF1ZGllbmNlLCBzY29wZSkgPT4gZGVsZXRlIHJlZnJlc2hUb2tlbnNbY2FjaGVLZXkoYXVkaWVuY2UsIHNjb3BlKV07CiAgICBjb25zdCB3YWl0ID0gdGltZSA9PiBuZXcgUHJvbWlzZSgocmVzb2x2ZSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIHRpbWUpKSk7CiAgICBjb25zdCBmb3JtRGF0YVRvT2JqZWN0ID0gZm9ybURhdGEgPT4gewogICAgICAgIGNvbnN0IHF1ZXJ5UGFyYW1zID0gbmV3IFVSTFNlYXJjaFBhcmFtcyhmb3JtRGF0YSk7CiAgICAgICAgY29uc3QgcGFyc2VkUXVlcnkgPSB7fTsKICAgICAgICBxdWVyeVBhcmFtcy5mb3JFYWNoKCgodmFsLCBrZXkpID0+IHsKICAgICAgICAgICAgcGFyc2VkUXVlcnlba2V5XSA9IHZhbDsKICAgICAgICB9KSk7CiAgICAgICAgcmV0dXJuIHBhcnNlZFF1ZXJ5OwogICAgfTsKICAgIGNvbnN0IHVwZGF0ZVJlZnJlc2hUb2tlbnMgPSAob2xkUmVmcmVzaFRva2VuLCBuZXdSZWZyZXNoVG9rZW4pID0+IHsKICAgICAgICBPYmplY3QuZW50cmllcyhyZWZyZXNoVG9rZW5zKS5mb3JFYWNoKCgoW2tleSwgdG9rZW5dKSA9PiB7CiAgICAgICAgICAgIGlmICh0b2tlbiA9PT0gb2xkUmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW5zW2tleV0gPSBuZXdSZWZyZXNoVG9rZW47CiAgICAgICAgICAgIH0KICAgICAgICB9KSk7CiAgICB9OwogICAgY29uc3QgY2hlY2tEb3duc2NvcGluZyA9IChzY29wZSwgYXVkaWVuY2UpID0+IHsKICAgICAgICBjb25zdCBmaW5kQ29pbmNpZGVuY2UgPSBPYmplY3Qua2V5cyhyZWZyZXNoVG9rZW5zKS5maW5kKChrZXkgPT4gewogICAgICAgICAgICBpZiAoa2V5ICE9PSAibGF0ZXN0X3JlZnJlc2hfdG9rZW4iKSB7CiAgICAgICAgICAgICAgICBjb25zdCBpc1NhbWVBdWRpZW5jZSA9IGNhY2hlS2V5Q29udGFpbnNBdWRpZW5jZShhdWRpZW5jZSwga2V5KTsKICAgICAgICAgICAgICAgIGNvbnN0IHNjb3Blc0tleSA9IGtleS5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIik7CiAgICAgICAgICAgICAgICBjb25zdCByZXF1ZXN0ZWRTY29wZXMgPSBzY29wZS5zcGxpdCgiICIpOwogICAgICAgICAgICAgICAgY29uc3Qgc2NvcGVzQXJlSW5jbHVkZWQgPSByZXF1ZXN0ZWRTY29wZXMuZXZlcnkoKGtleSA9PiBzY29wZXNLZXkuaW5jbHVkZXMoa2V5KSkpOwogICAgICAgICAgICAgICAgcmV0dXJuIGlzU2FtZUF1ZGllbmNlICYmIHNjb3Blc0FyZUluY2x1ZGVkOwogICAgICAgICAgICB9CiAgICAgICAgfSkpOwogICAgICAgIHJldHVybiBmaW5kQ29pbmNpZGVuY2UgPyB0cnVlIDogZmFsc2U7CiAgICB9OwogICAgY29uc3QgbWVzc2FnZUhhbmRsZXIgPSBhc3luYyAoe2RhdGE6IHt0aW1lb3V0OiB0aW1lb3V0LCBhdXRoOiBhdXRoLCBmZXRjaFVybDogZmV0Y2hVcmwsIGZldGNoT3B0aW9uczogZmV0Y2hPcHRpb25zLCB1c2VGb3JtRGF0YTogdXNlRm9ybURhdGEsIHVzZU1ycnQ6IHVzZU1ycnR9LCBwb3J0czogW3BvcnRdfSkgPT4gewogICAgICAgIGxldCBoZWFkZXJzID0ge307CiAgICAgICAgbGV0IGpzb247CiAgICAgICAgbGV0IHJlZnJlc2hUb2tlbjsKICAgICAgICBjb25zdCB7YXVkaWVuY2U6IGF1ZGllbmNlLCBzY29wZTogc2NvcGV9ID0gYXV0aCB8fCB7fTsKICAgICAgICB0cnkgewogICAgICAgICAgICBjb25zdCBib2R5ID0gdXNlRm9ybURhdGEgPyBmb3JtRGF0YVRvT2JqZWN0KGZldGNoT3B0aW9ucy5ib2R5KSA6IEpTT04ucGFyc2UoZmV0Y2hPcHRpb25zLmJvZHkpOwogICAgICAgICAgICBpZiAoIWJvZHkucmVmcmVzaF90b2tlbiAmJiBib2R5LmdyYW50X3R5cGUgPT09ICJyZWZyZXNoX3Rva2VuIikgewogICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gZ2V0UmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBpZiAoIXJlZnJlc2hUb2tlbiAmJiB1c2VNcnJ0KSB7CiAgICAgICAgICAgICAgICAgICAgY29uc3QgbGF0ZXN0UmVmcmVzaFRva2VuID0gcmVmcmVzaFRva2Vuc1sibGF0ZXN0X3JlZnJlc2hfdG9rZW4iXTsKICAgICAgICAgICAgICAgICAgICBjb25zdCBpc0Rvd25zY29waW5nID0gY2hlY2tEb3duc2NvcGluZyhzY29wZSwgYXVkaWVuY2UpOwogICAgICAgICAgICAgICAgICAgIGlmIChsYXRlc3RSZWZyZXNoVG9rZW4gJiYgIWlzRG93bnNjb3BpbmcpIHsKICAgICAgICAgICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gbGF0ZXN0UmVmcmVzaFRva2VuOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGlmICghcmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IE1pc3NpbmdSZWZyZXNoVG9rZW5FcnJvcihhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmV0Y2hPcHRpb25zLmJvZHkgPSB1c2VGb3JtRGF0YSA/
|
|
1863
|
+
var WorkerFactory = createBase64WorkerFactory("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwooZnVuY3Rpb24oKSB7CiAgICAidXNlIHN0cmljdCI7CiAgICBjbGFzcyBHZW5lcmljRXJyb3IgZXh0ZW5kcyBFcnJvciB7CiAgICAgICAgY29uc3RydWN0b3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKSB7CiAgICAgICAgICAgIHN1cGVyKGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICAgICAgdGhpcy5lcnJvciA9IGVycm9yOwogICAgICAgICAgICB0aGlzLmVycm9yX2Rlc2NyaXB0aW9uID0gZXJyb3JfZGVzY3JpcHRpb247CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBHZW5lcmljRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICAgICAgc3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjogZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uOiBlcnJvcl9kZXNjcmlwdGlvbn0pIHsKICAgICAgICAgICAgcmV0dXJuIG5ldyBHZW5lcmljRXJyb3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICB9CiAgICB9CiAgICBjbGFzcyBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IgZXh0ZW5kcyBHZW5lcmljRXJyb3IgewogICAgICAgIGNvbnN0cnVjdG9yKGF1ZGllbmNlLCBzY29wZSkgewogICAgICAgICAgICBzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIiwgYE1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhhdWRpZW5jZSwgWyAiZGVmYXVsdCIgXSl9Jywgc2NvcGU6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhzY29wZSl9JylgKTsKICAgICAgICAgICAgdGhpcy5hdWRpZW5jZSA9IGF1ZGllbmNlOwogICAgICAgICAgICB0aGlzLnNjb3BlID0gc2NvcGU7CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICB9CiAgICBmdW5jdGlvbiB2YWx1ZU9yRW1wdHlTdHJpbmcodmFsdWUsIGV4Y2x1ZGUgPSBbXSkgewogICAgICAgIHJldHVybiB2YWx1ZSAmJiAhZXhjbHVkZS5pbmNsdWRlcyh2YWx1ZSkgPyB2YWx1ZSA6ICIiOwogICAgfQogICAgZnVuY3Rpb24gX19yZXN0KHMsIGUpIHsKICAgICAgICB2YXIgdCA9IHt9OwogICAgICAgIGZvciAodmFyIHAgaW4gcykgaWYgKE9iamVjdC5wcm90b3R5cGUuaGFzT3duUHJvcGVydHkuY2FsbChzLCBwKSAmJiBlLmluZGV4T2YocCkgPCAwKSB0W3BdID0gc1twXTsKICAgICAgICBpZiAocyAhPSBudWxsICYmIHR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzID09PSAiZnVuY3Rpb24iKSBmb3IgKHZhciBpID0gMCwgcCA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMocyk7IGkgPCBwLmxlbmd0aDsgaSsrKSB7CiAgICAgICAgICAgIGlmIChlLmluZGV4T2YocFtpXSkgPCAwICYmIE9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChzLCBwW2ldKSkgdFtwW2ldXSA9IHNbcFtpXV07CiAgICAgICAgfQogICAgICAgIHJldHVybiB0OwogICAgfQogICAgdHlwZW9mIFN1cHByZXNzZWRFcnJvciA9PT0gImZ1bmN0aW9uIiA/IFN1cHByZXNzZWRFcnJvciA6IGZ1bmN0aW9uKGVycm9yLCBzdXBwcmVzc2VkLCBtZXNzYWdlKSB7CiAgICAgICAgdmFyIGUgPSBuZXcgRXJyb3IobWVzc2FnZSk7CiAgICAgICAgcmV0dXJuIGUubmFtZSA9ICJTdXBwcmVzc2VkRXJyb3IiLCBlLmVycm9yID0gZXJyb3IsIGUuc3VwcHJlc3NlZCA9IHN1cHByZXNzZWQsIGU7CiAgICB9OwogICAgY29uc3Qgc3RyaXBVbmRlZmluZWQgPSBwYXJhbXMgPT4gT2JqZWN0LmtleXMocGFyYW1zKS5maWx0ZXIoKGsgPT4gdHlwZW9mIHBhcmFtc1trXSAhPT0gInVuZGVmaW5lZCIpKS5yZWR1Y2UoKChhY2MsIGtleSkgPT4gT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LCBhY2MpLCB7CiAgICAgICAgW2tleV06IHBhcmFtc1trZXldCiAgICB9KSksIHt9KTsKICAgIGNvbnN0IGNyZWF0ZVF1ZXJ5UGFyYW1zID0gX2EgPT4gewogICAgICAgIHZhciB7Y2xpZW50SWQ6IGNsaWVudF9pZH0gPSBfYSwgcGFyYW1zID0gX19yZXN0KF9hLCBbICJjbGllbnRJZCIgXSk7CiAgICAgICAgcmV0dXJuIG5ldyBVUkxTZWFyY2hQYXJhbXMoc3RyaXBVbmRlZmluZWQoT2JqZWN0LmFzc2lnbih7CiAgICAgICAgICAgIGNsaWVudF9pZDogY2xpZW50X2lkCiAgICAgICAgfSwgcGFyYW1zKSkpLnRvU3RyaW5nKCk7CiAgICB9OwogICAgY29uc3QgZnJvbUVudHJpZXMgPSBpdGVyYWJsZSA9PiBbIC4uLml0ZXJhYmxlIF0ucmVkdWNlKCgob2JqLCBba2V5LCB2YWxdKSA9PiB7CiAgICAgICAgb2JqW2tleV0gPSB2YWw7CiAgICAgICAgcmV0dXJuIG9iajsKICAgIH0pLCB7fSk7CiAgICBsZXQgcmVmcmVzaFRva2VucyA9IHt9OwogICAgY29uc3QgY2FjaGVLZXkgPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiBgJHthdWRpZW5jZX18JHtzY29wZX1gOwogICAgY29uc3QgY2FjaGVLZXlDb250YWluc0F1ZGllbmNlID0gKGF1ZGllbmNlLCBjYWNoZUtleSkgPT4gY2FjaGVLZXkuc3RhcnRzV2l0aChgJHthdWRpZW5jZX18YCk7CiAgICBjb25zdCBnZXRSZWZyZXNoVG9rZW4gPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldOwogICAgY29uc3Qgc2V0UmVmcmVzaFRva2VuID0gKHJlZnJlc2hUb2tlbiwgYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldID0gcmVmcmVzaFRva2VuOwogICAgY29uc3QgZGVsZXRlUmVmcmVzaFRva2VuID0gKGF1ZGllbmNlLCBzY29wZSkgPT4gZGVsZXRlIHJlZnJlc2hUb2tlbnNbY2FjaGVLZXkoYXVkaWVuY2UsIHNjb3BlKV07CiAgICBjb25zdCB3YWl0ID0gdGltZSA9PiBuZXcgUHJvbWlzZSgocmVzb2x2ZSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIHRpbWUpKSk7CiAgICBjb25zdCBmb3JtRGF0YVRvT2JqZWN0ID0gZm9ybURhdGEgPT4gewogICAgICAgIGNvbnN0IHF1ZXJ5UGFyYW1zID0gbmV3IFVSTFNlYXJjaFBhcmFtcyhmb3JtRGF0YSk7CiAgICAgICAgY29uc3QgcGFyc2VkUXVlcnkgPSB7fTsKICAgICAgICBxdWVyeVBhcmFtcy5mb3JFYWNoKCgodmFsLCBrZXkpID0+IHsKICAgICAgICAgICAgcGFyc2VkUXVlcnlba2V5XSA9IHZhbDsKICAgICAgICB9KSk7CiAgICAgICAgcmV0dXJuIHBhcnNlZFF1ZXJ5OwogICAgfTsKICAgIGNvbnN0IHVwZGF0ZVJlZnJlc2hUb2tlbnMgPSAob2xkUmVmcmVzaFRva2VuLCBuZXdSZWZyZXNoVG9rZW4pID0+IHsKICAgICAgICBPYmplY3QuZW50cmllcyhyZWZyZXNoVG9rZW5zKS5mb3JFYWNoKCgoW2tleSwgdG9rZW5dKSA9PiB7CiAgICAgICAgICAgIGlmICh0b2tlbiA9PT0gb2xkUmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW5zW2tleV0gPSBuZXdSZWZyZXNoVG9rZW47CiAgICAgICAgICAgIH0KICAgICAgICB9KSk7CiAgICB9OwogICAgY29uc3QgY2hlY2tEb3duc2NvcGluZyA9IChzY29wZSwgYXVkaWVuY2UpID0+IHsKICAgICAgICBjb25zdCBmaW5kQ29pbmNpZGVuY2UgPSBPYmplY3Qua2V5cyhyZWZyZXNoVG9rZW5zKS5maW5kKChrZXkgPT4gewogICAgICAgICAgICBpZiAoa2V5ICE9PSAibGF0ZXN0X3JlZnJlc2hfdG9rZW4iKSB7CiAgICAgICAgICAgICAgICBjb25zdCBpc1NhbWVBdWRpZW5jZSA9IGNhY2hlS2V5Q29udGFpbnNBdWRpZW5jZShhdWRpZW5jZSwga2V5KTsKICAgICAgICAgICAgICAgIGNvbnN0IHNjb3Blc0tleSA9IGtleS5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIik7CiAgICAgICAgICAgICAgICBjb25zdCByZXF1ZXN0ZWRTY29wZXMgPSBzY29wZS5zcGxpdCgiICIpOwogICAgICAgICAgICAgICAgY29uc3Qgc2NvcGVzQXJlSW5jbHVkZWQgPSByZXF1ZXN0ZWRTY29wZXMuZXZlcnkoKGtleSA9PiBzY29wZXNLZXkuaW5jbHVkZXMoa2V5KSkpOwogICAgICAgICAgICAgICAgcmV0dXJuIGlzU2FtZUF1ZGllbmNlICYmIHNjb3Blc0FyZUluY2x1ZGVkOwogICAgICAgICAgICB9CiAgICAgICAgfSkpOwogICAgICAgIHJldHVybiBmaW5kQ29pbmNpZGVuY2UgPyB0cnVlIDogZmFsc2U7CiAgICB9OwogICAgY29uc3QgbWVzc2FnZUhhbmRsZXIgPSBhc3luYyAoe2RhdGE6IHt0aW1lb3V0OiB0aW1lb3V0LCBhdXRoOiBhdXRoLCBmZXRjaFVybDogZmV0Y2hVcmwsIGZldGNoT3B0aW9uczogZmV0Y2hPcHRpb25zLCB1c2VGb3JtRGF0YTogdXNlRm9ybURhdGEsIHVzZU1ycnQ6IHVzZU1ycnR9LCBwb3J0czogW3BvcnRdfSkgPT4gewogICAgICAgIGxldCBoZWFkZXJzID0ge307CiAgICAgICAgbGV0IGpzb247CiAgICAgICAgbGV0IHJlZnJlc2hUb2tlbjsKICAgICAgICBjb25zdCB7YXVkaWVuY2U6IGF1ZGllbmNlLCBzY29wZTogc2NvcGV9ID0gYXV0aCB8fCB7fTsKICAgICAgICB0cnkgewogICAgICAgICAgICBjb25zdCBib2R5ID0gdXNlRm9ybURhdGEgPyBmb3JtRGF0YVRvT2JqZWN0KGZldGNoT3B0aW9ucy5ib2R5KSA6IEpTT04ucGFyc2UoZmV0Y2hPcHRpb25zLmJvZHkpOwogICAgICAgICAgICBpZiAoIWJvZHkucmVmcmVzaF90b2tlbiAmJiBib2R5LmdyYW50X3R5cGUgPT09ICJyZWZyZXNoX3Rva2VuIikgewogICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gZ2V0UmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBpZiAoIXJlZnJlc2hUb2tlbiAmJiB1c2VNcnJ0KSB7CiAgICAgICAgICAgICAgICAgICAgY29uc3QgbGF0ZXN0UmVmcmVzaFRva2VuID0gcmVmcmVzaFRva2Vuc1sibGF0ZXN0X3JlZnJlc2hfdG9rZW4iXTsKICAgICAgICAgICAgICAgICAgICBjb25zdCBpc0Rvd25zY29waW5nID0gY2hlY2tEb3duc2NvcGluZyhzY29wZSwgYXVkaWVuY2UpOwogICAgICAgICAgICAgICAgICAgIGlmIChsYXRlc3RSZWZyZXNoVG9rZW4gJiYgIWlzRG93bnNjb3BpbmcpIHsKICAgICAgICAgICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gbGF0ZXN0UmVmcmVzaFRva2VuOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGlmICghcmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IE1pc3NpbmdSZWZyZXNoVG9rZW5FcnJvcihhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmV0Y2hPcHRpb25zLmJvZHkgPSB1c2VGb3JtRGF0YSA/IGNyZWF0ZVF1ZXJ5UGFyYW1zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSwgYm9keSksIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoX3Rva2VuOiByZWZyZXNoVG9rZW4KICAgICAgICAgICAgICAgIH0pKSA6IEpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSwgYm9keSksIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoX3Rva2VuOiByZWZyZXNoVG9rZW4KICAgICAgICAgICAgICAgIH0pKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBsZXQgYWJvcnRDb250cm9sbGVyOwogICAgICAgICAgICBpZiAodHlwZW9mIEFib3J0Q29udHJvbGxlciA9PT0gImZ1bmN0aW9uIikgewogICAgICAgICAgICAgICAgYWJvcnRDb250cm9sbGVyID0gbmV3IEFib3J0Q29udHJvbGxlcjsKICAgICAgICAgICAgICAgIGZldGNoT3B0aW9ucy5zaWduYWwgPSBhYm9ydENvbnRyb2xsZXIuc2lnbmFsOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGxldCByZXNwb25zZTsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIHJlc3BvbnNlID0gYXdhaXQgUHJvbWlzZS5yYWNlKFsgd2FpdCh0aW1lb3V0KSwgZmV0Y2goZmV0Y2hVcmwsIE9iamVjdC5hc3NpZ24oe30sIGZldGNoT3B0aW9ucykpIF0pOwogICAgICAgICAgICB9IGNhdGNoIChlcnJvcikgewogICAgICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6IGVycm9yLm1lc3NhZ2UKICAgICAgICAgICAgICAgIH0pOwogICAgICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGlmICghcmVzcG9uc2UpIHsKICAgICAgICAgICAgICAgIGlmIChhYm9ydENvbnRyb2xsZXIpIGFib3J0Q29udHJvbGxlci5hYm9ydCgpOwogICAgICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6ICJUaW1lb3V0IHdoZW4gZXhlY3V0aW5nICdmZXRjaCciCiAgICAgICAgICAgICAgICB9KTsKICAgICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgICAgfQogICAgICAgICAgICBoZWFkZXJzID0gZnJvbUVudHJpZXMocmVzcG9uc2UuaGVhZGVycyk7CiAgICAgICAgICAgIGpzb24gPSBhd2FpdCByZXNwb25zZS5qc29uKCk7CiAgICAgICAgICAgIGlmIChqc29uLnJlZnJlc2hfdG9rZW4pIHsKICAgICAgICAgICAgICAgIGlmICh1c2VNcnJ0KSB7CiAgICAgICAgICAgICAgICAgICAgcmVmcmVzaFRva2Vuc1sibGF0ZXN0X3JlZnJlc2hfdG9rZW4iXSA9IGpzb24ucmVmcmVzaF90b2tlbjsKICAgICAgICAgICAgICAgICAgICB1cGRhdGVSZWZyZXNoVG9rZW5zKHJlZnJlc2hUb2tlbiwganNvbi5yZWZyZXNoX3Rva2VuKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIHNldFJlZnJlc2hUb2tlbihqc29uLnJlZnJlc2hfdG9rZW4sIGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBkZWxldGUganNvbi5yZWZyZXNoX3Rva2VuOwogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgZGVsZXRlUmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICBvazogcmVzcG9uc2Uub2ssCiAgICAgICAgICAgICAgICBqc29uOiBqc29uLAogICAgICAgICAgICAgICAgaGVhZGVyczogaGVhZGVycwogICAgICAgICAgICB9KTsKICAgICAgICB9IGNhdGNoIChlcnJvcikgewogICAgICAgICAgICBwb3J0LnBvc3RNZXNzYWdlKHsKICAgICAgICAgICAgICAgIG9rOiBmYWxzZSwKICAgICAgICAgICAgICAgIGpzb246IHsKICAgICAgICAgICAgICAgICAgICBlcnJvcjogZXJyb3IuZXJyb3IsCiAgICAgICAgICAgICAgICAgICAgZXJyb3JfZGVzY3JpcHRpb246IGVycm9yLm1lc3NhZ2UKICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICBoZWFkZXJzOiBoZWFkZXJzCiAgICAgICAgICAgIH0pOwogICAgICAgIH0KICAgIH07CiAgICB7CiAgICAgICAgYWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsIG1lc3NhZ2VIYW5kbGVyKTsKICAgIH0KfSkoKTsKCg==", null, false);
|
|
1805
1864
|
const singlePromiseMap = {};
|
|
1806
1865
|
const singlePromise = (cb, key) => {
|
|
1807
1866
|
let promise = singlePromiseMap[key];
|
|
@@ -1860,6 +1919,7 @@
|
|
|
1860
1919
|
}
|
|
1861
1920
|
}
|
|
1862
1921
|
const GET_TOKEN_SILENTLY_LOCK_KEY = "auth0.lock.getTokenSilently";
|
|
1922
|
+
const buildGetTokenSilentlyLockKey = (clientId, audience) => `${GET_TOKEN_SILENTLY_LOCK_KEY}.${clientId}.${audience}`;
|
|
1863
1923
|
const buildOrganizationHintCookieName = clientId => `auth0.${clientId}.organization_hint`;
|
|
1864
1924
|
const OLD_IS_AUTHENTICATED_COOKIE_NAME = "auth0.is.authenticated";
|
|
1865
1925
|
const buildIsAuthenticatedCookieName = clientId => `auth0.${clientId}.is.authenticated`;
|
|
@@ -1871,7 +1931,7 @@
|
|
|
1871
1931
|
const getAuthorizeParams = (clientOptions, scope, authorizationParams, state, nonce, code_challenge, redirect_uri, response_mode, thumbprint) => Object.assign(Object.assign(Object.assign({
|
|
1872
1932
|
client_id: clientOptions.clientId
|
|
1873
1933
|
}, clientOptions.authorizationParams), authorizationParams), {
|
|
1874
|
-
scope:
|
|
1934
|
+
scope: scopesToRequest(scope, authorizationParams.scope, authorizationParams.audience),
|
|
1875
1935
|
response_type: "code",
|
|
1876
1936
|
response_mode: response_mode || "query",
|
|
1877
1937
|
state: state,
|
|
@@ -1893,6 +1953,12 @@
|
|
|
1893
1953
|
const scopesToInclude = (scopeToInclude === null || scopeToInclude === void 0 ? void 0 : scopeToInclude.split(" ")) || [];
|
|
1894
1954
|
return scopesToInclude.every((key => scopeGroup.includes(key)));
|
|
1895
1955
|
};
|
|
1956
|
+
const getMissingScopes = (requestedScope, respondedScope) => {
|
|
1957
|
+
const requestedScopes = (requestedScope === null || requestedScope === void 0 ? void 0 : requestedScope.split(" ")) || [];
|
|
1958
|
+
const respondedScopes = (respondedScope === null || respondedScope === void 0 ? void 0 : respondedScope.split(" ")) || [];
|
|
1959
|
+
const missingScopes = requestedScopes.filter((scope => respondedScopes.indexOf(scope) == -1));
|
|
1960
|
+
return missingScopes.join(",");
|
|
1961
|
+
};
|
|
1896
1962
|
const getScopeToRequest = (useMrrt, authorizationParams, cachedAudience, cachedScope) => {
|
|
1897
1963
|
var _a;
|
|
1898
1964
|
if (useMrrt && cachedAudience && cachedScope) {
|
|
@@ -2018,6 +2084,11 @@
|
|
|
2018
2084
|
await Promise.all([ this.storage.clearNonces(), this.storage.clearKeyPairs() ]);
|
|
2019
2085
|
}
|
|
2020
2086
|
}
|
|
2087
|
+
var TokenType;
|
|
2088
|
+
(function(TokenType) {
|
|
2089
|
+
TokenType["Bearer"] = "Bearer";
|
|
2090
|
+
TokenType["DPoP"] = "DPoP";
|
|
2091
|
+
})(TokenType || (TokenType = {}));
|
|
2021
2092
|
class Fetcher {
|
|
2022
2093
|
constructor(config, hooks) {
|
|
2023
2094
|
this.hooks = hooks;
|
|
@@ -2042,15 +2113,25 @@
|
|
|
2042
2113
|
getAccessToken(authParams) {
|
|
2043
2114
|
return this.config.getAccessToken ? this.config.getAccessToken(authParams) : this.hooks.getAccessToken(authParams);
|
|
2044
2115
|
}
|
|
2116
|
+
extractUrl(info) {
|
|
2117
|
+
if (typeof info === "string") {
|
|
2118
|
+
return info;
|
|
2119
|
+
}
|
|
2120
|
+
if (info instanceof URL) {
|
|
2121
|
+
return info.href;
|
|
2122
|
+
}
|
|
2123
|
+
return info.url;
|
|
2124
|
+
}
|
|
2045
2125
|
buildBaseRequest(info, init) {
|
|
2046
|
-
const request = new Request(info, init);
|
|
2047
2126
|
if (!this.config.baseUrl) {
|
|
2048
|
-
return
|
|
2127
|
+
return new Request(info, init);
|
|
2049
2128
|
}
|
|
2050
|
-
|
|
2129
|
+
const finalUrl = this.buildUrl(this.config.baseUrl, this.extractUrl(info));
|
|
2130
|
+
const finalInfo = info instanceof Request ? new Request(finalUrl, info) : finalUrl;
|
|
2131
|
+
return new Request(finalInfo, init);
|
|
2051
2132
|
}
|
|
2052
|
-
setAuthorizationHeader(request, accessToken) {
|
|
2053
|
-
request.headers.set("authorization", `${
|
|
2133
|
+
setAuthorizationHeader(request, accessToken, tokenType = TokenType.Bearer) {
|
|
2134
|
+
request.headers.set("authorization", `${tokenType} ${accessToken}`);
|
|
2054
2135
|
}
|
|
2055
2136
|
async setDpopProofHeader(request, accessToken) {
|
|
2056
2137
|
if (!this.config.dpopNonceId) {
|
|
@@ -2066,9 +2147,20 @@
|
|
|
2066
2147
|
request.headers.set("dpop", dpopProof);
|
|
2067
2148
|
}
|
|
2068
2149
|
async prepareRequest(request, authParams) {
|
|
2069
|
-
const
|
|
2070
|
-
|
|
2071
|
-
|
|
2150
|
+
const accessTokenResponse = await this.getAccessToken(authParams);
|
|
2151
|
+
let tokenType;
|
|
2152
|
+
let accessToken;
|
|
2153
|
+
if (typeof accessTokenResponse === "string") {
|
|
2154
|
+
tokenType = this.config.dpopNonceId ? TokenType.DPoP : TokenType.Bearer;
|
|
2155
|
+
accessToken = accessTokenResponse;
|
|
2156
|
+
} else {
|
|
2157
|
+
tokenType = accessTokenResponse.token_type;
|
|
2158
|
+
accessToken = accessTokenResponse.access_token;
|
|
2159
|
+
}
|
|
2160
|
+
this.setAuthorizationHeader(request, accessToken, tokenType);
|
|
2161
|
+
if (tokenType === TokenType.DPoP) {
|
|
2162
|
+
await this.setDpopProofHeader(request, accessToken);
|
|
2163
|
+
}
|
|
2072
2164
|
}
|
|
2073
2165
|
getHeader(headers, name) {
|
|
2074
2166
|
if (Array.isArray(headers)) {
|
|
@@ -2084,7 +2176,7 @@
|
|
|
2084
2176
|
return false;
|
|
2085
2177
|
}
|
|
2086
2178
|
const wwwAuthHeader = this.getHeader(response.headers, "www-authenticate");
|
|
2087
|
-
return wwwAuthHeader.includes("use_dpop_nonce");
|
|
2179
|
+
return wwwAuthHeader.includes("invalid_dpop_nonce") || wwwAuthHeader.includes("use_dpop_nonce");
|
|
2088
2180
|
}
|
|
2089
2181
|
async handleResponse(response, callbacks) {
|
|
2090
2182
|
const newDpopNonce = this.getHeader(response.headers, DPOP_NONCE_HEADER);
|
|
@@ -2175,6 +2267,7 @@
|
|
|
2175
2267
|
class Auth0Client {
|
|
2176
2268
|
constructor(options) {
|
|
2177
2269
|
this.userCache = (new InMemoryCache).enclosedCache;
|
|
2270
|
+
this.activeLockKeys = new Set;
|
|
2178
2271
|
this.defaultOptions = {
|
|
2179
2272
|
authorizationParams: {
|
|
2180
2273
|
scope: DEFAULT_SCOPE
|
|
@@ -2183,7 +2276,11 @@
|
|
|
2183
2276
|
useFormData: true
|
|
2184
2277
|
};
|
|
2185
2278
|
this._releaseLockOnPageHide = async () => {
|
|
2186
|
-
|
|
2279
|
+
const lockKeysToRelease = Array.from(this.activeLockKeys);
|
|
2280
|
+
for (const lockKey of lockKeysToRelease) {
|
|
2281
|
+
await lock.releaseLock(lockKey);
|
|
2282
|
+
}
|
|
2283
|
+
this.activeLockKeys.clear();
|
|
2187
2284
|
window.removeEventListener("pagehide", this._releaseLockOnPageHide);
|
|
2188
2285
|
};
|
|
2189
2286
|
this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), options), {
|
|
@@ -2210,7 +2307,7 @@
|
|
|
2210
2307
|
this.isAuthenticatedCookieName = buildIsAuthenticatedCookieName(this.options.clientId);
|
|
2211
2308
|
this.sessionCheckExpiryDays = options.sessionCheckExpiryDays || DEFAULT_SESSION_CHECK_EXPIRY_DAYS;
|
|
2212
2309
|
const transactionStorage = options.useCookiesForTransactions ? this.cookieStorage : SessionStorage;
|
|
2213
|
-
this.scope =
|
|
2310
|
+
this.scope = injectDefaultScopes(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : "");
|
|
2214
2311
|
this.transactionManager = new TransactionManager(transactionStorage, this.options.clientId, this.options.cookieDomain);
|
|
2215
2312
|
this.nowProvider = this.options.nowProvider || DEFAULT_NOW_PROVIDER;
|
|
2216
2313
|
this.cacheManager = new CacheManager(cache, !cache.allKeys ? new CacheKeyManifest(cache, this.options.clientId) : undefined, this.nowProvider);
|
|
@@ -2225,7 +2322,8 @@
|
|
|
2225
2322
|
authorizationParams: {
|
|
2226
2323
|
scope: "create:me:connected_accounts",
|
|
2227
2324
|
audience: myAccountApiIdentifier
|
|
2228
|
-
}
|
|
2325
|
+
},
|
|
2326
|
+
detailedResponse: true
|
|
2229
2327
|
})
|
|
2230
2328
|
}));
|
|
2231
2329
|
this.myAccountApi = new MyAccountApiClient(myAccountFetcher, myAccountApiIdentifier);
|
|
@@ -2283,7 +2381,7 @@
|
|
|
2283
2381
|
nonce: nonce,
|
|
2284
2382
|
code_verifier: code_verifier,
|
|
2285
2383
|
scope: params.scope,
|
|
2286
|
-
audience: params.audience ||
|
|
2384
|
+
audience: params.audience || DEFAULT_AUDIENCE,
|
|
2287
2385
|
redirect_uri: params.redirect_uri,
|
|
2288
2386
|
state: state,
|
|
2289
2387
|
url: url
|
|
@@ -2433,12 +2531,12 @@
|
|
|
2433
2531
|
} catch (_) {}
|
|
2434
2532
|
}
|
|
2435
2533
|
async getTokenSilently(options = {}) {
|
|
2436
|
-
var _a;
|
|
2534
|
+
var _a, _b;
|
|
2437
2535
|
const localOptions = Object.assign(Object.assign({
|
|
2438
2536
|
cacheMode: "on"
|
|
2439
2537
|
}, options), {
|
|
2440
2538
|
authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), options.authorizationParams), {
|
|
2441
|
-
scope:
|
|
2539
|
+
scope: scopesToRequest(this.scope, (_a = options.authorizationParams) === null || _a === void 0 ? void 0 : _a.scope, ((_b = options.authorizationParams) === null || _b === void 0 ? void 0 : _b.audience) || this.options.authorizationParams.audience)
|
|
2442
2540
|
})
|
|
2443
2541
|
});
|
|
2444
2542
|
const result = await singlePromise((() => this._getTokenSilently(localOptions)), `${this.options.clientId}::${localOptions.authorizationParams.audience}::${localOptions.authorizationParams.scope}`);
|
|
@@ -2449,7 +2547,7 @@
|
|
|
2449
2547
|
if (cacheMode !== "off") {
|
|
2450
2548
|
const entry = await this._getEntryFromCache({
|
|
2451
2549
|
scope: getTokenOptions.authorizationParams.scope,
|
|
2452
|
-
audience: getTokenOptions.authorizationParams.audience ||
|
|
2550
|
+
audience: getTokenOptions.authorizationParams.audience || DEFAULT_AUDIENCE,
|
|
2453
2551
|
clientId: this.options.clientId,
|
|
2454
2552
|
cacheMode: cacheMode
|
|
2455
2553
|
});
|
|
@@ -2460,13 +2558,17 @@
|
|
|
2460
2558
|
if (cacheMode === "cache-only") {
|
|
2461
2559
|
return;
|
|
2462
2560
|
}
|
|
2463
|
-
|
|
2464
|
-
|
|
2561
|
+
const lockKey = buildGetTokenSilentlyLockKey(this.options.clientId, getTokenOptions.authorizationParams.audience || "default");
|
|
2562
|
+
if (await retryPromise((() => lock.acquireLock(lockKey, 5e3)), 10)) {
|
|
2563
|
+
this.activeLockKeys.add(lockKey);
|
|
2564
|
+
if (this.activeLockKeys.size === 1) {
|
|
2465
2565
|
window.addEventListener("pagehide", this._releaseLockOnPageHide);
|
|
2566
|
+
}
|
|
2567
|
+
try {
|
|
2466
2568
|
if (cacheMode !== "off") {
|
|
2467
2569
|
const entry = await this._getEntryFromCache({
|
|
2468
2570
|
scope: getTokenOptions.authorizationParams.scope,
|
|
2469
|
-
audience: getTokenOptions.authorizationParams.audience ||
|
|
2571
|
+
audience: getTokenOptions.authorizationParams.audience || DEFAULT_AUDIENCE,
|
|
2470
2572
|
clientId: this.options.clientId
|
|
2471
2573
|
});
|
|
2472
2574
|
if (entry) {
|
|
@@ -2485,25 +2587,28 @@
|
|
|
2485
2587
|
expires_in: expires_in
|
|
2486
2588
|
});
|
|
2487
2589
|
} finally {
|
|
2488
|
-
await lock.releaseLock(
|
|
2489
|
-
|
|
2590
|
+
await lock.releaseLock(lockKey);
|
|
2591
|
+
this.activeLockKeys.delete(lockKey);
|
|
2592
|
+
if (this.activeLockKeys.size === 0) {
|
|
2593
|
+
window.removeEventListener("pagehide", this._releaseLockOnPageHide);
|
|
2594
|
+
}
|
|
2490
2595
|
}
|
|
2491
2596
|
} else {
|
|
2492
2597
|
throw new TimeoutError;
|
|
2493
2598
|
}
|
|
2494
2599
|
}
|
|
2495
2600
|
async getTokenWithPopup(options = {}, config = {}) {
|
|
2496
|
-
var _a;
|
|
2601
|
+
var _a, _b;
|
|
2497
2602
|
const localOptions = Object.assign(Object.assign({}, options), {
|
|
2498
2603
|
authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), options.authorizationParams), {
|
|
2499
|
-
scope:
|
|
2604
|
+
scope: scopesToRequest(this.scope, (_a = options.authorizationParams) === null || _a === void 0 ? void 0 : _a.scope, ((_b = options.authorizationParams) === null || _b === void 0 ? void 0 : _b.audience) || this.options.authorizationParams.audience)
|
|
2500
2605
|
})
|
|
2501
2606
|
});
|
|
2502
2607
|
config = Object.assign(Object.assign({}, DEFAULT_POPUP_CONFIG_OPTIONS), config);
|
|
2503
2608
|
await this.loginWithPopup(localOptions, config);
|
|
2504
2609
|
const cache = await this.cacheManager.get(new CacheKey({
|
|
2505
2610
|
scope: localOptions.authorizationParams.scope,
|
|
2506
|
-
audience: localOptions.authorizationParams.audience ||
|
|
2611
|
+
audience: localOptions.authorizationParams.audience || DEFAULT_AUDIENCE,
|
|
2507
2612
|
clientId: this.options.clientId
|
|
2508
2613
|
}), undefined, this.options.useMrrt);
|
|
2509
2614
|
return cache.access_token;
|
|
@@ -2601,14 +2706,14 @@
|
|
|
2601
2706
|
async _getTokenUsingRefreshToken(options) {
|
|
2602
2707
|
const cache = await this.cacheManager.get(new CacheKey({
|
|
2603
2708
|
scope: options.authorizationParams.scope,
|
|
2604
|
-
audience: options.authorizationParams.audience ||
|
|
2709
|
+
audience: options.authorizationParams.audience || DEFAULT_AUDIENCE,
|
|
2605
2710
|
clientId: this.options.clientId
|
|
2606
2711
|
}), undefined, this.options.useMrrt);
|
|
2607
2712
|
if ((!cache || !cache.refresh_token) && !this.worker) {
|
|
2608
2713
|
if (this.options.useRefreshTokensFallback) {
|
|
2609
2714
|
return await this._getTokenFromIFrame(options);
|
|
2610
2715
|
}
|
|
2611
|
-
throw new MissingRefreshTokenError(options.authorizationParams.audience ||
|
|
2716
|
+
throw new MissingRefreshTokenError(options.authorizationParams.audience || DEFAULT_AUDIENCE, options.authorizationParams.scope);
|
|
2612
2717
|
}
|
|
2613
2718
|
const redirect_uri = options.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin;
|
|
2614
2719
|
const timeout = typeof options.timeoutInSeconds === "number" ? options.timeoutInSeconds * 1e3 : null;
|
|
@@ -2634,14 +2739,16 @@
|
|
|
2634
2739
|
if (this.options.useRefreshTokensFallback) {
|
|
2635
2740
|
return await this._getTokenFromIFrame(options);
|
|
2636
2741
|
}
|
|
2637
|
-
|
|
2742
|
+
await this.cacheManager.remove(this.options.clientId, options.authorizationParams.audience, options.authorizationParams.scope);
|
|
2743
|
+
const missingScopes = getMissingScopes(scopesToRequest, tokenResult.scope);
|
|
2744
|
+
throw new MissingScopesError(options.authorizationParams.audience || "default", missingScopes);
|
|
2638
2745
|
}
|
|
2639
2746
|
}
|
|
2640
2747
|
}
|
|
2641
2748
|
return Object.assign(Object.assign({}, tokenResult), {
|
|
2642
2749
|
scope: options.authorizationParams.scope,
|
|
2643
2750
|
oauthTokenScope: tokenResult.scope,
|
|
2644
|
-
audience: options.authorizationParams.audience ||
|
|
2751
|
+
audience: options.authorizationParams.audience || DEFAULT_AUDIENCE
|
|
2645
2752
|
});
|
|
2646
2753
|
} catch (e) {
|
|
2647
2754
|
if ((e.message.indexOf(MISSING_REFRESH_TOKEN_ERROR_MESSAGE) > -1 || e.message && e.message.indexOf(INVALID_REFRESH_TOKEN_ERROR_MESSAGE) > -1) && this.options.useRefreshTokensFallback) {
|
|
@@ -2660,11 +2767,12 @@
|
|
|
2660
2767
|
await this.cacheManager.set(entryWithoutIdToken);
|
|
2661
2768
|
}
|
|
2662
2769
|
async _getIdTokenFromCache() {
|
|
2663
|
-
const audience = this.options.authorizationParams.audience ||
|
|
2770
|
+
const audience = this.options.authorizationParams.audience || DEFAULT_AUDIENCE;
|
|
2771
|
+
const scope = this.scope[audience];
|
|
2664
2772
|
const cache = await this.cacheManager.getIdToken(new CacheKey({
|
|
2665
2773
|
clientId: this.options.clientId,
|
|
2666
2774
|
audience: audience,
|
|
2667
|
-
scope:
|
|
2775
|
+
scope: scope
|
|
2668
2776
|
}));
|
|
2669
2777
|
const currentCache = this.userCache.get(CACHE_KEY_ID_TOKEN_SUFFIX);
|
|
2670
2778
|
if (cache && cache.id_token === (currentCache === null || currentCache === void 0 ? void 0 : currentCache.id_token)) {
|
|
@@ -2710,7 +2818,7 @@
|
|
|
2710
2818
|
await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, authResult), {
|
|
2711
2819
|
decodedToken: decodedToken,
|
|
2712
2820
|
scope: options.scope,
|
|
2713
|
-
audience: options.audience ||
|
|
2821
|
+
audience: options.audience || DEFAULT_AUDIENCE
|
|
2714
2822
|
}), authResult.scope ? {
|
|
2715
2823
|
oauthTokenScope: authResult.scope
|
|
2716
2824
|
} : null), {
|
|
@@ -2730,7 +2838,7 @@
|
|
|
2730
2838
|
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
|
|
2731
2839
|
subject_token: options.subject_token,
|
|
2732
2840
|
subject_token_type: options.subject_token_type,
|
|
2733
|
-
scope:
|
|
2841
|
+
scope: scopesToRequest(this.scope, options.scope, options.audience || this.options.authorizationParams.audience),
|
|
2734
2842
|
audience: options.audience || this.options.authorizationParams.audience
|
|
2735
2843
|
});
|
|
2736
2844
|
}
|
|
@@ -2752,9 +2860,6 @@
|
|
|
2752
2860
|
return this.dpop.generateProof(params);
|
|
2753
2861
|
}
|
|
2754
2862
|
createFetcher(config = {}) {
|
|
2755
|
-
if (this.options.useDpop && !config.dpopNonceId) {
|
|
2756
|
-
throw new TypeError("When `useDpop` is enabled, `dpopNonceId` must be set when calling `createFetcher()`.");
|
|
2757
|
-
}
|
|
2758
2863
|
return new Fetcher(config, {
|
|
2759
2864
|
isDpopEnabled: () => !!this.options.useDpop,
|
|
2760
2865
|
getAccessToken: authParams => {
|
|
@@ -2763,7 +2868,8 @@
|
|
|
2763
2868
|
authorizationParams: {
|
|
2764
2869
|
scope: (_a = authParams === null || authParams === void 0 ? void 0 : authParams.scope) === null || _a === void 0 ? void 0 : _a.join(" "),
|
|
2765
2870
|
audience: authParams === null || authParams === void 0 ? void 0 : authParams.audience
|
|
2766
|
-
}
|
|
2871
|
+
},
|
|
2872
|
+
detailedResponse: true
|
|
2767
2873
|
});
|
|
2768
2874
|
},
|
|
2769
2875
|
getDpopNonce: () => this.getDpopNonce(config.dpopNonceId),
|
|
@@ -2772,12 +2878,6 @@
|
|
|
2772
2878
|
});
|
|
2773
2879
|
}
|
|
2774
2880
|
async connectAccountWithRedirect(options) {
|
|
2775
|
-
if (!this.options.useDpop) {
|
|
2776
|
-
throw new Error("`useDpop` option must be enabled before using connectAccountWithRedirect.");
|
|
2777
|
-
}
|
|
2778
|
-
if (!this.options.useMrrt) {
|
|
2779
|
-
throw new Error("`useMrrt` option must be enabled before using connectAccountWithRedirect.");
|
|
2780
|
-
}
|
|
2781
2881
|
const {openUrl: openUrl, appState: appState, connection: connection, authorization_params: authorization_params, redirectUri: redirectUri = this.options.authorizationParams.redirect_uri || window.location.origin} = options;
|
|
2782
2882
|
if (!connection) {
|
|
2783
2883
|
throw new Error("connection is required");
|