@cinerino/sdk 14.0.0-alpha.8 → 14.0.0

package/lib/auth/oAuth2client.js

@@ -1,273 +1,232 @@
 "use strict";
-var __assign = (this && this.__assign) || function () {
-    __assign = Object.assign || function(t) {
-        for (var s, i = 1, n = arguments.length; i < n; i++) {
-            s = arguments[i];
-            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
-                t[p] = s[p];
-        }
-        return t;
-    };
-    return __assign.apply(this, arguments);
-};
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
-    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MAX_RETRY_NUM = void 0;
+exports.OAuth2client = exports.MAX_RETRY_NUM = void 0;
 /**
  * OAuth2クライアント
  */
-var crypto = __importStar(require("crypto"));
-var debug_1 = __importDefault(require("debug"));
-var http_status_1 = require("http-status");
-// import fetch from 'isomorphic-fetch';
-var querystring = __importStar(require("querystring"));
-var transporters_1 = require("../abstract/transporters");
-var loginTicket_1 = require("./loginTicket");
-var debug = (0, debug_1.default)('cinerino-sdk:auth:oAuth2client');
-var WAIT_BEFORE_RETRY_MS = 1000;
+const crypto_1 = require("crypto");
+const debug_1 = __importDefault(require("debug"));
+const http_status_1 = require("http-status");
+const transporters_1 = require("../abstract/transporters");
+const loginTicket_1 = require("./loginTicket");
+const debug = (0, debug_1.default)('cinerino-sdk:auth:oAuth2client');
+const WAIT_BEFORE_RETRY_MS = 1000;
 exports.MAX_RETRY_NUM = 2;
-function sleep(waitTime) {
-    return __awaiter(this, void 0, void 0, function () {
-        return __generator(this, function (_a) {
-            return [2 /*return*/, new Promise(function (resolve) {
-                    setTimeout(function () {
-                        resolve();
-                    }, waitTime);
-                })];
-        });
+async function sleep(waitTime) {
+    return new Promise((resolve) => {
+        setTimeout(() => {
+            resolve();
+        }, waitTime);
     });
 }
 /**
  * OAuth2 client
  */
-var OAuth2client = /** @class */ (function () {
-    function OAuth2client(options) {
+class OAuth2client {
+    /**
+     * The base URL for auth endpoints.
+     */
+    static OAUTH2_AUTH_BASE_URI = '/oauth2/authorize';
+    /**
+     * The base endpoint for token retrieval.
+     */
+    static OAUTH2_TOKEN_URI = '/oauth2/token';
+    /**
+     * The base endpoint to revoke tokens.
+     */
+    static OAUTH2_LOGOUT_URI = '/logout';
+    /**
+     * certificates.
+     */
+    // protected static readonly OAUTH2_FEDERATED_SIGNON_CERTS_URL = 'https://www.example.com/oauth2/v1/certs';
+    credentials;
+    options;
+    /**
+     * 認証クライアントインスタンス内で発生するイベント
+     */
+    events;
+    constructor(options) {
         // TODO add minimum validation
         this.options = options;
         this.credentials = {};
         this.events = {};
     }
-    OAuth2client.BASE64URLENCODE = function (str) {
+    static BASE64URLENCODE(str) {
         return str.toString('base64')
             .replace(/\+/g, '-')
             .replace(/\//g, '_')
             .replace(/=/g, '');
-    };
-    OAuth2client.SHA256 = function (buffer) {
-        return crypto.createHash('sha256')
+    }
+    static SHA256(buffer) {
+        return (0, crypto_1.createHash)('sha256')
             .update(buffer)
             .digest();
-    };
+    }
     /**
      * Generates URL for consent page landing.
      */
-    OAuth2client.prototype.generateAuthUrl = function (optOpts) {
-        var options = {
+    generateAuthUrl(optOpts) {
+        // const options: querystring.ParsedUrlQueryInput = {
+        //     response_type: 'code',
+        //     client_id: this.options.clientId,
+        //     redirect_uri: this.options.redirectUri,
+        //     scope: optOpts.scopes.join(' '),
+        //     state: optOpts.state
+        // };
+        // if (optOpts.codeVerifier !== undefined) {
+        //     options.code_challenge_method = 'S256';
+        //     options.code_challenge = OAuth2client.BASE64URLENCODE(OAuth2client.SHA256(optOpts.codeVerifier));
+        // }
+        // const rootUrl = `https://${this.options.domain}${OAuth2client.OAUTH2_AUTH_BASE_URI}`;
+        // return `${rootUrl}?${querystring.stringify(options)}`;
+        const queryParams = {
             response_type: 'code',
             client_id: this.options.clientId,
             redirect_uri: this.options.redirectUri,
             scope: optOpts.scopes.join(' '),
-            state: optOpts.state
         };
+        // state がある場合のみ追加（undefined を避けるため）
+        /* istanbul ignore else -- @preserve */
+        if (typeof optOpts.state === 'string' && optOpts.state.length > 0) {
+            queryParams.state = optOpts.state;
+        }
+        // PKCE (code_challenge) の追加
         if (optOpts.codeVerifier !== undefined) {
-            options.code_challenge_method = 'S256';
-            options.code_challenge = OAuth2client.BASE64URLENCODE(OAuth2client.SHA256(optOpts.codeVerifier));
+            queryParams.code_challenge_method = 'S256';
+            queryParams.code_challenge = OAuth2client.BASE64URLENCODE(OAuth2client.SHA256(optOpts.codeVerifier));
         }
-        var rootUrl = "https://".concat(this.options.domain).concat(OAuth2client.OAUTH2_AUTH_BASE_URI);
-        return "".concat(rootUrl, "?").concat(querystring.stringify(options));
-    };
+        const params = new URLSearchParams(queryParams);
+        const rootUrl = `https://${this.options.domain}${OAuth2client.OAUTH2_AUTH_BASE_URI}`;
+        return `${rootUrl}?${params.toString()}`;
+    }
     /**
      * Generates URL for logout.
      */
-    OAuth2client.prototype.generateLogoutUrl = function () {
-        var options = {
+    generateLogoutUrl() {
+        // const options: querystring.ParsedUrlQueryInput = {
+        //     client_id: this.options.clientId,
+        //     logout_uri: this.options.logoutUri
+        // };
+        // const rootUrl = `https://${this.options.domain}${OAuth2client.OAUTH2_LOGOUT_URI}`;
+        // return `${rootUrl}?${querystring.stringify(options)}`;
+        const queryParams = {
             client_id: this.options.clientId,
             logout_uri: this.options.logoutUri
         };
-        var rootUrl = "https://".concat(this.options.domain).concat(OAuth2client.OAUTH2_LOGOUT_URI);
-        return "".concat(rootUrl, "?").concat(querystring.stringify(options));
-    };
+        const rootUrl = `https://${this.options.domain}${OAuth2client.OAUTH2_LOGOUT_URI}`;
+        return `${rootUrl}?${new URLSearchParams(queryParams).toString()}`;
+    }
     /**
      * Gets the access token for the given code.
      * @param code The authorization code.
      */
-    OAuth2client.prototype.getToken = function (code, codeVerifier) {
-        return __awaiter(this, void 0, void 0, function () {
-            var form, secret, options;
-            var _this = this;
-            return __generator(this, function (_a) {
-                form = {
-                    code: code,
-                    client_id: this.options.clientId,
-                    redirect_uri: this.options.redirectUri,
-                    grant_type: 'authorization_code',
-                    code_verifier: codeVerifier
-                };
-                secret = Buffer.from("".concat(this.options.clientId, ":").concat(this.options.clientSecret), 'utf8')
-                    .toString('base64');
-                options = {
-                    body: querystring.stringify(form),
-                    method: 'POST',
-                    headers: {
-                        Authorization: "Basic ".concat(secret),
-                        'Content-Type': 'application/x-www-form-urlencoded'
-                    }
-                };
-                debug('fetching...', options);
-                return [2 /*return*/, fetch("https://".concat(this.options.domain).concat(OAuth2client.OAUTH2_TOKEN_URI), options)
-                        .then(function (response) { return __awaiter(_this, void 0, void 0, function () {
-                        var body, body, tokens;
-                        return __generator(this, function (_a) {
-                            switch (_a.label) {
-                                case 0:
-                                    debug('response:', response.status);
-                                    if (!(response.status !== http_status_1.OK)) return [3 /*break*/, 5];
-                                    if (!(response.status === http_status_1.BAD_REQUEST)) return [3 /*break*/, 2];
-                                    return [4 /*yield*/, response.json()];
-                                case 1:
-                                    body = _a.sent();
-                                    throw new Error(body.error);
-                                case 2: return [4 /*yield*/, response.text()];
-                                case 3:
-                                    body = _a.sent();
-                                    throw new Error(body);
-                                case 4: return [3 /*break*/, 7];
-                                case 5: return [4 /*yield*/, response.json()];
-                                case 6:
-                                    tokens = _a.sent();
-                                    /* istanbul ignore else */
-                                    if (tokens && tokens.expires_in) {
-                                        tokens.expiry_date = ((new Date()).getTime() + (tokens.expires_in * 1000));
-                                        delete tokens.expires_in;
-                                    }
-                                    return [2 /*return*/, tokens];
-                                case 7: return [2 /*return*/];
-                            }
-                        });
-                    }); })];
-            });
+    async getToken(code, codeVerifier) {
+        // const form = {
+        //     code: code,
+        //     client_id: this.options.clientId,
+        //     redirect_uri: this.options.redirectUri,
+        //     grant_type: 'authorization_code',
+        //     code_verifier: codeVerifier
+        // };
+        // const secret = Buffer.from(`${this.options.clientId}:${this.options.clientSecret}`, 'utf8')
+        //     .toString('base64');
+        // const options: RequestInit = {
+        //     body: querystring.stringify(form),
+        //     method: 'POST',
+        //     headers: {
+        //         Authorization: `Basic ${secret}`,
+        //         'Content-Type': 'application/x-www-form-urlencoded'
+        //     }
+        // };
+        const form = {
+            code: code,
+            client_id: this.options.clientId,
+            redirect_uri: this.options.redirectUri,
+            grant_type: 'authorization_code',
+            ...((typeof codeVerifier === 'string') && { code_verifier: codeVerifier })
+        };
+        const secretSource = `${this.options.clientId}:${this.options.clientSecret}`;
+        const secret = btoa(secretSource);
+        const options = {
+            body: new URLSearchParams(form).toString(),
+            method: 'POST',
+            headers: {
+                Authorization: `Basic ${secret}`,
+                'Content-Type': 'application/x-www-form-urlencoded'
+            }
+        };
+        debug('fetching...', options);
+        return fetch(`https://${this.options.domain}${OAuth2client.OAUTH2_TOKEN_URI}`, options)
+            .then(async (response) => {
+            debug('response:', response.status);
+            if (response.status !== http_status_1.status.OK) {
+                if (response.status === http_status_1.status.BAD_REQUEST) {
+                    const body = await response.json();
+                    throw new Error(body.error);
+                }
+                else {
+                    const body = await response.text();
+                    throw new Error(body);
+                }
+            }
+            else {
+                const tokens = await response.json();
+                /* istanbul ignore else */
+                if (tokens && tokens.expires_in) {
+                    tokens.expiry_date = ((new Date()).getTime() + (tokens.expires_in * 1000));
+                    delete tokens.expires_in;
+                }
+                return tokens;
+            }
         });
-    };
+    }
     /**
      * OAuthクライアントに認証情報をセットします。
      */
-    OAuth2client.prototype.setCredentials = function (credentials) {
+    setCredentials(credentials) {
         this.credentials = credentials;
-    };
-    OAuth2client.prototype.refreshAccessToken = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            var _this = this;
-            return __generator(this, function (_a) {
-                if (this.credentials.refresh_token === undefined) {
-                    throw new Error('No refresh token is set.');
-                }
-                return [2 /*return*/, this.refreshToken(this.credentials.refresh_token)
-                        .then(function (refreshTokenResult) { return __awaiter(_this, void 0, void 0, function () {
-                        return __generator(this, function (_a) {
-                            switch (_a.label) {
-                                case 0:
-                                    // tokens.refresh_token = this.credentials.refresh_token;
-                                    debug('setting credentials...', refreshTokenResult);
-                                    this.credentials = __assign(__assign({}, refreshTokenResult), { refresh_token: this.credentials.refresh_token });
-                                    if (!(typeof this.events.onTokenRefreshed === 'function')) return [3 /*break*/, 2];
-                                    return [4 /*yield*/, this.events.onTokenRefreshed(this.credentials)];
-                                case 1:
-                                    _a.sent();
-                                    _a.label = 2;
-                                case 2: return [2 /*return*/, this.credentials];
-                            }
-                        });
-                    }); })];
-            });
+    }
+    async refreshAccessToken() {
+        if (this.credentials.refresh_token === undefined) {
+            throw new Error('No refresh token is set.');
+        }
+        return this.refreshToken(this.credentials.refresh_token)
+            .then(async (refreshTokenResult) => {
+            // tokens.refresh_token = this.credentials.refresh_token;
+            debug('setting credentials...', refreshTokenResult);
+            this.credentials = {
+                ...refreshTokenResult,
+                refresh_token: this.credentials.refresh_token
+            };
+            // support onTokenRefreshed(2025-07-24~)
+            if (typeof this.events.onTokenRefreshed === 'function') {
+                await this.events.onTokenRefreshed(this.credentials);
+            }
+            return this.credentials;
         });
-    };
+    }
     /**
      * 期限の切れていないアクセストークンを取得します。
      * 必要であれば更新してから取得します。
      */
-    OAuth2client.prototype.getAccessToken = function () {
-        return __awaiter(this, void 0, void 0, function () {
-            var expiryDate, isTokenExpired, shouldRefresh;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        expiryDate = this.credentials.expiry_date;
-                        isTokenExpired = (expiryDate !== undefined) ? (expiryDate <= (new Date()).getTime()) : false;
-                        if (this.credentials.access_token === undefined && this.credentials.refresh_token === undefined) {
-                            throw new Error('No access or refresh token is set.');
-                        }
-                        shouldRefresh = (this.credentials.access_token === undefined) || isTokenExpired;
-                        if (!(shouldRefresh && typeof this.credentials.refresh_token === 'string' && this.credentials.refresh_token.length > 0)) return [3 /*break*/, 2];
-                        return [4 /*yield*/, this.refreshAccessToken()];
-                    case 1:
-                        _a.sent();
-                        _a.label = 2;
-                    case 2: return [2 /*return*/, this.credentials.access_token];
-                }
-            });
-        });
-    };
+    async getAccessToken() {
+        const expiryDate = this.credentials.expiry_date;
+        // if no expiry time, assume it's not expired
+        const isTokenExpired = (expiryDate !== undefined) ? (expiryDate <= (new Date()).getTime()) : false;
+        if (this.credentials.access_token === undefined && this.credentials.refresh_token === undefined) {
+            throw new Error('No access or refresh token is set.');
+        }
+        const shouldRefresh = (this.credentials.access_token === undefined) || isTokenExpired;
+        // refreshTokenが存在すればrefreshAccessToken
+        /* istanbul ignore else */
+        if (shouldRefresh && typeof this.credentials.refresh_token === 'string' && this.credentials.refresh_token.length > 0) {
+            await this.refreshAccessToken();
+        }
+        return this.credentials.access_token;
+    }
     /**
      * Revokes the access given to token.
      * @param token The existing token to be revoked.
@@ -280,83 +239,72 @@ var OAuth2client = /** @class */ (function () {
      * 401 and 403 responses, it automatically asks for a new
      * access token and replays the unsuccessful request.
      */
-    OAuth2client.prototype.fetch = function (url, options, expectedStatusCodes, retryableStatusCodes // リトライ有無をコントロール(2024-03-31~)
+    async fetch(url, options, expectedStatusCodes, retryableStatusCodes // リトライ有無をコントロール(2024-03-31~)
     ) {
-        return __awaiter(this, void 0, void 0, function () {
-            var retry, result, numberOfTry, _a, _b, error_1, statusCode;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
-                    case 0:
-                        retry = true;
-                        options.headers = (options.headers === undefined || options.headers === null) ? {} : options.headers;
-                        numberOfTry = 0;
-                        _c.label = 1;
-                    case 1:
-                        if (!(result === undefined)) return [3 /*break*/, 11];
-                        _c.label = 2;
-                    case 2:
-                        _c.trys.push([2, 5, , 10]);
-                        numberOfTry += 1;
-                        if (numberOfTry > exports.MAX_RETRY_NUM) {
-                            retry = false;
+        // Callbacks will close over this to ensure that we only retry once
+        let retry = true;
+        options.headers = (options.headers === undefined || options.headers === null) ? {} : options.headers;
+        let result;
+        let numberOfTry = 0;
+        while (result === undefined) {
+            try {
+                numberOfTry += 1;
+                if (numberOfTry > exports.MAX_RETRY_NUM) {
+                    retry = false;
+                }
+                options.headers.Authorization = `Bearer ${await this.getAccessToken()}`;
+                result = await this.makeFetch(url, options, expectedStatusCodes);
+                break;
+            }
+            catch (error) {
+                /* istanbul ignore else */
+                if (error instanceof Error) {
+                    const statusCode = error.code;
+                    debug('retry? numberOfTry:', numberOfTry, 'statusCode: ', statusCode, 'retry: ', retry, 'retryableStatusCodes: ', retryableStatusCodes);
+                    if (retry && typeof statusCode === 'number' && retryableStatusCodes.includes(statusCode)) {
+                        /* It only makes sense to retry once, because the retry is intended
+                         * to handle expiration-related failures. If refreshing the token
+                         * does not fix the failure, then refreshing again probably won't
+                         * help */
+                        // Force token refresh
+                        // refreshTokenが存在すれば強制的にrefreshAccessToken
+                        /* istanbul ignore else */
+                        if (typeof this.credentials.refresh_token === 'string' && this.credentials.refresh_token.length > 0) {
+                            await this.refreshAccessToken();
                         }
-                        _a = options.headers;
-                        _b = "Bearer ".concat;
-                        return [4 /*yield*/, this.getAccessToken()];
-                    case 3:
-                        _a.Authorization = _b.apply("Bearer ", [_c.sent()]);
-                        return [4 /*yield*/, this.makeFetch(url, options, expectedStatusCodes)];
-                    case 4:
-                        result = _c.sent();
-                        return [3 /*break*/, 11];
-                    case 5:
-                        error_1 = _c.sent();
-                        if (!(error_1 instanceof Error)) return [3 /*break*/, 9];
-                        statusCode = error_1.code;
-                        debug('retry? numberOfTry:', numberOfTry, 'statusCode: ', statusCode, 'retry: ', retry, 'retryableStatusCodes: ', retryableStatusCodes);
-                        if (!(retry && retryableStatusCodes.includes(statusCode))) return [3 /*break*/, 9];
-                        if (!(typeof this.credentials.refresh_token === 'string' && this.credentials.refresh_token.length > 0)) return [3 /*break*/, 7];
-                        return [4 /*yield*/, this.refreshAccessToken()];
-                    case 6:
-                        _c.sent();
-                        _c.label = 7;
-                    case 7: 
-                    // wait seconds(2024-04-01~)
-                    return [4 /*yield*/, sleep(WAIT_BEFORE_RETRY_MS * numberOfTry)];
-                    case 8:
                         // wait seconds(2024-04-01~)
-                        _c.sent();
-                        return [3 /*break*/, 1];
-                    case 9: throw error_1;
-                    case 10: return [3 /*break*/, 1];
-                    case 11: return [2 /*return*/, result];
+                        await sleep(WAIT_BEFORE_RETRY_MS * numberOfTry);
+                        continue;
+                    }
                 }
-            });
-        });
-    };
+                throw error;
+            }
+        }
+        return result;
+    }
     /**
      * IDトークンを検証する
      * 結果にはIDトークンの付加情報が含まれます。
      */
-    OAuth2client.prototype.verifyIdToken = function (options) {
+    verifyIdToken(options) {
         if (this.credentials.id_token === undefined) {
             throw new Error('The verifyIdToken method requires an ID Token');
         }
         // return this.verifySignedJwt(options.idToken, options.audience, OAuth2Client.ISSUERS_);
         return this.verifySignedJwt(this.credentials.id_token, options.audience);
-    };
+    }
     /**
      * トークン更新イベントハンドラを登録する
      */
-    OAuth2client.prototype.onTokenRefreshed = function (params) {
+    onTokenRefreshed(params) {
         this.events.onTokenRefreshed = params;
-    };
+    }
     /**
      * リクエスト送信前イベントハンドラを登録する
      */
-    OAuth2client.prototype.preFetch = function (params) {
+    preFetch(params) {
         this.events.preFetch = params;
-    };
+    }
     /**
      * Provides a request implementation with OAuth 2.0 flow.
      * If credentials have a refresh_token, in cases of HTTP
@@ -383,100 +331,89 @@ var OAuth2client = /** @class */ (function () {
      * Makes a request without paying attention to refreshing or anything
      * Assumes that all credentials are set correctly.
      */
-    OAuth2client.prototype.makeFetch = function (url, options, expectedStatusCodes) {
-        return __awaiter(this, void 0, void 0, function () {
-            var transporter, fetchOptions, preFetchResult;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        transporter = new transporters_1.DefaultTransporter(expectedStatusCodes);
-                        if (!(typeof this.events.preFetch === 'function')) return [3 /*break*/, 2];
-                        return [4 /*yield*/, this.events.preFetch({ url: url, options: options })];
-                    case 1:
-                        preFetchResult = _a.sent();
-                        fetchOptions = preFetchResult.options;
-                        return [3 /*break*/, 3];
-                    case 2:
-                        fetchOptions = options;
-                        _a.label = 3;
-                    case 3: return [2 /*return*/, transporter.fetch(url, fetchOptions)];
-                }
-            });
-        });
-    };
+    async makeFetch(url, options, expectedStatusCodes) {
+        const transporter = new transporters_1.DefaultTransporter(expectedStatusCodes);
+        let fetchOptions;
+        if (typeof this.events.preFetch === 'function') {
+            const preFetchResult = await this.events.preFetch({ url, options });
+            fetchOptions = preFetchResult.options;
+        }
+        else {
+            fetchOptions = options;
+        }
+        return transporter.fetch(url, fetchOptions);
+    }
     /**
      * Refreshes the access token.
      */
-    OAuth2client.prototype.refreshToken = function (refreshToken) {
-        return __awaiter(this, void 0, void 0, function () {
-            var form, secret, options;
-            var _this = this;
-            return __generator(this, function (_a) {
-                // request for new token
-                debug('refreshing access token...', this.credentials, refreshToken);
-                form = {
-                    client_id: this.options.clientId,
-                    refresh_token: refreshToken,
-                    grant_type: 'refresh_token'
-                };
-                secret = Buffer.from("".concat(this.options.clientId, ":").concat(this.options.clientSecret), 'utf8')
-                    .toString('base64');
-                options = {
-                    body: querystring.stringify(form),
-                    method: 'POST',
-                    headers: {
-                        Authorization: "Basic ".concat(secret),
-                        'Content-Type': 'application/x-www-form-urlencoded'
-                    }
-                };
-                debug('fetching...', options);
-                return [2 /*return*/, fetch("https://".concat(this.options.domain).concat(OAuth2client.OAUTH2_TOKEN_URI), options)
-                        .then(function (response) { return __awaiter(_this, void 0, void 0, function () {
-                        var body, body, result, refreshTokenResponse, access_token, id_token, expires_in, token_type;
-                        return __generator(this, function (_a) {
-                            switch (_a.label) {
-                                case 0:
-                                    debug('response:', response.status);
-                                    if (!(response.status !== http_status_1.OK)) return [3 /*break*/, 5];
-                                    if (!(response.status === http_status_1.BAD_REQUEST)) return [3 /*break*/, 2];
-                                    return [4 /*yield*/, response.json()];
-                                case 1:
-                                    body = _a.sent();
-                                    throw new Error(body.error);
-                                case 2: return [4 /*yield*/, response.text()];
-                                case 3:
-                                    body = _a.sent();
-                                    throw new Error(body);
-                                case 4: return [3 /*break*/, 7];
-                                case 5:
-                                    result = void 0;
-                                    return [4 /*yield*/, response.json()];
-                                case 6:
-                                    refreshTokenResponse = _a.sent();
-                                    /* istanbul ignore else */
-                                    if (refreshTokenResponse !== undefined && typeof refreshTokenResponse.expires_in === 'number') {
-                                        access_token = refreshTokenResponse.access_token, id_token = refreshTokenResponse.id_token, expires_in = refreshTokenResponse.expires_in, token_type = refreshTokenResponse.token_type;
-                                        result = {
-                                            access_token: access_token,
-                                            id_token: id_token,
-                                            token_type: token_type,
-                                            expiry_date: ((new Date()).getTime() + (expires_in * 1000))
-                                        };
-                                        // delete tokens.expires_in;
-                                    }
-                                    else {
-                                        // 想定していないリフレッシュトークンレスポンスはログ出力
-                                        console.error('unexpected refreshToken response:', refreshTokenResponse);
-                                        throw new Error('unexpected refreshToken response.');
-                                    }
-                                    return [2 /*return*/, result];
-                                case 7: return [2 /*return*/];
-                            }
-                        });
-                    }); })];
-            });
+    async refreshToken(refreshToken) {
+        // request for new token
+        debug('refreshing access token...', this.credentials, refreshToken);
+        // const form = {
+        //     client_id: this.options.clientId,
+        //     refresh_token: refreshToken,
+        //     grant_type: 'refresh_token'
+        // };
+        // const secret = Buffer.from(`${this.options.clientId}:${this.options.clientSecret}`, 'utf8')
+        //     .toString('base64');
+        // const options: RequestInit = {
+        //     body: querystring.stringify(form),
+        //     method: 'POST',
+        //     headers: {
+        //         Authorization: `Basic ${secret}`,
+        //         'Content-Type': 'application/x-www-form-urlencoded'
+        //     }
+        // };
+        const form = {
+            client_id: this.options.clientId,
+            refresh_token: refreshToken,
+            grant_type: 'refresh_token'
+        };
+        const secretSource = `${this.options.clientId}:${this.options.clientSecret}`;
+        const secret = btoa(secretSource);
+        const options = {
+            body: new URLSearchParams(form).toString(),
+            method: 'POST',
+            headers: {
+                Authorization: `Basic ${secret}`,
+                'Content-Type': 'application/x-www-form-urlencoded'
+            }
+        };
+        debug('fetching...', options);
+        return fetch(`https://${this.options.domain}${OAuth2client.OAUTH2_TOKEN_URI}`, options)
+            .then(async (response) => {
+            debug('response:', response.status);
+            if (response.status !== http_status_1.status.OK) {
+                if (response.status === http_status_1.status.BAD_REQUEST) {
+                    const body = await response.json();
+                    throw new Error(body.error);
+                }
+                else {
+                    const body = await response.text();
+                    throw new Error(body);
+                }
+            }
+            else {
+                let result;
+                const refreshTokenResponse = await response.json();
+                /* istanbul ignore else */
+                if (refreshTokenResponse !== undefined && typeof refreshTokenResponse.expires_in === 'number') {
+                    const { access_token, id_token, expires_in, token_type } = refreshTokenResponse;
+                    result = {
+                        access_token, id_token, token_type,
+                        expiry_date: ((new Date()).getTime() + (expires_in * 1000))
+                    };
+                    // delete tokens.expires_in;
+                }
+                else {
+                    // 想定していないリフレッシュトークンレスポンスはログ出力
+                    console.error('unexpected refreshToken response:', refreshTokenResponse);
+                    throw new Error('unexpected refreshToken response.');
+                }
+                return result;
+            }
         });
-    };
+    }
     /**
      * Verify the id token is signed with the correct certificate
      * and is from the correct audience.
@@ -484,35 +421,35 @@ var OAuth2client = /** @class */ (function () {
      * @param requiredAudience The audience to test the jwt against.
      * @param issuers The allowed issuers of the jwt (Optional).
      */
-    OAuth2client.prototype.verifySignedJwt = function (jwt, requiredAudience) {
+    verifySignedJwt(jwt, requiredAudience) {
         // private verifySignedJwt(jwt: string, requiredAudience: string | string[], issuers?: string[]) {
-        var segments = jwt.split('.');
+        const segments = jwt.split('.');
         if (segments.length !== 3) {
-            throw new Error("Wrong number of segments in token: ".concat(jwt));
+            throw new Error(`Wrong number of segments in token: ${jwt}`);
         }
         // const signed = `${segments[0]}.${segments[1]}`;
         // const signature = segments[2];
-        var envelope;
-        var payload;
+        let envelope;
+        let payload;
         try {
             envelope = JSON.parse(Buffer.from(segments[0], 'base64')
                 .toString('utf8'));
         }
-        catch (_a) {
-            throw new Error("Can't parse token envelope: ".concat(segments[0]));
+        catch {
+            throw new Error(`Can't parse token envelope: ${segments[0]}`);
         }
         try {
             payload = JSON.parse(Buffer.from(segments[1], 'base64')
                 .toString('utf8'));
         }
-        catch (_b) {
-            throw new Error("Can't parse token payload: ".concat(segments[0]));
+        catch {
+            throw new Error(`Can't parse token payload: ${segments[0]}`);
         }
         if (payload.iat === undefined) {
-            throw new Error("No issue time in token: ".concat(JSON.stringify(payload)));
+            throw new Error(`No issue time in token: ${JSON.stringify(payload)}`);
         }
         if (payload.exp === undefined) {
-            throw new Error("No expiration time in token: ".concat(JSON.stringify(payload)));
+            throw new Error(`No expiration time in token: ${JSON.stringify(payload)}`);
         }
         if (isNaN(payload.iat)) {
             throw new Error('iat field using invalid format');
@@ -526,8 +463,8 @@ var OAuth2client = /** @class */ (function () {
         // Check the audience matches if we have one
         /* istanbul ignore else */
         if (requiredAudience !== undefined) {
-            var aud = payload.aud;
-            var audVerified = false;
+            const aud = payload.aud;
+            let audVerified = false;
             // If the requiredAudience is an array, check if it contains token
             if (Array.isArray(requiredAudience)) {
                 audVerified = (requiredAudience.indexOf(aud) > -1);
@@ -543,19 +480,6 @@ var OAuth2client = /** @class */ (function () {
             envelope: envelope,
             payload: payload
         });
-    };
-    /**
-     * The base URL for auth endpoints.
-     */
-    OAuth2client.OAUTH2_AUTH_BASE_URI = '/oauth2/authorize';
-    /**
-     * The base endpoint for token retrieval.
-     */
-    OAuth2client.OAUTH2_TOKEN_URI = '/oauth2/token';
-    /**
-     * The base endpoint to revoke tokens.
-     */
-    OAuth2client.OAUTH2_LOGOUT_URI = '/logout';
-    return OAuth2client;
-}());
-exports.default = OAuth2client;
+    }
+}
+exports.OAuth2client = OAuth2client;