npm - @bifold/core - Versions diffs - 2.10.2 → 2.11.0 - Mend

@bifold/core 2.10.2 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (260) hide show

package/lib/commonjs/modules/openid/refresh/reIssuance.js ADDED Viewed

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.reissueCredentialWithAccessToken = reissueCredentialWithAccessToken;
+var _core = require("@credo-ts/core");
+var _offerResolve = require("../offerResolve");
+var _metadata = require("../metadata");
+var _types = require("./types");
+async function reissueCredentialWithAccessToken({
+  agent,
+  logger,
+  record,
+  tokenResponse,
+  clientId,
+  pidSchemes
+}) {
+  if (!record) {
+    throw new Error('No credential record provided for re-issuance.');
+  }
+  const refreshMetaData = (0, _metadata.getRefreshCredentialMetadata)(record);
+  if (!refreshMetaData) {
+    throw new Error('No refresh metadata found on the record for re-issuance.');
+  }
+  const {
+    credentialConfigurationId,
+    resolvedCredentialOffer
+  } = refreshMetaData;
+  if (!resolvedCredentialOffer) {
+    throw new Error('No resolved credential offer found in the refresh metadata for re-issuance.');
+  }
+  if (!tokenResponse.access_token) {
+    throw new Error('No access token found in the token response for re-issuance.');
+  }
+  logger.info('*** Starting to get new credential via re-issuance flow ***');
+  // Request a **new** credential using the *existing* configuration id
+  const creds = await agent.modules.openId4VcHolder.requestCredentials({
+    resolvedCredentialOffer,
+    accessToken: tokenResponse.access_token,
+    tokenType: tokenResponse.token_type || 'Bearer',
+    cNonce: tokenResponse.c_nonce,
+    clientId,
+    credentialsToRequest: [credentialConfigurationId],
+    verifyCredentialStatus: false,
+    // you’ll check after storing
+    allowedProofOfPossessionSignatureAlgorithms: [_core.JwaSignatureAlgorithm.EdDSA, _core.JwaSignatureAlgorithm.ES256],
+    credentialBindingResolver: async opts => (0, _offerResolve.customCredentialBindingResolver)({
+      agent,
+      supportedDidMethods: opts.supportedDidMethods,
+      keyType: opts.keyType,
+      supportsAllDidMethods: opts.supportsAllDidMethods,
+      supportsJwk: opts.supportsJwk,
+      credentialFormat: opts.credentialFormat,
+      supportedCredentialId: opts.supportedCredentialId,
+      resolvedCredentialOffer: resolvedCredentialOffer,
+      pidSchemes
+    })
+  });
+  logger.info('*** New credential received via re-issuance flow ***.');
+  // Normalize to your local record types
+  const [firstCredential] = creds;
+  if (!firstCredential || typeof firstCredential === 'string') {
+    throw new Error('Issuer returned empty or malformed credential on re-issuance.');
+  }
+  let newRecord;
+  if ('compact' in firstCredential.credential) {
+    newRecord = new _core.SdJwtVcRecord({
+      compactSdJwtVc: firstCredential.credential.compact
+    });
+  } else if ((firstCredential === null || firstCredential === void 0 ? void 0 : firstCredential.credential) instanceof _core.Mdoc) {
+    newRecord = new _core.MdocRecord({
+      mdoc: firstCredential.credential
+    });
+  } else {
+    newRecord = new _core.W3cCredentialRecord({
+      credential: firstCredential.credential,
+      tags: {}
+    });
+  }
+  const openId4VcMetadata = (0, _metadata.extractOpenId4VcCredentialMetadata)(resolvedCredentialOffer.offeredCredentials[0], {
+    id: resolvedCredentialOffer.metadata.issuer,
+    display: resolvedCredentialOffer.metadata.credentialIssuerMetadata.display
+  });
+  (0, _metadata.setOpenId4VcCredentialMetadata)(newRecord, openId4VcMetadata);
+  (0, _metadata.setRefreshCredentialMetadata)(newRecord, {
+    ...refreshMetaData,
+    refreshToken: tokenResponse.refresh_token || refreshMetaData.refreshToken,
+    lastCheckedAt: Date.now(),
+    lastCheckResult: _types.RefreshStatus.Valid
+  });
+  return newRecord;
+}
+//# sourceMappingURL=reIssuance.js.map

package/lib/commonjs/modules/openid/refresh/reIssuance.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_core","require","_offerResolve","_metadata","_types","reissueCredentialWithAccessToken","agent","logger","record","tokenResponse","clientId","pidSchemes","Error","refreshMetaData","getRefreshCredentialMetadata","credentialConfigurationId","resolvedCredentialOffer","access_token","info","creds","modules","openId4VcHolder","requestCredentials","accessToken","tokenType","token_type","cNonce","c_nonce","credentialsToRequest","verifyCredentialStatus","allowedProofOfPossessionSignatureAlgorithms","JwaSignatureAlgorithm","EdDSA","ES256","credentialBindingResolver","opts","customCredentialBindingResolver","supportedDidMethods","keyType","supportsAllDidMethods","supportsJwk","credentialFormat","supportedCredentialId","firstCredential","newRecord","credential","SdJwtVcRecord","compactSdJwtVc","compact","Mdoc","MdocRecord","mdoc","W3cCredentialRecord","tags","openId4VcMetadata","extractOpenId4VcCredentialMetadata","offeredCredentials","id","metadata","issuer","display","credentialIssuerMetadata","setOpenId4VcCredentialMetadata","setRefreshCredentialMetadata","refreshToken","refresh_token","lastCheckedAt","Date","now","lastCheckResult","RefreshStatus","Valid"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/reIssuance.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAgBA,IAAAC,aAAA,GAAAD,OAAA;AAEA,IAAAE,SAAA,GAAAF,OAAA;AAMA,IAAAG,MAAA,GAAAH,OAAA;AAaO,eAAeI,gCAAgCA,CAAC;EACrDC,KAAK;EACLC,MAAM;EACNC,MAAM;EACNC,aAAa;EACbC,QAAQ;EACRC;AAC2B,CAAC,EAAyE;EACrG,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAII,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,eAAe,GAAG,IAAAC,sCAA4B,EAACN,MAAM,CAAC;EAC5D,IAAI,CAACK,eAAe,EAAE;IACpB,MAAM,IAAID,KAAK,CAAC,0DAA0D,CAAC;EAC7E;EACA,MAAM;IAAEG,yBAAyB;IAAEC;EAAwB,CAAC,GAAGH,eAAe;EAE9E,IAAI,CAACG,uBAAuB,EAAE;IAC5B,MAAM,IAAIJ,KAAK,CAAC,6EAA6E,CAAC;EAChG;EAEA,IAAI,CAACH,aAAa,CAACQ,YAAY,EAAE;IAC/B,MAAM,IAAIL,KAAK,CAAC,8DAA8D,CAAC;EACjF;EAEAL,MAAM,CAACW,IAAI,CAAC,6DAA6D,CAAC;EAC1E;EACA,MAAMC,KAAK,GAAG,MAAMb,KAAK,CAACc,OAAO,CAACC,eAAe,CAACC,kBAAkB,CAAC;IACnEN,uBAAuB;IACvBO,WAAW,EAAEd,aAAa,CAACQ,YAAY;IACvCO,SAAS,EAAEf,aAAa,CAACgB,UAAU,IAAI,QAAQ;IAC/CC,MAAM,EAAEjB,aAAa,CAACkB,OAAO;IAC7BjB,QAAQ;IACRkB,oBAAoB,EAAE,CAACb,yBAAyB,CAAC;IACjDc,sBAAsB,EAAE,KAAK;IAAE;IAC/BC,2CAA2C,EAAE,CAACC,2BAAqB,CAACC,KAAK,EAAED,2BAAqB,CAACE,KAAK,CAAC;IACvGC,yBAAyB,EAAE,MAAOC,IAAwC,IACxE,IAAAC,6CAA+B,EAAC;MAC9B9B,KAAK;MACL+B,mBAAmB,EAAEF,IAAI,CAACE,mBAAmB;MAC7CC,OAAO,EAAEH,IAAI,CAACG,OAAO;MACrBC,qBAAqB,EAAEJ,IAAI,CAACI,qBAAqB;MACjDC,WAAW,EAAEL,IAAI,CAACK,WAAW;MAC7BC,gBAAgB,EAAEN,IAAI,CAACM,gBAAgB;MACvCC,qBAAqB,EAAEP,IAAI,CAACO,qBAAqB;MACjD1B,uBAAuB,EAAEA,uBAAuB;MAChDL;IACF,CAAC;EACL,CAAC,CAAC;EAEFJ,MAAM,CAACW,IAAI,CAAC,uDAAuD,CAAC;;EAEpE;EACA,MAAM,CAACyB,eAAe,CAAC,GAAGxB,KAAK;EAC/B,IAAI,CAACwB,eAAe,IAAI,OAAOA,eAAe,KAAK,QAAQ,EAAE;IAC3D,MAAM,IAAI/B,KAAK,CAAC,+DAA+D,CAAC;EAClF;EAEA,IAAIgC,SAA2D;EAC/D,IAAI,SAAS,IAAID,eAAe,CAACE,UAAU,EAAE;IAC3CD,SAAS,GAAG,IAAIE,mBAAa,CAAC;MAAEC,cAAc,EAAEJ,eAAe,CAACE,UAAU,CAACG;IAAQ,CAAC,CAAC;EACvF,CAAC,MAAM,IAAI,CAACL,eAAe,aAAfA,eAAe,uBAAfA,eAAe,CAAUE,UAAU,aAAYI,UAAI,EAAE;IAC/DL,SAAS,GAAG,IAAIM,gBAAU,CAAC;MAAEC,IAAI,EAAER,eAAe,CAACE;IAAW,CAAC,CAAC;EAClE,CAAC,MAAM;IACLD,SAAS,GAAG,IAAIQ,yBAAmB,CAAC;MAClCP,UAAU,EAAEF,eAAe,CAACE,UAAwE;MACpGQ,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;EACJ;EAEA,MAAMC,iBAAiB,GAAG,IAAAC,4CAAkC,EAC1DvC,uBAAuB,CAACwC,kBAAkB,CAAC,CAAC,CAAC,EAC7C;IACEC,EAAE,EAAEzC,uBAAuB,CAAC0C,QAAQ,CAACC,MAAM;IAC3CC,OAAO,EAAE5C,uBAAuB,CAAC0C,QAAQ,CAACG,wBAAwB,CAACD;EACrE,CACF,CAAC;EAED,IAAAE,wCAA8B,EAAClB,SAAS,EAAEU,iBAAiB,CAAC;EAE5D,IAAAS,sCAA4B,EAACnB,SAAS,EAAE;IACtC,GAAG/B,eAAe;IAClBmD,YAAY,EAAEvD,aAAa,CAACwD,aAAa,IAAIpD,eAAe,CAACmD,YAAY;IACzEE,aAAa,EAAEC,IAAI,CAACC,GAAG,CAAC,CAAC;IACzBC,eAAe,EAAEC,oBAAa,CAACC;EACjC,CAAC,CAAC;EAEF,OAAO3B,SAAS;AAClB","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/refreshOrchestrator.js ADDED Viewed

@@ -0,0 +1,265 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.RefreshOrchestrator = void 0;
+var _core = require("@credo-ts/core");
+var _refreshToken = require("./refreshToken");
+var _reIssuance = require("./reIssuance");
+var _types = require("./types");
+var _registery = require("./registery");
+var _verifyCredentialStatus = require("./verifyCredentialStatus");
+var _metadata = require("../metadata");
+// modules/openid/refresh/RefreshOrchestrator.ts
+const defaultToLite = rec => {
+  var _rec$createdAt;
+  return {
+    id: rec.id,
+    // best-effort: SdJwt/W3C both expose claimFormat via tags in many setups.
+    // Fallback to JwtVc if unknown so UI has *some* value.
+    format: rec instanceof _core.W3cCredentialRecord && _core.ClaimFormat.JwtVc || rec instanceof _core.SdJwtVcRecord && _core.ClaimFormat.SdJwtVc || _core.ClaimFormat.JwtVc,
+    createdAt: (_rec$createdAt = rec.createdAt) === null || _rec$createdAt === void 0 ? void 0 : _rec$createdAt.toISOString(),
+    issuer: undefined
+  };
+};
+class RefreshOrchestrator {
+  intervalOn = false; // interval enabled?
+  runningOnce = false; // a run is in progress?
+  recentlyIssued = new Map();
+  constructor(logger, bridge, opts) {
+    this.logger = logger;
+    this.opts = {
+      intervalMs: 15 * 60 * 1000,
+      autoStart: true,
+      onError: e => this.logger.error(String(e)),
+      listRecords: async () => [],
+      toLite: defaultToLite,
+      ...(opts ?? {})
+    };
+    logger.info(`🔧 [RefreshOrchestrator] initialized -> ${JSON.stringify({
+      intervalMs: this.opts.intervalMs,
+      autoStart: this.opts.autoStart
+    })}`);
+    bridge.onReady(agent => {
+      this.agent = agent;
+      this.logger.info('🪝 [RefreshOrchestrator] Agent ready');
+      if (this.opts.autoStart && this.opts.intervalMs) this.start();
+    }, true);
+  }
+  configure(next) {
+    const prev = {
+      intervalOn: this.intervalOn,
+      intervalMs: this.opts.intervalMs ?? null,
+      autoStart: this.opts.autoStart ?? true,
+      agentReady: !!this.agent
+    };
+    // merge
+    this.opts = {
+      ...this.opts,
+      ...next
+    };
+    this.logger.info(`🔧 [RefreshOrchestrator] configure -> ${JSON.stringify({
+      intervalMs: this.opts.intervalMs,
+      autoStart: this.opts.autoStart
+    })}`);
+    const nowIntervalMs = this.opts.intervalMs ?? null;
+    const nowAutoStart = this.opts.autoStart ?? true;
+    // Case A: timer is running and intervalMs changed → restart
+    if (prev.intervalOn && prev.intervalMs !== nowIntervalMs) {
+      this.stop();
+      if (nowIntervalMs) this.start();
+      return;
+    }
+    // Case B: timer is running but user disabled intervals
+    if (prev.intervalOn && nowIntervalMs === null) {
+      this.stop();
+      return;
+    }
+    // Case C: timer is NOT running, but user enabled intervals
+    // Start iff: we have a positive interval, and either autoStart is true
+    // or the caller intends to enable interval operation via configure.
+    if (!prev.intervalOn && nowIntervalMs && nowAutoStart) {
+      // If agent isn't ready yet, defer; onReady() will auto-start.
+      if (this.agent) this.start();
+      // else do nothing — the constructor's bridge.onReady() will call start()
+      return;
+    }
+    // Case D: autoStart toggled from false→true with an interval set, and timer isn't running
+    if (!prev.intervalOn && !prev.autoStart && nowAutoStart && nowIntervalMs) {
+      if (this.agent) this.start();
+      // else defer to onReady()
+      return;
+    }
+    // Otherwise: no timer state change needed.
+  }
+  isRunning() {
+    return this.runningOnce;
+  }
+  start() {
+    if (this.intervalOn || !this.opts.intervalMs) return;
+    this.logger.info('⏱️ [RefreshOrchestrator] start interval');
+    this.intervalOn = true;
+    this.timer = setInterval(() => {
+      // fire-and-forget; guard against overlap
+      void this.runOnce('interval');
+    }, this.opts.intervalMs);
+  }
+  stop() {
+    if (!this.intervalOn) return;
+    this.logger.info('⏹️ [RefreshOrchestrator] stop interval');
+    clearInterval(this.timer);
+    this.timer = undefined;
+    this.intervalOn = false;
+  }
+  async runOnce(reason = 'manual') {
+    var _this$agent;
+    if (this.runningOnce) {
+      this.logger.warn('⚠️ [RefreshOrchestrator] runOnce skipped: already running');
+      return;
+    }
+    if (!this.agent || !((_this$agent = this.agent) !== null && _this$agent !== void 0 && _this$agent.isInitialized)) {
+      this.logger.warn('⚠️ [RefreshOrchestrator] runOnce skipped: agent not ready');
+      return;
+    }
+    this.runningOnce = true;
+    this.logger.info(`🔁 [RefreshOrchestrator] runOnce (${reason})`);
+    try {
+      const records = await this.opts.listRecords();
+      this.logger.info(`📦 [Refresh] found ${records.length} credential records`);
+      for (const rec of records) {
+        // don’t block whole batch if one fails
+        try {
+          await this.refreshRecord(rec);
+        } catch (e) {
+          var _this$opts$onError, _this$opts;
+          this.logger.error(`💥 [Refresh] record ${rec.id} failed: ${String(e)}`);
+          (_this$opts$onError = (_this$opts = this.opts).onError) === null || _this$opts$onError === void 0 || _this$opts$onError.call(_this$opts, e);
+        }
+      }
+      this.logger.info('✅ [Refresh] run completed');
+    } catch (e) {
+      var _this$opts$onError2, _this$opts2;
+      this.logger.error(`💥 [Refresh] global error: ${String(e)}`);
+      (_this$opts$onError2 = (_this$opts2 = this.opts).onError) === null || _this$opts$onError2 === void 0 || _this$opts$onError2.call(_this$opts2, e);
+    } finally {
+      this.runningOnce = false;
+    }
+  }
+  setIntervalMs(intervalMs) {
+    this.configure({
+      intervalMs
+    });
+  }
+  resolveFull(id) {
+    return this.recentlyIssued.get(id);
+  }
+  // ---- internals ----
+  async refreshRecord(rec) {
+    const {
+      shouldSkip,
+      markRefreshing,
+      clearRefreshing,
+      clearExpired,
+      markExpiredWithReplacement,
+      blockAsFailed,
+      blockAsSucceeded,
+      upsert
+    } = _registery.credentialRegistry.getState();
+    const id = rec.id;
+    if (!this.agent) {
+      this.logger.error(`💥 [Refresh] Agent not initialized, cannot refresh credential ${id}`);
+      return;
+    }
+    // 0) fast exit if this cred is already handled or in-flight
+    if (shouldSkip(id)) {
+      this.logger.info(`⏭️ [Refresh] skip credential ${id} (blocked/expired/in-flight)`);
+      return;
+    }
+    // 1) ensure a lite copy exists in registry (handy for UI/debug)
+    upsert(this.opts.toLite(rec));
+    // 2) mark in-flight
+    markRefreshing(id);
+    this.logger.info(`🧭 [Refresh] check credential ${id}`);
+    try {
+      // 3) verification
+      const isValid = await (0, _verifyCredentialStatus.verifyCredentialStatus)(rec, this.logger);
+      if (isValid) {
+        this.logger.info(`✅ [Refresh] valid → ${id}`);
+        // If it was previously expired for any reason, clear that and block as succeeded
+        clearExpired(id);
+        //We can block if isValid but for now we will keep checking it again every time
+        // blockAsSucceeded(id)
+        return;
+      }
+      // Invalid case:
+      await (0, _metadata.markOpenIDCredentialStatus)({
+        credential: rec,
+        status: _types.RefreshStatus.Invalid,
+        agentContext: this.agent.context
+      });
+      // 4) needs refresh → get access token
+      this.logger.info(`♻️ [Refresh] invalid, attempting re-issue → ${id}`);
+      const token = await (0, _refreshToken.refreshAccessToken)({
+        logger: this.logger,
+        cred: rec,
+        agentContext: this.agent.context
+      });
+      if (!token) {
+        const msg = `no refresh token available`;
+        this.logger.warn(`⚠️ [Refresh] ${msg} for ${id}`);
+        blockAsFailed(id, msg);
+        return;
+      }
+      // 5) re-issue
+      const newRecord = await (0, _reIssuance.reissueCredentialWithAccessToken)({
+        agent: this.agent,
+        logger: this.logger,
+        record: rec,
+        tokenResponse: token
+      });
+      if (newRecord) {
+        this.logger.info(`💾 [Refresh] new credential → ${newRecord.id}`);
+        // Queue a replacement for UI/notifications and block the old one as succeeded
+        markExpiredWithReplacement(id, this.opts.toLite(newRecord));
+        blockAsSucceeded(id);
+        this.recentlyIssued.set(newRecord.id, newRecord);
+      } else {
+        const msg = `re-issue returned no record`;
+        this.logger.warn(`⚠️ [Refresh] ${msg} for ${id}`);
+        blockAsFailed(id, msg);
+        await (0, _metadata.markOpenIDCredentialStatus)({
+          credential: rec,
+          status: _types.RefreshStatus.Invalid,
+          agentContext: this.agent.context
+        });
+      }
+    } catch (e) {
+      const err = String(e);
+      this.logger.error(`💥 [Refresh] error on ${id}: ${err}`);
+      blockAsFailed(id, err);
+    } finally {
+      // 6) clear in-flight marker
+      clearRefreshing(id);
+    }
+  }
+}
+exports.RefreshOrchestrator = RefreshOrchestrator;
+//# sourceMappingURL=refreshOrchestrator.js.map

package/lib/commonjs/modules/openid/refresh/refreshOrchestrator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_core","require","_refreshToken","_reIssuance","_types","_registery","_verifyCredentialStatus","_metadata","defaultToLite","rec","_rec$createdAt","id","format","W3cCredentialRecord","ClaimFormat","JwtVc","SdJwtVcRecord","SdJwtVc","createdAt","toISOString","issuer","undefined","RefreshOrchestrator","intervalOn","runningOnce","recentlyIssued","Map","constructor","logger","bridge","opts","intervalMs","autoStart","onError","e","error","String","listRecords","toLite","info","JSON","stringify","onReady","agent","start","configure","next","prev","agentReady","nowIntervalMs","nowAutoStart","stop","isRunning","timer","setInterval","runOnce","clearInterval","reason","_this$agent","warn","isInitialized","records","length","refreshRecord","_this$opts$onError","_this$opts","call","_this$opts$onError2","_this$opts2","setIntervalMs","resolveFull","get","shouldSkip","markRefreshing","clearRefreshing","clearExpired","markExpiredWithReplacement","blockAsFailed","blockAsSucceeded","upsert","credentialRegistry","getState","isValid","verifyCredentialStatus","markOpenIDCredentialStatus","credential","status","RefreshStatus","Invalid","agentContext","context","token","refreshAccessToken","cred","msg","newRecord","reissueCredentialWithAccessToken","record","tokenResponse","set","err","exports"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/refreshOrchestrator.ts"],"mappings":";;;;;;AACA,IAAAA,KAAA,GAAAC,OAAA;AAEA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,WAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAEA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,uBAAA,GAAAL,OAAA;AACA,IAAAM,SAAA,GAAAN,OAAA;AATA;;AAaA,MAAMO,aAAa,GAAIC,GAAY;EAAA,IAAAC,cAAA;EAAA,OAAM;IACvCC,EAAE,EAAEF,GAAG,CAACE,EAAE;IACV;IACA;IACAC,MAAM,EACHH,GAAG,YAAYI,yBAAmB,IAAIC,iBAAW,CAACC,KAAK,IACvDN,GAAG,YAAYO,mBAAa,IAAIF,iBAAW,CAACG,OAAQ,IACrDH,iBAAW,CAACC,KAAK;IACnBG,SAAS,GAAAR,cAAA,GAAED,GAAG,CAACS,SAAS,cAAAR,cAAA,uBAAbA,cAAA,CAAeS,WAAW,CAAC,CAAC;IACvCC,MAAM,EAAEC;EACV,CAAC;AAAA,CAAC;AAEK,MAAMC,mBAAmB,CAAiC;EAEvDC,UAAU,GAAG,KAAK,EAAC;EACnBC,WAAW,GAAG,KAAK,EAAC;;EAGXC,cAAc,GAAG,IAAIC,GAAG,CAAkB,CAAC;EAErDC,WAAWA,CAAkBC,MAAoB,EAAEC,MAAmB,EAAEC,IAA8B,EAAE;IAAA,KAA3EF,MAAoB,GAApBA,MAAoB;IACtD,IAAI,CAACE,IAAI,GAAG;MACVC,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;MAC1BC,SAAS,EAAE,IAAI;MACfC,OAAO,EAAGC,CAAC,IAAK,IAAI,CAACN,MAAM,CAACO,KAAK,CAACC,MAAM,CAACF,CAAC,CAAC,CAAC;MAC5CG,WAAW,EAAE,MAAAA,CAAA,KAAY,EAAE;MAC3BC,MAAM,EAAE9B,aAAa;MACrB,IAAIsB,IAAI,IAAI,CAAC,CAAC;IAChB,CAAC;IAEDF,MAAM,CAACW,IAAI,CACT,2CAA2CC,IAAI,CAACC,SAAS,CAAC;MACxDV,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU;MAChCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE;IACvB,CAAC,CAAC,EACJ,CAAC;IAEDH,MAAM,CAACa,OAAO,CAAEC,KAAK,IAAK;MACxB,IAAI,CAACA,KAAK,GAAGA,KAAK;MAClB,IAAI,CAACf,MAAM,CAACW,IAAI,CAAC,sCAAsC,CAAC;MACxD,IAAI,IAAI,CAACT,IAAI,CAACE,SAAS,IAAI,IAAI,CAACF,IAAI,CAACC,UAAU,EAAE,IAAI,CAACa,KAAK,CAAC,CAAC;IAC/D,CAAC,EAAE,IAAI,CAAC;EACV;EAEOC,SAASA,CAACC,IAAsC,EAAE;IACvD,MAAMC,IAAI,GAAG;MACXxB,UAAU,EAAE,IAAI,CAACA,UAAU;MAC3BQ,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU,IAAI,IAAI;MACxCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE,SAAS,IAAI,IAAI;MACtCgB,UAAU,EAAE,CAAC,CAAC,IAAI,CAACL;IACrB,CAAC;;IAED;IACA,IAAI,CAACb,IAAI,GAAG;MAAE,GAAG,IAAI,CAACA,IAAI;MAAE,GAAGgB;IAAK,CAAC;IAErC,IAAI,CAAClB,MAAM,CAACW,IAAI,CACd,yCAAyCC,IAAI,CAACC,SAAS,CAAC;MACtDV,UAAU,EAAE,IAAI,CAACD,IAAI,CAACC,UAAU;MAChCC,SAAS,EAAE,IAAI,CAACF,IAAI,CAACE;IACvB,CAAC,CAAC,EACJ,CAAC;IAED,MAAMiB,aAAa,GAAG,IAAI,CAACnB,IAAI,CAACC,UAAU,IAAI,IAAI;IAClD,MAAMmB,YAAY,GAAG,IAAI,CAACpB,IAAI,CAACE,SAAS,IAAI,IAAI;;IAEhD;IACA,IAAIe,IAAI,CAACxB,UAAU,IAAIwB,IAAI,CAAChB,UAAU,KAAKkB,aAAa,EAAE;MACxD,IAAI,CAACE,IAAI,CAAC,CAAC;MACX,IAAIF,aAAa,EAAE,IAAI,CAACL,KAAK,CAAC,CAAC;MAC/B;IACF;;IAEA;IACA,IAAIG,IAAI,CAACxB,UAAU,IAAI0B,aAAa,KAAK,IAAI,EAAE;MAC7C,IAAI,CAACE,IAAI,CAAC,CAAC;MACX;IACF;;IAEA;IACA;IACA;IACA,IAAI,CAACJ,IAAI,CAACxB,UAAU,IAAI0B,aAAa,IAAIC,YAAY,EAAE;MACrD;MACA,IAAI,IAAI,CAACP,KAAK,EAAE,IAAI,CAACC,KAAK,CAAC,CAAC;MAC5B;MACA;IACF;;IAEA;IACA,IAAI,CAACG,IAAI,CAACxB,UAAU,IAAI,CAACwB,IAAI,CAACf,SAAS,IAAIkB,YAAY,IAAID,aAAa,EAAE;MACxE,IAAI,IAAI,CAACN,KAAK,EAAE,IAAI,CAACC,KAAK,CAAC,CAAC;MAC5B;MACA;IACF;;IAEA;EACF;EAEOQ,SAASA,CAAA,EAAG;IACjB,OAAO,IAAI,CAAC5B,WAAW;EACzB;EAEOoB,KAAKA,CAAA,EAAG;IACb,IAAI,IAAI,CAACrB,UAAU,IAAI,CAAC,IAAI,CAACO,IAAI,CAACC,UAAU,EAAE;IAC9C,IAAI,CAACH,MAAM,CAACW,IAAI,CAAC,yCAAyC,CAAC;IAC3D,IAAI,CAAChB,UAAU,GAAG,IAAI;IACtB,IAAI,CAAC8B,KAAK,GAAGC,WAAW,CAAC,MAAM;MAC7B;MACA,KAAK,IAAI,CAACC,OAAO,CAAC,UAAU,CAAC;IAC/B,CAAC,EAAE,IAAI,CAACzB,IAAI,CAACC,UAAU,CAAC;EAC1B;EAEOoB,IAAIA,CAAA,EAAG;IACZ,IAAI,CAAC,IAAI,CAAC5B,UAAU,EAAE;IACtB,IAAI,CAACK,MAAM,CAACW,IAAI,CAAC,wCAAwC,CAAC;IAC1DiB,aAAa,CAAC,IAAI,CAACH,KAAM,CAAC;IAC1B,IAAI,CAACA,KAAK,GAAGhC,SAAS;IACtB,IAAI,CAACE,UAAU,GAAG,KAAK;EACzB;EAEA,MAAagC,OAAOA,CAACE,MAAM,GAAG,QAAQ,EAAE;IAAA,IAAAC,WAAA;IACtC,IAAI,IAAI,CAAClC,WAAW,EAAE;MACpB,IAAI,CAACI,MAAM,CAAC+B,IAAI,CAAC,2DAA2D,CAAC;MAC7E;IACF;IACA,IAAI,CAAC,IAAI,CAAChB,KAAK,IAAI,GAAAe,WAAA,GAAC,IAAI,CAACf,KAAK,cAAAe,WAAA,eAAVA,WAAA,CAAYE,aAAa,GAAE;MAC7C,IAAI,CAAChC,MAAM,CAAC+B,IAAI,CAAC,2DAA2D,CAAC;MAC7E;IACF;IAEA,IAAI,CAACnC,WAAW,GAAG,IAAI;IACvB,IAAI,CAACI,MAAM,CAACW,IAAI,CAAC,qCAAqCkB,MAAM,GAAG,CAAC;IAEhE,IAAI;MACF,MAAMI,OAAO,GAAG,MAAM,IAAI,CAAC/B,IAAI,CAACO,WAAW,CAAC,CAAC;MAC7C,IAAI,CAACT,MAAM,CAACW,IAAI,CAAC,sBAAsBsB,OAAO,CAACC,MAAM,qBAAqB,CAAC;MAC3E,KAAK,MAAMrD,GAAG,IAAIoD,OAAO,EAAe;QACtC;QACA,IAAI;UACF,MAAM,IAAI,CAACE,aAAa,CAACtD,GAAG,CAAC;QAC/B,CAAC,CAAC,OAAOyB,CAAC,EAAE;UAAA,IAAA8B,kBAAA,EAAAC,UAAA;UACV,IAAI,CAACrC,MAAM,CAACO,KAAK,CAAC,uBAAuB1B,GAAG,CAACE,EAAE,YAAYyB,MAAM,CAACF,CAAC,CAAC,EAAE,CAAC;UACvE,CAAA8B,kBAAA,IAAAC,UAAA,OAAI,CAACnC,IAAI,EAACG,OAAO,cAAA+B,kBAAA,eAAjBA,kBAAA,CAAAE,IAAA,CAAAD,UAAA,EAAoB/B,CAAC,CAAC;QACxB;MACF;MACA,IAAI,CAACN,MAAM,CAACW,IAAI,CAAC,2BAA2B,CAAC;IAC/C,CAAC,CAAC,OAAOL,CAAC,EAAE;MAAA,IAAAiC,mBAAA,EAAAC,WAAA;MACV,IAAI,CAACxC,MAAM,CAACO,KAAK,CAAC,8BAA8BC,MAAM,CAACF,CAAC,CAAC,EAAE,CAAC;MAC5D,CAAAiC,mBAAA,IAAAC,WAAA,OAAI,CAACtC,IAAI,EAACG,OAAO,cAAAkC,mBAAA,eAAjBA,mBAAA,CAAAD,IAAA,CAAAE,WAAA,EAAoBlC,CAAC,CAAC;IACxB,CAAC,SAAS;MACR,IAAI,CAACV,WAAW,GAAG,KAAK;IAC1B;EACF;EAEO6C,aAAaA,CAACtC,UAAyB,EAAE;IAC9C,IAAI,CAACc,SAAS,CAAC;MAAEd;IAAW,CAAC,CAAC;EAChC;EAEOuC,WAAWA,CAAC3D,EAAU,EAAuB;IAClD,OAAO,IAAI,CAACc,cAAc,CAAC8C,GAAG,CAAC5D,EAAE,CAAC;EACpC;;EAEA;;EAEA,MAAcoD,aAAaA,CAACtD,GAAY,EAAE;IACxC,MAAM;MACJ+D,UAAU;MACVC,cAAc;MACdC,eAAe;MACfC,YAAY;MACZC,0BAA0B;MAC1BC,aAAa;MACbC,gBAAgB;MAChBC;IACF,CAAC,GAAGC,6BAAkB,CAACC,QAAQ,CAAC,CAAC;IAEjC,MAAMtE,EAAE,GAAGF,GAAG,CAACE,EAAE;IAEjB,IAAI,CAAC,IAAI,CAACgC,KAAK,EAAE;MACf,IAAI,CAACf,MAAM,CAACO,KAAK,CAAC,iEAAiExB,EAAE,EAAE,CAAC;MACxF;IACF;;IAEA;IACA,IAAI6D,UAAU,CAAC7D,EAAE,CAAC,EAAE;MAClB,IAAI,CAACiB,MAAM,CAACW,IAAI,CAAC,gCAAgC5B,EAAE,8BAA8B,CAAC;MAClF;IACF;;IAEA;IACAoE,MAAM,CAAC,IAAI,CAACjD,IAAI,CAACQ,MAAM,CAAC7B,GAAG,CAAC,CAAC;;IAE7B;IACAgE,cAAc,CAAC9D,EAAE,CAAC;IAClB,IAAI,CAACiB,MAAM,CAACW,IAAI,CAAC,iCAAiC5B,EAAE,EAAE,CAAC;IAEvD,IAAI;MACF;MACA,MAAMuE,OAAO,GAAG,MAAM,IAAAC,8CAAsB,EAAC1E,GAAG,EAAE,IAAI,CAACmB,MAAM,CAAC;MAC9D,IAAIsD,OAAO,EAAE;QACX,IAAI,CAACtD,MAAM,CAACW,IAAI,CAAC,uBAAuB5B,EAAE,EAAE,CAAC;QAC7C;QACAgE,YAAY,CAAChE,EAAE,CAAC;QAChB;QACA;QACA;MACF;;MAEA;;MAEA,MAAM,IAAAyE,oCAA0B,EAAC;QAC/BC,UAAU,EAAE5E,GAAG;QACf6E,MAAM,EAAEC,oBAAa,CAACC,OAAO;QAC7BC,YAAY,EAAE,IAAI,CAAC9C,KAAK,CAAC+C;MAC3B,CAAC,CAAC;;MAEF;MACA,IAAI,CAAC9D,MAAM,CAACW,IAAI,CAAC,+CAA+C5B,EAAE,EAAE,CAAC;MACrE,MAAMgF,KAAK,GAAG,MAAM,IAAAC,gCAAkB,EAAC;QAAEhE,MAAM,EAAE,IAAI,CAACA,MAAM;QAAEiE,IAAI,EAAEpF,GAAG;QAAEgF,YAAY,EAAE,IAAI,CAAC9C,KAAK,CAAC+C;MAAQ,CAAC,CAAC;MAC5G,IAAI,CAACC,KAAK,EAAE;QACV,MAAMG,GAAG,GAAG,4BAA4B;QACxC,IAAI,CAAClE,MAAM,CAAC+B,IAAI,CAAC,gBAAgBmC,GAAG,QAAQnF,EAAE,EAAE,CAAC;QACjDkE,aAAa,CAAClE,EAAE,EAAEmF,GAAG,CAAC;QACtB;MACF;;MAEA;MACA,MAAMC,SAAS,GAAG,MAAM,IAAAC,4CAAgC,EAAC;QACvDrD,KAAK,EAAE,IAAI,CAACA,KAAK;QACjBf,MAAM,EAAE,IAAI,CAACA,MAAM;QACnBqE,MAAM,EAAExF,GAAG;QACXyF,aAAa,EAAEP;MACjB,CAAC,CAAC;MAEF,IAAII,SAAS,EAAE;QACb,IAAI,CAACnE,MAAM,CAACW,IAAI,CAAC,iCAAiCwD,SAAS,CAACpF,EAAE,EAAE,CAAC;QACjE;QACAiE,0BAA0B,CAACjE,EAAE,EAAE,IAAI,CAACmB,IAAI,CAACQ,MAAM,CAACyD,SAAS,CAAC,CAAC;QAC3DjB,gBAAgB,CAACnE,EAAE,CAAC;QACpB,IAAI,CAACc,cAAc,CAAC0E,GAAG,CAACJ,SAAS,CAACpF,EAAE,EAAEoF,SAAS,CAAC;MAClD,CAAC,MAAM;QACL,MAAMD,GAAG,GAAG,6BAA6B;QACzC,IAAI,CAAClE,MAAM,CAAC+B,IAAI,CAAC,gBAAgBmC,GAAG,QAAQnF,EAAE,EAAE,CAAC;QACjDkE,aAAa,CAAClE,EAAE,EAAEmF,GAAG,CAAC;QACtB,MAAM,IAAAV,oCAA0B,EAAC;UAC/BC,UAAU,EAAE5E,GAAG;UACf6E,MAAM,EAAEC,oBAAa,CAACC,OAAO;UAC7BC,YAAY,EAAE,IAAI,CAAC9C,KAAK,CAAC+C;QAC3B,CAAC,CAAC;MACJ;IACF,CAAC,CAAC,OAAOxD,CAAC,EAAE;MACV,MAAMkE,GAAG,GAAGhE,MAAM,CAACF,CAAC,CAAC;MACrB,IAAI,CAACN,MAAM,CAACO,KAAK,CAAC,yBAAyBxB,EAAE,KAAKyF,GAAG,EAAE,CAAC;MACxDvB,aAAa,CAAClE,EAAE,EAAEyF,GAAG,CAAC;IACxB,CAAC,SAAS;MACR;MACA1B,eAAe,CAAC/D,EAAE,CAAC;IACrB;EACF;AACF;AAAC0F,OAAA,CAAA/E,mBAAA,GAAAA,mBAAA","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/refreshToken.js ADDED Viewed

@@ -0,0 +1,78 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.refreshAccessToken = refreshAccessToken;
+var _metadata = require("../metadata");
+async function refreshAccessToken({
+  logger,
+  cred,
+  agentContext
+}) {
+  logger.info(`[refreshAccessToken] Checking new credential for record: ${cred.id}`);
+  //   return _mockTokenRefreshResponse
+  const refreshMetaData = (0, _metadata.getRefreshCredentialMetadata)(cred);
+  if (!refreshMetaData) {
+    logger.error(`[refreshAccessToken] No refresh metadata found for credential: ${cred.id}`);
+    return;
+  }
+  logger.info(`[refreshAccessToken] Found refresh metadata for credential: ${cred.id}`);
+  const {
+    refreshToken,
+    authServer
+  } = refreshMetaData;
+  try {
+    if (!authServer) {
+      throw new Error('No authorization server found in the credential offer metadata');
+    }
+    logger.info(`[refreshAccessToken] Found auth server for credential: ${cred.id}: ${authServer}`);
+    // Build token endpoint: <AS>/token?force=false
+    // React-Native-safe URL build
+    const tokenUrl = (authServer.endsWith('/') ? authServer.slice(0, -1) : authServer) + '/token?force=false';
+    // const tokenUrl = new URL('token', authServer)
+    // tokenUrl.searchParams.set('force', 'false')
+    logger.info(`[refreshAccessToken] Refreshing access token at URL: ${tokenUrl} for credential: ${cred.id}`);
+    const body = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: refreshToken,
+      // these are accepted by some ASs that share the same endpoint with pre-auth:
+      pre_authorized_code: '',
+      pre_authorized_code_alt: '',
+      user_pin: ''
+    });
+    const res = await fetch(tokenUrl.toString(), {
+      method: 'POST',
+      headers: {
+        accept: 'application/json',
+        'Content-Type': 'application/x-www-form-urlencoded'
+      },
+      body: body.toString()
+    });
+    logger.info(`[refreshAccessToken] Response status: ${JSON.stringify(res)}`);
+    if (!res.ok) {
+      const errText = await res.text();
+      throw new Error(`Refresh failed ${res.status}: ${errText}`);
+    }
+    const data = await res.json();
+    logger.info(`[refreshAccessToken] New access token acquired: ${JSON.stringify(data)}`);
+    // If refresh token rotated, persist it
+    if (data.refresh_token && data.refresh_token !== refreshToken) {
+      logger.info(`[refreshAccessToken] Refresh token rotated; saving new one`);
+      (0, _metadata.setRefreshCredentialMetadata)(cred, {
+        ...refreshMetaData,
+        authServer: authServer,
+        refreshToken: data.refresh_token
+      });
+      await (0, _metadata.persistCredentialRecord)(agentContext, cred);
+    }
+    return data;
+  } catch (error) {
+    logger.error(`[refreshAccessToken] Error getting new token: ${error}`);
+    throw error;
+  }
+}
+//# sourceMappingURL=refreshToken.js.map

package/lib/commonjs/modules/openid/refresh/refreshToken.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_metadata","require","refreshAccessToken","logger","cred","agentContext","info","id","refreshMetaData","getRefreshCredentialMetadata","error","refreshToken","authServer","Error","tokenUrl","endsWith","slice","body","URLSearchParams","grant_type","refresh_token","pre_authorized_code","pre_authorized_code_alt","user_pin","res","fetch","toString","method","headers","accept","JSON","stringify","ok","errText","text","status","data","json","setRefreshCredentialMetadata","persistCredentialRecord"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/refreshToken.ts"],"mappings":";;;;;;AAGA,IAAAA,SAAA,GAAAC,OAAA;AAEO,eAAeC,kBAAkBA,CAAC;EACvCC,MAAM;EACNC,IAAI;EACJC;AAKF,CAAC,EAAwC;EACvCF,MAAM,CAACG,IAAI,CAAC,4DAA4DF,IAAI,CAACG,EAAE,EAAE,CAAC;EAClF;EACA,MAAMC,eAAe,GAAG,IAAAC,sCAA4B,EAACL,IAAI,CAAC;EAC1D,IAAI,CAACI,eAAe,EAAE;IACpBL,MAAM,CAACO,KAAK,CAAC,kEAAkEN,IAAI,CAACG,EAAE,EAAE,CAAC;IACzF;EACF;EAEAJ,MAAM,CAACG,IAAI,CAAC,+DAA+DF,IAAI,CAACG,EAAE,EAAE,CAAC;EACrF,MAAM;IAAEI,YAAY;IAAEC;EAAW,CAAC,GAAGJ,eAAe;EAEpD,IAAI;IACF,IAAI,CAACI,UAAU,EAAE;MACf,MAAM,IAAIC,KAAK,CAAC,gEAAgE,CAAC;IACnF;IAEAV,MAAM,CAACG,IAAI,CAAC,0DAA0DF,IAAI,CAACG,EAAE,KAAKK,UAAU,EAAE,CAAC;;IAE/F;IACA;IACA,MAAME,QAAQ,GAAG,CAACF,UAAU,CAACG,QAAQ,CAAC,GAAG,CAAC,GAAGH,UAAU,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAGJ,UAAU,IAAI,oBAAoB;IACzG;IACA;;IAEAT,MAAM,CAACG,IAAI,CAAC,wDAAwDQ,QAAQ,oBAAoBV,IAAI,CAACG,EAAE,EAAE,CAAC;IAE1G,MAAMU,IAAI,GAAG,IAAIC,eAAe,CAAC;MAC/BC,UAAU,EAAE,eAAe;MAC3BC,aAAa,EAAET,YAAY;MAC3B;MACAU,mBAAmB,EAAE,EAAE;MACvBC,uBAAuB,EAAE,EAAE;MAC3BC,QAAQ,EAAE;IACZ,CAAC,CAAC;IAEF,MAAMC,GAAG,GAAG,MAAMC,KAAK,CAACX,QAAQ,CAACY,QAAQ,CAAC,CAAC,EAAE;MAC3CC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACPC,MAAM,EAAE,kBAAkB;QAC1B,cAAc,EAAE;MAClB,CAAC;MACDZ,IAAI,EAAEA,IAAI,CAACS,QAAQ,CAAC;IACtB,CAAC,CAAC;IAEFvB,MAAM,CAACG,IAAI,CAAC,yCAAyCwB,IAAI,CAACC,SAAS,CAACP,GAAG,CAAC,EAAE,CAAC;IAE3E,IAAI,CAACA,GAAG,CAACQ,EAAE,EAAE;MACX,MAAMC,OAAO,GAAG,MAAMT,GAAG,CAACU,IAAI,CAAC,CAAC;MAChC,MAAM,IAAIrB,KAAK,CAAC,kBAAkBW,GAAG,CAACW,MAAM,KAAKF,OAAO,EAAE,CAAC;IAC7D;IAEA,MAAMG,IAAqB,GAAG,MAAMZ,GAAG,CAACa,IAAI,CAAC,CAAC;IAC9ClC,MAAM,CAACG,IAAI,CAAC,mDAAmDwB,IAAI,CAACC,SAAS,CAACK,IAAI,CAAC,EAAE,CAAC;;IAEtF;IACA,IAAIA,IAAI,CAAChB,aAAa,IAAIgB,IAAI,CAAChB,aAAa,KAAKT,YAAY,EAAE;MAC7DR,MAAM,CAACG,IAAI,CAAC,4DAA4D,CAAC;MACzE,IAAAgC,sCAA4B,EAAClC,IAAI,EAAE;QACjC,GAAGI,eAAe;QAClBI,UAAU,EAAEA,UAAU;QACtBD,YAAY,EAAEyB,IAAI,CAAChB;MACrB,CAAC,CAAC;MAEF,MAAM,IAAAmB,iCAAuB,EAAClC,YAAY,EAAED,IAAI,CAAC;IACnD;IAEA,OAAOgC,IAAI;EACb,CAAC,CAAC,OAAO1B,KAAK,EAAE;IACdP,MAAM,CAACO,KAAK,CAAC,iDAAiDA,KAAK,EAAE,CAAC;IACtE,MAAMA,KAAK;EACb;AACF","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/registery.js ADDED Viewed

@@ -0,0 +1,143 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.selectOldIdByReplacementId = exports.readRegistry = exports.mutateRegistry = exports.credentialRegistry = void 0;
+var _vanilla = require("zustand/vanilla");
+/** Permanent (until unblocked) blocks so the orchestrator won’t retry this cred again this session */
+const credentialRegistry = exports.credentialRegistry = (0, _vanilla.createStore)((set, get) => ({
+  byId: {},
+  expired: [],
+  replacements: {},
+  refreshing: {},
+  blocked: {},
+  lastSweepAt: undefined,
+  upsert: cred => set(s => ({
+    byId: {
+      ...s.byId,
+      [cred.id]: cred
+    }
+  })),
+  markRefreshing: id => set(s => ({
+    refreshing: {
+      ...s.refreshing,
+      [id]: true
+    }
+  })),
+  clearRefreshing: id => set(s => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const {
+      [id]: _drop,
+      ...rest
+    } = s.refreshing;
+    return {
+      refreshing: rest
+    };
+  }),
+  markExpiredWithReplacement: (oldId, replacement) => set(s => ({
+    expired: s.expired.includes(oldId) ? s.expired : [...s.expired, oldId],
+    replacements: {
+      ...s.replacements,
+      [oldId]: replacement
+    }
+  })),
+  acceptReplacement: oldId => set(s => {
+    const repl = s.replacements[oldId];
+    if (!repl) return s;
+    const byId = {
+      ...s.byId
+    };
+    delete byId[oldId];
+    byId[repl.id] = repl;
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const {
+      [oldId]: _drop,
+      ...restRepl
+    } = s.replacements;
+    return {
+      byId,
+      replacements: restRepl,
+      expired: s.expired.filter(x => x !== oldId),
+      // Once accepted, you can optionally block the oldId as succeeded:
+      blocked: {
+        ...s.blocked,
+        [oldId]: {
+          reason: 'succeeded',
+          at: new Date().toISOString()
+        }
+      }
+    };
+  }),
+  clearExpired: id => set(s => ({
+    expired: s.expired.filter(x => x !== id)
+  })),
+  blockAsSucceeded: id => set(s => ({
+    blocked: {
+      ...s.blocked,
+      [id]: {
+        reason: 'succeeded',
+        at: new Date().toISOString()
+      }
+    }
+  })),
+  blockAsFailed: (id, error) => set(s => ({
+    blocked: {
+      ...s.blocked,
+      [id]: {
+        reason: 'failed',
+        at: new Date().toISOString(),
+        error
+      }
+    }
+  })),
+  unblock: id => set(s => {
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const {
+      [id]: _drop,
+      ...rest
+    } = s.blocked;
+    return {
+      blocked: rest
+    };
+  }),
+  shouldSkip: id => {
+    const s = get();
+    if (s.refreshing[id]) return true; // in-progress
+    if (s.expired.includes(id)) return true; // replacement already queued
+    if (s.blocked[id]) return true; // previously succeeded/failed
+    return false;
+  },
+  setLastSweep: iso => set({
+    lastSweepAt: iso
+  }),
+  reset: () => set({
+    byId: {},
+    expired: [],
+    replacements: {},
+    refreshing: {},
+    blocked: {},
+    lastSweepAt: undefined
+  })
+}));
+// Non-React helpers for workers/services
+const readRegistry = () => credentialRegistry.getState();
+exports.readRegistry = readRegistry;
+const mutateRegistry = updater => credentialRegistry.setState(s => {
+  updater(s);
+  return s;
+});
+exports.mutateRegistry = mutateRegistry;
+const selectOldIdByReplacementId = replacementId => {
+  const {
+    replacements
+  } = credentialRegistry.getState();
+  for (const [oldId, repl] of Object.entries(replacements)) {
+    if (repl.id === replacementId) return oldId;
+  }
+  return undefined;
+};
+exports.selectOldIdByReplacementId = selectOldIdByReplacementId;
+//# sourceMappingURL=registery.js.map

package/lib/commonjs/modules/openid/refresh/registery.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_vanilla","require","credentialRegistry","exports","createStore","set","get","byId","expired","replacements","refreshing","blocked","lastSweepAt","undefined","upsert","cred","s","id","markRefreshing","clearRefreshing","_drop","rest","markExpiredWithReplacement","oldId","replacement","includes","acceptReplacement","repl","restRepl","filter","x","reason","at","Date","toISOString","clearExpired","blockAsSucceeded","blockAsFailed","error","unblock","shouldSkip","setLastSweep","iso","reset","readRegistry","getState","mutateRegistry","updater","setState","selectOldIdByReplacementId","replacementId","Object","entries"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/registery.ts"],"mappings":";;;;;;AACA,IAAAA,QAAA,GAAAC,OAAA;AAiBA;;AAyDO,MAAMC,kBAAkB,GAAAC,OAAA,CAAAD,kBAAA,GAAG,IAAAE,oBAAW,EAAgB,CAACC,GAAG,EAAEC,GAAG,MAAM;EAC1EC,IAAI,EAAE,CAAC,CAAC;EACRC,OAAO,EAAE,EAAE;EACXC,YAAY,EAAE,CAAC,CAAC;EAChBC,UAAU,EAAE,CAAC,CAAC;EACdC,OAAO,EAAE,CAAC,CAAC;EACXC,WAAW,EAAEC,SAAS;EAEtBC,MAAM,EAAGC,IAAI,IAAKV,GAAG,CAAEW,CAAC,KAAM;IAAET,IAAI,EAAE;MAAE,GAAGS,CAAC,CAACT,IAAI;MAAE,CAACQ,IAAI,CAACE,EAAE,GAAGF;IAAK;EAAE,CAAC,CAAC,CAAC;EAExEG,cAAc,EAAGD,EAAE,IAAKZ,GAAG,CAAEW,CAAC,KAAM;IAAEN,UAAU,EAAE;MAAE,GAAGM,CAAC,CAACN,UAAU;MAAE,CAACO,EAAE,GAAG;IAAK;EAAE,CAAC,CAAC,CAAC;EAErFE,eAAe,EAAGF,EAAE,IAClBZ,GAAG,CAAEW,CAAC,IAAK;IACT;IACA,MAAM;MAAE,CAACC,EAAE,GAAGG,KAAK;MAAE,GAAGC;IAAK,CAAC,GAAGL,CAAC,CAACN,UAAU;IAC7C,OAAO;MAAEA,UAAU,EAAEW;IAAK,CAAC;EAC7B,CAAC,CAAC;EAEJC,0BAA0B,EAAEA,CAACC,KAAK,EAAEC,WAAW,KAC7CnB,GAAG,CAAEW,CAAC,KAAM;IACVR,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACiB,QAAQ,CAACF,KAAK,CAAC,GAAGP,CAAC,CAACR,OAAO,GAAG,CAAC,GAAGQ,CAAC,CAACR,OAAO,EAAEe,KAAK,CAAC;IACtEd,YAAY,EAAE;MAAE,GAAGO,CAAC,CAACP,YAAY;MAAE,CAACc,KAAK,GAAGC;IAAY;EAC1D,CAAC,CAAC,CAAC;EAELE,iBAAiB,EAAGH,KAAK,IACvBlB,GAAG,CAAEW,CAAC,IAAK;IACT,MAAMW,IAAI,GAAGX,CAAC,CAACP,YAAY,CAACc,KAAK,CAAC;IAClC,IAAI,CAACI,IAAI,EAAE,OAAOX,CAAC;IACnB,MAAMT,IAAI,GAAG;MAAE,GAAGS,CAAC,CAACT;IAAK,CAAC;IAC1B,OAAOA,IAAI,CAACgB,KAAK,CAAC;IAClBhB,IAAI,CAACoB,IAAI,CAACV,EAAE,CAAC,GAAGU,IAAI;IACpB;IACA,MAAM;MAAE,CAACJ,KAAK,GAAGH,KAAK;MAAE,GAAGQ;IAAS,CAAC,GAAGZ,CAAC,CAACP,YAAY;IACtD,OAAO;MACLF,IAAI;MACJE,YAAY,EAAEmB,QAAQ;MACtBpB,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACqB,MAAM,CAAEC,CAAC,IAAKA,CAAC,KAAKP,KAAK,CAAC;MAC7C;MACAZ,OAAO,EAAE;QAAE,GAAGK,CAAC,CAACL,OAAO;QAAE,CAACY,KAAK,GAAG;UAAEQ,MAAM,EAAE,WAAW;UAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC;QAAE;MAAE;IAC1F,CAAC;EACH,CAAC,CAAC;EAEJC,YAAY,EAAGlB,EAAE,IACfZ,GAAG,CAAEW,CAAC,KAAM;IACVR,OAAO,EAAEQ,CAAC,CAACR,OAAO,CAACqB,MAAM,CAAEC,CAAC,IAAKA,CAAC,KAAKb,EAAE;EAC3C,CAAC,CAAC,CAAC;EAELmB,gBAAgB,EAAGnB,EAAE,IACnBZ,GAAG,CAAEW,CAAC,KAAM;IACVL,OAAO,EAAE;MAAE,GAAGK,CAAC,CAACL,OAAO;MAAE,CAACM,EAAE,GAAG;QAAEc,MAAM,EAAE,WAAW;QAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC;MAAE;IAAE;EACvF,CAAC,CAAC,CAAC;EAELG,aAAa,EAAEA,CAACpB,EAAE,EAAEqB,KAAK,KACvBjC,GAAG,CAAEW,CAAC,KAAM;IACVL,OAAO,EAAE;MAAE,GAAGK,CAAC,CAACL,OAAO;MAAE,CAACM,EAAE,GAAG;QAAEc,MAAM,EAAE,QAAQ;QAAEC,EAAE,EAAE,IAAIC,IAAI,CAAC,CAAC,CAACC,WAAW,CAAC,CAAC;QAAEI;MAAM;IAAE;EAC3F,CAAC,CAAC,CAAC;EAELC,OAAO,EAAGtB,EAAE,IACVZ,GAAG,CAAEW,CAAC,IAAK;IACT;IACA,MAAM;MAAE,CAACC,EAAE,GAAGG,KAAK;MAAE,GAAGC;IAAK,CAAC,GAAGL,CAAC,CAACL,OAAO;IAC1C,OAAO;MAAEA,OAAO,EAAEU;IAAK,CAAC;EAC1B,CAAC,CAAC;EAEJmB,UAAU,EAAGvB,EAAE,IAAK;IAClB,MAAMD,CAAC,GAAGV,GAAG,CAAC,CAAC;IACf,IAAIU,CAAC,CAACN,UAAU,CAACO,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IAClC,IAAID,CAAC,CAACR,OAAO,CAACiB,QAAQ,CAACR,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IACxC,IAAID,CAAC,CAACL,OAAO,CAACM,EAAE,CAAC,EAAE,OAAO,IAAI,EAAC;IAC/B,OAAO,KAAK;EACd,CAAC;EAEDwB,YAAY,EAAGC,GAAG,IAAKrC,GAAG,CAAC;IAAEO,WAAW,EAAE8B;EAAI,CAAC,CAAC;EAEhDC,KAAK,EAAEA,CAAA,KACLtC,GAAG,CAAC;IACFE,IAAI,EAAE,CAAC,CAAC;IACRC,OAAO,EAAE,EAAE;IACXC,YAAY,EAAE,CAAC,CAAC;IAChBC,UAAU,EAAE,CAAC,CAAC;IACdC,OAAO,EAAE,CAAC,CAAC;IACXC,WAAW,EAAEC;EACf,CAAC;AACL,CAAC,CAAC,CAAC;;AAEH;AACO,MAAM+B,YAAY,GAAGA,CAAA,KAAM1C,kBAAkB,CAAC2C,QAAQ,CAAC,CAAC;AAAA1C,OAAA,CAAAyC,YAAA,GAAAA,YAAA;AACxD,MAAME,cAAc,GAAIC,OAAmC,IAChE7C,kBAAkB,CAAC8C,QAAQ,CAAEhC,CAAC,IAAK;EACjC+B,OAAO,CAAC/B,CAAC,CAAC;EACV,OAAOA,CAAC;AACV,CAAC,CAAC;AAAAb,OAAA,CAAA2C,cAAA,GAAAA,cAAA;AAEG,MAAMG,0BAA0B,GAAIC,aAAqB,IAAyB;EACvF,MAAM;IAAEzC;EAAa,CAAC,GAAGP,kBAAkB,CAAC2C,QAAQ,CAAC,CAAC;EACtD,KAAK,MAAM,CAACtB,KAAK,EAAEI,IAAI,CAAC,IAAIwB,MAAM,CAACC,OAAO,CAAC3C,YAAY,CAAC,EAAE;IACxD,IAAIkB,IAAI,CAACV,EAAE,KAAKiC,aAAa,EAAE,OAAO3B,KAAK;EAC7C;EACA,OAAOV,SAAS;AAClB,CAAC;AAAAV,OAAA,CAAA8C,0BAAA,GAAAA,0BAAA","ignoreList":[]}

package/lib/commonjs/modules/openid/refresh/types.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.RefreshStatus = exports.OpenIDCustomNotificationType = void 0;
+let RefreshStatus = exports.RefreshStatus = /*#__PURE__*/function (RefreshStatus) {
+  RefreshStatus["Valid"] = "valid";
+  RefreshStatus["Invalid"] = "invalid";
+  RefreshStatus["Error"] = "error";
+  return RefreshStatus;
+}({});
+let OpenIDCustomNotificationType = exports.OpenIDCustomNotificationType = /*#__PURE__*/function (OpenIDCustomNotificationType) {
+  OpenIDCustomNotificationType["CredentialReplacementAvailable"] = "CustomNotificationOpenIDCredential";
+  return OpenIDCustomNotificationType;
+}({});
+//# sourceMappingURL=types.js.map

package/lib/commonjs/modules/openid/refresh/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":["RefreshStatus","exports","OpenIDCustomNotificationType"],"sourceRoot":"../../../../../src","sources":["modules/openid/refresh/types.ts"],"mappings":";;;;;;IAmBYA,aAAa,GAAAC,OAAA,CAAAD,aAAA,0BAAbA,aAAa;EAAbA,aAAa;EAAbA,aAAa;EAAbA,aAAa;EAAA,OAAbA,aAAa;AAAA;AAAA,IAoDbE,4BAA4B,GAAAD,OAAA,CAAAC,4BAAA,0BAA5BA,4BAA4B;EAA5BA,4BAA4B;EAAA,OAA5BA,4BAA4B;AAAA","ignoreList":[]}