@axa-fr/oidc-client 7.27.17 → 7.27.18

package/README.md

@@ -446,6 +446,41 @@ pnpm start
 
 ```
 
+## Handling missing or corrupted login state
+
+When the OIDC state or nonce is missing from storage at callback time (for
+example because the user is in a private browsing tab, cleared storage
+manually, or because the browser evicted the entry between the authorize
+redirect and the callback), the library now throws a typed
+`OidcStateError` instead of letting a generic `TypeError` escape.
+
+```ts
+import { isOidcStateError, OidcStateError, OidcStateErrorCode } from '@axa-fr/oidc-client';
+
+try {
+  await oidcClient.loginCallbackAsync();
+} catch (error) {
+  if (isOidcStateError(error)) {
+    switch (error.code) {
+      case OidcStateErrorCode.STATE_MISSING:
+        // The stored state was not found at callback time.
+        break;
+      case OidcStateErrorCode.STATE_MISMATCH:
+        // The state returned by the server does not match the stored one.
+        break;
+      case OidcStateErrorCode.NONCE_MISSING:
+        // The stored nonce was not found at callback time.
+        break;
+    }
+  }
+}
+```
+
+`OidcStateError` is an `Error` subclass, exposes a stable `code` field, and
+is also re-exported from `@axa-fr/react-oidc`. For silent renewal, a missing
+nonce no longer throws a `TypeError` — it is reported through the existing
+`SESSION_LOST` status so consumers can recover via the normal re-login flow.
+
 ## Service worker protocol
 
 The `postMessage` protocol used between `OidcClient` and the service worker

package/dist/index.d.ts

@@ -5,6 +5,7 @@ export { OidcLocation } from './location.js';
 export { getFetchDefault } from './oidc.js';
 export type { OidcUserInfo } from './oidcClient.js';
 export { OidcClient } from './oidcClient.js';
+export { isOidcStateError, OidcStateError, OidcStateErrorCode } from './oidcStateError.js';
 export type { Tokens } from './parseTokens.js';
 export { TokenRenewMode } from './parseTokens.js';
 export type { ServiceWorkerMessage, ServiceWorkerMessageTypeKey, ServiceWorkerMessageTypeValue, ServiceWorkerResponse, } from './protocol.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,0BAA0B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC9F,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAC3D,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,YAAY,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,YAAY,EACV,oBAAoB,EACpB,2BAA2B,EAC3B,6BAA6B,EAC7B,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,eAAe,EACf,6BAA6B,EAC7B,0BAA0B,EAC1B,gBAAgB,EAChB,wBAAwB,EACxB,kBAAkB,EAClB,qCAAqC,EACrC,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,+BAA+B,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC9F,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,0BAA0B,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC9F,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAC3D,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC3F,YAAY,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,YAAY,EACV,oBAAoB,EACpB,2BAA2B,EAC3B,6BAA6B,EAC7B,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,eAAe,EACf,6BAA6B,EAC7B,0BAA0B,EAC1B,gBAAgB,EAChB,wBAAwB,EACxB,kBAAkB,EAClB,qCAAqC,EACrC,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,+BAA+B,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC9F,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC"}