@civic/auth 0.1.4-beta.0 → 0.1.4-beta.2

package/dist/src/types.d.ts

@@ -0,0 +1,146 @@
+import type { TokenResponseBody } from "oslo/oauth2";
+import type { JWT } from "oslo/jwt";
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+interface AuthSessionService {
+    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
+    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
+    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
+    tokenExchange(responseUrl: string): Promise<SessionData>;
+    getSessionData(): SessionData;
+    updateSessionData(data: SessionData): void;
+    getUserInfoService(): Promise<UserInfoService>;
+}
+interface TokenService {
+    exchangeCodeForTokens(authCode: string): Promise<Tokens>;
+    validateIdToken(idToken: string, nonce: string): boolean;
+    refreshAccessToken(refreshToken: string): Promise<Tokens>;
+}
+interface UserInfoService {
+    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
+}
+interface ResourceService {
+    getProtectedResource(accessToken: string): Promise<unknown>;
+}
+type AuthRequest = {
+    clientId: string;
+    redirectUri: string;
+    state: string;
+    nonce: string;
+    scope: string;
+};
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+    timestamp?: number;
+};
+type ParsedTokens = {
+    id_token: JWTPayload;
+    access_token: JWTPayload;
+    refresh_token?: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type ForwardedTokensJWT = Record<string, {
+    id_token?: string;
+    access_token?: string;
+    refresh_token?: string;
+    scope?: string;
+}>;
+type JWTPayload = JWT["payload"] & {
+    iss: string;
+    aud: string;
+    sub: string;
+    iat: number;
+    exp: number;
+};
+type IdTokenPayload = JWTPayload & {
+    forwardedTokens?: ForwardedTokensJWT;
+    email?: string;
+    name?: string;
+    picture?: string;
+    nonce: string;
+    at_hash: string;
+};
+type IdToken = Omit<JWT, "payload"> & {
+    payload: IdTokenPayload;
+};
+declare const tokenKeys: string[];
+type Tokens = {
+    [K in (typeof tokenKeys)[number]]: K extends "forwardedTokens" ? ForwardedTokens : string;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & T;
+type OpenIdConfiguration = {
+    authorization_endpoint: string;
+    claims_parameter_supported: boolean;
+    claims_supported: string[];
+    code_challenge_methods_supported: string[];
+    end_session_endpoint: string;
+    grant_types_supported: string[];
+    issuer: string;
+    jwks_uri: string;
+    authorization_response_iss_parameter_supported: boolean;
+    response_modes_supported: string[];
+    response_types_supported: string[];
+    scopes_supported: string[];
+    subject_types_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    token_endpoint_auth_signing_alg_values_supported: string[];
+    token_endpoint: string;
+    id_token_signing_alg_values_supported: string[];
+    pushed_authorization_request_endpoint: string;
+    request_parameter_supported: boolean;
+    request_uri_parameter_supported: boolean;
+    userinfo_endpoint: string;
+    claim_types_supported: string[];
+};
+type LoginPostMessage = {
+    source: string;
+    type: string;
+    clientId: string;
+    data: {
+        url: string;
+    };
+};
+export type { LoginPostMessage, AuthSessionService, TokenService, UserInfoService, ResourceService, AuthRequest, Tokens, Endpoints, Config, SessionData, OIDCTokenResponseBody, ParsedTokens, BaseUser, User, DisplayMode, UnknownObject, EmptyObject, ForwardedTokens, ForwardedTokensJWT, JWTPayload, IdTokenPayload, IdToken, OpenIdConfiguration, };
+export { tokenKeys };
+export interface AuthStorage {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAGzC,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,UAAgE,CAAC;AAGhF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEhE,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AACF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAChD"}

package/dist/src/types.js

@@ -0,0 +1,4 @@
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+const tokenKeys = ["idToken", "accessToken", "refreshToken", "forwardedTokens"];
+export { tokenKeys };
+//# sourceMappingURL=types.js.map

package/dist/src/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAiJA,6DAA6D;AAC7D,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAgFhF,OAAO,EAAE,SAAS,EAAE,CAAC","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n  loadAuthorizationUrl(\n    authorizationURL: string,\n    displayMode: DisplayMode,\n  ): void;\n  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n  getAuthorizationUrl(\n    scopes: string[],\n    overrideDisplayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string>;\n  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n  signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce?: string,\n  ): Promise<void>;\n  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n  tokenExchange(responseUrl: string): Promise<SessionData>;\n  // TODO DK NOTES: Should be async for flexibility\n  getSessionData(): SessionData;\n  // TODO DK NOTES: Should be async for flexibility\n  updateSessionData(data: SessionData): void;\n  getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n  exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n  validateIdToken(idToken: string, nonce: string): boolean;\n  refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n  getUserInfo<T extends UnknownObject>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n  getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n  clientId: string;\n  redirectUri: string;\n  state: string;\n  nonce: string;\n  scope: string;\n};\n\ntype Endpoints = {\n  jwks: string;\n  auth: string;\n  token: string;\n  userinfo: string;\n  challenge?: string;\n};\n\ntype Config = {\n  oauthServer: string;\n  endpoints?: Endpoints;\n};\n\ntype SessionData = {\n  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n  state?: string;\n  accessToken?: string;\n  refreshToken?: string;\n  idToken?: string;\n  timestamp?: number;\n  expiresIn?: number;\n  codeVerifier?: string;\n  displayMode?: DisplayMode;\n  openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n  id_token: string;\n  timestamp?: number;\n};\n\ntype ParsedTokens = {\n  id_token: JWTPayload;\n  access_token: JWTPayload;\n  refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n  string,\n  {\n    idToken?: string;\n    accessToken?: string;\n    refreshToken?: string;\n  }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n  string,\n  {\n    id_token?: string;\n    access_token?: string;\n    refresh_token?: string;\n    scope?: string;\n  }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n  iss: string;\n  aud: string;\n  sub: string;\n  iat: number;\n  exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n  forwardedTokens?: ForwardedTokensJWT;\n  email?: string;\n  name?: string;\n  picture?: string;\n  nonce: string;\n  at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n  payload: IdTokenPayload;\n};\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst tokenKeys = [\"idToken\", \"accessToken\", \"refreshToken\", \"forwardedTokens\"];\n\n// Derive the Tokens type from the array\ntype Tokens = {\n  [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n    ? ForwardedTokens\n    : string;\n};\n\n// Base user interface\ntype BaseUser = {\n  id: string;\n  email?: string;\n  name?: string;\n  given_name?: string;\n  family_name?: string;\n  picture?: string;\n  updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser & T;\n\ntype OpenIdConfiguration = {\n  authorization_endpoint: string;\n  claims_parameter_supported: boolean;\n  claims_supported: string[];\n  code_challenge_methods_supported: string[];\n  end_session_endpoint: string;\n  grant_types_supported: string[];\n  issuer: string;\n  jwks_uri: string;\n  authorization_response_iss_parameter_supported: boolean;\n  response_modes_supported: string[];\n  response_types_supported: string[];\n  scopes_supported: string[];\n  subject_types_supported: string[];\n  token_endpoint_auth_methods_supported: string[];\n  token_endpoint_auth_signing_alg_values_supported: string[];\n  token_endpoint: string;\n  id_token_signing_alg_values_supported: string[];\n  pushed_authorization_request_endpoint: string;\n  request_parameter_supported: boolean;\n  request_uri_parameter_supported: boolean;\n  userinfo_endpoint: string;\n  claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n  source: string;\n  type: string;\n  clientId: string;\n  data: {\n    url: string;\n  };\n};\nexport type {\n  LoginPostMessage,\n  AuthSessionService,\n  TokenService,\n  UserInfoService,\n  ResourceService,\n  AuthRequest,\n  Tokens,\n  Endpoints,\n  Config,\n  SessionData,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  BaseUser,\n  User,\n  DisplayMode,\n  UnknownObject,\n  EmptyObject,\n  ForwardedTokens,\n  ForwardedTokensJWT,\n  JWTPayload,\n  IdTokenPayload,\n  IdToken,\n  OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n  get(key: string): Promise<string | null>;\n  set(key: string, value: string): Promise<void>;\n}\n"]}

package/dist/test/integration/sdk.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk.test.d.ts","sourceRoot":"","sources":["../../../test/integration/sdk.test.tsx"],"names":[],"mappings":"AAoBA,OAAO,2BAA2B,CAAC"}

package/dist/test/integration/sdk.test.js

@@ -0,0 +1,189 @@
+import React from "react";
+import { OAuth2Client } from "oslo/oauth2";
+import { useAuth, useUser } from "@/reactjs/hooks/index.js";
+import { CivicAuthProvider } from "@/reactjs/providers/index.js";
+import { render, screen, act, fireEvent, waitFor, } from "@testing-library/react";
+import { describe, it, expect, beforeEach, vi, afterEach, } from "vitest";
+import "@testing-library/jest-dom";
+import * as jose from "jose";
+import tokensFixture from "../support/tokens.json" assert { type: "json" };
+import * as oauthLib from "@/lib/oauth.js";
+import { CodeVerifier } from "@/shared/lib/types.js";
+const validTokens = { ...tokensFixture.local.validTokens };
+// Mock Component to test OAuth flow with useAuth
+const MockOAuthComponent = () => {
+    const { signIn, isAuthenticated } = useAuth();
+    const { user } = useUser();
+    const handleLogin = async () => {
+        try {
+            await signIn("redirect");
+            alert("Login Redirect Initiated");
+        }
+        catch {
+            alert("Login Failed");
+        }
+    };
+    return (React.createElement("div", null,
+        React.createElement("button", { onClick: handleLogin }, "Login"),
+        user && (React.createElement("p", { "data-testid": "user-email" },
+            "User:",
+            user.email)),
+        isAuthenticated && (React.createElement("p", { "data-testid": "session" }, "Session authenticated:true"))));
+};
+describe("OAuth login", () => {
+    const clientId = "test-client-id";
+    let mockOAuth2Client;
+    let originalWindowLocation;
+    let getOauthEndpointsMock;
+    afterEach(vi.clearAllMocks);
+    getOauthEndpointsMock = vi
+        .spyOn(oauthLib, "getOauthEndpoints")
+        .mockResolvedValue({
+        auth: "http://localhost:3001/oauth/auth",
+        token: "http://localhost:3001/oauth/token",
+        jwks: "http://localhost:3001/oauth/jwks",
+        userinfo: "http://localhost:3001/oauth/userinfo",
+    });
+    vi.mock("oslo/oauth2", () => ({
+        OAuth2Client: vi.fn(),
+        generateCodeVerifier: vi.fn(() => "mock-code-verifier"),
+        generateState: vi.fn(() => "mock-state"),
+    }));
+    vi.mock("jose", () => ({
+        jwtVerify: vi.fn(),
+        createRemoteJWKSet: vi.fn(),
+    }));
+    beforeEach(() => {
+        vi.clearAllMocks();
+        vi.resetModules();
+        // Setup mock implementations
+        mockOAuth2Client = {
+            createAuthorizationURL: vi.fn(),
+            validateAuthorizationCode: vi.fn(),
+            refreshAccessToken: vi.fn(),
+            clientId: "test-client-id",
+        };
+        vi.mocked(OAuth2Client).mockImplementation(() => mockOAuth2Client);
+        // Setup jose mocks
+        const mockJWKS = {
+            getKey: vi.fn().mockResolvedValue({ alg: "RS256" }),
+        };
+        vi.mocked(jose.createRemoteJWKSet).mockReturnValue(mockJWKS);
+        vi.mocked(jose.jwtVerify).mockResolvedValue({
+            payload: { sub: "user123", name: "Test User", email: "test@example.com" },
+            protectedHeader: { alg: "RS256" },
+        });
+        originalWindowLocation = window.location;
+        window.location = { href: "" };
+        global.alert = vi.fn();
+        // Mock window.open to prevent errors.
+        vi.spyOn(window, "open").mockReturnValue(null);
+    });
+    afterEach(() => {
+        window.location = originalWindowLocation;
+    });
+    it("should set the correct auth url for login with redirect", async () => {
+        const windowAssign = vi.fn();
+        const redirectUri = "http://localhost:3001/callback";
+        vi.mocked(mockOAuth2Client.createAuthorizationURL).mockResolvedValue(new URL("http://localhost:3001/oauth/auth?response_type=code&client_id=" +
+            clientId +
+            "&redirect_uri=" +
+            encodeURIComponent(redirectUri) +
+            "&scope=openid%20profile%20email&state=mock-state&code_challenge=mock-code-challenge&code_challenge_method=S256"));
+        window.location = {
+            ...originalWindowLocation,
+            assign: windowAssign,
+            replace: vi.fn(),
+            reload: vi.fn(),
+        };
+        act(() => {
+            render(React.createElement(CivicAuthProvider, { clientId: clientId, redirectUrl: redirectUri, config: {
+                    oauthServer: "http://localhost:3001",
+                } },
+                React.createElement(MockOAuthComponent, null)));
+        });
+        await waitFor(() => {
+            expect(getOauthEndpointsMock).toHaveBeenCalledWith("http://localhost:3001");
+        });
+        // Trigger the login button click, which initiates the OAuth flow
+        await act(async () => {
+            fireEvent.click(screen.getByText("Login"));
+        });
+        await waitFor(() => {
+            // Confirm that the sdk set the window.location.href to the auth url
+            const url = new URL(window.location.href);
+            expect(url.origin + url.pathname).toEqual("http://localhost:3001/oauth/auth");
+            expect(url.searchParams.get("response_type")).toEqual("code");
+            expect(url.searchParams.get("client_id")).toEqual(clientId);
+            expect(url.searchParams.get("redirect_uri")).toEqual(redirectUri);
+            expect(url.searchParams.get("scope")).toEqual("openid profile email");
+            expect(url.searchParams.get("state")).toBeTruthy(); // Ensure state is present
+            expect(url.searchParams.get("code_challenge")).toBeTruthy(); // Ensure code_challenge is present
+            expect(url.searchParams.get("code_challenge_method")).toEqual("S256");
+            expect(screen.queryByTestId("session")).not.toBeInTheDocument();
+        });
+    });
+    it("should initiate code exchange, validate tokens, and derive user from ID token", async () => {
+        const redirectUri = "http://localhost:3001/callback";
+        // Mock ID token with user information
+        const mockIdToken = validTokens.idToken;
+        const mockAccessToken = validTokens.accessToken;
+        // Mock oslo token exchange
+        const mockTokens = {
+            access_token: mockAccessToken,
+            id_token: mockIdToken,
+            refresh_token: "mock-refresh-token",
+            expires_in: 3600,
+        };
+        vi.mocked(mockOAuth2Client.validateAuthorizationCode).mockResolvedValue(mockTokens);
+        // Prime storage and simulate redirect
+        await act(async () => {
+            localStorage.setItem(CodeVerifier.COOKIE_NAME, "mock-code-verifier");
+            window.location.pathname = "test-pathName";
+            // Configure window.location to simulate redirect
+            Object.defineProperty(window, "location", {
+                value: {
+                    ...window.location,
+                    origin: "http://mock-origin",
+                },
+                writable: true,
+            });
+            window.location.href = `${redirectUri}?code=test-code&state=mock-state`;
+            // Render the AuthProvider with the mock OAuth component
+            render(React.createElement(CivicAuthProvider, { clientId: clientId, redirectUrl: redirectUri, config: {
+                    oauthServer: "http://localhost:3001",
+                } },
+                React.createElement(MockOAuthComponent, null)));
+        });
+        await waitFor(() => {
+            expect(getOauthEndpointsMock).toHaveBeenCalledWith("http://localhost:3001");
+        });
+        await waitFor(() => {
+            expect(mockOAuth2Client.validateAuthorizationCode).toHaveBeenCalledWith("test-code", {
+                codeVerifier: "mock-code-verifier",
+            });
+        });
+        // Check that jose.jwtVerify was called for id_token validation
+        await waitFor(() => {
+            expect(jose.jwtVerify).toHaveBeenCalledWith(mockIdToken, expect.any(Object), {
+                issuer: ["http://localhost:3001", "http://localhost:3001/"],
+                audience: clientId,
+            });
+        });
+        // Check that jose.jwtVerify was called for access_token validation
+        await waitFor(() => {
+            expect(jose.jwtVerify).toHaveBeenCalledWith(mockAccessToken, expect.any(Object), {
+                issuer: ["http://localhost:3001", "http://localhost:3001/"],
+            });
+        });
+        // Check that the authenticated flag is set in the session
+        await waitFor(() => {
+            expect(screen.queryByTestId("session")).toHaveTextContent("Session authenticated:true");
+        });
+        // Check that the user info derived from the ID token is displayed
+        await waitFor(() => {
+            expect(screen.queryByTestId("user-email")).toHaveTextContent("User:ghost@civic.com");
+        });
+    });
+});
+//# sourceMappingURL=sdk.test.js.map

package/dist/test/integration/sdk.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdk.test.js","sourceRoot":"","sources":["../../../test/integration/sdk.test.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EACL,MAAM,EACN,MAAM,EACN,GAAG,EACH,SAAS,EACT,OAAO,GACR,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,QAAQ,EACR,EAAE,EACF,MAAM,EACN,UAAU,EACV,EAAE,EACF,SAAS,GAEV,MAAM,QAAQ,CAAC;AAChB,OAAO,2BAA2B,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,aAAa,MAAM,wBAAwB,CAAC,SAAS,IAAI,EAAE,MAAM,EAAE,CAAC;AAC3E,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,WAAW,GAAG,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;AAC3D,iDAAiD;AACjD,MAAM,kBAAkB,GAAG,GAAG,EAAE;IAC9B,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9C,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC;IAE3B,MAAM,WAAW,GAAG,KAAK,IAAI,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;YACzB,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,CAAC,cAAc,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,CACL;QACE,gCAAQ,OAAO,EAAE,WAAW,YAAgB;QAC3C,IAAI,IAAI,CACP,0CAAe,YAAY;;YAExB,IAAI,CAAC,KAAK,CACT,CACL;QACA,eAAe,IAAI,CAClB,0CAAe,SAAS,iCAA+B,CACxD,CACG,CACP,CAAC;AACJ,CAAC,CAAC;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,MAAM,QAAQ,GAAG,gBAAgB,CAAC;IAClC,IAAI,gBAA8B,CAAC;IACnC,IAAI,sBAAgC,CAAC;IAErC,IAAI,qBAEH,CAAC;IAEF,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;IAE5B,qBAAqB,GAAG,EAAE;SACvB,KAAK,CAAC,QAAQ,EAAE,mBAAmB,CAAC;SACpC,iBAAiB,CAAC;QACjB,IAAI,EAAE,kCAAkC;QACxC,KAAK,EAAE,mCAAmC;QAC1C,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,sCAAsC;KACjD,CAAC,CAAC;IACL,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5B,YAAY,EAAE,EAAE,CAAC,EAAE,EAAE;QACrB,oBAAoB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC;QACvD,aAAa,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACrB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;QAClB,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE;KAC5B,CAAC,CAAC,CAAC;IAEJ,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,YAAY,EAAE,CAAC;QAElB,6BAA6B;QAC7B,gBAAgB,GAAG;YACjB,sBAAsB,EAAE,EAAE,CAAC,EAAE,EAAE;YAC/B,yBAAyB,EAAE,EAAE,CAAC,EAAE,EAAE;YAClC,kBAAkB,EAAE,EAAE,CAAC,EAAE,EAAE;YAC3B,QAAQ,EAAE,gBAAgB;SACA,CAAC;QAC7B,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,CAAC;QAEnE,mBAAmB;QACnB,MAAM,QAAQ,GAAG;YACf,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpD,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,eAAe,CAAC,QAAe,CAAC,CAAC;QACpE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC;YAC1C,OAAO,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,kBAAkB,EAAE;YACzE,eAAe,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;SACmB,CAAC,CAAC;QAExD,sBAAsB,GAAG,MAAM,CAAC,QAAQ,CAAC;QACzC,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAc,CAAC;QAC3C,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACvB,sCAAsC;QACtC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,QAAQ,GAAG,sBAAsB,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,YAAY,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,gCAAgC,CAAC;QACrD,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC,iBAAiB,CAClE,IAAI,GAAG,CACL,gEAAgE;YAC9D,QAAQ;YACR,gBAAgB;YAChB,kBAAkB,CAAC,WAAW,CAAC;YAC/B,gHAAgH,CACnH,CACF,CAAC;QAEF,MAAM,CAAC,QAAQ,GAAG;YAChB,GAAG,sBAAsB;YACzB,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;SAChB,CAAC;QAEF,GAAG,CAAC,GAAG,EAAE;YACP,MAAM,CACJ,oBAAC,iBAAiB,IAChB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;oBACN,WAAW,EAAE,uBAAuB;iBACrC;gBAED,oBAAC,kBAAkB,OAAG,CACJ,CACrB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,qBAAqB,CAAC,CAAC,oBAAoB,CAChD,uBAAuB,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,iEAAiE;QACjE,MAAM,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,oEAAoE;YACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,OAAO,CACvC,kCAAkC,CACnC,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC5D,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAClE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;YACtE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,0BAA0B;YAC9E,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,mCAAmC;YAChG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACtE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAClE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,WAAW,GAAG,gCAAgC,CAAC;QAErD,sCAAsC;QACtC,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC;QACxC,MAAM,eAAe,GAAG,WAAW,CAAC,WAAW,CAAC;QAEhD,2BAA2B;QAC3B,MAAM,UAAU,GAAG;YACjB,YAAY,EAAE,eAAe;YAC7B,QAAQ,EAAE,WAAW;YACrB,aAAa,EAAE,oBAAoB;YACnC,UAAU,EAAE,IAAI;SACjB,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC,iBAAiB,CACrE,UAAU,CACX,CAAC;QAEF,sCAAsC;QACtC,MAAM,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC;YACrE,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,eAAe,CAAC;YAE3C,iDAAiD;YACjD,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE;gBACxC,KAAK,EAAE;oBACL,GAAG,MAAM,CAAC,QAAQ;oBAClB,MAAM,EAAE,oBAAoB;iBAC7B;gBACD,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,WAAW,kCAAkC,CAAC;YAExE,wDAAwD;YACxD,MAAM,CACJ,oBAAC,iBAAiB,IAChB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;oBACN,WAAW,EAAE,uBAAuB;iBACrC;gBAED,oBAAC,kBAAkB,OAAG,CACJ,CACrB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,qBAAqB,CAAC,CAAC,oBAAoB,CAChD,uBAAuB,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC,oBAAoB,CACrE,WAAW,EACX;gBACE,YAAY,EAAE,oBAAoB;aACnC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,+DAA+D;QAC/D,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACzC,WAAW,EACX,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB;gBACE,MAAM,EAAE,CAAC,uBAAuB,EAAE,wBAAwB,CAAC;gBAC3D,QAAQ,EAAE,QAAQ;aACnB,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,mEAAmE;QACnE,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACzC,eAAe,EACf,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB;gBACE,MAAM,EAAE,CAAC,uBAAuB,EAAE,wBAAwB,CAAC;aAC5D,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,0DAA0D;QAC1D,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,CACvD,4BAA4B,CAC7B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,OAAO,CAAC,GAAG,EAAE;YACjB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB,CAC1D,sBAAsB,CACvB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import React from \"react\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { useAuth, useUser } from \"@/reactjs/hooks/index.js\";\nimport { CivicAuthProvider } from \"@/reactjs/providers/index.js\";\nimport {\n  render,\n  screen,\n  act,\n  fireEvent,\n  waitFor,\n} from \"@testing-library/react\";\nimport {\n  describe,\n  it,\n  expect,\n  beforeEach,\n  vi,\n  afterEach,\n  type MockInstance,\n} from \"vitest\";\nimport \"@testing-library/jest-dom\";\nimport * as jose from \"jose\";\nimport tokensFixture from \"../support/tokens.json\" assert { type: \"json\" };\nimport * as oauthLib from \"@/lib/oauth.js\";\nimport type { JWTVerifyResult, ResolvedKey } from \"jose\";\nimport type { Endpoints } from \"@/types.js\";\nimport { CodeVerifier } from \"@/shared/lib/types.js\";\n\nconst validTokens = { ...tokensFixture.local.validTokens };\n// Mock Component to test OAuth flow with useAuth\nconst MockOAuthComponent = () => {\n  const { signIn, isAuthenticated } = useAuth();\n  const { user } = useUser();\n\n  const handleLogin = async () => {\n    try {\n      await signIn(\"redirect\");\n      alert(\"Login Redirect Initiated\");\n    } catch {\n      alert(\"Login Failed\");\n    }\n  };\n\n  return (\n    <div>\n      <button onClick={handleLogin}>Login</button>\n      {user && (\n        <p data-testid=\"user-email\">\n          User:\n          {user.email}\n        </p>\n      )}\n      {isAuthenticated && (\n        <p data-testid=\"session\">Session authenticated:true</p>\n      )}\n    </div>\n  );\n};\n\ndescribe(\"OAuth login\", () => {\n  const clientId = \"test-client-id\";\n  let mockOAuth2Client: OAuth2Client;\n  let originalWindowLocation: Location;\n\n  let getOauthEndpointsMock: MockInstance<\n    (oauthServer: string) => Promise<Endpoints>\n  >;\n\n  afterEach(vi.clearAllMocks);\n\n  getOauthEndpointsMock = vi\n    .spyOn(oauthLib, \"getOauthEndpoints\")\n    .mockResolvedValue({\n      auth: \"http://localhost:3001/oauth/auth\",\n      token: \"http://localhost:3001/oauth/token\",\n      jwks: \"http://localhost:3001/oauth/jwks\",\n      userinfo: \"http://localhost:3001/oauth/userinfo\",\n    });\n  vi.mock(\"oslo/oauth2\", () => ({\n    OAuth2Client: vi.fn(),\n    generateCodeVerifier: vi.fn(() => \"mock-code-verifier\"),\n    generateState: vi.fn(() => \"mock-state\"),\n  }));\n\n  vi.mock(\"jose\", () => ({\n    jwtVerify: vi.fn(),\n    createRemoteJWKSet: vi.fn(),\n  }));\n\n  beforeEach(() => {\n    vi.clearAllMocks();\n    vi.resetModules();\n\n    // Setup mock implementations\n    mockOAuth2Client = {\n      createAuthorizationURL: vi.fn(),\n      validateAuthorizationCode: vi.fn(),\n      refreshAccessToken: vi.fn(),\n      clientId: \"test-client-id\",\n    } as unknown as OAuth2Client;\n    vi.mocked(OAuth2Client).mockImplementation(() => mockOAuth2Client);\n\n    // Setup jose mocks\n    const mockJWKS = {\n      getKey: vi.fn().mockResolvedValue({ alg: \"RS256\" }),\n    };\n    vi.mocked(jose.createRemoteJWKSet).mockReturnValue(mockJWKS as any);\n    vi.mocked(jose.jwtVerify).mockResolvedValue({\n      payload: { sub: \"user123\", name: \"Test User\", email: \"test@example.com\" },\n      protectedHeader: { alg: \"RS256\" },\n    } as unknown as JWTVerifyResult<unknown> & ResolvedKey);\n\n    originalWindowLocation = window.location;\n    window.location = { href: \"\" } as Location;\n    global.alert = vi.fn();\n    // Mock window.open to prevent errors.\n    vi.spyOn(window, \"open\").mockReturnValue(null);\n  });\n\n  afterEach(() => {\n    window.location = originalWindowLocation;\n  });\n\n  it(\"should set the correct auth url for login with redirect\", async () => {\n    const windowAssign = vi.fn();\n    const redirectUri = \"http://localhost:3001/callback\";\n    vi.mocked(mockOAuth2Client.createAuthorizationURL).mockResolvedValue(\n      new URL(\n        \"http://localhost:3001/oauth/auth?response_type=code&client_id=\" +\n          clientId +\n          \"&redirect_uri=\" +\n          encodeURIComponent(redirectUri) +\n          \"&scope=openid%20profile%20email&state=mock-state&code_challenge=mock-code-challenge&code_challenge_method=S256\",\n      ),\n    );\n\n    window.location = {\n      ...originalWindowLocation,\n      assign: windowAssign,\n      replace: vi.fn(),\n      reload: vi.fn(),\n    };\n\n    act(() => {\n      render(\n        <CivicAuthProvider\n          clientId={clientId}\n          redirectUrl={redirectUri}\n          config={{\n            oauthServer: \"http://localhost:3001\",\n          }}\n        >\n          <MockOAuthComponent />\n        </CivicAuthProvider>,\n      );\n    });\n\n    await waitFor(() => {\n      expect(getOauthEndpointsMock).toHaveBeenCalledWith(\n        \"http://localhost:3001\",\n      );\n    });\n\n    // Trigger the login button click, which initiates the OAuth flow\n    await act(async () => {\n      fireEvent.click(screen.getByText(\"Login\"));\n    });\n\n    await waitFor(() => {\n      // Confirm that the sdk set the window.location.href to the auth url\n      const url = new URL(window.location.href);\n      expect(url.origin + url.pathname).toEqual(\n        \"http://localhost:3001/oauth/auth\",\n      );\n      expect(url.searchParams.get(\"response_type\")).toEqual(\"code\");\n      expect(url.searchParams.get(\"client_id\")).toEqual(clientId);\n      expect(url.searchParams.get(\"redirect_uri\")).toEqual(redirectUri);\n      expect(url.searchParams.get(\"scope\")).toEqual(\"openid profile email\");\n      expect(url.searchParams.get(\"state\")).toBeTruthy(); // Ensure state is present\n      expect(url.searchParams.get(\"code_challenge\")).toBeTruthy(); // Ensure code_challenge is present\n      expect(url.searchParams.get(\"code_challenge_method\")).toEqual(\"S256\");\n      expect(screen.queryByTestId(\"session\")).not.toBeInTheDocument();\n    });\n  });\n\n  it(\"should initiate code exchange, validate tokens, and derive user from ID token\", async () => {\n    const redirectUri = \"http://localhost:3001/callback\";\n\n    // Mock ID token with user information\n    const mockIdToken = validTokens.idToken;\n    const mockAccessToken = validTokens.accessToken;\n\n    // Mock oslo token exchange\n    const mockTokens = {\n      access_token: mockAccessToken,\n      id_token: mockIdToken,\n      refresh_token: \"mock-refresh-token\",\n      expires_in: 3600,\n    };\n    vi.mocked(mockOAuth2Client.validateAuthorizationCode).mockResolvedValue(\n      mockTokens,\n    );\n\n    // Prime storage and simulate redirect\n    await act(async () => {\n      localStorage.setItem(CodeVerifier.COOKIE_NAME, \"mock-code-verifier\");\n      window.location.pathname = \"test-pathName\";\n\n      // Configure window.location to simulate redirect\n      Object.defineProperty(window, \"location\", {\n        value: {\n          ...window.location,\n          origin: \"http://mock-origin\",\n        },\n        writable: true,\n      });\n      window.location.href = `${redirectUri}?code=test-code&state=mock-state`;\n\n      // Render the AuthProvider with the mock OAuth component\n      render(\n        <CivicAuthProvider\n          clientId={clientId}\n          redirectUrl={redirectUri}\n          config={{\n            oauthServer: \"http://localhost:3001\",\n          }}\n        >\n          <MockOAuthComponent />\n        </CivicAuthProvider>,\n      );\n    });\n\n    await waitFor(() => {\n      expect(getOauthEndpointsMock).toHaveBeenCalledWith(\n        \"http://localhost:3001\",\n      );\n    });\n\n    await waitFor(() => {\n      expect(mockOAuth2Client.validateAuthorizationCode).toHaveBeenCalledWith(\n        \"test-code\",\n        {\n          codeVerifier: \"mock-code-verifier\",\n        },\n      );\n    });\n\n    // Check that jose.jwtVerify was called for id_token validation\n    await waitFor(() => {\n      expect(jose.jwtVerify).toHaveBeenCalledWith(\n        mockIdToken,\n        expect.any(Object),\n        {\n          issuer: [\"http://localhost:3001\", \"http://localhost:3001/\"],\n          audience: clientId,\n        },\n      );\n    });\n\n    // Check that jose.jwtVerify was called for access_token validation\n    await waitFor(() => {\n      expect(jose.jwtVerify).toHaveBeenCalledWith(\n        mockAccessToken,\n        expect.any(Object),\n        {\n          issuer: [\"http://localhost:3001\", \"http://localhost:3001/\"],\n        },\n      );\n    });\n\n    // Check that the authenticated flag is set in the session\n    await waitFor(() => {\n      expect(screen.queryByTestId(\"session\")).toHaveTextContent(\n        \"Session authenticated:true\",\n      );\n    });\n\n    // Check that the user info derived from the ID token is displayed\n    await waitFor(() => {\n      expect(screen.queryByTestId(\"user-email\")).toHaveTextContent(\n        \"User:ghost@civic.com\",\n      );\n    });\n  });\n});\n"]}

package/dist/test/unit/lib/oauth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/lib/oauth.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/nextjs/NextAuthProvider.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextAuthProvider.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/nextjs/NextAuthProvider.test.tsx"],"names":[],"mappings":""}

package/dist/test/unit/nextjs/NextAuthProvider.test.js

@@ -0,0 +1,31 @@
+import { act, render } from "@testing-library/react";
+import { describe, it, vi, expect } from "vitest";
+import { CivicNextAuthProvider } from "@/nextjs/providers/NextAuthProvider.js";
+import { resolveAuthConfig } from "@/nextjs/config.js";
+import React from "react";
+vi.mock("@/nextjs/config.js", () => ({
+    resolveAuthConfig: vi.fn(() => ({
+        clientId: "test-client-id",
+        oauthServer: "https://example.com",
+        callbackUrl: "https://example.com/callback",
+        challengeUrl: "https://example.com/challenge",
+        logoutUrl: "https://example.com/logout",
+    })),
+}));
+vi.mock("@/nextjs/hooks/useUserCookie", () => ({
+    useUserCookie: vi.fn().mockReturnValue({
+        user: {},
+        idToken: "",
+    }),
+}));
+describe("CivicNextAuthProvider", () => {
+    it("should call resolveAuthConfig with no arguments", () => {
+        const children = React.createElement("div", null, "Test Content");
+        act(() => {
+            render(React.createElement(CivicNextAuthProvider, null, children));
+        });
+        // The Next implementation should take all config from the next.config.js file, no config taken from provider props.
+        expect(resolveAuthConfig).toHaveBeenCalledWith();
+    });
+});
+//# sourceMappingURL=NextAuthProvider.test.js.map

package/dist/test/unit/nextjs/NextAuthProvider.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextAuthProvider.test.js","sourceRoot":"","sources":["../../../../test/unit/nextjs/NextAuthProvider.test.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,iBAAiB,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9B,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,qBAAqB;QAClC,WAAW,EAAE,8BAA8B;QAC3C,YAAY,EAAE,+BAA+B;QAC7C,SAAS,EAAE,4BAA4B;KACxC,CAAC,CAAC;CACJ,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7C,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;QACrC,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;KACZ,CAAC;CACH,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,QAAQ,GAAG,gDAAuB,CAAC;QAEzC,GAAG,CAAC,GAAG,EAAE;YACP,MAAM,CAAC,oBAAC,qBAAqB,QAAE,QAAQ,CAAyB,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,oHAAoH;QACpH,MAAM,CAAC,iBAAiB,CAAC,CAAC,oBAAoB,EAAE,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { act, render } from \"@testing-library/react\";\nimport { describe, it, vi, expect } from \"vitest\";\nimport { CivicNextAuthProvider } from \"@/nextjs/providers/NextAuthProvider.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport React from \"react\";\n\nvi.mock(\"@/nextjs/config.js\", () => ({\n  resolveAuthConfig: vi.fn(() => ({\n    clientId: \"test-client-id\",\n    oauthServer: \"https://example.com\",\n    callbackUrl: \"https://example.com/callback\",\n    challengeUrl: \"https://example.com/challenge\",\n    logoutUrl: \"https://example.com/logout\",\n  })),\n}));\n\nvi.mock(\"@/nextjs/hooks/useUserCookie\", () => ({\n  useUserCookie: vi.fn().mockReturnValue({\n    user: {},\n    idToken: \"\",\n  }),\n}));\n\ndescribe(\"CivicNextAuthProvider\", () => {\n  it(\"should call resolveAuthConfig with no arguments\", () => {\n    const children = <div>Test Content</div>;\n\n    act(() => {\n      render(<CivicNextAuthProvider>{children}</CivicNextAuthProvider>);\n    });\n\n    // The Next implementation should take all config from the next.config.js file, no config taken from provider props.\n    expect(resolveAuthConfig).toHaveBeenCalledWith();\n  });\n});\n"]}

package/dist/test/unit/nextjs/config.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/nextjs/config.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/nextjs/getUser.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getUser.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/nextjs/getUser.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/nextjs/getUser.test.js

@@ -0,0 +1,22 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { GenericUserSession } from "@/shared/lib/UserSession.js";
+import { getUser } from "@/nextjs/index.js";
+import { NextjsClientStorage } from "@/nextjs/cookies.js";
+import * as session from "@/shared/lib/session.js";
+const mockUser = {
+    id: "user123",
+    name: "John Doe",
+    email: "john@example.com",
+    picture: "https://example.com/john.jpg",
+};
+describe("getUser", () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+        vi.spyOn(session, "getUser").mockResolvedValue(mockUser);
+    });
+    it("should get the user from session", async () => {
+        const user = await getUser();
+        expect(user).toEqual(mockUser);
+    });
+});
+//# sourceMappingURL=getUser.test.js.map

package/dist/test/unit/nextjs/getUser.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getUser.test.js","sourceRoot":"","sources":["../../../../test/unit/nextjs/getUser.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,OAAO,MAAM,yBAAyB,CAAC;AAEnD,MAAM,QAAQ,GAAS;IACrB,EAAE,EAAE,SAAS;IACb,IAAI,EAAE,UAAU;IAChB,KAAK,EAAE,kBAAkB;IACzB,OAAO,EAAE,8BAA8B;CACrB,CAAC;AAErB,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;IACvB,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, it, expect, beforeEach, vi } from \"vitest\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport type { User } from \"@/types.ts\";\nimport { getUser } from \"@/nextjs/index.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport * as session from \"@/shared/lib/session.js\";\n\nconst mockUser: User = {\n  id: \"user123\",\n  name: \"John Doe\",\n  email: \"john@example.com\",\n  picture: \"https://example.com/john.jpg\",\n} as unknown as User;\n\ndescribe(\"getUser\", () => {\n  beforeEach(() => {\n    vi.clearAllMocks();\n    vi.spyOn(session, \"getUser\").mockResolvedValue(mockUser);\n  });\n\n  it(\"should get the user from session\", async () => {\n    const user = await getUser();\n    expect(user).toEqual(mockUser);\n  });\n});\n"]}

package/dist/test/unit/nextjs/middleware.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/nextjs/middleware.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/nextjs/utils.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/nextjs/utils.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/publicApi/apiSnapshot.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apiSnapshot.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/publicApi/apiSnapshot.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/react/components/SignInButton.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignInButton.test.d.ts","sourceRoot":"","sources":["../../../../../test/unit/react/components/SignInButton.test.tsx"],"names":[],"mappings":""}

package/dist/test/unit/react/components/SignOutButton.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignOutButton.test.d.ts","sourceRoot":"","sources":["../../../../../test/unit/react/components/SignOutButton.test.tsx"],"names":[],"mappings":""}

package/dist/test/unit/server/login.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/server/login.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/server/refresh.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/server/refresh.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/server/session.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/server/session.test.ts"],"names":[],"mappings":""}

package/dist/test/unit/services/AuthenticationService.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationService.test.d.ts","sourceRoot":"","sources":["../../../../test/unit/services/AuthenticationService.test.ts"],"names":[],"mappings":""}