npm - @civic/auth - Versions diffs - 0.1.0 → 0.1.1 - Mend

@civic/auth 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (936) hide show

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/reactjs/providers/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/reactjs/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,WAAW,GAEZ,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,YAAY,GAEb,MAAM,qCAAqC,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAElE,OAAO,EACL,eAAe,EACf,cAAc,GAEf,MAAM,uCAAuC,CAAC;AAE/C,OAAO,EACL,iBAAiB,GAElB,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC","sourcesContent":["export {\n UserProvider,\n UserContext,\n type UserContextType,\n} from \"@/shared/providers/UserProvider.js\";\n\nexport {\n TokenProvider,\n TokenContext,\n type TokenContextType,\n} from \"@/shared/providers/TokenProvider.js\";\n\nexport { AuthProvider } from \"@/shared/providers/AuthProvider.js\";\n\nexport {\n SessionProvider,\n SessionContext,\n type SessionContextType,\n} from \"@/shared/providers/SessionProvider.js\";\n\nexport {\n CivicAuthProvider,\n type CivicAuthProviderProps,\n} from \"@/shared/providers/CivicAuthProvider.js\";\n\nexport { AuthContext } from \"@/shared/providers/AuthContext.js\";\nexport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/ServerAuthenticationResolver.d.ts DELETED Viewed

@@ -1,18 +0,0 @@
-import type { AuthStorage, Endpoints, OIDCTokenResponseBody, SessionData } from "@/types.js";
-import type { AuthConfig } from "@/server/config.js";
-import type { AuthenticationResolver } from "@/services/types.ts";
-export declare class ServerAuthenticationResolver implements AuthenticationResolver {
-    readonly authConfig: AuthConfig;
-    readonly storage: AuthStorage;
-    readonly endpointOverrides?: Partial<Endpoints> | undefined;
-    private pkceProducer;
-    private oauth2client;
-    private endpoints;
-    private constructor();
-    validateExistingSession(): Promise<SessionData>;
-    init(): Promise<this>;
-    tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
-    getSessionData(): Promise<SessionData | null>;
-    static build(authConfig: AuthConfig, storage: AuthStorage, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationResolver>;
-}
-//# sourceMappingURL=ServerAuthenticationResolver.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/ServerAuthenticationResolver.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"ServerAuthenticationResolver.d.ts","sourceRoot":"","sources":["../../../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAOrD,OAAO,KAAK,EAAE,sBAAsB,EAAgB,MAAM,qBAAqB,CAAC;AAEhF,qBAAa,4BAA6B,YAAW,sBAAsB;IAMvE,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,OAAO,EAAE,WAAW;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAPjD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;IAEzC,OAAO;IAYP,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;IAIzC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAoB3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;WAatC,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,sBAAsB,CAAC;CAUnC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/ServerAuthenticationResolver.js DELETED Viewed

@@ -1,62 +0,0 @@
-import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { OAuth2Client } from "oslo/oauth2";
-import { exchangeTokens, getEndpointsWithOverrides, retrieveTokens, storeTokens, } from "@/shared/lib/util.js";
-export class ServerAuthenticationResolver {
-    authConfig;
-    storage;
-    endpointOverrides;
-    pkceProducer;
-    oauth2client;
-    endpoints;
-    constructor(authConfig, storage, endpointOverrides) {
-        this.authConfig = authConfig;
-        this.storage = storage;
-        this.endpointOverrides = endpointOverrides;
-        console.log("ServerAuthenticationResolver constructor", {
-            authConfig,
-            storage,
-            endpointOverrides,
-        });
-        this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
-    }
-    validateExistingSession() {
-        throw new Error("Method not implemented.");
-    }
-    async init() {
-        // resolve oauth config
-        this.endpoints = await getEndpointsWithOverrides(this.authConfig.oauthServer, this.endpointOverrides);
-        this.oauth2client = new OAuth2Client(this.authConfig.clientId, this.endpoints.auth, this.endpoints.token, {
-            redirectURI: this.authConfig.redirectUrl,
-        });
-        return this;
-    }
-    async tokenExchange(code, state) {
-        if (!this.oauth2client)
-            await this.init();
-        const codeVerifier = await this.pkceProducer.getCodeVerifier();
-        if (!codeVerifier)
-            throw new Error("Code verifier not found in storage");
-        // exchange auth code for tokens
-        const tokens = await exchangeTokens(code, state, this.pkceProducer, this.oauth2client, // clean up types here to avoid the ! operator
-        this.authConfig.oauthServer, this.endpoints);
-        storeTokens(this.storage, tokens);
-        return tokens;
-    }
-    async getSessionData() {
-        const storageData = retrieveTokens(this.storage);
-        if (!storageData)
-            return null;
-        return {
-            authenticated: !!storageData.id_token,
-            idToken: storageData.id_token,
-            accessToken: storageData.access_token,
-            refreshToken: storageData.refresh_token,
-        };
-    }
-    static async build(authConfig, storage, endpointOverrides) {
-        const resolver = new ServerAuthenticationResolver(authConfig, storage, endpointOverrides);
-        await resolver.init();
-        return resolver;
-    }
-}
-//# sourceMappingURL=ServerAuthenticationResolver.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/ServerAuthenticationResolver.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"ServerAuthenticationResolver.js","sourceRoot":"","sources":["../../../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQ3C,OAAO,EACL,cAAc,EACd,yBAAyB,EACzB,cAAc,EACd,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAG9B,MAAM,OAAO,4BAA4B;IAM5B;IACA;IACA;IAPH,YAAY,CAAe;IAC3B,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,YACW,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAFtC,eAAU,GAAV,UAAU,CAAY;QACtB,YAAO,GAAP,OAAO,CAAa;QACpB,sBAAiB,GAAjB,iBAAiB,CAAqB;QAE/C,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE;YACtD,UAAU;YACV,OAAO;YACP,iBAAiB;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IACD,uBAAuB;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,UAAU,CAAC,WAAW,EAC3B,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,UAAU,CAAC,WAAW,EAC3B,IAAI,CAAC,SAAU,CAChB,CAAC;QAEF,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAElC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAEtC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAC/C,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport type {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport {\n exchangeTokens,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n private pkceProducer: PKCEProducer;\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n readonly authConfig: AuthConfig,\n readonly storage: AuthStorage,\n readonly endpointOverrides?: Partial<Endpoints>,\n ) {\n console.log(\"ServerAuthenticationResolver constructor\", {\n authConfig,\n storage,\n endpointOverrides,\n });\n this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n }\n validateExistingSession(): Promise<SessionData> {\n throw new Error(\"Method not implemented.\");\n }\n\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.authConfig.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.authConfig.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(this.storage, tokens);\n\n return tokens;\n }\n\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(this.storage);\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationResolver> {\n const resolver = new ServerAuthenticationResolver(\n authConfig,\n storage,\n endpointOverrides,\n );\n await resolver.init();\n\n return resolver;\n }\n}\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/config.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import type { Endpoints } from "@/types.ts";
-export type CookieConfig = {
-    secure?: boolean;
-    sameSite?: "strict" | "lax" | "none";
-    domain?: string;
-    path?: string;
-    maxAge?: number;
-};
-export type AuthConfig = {
-    clientId: string;
-    oauthServer: string;
-    redirectUrl: string;
-    challengeUrl?: string;
-    endpointOverrides?: Partial<Endpoints> | undefined;
-};
-//# sourceMappingURL=config.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/config.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/server/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;CACpD,CAAC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/config.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=config.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/config.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/server/config.ts"],"names":[],"mappings":"","sourcesContent":["import type { Endpoints } from \"@/types.ts\";\n\nexport type CookieConfig = {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n};\n\nexport type AuthConfig = {\n clientId: string;\n oauthServer: string;\n redirectUrl: string;\n challengeUrl?: string;\n endpointOverrides?: Partial<Endpoints> | undefined;\n};\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/index.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-export { CookieStorage } from "@/shared/lib/storage.js";
-export type { SessionStorage, CookieStorageSettings, } from "@/shared/lib/storage.js";
-export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, } from "@/server/login.js";
-export { getUser } from "@/shared/lib/session.js";
-export { refreshTokens } from "@/server/refresh.js";
-//# sourceMappingURL=index.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/index.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/index.js DELETED Viewed

@@ -1,5 +0,0 @@
-export { CookieStorage } from "@/shared/lib/storage.js";
-export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, } from "@/server/login.js";
-export { getUser } from "@/shared/lib/session.js";
-export { refreshTokens } from "@/server/refresh.js";
-//# sourceMappingURL=index.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAKxD,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC","sourcesContent":["export { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n SessionStorage,\n CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport {\n resolveOAuthAccessCode,\n isLoggedIn,\n buildLoginUrl,\n} from \"@/server/login.js\";\nexport { getUser } from \"@/shared/lib/session.js\";\nexport { refreshTokens } from \"@/server/refresh.js\";\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/login.d.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
-import type { AuthConfig } from "@/server/config.ts";
-/**
- * Resolve an OAuth access code to a set of OIDC tokens
- * @param code The access code, typically from a query parameter in the redirect url
- * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
- * @param storage The place that this server uses to store session data (e.g. a cookie store)
- * @param config Oauth Server configuration
- */
-export declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
-export declare function isLoggedIn(storage: AuthStorage): boolean;
-export declare function buildLoginUrl(config: Pick<AuthConfig, "oauthServer" | "clientId" | "redirectUrl"> & {
-    scopes?: string[];
-    state?: string;
-    nonce?: string;
-}, storage: AuthStorage): Promise<URL>;
-//# sourceMappingURL=login.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/login.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAKrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAExD;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,aAAa,GAAG,UAAU,GAAG,aAAa,CAAC,GAAG;IACrE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACD,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAed"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/login.js DELETED Viewed

@@ -1,37 +0,0 @@
-import { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from "@/constants.js";
-import { GenericAuthenticationInitiator } from "@/services/AuthenticationService.js";
-import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { ServerAuthenticationResolver } from "@/server/ServerAuthenticationResolver.js";
-/**
- * Resolve an OAuth access code to a set of OIDC tokens
- * @param code The access code, typically from a query parameter in the redirect url
- * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
- * @param storage The place that this server uses to store session data (e.g. a cookie store)
- * @param config Oauth Server configuration
- */
-export async function resolveOAuthAccessCode(code, state, storage, config) {
-    const authSessionService = await ServerAuthenticationResolver.build({
-        ...config,
-        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
-    }, storage, config.endpointOverrides);
-    return authSessionService.tokenExchange(code, state);
-}
-export function isLoggedIn(storage) {
-    return !!storage.get("id_token");
-}
-export async function buildLoginUrl(config, storage) {
-    // generate a random state if not provided
-    const state = config.state ?? Math.random().toString(36).substring(2);
-    const scopes = config.scopes ?? DEFAULT_SCOPES;
-    const pkceProducer = new GenericPublicClientPKCEProducer(storage);
-    const authInitiator = new GenericAuthenticationInitiator({
-        ...config,
-        state,
-        scopes,
-        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
-        // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
-        pkceConsumer: pkceProducer,
-    });
-    return authInitiator.signIn();
-}
-//# sourceMappingURL=login.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/login.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/server/login.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAoB;IAC7C,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAIC,EACD,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,cAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,8BAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport function isLoggedIn(storage: AuthStorage): boolean {\n return !!storage.get(\"id_token\");\n}\n\nexport async function buildLoginUrl(\n config: Pick<AuthConfig, \"oauthServer\" | \"clientId\" | \"redirectUrl\"> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n },\n storage: AuthStorage,\n): Promise<URL> {\n // generate a random state if not provided\n const state = config.state ?? Math.random().toString(36).substring(2);\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n state,\n scopes,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n pkceConsumer: pkceProducer,\n });\n\n return authInitiator.signIn();\n}\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/refresh.d.ts DELETED Viewed

@@ -1,7 +0,0 @@
-import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
-import type { AuthConfig } from "@/server/config.ts";
-/**
- * Refresh the current set of OIDC tokens
- */
-export declare function refreshTokens(storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
-//# sourceMappingURL=refresh.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/refresh.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"refresh.d.ts","sourceRoot":"","sources":["../../../../src/server/refresh.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAGrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/refresh.js DELETED Viewed

@@ -1,13 +0,0 @@
-import { DEFAULT_AUTH_SERVER } from "@/constants.js";
-import { GenericAuthenticationRefresher } from "@/shared/lib/GenericAuthenticationRefresher.js";
-/**
- * Refresh the current set of OIDC tokens
- */
-export async function refreshTokens(storage, config) {
-    const refresher = await GenericAuthenticationRefresher.build({
-        ...config,
-        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
-    }, storage, config.endpointOverrides);
-    return refresher.refreshTokens();
-}
-//# sourceMappingURL=refresh.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/server/refresh.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"refresh.js","sourceRoot":"","sources":["../../../../src/server/refresh.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAGhG;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAoB,EACpB,MAAkB;IAElB,MAAM,SAAS,GAAG,MAAM,8BAA8B,CAAC,KAAK,CAC1D;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,SAAS,CAAC,aAAa,EAAE,CAAC;AACnC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/lib/GenericAuthenticationRefresher.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const refresher = await GenericAuthenticationRefresher.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return refresher.refreshTokens();\n}\n"]}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/services/AuthenticationService.d.ts DELETED Viewed

@@ -1,87 +0,0 @@
-import type { DisplayMode, Endpoints, OIDCTokenResponseBody, SessionData } from "@/types.js";
-import { BrowserPublicClientPKCEProducer } from "@/services/PKCE.js";
-import type { AuthenticationInitiator, AuthenticationResolver, PKCEConsumer } from "@/services/types.js";
-/**
- * An authentication initiator that works on a browser. Since this is just triggering
- * login and logout, session data is not stored here.
- * An associated AuthenticationResolver would be needed to get the session data.
- * Storage is needed for the code verifier, this is the domain of the PKCEConsumer
- * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.
- *
- * Example usage:
- *
- * 1) Client-only SPA -eg a react app with no server:
- * new BrowserAuthenticationInitiator({
- *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side
- *   ... other config
- * })
- *
- * 2) Client-side of a client/server app - eg a react app with a backend:
- * new BrowserAuthenticationInitiator({
- *  pkceConsumer: new ConfidentialClientPKCEConsumer("https://myserver.com/pkce"), // get the challenge from the server
- *  ... other config
- * })
- */
-export declare class BrowserAuthenticationInitiator implements AuthenticationInitiator {
-    private postMessageHandler;
-    protected config: {
-        clientId: string;
-        redirectUrl: string;
-        state: string;
-        scopes: string[];
-        displayMode: DisplayMode;
-        oauthServer: string;
-        endpointOverrides?: Partial<Endpoints>;
-        pkceConsumer: PKCEConsumer;
-        nonce?: string;
-    };
-    constructor(config: typeof this.config);
-    handleLoginAppPopupFailed(redirectUrl: string): Promise<void>;
-    signIn(iframeRef: HTMLIFrameElement | null): Promise<URL>;
-    signOut(): Promise<URL>;
-    cleanup(): void;
-}
-/** A general-purpose authentication initiator, that just generates urls, but lets
- * the caller decide how to use them. This is useful for server-side applications
- * that may serve this URL to their front-ends or just call them directly
- */
-export declare class GenericAuthenticationInitiator implements AuthenticationInitiator {
-    protected config: {
-        clientId: string;
-        redirectUrl: string;
-        state: string;
-        scopes: string[];
-        oauthServer: string;
-        nonce?: string;
-        endpointOverrides?: Partial<Endpoints>;
-        pkceConsumer: PKCEConsumer;
-    };
-    constructor(config: typeof this.config);
-    signIn(): Promise<URL>;
-    signOut(): Promise<URL>;
-}
-type BrowserAuthenticationConfig = {
-    clientId: string;
-    redirectUrl: string;
-    scopes: string[];
-    oauthServer: string;
-    endpointOverrides?: Partial<Endpoints>;
-    displayMode: DisplayMode;
-};
-/**
- * An authentication resolver that can run on the browser (i.e. a public client)
- * It uses PKCE for security. PKCE and Session data are stored in local storage
- */
-export declare class BrowserAuthenticationService extends BrowserAuthenticationInitiator {
-    protected pkceProducer: BrowserPublicClientPKCEProducer;
-    private oauth2client;
-    private endpoints;
-    constructor(config: BrowserAuthenticationConfig, pkceProducer?: BrowserPublicClientPKCEProducer);
-    init(): Promise<this>;
-    tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
-    getSessionData(): Promise<SessionData | null>;
-    validateExistingSession(): Promise<SessionData>;
-    static build(config: BrowserAuthenticationConfig): Promise<AuthenticationResolver>;
-}
-export {};
-//# sourceMappingURL=AuthenticationService.d.ts.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/services/AuthenticationService.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AAerE,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACb,MAAM,qBAAqB,CAAC;AAM7B;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,OAAO,CAAC,kBAAkB,CAAgD;IAE1E,SAAS,CAAC,MAAM,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,EAAE,CAAC;QAEjB,WAAW,EAAE,WAAW,CAAC;QACzB,WAAW,EAAE,MAAM,CAAC;QAEpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAEvC,YAAY,EAAE,YAAY,CAAC;QAE3B,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;gBAEU,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAKhC,yBAAyB,CAAC,WAAW,EAAE,MAAM;IAU7C,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IA4CzD,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC;IAU7B,OAAO;CAKR;AAED;;;GAGG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,SAAS,CAAC,MAAM,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,CAAC,EAAE,MAAM,CAAC;QAEf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAEvC,YAAY,EAAE,YAAY,CAAC;KAC5B,CAAC;gBAEU,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAShC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;IAItB,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC;CAG9B;AAED,KAAK,2BAA2B,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;IAQ5E,SAAS,CAAC,YAAY;IAPxB,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;gBAIvC,MAAM,EAAE,2BAA2B,EAEzB,YAAY,kCAAwC;IAgB1D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAiC3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAa7C,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;WAgCxC,KAAK,CAChB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,sBAAsB,CAAC;CAMnC"}

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/services/AuthenticationService.js DELETED Viewed

@@ -1,222 +0,0 @@
-// Proposals for revised versions of the SessionService AKA AuthSessionService
-import { BrowserPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { clearTokens, clearUser, exchangeTokens, generateOauthLoginUrl, generateOauthLogoutUrl, getEndpointsWithOverrides, retrieveTokens, storeTokens, validateOauth2Tokens, } from "@/shared/lib/util.js";
-import { displayModeFromState, generateState } from "@/lib/oauth.js";
-import { OAuth2Client } from "oslo/oauth2";
-import { LocalStorageAdapter } from "@/browser/storage.js";
-import { PopupError } from "@/services/types.js";
-import { removeParamsWithoutReload } from "@/lib/windowUtil.js";
-import { DEFAULT_OAUTH_GET_PARAMS } from "@/constants.js";
-import { validateLoginAppPostMessage } from "@/lib/postMessage.js";
-/**
- * An authentication initiator that works on a browser. Since this is just triggering
- * login and logout, session data is not stored here.
- * An associated AuthenticationResolver would be needed to get the session data.
- * Storage is needed for the code verifier, this is the domain of the PKCEConsumer
- * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.
- *
- * Example usage:
- *
- * 1) Client-only SPA -eg a react app with no server:
- * new BrowserAuthenticationInitiator({
- *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side
- *   ... other config
- * })
- *
- * 2) Client-side of a client/server app - eg a react app with a backend:
- * new BrowserAuthenticationInitiator({
- *  pkceConsumer: new ConfidentialClientPKCEConsumer("https://myserver.com/pkce"), // get the challenge from the server
- *  ... other config
- * })
- */
-export class BrowserAuthenticationInitiator {
-    postMessageHandler = null;
-    config;
-    constructor(config) {
-        this.config = config;
-        console.log("BrowserAuthenticationInitiator constructor", this.config);
-    }
-    async handleLoginAppPopupFailed(redirectUrl) {
-        console.warn("Login app popup failed open a popup, using redirect mode instead...", redirectUrl);
-        window.location.href = redirectUrl;
-    }
-    // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
-    // and then use the display mode to decide how to send the user there
-    async signIn(iframeRef) {
-        const url = await generateOauthLoginUrl(this.config);
-        this.postMessageHandler = (event) => {
-            const thisURL = new URL(window.location.href);
-            if (event.origin.endsWith("civic.com") ||
-                thisURL.hostname === "localhost") {
-                if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {
-                    console.log("Received invalid message from login app", event.data);
-                    return;
-                }
-                const loginMessage = event.data;
-                console.log("Received message from login app", event.data);
-                this.handleLoginAppPopupFailed(loginMessage.data.url);
-            }
-        };
-        window.addEventListener("message", this.postMessageHandler);
-        if (this.config.displayMode === "iframe") {
-            if (!iframeRef)
-                throw new Error("iframeRef is required for displayMode 'iframe'");
-            iframeRef.setAttribute("src", url.toString());
-        }
-        if (this.config.displayMode === "redirect") {
-            window.location.href = url.toString();
-        }
-        if (this.config.displayMode === "new_tab") {
-            try {
-                const popupWindow = window.open(url.toString(), "_blank");
-                console.log("signIn", popupWindow);
-                if (!popupWindow) {
-                    throw new PopupError("Failed to open popup window");
-                }
-            }
-            catch (error) {
-                console.error("popupWindow", error);
-                throw new PopupError("window.open has thrown: Failed to open popup window");
-            }
-        }
-        return url;
-    }
-    async signOut() {
-        const localStorage = new LocalStorageAdapter();
-        clearTokens(localStorage);
-        clearUser(localStorage);
-        // TODO open the iframe or new tab etc: the logout URL is not currently
-        // supported by on the oauth, so just clear state until then
-        const url = await generateOauthLogoutUrl(this.config);
-        return url;
-    }
-    cleanup() {
-        if (this.postMessageHandler) {
-            window.removeEventListener("message", this.postMessageHandler);
-        }
-    }
-}
-/** A general-purpose authentication initiator, that just generates urls, but lets
- * the caller decide how to use them. This is useful for server-side applications
- * that may serve this URL to their front-ends or just call them directly
- */
-export class GenericAuthenticationInitiator {
-    config;
-    constructor(config) {
-        this.config = config;
-        console.log("GenericAuthenticationInitiator constructor", {
-            config,
-        });
-    }
-    // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
-    // and simply return the url
-    async signIn() {
-        return generateOauthLoginUrl(this.config);
-    }
-    async signOut() {
-        return generateOauthLogoutUrl(this.config);
-    }
-}
-/**
- * An authentication resolver that can run on the browser (i.e. a public client)
- * It uses PKCE for security. PKCE and Session data are stored in local storage
- */
-export class BrowserAuthenticationService extends BrowserAuthenticationInitiator {
-    pkceProducer;
-    oauth2client;
-    endpoints;
-    // TODO WIP - perhaps we want to keep resolver and initiator separate here
-    constructor(config,
-    // Since we are running fully on the client, we produce as well as consume the PKCE challenge
-    pkceProducer = new BrowserPublicClientPKCEProducer()) {
-        console.log("BrowserAuthenticationService constructor", {
-            config,
-        });
-        super({
-            ...config,
-            state: generateState(config.displayMode),
-            // Store and retrieve the PKCE challenge in local storage
-            pkceConsumer: pkceProducer,
-        });
-        this.pkceProducer = pkceProducer;
-    }
-    // TODO too much code duplication here between the browser and the server variant.
-    // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot
-    // function for generating an oauth2client from it
-    async init() {
-        // resolve oauth config
-        this.endpoints = await getEndpointsWithOverrides(this.config.oauthServer, this.config.endpointOverrides);
-        this.oauth2client = new OAuth2Client(this.config.clientId, this.endpoints.auth, this.endpoints.token, {
-            redirectURI: this.config.redirectUrl,
-        });
-        return this;
-    }
-    // Two responsibilities:
-    // 1. resolve the auth code to get the tokens (should use library code)
-    // 2. store the tokens in local storage
-    async tokenExchange(code, state) {
-        if (!this.oauth2client)
-            await this.init();
-        const codeVerifier = await this.pkceProducer.getCodeVerifier();
-        if (!codeVerifier)
-            throw new Error("Code verifier not found in storage");
-        // exchange auth code for tokens
-        const tokens = await exchangeTokens(code, state, this.pkceProducer, this.oauth2client, // clean up types here to avoid the ! operator
-        this.config.oauthServer, this.endpoints);
-        storeTokens(new LocalStorageAdapter(), tokens);
-        // cleanup the browser window if needed
-        const parsedDisplayMode = displayModeFromState(state, this.config.displayMode);
-        if (parsedDisplayMode === "new_tab") {
-            // Close the popup window
-            window.close();
-        }
-        // these are the default oAuth params that get added to the URL in redirect which we want to remove if present
-        removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);
-        return tokens;
-    }
-    // Get the session data from local storage
-    async getSessionData() {
-        const storageData = retrieveTokens(new LocalStorageAdapter());
-        if (!storageData)
-            return null;
-        return {
-            authenticated: !!storageData.id_token,
-            idToken: storageData.id_token,
-            accessToken: storageData.access_token,
-            refreshToken: storageData.refresh_token,
-        };
-    }
-    async validateExistingSession() {
-        try {
-            const sessionData = await this.getSessionData();
-            if (!sessionData?.idToken || !sessionData.accessToken) {
-                const unAuthenticatedSession = { ...sessionData, authenticated: false };
-                clearTokens(new LocalStorageAdapter());
-                return unAuthenticatedSession;
-            }
-            if (!this.endpoints || !this.oauth2client)
-                await this.init();
-            // this function will throw if any of the tokens are invalid
-            await validateOauth2Tokens({
-                access_token: sessionData.accessToken,
-                id_token: sessionData.idToken,
-                refresh_token: sessionData.refreshToken,
-            }, this.endpoints, this.oauth2client, this.config.oauthServer);
-            return sessionData;
-        }
-        catch (error) {
-            console.warn("Failed to validate existing tokens", error);
-            const unAuthenticatedSession = {
-                authenticated: false,
-            };
-            clearTokens(new LocalStorageAdapter());
-            return unAuthenticatedSession;
-        }
-    }
-    static async build(config) {
-        const resolver = new BrowserAuthenticationService(config);
-        await resolver.init();
-        return resolver;
-    }
-}
-//# sourceMappingURL=AuthenticationService.js.map

package/.rollup.cache/Users/flippie/civic/repos/civic-auth/packages/civic-auth-client/dist/esm/src/services/AuthenticationService.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAS9E,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AAEnE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IACjC,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAcd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErD,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3D,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxD,CAAC;QACH,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC5D,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,IAAI,CAAC,SAAS;gBACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;YACpE,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;gBACnC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC/C,WAAW,CAAC,YAAY,CAAC,CAAC;QAC1B,SAAS,CAAC,YAAY,CAAC,CAAC;QACxB,uEAAuE;QACvE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAWd;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE;YACxD,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO;QACX,OAAO,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;CACF;AAWD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE;YACtD,MAAM;SACP,CAAC,CAAC;QACH,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,KAAK,EAAE,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC;YACxC,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QAVO,iBAAY,GAAZ,YAAY,CAAwC;IAWhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QAEF,WAAW,CAAC,IAAI,mBAAmB,EAAE,EAAE,MAAM,CAAC,CAAC;QAE/C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAE9D,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;gBACvC,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;aACxC,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YACvC,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n DisplayMode,\n Endpoints,\n LoginPostMessage,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport {\n clearTokens,\n clearUser,\n exchangeTokens,\n generateOauthLoginUrl,\n generateOauthLogoutUrl,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n AuthenticationInitiator,\n AuthenticationResolver,\n PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n * ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n * ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n protected config: {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n displayMode: DisplayMode;\n oauthServer: string;\n // the endpoints to use for the login (if not obtained from the auth server\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n // the nonce to use for the login\n nonce?: string;\n };\n\n constructor(config: typeof this.config) {\n this.config = config;\n console.log(\"BrowserAuthenticationInitiator constructor\", this.config);\n }\n\n async handleLoginAppPopupFailed(redirectUrl: string) {\n console.warn(\n \"Login app popup failed open a popup, using redirect mode instead...\",\n redirectUrl,\n );\n window.location.href = redirectUrl;\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and then use the display mode to decide how to send the user there\n async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n const url = await generateOauthLoginUrl(this.config);\n\n this.postMessageHandler = (event: MessageEvent) => {\n const thisURL = new URL(window.location.href);\n if (\n event.origin.endsWith(\"civic.com\") ||\n thisURL.hostname === \"localhost\"\n ) {\n if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n console.log(\"Received invalid message from login app\", event.data);\n return;\n }\n const loginMessage = event.data as LoginPostMessage;\n console.log(\"Received message from login app\", event.data);\n this.handleLoginAppPopupFailed(loginMessage.data.url);\n }\n };\n window.addEventListener(\"message\", this.postMessageHandler);\n if (this.config.displayMode === \"iframe\") {\n if (!iframeRef)\n throw new Error(\"iframeRef is required for displayMode 'iframe'\");\n iframeRef.setAttribute(\"src\", url.toString());\n }\n if (this.config.displayMode === \"redirect\") {\n window.location.href = url.toString();\n }\n if (this.config.displayMode === \"new_tab\") {\n try {\n const popupWindow = window.open(url.toString(), \"_blank\");\n console.log(\"signIn\", popupWindow);\n if (!popupWindow) {\n throw new PopupError(\"Failed to open popup window\");\n }\n } catch (error) {\n console.error(\"popupWindow\", error);\n throw new PopupError(\n \"window.open has thrown: Failed to open popup window\",\n );\n }\n }\n return url;\n }\n\n async signOut(): Promise<URL> {\n const localStorage = new LocalStorageAdapter();\n clearTokens(localStorage);\n clearUser(localStorage);\n // TODO open the iframe or new tab etc: the logout URL is not currently\n // supported by on the oauth, so just clear state until then\n const url = await generateOauthLogoutUrl(this.config);\n return url;\n }\n\n cleanup() {\n if (this.postMessageHandler) {\n window.removeEventListener(\"message\", this.postMessageHandler);\n }\n }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n protected config: {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n oauthServer: string;\n nonce?: string;\n // the endpoints to use for the login (if not obtained from the auth server)\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n };\n\n constructor(config: typeof this.config) {\n this.config = config;\n console.log(\"GenericAuthenticationInitiator constructor\", {\n config,\n });\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and simply return the url\n async signIn(): Promise<URL> {\n return generateOauthLoginUrl(this.config);\n }\n\n async signOut(): Promise<URL> {\n return generateOauthLogoutUrl(this.config);\n }\n}\n\ntype BrowserAuthenticationConfig = {\n clientId: string;\n redirectUrl: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n // TODO WIP - perhaps we want to keep resolver and initiator separate here\n constructor(\n config: BrowserAuthenticationConfig,\n // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n ) {\n console.log(\"BrowserAuthenticationService constructor\", {\n config,\n });\n super({\n ...config,\n state: generateState(config.displayMode),\n // Store and retrieve the PKCE challenge in local storage\n pkceConsumer: pkceProducer,\n });\n }\n\n // TODO too much code duplication here between the browser and the server variant.\n // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n // function for generating an oauth2client from it\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.config.oauthServer,\n this.config.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.config.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.config.redirectUrl,\n },\n );\n\n return this;\n }\n\n // Two responsibilities:\n // 1. resolve the auth code to get the tokens (should use library code)\n // 2. store the tokens in local storage\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.config.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(new LocalStorageAdapter(), tokens);\n\n // cleanup the browser window if needed\n const parsedDisplayMode = displayModeFromState(\n state,\n this.config.displayMode,\n );\n\n if (parsedDisplayMode === \"new_tab\") {\n // Close the popup window\n window.close();\n }\n // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n return tokens;\n }\n\n // Get the session data from local storage\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(new LocalStorageAdapter());\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n async validateExistingSession(): Promise<SessionData> {\n try {\n const sessionData = await this.getSessionData();\n if (!sessionData?.idToken || !sessionData.accessToken) {\n const unAuthenticatedSession = { ...sessionData, authenticated: false };\n clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n if (!this.endpoints || !this.oauth2client) await this.init();\n\n // this function will throw if any of the tokens are invalid\n await validateOauth2Tokens(\n {\n access_token: sessionData.accessToken,\n id_token: sessionData.idToken,\n refresh_token: sessionData.refreshToken,\n },\n this.endpoints!,\n this.oauth2client!,\n this.config.oauthServer,\n );\n return sessionData;\n } catch (error) {\n console.warn(\"Failed to validate existing tokens\", error);\n const unAuthenticatedSession = {\n authenticated: false,\n };\n clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n }\n\n static async build(\n config: BrowserAuthenticationConfig,\n ): Promise<AuthenticationResolver> {\n const resolver = new BrowserAuthenticationService(config);\n await resolver.init();\n\n return resolver;\n }\n}\n"]}