@axinom/mosaic-user-auth 0.3.6-rc.1 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -59,7 +59,7 @@ function commonjsRequire () {
59
59
 
60
60
  var enums = createCommonjsModule(function (module, exports) {
61
61
  Object.defineProperty(exports, "__esModule", { value: true });
62
- exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ROPCPasswordResponseCode = exports.ROPCSignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = void 0;
62
+ exports.DecryptNativeCookieResponseCode = exports.IdpProtocol = exports.CheckOtpResponseCode = exports.CompleteUserSignUpResponseCode = exports.UserSignUpResponseCode = exports.ROPCPasswordResponseCode = exports.ROPCSignInResponseCode = exports.IdpConfigurationResponseCode = exports.SignOutResponseCode = exports.TokenResponseCode = void 0;
63
63
  /**
64
64
  * Token response code from User Service Auth API
65
65
  */
@@ -141,12 +141,23 @@ var CheckOtpResponseCode;
141
141
  CheckOtpResponseCode["ERROR"] = "ERROR";
142
142
  CheckOtpResponseCode["SERVICE_CONFIGURATION_ERROR"] = "SERVICE_CONFIGURATION_ERROR";
143
143
  })(CheckOtpResponseCode = exports.CheckOtpResponseCode || (exports.CheckOtpResponseCode = {}));
144
+ /**
145
+ * IDP Protocol categories
146
+ */
144
147
  var IdpProtocol;
145
148
  (function (IdpProtocol) {
146
149
  IdpProtocol["OIDC"] = "OIDC";
147
150
  IdpProtocol["OAUTH2"] = "OAUTH2";
148
151
  IdpProtocol["DELEGATED"] = "DELEGATED";
149
152
  })(IdpProtocol = exports.IdpProtocol || (exports.IdpProtocol = {}));
153
+ /**
154
+ * Response codes specific to Native Cookie Decryption.
155
+ */
156
+ var DecryptNativeCookieResponseCode;
157
+ (function (DecryptNativeCookieResponseCode) {
158
+ DecryptNativeCookieResponseCode["SUCCESS"] = "SUCCESS";
159
+ DecryptNativeCookieResponseCode["COOKIE_DECRYPTION_FAILED"] = "COOKIE_DECRYPTION_FAILED";
160
+ })(DecryptNativeCookieResponseCode = exports.DecryptNativeCookieResponseCode || (exports.DecryptNativeCookieResponseCode = {}));
150
161
 
151
162
  });
152
163
 
@@ -1289,6 +1300,8 @@ var IdpConnectionsOrderBy;
1289
1300
  IdpConnectionsOrderBy["NATURAL"] = "NATURAL";
1290
1301
  IdpConnectionsOrderBy["PRIMARY_KEY_ASC"] = "PRIMARY_KEY_ASC";
1291
1302
  IdpConnectionsOrderBy["PRIMARY_KEY_DESC"] = "PRIMARY_KEY_DESC";
1303
+ IdpConnectionsOrderBy["PROTOCOL_ASC"] = "PROTOCOL_ASC";
1304
+ IdpConnectionsOrderBy["PROTOCOL_DESC"] = "PROTOCOL_DESC";
1292
1305
  IdpConnectionsOrderBy["PROVIDER_ICON_URL_ASC"] = "PROVIDER_ICON_URL_ASC";
1293
1306
  IdpConnectionsOrderBy["PROVIDER_ICON_URL_DESC"] = "PROVIDER_ICON_URL_DESC";
1294
1307
  IdpConnectionsOrderBy["PROVIDER_ID_ASC"] = "PROVIDER_ID_ASC";
@@ -1314,6 +1327,15 @@ var IdpConnectionsOrderBy;
1314
1327
  IdpConnectionsOrderBy["USER_INFO_RETRIEVAL_WEBHOOK_ASC"] = "USER_INFO_RETRIEVAL_WEBHOOK_ASC";
1315
1328
  IdpConnectionsOrderBy["USER_INFO_RETRIEVAL_WEBHOOK_DESC"] = "USER_INFO_RETRIEVAL_WEBHOOK_DESC";
1316
1329
  })(IdpConnectionsOrderBy || (IdpConnectionsOrderBy = {}));
1330
+ var IdpProtocol;
1331
+ (function (IdpProtocol) {
1332
+ /** Delegated */
1333
+ IdpProtocol["DELEGATED"] = "DELEGATED";
1334
+ /** OAuth 2.0 */
1335
+ IdpProtocol["OAUTH2"] = "OAUTH2";
1336
+ /** OIDC */
1337
+ IdpProtocol["OIDC"] = "OIDC";
1338
+ })(IdpProtocol || (IdpProtocol = {}));
1317
1339
  /** Methods to use when ordering `IdProvider`. */
1318
1340
  var IdProvidersOrderBy;
1319
1341
  (function (IdProvidersOrderBy) {
@@ -1356,6 +1378,29 @@ var ServiceConfigurationsOrderBy;
1356
1378
  ServiceConfigurationsOrderBy["WEBHOOK_TIMEOUT_ASC"] = "WEBHOOK_TIMEOUT_ASC";
1357
1379
  ServiceConfigurationsOrderBy["WEBHOOK_TIMEOUT_DESC"] = "WEBHOOK_TIMEOUT_DESC";
1358
1380
  })(ServiceConfigurationsOrderBy || (ServiceConfigurationsOrderBy = {}));
1381
+ /** Methods to use when ordering `UserIdpDatum`. */
1382
+ var UserIdpDataOrderBy;
1383
+ (function (UserIdpDataOrderBy) {
1384
+ UserIdpDataOrderBy["CREATED_DATE_ASC"] = "CREATED_DATE_ASC";
1385
+ UserIdpDataOrderBy["CREATED_DATE_DESC"] = "CREATED_DATE_DESC";
1386
+ UserIdpDataOrderBy["IDP_CONNECTION_ID_ASC"] = "IDP_CONNECTION_ID_ASC";
1387
+ UserIdpDataOrderBy["IDP_CONNECTION_ID_DESC"] = "IDP_CONNECTION_ID_DESC";
1388
+ UserIdpDataOrderBy["IDP_SUBJECT_ID_ASC"] = "IDP_SUBJECT_ID_ASC";
1389
+ UserIdpDataOrderBy["IDP_SUBJECT_ID_DESC"] = "IDP_SUBJECT_ID_DESC";
1390
+ UserIdpDataOrderBy["INITIAL_IDP_REFRESH_TOKEN_ASC"] = "INITIAL_IDP_REFRESH_TOKEN_ASC";
1391
+ UserIdpDataOrderBy["INITIAL_IDP_REFRESH_TOKEN_DESC"] = "INITIAL_IDP_REFRESH_TOKEN_DESC";
1392
+ UserIdpDataOrderBy["NATURAL"] = "NATURAL";
1393
+ UserIdpDataOrderBy["PRIMARY_KEY_ASC"] = "PRIMARY_KEY_ASC";
1394
+ UserIdpDataOrderBy["PRIMARY_KEY_DESC"] = "PRIMARY_KEY_DESC";
1395
+ UserIdpDataOrderBy["PROVIDER_ID_ASC"] = "PROVIDER_ID_ASC";
1396
+ UserIdpDataOrderBy["PROVIDER_ID_DESC"] = "PROVIDER_ID_DESC";
1397
+ UserIdpDataOrderBy["RAW_PAYLOAD_ASC"] = "RAW_PAYLOAD_ASC";
1398
+ UserIdpDataOrderBy["RAW_PAYLOAD_DESC"] = "RAW_PAYLOAD_DESC";
1399
+ UserIdpDataOrderBy["UPDATED_DATE_ASC"] = "UPDATED_DATE_ASC";
1400
+ UserIdpDataOrderBy["UPDATED_DATE_DESC"] = "UPDATED_DATE_DESC";
1401
+ UserIdpDataOrderBy["USER_ID_ASC"] = "USER_ID_ASC";
1402
+ UserIdpDataOrderBy["USER_ID_DESC"] = "USER_ID_DESC";
1403
+ })(UserIdpDataOrderBy || (UserIdpDataOrderBy = {}));
1359
1404
  /** Methods to use when ordering `UserProfile`. */
1360
1405
  var UserProfilesOrderBy;
1361
1406
  (function (UserProfilesOrderBy) {
@@ -1420,7 +1465,8 @@ var UsersOrderBy;
1420
1465
  UsersOrderBy["UPDATED_USER_ASC"] = "UPDATED_USER_ASC";
1421
1466
  UsersOrderBy["UPDATED_USER_DESC"] = "UPDATED_USER_DESC";
1422
1467
  })(UsersOrderBy || (UsersOrderBy = {}));
1423
- const AuthenticateConsumerApplicationDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "AuthenticateConsumerApplication" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "AuthenticateConsumerApplicationInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "authenticateConsumerApplication" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "accessToken" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "expiresInSeconds" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "tokenType" }, "arguments": [], "directives": [] }] } }] } }] };
1468
+ const AuthenticateConsumerApplicationDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "AuthenticateConsumerApplication" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "AuthenticateConsumerApplicationInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "authenticateConsumerApplication" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "accessToken" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "expiresInSeconds" }, "arguments": [], "directives": [] }, { "kind": "Field", "name": { "kind": "Name", "value": "tokenType" }, "arguments": [], "directives": [] }] } }] } }] };
1469
+ const DecryptNativeCookieDocument = { "kind": "Document", "definitions": [{ "kind": "OperationDefinition", "operation": "mutation", "name": { "kind": "Name", "value": "DecryptNativeCookie" }, "variableDefinitions": [{ "kind": "VariableDefinition", "variable": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } }, "type": { "kind": "NonNullType", "type": { "kind": "NamedType", "name": { "kind": "Name", "value": "DecryptWithKeyAesInput" } } }, "directives": [] }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "decryptWithKeyAes" }, "arguments": [{ "kind": "Argument", "name": { "kind": "Name", "value": "input" }, "value": { "kind": "Variable", "name": { "kind": "Name", "value": "input" } } }], "directives": [], "selectionSet": { "kind": "SelectionSet", "selections": [{ "kind": "Field", "name": { "kind": "Name", "value": "decryptedValue" }, "arguments": [], "directives": [] }] } }] } }] };
1424
1470
 
1425
1471
  /**
1426
1472
  * Authenticate a Consumer Application and receive a token.
@@ -1837,7 +1883,7 @@ const completePasswordReset = (completePasswordResetRequest, axAuthManagementEnd
1837
1883
  code: dist.ROPCPasswordResponseCode.SUCCESS,
1838
1884
  };
1839
1885
  });
1840
- const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, void 0, void 0, function* () {
1886
+ const getIdpConfigurations = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
1841
1887
  var _a, _b;
1842
1888
  const configResponse = yield invokeUserAuthMethod('get-user-auth-idp-config', userAuthConfig);
1843
1889
  if (configResponse.code === dist.IdpConfigurationResponseCode.SUCCESS) {
@@ -1849,7 +1895,6 @@ const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, vo
1849
1895
  providerIconUrl: idp.providerIconUrl,
1850
1896
  title: idp.title,
1851
1897
  sortOrder: idp.sortOrder,
1852
- authUrl: `${userAuthConfig.userAuthBaseUrl}/oauth?tenantId=${userAuthConfig.tenantId}&environmentId=${userAuthConfig.environmentId}&applicationId=${userAuthConfig.applicationId}&idpConnectionId=${idp.idpConnectionId}&originUrl=${originUrl}&userAuthProxyUrl=${userAuthConfig.userAuthBaseUrl}`,
1853
1898
  };
1854
1899
  })) !== null && _b !== void 0 ? _b : []);
1855
1900
  }
@@ -1857,11 +1902,39 @@ const getIdpConfigurations = (userAuthConfig, originUrl) => __awaiter(void 0, vo
1857
1902
  return [];
1858
1903
  }
1859
1904
  });
1905
+ /**
1906
+ * Get the Authentication URL for a given IDP for web based applications.
1907
+ *
1908
+ * @param userAuthConfig The UserAuthConfig object.
1909
+ * @param idpConnectionId IDP Connection ID that should be authenticated with.
1910
+ * @param returnUrl The return URL which the User Service will redirect after completing the authentication flow.
1911
+ * @returns a URL object
1912
+ */
1913
+ const getAuthUrl = (userAuthConfig, idpConnectionId, returnUrl) => {
1914
+ const authUrl = new URL('oauth', userAuthConfig.userAuthBaseUrl);
1915
+ authUrl.searchParams.set('tenantId', userAuthConfig.tenantId);
1916
+ authUrl.searchParams.set('environmentId', userAuthConfig.environmentId);
1917
+ authUrl.searchParams.set('applicationId', userAuthConfig.applicationId);
1918
+ authUrl.searchParams.set('idpConnectionId', idpConnectionId);
1919
+ authUrl.searchParams.set('originUrl', returnUrl);
1920
+ authUrl.searchParams.set('userAuthProxyUrl', userAuthConfig.userAuthBaseUrl);
1921
+ return authUrl;
1922
+ };
1923
+ /**
1924
+ * TODO: Move this to the react-native-lib.
1925
+ * react-native does not support URL.searchParams.set() method.
1926
+ * We need to explicitly install react-native-url-polyfill package.
1927
+ * Best if we do that in react-native specific user-auth-lib. *
1928
+ */
1929
+ const getNativeAuthUrl = (userAuthConfig, idpConnectionId, returnUrl, encryptionKey) => {
1930
+ const authUrl = new URL(`oauth?tenantId=${userAuthConfig.tenantId}&environmentId=${userAuthConfig.environmentId}&applicationId=${userAuthConfig.applicationId}&idpConnectionId=${idpConnectionId}&originUrl=${returnUrl}&userAuthProxyUrl=${userAuthConfig.userAuthBaseUrl}&encryptionKey=${encryptionKey}`, userAuthConfig.userAuthBaseUrl);
1931
+ return authUrl;
1932
+ };
1860
1933
  /**
1861
1934
  * Returns a new user token by invoking the User Auth API
1862
1935
  */
1863
1936
  const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
1864
- var _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s;
1937
+ var _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t;
1865
1938
  const tokenResponse = yield invokeUserAuthMethod('token', userAuthConfig);
1866
1939
  if (tokenResponse.code !== dist.TokenResponseCode.SUCCESS) {
1867
1940
  throw Error(tokenResponse.message);
@@ -1878,6 +1951,7 @@ const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, fun
1878
1951
  extensions: tokenResponse.extensions,
1879
1952
  accessToken: (_q = (_p = tokenResponse.user) === null || _p === void 0 ? void 0 : _p.token.accessToken) !== null && _q !== void 0 ? _q : '',
1880
1953
  expiresInSeconds: (_s = (_r = tokenResponse.user) === null || _r === void 0 ? void 0 : _r.token.expiresInSeconds) !== null && _s !== void 0 ? _s : 0,
1954
+ expiresAt: (_t = tokenResponse.user) === null || _t === void 0 ? void 0 : _t.token.expiresAt,
1881
1955
  };
1882
1956
  }
1883
1957
  });
@@ -1885,20 +1959,56 @@ const fetchUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, fun
1885
1959
  * Returns a user token. The method will ensure to avoid unnecessary API calls by caching valid user tokens.
1886
1960
  */
1887
1961
  const getUserToken = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
1962
+ if ((currentUserToken === null || currentUserToken === void 0 ? void 0 : currentUserToken.expiresAt) === undefined ||
1963
+ currentUserToken.expiresAt <= new Date(Date.now())) {
1964
+ currentUserToken = null;
1965
+ }
1888
1966
  if (currentUserToken !== null) {
1889
1967
  // A valid user token is already available
1890
1968
  return Promise.resolve(currentUserToken);
1891
1969
  }
1892
1970
  currentUserToken = yield fetchUserToken(userAuthConfig);
1893
- // Clear currentUserToken when the token expires, so the next call will retrieve a new one
1894
- setTimeout(() => __awaiter(void 0, void 0, void 0, function* () {
1895
- currentUserToken = null;
1896
- }), (currentUserToken.expiresInSeconds - 60) * 1000);
1897
1971
  return currentUserToken;
1898
1972
  });
1899
1973
  const logoutUser = (userAuthConfig) => __awaiter(void 0, void 0, void 0, function* () {
1900
1974
  const logoutResponse = yield invokeUserAuthMethod('sign-out', userAuthConfig);
1901
1975
  return logoutResponse.code === dist.SignOutResponseCode.SUCCESS;
1976
+ });
1977
+ /**
1978
+ * Decrypts an encrypted User Token Cookie
1979
+ *
1980
+ * @param encryptedCookie
1981
+ * @param key
1982
+ * @param userServiceManagementEndpoint
1983
+ * @returns
1984
+ */
1985
+ const decryptNativeCookie = (encryptedCookie, key, userServiceManagementEndpoint) => __awaiter(void 0, void 0, void 0, function* () {
1986
+ const variables = {
1987
+ input: {
1988
+ encryptedValue: encryptedCookie,
1989
+ key,
1990
+ },
1991
+ };
1992
+ const decryptNativeCookieResponse = yield (yield fetch(`${userServiceManagementEndpoint}`, {
1993
+ method: 'POST',
1994
+ cache: 'no-cache',
1995
+ redirect: 'follow',
1996
+ referrerPolicy: 'origin',
1997
+ headers: {
1998
+ 'content-type': 'application/json',
1999
+ },
2000
+ body: stringifyGqlQuery(DecryptNativeCookieDocument, variables),
2001
+ })).json();
2002
+ if (decryptNativeCookieResponse.errors !== undefined) {
2003
+ return {
2004
+ code: dist.DecryptNativeCookieResponseCode.COOKIE_DECRYPTION_FAILED,
2005
+ message: decryptNativeCookieResponse.errors[0].message,
2006
+ };
2007
+ }
2008
+ return {
2009
+ code: dist.DecryptNativeCookieResponseCode.SUCCESS,
2010
+ decryptedCookie: decryptNativeCookieResponse.data.decryptWithKeyAes.decryptedValue,
2011
+ };
1902
2012
  });
1903
2013
 
1904
2014
  /** Methods to use when ordering `UserProfile`. */
@@ -2102,9 +2212,10 @@ class UserServiceClient {
2102
2212
  * @param userServiceConfig Configuration values for the user service API
2103
2213
  * @param tokenRenewalMethod Token renewal method to use
2104
2214
  */
2105
- constructor(userAuthConfig, userServiceConfig, tokenRenewalMethod = exports.TokenRenewalMethod.ON_DEMAND) {
2215
+ constructor(userAuthConfig, userServiceConfig, setIsSignedIn, tokenRenewalMethod = exports.TokenRenewalMethod.ON_DEMAND) {
2106
2216
  this.userAuthConfig = userAuthConfig;
2107
2217
  this.userServiceConfig = userServiceConfig;
2218
+ this.setIsSignedIn = setIsSignedIn;
2108
2219
  this.tokenRenewalMethod = tokenRenewalMethod;
2109
2220
  this._tokenChangedHandlers = [];
2110
2221
  this._tokenResponse = null;
@@ -2119,6 +2230,7 @@ class UserServiceClient {
2119
2230
  try {
2120
2231
  const userToken = yield fetchUserToken(this.userAuthConfig);
2121
2232
  const userProfile = yield getUserProfile(this.userServiceConfig.userServiceBaseUrl, userToken.accessToken, userToken.profileId);
2233
+ this.setIsSignedIn(true);
2122
2234
  return {
2123
2235
  code: 'SUCCESS',
2124
2236
  userToken,
@@ -2130,6 +2242,7 @@ class UserServiceClient {
2130
2242
  };
2131
2243
  }
2132
2244
  catch (error) {
2245
+ this.setIsSignedIn(false);
2133
2246
  assertError(error);
2134
2247
  return {
2135
2248
  code: 'ERROR',
@@ -2189,7 +2302,7 @@ class UserServiceClient {
2189
2302
  * @returns a boolean indicating if the Mosaic application has an AxAuth IDP provider configured and it is enabled.
2190
2303
  */
2191
2304
  this.isDirectSignInConfigured = () => __awaiter(this, void 0, void 0, function* () {
2192
- const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig, 'https://non-existent-url');
2305
+ const idpConfigurations = yield getIdpConfigurations(this.userAuthConfig);
2193
2306
  this._axAuthIdpConfig = idpConfigurations.find((idpConfig) => idpConfig.providerId === 'AX_AUTH');
2194
2307
  return this._axAuthIdpConfig !== undefined;
2195
2308
  });
@@ -2215,15 +2328,14 @@ class UserServiceClient {
2215
2328
  /**
2216
2329
  * Registers a new user in the AX_AUTH IDP configured for the application.
2217
2330
  *
2218
- * @param originUrl
2219
2331
  * @param userSignUpRequest
2220
2332
  * @returns `UserSignUpResponse`
2221
2333
  */
2222
- this.initiateUserSignUp = (originUrl, userSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
2334
+ this.initiateUserSignUp = (userSignUpRequest) => __awaiter(this, void 0, void 0, function* () {
2223
2335
  var _d;
2224
2336
  // If _axAuthIdpConfig is not fetched previously, retrieve it.
2225
2337
  if (this._axAuthIdpConfig === undefined) {
2226
- yield this.getIdpConfigurations(originUrl);
2338
+ yield this.getIdpConfigurations();
2227
2339
  }
2228
2340
  if (this._axAuthIdpConfig !== undefined &&
2229
2341
  this._axAuthIdpConfig.clientId !== null &&
@@ -2242,15 +2354,14 @@ class UserServiceClient {
2242
2354
  /**
2243
2355
  * Checks if a given User Sign-Up OTP Code is valid
2244
2356
  *
2245
- * @param originUrl
2246
2357
  * @param checkUserSignUpOtpRequest
2247
2358
  * @returns `CheckUserSignUpOtpResponse`
2248
2359
  */
2249
- this.checkUserSignUpOTP = (originUrl, checkUserSignUpOtpRequest) => __awaiter(this, void 0, void 0, function* () {
2360
+ this.checkUserSignUpOTP = (checkUserSignUpOtpRequest) => __awaiter(this, void 0, void 0, function* () {
2250
2361
  var _e;
2251
2362
  // If _axAuthIdpConfig is not fetched previously, retrieve it.
2252
2363
  if (this._axAuthIdpConfig === undefined) {
2253
- yield this.getIdpConfigurations(originUrl);
2364
+ yield this.getIdpConfigurations();
2254
2365
  }
2255
2366
  if (this._axAuthIdpConfig !== undefined &&
2256
2367
  this._axAuthIdpConfig.clientId !== null &&
@@ -2291,15 +2402,14 @@ class UserServiceClient {
2291
2402
  * This will initiate the call to the webhook configured in AX_AUTH to send the generated OTP
2292
2403
  * to the user.
2293
2404
  *
2294
- * @param originUrl
2295
2405
  * @param email
2296
2406
  * @returns `InitiatePasswordResetResponse`
2297
2407
  */
2298
- this.initiateResetPassword = (originUrl, email) => __awaiter(this, void 0, void 0, function* () {
2408
+ this.initiateResetPassword = (email) => __awaiter(this, void 0, void 0, function* () {
2299
2409
  var _g;
2300
2410
  // If _axAuthIdpConfig is not fetched previously, retrieve it.
2301
2411
  if (this._axAuthIdpConfig === undefined) {
2302
- yield this.getIdpConfigurations(originUrl);
2412
+ yield this.getIdpConfigurations();
2303
2413
  }
2304
2414
  if (this._axAuthIdpConfig !== undefined &&
2305
2415
  this._axAuthIdpConfig.clientId !== null &&
@@ -2317,15 +2427,14 @@ class UserServiceClient {
2317
2427
  /**
2318
2428
  * Checks if a given Reset Password OTP Code is valid
2319
2429
  *
2320
- * @param originUrl
2321
2430
  * @param checkPasswordResetOtpRequest
2322
2431
  * @returns `CheckPasswordResetOtpResponse`
2323
2432
  */
2324
- this.checkResetPasswordOTP = (originUrl, checkPasswordResetOtpRequest) => __awaiter(this, void 0, void 0, function* () {
2433
+ this.checkResetPasswordOTP = (checkPasswordResetOtpRequest) => __awaiter(this, void 0, void 0, function* () {
2325
2434
  var _h;
2326
2435
  // If _axAuthIdpConfig is not fetched previously, retrieve it.
2327
2436
  if (this._axAuthIdpConfig === undefined) {
2328
- yield this.getIdpConfigurations(originUrl);
2437
+ yield this.getIdpConfigurations();
2329
2438
  }
2330
2439
  if (this._axAuthIdpConfig !== undefined &&
2331
2440
  this._axAuthIdpConfig.clientId !== null &&
@@ -2344,7 +2453,6 @@ class UserServiceClient {
2344
2453
  * Completes the password reset flow for a user registered using the AX_AUTH IDP.
2345
2454
  * The user needs to input the OTP along with a new password to finish the process.
2346
2455
  *
2347
- * @param originUrl
2348
2456
  * @param completePasswordResetRequest
2349
2457
  * @returns
2350
2458
  */
@@ -2368,19 +2476,21 @@ class UserServiceClient {
2368
2476
  * When in need of a token, please call this method to get a new token.
2369
2477
  */
2370
2478
  this.getToken = () => __awaiter(this, void 0, void 0, function* () {
2479
+ var _k;
2480
+ // Set token response to null if the token has expired.
2481
+ if (this.tokenResponse !== null &&
2482
+ (((_k = this.tokenResponse.userToken) === null || _k === void 0 ? void 0 : _k.expiresAt) === undefined ||
2483
+ this.tokenResponse.userToken.expiresAt <= new Date(Date.now()))) {
2484
+ this.tokenResponse = null;
2485
+ this.setIsSignedIn(false);
2486
+ }
2371
2487
  if (this.tokenResponse !== null && this.tokenResponse.code === 'SUCCESS') {
2372
2488
  // We already have a valid token
2373
2489
  return Promise.resolve(this.tokenResponse);
2374
2490
  }
2375
2491
  this.tokenResponse = yield this.fetchToken();
2376
2492
  if (this.tokenResponse.userToken !== undefined) {
2377
- if (this.tokenRenewalMethod === exports.TokenRenewalMethod.ON_DEMAND) {
2378
- setTimeout(() => __awaiter(this, void 0, void 0, function* () {
2379
- // Clear tokenResponse when the token expires, so the next call will retrieve a new one
2380
- this.tokenResponse = null;
2381
- }), (this.tokenResponse.userToken.expiresInSeconds - inAdvanceTokenRenewalDurationInSeconds) * 1000);
2382
- }
2383
- else if (this.tokenRenewalMethod === exports.TokenRenewalMethod.PRE_EMPTIVE) {
2493
+ if (this.tokenRenewalMethod === exports.TokenRenewalMethod.PRE_EMPTIVE) {
2384
2494
  // Renew the token pre-emptively
2385
2495
  yield this.recursivelyRefreshToken();
2386
2496
  }
@@ -2404,11 +2514,10 @@ class UserServiceClient {
2404
2514
  * Returns an array of IDP Configurations that are configured for the application
2405
2515
  * This list will exclude connections for provider id AX_AUTH as it is used for a user sign-up and ROPC flows.
2406
2516
  *
2407
- * @param originUrl URL to redirect to once the Oauth 2.0 flow is complete
2408
2517
  */
2409
- this.getIdpConfigurations = (originUrl) => __awaiter(this, void 0, void 0, function* () {
2518
+ this.getIdpConfigurations = () => __awaiter(this, void 0, void 0, function* () {
2410
2519
  // Extract the IDP Configuration for AX_AUTH and remove it from the ID Providers list.
2411
- const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig, originUrl)).filter((idpConfig) => {
2520
+ const idpConfigurations = (yield getIdpConfigurations(this.userAuthConfig)).filter((idpConfig) => {
2412
2521
  if (idpConfig.providerId === 'AX_AUTH') {
2413
2522
  this._axAuthIdpConfig = idpConfig;
2414
2523
  return;
@@ -2424,7 +2533,12 @@ class UserServiceClient {
2424
2533
  this.tokenResponse = null;
2425
2534
  // We want the user to be considered logged out, so we emit the TokenChanged here using 'null'
2426
2535
  this.emitTokenChanged(null);
2427
- return logoutUser(this.userAuthConfig);
2536
+ const logoutStatus = yield logoutUser(this.userAuthConfig);
2537
+ if (logoutStatus) {
2538
+ // Set the sign in status as false.
2539
+ this.setSignedInStatus(false);
2540
+ }
2541
+ return logoutStatus;
2428
2542
  });
2429
2543
  /**
2430
2544
  * Sets a given Profile ID as the active profile
@@ -2481,6 +2595,46 @@ class UserServiceClient {
2481
2595
  this.authenticateConsumerApplication = (authenticateConsumerApplicationRequest) => __awaiter(this, void 0, void 0, function* () {
2482
2596
  return authenticateConsumerApplication(authenticateConsumerApplicationRequest, this.userServiceConfig.userServiceBaseUrl);
2483
2597
  });
2598
+ /**
2599
+ * Decrypt an User Token Cookie used in Native Apps.
2600
+ * @param encryptedCookie
2601
+ * @param key
2602
+ * @returns
2603
+ */
2604
+ this.decryptNativeCookie = (encryptedCookie, key) => __awaiter(this, void 0, void 0, function* () {
2605
+ return decryptNativeCookie(encryptedCookie, key, `${this.userServiceConfig.userServiceBaseUrl}/graphql-management`);
2606
+ });
2607
+ /**
2608
+ * Returns the authentication URL for web based applications.
2609
+ *
2610
+ * @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
2611
+ * @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
2612
+ * @returns a URL object with the Authentication URL
2613
+ */
2614
+ this.getAuthUrl = (idpConnectionId, returnUrl) => {
2615
+ return getAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl);
2616
+ };
2617
+ /**
2618
+ * Returns the authentication URL for native applications.
2619
+ *
2620
+ * @param idpConnectionId The ID of the User Service IDP Connection used for authentication.
2621
+ * @param returnUrl Redirect URL which the IDP will redirect to after the authentication flow is finished.
2622
+ * @param encryptionKey A hex string with the length of 32 bytes that is used as the encryption key to encrypt the authorization Cookie.
2623
+ * @returns a URL object with the Authentication URL
2624
+ */
2625
+ this.getNativeAuthUrl = (idpConnectionId, returnUrl, encryptionKey) => {
2626
+ const authUrl = getNativeAuthUrl(this.userAuthConfig, idpConnectionId, returnUrl, encryptionKey);
2627
+ return authUrl;
2628
+ };
2629
+ /**
2630
+ * Sets the sign in status explicitly, allowing to re-render any
2631
+ * React components with the UserServiceProvider.
2632
+ *
2633
+ * @param signInStatus
2634
+ */
2635
+ this.setSignedInStatus = (signInStatus) => {
2636
+ this.setIsSignedIn(signInStatus);
2637
+ };
2484
2638
  // asynchronously get the ROPC endpoints at client initialization
2485
2639
  this.getROPCEndpoints();
2486
2640
  }
@@ -2502,8 +2656,9 @@ const UserServiceContext = React.createContext(null);
2502
2656
  * Provides the User Service Client that can be retrieved using the `useUserService` hook
2503
2657
  */
2504
2658
  const UserServiceProvider = ({ children, userAuthConfig, userServiceConfig, tokenRenewalMethod = exports.TokenRenewalMethod.ON_DEMAND, }) => {
2505
- const client = new UserServiceClient(userAuthConfig, userServiceConfig, tokenRenewalMethod);
2506
- return (React.createElement(UserServiceContext.Provider, { value: client }, children));
2659
+ const [isSignedIn, setIsSignedIn] = React.useState(false);
2660
+ const client = new UserServiceClient(userAuthConfig, userServiceConfig, setIsSignedIn, tokenRenewalMethod);
2661
+ return (React.createElement(UserServiceContext.Provider, { value: Object.assign({ isSignedIn }, client) }, children));
2507
2662
  };
2508
2663
  /**
2509
2664
  * Retrieves the User Service Client