npm - @civic/auth - Versions diffs - 0.0.1-beta.27 → 0.0.1-beta.28 - Mend

@civic/auth 0.0.1-beta.27 → 0.0.1-beta.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/session.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"session.js","sourceRoot":"","sources":["../../../../../src/shared/lib/session.ts"],"names":[],"mappings":";;AAIA,0BAMC;AAVD,kDAAsD;AACtD,kCAAoC;AAG7B,KAAK,UAAU,OAAO,CAAC,OAAoB;IAChD,MAAM,MAAM,GAAG,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,6CAA6C;IAC7C,OAAQ,IAAA,cAAQ,EAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAgB,IAAI,IAAI,CAAC;AAC9D,CAAC","sourcesContent":["import { retrieveTokens } from \"@/shared/lib/util.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport type { AuthStorage, User } from \"@/types.js\";\n\nexport async function getUser(storage: AuthStorage): Promise<User | null> {\n const tokens = retrieveTokens(storage);\n if (!tokens) return null;\n\n // Assumes all information is in the ID token\n return (parseJWT(tokens.id_token)?.payload as User) ?? null;\n}\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/storage.d.ts DELETED Viewed

@@ -1,25 +0,0 @@
-import type { AuthStorage, SessionData, UnknownObject, User } from "@/types.js";
-type SameSiteOption = "strict" | "lax" | "none";
-export interface SessionStorage {
-    get(): SessionData;
-    getUser(): User<UnknownObject> | null;
-    set(data: Partial<SessionData>): void;
-    setUser(data: User<UnknownObject> | null): void;
-    clear(): void;
-}
-export type CookieStorageSettings = {
-    httpOnly: boolean;
-    secure: boolean;
-    sameSite: SameSiteOption;
-    expires: Date;
-    path: string;
-};
-export declare const DEFAULT_COOKIE_DURATION: number;
-export declare abstract class CookieStorage implements AuthStorage {
-    protected settings: CookieStorageSettings;
-    protected constructor(settings?: Partial<CookieStorageSettings>);
-    abstract get(key: string): string | null;
-    abstract set(key: string, value: string): void;
-}
-export {};
-//# sourceMappingURL=storage.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/storage.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../../../src/shared/lib/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEhF,KAAK,cAAc,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,MAAM,WAAW,cAAc;IAC7B,GAAG,IAAI,WAAW,CAAC;IACnB,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IACtC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;IACtC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;IAChD,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,eAAO,MAAM,uBAAuB,QAAU,CAAC;AAE/C,8BAAsB,aAAc,YAAW,WAAW;IACxD,SAAS,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IAC1C,SAAS,aAAa,QAAQ,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAanE,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IACxC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;CAC/C"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/storage.js DELETED Viewed

@@ -1,21 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CookieStorage = exports.DEFAULT_COOKIE_DURATION = void 0;
-exports.DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes
-class CookieStorage {
-    settings;
-    constructor(settings = {}) {
-        this.settings = {
-            httpOnly: settings.httpOnly ?? true,
-            secure: settings.secure ?? true,
-            // the callback request comes the auth server
-            // 'lax' ensures the code_verifier cookie is sent with the request
-            sameSite: settings.sameSite ?? "lax",
-            expires: settings.expires ??
-                new Date(Date.now() + 1000 * exports.DEFAULT_COOKIE_DURATION),
-            path: settings.path ?? "/",
-        };
-    }
-}
-exports.CookieStorage = CookieStorage;
-//# sourceMappingURL=storage.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/storage.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../../../src/shared/lib/storage.ts"],"names":[],"mappings":";;;AAoBa,QAAA,uBAAuB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,aAAa;AAE7D,MAAsB,aAAa;IACvB,QAAQ,CAAwB;IAC1C,YAAsB,WAA2C,EAAE;QACjE,IAAI,CAAC,QAAQ,GAAG;YACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,IAAI;YACnC,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,IAAI;YAC/B,6CAA6C;YAC7C,kEAAkE;YAClE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,KAAK;YACpC,OAAO,EACL,QAAQ,CAAC,OAAO;gBAChB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,+BAAuB,CAAC;YACvD,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,GAAG;SAC3B,CAAC;IACJ,CAAC;CAGF;AAjBD,sCAiBC","sourcesContent":["import type { AuthStorage, SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n}\n\nexport type CookieStorageSettings = {\n httpOnly: boolean;\n secure: boolean;\n sameSite: SameSiteOption;\n expires: Date;\n path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n protected settings: CookieStorageSettings;\n protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n this.settings = {\n httpOnly: settings.httpOnly ?? true,\n secure: settings.secure ?? true,\n // the callback request comes the auth server\n // 'lax' ensures the code_verifier cookie is sent with the request\n sameSite: settings.sameSite ?? \"lax\",\n expires:\n settings.expires ??\n new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n path: settings.path ?? \"/\",\n };\n }\n abstract get(key: string): string | null;\n abstract set(key: string, value: string): void;\n}\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/types.d.ts DELETED Viewed

@@ -1,22 +0,0 @@
-export declare enum OAuthTokens {
-    ID_TOKEN = "id_token",
-    ACCESS_TOKEN = "access_token",
-    REFRESH_TOKEN = "refresh_token"
-}
-export declare enum CodeVerifier {
-    COOKIE_NAME = "code_verifier",
-    APP_URL = "app_url"
-}
-export declare enum UserStorage {
-    USER = "user"
-}
-export interface CookieConfig {
-    secure?: boolean;
-    sameSite?: "strict" | "lax" | "none";
-    domain?: string;
-    path?: string;
-    maxAge?: number;
-    httpOnly?: boolean;
-}
-export type TokensCookieConfig = Record<OAuthTokens | CodeVerifier, CookieConfig>;
-//# sourceMappingURL=types.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/types.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/shared/lib/types.ts"],"names":[],"mappings":"AAAA,oBAAY,WAAW;IACrB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;IAC7B,aAAa,kBAAkB;CAChC;AAED,oBAAY,YAAY;IACtB,WAAW,kBAAkB;IAC7B,OAAO,YAAY;CACpB;AACD,oBAAY,WAAW;IACrB,IAAI,SAAS;CACd;AACD,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,MAAM,kBAAkB,GAAG,MAAM,CACrC,WAAW,GAAG,YAAY,EAC1B,YAAY,CACb,CAAC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/types.js DELETED Viewed

@@ -1,19 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserStorage = exports.CodeVerifier = exports.OAuthTokens = void 0;
-var OAuthTokens;
-(function (OAuthTokens) {
-    OAuthTokens["ID_TOKEN"] = "id_token";
-    OAuthTokens["ACCESS_TOKEN"] = "access_token";
-    OAuthTokens["REFRESH_TOKEN"] = "refresh_token";
-})(OAuthTokens || (exports.OAuthTokens = OAuthTokens = {}));
-var CodeVerifier;
-(function (CodeVerifier) {
-    CodeVerifier["COOKIE_NAME"] = "code_verifier";
-    CodeVerifier["APP_URL"] = "app_url";
-})(CodeVerifier || (exports.CodeVerifier = CodeVerifier = {}));
-var UserStorage;
-(function (UserStorage) {
-    UserStorage["USER"] = "user";
-})(UserStorage || (exports.UserStorage = UserStorage = {}));
-//# sourceMappingURL=types.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../src/shared/lib/types.ts"],"names":[],"mappings":";;;AAAA,IAAY,WAIX;AAJD,WAAY,WAAW;IACrB,oCAAqB,CAAA;IACrB,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;AACjC,CAAC,EAJW,WAAW,2BAAX,WAAW,QAItB;AAED,IAAY,YAGX;AAHD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,mCAAmB,CAAA;AACrB,CAAC,EAHW,YAAY,4BAAZ,YAAY,QAGvB;AACD,IAAY,WAEX;AAFD,WAAY,WAAW;IACrB,4BAAa,CAAA;AACf,CAAC,EAFW,WAAW,2BAAX,WAAW,QAEtB","sourcesContent":["export enum OAuthTokens {\n ID_TOKEN = \"id_token\",\n ACCESS_TOKEN = \"access_token\",\n REFRESH_TOKEN = \"refresh_token\",\n}\n\nexport enum CodeVerifier {\n COOKIE_NAME = \"code_verifier\",\n APP_URL = \"app_url\",\n}\nexport enum UserStorage {\n USER = \"user\",\n}\nexport interface CookieConfig {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n httpOnly?: boolean;\n}\n\nexport type TokensCookieConfig = Record<\n OAuthTokens | CodeVerifier,\n CookieConfig\n>;\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/util.d.ts DELETED Viewed

@@ -1,33 +0,0 @@
-import type { AuthStorage, Endpoints, OIDCTokenResponseBody, ParsedTokens } from "@/types.js";
-import { OAuth2Client } from "oslo/oauth2";
-import type { PKCEConsumer, PKCEProducer } from "@/services/types.js";
-/**
- * Given a PKCE code verifier, derive the code challenge using SHA
- */
-export declare function deriveCodeChallenge(codeVerifier: string, method?: "Plain" | "S256"): Promise<string>;
-export declare function getEndpointsWithOverrides(oauthServer: string, endpointOverrides?: Partial<Endpoints>): Promise<Endpoints>;
-export declare function generateOauthLoginUrl(config: {
-    clientId: string;
-    scopes: string[];
-    state: string;
-    redirectUrl: string;
-    oauthServer: string;
-    nonce?: string;
-    endpointOverrides?: Partial<Endpoints>;
-    pkceConsumer: PKCEConsumer;
-}): Promise<URL>;
-export declare function generateOauthLogoutUrl(config: {
-    clientId: string;
-    scopes: string[];
-    oauthServer: string;
-    endpointOverrides?: Partial<Endpoints>;
-    pkceConsumer: PKCEConsumer;
-}): Promise<URL>;
-export declare function buildOauth2Client(clientId: string, redirectUri: string, endpoints: Endpoints): OAuth2Client;
-export declare function exchangeTokens(code: string, state: string, pkceProducer: PKCEProducer, oauth2Client: OAuth2Client, oauthServer: string, endpoints: Endpoints): Promise<OIDCTokenResponseBody>;
-export declare function storeTokens(storage: AuthStorage, tokens: OIDCTokenResponseBody): void;
-export declare function clearTokens(storage: AuthStorage): void;
-export declare function clearUser(storage: AuthStorage): void;
-export declare function retrieveTokens(storage: AuthStorage): OIDCTokenResponseBody | null;
-export declare function validateOauth2Tokens(tokens: OIDCTokenResponseBody, endpoints: Endpoints, oauth2Client: OAuth2Client, issuer: string): Promise<ParsedTokens>;
-//# sourceMappingURL=util.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/util.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM,GACzC,OAAO,CAAC,SAAS,CAAC,CAMpB;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA4Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CAIf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAqBrB;AAED,wBAAgB,WAAW,CACzB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,QAO9B;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,QAO/C;AACD,wBAAgB,SAAS,CAAC,OAAO,EAAE,WAAW,QAG7C;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,WAAW,GACnB,qBAAqB,GAAG,IAAI,CAY9B;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CA2BvB"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/util.js DELETED Viewed

@@ -1,142 +0,0 @@
-"use strict";
-// Utility functions shared by auth server and client integrations
-// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.deriveCodeChallenge = deriveCodeChallenge;
-exports.getEndpointsWithOverrides = getEndpointsWithOverrides;
-exports.generateOauthLoginUrl = generateOauthLoginUrl;
-exports.generateOauthLogoutUrl = generateOauthLogoutUrl;
-exports.buildOauth2Client = buildOauth2Client;
-exports.exchangeTokens = exchangeTokens;
-exports.storeTokens = storeTokens;
-exports.clearTokens = clearTokens;
-exports.clearUser = clearUser;
-exports.retrieveTokens = retrieveTokens;
-exports.validateOauth2Tokens = validateOauth2Tokens;
-const tslib_1 = require("tslib");
-const types_js_1 = require("./types.js");
-const oauth2_1 = require("oslo/oauth2");
-const oauth_js_1 = require("@/lib/oauth.js");
-const jose = tslib_1.__importStar(require("jose"));
-const utils_js_1 = require("@/utils.js");
-const UserSession_js_1 = require("@/shared/lib/UserSession.js");
-/**
- * Given a PKCE code verifier, derive the code challenge using SHA
- */
-async function deriveCodeChallenge(codeVerifier, method = "S256") {
-    if (method === "Plain") {
-        console.warn("Using insecure plain code challenge method");
-        return codeVerifier;
-    }
-    const encoder = new TextEncoder();
-    const data = encoder.encode(codeVerifier);
-    const digest = await crypto.subtle.digest("SHA-256", data);
-    return btoa(String.fromCharCode(...new Uint8Array(digest)))
-        .replace(/\+/g, "-")
-        .replace(/\//g, "_")
-        .replace(/=+$/, "");
-}
-async function getEndpointsWithOverrides(oauthServer, endpointOverrides = {}) {
-    const endpoints = await (0, oauth_js_1.getOauthEndpoints)(oauthServer);
-    return {
-        ...endpoints,
-        ...endpointOverrides,
-    };
-}
-async function generateOauthLoginUrl(config) {
-    const endpoints = await getEndpointsWithOverrides(config.oauthServer, config.endpointOverrides);
-    const oauth2Client = buildOauth2Client(config.clientId, config.redirectUrl, endpoints);
-    const challenge = await config.pkceConsumer.getCodeChallenge();
-    const oAuthUrl = await oauth2Client.createAuthorizationURL({
-        state: config.state,
-        scopes: config.scopes,
-    });
-    // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source
-    // It only allows passing in a code verifier which it then hashes itself.
-    oAuthUrl.searchParams.append("code_challenge", challenge);
-    oAuthUrl.searchParams.append("code_challenge_method", "S256");
-    if (config.nonce) {
-        // nonce isn't supported by oslo, so we add it manually
-        oAuthUrl.searchParams.append("nonce", config.nonce);
-    }
-    // Required by the auth server for offline_access scope
-    oAuthUrl.searchParams.append("prompt", "consent");
-    console.log("Generated OAuth URL", oAuthUrl.toString());
-    return oAuthUrl;
-}
-async function generateOauthLogoutUrl(config) {
-    // TODO TECH-676: Implement logout
-    console.log("generateOauthLogoutUrl not implemented", config);
-    return new URL("http://localhost");
-}
-function buildOauth2Client(clientId, redirectUri, endpoints) {
-    return new oauth2_1.OAuth2Client(clientId, endpoints.auth, endpoints.token, {
-        redirectURI: redirectUri,
-    });
-}
-async function exchangeTokens(code, state, pkceProducer, oauth2Client, oauthServer, endpoints) {
-    const codeVerifier = await pkceProducer.getCodeVerifier();
-    if (!codeVerifier)
-        throw new Error("Code verifier not found in state");
-    const tokens = await oauth2Client.validateAuthorizationCode(code, {
-        codeVerifier,
-    });
-    // Validate relevant tokens
-    try {
-        await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);
-    }
-    catch (error) {
-        console.error("tokenExchange error", { error, tokens });
-        throw new Error(`OIDC tokens validation failed: ${error.message}`);
-    }
-    return tokens;
-}
-function storeTokens(storage, tokens) {
-    // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )
-    storage.set(types_js_1.OAuthTokens.ID_TOKEN, tokens.id_token);
-    storage.set(types_js_1.OAuthTokens.ACCESS_TOKEN, tokens.access_token);
-    if (tokens.refresh_token)
-        storage.set(types_js_1.OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);
-}
-function clearTokens(storage) {
-    Object.values(types_js_1.OAuthTokens).forEach((cookie) => {
-        storage.set(cookie, "");
-    });
-    Object.values(types_js_1.CodeVerifier.COOKIE_NAME).forEach((cookie) => {
-        storage.set(cookie, "");
-    });
-}
-function clearUser(storage) {
-    const userSession = new UserSession_js_1.GenericUserSession(storage);
-    userSession.set(null);
-}
-function retrieveTokens(storage) {
-    const idToken = storage.get(types_js_1.OAuthTokens.ID_TOKEN);
-    const accessToken = storage.get(types_js_1.OAuthTokens.ACCESS_TOKEN);
-    const refreshToken = storage.get(types_js_1.OAuthTokens.REFRESH_TOKEN);
-    if (!idToken || !accessToken)
-        return null;
-    return {
-        id_token: idToken,
-        access_token: accessToken,
-        refresh_token: refreshToken ?? undefined,
-    };
-}
-async function validateOauth2Tokens(tokens, endpoints, oauth2Client, issuer) {
-    const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));
-    // validate the ID token
-    const idTokenResponse = await jose.jwtVerify(tokens.id_token, JWKS, {
-        issuer: (0, oauth_js_1.getIssuerVariations)(issuer),
-        audience: oauth2Client.clientId,
-    });
-    // validate the access token
-    const accessTokenResponse = await jose.jwtVerify(tokens.access_token, JWKS, {
-        issuer: (0, oauth_js_1.getIssuerVariations)(issuer),
-    });
-    return (0, utils_js_1.withoutUndefined)({
-        id_token: idTokenResponse.payload,
-        access_token: accessTokenResponse.payload,
-        refresh_token: tokens.refresh_token,
-    });
-}
-//# sourceMappingURL=util.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/lib/util.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../../src/shared/lib/util.ts"],"names":[],"mappings":";AAAA,kEAAkE;AAClE,qHAAqH;;AAsBrH,kDAgBC;AAED,8DASC;AAED,sDAsCC;AAED,wDAWC;AAED,8CAQC;AAED,wCA2BC;AAED,kCASC;AAED,kCAOC;AACD,8BAGC;AAED,wCAcC;AAED,oDAgCC;;AA5MD,yCAAuD;AACvD,wCAA2C;AAC3C,6CAAwE;AACxE,mDAA6B;AAC7B,yCAA8C;AAE9C,gEAAiE;AAEjE;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,kCAAkC;IAClC,OAAO,CAAC,GAAG,CAAC,wCAAwC,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,WAAW,CACzB,OAAoB,EACpB,MAA6B;IAE7B,4GAA4G;IAC5G,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,aAAa;QACtB,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;AACjE,CAAC;AAED,SAAgB,WAAW,CAAC,OAAoB;IAC9C,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,MAAM,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QACzD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AACD,SAAgB,SAAS,CAAC,OAAoB;IAC5C,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAoB;IAEpB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAE5D,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;KACzC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\n\n// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n AuthStorage,\n Endpoints,\n JWTPayload,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport { CodeVerifier, OAuthTokens } from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n console.log(\"Generated OAuth URL\", oAuthUrl.toString());\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n // TODO TECH-676: Implement logout\n console.log(\"generateOauthLogoutUrl not implemented\", config);\n return new URL(\"http://localhost\");\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n\n return tokens;\n}\n\nexport function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token)\n storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n}\n\nexport function clearTokens(storage: AuthStorage) {\n Object.values(OAuthTokens).forEach((cookie) => {\n storage.set(cookie, \"\");\n });\n Object.values(CodeVerifier.COOKIE_NAME).forEach((cookie) => {\n storage.set(cookie, \"\");\n });\n}\nexport function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n userSession.set(null);\n}\n\nexport function retrieveTokens(\n storage: AuthStorage,\n): OIDCTokenResponseBody | null {\n const idToken = storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = storage.get(OAuthTokens.REFRESH_TOKEN);\n\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n };\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthContext.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import type { DisplayMode } from "@/types.js";
-export type AuthContextType = {
-    signIn: (displayMode?: DisplayMode) => Promise<void>;
-    isAuthenticated: boolean;
-    isLoading: boolean;
-    error: Error | null;
-    signOut: () => Promise<void>;
-};
-export declare const AuthContext: import("react").Context<AuthContextType | null>;
-//# sourceMappingURL=AuthContext.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthContext.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B,CAAC;AACF,eAAO,MAAM,WAAW,iDAA8C,CAAC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthContext.js DELETED Viewed

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthContext = void 0;
-const react_1 = require("react");
-exports.AuthContext = (0, react_1.createContext)(null);
-//# sourceMappingURL=AuthContext.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthContext.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AuthContext.js","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthContext.tsx"],"names":[],"mappings":";;;AAAA,iCAAsC;AAUzB,QAAA,WAAW,GAAG,IAAA,qBAAa,EAAyB,IAAI,CAAC,CAAC","sourcesContent":["import { createContext } from \"react\";\nimport type { DisplayMode } from \"@/types.js\";\n\nexport type AuthContextType = {\n signIn: (displayMode?: DisplayMode) => Promise<void>;\n isAuthenticated: boolean;\n isLoading: boolean;\n error: Error | null;\n signOut: () => Promise<void>;\n};\nexport const AuthContext = createContext<AuthContextType | null>(null);\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthProvider.d.ts DELETED Viewed

@@ -1,20 +0,0 @@
-import React, { type ReactNode } from "react";
-import type { Config, SessionData } from "@/types.js";
-import type { PKCEConsumer } from "@/services/types.js";
-export type AuthProviderProps = {
-    children: ReactNode;
-    clientId: string;
-    nonce?: string;
-    onSignIn?: (error?: Error) => void;
-    onSignOut?: () => Promise<void>;
-    modalIframe?: boolean;
-    config?: Config;
-    redirectUrl?: string;
-};
-export type InternalAuthProviderProps = AuthProviderProps & {
-    sessionData?: SessionData;
-    pkceConsumer?: PKCEConsumer;
-};
-declare const AuthProvider: ({ children, clientId, redirectUrl: inputRedirectUrl, config, onSignIn, onSignOut, pkceConsumer, nonce, modalIframe, sessionData: inputSessionData, }: InternalAuthProviderProps) => React.JSX.Element | null;
-export { AuthProvider };
-//# sourceMappingURL=AuthProvider.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthProvider.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../../../../../src/shared/providers/AuthProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,EACZ,KAAK,SAAS,EAMf,MAAM,OAAO,CAAC;AAEf,OAAO,KAAK,EAAE,MAAM,EAAe,WAAW,EAAE,MAAM,YAAY,CAAC;AAanE,OAAO,KAAK,EAA0B,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAqBhF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,iBAAiB,GAAG;IAC1D,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,CAAC;AAYF,QAAA,MAAM,YAAY,yJAWf,yBAAyB,6BA2R3B,CAAC;AAEF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/cjs/src/shared/providers/AuthProvider.js DELETED Viewed

@@ -1,249 +0,0 @@
-"use strict";
-"use client";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthProvider = void 0;
-const tslib_1 = require("tslib");
-const react_1 = tslib_1.__importStar(require("react"));
-const react_query_1 = require("@tanstack/react-query");
-const CivicAuthIframeContainer_js_1 = require("@/shared/components/CivicAuthIframeContainer.js");
-const TokenProvider_js_1 = require("@/shared/providers/TokenProvider.js");
-const SessionProvider_js_1 = require("@/shared/providers/SessionProvider.js");
-const constants_js_1 = require("@/constants.js");
-const config_js_1 = require("@/config.js");
-const LoadingIcon_js_1 = require("@/shared/components/LoadingIcon.js");
-const windowUtil_js_1 = require("@/lib/windowUtil.js");
-const AuthContext_js_1 = require("@/shared/providers/AuthContext.js");
-const AuthenticationService_js_1 = require("@/services/AuthenticationService.js");
-const types_js_1 = require("@/services/types.js");
-const PKCE_js_1 = require("@/services/PKCE.js");
-const oauth_js_1 = require("@/lib/oauth.js");
-const storage_js_1 = require("@/browser/storage.js");
-const ConfigProvider_js_1 = require("@/shared/providers/ConfigProvider.js");
-const session_js_1 = require("../lib/session.js");
-const UserSession_js_1 = require("../lib/UserSession.js");
-const IframeProvider_js_1 = require("@/shared/providers/IframeProvider.js");
-// Global this object setup
-let globalThisObject;
-if (typeof window !== "undefined") {
-    globalThisObject = window;
-}
-else if (typeof global !== "undefined") {
-    globalThisObject = global;
-}
-else {
-    globalThisObject = Function("return this")();
-}
-globalThisObject.globalThis = globalThisObject;
-function BlockDisplay({ children }) {
-    return (react_1.default.createElement("div", { className: "cac-relative cac-left-0 cac-top-0 cac-z-50 cac-flex cac-h-screen cac-w-screen cac-items-center cac-justify-center cac-bg-white" },
-        react_1.default.createElement("div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-bg-white" }, children)));
-}
-const AuthProvider = ({ children, clientId, redirectUrl: inputRedirectUrl, config = config_js_1.authConfig, onSignIn, onSignOut, pkceConsumer, nonce, modalIframe = true, sessionData: inputSessionData, }) => {
-    const [iframeUrl, setIframeUrl] = (0, react_1.useState)(null);
-    const [currentUrl, setCurrentUrl] = (0, react_1.useState)(null);
-    const [isInIframe, setIsInIframe] = (0, react_1.useState)(false);
-    const [authResponseUrl, setAuthResponseUrl] = (0, react_1.useState)(null);
-    const [tokenExchangeError, setTokenExchangeError] = (0, react_1.useState)();
-    const [displayMode, setDisplayMode] = (0, react_1.useState)("iframe");
-    const [browserAuthenticationInitiator, setBrowserAuthenticationInitiator] = (0, react_1.useState)();
-    const [showIFrame, setShowIFrame] = (0, react_1.useState)(false);
-    const [isRedirecting, setIsRedirecting] = (0, react_1.useState)(false);
-    const queryClient = (0, react_query_1.useQueryClient)();
-    const iframeRef = (0, react_1.useRef)(null);
-    // TODO maybe we want to support or derive serverTokenExchange another way?
-    const serverTokenExchange = pkceConsumer instanceof PKCE_js_1.ConfidentialClientPKCEConsumer;
-    // check if the current window is in an iframe with the iframe id, and set an isInIframe state
-    (0, react_1.useEffect)(() => {
-        if (typeof globalThis.window !== "undefined") {
-            setCurrentUrl(globalThis.window.location.href);
-            const isInIframeVal = (0, windowUtil_js_1.isWindowInIframe)(globalThis.window);
-            setIsInIframe(isInIframeVal);
-        }
-    }, []);
-    const redirectUrl = (0, react_1.useMemo)(() => (inputRedirectUrl || currentUrl || "").split("?")[0], [currentUrl, inputRedirectUrl]);
-    const [authService, setAuthService] = (0, react_1.useState)();
-    (0, react_1.useEffect)(() => {
-        if (!currentUrl || !redirectUrl)
-            return;
-        AuthenticationService_js_1.BrowserAuthenticationService.build({
-            clientId,
-            redirectUrl,
-            oauthServer: config.oauthServer,
-            scopes: constants_js_1.DEFAULT_SCOPES,
-            displayMode,
-        }).then(setAuthService);
-    }, [currentUrl, clientId, redirectUrl, config, displayMode]);
-    const { data: session, isLoading, error, } = (0, react_query_1.useQuery)({
-        queryKey: [
-            "session",
-            authResponseUrl,
-            iframeUrl,
-            currentUrl,
-            isInIframe,
-            authService,
-        ],
-        queryFn: async () => {
-            if (!authService) {
-                return { authenticated: false };
-            }
-            if (inputSessionData) {
-                return inputSessionData;
-            }
-            const url = new URL(authResponseUrl
-                ? authResponseUrl
-                : globalThis.window.location.href || "");
-            // if we have existing tokens, then validate them and return the session data
-            // otherwise check if we have a code in the url and exchange it for tokens
-            // if we have neither, return undefined
-            const existingSessionData = await authService.validateExistingSession();
-            if (existingSessionData.authenticated) {
-                return existingSessionData;
-            }
-            const code = url.searchParams.get("code");
-            const state = url.searchParams.get("state");
-            if (!serverTokenExchange && code && state && !isInIframe) {
-                try {
-                    await authService.tokenExchange(code, state);
-                    const clientStorage = new storage_js_1.LocalStorageAdapter();
-                    const user = await (0, session_js_1.getUser)(clientStorage);
-                    if (!user) {
-                        throw new Error("Failed to get user info");
-                    }
-                    const userSession = new UserSession_js_1.GenericUserSession(clientStorage);
-                    userSession.set(user);
-                    onSignIn?.(); // Call onSignIn without an error if successful
-                    return authService.getSessionData();
-                }
-                catch (error) {
-                    setTokenExchangeError(error);
-                    onSignIn?.(error instanceof Error ? error : new Error("Failed to sign in")); // Pass the error to onSignIn
-                    return { authenticated: false };
-                }
-            }
-            return existingSessionData;
-        },
-    });
-    const signOutMutation = (0, react_query_1.useMutation)({
-        mutationFn: async () => {
-            await onSignOut?.();
-            // Implement signOut logic here
-            const authInitiator = getAuthInitiator();
-            await authInitiator?.signOut();
-            setIframeUrl(null);
-            setShowIFrame(false);
-            setAuthResponseUrl(null);
-        },
-        onSuccess: () => {
-            queryClient.setQueryData([
-                "session",
-                authResponseUrl,
-                iframeUrl,
-                currentUrl,
-                isInIframe,
-                authService,
-            ], null);
-        },
-    });
-    const getAuthInitiator = (0, react_1.useCallback)((overrideDisplayMode) => {
-        const useDisplayMode = overrideDisplayMode || displayMode;
-        if (!pkceConsumer || !redirectUrl) {
-            return null;
-        }
-        return (browserAuthenticationInitiator ||
-            new AuthenticationService_js_1.BrowserAuthenticationInitiator({
-                pkceConsumer, // generate and retrieve the challenge client-side
-                clientId,
-                redirectUrl,
-                state: (0, oauth_js_1.generateState)(useDisplayMode, serverTokenExchange),
-                scopes: constants_js_1.DEFAULT_SCOPES,
-                displayMode: useDisplayMode,
-                oauthServer: config.oauthServer,
-                // the endpoints to use for the login (if not obtained from the auth server
-                endpointOverrides: config.endpoints,
-                nonce,
-            }));
-    }, [
-        serverTokenExchange,
-        displayMode,
-        browserAuthenticationInitiator,
-        clientId,
-        redirectUrl,
-        config.oauthServer,
-        config.endpoints,
-        pkceConsumer,
-        nonce,
-    ]);
-    const signIn = (0, react_1.useCallback)(async (overrideDisplayMode = "iframe") => {
-        setDisplayMode(overrideDisplayMode);
-        const authInitiator = getAuthInitiator(overrideDisplayMode);
-        setBrowserAuthenticationInitiator(authInitiator);
-        if (overrideDisplayMode === "iframe") {
-            setShowIFrame(true);
-        }
-        else if (overrideDisplayMode === "redirect") {
-            setIsRedirecting(true);
-        }
-        authInitiator?.signIn(iframeRef.current).catch((error) => {
-            console.log("signIn error", {
-                error,
-                isPopupError: error instanceof types_js_1.PopupError,
-            });
-            // if we've tried to open a popup and it has failed, then fallback to redirect mode
-            if (error instanceof types_js_1.PopupError) {
-                signIn("redirect");
-            }
-        });
-    }, [getAuthInitiator]);
-    // remove event listeners when the component unmounts
-    (0, react_1.useEffect)(() => {
-        return () => {
-            if (browserAuthenticationInitiator) {
-                browserAuthenticationInitiator.cleanup();
-            }
-        };
-    }, [browserAuthenticationInitiator]);
-    const isAuthenticated = (0, react_1.useMemo)(() => (session ? session.authenticated : false), [session]);
-    (0, react_query_1.useQuery)({
-        queryKey: ["autoSignIn", modalIframe, redirectUrl, isAuthenticated],
-        queryFn: async () => {
-            if (!modalIframe &&
-                redirectUrl &&
-                !isAuthenticated &&
-                iframeRef.current) {
-                signIn("iframe");
-            }
-            return true;
-        },
-        refetchOnWindowFocus: false,
-    });
-    const value = (0, react_1.useMemo)(() => ({
-        isLoading,
-        error: error,
-        signOut: async () => {
-            await signOutMutation.mutateAsync();
-        },
-        isAuthenticated,
-        signIn,
-    }), [isLoading, error, signOutMutation, isAuthenticated, signIn]);
-    if (!redirectUrl)
-        return null;
-    return (react_1.default.createElement(AuthContext_js_1.AuthContext.Provider, { value: value },
-        react_1.default.createElement(ConfigProvider_js_1.ConfigProvider, { config: config, redirectUrl: redirectUrl, modalIframe: modalIframe, serverTokenExchange: serverTokenExchange },
-            react_1.default.createElement(IframeProvider_js_1.IframeProvider, { setAuthResponseUrl: setAuthResponseUrl, iframeRef: iframeRef },
-                react_1.default.createElement(SessionProvider_js_1.SessionProvider, { session: session },
-                    react_1.default.createElement(TokenProvider_js_1.TokenProvider, null,
-                        modalIframe && !isInIframe && !session?.authenticated && (react_1.default.createElement("div", { style: showIFrame ? { display: "block" } : { display: "none" } },
-                            react_1.default.createElement(CivicAuthIframeContainer_js_1.CivicAuthIframeContainer, { onClose: () => setShowIFrame(false) }))),
-                        modalIframe &&
-                            (isInIframe ||
-                                isRedirecting ||
-                                (isLoading && !serverTokenExchange)) && (react_1.default.createElement(BlockDisplay, null,
-                            react_1.default.createElement(LoadingIcon_js_1.LoadingIcon, null))),
-                        (tokenExchangeError || error) && (react_1.default.createElement(BlockDisplay, null,
-                            react_1.default.createElement("div", null,
-                                "Error: ",
-                                (tokenExchangeError || error).message))),
-                        children))))));
-};
-exports.AuthProvider = AuthProvider;
-//# sourceMappingURL=AuthProvider.js.map