@civic/auth 0.1.3 → 0.1.4-beta.0

package/dist/src/reactjs/index.d.ts

@@ -1,6 +0,0 @@
-export * from "@/reactjs/hooks/index.js";
-export { CivicAuthProvider, type CivicAuthProviderProps, } from "@/reactjs/providers/index.js";
-export type { AuthContextType, TokenContextType, UserContextType, } from "@/reactjs/providers/index.js";
-export { CivicAuthIframeContainer } from "@/shared/components/CivicAuthIframeContainer.js";
-export { UserButton, SignInButton, SignOutButton, } from "@/reactjs/components/index.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/src/reactjs/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/reactjs/index.ts"],"names":[],"mappings":"AAGA,cAAc,0BAA0B,CAAC;AACzC,OAAO,EACL,iBAAiB,EACjB,KAAK,sBAAsB,GAC5B,MAAM,8BAA8B,CAAC;AACtC,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,iDAAiD,CAAC;AAC3F,OAAO,EACL,UAAU,EACV,YAAY,EACZ,aAAa,GACd,MAAM,+BAA+B,CAAC"}

package/dist/src/reactjs/index.js

@@ -1,8 +0,0 @@
-// These are the default exports of the project.
-// They are limited by design to ensure that the public API does not expose any internal implementation details.
-// Do not change this without thinking carefully about the impact on the client-facing public API.
-export * from "@/reactjs/hooks/index.js";
-export { CivicAuthProvider, } from "@/reactjs/providers/index.js";
-export { CivicAuthIframeContainer } from "@/shared/components/CivicAuthIframeContainer.js";
-export { UserButton, SignInButton, SignOutButton, } from "@/reactjs/components/index.js";
-//# sourceMappingURL=index.js.map

package/dist/src/reactjs/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/reactjs/index.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,gHAAgH;AAChH,kGAAkG;AAClG,cAAc,0BAA0B,CAAC;AACzC,OAAO,EACL,iBAAiB,GAElB,MAAM,8BAA8B,CAAC;AAMtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,iDAAiD,CAAC;AAC3F,OAAO,EACL,UAAU,EACV,YAAY,EACZ,aAAa,GACd,MAAM,+BAA+B,CAAC","sourcesContent":["// These are the default exports of the project.\n// They are limited by design to ensure that the public API does not expose any internal implementation details.\n// Do not change this without thinking carefully about the impact on the client-facing public API.\nexport * from \"@/reactjs/hooks/index.js\";\nexport {\n  CivicAuthProvider,\n  type CivicAuthProviderProps,\n} from \"@/reactjs/providers/index.js\";\nexport type {\n  AuthContextType,\n  TokenContextType,\n  UserContextType,\n} from \"@/reactjs/providers/index.js\";\nexport { CivicAuthIframeContainer } from \"@/shared/components/CivicAuthIframeContainer.js\";\nexport {\n  UserButton,\n  SignInButton,\n  SignOutButton,\n} from \"@/reactjs/components/index.js\";\n"]}

package/dist/src/reactjs/providers/index.d.ts

@@ -1,8 +0,0 @@
-export { UserProvider, UserContext, type UserContextType, } from "@/shared/providers/UserProvider.js";
-export { TokenProvider, TokenContext, type TokenContextType, } from "@/shared/providers/TokenProvider.js";
-export { AuthProvider } from "@/shared/providers/AuthProvider.js";
-export { SessionProvider, SessionContext, type SessionContextType, } from "@/shared/providers/SessionProvider.js";
-export { CivicAuthProvider, type CivicAuthProviderProps, } from "@/shared/providers/CivicAuthProvider.js";
-export { AuthContext } from "@/shared/providers/AuthContext.js";
-export type { AuthContextType } from "@/shared/providers/AuthContext.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/src/reactjs/providers/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,WAAW,EACX,KAAK,eAAe,GACrB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,gBAAgB,GACtB,MAAM,qCAAqC,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAElE,OAAO,EACL,eAAe,EACf,cAAc,EACd,KAAK,kBAAkB,GACxB,MAAM,uCAAuC,CAAC;AAE/C,OAAO,EACL,iBAAiB,EACjB,KAAK,sBAAsB,GAC5B,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AAChE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC"}

package/dist/src/reactjs/providers/index.js

@@ -1,7 +0,0 @@
-export { UserProvider, UserContext, } from "@/shared/providers/UserProvider.js";
-export { TokenProvider, TokenContext, } from "@/shared/providers/TokenProvider.js";
-export { AuthProvider } from "@/shared/providers/AuthProvider.js";
-export { SessionProvider, SessionContext, } from "@/shared/providers/SessionProvider.js";
-export { CivicAuthProvider, } from "@/shared/providers/CivicAuthProvider.js";
-export { AuthContext } from "@/shared/providers/AuthContext.js";
-//# sourceMappingURL=index.js.map

package/dist/src/reactjs/providers/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/reactjs/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,WAAW,GAEZ,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,YAAY,GAEb,MAAM,qCAAqC,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAElE,OAAO,EACL,eAAe,EACf,cAAc,GAEf,MAAM,uCAAuC,CAAC;AAE/C,OAAO,EACL,iBAAiB,GAElB,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC","sourcesContent":["export {\n  UserProvider,\n  UserContext,\n  type UserContextType,\n} from \"@/shared/providers/UserProvider.js\";\n\nexport {\n  TokenProvider,\n  TokenContext,\n  type TokenContextType,\n} from \"@/shared/providers/TokenProvider.js\";\n\nexport { AuthProvider } from \"@/shared/providers/AuthProvider.js\";\n\nexport {\n  SessionProvider,\n  SessionContext,\n  type SessionContextType,\n} from \"@/shared/providers/SessionProvider.js\";\n\nexport {\n  CivicAuthProvider,\n  type CivicAuthProviderProps,\n} from \"@/shared/providers/CivicAuthProvider.js\";\n\nexport { AuthContext } from \"@/shared/providers/AuthContext.js\";\nexport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\n"]}

package/dist/src/server/ServerAuthenticationResolver.d.ts

@@ -1,19 +0,0 @@
-import type { AuthStorage, Endpoints, OIDCTokenResponseBody, SessionData } from "@/types.js";
-import type { AuthConfig } from "@/server/config.js";
-import type { AuthenticationResolver } from "@/services/types.ts";
-export declare class ServerAuthenticationResolver implements AuthenticationResolver {
-    readonly authConfig: AuthConfig;
-    readonly storage: AuthStorage;
-    readonly endpointOverrides?: Partial<Endpoints> | undefined;
-    private pkceProducer;
-    private oauth2client;
-    private endpoints;
-    private constructor();
-    validateExistingSession(): Promise<SessionData>;
-    get oauthServer(): string;
-    init(): Promise<this>;
-    tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
-    getSessionData(): Promise<SessionData | null>;
-    static build(authConfig: AuthConfig, storage: AuthStorage, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationResolver>;
-}
-//# sourceMappingURL=ServerAuthenticationResolver.d.ts.map

package/dist/src/server/ServerAuthenticationResolver.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"ServerAuthenticationResolver.d.ts","sourceRoot":"","sources":["../../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAOrD,OAAO,KAAK,EAAE,sBAAsB,EAAgB,MAAM,qBAAqB,CAAC;AAGhF,qBAAa,4BAA6B,YAAW,sBAAsB;IAMvE,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,OAAO,EAAE,WAAW;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAPjD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;IAEzC,OAAO;IAOP,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;IAI/C,IAAI,WAAW,IAAI,MAAM,CAExB;IAEK,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAoB3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;WAatC,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,sBAAsB,CAAC;CAUnC"}

package/dist/src/server/ServerAuthenticationResolver.js

@@ -1,61 +0,0 @@
-import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { OAuth2Client } from "oslo/oauth2";
-import { exchangeTokens, getEndpointsWithOverrides, retrieveTokens, storeTokens, } from "@/shared/lib/util.js";
-import { DEFAULT_AUTH_SERVER } from "@/constants.js";
-export class ServerAuthenticationResolver {
-    authConfig;
-    storage;
-    endpointOverrides;
-    pkceProducer;
-    oauth2client;
-    endpoints;
-    constructor(authConfig, storage, endpointOverrides) {
-        this.authConfig = authConfig;
-        this.storage = storage;
-        this.endpointOverrides = endpointOverrides;
-        this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
-    }
-    validateExistingSession() {
-        throw new Error("Method not implemented.");
-    }
-    get oauthServer() {
-        return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;
-    }
-    async init() {
-        // resolve oauth config
-        this.endpoints = await getEndpointsWithOverrides(this.oauthServer, this.endpointOverrides);
-        this.oauth2client = new OAuth2Client(this.authConfig.clientId, this.endpoints.auth, this.endpoints.token, {
-            redirectURI: this.authConfig.redirectUrl,
-        });
-        return this;
-    }
-    async tokenExchange(code, state) {
-        if (!this.oauth2client)
-            await this.init();
-        const codeVerifier = await this.pkceProducer.getCodeVerifier();
-        if (!codeVerifier)
-            throw new Error("Code verifier not found in storage");
-        // exchange auth code for tokens
-        const tokens = await exchangeTokens(code, state, this.pkceProducer, this.oauth2client, // clean up types here to avoid the ! operator
-        this.oauthServer, this.endpoints);
-        await storeTokens(this.storage, tokens);
-        return tokens;
-    }
-    async getSessionData() {
-        const storageData = await retrieveTokens(this.storage);
-        if (!storageData)
-            return null;
-        return {
-            authenticated: !!storageData.id_token,
-            idToken: storageData.id_token,
-            accessToken: storageData.access_token,
-            refreshToken: storageData.refresh_token,
-        };
-    }
-    static async build(authConfig, storage, endpointOverrides) {
-        const resolver = new ServerAuthenticationResolver(authConfig, storage, endpointOverrides);
-        await resolver.init();
-        return resolver;
-    }
-}
-//# sourceMappingURL=ServerAuthenticationResolver.js.map

package/dist/src/server/ServerAuthenticationResolver.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"ServerAuthenticationResolver.js","sourceRoot":"","sources":["../../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQ3C,OAAO,EACL,cAAc,EACd,yBAAyB,EACzB,cAAc,EACd,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,OAAO,4BAA4B;IAM5B;IACA;IACA;IAPH,YAAY,CAAe;IAC3B,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,YACW,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAFtC,eAAU,GAAV,UAAU,CAAY;QACtB,YAAO,GAAP,OAAO,CAAa;QACpB,sBAAiB,GAAjB,iBAAiB,CAAqB;QAE/C,IAAI,CAAC,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IACD,uBAAuB;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,SAAU,CAChB,CAAC;QAEF,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAExC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvD,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAEtC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAC/C,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport type {\n  AuthStorage,\n  Endpoints,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport {\n  exchangeTokens,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n  private pkceProducer: PKCEProducer;\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  private constructor(\n    readonly authConfig: AuthConfig,\n    readonly storage: AuthStorage,\n    readonly endpointOverrides?: Partial<Endpoints>,\n  ) {\n    this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  }\n  validateExistingSession(): Promise<SessionData> {\n    throw new Error(\"Method not implemented.\");\n  }\n\n  get oauthServer(): string {\n    return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;\n  }\n\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.oauthServer,\n      this.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.authConfig.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.authConfig.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    await storeTokens(this.storage, tokens);\n\n    return tokens;\n  }\n\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(this.storage);\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new ServerAuthenticationResolver(\n      authConfig,\n      storage,\n      endpointOverrides,\n    );\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}

package/dist/src/server/config.d.ts

@@ -1,9 +0,0 @@
-import type { Endpoints } from "@/types.ts";
-export type AuthConfig = {
-    clientId: string;
-    redirectUrl: string;
-    oauthServer?: string;
-    challengeUrl?: string;
-    endpointOverrides?: Partial<Endpoints> | undefined;
-};
-//# sourceMappingURL=config.d.ts.map

package/dist/src/server/config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/server/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;CACpD,CAAC"}

package/dist/src/server/config.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=config.js.map

package/dist/src/server/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/server/config.ts"],"names":[],"mappings":"","sourcesContent":["import type { Endpoints } from \"@/types.ts\";\n\nexport type AuthConfig = {\n  clientId: string;\n  redirectUrl: string;\n  oauthServer?: string;\n  challengeUrl?: string;\n  endpointOverrides?: Partial<Endpoints> | undefined;\n};\n"]}

package/dist/src/server/index.d.ts

@@ -1,7 +0,0 @@
-export { CookieStorage } from "@/shared/lib/storage.js";
-export type { SessionStorage, CookieStorageSettings, } from "@/shared/lib/storage.js";
-export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, } from "@/server/login.js";
-export type { AuthConfig } from "@/server/config.js";
-export { getUser } from "@/shared/lib/session.js";
-export { refreshTokens } from "@/server/refresh.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/src/server/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/src/server/index.js

@@ -1,5 +0,0 @@
-export { CookieStorage } from "@/shared/lib/storage.js";
-export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, } from "@/server/login.js";
-export { getUser } from "@/shared/lib/session.js";
-export { refreshTokens } from "@/server/refresh.js";
-//# sourceMappingURL=index.js.map

package/dist/src/server/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAKxD,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC","sourcesContent":["export { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n  SessionStorage,\n  CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport {\n  resolveOAuthAccessCode,\n  isLoggedIn,\n  buildLoginUrl,\n} from \"@/server/login.js\";\nexport type { AuthConfig } from \"@/server/config.js\";\nexport { getUser } from \"@/shared/lib/session.js\";\nexport { refreshTokens } from \"@/server/refresh.js\";\n"]}

package/dist/src/server/login.d.ts

@@ -1,17 +0,0 @@
-import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
-import type { AuthConfig } from "@/server/config.ts";
-/**
- * Resolve an OAuth access code to a set of OIDC tokens
- * @param code The access code, typically from a query parameter in the redirect url
- * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
- * @param storage The place that this server uses to store session data (e.g. a cookie store)
- * @param config Oauth Server configuration
- */
-export declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
-export declare function isLoggedIn(storage: AuthStorage): Promise<boolean>;
-export declare function buildLoginUrl(config: Pick<AuthConfig, "clientId" | "redirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
-    scopes?: string[];
-    state?: string;
-    nonce?: string;
-}, storage: AuthStorage): Promise<URL>;
-//# sourceMappingURL=login.d.ts.map

package/dist/src/server/login.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAKrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAed"}

package/dist/src/server/login.js

@@ -1,37 +0,0 @@
-import { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from "@/constants.js";
-import { GenericAuthenticationInitiator } from "@/services/AuthenticationService.js";
-import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { ServerAuthenticationResolver } from "@/server/ServerAuthenticationResolver.js";
-/**
- * Resolve an OAuth access code to a set of OIDC tokens
- * @param code The access code, typically from a query parameter in the redirect url
- * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
- * @param storage The place that this server uses to store session data (e.g. a cookie store)
- * @param config Oauth Server configuration
- */
-export async function resolveOAuthAccessCode(code, state, storage, config) {
-    const authSessionService = await ServerAuthenticationResolver.build({
-        ...config,
-        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
-    }, storage, config.endpointOverrides);
-    return authSessionService.tokenExchange(code, state);
-}
-export async function isLoggedIn(storage) {
-    return !!(await storage.get("id_token"));
-}
-export async function buildLoginUrl(config, storage) {
-    // generate a random state if not provided
-    const state = config.state ?? Math.random().toString(36).substring(2);
-    const scopes = config.scopes ?? DEFAULT_SCOPES;
-    const pkceProducer = new GenericPublicClientPKCEProducer(storage);
-    const authInitiator = new GenericAuthenticationInitiator({
-        ...config,
-        state,
-        scopes,
-        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
-        // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
-        pkceConsumer: pkceProducer,
-    });
-    return authInitiator.signIn();
-}
-//# sourceMappingURL=login.js.map

package/dist/src/server/login.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAKG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,cAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,8BAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n  return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n      nonce?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n"]}

package/dist/src/server/refresh.d.ts

@@ -1,7 +0,0 @@
-import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
-import type { AuthConfig } from "@/server/config.ts";
-/**
- * Refresh the current set of OIDC tokens
- */
-export declare function refreshTokens(storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
-//# sourceMappingURL=refresh.d.ts.map

package/dist/src/server/refresh.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"refresh.d.ts","sourceRoot":"","sources":["../../../src/server/refresh.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAGrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC"}

package/dist/src/server/refresh.js

@@ -1,13 +0,0 @@
-import { DEFAULT_AUTH_SERVER } from "@/constants.js";
-import { GenericAuthenticationRefresher } from "@/shared/lib/GenericAuthenticationRefresher.js";
-/**
- * Refresh the current set of OIDC tokens
- */
-export async function refreshTokens(storage, config) {
-    const refresher = await GenericAuthenticationRefresher.build({
-        ...config,
-        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
-    }, storage, config.endpointOverrides);
-    return refresher.refreshTokens();
-}
-//# sourceMappingURL=refresh.js.map

package/dist/src/server/refresh.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"refresh.js","sourceRoot":"","sources":["../../../src/server/refresh.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAGhG;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAoB,EACpB,MAAkB;IAElB,MAAM,SAAS,GAAG,MAAM,8BAA8B,CAAC,KAAK,CAC1D;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,SAAS,CAAC,aAAa,EAAE,CAAC;AACnC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/lib/GenericAuthenticationRefresher.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const refresher = await GenericAuthenticationRefresher.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return refresher.refreshTokens();\n}\n"]}

package/dist/src/services/AuthenticationService.d.ts

@@ -1,87 +0,0 @@
-import type { DisplayMode, Endpoints, OIDCTokenResponseBody, SessionData } from "@/types.js";
-import { BrowserPublicClientPKCEProducer } from "@/services/PKCE.js";
-import type { AuthenticationInitiator, AuthenticationResolver, PKCEConsumer } from "@/services/types.js";
-/**
- * An authentication initiator that works on a browser. Since this is just triggering
- * login and logout, session data is not stored here.
- * An associated AuthenticationResolver would be needed to get the session data.
- * Storage is needed for the code verifier, this is the domain of the PKCEConsumer
- * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.
- *
- * Example usage:
- *
- * 1) Client-only SPA -eg a react app with no server:
- * new BrowserAuthenticationInitiator({
- *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side
- *   ... other config
- * })
- *
- * 2) Client-side of a client/server app - eg a react app with a backend:
- * new BrowserAuthenticationInitiator({
- *  pkceConsumer: new ConfidentialClientPKCEConsumer("https://myserver.com/pkce"), // get the challenge from the server
- *  ... other config
- * })
- */
-export declare class BrowserAuthenticationInitiator implements AuthenticationInitiator {
-    private postMessageHandler;
-    protected config: {
-        clientId: string;
-        redirectUrl: string;
-        state: string;
-        scopes: string[];
-        displayMode: DisplayMode;
-        oauthServer: string;
-        endpointOverrides?: Partial<Endpoints>;
-        pkceConsumer: PKCEConsumer;
-        nonce?: string;
-    };
-    constructor(config: typeof this.config);
-    handleLoginAppPopupFailed(redirectUrl: string): Promise<void>;
-    signIn(iframeRef: HTMLIFrameElement | null): Promise<URL>;
-    signOut(): Promise<URL>;
-    cleanup(): void;
-}
-/** A general-purpose authentication initiator, that just generates urls, but lets
- * the caller decide how to use them. This is useful for server-side applications
- * that may serve this URL to their front-ends or just call them directly
- */
-export declare class GenericAuthenticationInitiator implements AuthenticationInitiator {
-    protected config: {
-        clientId: string;
-        redirectUrl: string;
-        state: string;
-        scopes: string[];
-        oauthServer: string;
-        nonce?: string;
-        endpointOverrides?: Partial<Endpoints>;
-        pkceConsumer: PKCEConsumer;
-    };
-    constructor(config: typeof this.config);
-    signIn(): Promise<URL>;
-    signOut(): Promise<URL>;
-}
-type BrowserAuthenticationConfig = {
-    clientId: string;
-    redirectUrl: string;
-    scopes: string[];
-    oauthServer: string;
-    endpointOverrides?: Partial<Endpoints>;
-    displayMode: DisplayMode;
-};
-/**
- * An authentication resolver that can run on the browser (i.e. a public client)
- * It uses PKCE for security. PKCE and Session data are stored in local storage
- */
-export declare class BrowserAuthenticationService extends BrowserAuthenticationInitiator {
-    protected pkceProducer: BrowserPublicClientPKCEProducer;
-    private oauth2client;
-    private endpoints;
-    constructor(config: BrowserAuthenticationConfig, pkceProducer?: BrowserPublicClientPKCEProducer);
-    init(): Promise<this>;
-    tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
-    getSessionData(): Promise<SessionData | null>;
-    validateExistingSession(): Promise<SessionData>;
-    static build(config: BrowserAuthenticationConfig): Promise<AuthenticationResolver>;
-}
-export {};
-//# sourceMappingURL=AuthenticationService.d.ts.map

package/dist/src/services/AuthenticationService.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AAerE,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACb,MAAM,qBAAqB,CAAC;AAM7B;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,OAAO,CAAC,kBAAkB,CAAgD;IAE1E,SAAS,CAAC,MAAM,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,EAAE,CAAC;QAEjB,WAAW,EAAE,WAAW,CAAC;QACzB,WAAW,EAAE,MAAM,CAAC;QAEpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAEvC,YAAY,EAAE,YAAY,CAAC;QAE3B,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;gBAEU,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAIhC,yBAAyB,CAAC,WAAW,EAAE,MAAM;IAU7C,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IA8CzD,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC;IAU7B,OAAO;CAKR;AAED;;;GAGG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,SAAS,CAAC,MAAM,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,CAAC,EAAE,MAAM,CAAC;QAEf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAEvC,YAAY,EAAE,YAAY,CAAC;KAC5B,CAAC;gBAEU,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAMhC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;IAItB,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC;CAG9B;AAED,KAAK,2BAA2B,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;IAQ5E,SAAS,CAAC,YAAY;IAPxB,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;gBAIvC,MAAM,EAAE,2BAA2B,EAEzB,YAAY,kCAAwC;IAa1D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAiC3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAa7C,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;WAgCxC,KAAK,CAChB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,sBAAsB,CAAC;CAMnC"}

package/dist/src/services/AuthenticationService.js

@@ -1,212 +0,0 @@
-// Proposals for revised versions of the SessionService AKA AuthSessionService
-import { BrowserPublicClientPKCEProducer } from "@/services/PKCE.js";
-import { clearTokens, clearUser, exchangeTokens, generateOauthLoginUrl, generateOauthLogoutUrl, getEndpointsWithOverrides, retrieveTokens, storeTokens, validateOauth2Tokens, } from "@/shared/lib/util.js";
-import { displayModeFromState, generateState } from "@/lib/oauth.js";
-import { OAuth2Client } from "oslo/oauth2";
-import { LocalStorageAdapter } from "@/browser/storage.js";
-import { PopupError } from "@/services/types.js";
-import { removeParamsWithoutReload } from "@/lib/windowUtil.js";
-import { DEFAULT_OAUTH_GET_PARAMS } from "@/constants.js";
-import { validateLoginAppPostMessage } from "@/lib/postMessage.js";
-/**
- * An authentication initiator that works on a browser. Since this is just triggering
- * login and logout, session data is not stored here.
- * An associated AuthenticationResolver would be needed to get the session data.
- * Storage is needed for the code verifier, this is the domain of the PKCEConsumer
- * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.
- *
- * Example usage:
- *
- * 1) Client-only SPA -eg a react app with no server:
- * new BrowserAuthenticationInitiator({
- *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side
- *   ... other config
- * })
- *
- * 2) Client-side of a client/server app - eg a react app with a backend:
- * new BrowserAuthenticationInitiator({
- *  pkceConsumer: new ConfidentialClientPKCEConsumer("https://myserver.com/pkce"), // get the challenge from the server
- *  ... other config
- * })
- */
-export class BrowserAuthenticationInitiator {
-    postMessageHandler = null;
-    config;
-    constructor(config) {
-        this.config = config;
-    }
-    async handleLoginAppPopupFailed(redirectUrl) {
-        console.warn("Login app popup failed open a popup, using redirect mode instead...", redirectUrl);
-        window.location.href = redirectUrl;
-    }
-    // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
-    // and then use the display mode to decide how to send the user there
-    async signIn(iframeRef) {
-        const url = await generateOauthLoginUrl(this.config);
-        this.postMessageHandler = (event) => {
-            const thisURL = new URL(window.location.href);
-            if (event.origin.endsWith("civic.com") ||
-                thisURL.hostname === "localhost") {
-                if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {
-                    return;
-                }
-                const loginMessage = event.data;
-                this.handleLoginAppPopupFailed(loginMessage.data.url);
-            }
-        };
-        window.addEventListener("message", this.postMessageHandler);
-        if (this.config.displayMode === "iframe") {
-            if (!iframeRef)
-                throw new Error("iframeRef is required for displayMode 'iframe'");
-            iframeRef.setAttribute("src", url.toString());
-        }
-        if (this.config.displayMode === "redirect") {
-            window.location.href = url.toString();
-        }
-        if (this.config.displayMode === "new_tab") {
-            try {
-                const popupWindow = window.open(url.toString(), "_blank");
-                if (!popupWindow) {
-                    throw new PopupError("Failed to open popup window");
-                }
-            }
-            catch (error) {
-                console.error("popupWindow", error);
-                throw new PopupError("window.open has thrown: Failed to open popup window");
-            }
-        }
-        return url;
-    }
-    async signOut() {
-        const localStorage = new LocalStorageAdapter();
-        await clearTokens(localStorage);
-        await clearUser(localStorage);
-        // TODO open the iframe or new tab etc: the logout URL is not currently
-        // supported by on the oauth, so just clear state until then
-        const url = await generateOauthLogoutUrl(this.config);
-        return url;
-    }
-    cleanup() {
-        if (this.postMessageHandler) {
-            window.removeEventListener("message", this.postMessageHandler);
-        }
-    }
-}
-/** A general-purpose authentication initiator, that just generates urls, but lets
- * the caller decide how to use them. This is useful for server-side applications
- * that may serve this URL to their front-ends or just call them directly
- */
-export class GenericAuthenticationInitiator {
-    config;
-    constructor(config) {
-        this.config = config;
-    }
-    // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
-    // and simply return the url
-    async signIn() {
-        return generateOauthLoginUrl(this.config);
-    }
-    async signOut() {
-        return generateOauthLogoutUrl(this.config);
-    }
-}
-/**
- * An authentication resolver that can run on the browser (i.e. a public client)
- * It uses PKCE for security. PKCE and Session data are stored in local storage
- */
-export class BrowserAuthenticationService extends BrowserAuthenticationInitiator {
-    pkceProducer;
-    oauth2client;
-    endpoints;
-    // TODO WIP - perhaps we want to keep resolver and initiator separate here
-    constructor(config, 
-    // Since we are running fully on the client, we produce as well as consume the PKCE challenge
-    pkceProducer = new BrowserPublicClientPKCEProducer()) {
-        super({
-            ...config,
-            state: generateState(config.displayMode),
-            // Store and retrieve the PKCE challenge in local storage
-            pkceConsumer: pkceProducer,
-        });
-        this.pkceProducer = pkceProducer;
-    }
-    // TODO too much code duplication here between the browser and the server variant.
-    // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot
-    // function for generating an oauth2client from it
-    async init() {
-        // resolve oauth config
-        this.endpoints = await getEndpointsWithOverrides(this.config.oauthServer, this.config.endpointOverrides);
-        this.oauth2client = new OAuth2Client(this.config.clientId, this.endpoints.auth, this.endpoints.token, {
-            redirectURI: this.config.redirectUrl,
-        });
-        return this;
-    }
-    // Two responsibilities:
-    // 1. resolve the auth code to get the tokens (should use library code)
-    // 2. store the tokens in local storage
-    async tokenExchange(code, state) {
-        if (!this.oauth2client)
-            await this.init();
-        const codeVerifier = await this.pkceProducer.getCodeVerifier();
-        if (!codeVerifier)
-            throw new Error("Code verifier not found in storage");
-        // exchange auth code for tokens
-        const tokens = await exchangeTokens(code, state, this.pkceProducer, this.oauth2client, // clean up types here to avoid the ! operator
-        this.config.oauthServer, this.endpoints);
-        await storeTokens(new LocalStorageAdapter(), tokens);
-        // cleanup the browser window if needed
-        const parsedDisplayMode = displayModeFromState(state, this.config.displayMode);
-        if (parsedDisplayMode === "new_tab") {
-            // Close the popup window
-            window.close();
-        }
-        // these are the default oAuth params that get added to the URL in redirect which we want to remove if present
-        removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);
-        return tokens;
-    }
-    // Get the session data from local storage
-    async getSessionData() {
-        const storageData = await retrieveTokens(new LocalStorageAdapter());
-        if (!storageData)
-            return null;
-        return {
-            authenticated: !!storageData.id_token,
-            idToken: storageData.id_token,
-            accessToken: storageData.access_token,
-            refreshToken: storageData.refresh_token,
-        };
-    }
-    async validateExistingSession() {
-        try {
-            const sessionData = await this.getSessionData();
-            if (!sessionData?.idToken || !sessionData.accessToken) {
-                const unAuthenticatedSession = { ...sessionData, authenticated: false };
-                await clearTokens(new LocalStorageAdapter());
-                return unAuthenticatedSession;
-            }
-            if (!this.endpoints || !this.oauth2client)
-                await this.init();
-            // this function will throw if any of the tokens are invalid
-            await validateOauth2Tokens({
-                access_token: sessionData.accessToken,
-                id_token: sessionData.idToken,
-                refresh_token: sessionData.refreshToken,
-            }, this.endpoints, this.oauth2client, this.config.oauthServer);
-            return sessionData;
-        }
-        catch (error) {
-            console.warn("Failed to validate existing tokens", error);
-            const unAuthenticatedSession = {
-                authenticated: false,
-            };
-            await clearTokens(new LocalStorageAdapter());
-            return unAuthenticatedSession;
-        }
-    }
-    static async build(config) {
-        const resolver = new BrowserAuthenticationService(config);
-        await resolver.init();
-        return resolver;
-    }
-}
-//# sourceMappingURL=AuthenticationService.js.map