@civic/auth 0.10.0-beta.1 → 0.10.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (139) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/README.md +1 -0
  3. package/dist/browser/storage.d.ts +1 -0
  4. package/dist/browser/storage.d.ts.map +1 -1
  5. package/dist/browser/storage.js +3 -0
  6. package/dist/browser/storage.js.map +1 -1
  7. package/dist/lib/logger.d.ts +2 -0
  8. package/dist/lib/logger.d.ts.map +1 -1
  9. package/dist/lib/logger.js +2 -0
  10. package/dist/lib/logger.js.map +1 -1
  11. package/dist/nextjs/config.d.ts +35 -3
  12. package/dist/nextjs/config.d.ts.map +1 -1
  13. package/dist/nextjs/config.js +76 -25
  14. package/dist/nextjs/config.js.map +1 -1
  15. package/dist/nextjs/cookies.d.ts +2 -1
  16. package/dist/nextjs/cookies.d.ts.map +1 -1
  17. package/dist/nextjs/cookies.js +35 -5
  18. package/dist/nextjs/cookies.js.map +1 -1
  19. package/dist/nextjs/hooks/useInitialAuthConfig.d.ts.map +1 -1
  20. package/dist/nextjs/hooks/useInitialAuthConfig.js +36 -13
  21. package/dist/nextjs/hooks/useInitialAuthConfig.js.map +1 -1
  22. package/dist/nextjs/middleware.d.ts +2 -1
  23. package/dist/nextjs/middleware.d.ts.map +1 -1
  24. package/dist/nextjs/middleware.js +49 -56
  25. package/dist/nextjs/middleware.js.map +1 -1
  26. package/dist/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  27. package/dist/nextjs/providers/NextAuthProvider.js +8 -5
  28. package/dist/nextjs/providers/NextAuthProvider.js.map +1 -1
  29. package/dist/nextjs/providers/NextAuthProviderClient.d.ts +3 -2
  30. package/dist/nextjs/providers/NextAuthProviderClient.d.ts.map +1 -1
  31. package/dist/nextjs/providers/NextAuthProviderClient.js +3 -3
  32. package/dist/nextjs/providers/NextAuthProviderClient.js.map +1 -1
  33. package/dist/nextjs/providers/ServerUserContext.d.ts +6 -1
  34. package/dist/nextjs/providers/ServerUserContext.d.ts.map +1 -1
  35. package/dist/nextjs/providers/ServerUserContext.js.map +1 -1
  36. package/dist/nextjs/routeHandler.d.ts +3 -0
  37. package/dist/nextjs/routeHandler.d.ts.map +1 -1
  38. package/dist/nextjs/routeHandler.js +16 -20
  39. package/dist/nextjs/routeHandler.js.map +1 -1
  40. package/dist/nextjs/utils.d.ts +30 -6
  41. package/dist/nextjs/utils.d.ts.map +1 -1
  42. package/dist/nextjs/utils.js +163 -34
  43. package/dist/nextjs/utils.js.map +1 -1
  44. package/dist/reactjs/core/GlobalAuthManager.d.ts +6 -2
  45. package/dist/reactjs/core/GlobalAuthManager.d.ts.map +1 -1
  46. package/dist/reactjs/core/GlobalAuthManager.js +26 -7
  47. package/dist/reactjs/core/GlobalAuthManager.js.map +1 -1
  48. package/dist/reactjs/hooks/useUser.d.ts.map +1 -1
  49. package/dist/reactjs/hooks/useUser.js +83 -130
  50. package/dist/reactjs/hooks/useUser.js.map +1 -1
  51. package/dist/server/ServerAuthenticationResolver.d.ts +3 -2
  52. package/dist/server/ServerAuthenticationResolver.d.ts.map +1 -1
  53. package/dist/server/ServerAuthenticationResolver.js +23 -6
  54. package/dist/server/ServerAuthenticationResolver.js.map +1 -1
  55. package/dist/server/index.d.ts +1 -0
  56. package/dist/server/index.d.ts.map +1 -1
  57. package/dist/server/index.js.map +1 -1
  58. package/dist/server/login.d.ts +2 -1
  59. package/dist/server/login.d.ts.map +1 -1
  60. package/dist/server/login.js.map +1 -1
  61. package/dist/server/session.d.ts +4 -3
  62. package/dist/server/session.d.ts.map +1 -1
  63. package/dist/server/session.js.map +1 -1
  64. package/dist/server/users.d.ts +4 -3
  65. package/dist/server/users.d.ts.map +1 -1
  66. package/dist/server/users.js.map +1 -1
  67. package/dist/services/types.d.ts +1 -1
  68. package/dist/services/types.d.ts.map +1 -1
  69. package/dist/services/types.js.map +1 -1
  70. package/dist/shared/hooks/index.d.ts +0 -1
  71. package/dist/shared/hooks/index.d.ts.map +1 -1
  72. package/dist/shared/hooks/index.js +0 -1
  73. package/dist/shared/hooks/index.js.map +1 -1
  74. package/dist/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -1
  75. package/dist/shared/lib/BrowserAuthenticationRefresher.js +14 -6
  76. package/dist/shared/lib/BrowserAuthenticationRefresher.js.map +1 -1
  77. package/dist/shared/lib/BrowserCookieStorage.d.ts.map +1 -1
  78. package/dist/shared/lib/BrowserCookieStorage.js +5 -1
  79. package/dist/shared/lib/BrowserCookieStorage.js.map +1 -1
  80. package/dist/shared/lib/GenericAuthenticationRefresher.d.ts +1 -0
  81. package/dist/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
  82. package/dist/shared/lib/GenericAuthenticationRefresher.js +2 -0
  83. package/dist/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
  84. package/dist/shared/lib/UserSession.d.ts +4 -3
  85. package/dist/shared/lib/UserSession.d.ts.map +1 -1
  86. package/dist/shared/lib/UserSession.js +4 -0
  87. package/dist/shared/lib/UserSession.js.map +1 -1
  88. package/dist/shared/lib/cookieConfig.d.ts +1 -1
  89. package/dist/shared/lib/cookieConfig.d.ts.map +1 -1
  90. package/dist/shared/lib/cookieConfig.js +2 -1
  91. package/dist/shared/lib/cookieConfig.js.map +1 -1
  92. package/dist/shared/lib/cookieUtils.d.ts +6 -0
  93. package/dist/shared/lib/cookieUtils.d.ts.map +1 -0
  94. package/dist/shared/lib/cookieUtils.js +21 -0
  95. package/dist/shared/lib/cookieUtils.js.map +1 -0
  96. package/dist/shared/lib/session.d.ts +2 -1
  97. package/dist/shared/lib/session.d.ts.map +1 -1
  98. package/dist/shared/lib/session.js +11 -2
  99. package/dist/shared/lib/session.js.map +1 -1
  100. package/dist/shared/lib/util.d.ts +2 -2
  101. package/dist/shared/lib/util.d.ts.map +1 -1
  102. package/dist/shared/lib/util.js +4 -4
  103. package/dist/shared/lib/util.js.map +1 -1
  104. package/dist/shared/version.d.ts +1 -1
  105. package/dist/shared/version.d.ts.map +1 -1
  106. package/dist/shared/version.js +1 -1
  107. package/dist/shared/version.js.map +1 -1
  108. package/dist/types.d.ts +4 -0
  109. package/dist/types.d.ts.map +1 -1
  110. package/dist/types.js.map +1 -1
  111. package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts +4 -3
  112. package/dist/vanillajs/auth/BackendAuthenticationRefresher.d.ts.map +1 -1
  113. package/dist/vanillajs/auth/BackendAuthenticationRefresher.js +42 -21
  114. package/dist/vanillajs/auth/BackendAuthenticationRefresher.js.map +1 -1
  115. package/dist/vanillajs/auth/SessionManager.d.ts.map +1 -1
  116. package/dist/vanillajs/auth/SessionManager.js +23 -16
  117. package/dist/vanillajs/auth/SessionManager.js.map +1 -1
  118. package/dist/vanillajs/auth/TokenRefresher.d.ts +3 -0
  119. package/dist/vanillajs/auth/TokenRefresher.d.ts.map +1 -1
  120. package/dist/vanillajs/auth/TokenRefresher.js +27 -4
  121. package/dist/vanillajs/auth/TokenRefresher.js.map +1 -1
  122. package/dist/vanillajs/auth/config/ConfigProcessor.d.ts.map +1 -1
  123. package/dist/vanillajs/auth/config/ConfigProcessor.js +3 -1
  124. package/dist/vanillajs/auth/config/ConfigProcessor.js.map +1 -1
  125. package/dist/vanillajs/auth/handlers/IframeAuthHandler.d.ts.map +1 -1
  126. package/dist/vanillajs/auth/handlers/IframeAuthHandler.js +18 -0
  127. package/dist/vanillajs/auth/handlers/IframeAuthHandler.js.map +1 -1
  128. package/dist/vanillajs/auth/types/AuthTypes.d.ts +3 -0
  129. package/dist/vanillajs/auth/types/AuthTypes.d.ts.map +1 -1
  130. package/dist/vanillajs/auth/types/AuthTypes.js.map +1 -1
  131. package/package.json +1 -1
  132. package/dist/nextjs/hooks/useRefresh.d.ts +0 -5
  133. package/dist/nextjs/hooks/useRefresh.d.ts.map +0 -1
  134. package/dist/nextjs/hooks/useRefresh.js +0 -57
  135. package/dist/nextjs/hooks/useRefresh.js.map +0 -1
  136. package/dist/shared/hooks/useRefresh.d.ts +0 -6
  137. package/dist/shared/hooks/useRefresh.d.ts.map +0 -1
  138. package/dist/shared/hooks/useRefresh.js +0 -47
  139. package/dist/shared/hooks/useRefresh.js.map +0 -1
package/dist/reactjs/hooks/useUser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"useUser.js","sourceRoot":"","sources":["../../../src/reactjs/hooks/useUser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,YAAY,CAAC;AACb,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,wCAAwC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAIhF,OAAO,EACL,iBAAiB,GAGlB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAyC/E,MAAM,OAAO,GAAG,CACd,MAAyB,EACL,EAAE;IACtB,6DAA6D;IAC7D,MAAM,aAAa,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAEjD,oCAAoC;IACpC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAyB,IAAI,CAAC,CAAC;IAE7E,kCAAkC;IAClC,MAAM,kBAAkB,GAAG,aAAa,CAAC;IACzC,MAAM,eAAe,GAAG,CAAC,kBAAkB,CAAC;IAE5C,+DAA+D;IAC/D,MAAM,yBAAyB,GAAG,WAAW,CAC3C,CAAC,SAAuB,EAAoB,EAAE;QAC5C,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QAE1C,6FAA6F;QAC7F,MAAM,UAAU,GAAG,aAAa,IAAI,MAAM,IAAI,EAAE,CAAC;QAEjD,OAAO;YACL,GAAG,UAAU,EAAE,iDAAiD;YAChE,6DAA6D;YAC7D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,UAAU,KAAK,SAAS,IAAI;gBACxC,UAAU,EAAE,SAAS,CAAC,UAAU;aACjC,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,iBAAiB,IAAI;gBACjC,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;aAC/C,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,sBAAsB,IAAI;gBACtC,sBAAsB,EAAE,SAAS,CAAC,sBAAsB;aACzD,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,kBAAkB,IAAI;gBAClC,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;aACjD,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,aAAa,KAAK,SAAS,IAAI;gBAC3C,aAAa,EAAE,SAAS,CAAC,aAAa;aACvC,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,YAAY,KAAK,SAAS,IAAI;gBAC1C,YAAY,EAAE,SAAS,CAAC,YAAY;aACrC,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC;YAC9D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;SACrE,CAAC;IACJ,CAAC,EACD,CAAC,MAAM,CAAC,CACT,CAAC;IAEF,mDAAmD;IACnD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,eAAe;YAAE,OAAO;QAE7B,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAEhD,4CAA4C;QAC5C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,cAAc,GAAG,KAAK,IAAI,EAAE;gBAChC,IAAI,CAAC;oBACH,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBACnC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC,CAAC;YACF,cAAc,EAAE,CAAC;QACnB,CAAC;QAED,6BAA6B;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,EAAE;YACjD,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEnC,OAAO,WAAW,CAAC;IACrB,CAAC,EAAE,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IAE9B,uCAAuC;IACvC,MAAM,YAAY,GAAG,WAAW,CAC9B,KAAK,EAAE,YAA2B,EAAE,EAAE;QACpC,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAEhD,yDAAyD;QACzD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,yBAAyB,CAAC,YAAY,CAAC,CAAC;YAC7D,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QAEvB,6BAA6B;QAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAe,EAAE,CAAC;IACzC,CAAC,EACD,CAAC,yBAAyB,CAAC,CAC5B,CAAC;IAEF,MAAM,aAAa,GAAG,WAAW,CAC/B,KAAK,EAAE,aAA4B,EAAE,EAAE;QACrC,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAEhD,yDAAyD;QACzD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,YAAY,GAAG,yBAAyB,CAAC,aAAa,CAAC,CAAC;YAC9D,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IAC1B,CAAC,EACD,CAAC,yBAAyB,CAAC,CAC5B,CAAC;IAEF,sCAAsC;IACtC,MAAM,+BAA+B,GAAG,WAAW,CAAC,GAAG,EAAE;QACvD,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAC7C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,uBAAuB,GAAG,WAAW,CAAC,CAAC,OAAgB,EAAE,EAAE;QAC/D,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,uBAAuB,GAAG,WAAW,CAAC,GAAG,EAAE;QAC/C,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,OAAO,CAAC,iBAAiB,EAAE,CAAC;IACrC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,mCAAmC;IACnC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE;QAChC,OAAO,wBAAwB,CAAC,WAAW,EAAE,OAAO,IAAI,IAAI,CAAC,CAAC;IAChE,CAAC,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IAE3B,2DAA2D;IAC3D,MAAM,gBAAgB,GAAG,WAAW,CAClC,KAAK,EAAE,YAA2B,EAA8B,EAAE;QAChE,IAAI,aAAa,EAAE,CAAC;YAClB,4DAA4D;YAC5D,qDAAqD;YACrD,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,CAAC,IAAI,CACV,uIAAuI,CACxI,CAAC;YACJ,CAAC;YAED,MAAM,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,oBAAoB;YAClD,sCAAsC;YACtC,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC;gBACvB,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,IAAe,EAAE,CAAC;YACjD,CAAC;YAED,+DAA+D;YAC/D,OAAO,EAAE,IAAI,EAAE,IAA0B,EAAE,CAAC;QAC9C,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC,EACD,CAAC,aAAa,CAAC,CAChB,CAAC;IAEF,uEAAuE;IACvE,MAAM,+BAA+B,GAAG,WAAW,CAAC,GAAG,EAAE;QACvD,OAAO,KAAK,CAAC,CAAC,kCAAkC;IAClD,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,uBAAuB,GAAG,WAAW,CAAC,CAAC,QAAiB,EAAE,EAAE;QAChE,OAAO,CAAC,IAAI,CACV,kFAAkF,EAClF,QAAQ,CACT,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,uBAAuB,GAAG,WAAW,CAAC,GAAG,EAAE;QAC/C,OAAO,KAAK,CAAC,CAAC,kCAAkC;IAClD,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,+DAA+D;IAC/D,MAAM,iBAAiB,GAAG,WAAW,CACnC,KAAK,EAAE,YAA2B,EAAiB,EAAE;QACnD,IAAI,aAAa,EAAE,CAAC;YAClB,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,CAAC,IAAI,CACV,uIAAuI,CACxI,CAAC;YACJ,CAAC;YAED,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;IACH,CAAC,EACD,CAAC,aAAa,CAAC,CAChB,CAAC;IAEF,2EAA2E;IAC3E,qEAAqE;IACrE,2EAA2E;IAE3E,qEAAqE;IACrE,0EAA0E;IAC1E,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO;YACL,IAAI,EAAE,UAA4B;YAClC,OAAO,EAAE,IAAI,EAAE,sCAAsC;YACrD,WAAW,EAAE,IAAI,EAAE,sCAAsC;YACzD,YAAY,EAAE,IAAI,EAAE,sCAAsC;YAC1D,eAAe,EAAE,SAAS,EAAE,sCAAsC;YAClE,SAAS,EAAE,KAAK,EAAE,uCAAuC;YACzD,UAAU,EAAE,CAAC,UAAU;gBACrB,CAAC,CAAC,eAAe;gBACjB,CAAC,CAAC,iBAAiB,CAAe;YACpC,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,aAAa;YACtB,yBAAyB,EAAE,+BAA+B;YAC1D,iBAAiB,EAAE,uBAAuB;YAC1C,iBAAiB,EAAE,uBAAuB;YAC1C,WAAW,EAAE,MAAM,EAAE,WAA0B;SAChD,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,sDAAsD;IACtD,8CAA8C;IAC9C,gFAAgF;IAChF,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO;YACL,IAAI,EAAE,aAAa,CAAC,IAAsB;YAC1C,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,YAAY,EAAE,SAAS,EAAE,kCAAkC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe;YAC9C,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,MAAM,EAAE,gBAAgB;YACxB,OAAO,EAAE,iBAAiB;YAC1B,yBAAyB,EAAE,+BAA+B;YAC1D,iBAAiB,EAAE,uBAAuB;YAC1C,iBAAiB,EAAE,uBAAuB;YAC1C,WAAW,EAAE,aAAa,CAAC,WAAW;SACvC,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,wEAAwE;IACxE,8CAA8C;IAC9C,6EAA6E;IAC7E,yEAAyE;IACzE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,IAAsB;YACxC,OAAO,EAAE,YAAY,CAAC,OAAO;YAC7B,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,YAAY,EAAE,YAAY,CAAC,YAAY;YACvC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,UAAU,EAAE,WAAW,CAAC,UAAwB;YAChD,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,aAAa;YACtB,yBAAyB,EAAE,+BAA+B;YAC1D,iBAAiB,EAAE,uBAAuB;YAC1C,iBAAiB,EAAE,uBAAuB;YAC1C,WAAW,EAAE,WAAW,CAAC,WAA0B;SACpD,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,8FAA8F;IAC9F,OAAO;QACL,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,IAAI;QAClB,eAAe,EAAE,SAAS;QAC1B,SAAS,EAAE,IAAI;QACf,UAAU,EAAE,iBAA+B;QAC3C,KAAK,EAAE,IAAI;QACX,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,aAAa;QACtB,yBAAyB,EAAE,+BAA+B;QAC1D,iBAAiB,EAAE,uBAAuB;QAC1C,iBAAiB,EAAE,uBAAuB;QAC1C,WAAW,EAAE,MAAM,EAAE,WAA0B;KAChD,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,CAAC","sourcesContent":["/**\n * useUser Hook\n *\n * A comprehensive user session hook that provides full user data including profile information,\n * authentication tokens, and authentication state. Supports generic typing for custom user data.\n *\n * Use this hook when you:\n * - Need access to user profile information (user object)\n * - Need authentication tokens (JWT, access, refresh tokens)\n * - Are working with custom user data types\n * - Need comprehensive user session data\n * - Want backward compatibility with legacy UserContext\n *\n * This hook supports two authentication patterns with automatic fallback:\n * 1. Provider-based (legacy): Uses CivicAuthProvider or CivicNextAuthProvider\n * 2. Provider-free (modern): Direct configuration via useUser(config)\n *\n * Usage Examples:\n *\n * // With provider (existing approach - NextJS/React providers)\n * <CivicAuthProvider clientId=\"...\" config={{ oauthServer: \"...\" }}>\n * const { user, isLoading, signIn } = useUser();\n * </CivicAuthProvider>\n *\n * // Without provider (new approach) - direct configuration\n * const { user, authStatus, signOut } = useUser({\n * clientId: \"your-client-id\",\n * config: { oauthServer: \"https://auth.civic.com/oauth/\" },\n * displayMode: \"iframe\", // or \"redirect\", \"popup\", etc.\n * scopes: [\"openid\", \"profile\", \"email\"],\n * onSignIn: (error) => console.log(\"Sign in completed\", error),\n * onSignOut: () => console.log(\"Sign out completed\")\n * });\n *\n * // Generic typing for custom user data\n * interface CustomUser { customField: string; }\n * const { user } = useUser<CustomUser>(); // user will be User<CustomUser> | null\n */\n\"use client\";\nimport { useContext, useState, useEffect, useCallback, useMemo } from \"react\";\nimport { UserContext } from \"../../shared/providers/UserProvider.js\";\nimport { ServerUserContext } from \"../../nextjs/providers/ServerUserContext.js\";\nimport type { User, ForwardedTokens } from \"../../types.js\";\nimport type { AuthStatus } from \"../../types.js\";\nimport type { DisplayMode } from \"../../types.js\";\nimport {\n GlobalAuthManager,\n type GlobalAuthConfig,\n type GlobalAuthState,\n} from \"../core/GlobalAuthManager.js\";\nimport { extractTokensFromSession } from \"../../vanillajs/utils/auth-utils.js\";\nimport type { VanillaJSDisplayMode } from \"../../vanillajs/auth/types/AuthTypes.js\";\nimport type { IframeMode } from \"../../types.js\";\n\n// Configuration type for signIn and signOut functions\nexport interface SignInConfig {\n displayMode?: VanillaJSDisplayMode;\n iframeMode?: IframeMode;\n clientId?: string;\n redirectUrl?: string;\n logoutRedirectUrl?: string;\n targetContainerElement?: HTMLElement | string;\n scopes?: string[];\n authProcessTimeout?: number;\n preloadIframe?: boolean;\n autoRedirect?: boolean;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => void;\n onUrlChange?: (url: string, source?: string) => void;\n}\n\nexport interface UserContextType<\n T extends Record<string, unknown> = Record<string, never>,\n> {\n user: User<T> | null;\n idToken?: string | null;\n accessToken?: string | null;\n refreshToken?: string | null;\n forwardedTokens?: ForwardedTokens;\n isLoading: boolean;\n authStatus: AuthStatus;\n error: Error | null;\n signIn: (config?: SignInConfig) => Promise<{ user: User<T> }>;\n signOut: (config?: SignInConfig) => Promise<void>;\n // Preloading methods\n isAuthenticationPreloaded: () => boolean;\n setPreloadEnabled: (enabled: boolean) => void;\n getPreloadEnabled: () => boolean;\n displayMode?: DisplayMode;\n}\n\nconst useUser = <T extends Record<string, unknown> = Record<string, never>>(\n config?: GlobalAuthConfig,\n): UserContextType<T> => {\n // Always call context hooks unconditionally (rules of hooks)\n const sharedContext = useContext(UserContext);\n const serverUser = useContext(ServerUserContext);\n\n // State for global manager approach\n const [globalState, setGlobalState] = useState<GlobalAuthState | null>(null);\n\n // Determine which approach to use\n const hasProviderContext = sharedContext;\n const shouldUseGlobal = !hasProviderContext;\n\n // Helper to merge config overrides with current manager config\n const createConfigWithOverrides = useCallback(\n (overrides: SignInConfig): GlobalAuthConfig => {\n const manager = GlobalAuthManager.getInstance();\n const currentConfig = manager.getConfig();\n\n // Use current config from manager, or fall back to initial config if manager not initialized\n const baseConfig = currentConfig || config || {};\n\n return {\n ...baseConfig, // Complete current config from GlobalAuthManager\n // Override specific properties while keeping the base config\n ...(overrides.displayMode && { displayMode: overrides.displayMode }),\n ...(overrides.iframeMode !== undefined && {\n iframeMode: overrides.iframeMode,\n }),\n ...(overrides.clientId && { clientId: overrides.clientId }),\n ...(overrides.redirectUrl && { redirectUrl: overrides.redirectUrl }),\n ...(overrides.logoutRedirectUrl && {\n logoutRedirectUrl: overrides.logoutRedirectUrl,\n }),\n ...(overrides.targetContainerElement && {\n targetContainerElement: overrides.targetContainerElement,\n }),\n ...(overrides.scopes && { scopes: overrides.scopes }),\n ...(overrides.authProcessTimeout && {\n authProcessTimeout: overrides.authProcessTimeout,\n }),\n ...(overrides.preloadIframe !== undefined && {\n preloadIframe: overrides.preloadIframe,\n }),\n ...(overrides.autoRedirect !== undefined && {\n autoRedirect: overrides.autoRedirect,\n }),\n ...(overrides.onSignIn && { onSignIn: overrides.onSignIn }),\n ...(overrides.onSignOut && { onSignOut: overrides.onSignOut }),\n ...(overrides.onUrlChange && { onUrlChange: overrides.onUrlChange }),\n };\n },\n [config],\n );\n\n // Initialize global manager if no provider context\n useEffect(() => {\n if (!shouldUseGlobal) return;\n\n const manager = GlobalAuthManager.getInstance();\n\n // If config is provided, initialize with it\n if (config) {\n const initializeAuth = async () => {\n try {\n await manager.initialize(config);\n } catch (error) {\n console.error(\"Failed to initialize auth:\", error);\n }\n };\n initializeAuth();\n }\n\n // Subscribe to state changes\n const unsubscribe = manager.subscribe((newState) => {\n setGlobalState(newState);\n });\n\n // Get current state\n setGlobalState(manager.getState());\n\n return unsubscribe;\n }, [shouldUseGlobal, config]);\n\n // Global manager sign in/out functions\n const globalSignIn = useCallback(\n async (signInConfig?: SignInConfig) => {\n const manager = GlobalAuthManager.getInstance();\n\n // If config is provided, reinitialize with merged config\n if (signInConfig) {\n const mergedConfig = createConfigWithOverrides(signInConfig);\n await manager.initialize(mergedConfig);\n }\n\n await manager.signIn();\n\n // Get the user after sign in\n const state = manager.getState();\n if (!state.user) {\n throw new Error(\"Authentication succeeded but no user was returned\");\n }\n\n return { user: state.user as User<T> };\n },\n [createConfigWithOverrides],\n );\n\n const globalSignOut = useCallback(\n async (signOutConfig?: SignInConfig) => {\n const manager = GlobalAuthManager.getInstance();\n\n // If config is provided, reinitialize with merged config\n if (signOutConfig) {\n const mergedConfig = createConfigWithOverrides(signOutConfig);\n await manager.initialize(mergedConfig);\n }\n\n await manager.signOut();\n },\n [createConfigWithOverrides],\n );\n\n // Global manager preloading functions\n const globalIsAuthenticationPreloaded = useCallback(() => {\n const manager = GlobalAuthManager.getInstance();\n return manager.isAuthenticationPreloaded();\n }, []);\n\n const globalSetPreloadEnabled = useCallback((enabled: boolean) => {\n const manager = GlobalAuthManager.getInstance();\n manager.setPreloadEnabled(enabled);\n }, []);\n\n const globalGetPreloadEnabled = useCallback(() => {\n const manager = GlobalAuthManager.getInstance();\n return manager.getPreloadEnabled();\n }, []);\n\n // Extract tokens from global state\n const globalTokens = useMemo(() => {\n return extractTokensFromSession(globalState?.session || null);\n }, [globalState?.session]);\n\n // Create wrapper functions for different signIn signatures\n const wrapSharedSignIn = useCallback(\n async (sharedConfig?: SignInConfig): Promise<{ user: User<T> }> => {\n if (sharedContext) {\n // Note: Shared context doesn't support config overrides yet\n // This is a limitation of the legacy provider system\n if (sharedConfig) {\n console.warn(\n \"Config overrides are not supported with legacy UserContext. Consider upgrading to GlobalAuthManager for full config override support.\",\n );\n }\n\n await sharedContext.signIn(); // This returns void\n // Get user from context after sign in\n if (sharedContext.user) {\n return { user: sharedContext.user as User<T> };\n }\n\n // We don't return a user yet in nextjs until the next refactor\n return { user: null as unknown as User<T> };\n }\n throw new Error(\"Shared context not available\");\n },\n [sharedContext],\n );\n\n // Shared context preloading stubs (not implemented for legacy context)\n const sharedIsAuthenticationPreloaded = useCallback(() => {\n return false; // Not available in shared context\n }, []);\n\n const sharedSetPreloadEnabled = useCallback((_enabled: boolean) => {\n console.warn(\n \"Preloading not available with legacy UserContext. Use GlobalAuthManager instead.\",\n _enabled,\n );\n }, []);\n\n const sharedGetPreloadEnabled = useCallback(() => {\n return false; // Not available in shared context\n }, []);\n\n // Create wrapper for sharedContext signOut with config support\n const wrapSharedSignOut = useCallback(\n async (sharedConfig?: SignInConfig): Promise<void> => {\n if (sharedContext) {\n // Note: Shared context doesn't support config overrides yet\n if (sharedConfig) {\n console.warn(\n \"Config overrides are not supported with legacy UserContext. Consider upgrading to GlobalAuthManager for full config override support.\",\n );\n }\n\n await sharedContext.signOut();\n } else {\n throw new Error(\"Shared context not available\");\n }\n },\n [sharedContext],\n );\n\n // ========================================================================\n // FALLBACK PRIORITY SYSTEM - Three authentication context approaches\n // ========================================================================\n\n // 0. NextJS ServerUserContext (HIGHEST PRIORITY - Fresh server data)\n // This ensures client components sync with server data after revalidation\n if (serverUser !== null) {\n return {\n user: serverUser as User<T> | null,\n idToken: null, // Not available with server-only data\n accessToken: null, // Not available with server-only data\n refreshToken: null, // Not available with server-only data\n forwardedTokens: undefined, // Not available with server-only data\n isLoading: false, // Server data is immediately available\n authStatus: (serverUser\n ? \"authenticated\"\n : \"unauthenticated\") as AuthStatus,\n error: null,\n signIn: globalSignIn,\n signOut: globalSignOut,\n isAuthenticationPreloaded: globalIsAuthenticationPreloaded,\n setPreloadEnabled: globalSetPreloadEnabled,\n getPreloadEnabled: globalGetPreloadEnabled,\n displayMode: config?.displayMode as DisplayMode,\n };\n }\n\n // 1. DEPRECATED UserContext (ACTIVE - Used by NextJS)\n // Framework-agnostic shared context from UserProvider\n // Location: shared/providers/UserProvider.tsx\n // Usage: NextJS example uses CivicNextAuthProvider → UserProvider → UserContext\n if (sharedContext) {\n return {\n user: sharedContext.user as User<T> | null,\n idToken: sharedContext.idToken,\n accessToken: sharedContext.accessToken,\n refreshToken: undefined, // Not available in shared context\n forwardedTokens: sharedContext.forwardedTokens,\n isLoading: sharedContext.isLoading,\n authStatus: sharedContext.authStatus,\n error: sharedContext.error,\n signIn: wrapSharedSignIn,\n signOut: wrapSharedSignOut,\n isAuthenticationPreloaded: sharedIsAuthenticationPreloaded,\n setPreloadEnabled: sharedSetPreloadEnabled,\n getPreloadEnabled: sharedGetPreloadEnabled,\n displayMode: sharedContext.displayMode,\n };\n }\n\n // 2. GlobalAuthManager (MODERN - Provider-free approach)\n // Singleton-based state management, eliminates need for React providers\n // Location: reactjs/core/GlobalAuthManager.ts\n // Usage: React example uses CivicAuthProvider → GlobalAuthManager internally\n // Can also be used directly: useUser({ clientId: \"...\", config: {...} })\n if (globalState) {\n return {\n user: globalState.user as User<T> | null,\n idToken: globalTokens.idToken,\n accessToken: globalTokens.accessToken,\n refreshToken: globalTokens.refreshToken,\n forwardedTokens: globalTokens.forwardedTokens,\n isLoading: globalState.isLoading,\n authStatus: globalState.authStatus as AuthStatus,\n error: globalState.error,\n signIn: globalSignIn,\n signOut: globalSignOut,\n isAuthenticationPreloaded: globalIsAuthenticationPreloaded,\n setPreloadEnabled: globalSetPreloadEnabled,\n getPreloadEnabled: globalGetPreloadEnabled,\n displayMode: globalState.displayMode as DisplayMode,\n };\n }\n\n // If no context and no global state, provide default loading state\n // This happens when CivicAuthProvider is present but GlobalAuthManager hasn't initialized yet\n return {\n user: null,\n idToken: null,\n accessToken: null,\n refreshToken: null,\n forwardedTokens: undefined,\n isLoading: true,\n authStatus: \"unauthenticated\" as AuthStatus,\n error: null,\n signIn: globalSignIn,\n signOut: globalSignOut,\n isAuthenticationPreloaded: globalIsAuthenticationPreloaded,\n setPreloadEnabled: globalSetPreloadEnabled,\n getPreloadEnabled: globalGetPreloadEnabled,\n displayMode: config?.displayMode as DisplayMode,\n };\n};\n\nexport { useUser };\n"]}
1
+ {"version":3,"file":"useUser.js","sourceRoot":"","sources":["../../../src/reactjs/hooks/useUser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,YAAY,CAAC;AACb,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAIhF,OAAO,EACL,iBAAiB,GAGlB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAG/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AA4C1C,MAAM,OAAO,GAAG,CACd,MAAyB,EACL,EAAE;IACtB,6DAA6D;IAC7D,MAAM,cAAc,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACrD,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,cAAc,IAAI,EAAE,CAAC;IACxE,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,mBAAmB,GAAG,OAAO,CACjC,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EACnD,CAAC,QAAQ,CAAC,CACX,CAAC;IACF,MAAM,gBAAgB,GAAG,OAAO,CAC9B,GAAG,EAAE,CACH,mBAAmB;QACjB,CAAC,CAAC,IAAI,kBAAkB,CAAI,mBAAmB,CAAC;QAChD,CAAC,CAAC,IAAI,EACV,CAAC,mBAAmB,CAAC,CACtB,CAAC;IACF,MAAM,oBAAoB,GAAG,gBAAgB,EAAE,OAAO,EAAE,IAAI,IAAI,CAAC,CAAC,2CAA2C;IAC7G,MAAM,WAAW,GAAG,UAAU,IAAI,oBAAoB,CAAC,CAAC,wDAAwD;IAEhH,+DAA+D;IAC/D,MAAM,yBAAyB,GAAG,WAAW,CAC3C,CAAC,SAAuB,EAAoB,EAAE;QAC5C,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QAE1C,6FAA6F;QAC7F,MAAM,UAAU,GAAG,aAAa,IAAI,MAAM,IAAI,EAAE,CAAC;QAEjD,OAAO;YACL,GAAG,UAAU,EAAE,iDAAiD;YAChE,6DAA6D;YAC7D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,UAAU,KAAK,SAAS,IAAI;gBACxC,UAAU,EAAE,SAAS,CAAC,UAAU;aACjC,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YACpE,GAAG,CAAC,SAAS,CAAC,iBAAiB,IAAI;gBACjC,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;aAC/C,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,sBAAsB,IAAI;gBACtC,sBAAsB,EAAE,SAAS,CAAC,sBAAsB;aACzD,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,kBAAkB,IAAI;gBAClC,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;aACjD,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,aAAa,KAAK,SAAS,IAAI;gBAC3C,aAAa,EAAE,SAAS,CAAC,aAAa;aACvC,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,YAAY,KAAK,SAAS,IAAI;gBAC1C,YAAY,EAAE,SAAS,CAAC,YAAY;aACrC,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC;YAC9D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;YACpE,GAAG,CAAC,aAAa,IAAI,cAAc;gBACjC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,oBAAoB,EAAE,EAAE;gBACzC,CAAC,CAAC,mBAAmB,CAAC,EAAE,4CAA4C;YACtE,GAAG,CAAC,aAAa,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,+CAA+C;SAC1G,CAAC;IACJ,CAAC,EACD,CAAC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAC3D,CAAC;IAEF,sCAAsC;IACtC,MAAM,+BAA+B,GAAG,WAAW,CAAC,GAAG,EAAE;QACvD,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAC7C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,uBAAuB,GAAG,WAAW,CAAC,CAAC,OAAgB,EAAE,EAAE;QAC/D,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,uBAAuB,GAAG,WAAW,CAAC,GAAG,EAAE;QAC/C,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,OAAO,CAAC,iBAAiB,EAAE,CAAC;IACrC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,uCAAuC;IACvC,MAAM,YAAY,GAAG,WAAW,CAC9B,KAAK,EAAE,YAA2B,EAAE,EAAE;QACpC,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAEhD,yDAAyD;QACzD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,yBAAyB,CAAC,YAAY,CAAC,CAAC;YAC7D,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC;QAEvB,6BAA6B;QAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAe,EAAE,CAAC;IACzC,CAAC,EACD,CAAC,yBAAyB,CAAC,CAC5B,CAAC;IAEF,MAAM,aAAa,GAAG,WAAW,CAC/B,KAAK,EAAE,aAA4B,EAAE,EAAE;QACrC,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAEhD,yDAAyD;QACzD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,YAAY,GAAG,yBAAyB,CAAC,aAAa,CAAC,CAAC;YAC9D,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IAC1B,CAAC,EACD,CAAC,yBAAyB,CAAC,CAC5B,CAAC;IAEF,sEAAsE;IACtE,MAAM,YAAY,GAAG,WAAW;QAC9B,CAAC,CAAC;YACE,OAAO,EAAE;gBACP,IAAI,EAAE,WAAsB;gBAC5B,OAAO,EAAE,YAAY,EAAE,OAAO;gBAC9B,WAAW,EAAE,YAAY,EAAE,WAAW;gBACtC,YAAY,EAAE,YAAY,EAAE,YAAY;aACzC;YACD,IAAI,EAAE,WAA6B;YACnC,OAAO,EAAE,YAAY,EAAE,OAAO,IAAI,IAAI;YACtC,WAAW,EAAE,YAAY,EAAE,WAAW,IAAI,IAAI;YAC9C,YAAY,EAAE,YAAY,EAAE,YAAY,IAAI,IAAI;YAChD,eAAe,EAAG,UAAsC;gBACtD,EAAE,eAAe;YACnB,SAAS,EAAE,KAAK,EAAE,uCAAuC;YACzD,UAAU,EAAE,eAA6B;YACzC,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,aAAa;YACtB,yBAAyB,EAAE,+BAA+B;YAC1D,iBAAiB,EAAE,uBAAuB;YAC1C,iBAAiB,EAAE,uBAAuB;YAC1C,WAAW,EAAE,MAAM,EAAE,WAA0B;YAC/C,OAAO,EAAE,MAAM,EAAE,OAAO;SACzB;QACH,CAAC,CAAC,IAAI,CAAC;IAET,oCAAoC;IACpC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAC5C,YAAY,CACb,CAAC;IAEF,mDAAmD;IACnD,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,YAAY,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QACnD,4CAA4C;QAC5C,IAAI,YAAY,EAAE,MAAM,EAAE,CAAC;YACzB,MAAM,cAAc,GAAG,KAAK,IAAI,EAAE;gBAChC,IAAI,CAAC;oBACH,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;gBACzC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC,CAAC;YACF,cAAc,EAAE,CAAC;QACnB,CAAC;QAED,6BAA6B;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,EAAE;YACjD,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QACxC,oBAAoB;QACpB,IAAI,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;YACxB,cAAc,CAAC,YAAY,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,WAAW,CAAC;QACnB,uDAAuD;IACzD,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEb,mCAAmC;IACnC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,EAAE;QAChC,OAAO,wBAAwB,CAAC,WAAW,EAAE,OAAO,IAAI,IAAI,CAAC,CAAC;IAChE,CAAC,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IAE3B,yDAAyD;IACzD,wEAAwE;IACxE,8CAA8C;IAC9C,6EAA6E;IAC7E,yEAAyE;IACzE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,IAAsB;YACxC,OAAO,EAAE,YAAY,CAAC,OAAO;YAC7B,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,YAAY,EAAE,YAAY,CAAC,YAAY;YACvC,eAAe,EAAE,YAAY,CAAC,eAAe;YAC7C,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,UAAU,EAAE,WAAW,CAAC,UAAwB;YAChD,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,aAAa;YACtB,yBAAyB,EAAE,+BAA+B;YAC1D,iBAAiB,EAAE,uBAAuB;YAC1C,iBAAiB,EAAE,uBAAuB;YAC1C,WAAW,EAAE,WAAW,CAAC,WAA0B;SACpD,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,8FAA8F;IAC9F,OAAO;QACL,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,IAAI;QAClB,eAAe,EAAE,SAAS;QAC1B,SAAS,EAAE,IAAI;QACf,UAAU,EAAE,iBAA+B;QAC3C,KAAK,EAAE,IAAI;QACX,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,aAAa;QACtB,yBAAyB,EAAE,+BAA+B;QAC1D,iBAAiB,EAAE,uBAAuB;QAC1C,iBAAiB,EAAE,uBAAuB;QAC1C,WAAW,EAAE,MAAM,EAAE,WAA0B;KAChD,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,CAAC","sourcesContent":["/**\n * useUser Hook\n *\n * A comprehensive user session hook that provides full user data including profile information,\n * authentication tokens, and authentication state. Supports generic typing for custom user data.\n *\n * Use this hook when you:\n * - Need access to user profile information (user object)\n * - Need authentication tokens (JWT, access, refresh tokens)\n * - Are working with custom user data types\n * - Need comprehensive user session data\n * - Want backward compatibility with legacy UserContext\n *\n * This hook supports two authentication patterns with automatic fallback:\n * 1. Provider-based (legacy): Uses CivicAuthProvider or CivicNextAuthProvider\n * 2. Provider-free (modern): Direct configuration via useUser(config)\n *\n * Usage Examples:\n *\n * // With provider (existing approach - NextJS/React providers)\n * <CivicAuthProvider clientId=\"...\" config={{ oauthServer: \"...\" }}>\n * const { user, isLoading, signIn } = useUser();\n * </CivicAuthProvider>\n *\n * // Without provider (new approach) - direct configuration\n * const { user, authStatus, signOut } = useUser({\n * clientId: \"your-client-id\",\n * config: { oauthServer: \"https://auth.civic.com/oauth/\" },\n * displayMode: \"iframe\", // or \"redirect\", \"popup\", etc.\n * scopes: [\"openid\", \"profile\", \"email\"],\n * onSignIn: (error) => console.log(\"Sign in completed\", error),\n * onSignOut: () => console.log(\"Sign out completed\")\n * });\n *\n * // Generic typing for custom user data\n * interface CustomUser { customField: string; }\n * const { user } = useUser<CustomUser>(); // user will be User<CustomUser> | null\n */\n\"use client\";\nimport { useContext, useState, useEffect, useCallback, useMemo } from \"react\";\nimport { ServerUserContext } from \"../../nextjs/providers/ServerUserContext.js\";\nimport type { User, ForwardedTokens } from \"../../types.js\";\nimport type { AuthStatus } from \"../../types.js\";\nimport type { DisplayMode } from \"../../types.js\";\nimport {\n GlobalAuthManager,\n type GlobalAuthConfig,\n type GlobalAuthState,\n} from \"../core/GlobalAuthManager.js\";\nimport { extractTokensFromSession } from \"../../vanillajs/utils/auth-utils.js\";\nimport type { VanillaJSDisplayMode } from \"../../vanillajs/auth/types/AuthTypes.js\";\nimport type { IframeMode } from \"../../types.js\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { useIsClient } from \"usehooks-ts\";\n\n// Type for server user data that may include forwardedTokens from session storage\ntype ServerUserWithTokens<\n T extends Record<string, unknown> = Record<string, never>,\n> = User<T> & { forwardedTokens?: ForwardedTokens };\n\n// Configuration type for signIn and signOut functions\nexport interface SignInConfig {\n displayMode?: VanillaJSDisplayMode;\n iframeMode?: IframeMode;\n clientId?: string;\n redirectUrl?: string;\n logoutRedirectUrl?: string;\n targetContainerElement?: HTMLElement | string;\n scopes?: string[];\n authProcessTimeout?: number;\n preloadIframe?: boolean;\n autoRedirect?: boolean;\n onSignIn?: (error?: Error) => void;\n onSignOut?: () => void;\n onUrlChange?: (url: string, source?: string) => void;\n}\n\nexport interface UserContextType<\n T extends Record<string, unknown> = Record<string, never>,\n> {\n user: User<T> | null;\n idToken?: string | null;\n accessToken?: string | null;\n refreshToken?: string | null;\n forwardedTokens?: ForwardedTokens;\n isLoading: boolean;\n authStatus: AuthStatus;\n error: Error | null;\n signIn: (config?: SignInConfig) => Promise<{ user: User<T> }>;\n signOut: (config?: SignInConfig) => Promise<void>;\n // Preloading methods\n isAuthenticationPreloaded: () => boolean;\n setPreloadEnabled: (enabled: boolean) => void;\n getPreloadEnabled: () => boolean;\n displayMode?: DisplayMode;\n}\n\nconst useUser = <T extends Record<string, unknown> = Record<string, never>>(\n config?: GlobalAuthConfig,\n): UserContextType<T> => {\n // Always call context hooks unconditionally (rules of hooks)\n const serverAuthData = useContext(ServerUserContext);\n const { user: serverUser, tokens: serverTokens } = serverAuthData || {};\n const isClient = useIsClient();\n const localStorageAdapter = useMemo(\n () => (isClient ? new LocalStorageAdapter() : null),\n [isClient],\n );\n const localUserStorage = useMemo(\n () =>\n localStorageAdapter\n ? new GenericUserSession<T>(localStorageAdapter)\n : null,\n [localStorageAdapter],\n );\n const localStorageUserData = localUserStorage?.getSync() || null; // Get user from local storage if available\n const initialUser = serverUser || localStorageUserData; // Get initial user from server context or local storage\n\n // Helper to merge config overrides with current manager config\n const createConfigWithOverrides = useCallback(\n (overrides: SignInConfig): GlobalAuthConfig => {\n const manager = GlobalAuthManager.getInstance();\n const currentConfig = manager.getConfig();\n\n // Use current config from manager, or fall back to initial config if manager not initialized\n const baseConfig = currentConfig || config || {};\n\n return {\n ...baseConfig, // Complete current config from GlobalAuthManager\n // Override specific properties while keeping the base config\n ...(overrides.displayMode && { displayMode: overrides.displayMode }),\n ...(overrides.iframeMode !== undefined && {\n iframeMode: overrides.iframeMode,\n }),\n ...(overrides.clientId && { clientId: overrides.clientId }),\n ...(overrides.redirectUrl && { redirectUrl: overrides.redirectUrl }),\n ...(overrides.logoutRedirectUrl && {\n logoutRedirectUrl: overrides.logoutRedirectUrl,\n }),\n ...(overrides.targetContainerElement && {\n targetContainerElement: overrides.targetContainerElement,\n }),\n ...(overrides.scopes && { scopes: overrides.scopes }),\n ...(overrides.authProcessTimeout && {\n authProcessTimeout: overrides.authProcessTimeout,\n }),\n ...(overrides.preloadIframe !== undefined && {\n preloadIframe: overrides.preloadIframe,\n }),\n ...(overrides.autoRedirect !== undefined && {\n autoRedirect: overrides.autoRedirect,\n }),\n ...(overrides.onSignIn && { onSignIn: overrides.onSignIn }),\n ...(overrides.onSignOut && { onSignOut: overrides.onSignOut }),\n ...(overrides.onUrlChange && { onUrlChange: overrides.onUrlChange }),\n ...(currentConfig && serverAuthData\n ? { storage: new BrowserCookieStorage() }\n : localStorageAdapter), // Use cookie storage if server data present\n ...(currentConfig && initialUser ? { initialUser } : {}), // Use server user as initial user if available\n };\n },\n [config, initialUser, serverAuthData, localStorageAdapter],\n );\n\n // Global manager preloading functions\n const globalIsAuthenticationPreloaded = useCallback(() => {\n const manager = GlobalAuthManager.getInstance();\n return manager.isAuthenticationPreloaded();\n }, []);\n\n const globalSetPreloadEnabled = useCallback((enabled: boolean) => {\n const manager = GlobalAuthManager.getInstance();\n manager.setPreloadEnabled(enabled);\n }, []);\n\n const globalGetPreloadEnabled = useCallback(() => {\n const manager = GlobalAuthManager.getInstance();\n return manager.getPreloadEnabled();\n }, []);\n\n // Global manager sign in/out functions\n const globalSignIn = useCallback(\n async (signInConfig?: SignInConfig) => {\n const manager = GlobalAuthManager.getInstance();\n\n // If config is provided, reinitialize with merged config\n if (signInConfig) {\n const mergedConfig = createConfigWithOverrides(signInConfig);\n await manager.initialize(mergedConfig);\n }\n\n await manager.signIn();\n\n // Get the user after sign in\n const state = manager.getState();\n if (!state.user) {\n throw new Error(\"Authentication succeeded but no user was returned\");\n }\n\n return { user: state.user as User<T> };\n },\n [createConfigWithOverrides],\n );\n\n const globalSignOut = useCallback(\n async (signOutConfig?: SignInConfig) => {\n const manager = GlobalAuthManager.getInstance();\n\n // If config is provided, reinitialize with merged config\n if (signOutConfig) {\n const mergedConfig = createConfigWithOverrides(signOutConfig);\n await manager.initialize(mergedConfig);\n }\n\n await manager.signOut();\n },\n [createConfigWithOverrides],\n );\n\n // Only set initial state if we have server data or local storage data\n const initialState = initialUser\n ? {\n session: {\n user: initialUser as User<T>,\n idToken: serverTokens?.idToken,\n accessToken: serverTokens?.accessToken,\n refreshToken: serverTokens?.refreshToken,\n },\n user: initialUser as User<T> | null,\n idToken: serverTokens?.idToken || null,\n accessToken: serverTokens?.accessToken || null,\n refreshToken: serverTokens?.refreshToken || null,\n forwardedTokens: (serverUser as ServerUserWithTokens<T>)\n ?.forwardedTokens,\n isLoading: false, // Server data is immediately available\n authStatus: \"authenticated\" as AuthStatus,\n error: null,\n signIn: globalSignIn,\n signOut: globalSignOut,\n isAuthenticationPreloaded: globalIsAuthenticationPreloaded,\n setPreloadEnabled: globalSetPreloadEnabled,\n getPreloadEnabled: globalGetPreloadEnabled,\n displayMode: config?.displayMode as DisplayMode,\n storage: config?.storage,\n }\n : null;\n\n // State for global manager approach\n const [globalState, setGlobalState] = useState<GlobalAuthState | null>(\n initialState,\n );\n\n // Initialize global manager if no provider context\n useEffect(() => {\n const manager = GlobalAuthManager.getInstance();\n const mergedConfig = createConfigWithOverrides({});\n // If config is provided, initialize with it\n if (mergedConfig?.config) {\n const initializeAuth = async () => {\n try {\n await manager.initialize(mergedConfig);\n } catch (error) {\n console.error(\"Failed to initialize auth:\", error);\n }\n };\n initializeAuth();\n }\n\n // Subscribe to state changes\n const unsubscribe = manager.subscribe((newState) => {\n setGlobalState(newState);\n });\n\n const currentState = manager.getState();\n // Get current state\n if (manager.getConfig()) {\n setGlobalState(currentState);\n }\n\n return unsubscribe;\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [config]);\n\n // Extract tokens from global state\n const globalTokens = useMemo(() => {\n return extractTokensFromSession(globalState?.session || null);\n }, [globalState?.session]);\n\n // 2. GlobalAuthManager (MODERN - Provider-free approach)\n // Singleton-based state management, eliminates need for React providers\n // Location: reactjs/core/GlobalAuthManager.ts\n // Usage: React example uses CivicAuthProvider → GlobalAuthManager internally\n // Can also be used directly: useUser({ clientId: \"...\", config: {...} })\n if (globalState) {\n return {\n user: globalState.user as User<T> | null,\n idToken: globalTokens.idToken,\n accessToken: globalTokens.accessToken,\n refreshToken: globalTokens.refreshToken,\n forwardedTokens: globalTokens.forwardedTokens,\n isLoading: globalState.isLoading,\n authStatus: globalState.authStatus as AuthStatus,\n error: globalState.error,\n signIn: globalSignIn,\n signOut: globalSignOut,\n isAuthenticationPreloaded: globalIsAuthenticationPreloaded,\n setPreloadEnabled: globalSetPreloadEnabled,\n getPreloadEnabled: globalGetPreloadEnabled,\n displayMode: globalState.displayMode as DisplayMode,\n };\n }\n\n // If no context and no global state, provide default loading state\n // This happens when CivicAuthProvider is present but GlobalAuthManager hasn't initialized yet\n return {\n user: null,\n idToken: null,\n accessToken: null,\n refreshToken: null,\n forwardedTokens: undefined,\n isLoading: true,\n authStatus: \"unauthenticated\" as AuthStatus,\n error: null,\n signIn: globalSignIn,\n signOut: globalSignOut,\n isAuthenticationPreloaded: globalIsAuthenticationPreloaded,\n setPreloadEnabled: globalSetPreloadEnabled,\n getPreloadEnabled: globalGetPreloadEnabled,\n displayMode: config?.displayMode as DisplayMode,\n };\n};\n\nexport { useUser };\n"]}
package/dist/server/ServerAuthenticationResolver.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import type { AuthStorage, Endpoints, OIDCTokenResponseBody, SessionData } from "../types.js";
2
2
  import type { AuthConfig } from "../server/config.js";
3
3
  import type { AuthenticationResolver } from "../services/types.ts";
4
+ import type { CookieStorage } from "../shared/lib/storage.js";
4
5
  export declare class ServerAuthenticationResolver implements AuthenticationResolver {
5
6
  readonly authConfig: AuthConfig;
6
7
  readonly storage: AuthStorage;
@@ -19,12 +20,12 @@ export declare class ServerAuthenticationResolver implements AuthenticationResol
19
20
  * returns The session data if the session is valid, otherwise an unauthenticated session
20
21
  * @returns {Promise<SessionData>}
21
22
  */
22
- validateExistingSession(autoRefresh?: boolean): Promise<SessionData>;
23
+ validateExistingSession(attemptRehydration?: boolean): Promise<SessionData>;
23
24
  get oauthServer(): string;
24
25
  init(): Promise<this>;
25
26
  tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
26
27
  getSessionData(): Promise<SessionData | null>;
27
28
  getEndSessionEndpoint(): Promise<string | null>;
28
- static build(authConfig: AuthConfig, storage: AuthStorage, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationResolver>;
29
+ static build(authConfig: AuthConfig, storage: CookieStorage, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationResolver>;
29
30
  }
30
31
  //# sourceMappingURL=ServerAuthenticationResolver.d.ts.map
package/dist/server/ServerAuthenticationResolver.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ServerAuthenticationResolver.d.ts","sourceRoot":"","sources":["../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAUrD,OAAO,KAAK,EAAE,sBAAsB,EAAgB,MAAM,qBAAqB,CAAC;AAShF,qBAAa,4BAA6B,YAAW,sBAAsB;IAMvE,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,OAAO,EAAE,WAAW;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAPjD,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;IAEzC,OAAO;IAeP;;;;OAIG;IACG,gBAAgB,CACpB,WAAW,EAAE,WAAW,GAAG,IAAI,GAC9B,OAAO,CAAC,WAAW,CAAC;IA+DvB;;;OAGG;IACG,uBAAuB,CAAC,WAAW,UAAO,GAAG,OAAO,CAAC,WAAW,CAAC;IAmDvE,IAAI,WAAW,IAAI,MAAM,CAExB;IAEK,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IA4C3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAc7C,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;WAOxC,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,sBAAsB,CAAC;CAUnC"}
1
+ {"version":3,"file":"ServerAuthenticationResolver.d.ts","sourceRoot":"","sources":["../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAUrD,OAAO,KAAK,EAAE,sBAAsB,EAAgB,MAAM,qBAAqB,CAAC;AAMhF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAI7D,qBAAa,4BAA6B,YAAW,sBAAsB;IAMvE,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,OAAO,EAAE,WAAW;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAPjD,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;IAEzC,OAAO;IAeP;;;;OAIG;IACG,gBAAgB,CACpB,WAAW,EAAE,WAAW,GAAG,IAAI,GAC9B,OAAO,CAAC,WAAW,CAAC;IA8EvB;;;OAGG;IACG,uBAAuB,CAC3B,kBAAkB,UAAO,GACxB,OAAO,CAAC,WAAW,CAAC;IAqDvB,IAAI,WAAW,IAAI,MAAM,CAExB;IAEK,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAuBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IA4C3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAc7C,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;WAOxC,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,sBAAsB,CAAC;CAUnC"}
package/dist/server/ServerAuthenticationResolver.js CHANGED
@@ -4,7 +4,7 @@ import { clearTokens, clearUser, exchangeTokens, getEndpointsWithOverrides, retr
4
4
  import { DEFAULT_AUTH_SERVER } from "../constants.js";
5
5
  import { CodeVerifier } from "../shared/lib/types.js";
6
6
  import { loggers } from "../lib/logger.js";
7
- import { getUser } from "../shared/lib/session.js";
7
+ import { getUser, getUserFromTokens } from "../shared/lib/session.js";
8
8
  import { GenericUserSession } from "../shared/lib/UserSession.js";
9
9
  const logger = loggers.services.validation;
10
10
  export class ServerAuthenticationResolver {
@@ -55,8 +55,24 @@ export class ServerAuthenticationResolver {
55
55
  }
56
56
  // Validate the refreshed tokens
57
57
  await validateOauth2Tokens(tokenResponseBody, this.endpoints.jwks, this.oauth2client, this.oauthServer);
58
- // Store the refreshed tokens
59
58
  await storeServerTokens(this.storage, tokenResponseBody);
59
+ // Store user data if a user can be derived from the tokens
60
+ try {
61
+ const user = await getUserFromTokens(tokenResponseBody);
62
+ if (user) {
63
+ const userSession = new GenericUserSession(this.storage);
64
+ await userSession.set(user);
65
+ logger.debug("User cookie stored successfully", {
66
+ hasUser: !!user,
67
+ });
68
+ }
69
+ else {
70
+ logger.warn("No user found after token exchange");
71
+ }
72
+ }
73
+ catch (error) {
74
+ logger.error("Failed to store user cookie:", error);
75
+ }
60
76
  // Construct a refreshed session with the new tokens
61
77
  return {
62
78
  authenticated: true,
@@ -64,6 +80,7 @@ export class ServerAuthenticationResolver {
64
80
  accessToken: tokenResponseBody.access_token,
65
81
  refreshToken: tokenResponseBody.refresh_token,
66
82
  oidcSessionExpiresAt: tokenResponseBody.oidc_session_expires_at,
83
+ wasRehydrated: true,
67
84
  };
68
85
  }
69
86
  catch (error) {
@@ -80,14 +97,14 @@ export class ServerAuthenticationResolver {
80
97
  * returns The session data if the session is valid, otherwise an unauthenticated session
81
98
  * @returns {Promise<SessionData>}
82
99
  */
83
- async validateExistingSession(autoRefresh = true) {
100
+ async validateExistingSession(attemptRehydration = true) {
84
101
  // TODO: investigate a more peformant way to validate a server session
85
102
  // other than using JWKS and JWT verification which is what validateOauth2Tokens uses
86
103
  const sessionData = await this.getSessionData();
87
104
  // If we don't have an ID token, try to refresh if we have a refresh token
88
105
  // Access token is no longer required for authentication
89
106
  if (!sessionData?.idToken) {
90
- if (autoRefresh) {
107
+ if (attemptRehydration) {
91
108
  const refreshedSessionData = await this.tryRefreshTokens(sessionData);
92
109
  if (refreshedSessionData.authenticated) {
93
110
  return refreshedSessionData;
@@ -112,8 +129,8 @@ export class ServerAuthenticationResolver {
112
129
  return sessionData;
113
130
  }
114
131
  catch (error) {
115
- logger.warn("Error validating tokens", { error, autoRefresh });
116
- if (autoRefresh) {
132
+ logger.warn("Error validating tokens", { error });
133
+ if (attemptRehydration) {
117
134
  // If token validation fails, try to refresh tokens
118
135
  const refreshedSessionData = await this.tryRefreshTokens(sessionData);
119
136
  if (refreshedSessionData.authenticated) {
package/dist/server/ServerAuthenticationResolver.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ServerAuthenticationResolver.js","sourceRoot":"","sources":["../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQ3C,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,yBAAyB,EACzB,cAAc,EACd,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;AAE3C,MAAM,OAAO,4BAA4B;IAM5B;IACA;IACA;IAPH,YAAY,CAAsB;IAClC,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,YACW,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAFtC,eAAU,GAAV,UAAU,CAAY;QACtB,YAAO,GAAP,OAAO,CAAa;QACpB,sBAAiB,GAAjB,iBAAiB,CAAqB;QAE/C,mDAAmD;QACnD,kBAAkB;QAClB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,KAAK,KAAK,CAAC;QAE1C,gDAAgD;QAChD,IAAI,CAAC,YAAY,GAAG,OAAO;YACzB,CAAC,CAAC,IAAI,+BAA+B,CAAC,OAAO,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CACpB,WAA+B;QAE/B,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;QAClD,wDAAwD;QACxD,IAAI,WAAW,EAAE,YAAY,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,uDAAuD;gBACvD,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;oBAChD,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBACpB,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;oBAChD,MAAM,IAAI,KAAK,CACb,qDAAqD,CACtD,CAAC;gBACJ,CAAC;gBAED,mDAAmD;gBACnD,MAAM,cAAc,GAA2B,EAAE,CAAC;gBAClD,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;oBACjC,cAAc,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;oBAC1D,cAAc,CAAC,gBAAgB,GAAG,cAAc,CAAC;gBACnD,CAAC;gBAED,MAAM,iBAAiB,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CACnE,WAAW,CAAC,YAAY,EACxB,cAAc,CACf,CAA0B,CAAC;gBAE5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;gBAC/D,CAAC;gBAED,gCAAgC;gBAChC,MAAM,oBAAoB,CACxB,iBAAiB,EACjB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,WAAW,CACjB,CAAC;gBAEF,6BAA6B;gBAC7B,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;gBAEzD,oDAAoD;gBACpD,OAAO;oBACL,aAAa,EAAE,IAAI;oBACnB,OAAO,EAAE,iBAAiB,CAAC,QAAQ;oBACnC,WAAW,EAAE,iBAAiB,CAAC,YAAY;oBAC3C,YAAY,EAAE,iBAAiB,CAAC,aAAa;oBAC7C,oBAAoB,EAAE,iBAAiB,CAAC,uBAAuB;iBAChE,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;gBAC/C,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAChC,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9B,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;YAClD,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;IAClD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,uBAAuB,CAAC,WAAW,GAAG,IAAI;QAC9C,sEAAsE;QACtE,qFAAqF;QACrF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,0EAA0E;QAC1E,wDAAwD;QACxD,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,CAAC;YAC1B,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACtE,IAAI,oBAAoB,CAAC,aAAa,EAAE,CAAC;oBACvC,OAAO,oBAAoB,CAAC;gBAC9B,CAAC;YACH,CAAC;YACD,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QAClD,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAEnE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACH,+EAA+E;YAC/E,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW,EAAE,mBAAmB;gBAC1D,QAAQ,EAAE,WAAW,CAAC,OAAO,EAAE,kBAAkB;gBACjD,aAAa,EAAE,WAAW,CAAC,YAAY;gBACvC,uBAAuB,EAAE,WAAW,CAAC,oBAAoB;aAC1D,EACD,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,WAAW,CACjB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;YAC/D,IAAI,WAAW,EAAE,CAAC;gBAChB,mDAAmD;gBACnD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACtE,IAAI,oBAAoB,CAAC,aAAa,EAAE,CAAC;oBACvC,OAAO,oBAAoB,CAAC;gBAC9B,CAAC;YACH,CAAC;YACD,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,IAAI;QACR,kDAAkD;QAClD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAE1C,iEAAiE;QACjE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC3E,CAAC;QAED,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,SAAU,EAAE,8CAA8C;QAC/D,IAAI,CAAC,UAAU,CAAC,YAAY,CAC7B,CAAC;QAEF,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAE9C,iEAAiE;QACjE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzD,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC5B,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACvE,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACpD,oFAAoF;QACtF,CAAC;QAED,wEAAwE;QACxE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvD,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,iDAAiD;YACxF,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY,EAAE,WAAW;YAClD,YAAY,EAAE,WAAW,CAAC,aAAa;YACvC,oBAAoB,EAAE,WAAW,CAAC,uBAAuB;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;IACnC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAEtC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAC/C,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport type {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport {\n clearTokens,\n clearUser,\n exchangeTokens,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeServerTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { CodeVerifier } from \"@/shared/lib/types.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\n\nconst logger = loggers.services.validation;\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n private pkceProducer: PKCEProducer | null;\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n readonly authConfig: AuthConfig,\n readonly storage: AuthStorage,\n readonly endpointOverrides?: Partial<Endpoints>,\n ) {\n // Determine if PKCE should be used based on config\n // Default to true\n const usePkce = authConfig.pkce !== false;\n\n // Only create PKCE producer if we're using PKCE\n this.pkceProducer = usePkce\n ? new GenericPublicClientPKCEProducer(storage)\n : null;\n }\n\n /**\n * Attempts to refresh tokens if a refresh token is available\n * @param sessionData Current session data\n * @returns Updated session data\n */\n async tryRefreshTokens(\n sessionData: SessionData | null,\n ): Promise<SessionData> {\n logger.debug(\"tryRefreshTokens\", { sessionData });\n // If there's a refresh token, attempt to refresh tokens\n if (sessionData?.refreshToken) {\n try {\n // Only attempt refresh if we have necessary components\n if (!this.oauth2client || !this.endpoints?.jwks) {\n await this.init();\n }\n\n if (!this.oauth2client || !this.endpoints?.jwks) {\n throw new Error(\n \"Failed to initialize OAuth client for token refresh\",\n );\n }\n\n // Use the oauth2client to refresh the access token\n const refreshOptions: Record<string, string> = {};\n if (this.authConfig.clientSecret) {\n refreshOptions.credentials = this.authConfig.clientSecret;\n refreshOptions.authenticateWith = \"request_body\";\n }\n\n const tokenResponseBody = (await this.oauth2client.refreshAccessToken(\n sessionData.refreshToken,\n refreshOptions,\n )) as OIDCTokenResponseBody;\n\n if (!tokenResponseBody) {\n throw new Error(\"Failed to get token response from refresh\");\n }\n\n // Validate the refreshed tokens\n await validateOauth2Tokens(\n tokenResponseBody,\n this.endpoints.jwks,\n this.oauth2client,\n this.oauthServer,\n );\n\n // Store the refreshed tokens\n await storeServerTokens(this.storage, tokenResponseBody);\n\n // Construct a refreshed session with the new tokens\n return {\n authenticated: true,\n idToken: tokenResponseBody.id_token,\n accessToken: tokenResponseBody.access_token,\n refreshToken: tokenResponseBody.refresh_token,\n oidcSessionExpiresAt: tokenResponseBody.oidc_session_expires_at,\n };\n } catch (error) {\n logger.warn(\"Failed to refresh tokens\", error);\n await clearTokens(this.storage);\n await clearUser(this.storage);\n return { ...sessionData, authenticated: false };\n }\n }\n\n // No refresh token available\n return { ...sessionData, authenticated: false };\n }\n\n /**\n * returns The session data if the session is valid, otherwise an unauthenticated session\n * @returns {Promise<SessionData>}\n */\n async validateExistingSession(autoRefresh = true): Promise<SessionData> {\n // TODO: investigate a more peformant way to validate a server session\n // other than using JWKS and JWT verification which is what validateOauth2Tokens uses\n const sessionData = await this.getSessionData();\n\n // If we don't have an ID token, try to refresh if we have a refresh token\n // Access token is no longer required for authentication\n if (!sessionData?.idToken) {\n if (autoRefresh) {\n const refreshedSessionData = await this.tryRefreshTokens(sessionData);\n if (refreshedSessionData.authenticated) {\n return refreshedSessionData;\n }\n }\n return { ...sessionData, authenticated: false };\n }\n\n // Initialize if needed\n if (!this.endpoints?.jwks || !this.oauth2client) await this.init();\n\n if (!this.endpoints?.jwks) {\n throw new Error(\"JWKS endpoint not found\");\n }\n\n try {\n // Validate existing tokens - access token validation happens only if it exists\n await validateOauth2Tokens(\n {\n access_token: sessionData.accessToken, // May be undefined\n id_token: sessionData.idToken, // Always required\n refresh_token: sessionData.refreshToken,\n oidc_session_expires_at: sessionData.oidcSessionExpiresAt,\n },\n this.endpoints.jwks,\n this.oauth2client!,\n this.oauthServer,\n );\n return sessionData;\n } catch (error) {\n logger.warn(\"Error validating tokens\", { error, autoRefresh });\n if (autoRefresh) {\n // If token validation fails, try to refresh tokens\n const refreshedSessionData = await this.tryRefreshTokens(sessionData);\n if (refreshedSessionData.authenticated) {\n return refreshedSessionData;\n }\n }\n return { ...sessionData, authenticated: false };\n }\n }\n\n get oauthServer(): string {\n return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;\n }\n\n async init(): Promise<this> {\n // Ensure clientId is present for OAuth operations\n if (!this.authConfig.clientId) {\n throw new Error(\"clientId is required for OAuth server operations\");\n }\n\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n\n // Check if we're using PKCE and validate code verifier if needed\n if (this.pkceProducer) {\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n }\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n this.authConfig.clientSecret,\n );\n\n await storeServerTokens(this.storage, tokens);\n\n // Store user data in cookie (like VanillaJS implementation does)\n try {\n const user = await getUser(this.storage);\n if (user) {\n const userSession = new GenericUserSession(this.storage);\n await userSession.set(user);\n logger.debug(\"User cookie stored successfully\", { hasUser: !!user });\n } else {\n logger.warn(\"No user found after token exchange\");\n }\n } catch (error) {\n logger.error(\"Failed to store user cookie:\", error);\n // Don't throw - tokens are already stored, this is just for client-side convenience\n }\n\n // the code verifier should be single-use, so we delete it if using PKCE\n if (this.pkceProducer) {\n await this.storage.delete(CodeVerifier.COOKIE_NAME);\n }\n return tokens;\n }\n\n async getSessionData(): Promise<SessionData | null> {\n const storageData = await retrieveTokens(this.storage);\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token, // User is authenticated if they have an ID token\n idToken: storageData.id_token,\n accessToken: storageData.access_token, // Optional\n refreshToken: storageData.refresh_token,\n oidcSessionExpiresAt: storageData.oidc_session_expires_at,\n };\n }\n\n async getEndSessionEndpoint(): Promise<string | null> {\n if (!this.endpoints) {\n return null;\n }\n return this.endpoints.endsession;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationResolver> {\n const resolver = new ServerAuthenticationResolver(\n authConfig,\n storage,\n endpointOverrides,\n );\n await resolver.init();\n\n return resolver;\n }\n}\n"]}
1
+ {"version":3,"file":"ServerAuthenticationResolver.js","sourceRoot":"","sources":["../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQ3C,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,yBAAyB,EACzB,cAAc,EACd,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGjE,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;AAE3C,MAAM,OAAO,4BAA4B;IAM5B;IACA;IACA;IAPH,YAAY,CAAsB;IAClC,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,YACW,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAFtC,eAAU,GAAV,UAAU,CAAY;QACtB,YAAO,GAAP,OAAO,CAAa;QACpB,sBAAiB,GAAjB,iBAAiB,CAAqB;QAE/C,mDAAmD;QACnD,kBAAkB;QAClB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,KAAK,KAAK,CAAC;QAE1C,gDAAgD;QAChD,IAAI,CAAC,YAAY,GAAG,OAAO;YACzB,CAAC,CAAC,IAAI,+BAA+B,CAAC,OAAO,CAAC;YAC9C,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CACpB,WAA+B;QAE/B,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;QAClD,wDAAwD;QACxD,IAAI,WAAW,EAAE,YAAY,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,uDAAuD;gBACvD,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;oBAChD,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBACpB,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;oBAChD,MAAM,IAAI,KAAK,CACb,qDAAqD,CACtD,CAAC;gBACJ,CAAC;gBAED,mDAAmD;gBACnD,MAAM,cAAc,GAA2B,EAAE,CAAC;gBAClD,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;oBACjC,cAAc,CAAC,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;oBAC1D,cAAc,CAAC,gBAAgB,GAAG,cAAc,CAAC;gBACnD,CAAC;gBAED,MAAM,iBAAiB,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,kBAAkB,CACnE,WAAW,CAAC,YAAY,EACxB,cAAc,CACf,CAA0B,CAAC;gBAE5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;gBAC/D,CAAC;gBAED,gCAAgC;gBAChC,MAAM,oBAAoB,CACxB,iBAAiB,EACjB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,WAAW,CACjB,CAAC;gBAEF,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;gBAEzD,2DAA2D;gBAC3D,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,CAAC,CAAC;oBACxD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBACzD,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;wBAC5B,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE;4BAC9C,OAAO,EAAE,CAAC,CAAC,IAAI;yBAChB,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;oBACpD,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;gBACtD,CAAC;gBACD,oDAAoD;gBACpD,OAAO;oBACL,aAAa,EAAE,IAAI;oBACnB,OAAO,EAAE,iBAAiB,CAAC,QAAQ;oBACnC,WAAW,EAAE,iBAAiB,CAAC,YAAY;oBAC3C,YAAY,EAAE,iBAAiB,CAAC,aAAa;oBAC7C,oBAAoB,EAAE,iBAAiB,CAAC,uBAAuB;oBAC/D,aAAa,EAAE,IAAI;iBACpB,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;gBAC/C,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAChC,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC9B,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;YAClD,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;IAClD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,uBAAuB,CAC3B,kBAAkB,GAAG,IAAI;QAEzB,sEAAsE;QACtE,qFAAqF;QACrF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhD,0EAA0E;QAC1E,wDAAwD;QACxD,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,CAAC;YAC1B,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACtE,IAAI,oBAAoB,CAAC,aAAa,EAAE,CAAC;oBACvC,OAAO,oBAAoB,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QAClD,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAEnE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACH,+EAA+E;YAC/E,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW,EAAE,mBAAmB;gBAC1D,QAAQ,EAAE,WAAW,CAAC,OAAO,EAAE,kBAAkB;gBACjD,aAAa,EAAE,WAAW,CAAC,YAAY;gBACvC,uBAAuB,EAAE,WAAW,CAAC,oBAAoB;aAC1D,EACD,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,WAAW,CACjB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAClD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,mDAAmD;gBACnD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBACtE,IAAI,oBAAoB,CAAC,aAAa,EAAE,CAAC;oBACvC,OAAO,oBAAoB,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,OAAO,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,IAAI;QACR,kDAAkD;QAClD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAE1C,iEAAiE;QACjE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC3E,CAAC;QAED,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,SAAU,EAAE,8CAA8C;QAC/D,IAAI,CAAC,UAAU,CAAC,YAAY,CAC7B,CAAC;QAEF,MAAM,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAE9C,iEAAiE;QACjE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzD,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC5B,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACvE,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACpD,oFAAoF;QACtF,CAAC;QAED,wEAAwE;QACxE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvD,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,iDAAiD;YACxF,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY,EAAE,WAAW;YAClD,YAAY,EAAE,WAAW,CAAC,aAAa;YACvC,oBAAoB,EAAE,WAAW,CAAC,uBAAuB;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;IACnC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAsB,EACtB,iBAAsC;QAEtC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAC/C,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport type {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport {\n clearTokens,\n clearUser,\n exchangeTokens,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeServerTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { CodeVerifier } from \"@/shared/lib/types.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { getUser, getUserFromTokens } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport type { CookieStorage } from \"@/shared/lib/storage.js\";\n\nconst logger = loggers.services.validation;\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n private pkceProducer: PKCEProducer | null;\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n readonly authConfig: AuthConfig,\n readonly storage: AuthStorage,\n readonly endpointOverrides?: Partial<Endpoints>,\n ) {\n // Determine if PKCE should be used based on config\n // Default to true\n const usePkce = authConfig.pkce !== false;\n\n // Only create PKCE producer if we're using PKCE\n this.pkceProducer = usePkce\n ? new GenericPublicClientPKCEProducer(storage)\n : null;\n }\n\n /**\n * Attempts to refresh tokens if a refresh token is available\n * @param sessionData Current session data\n * @returns Updated session data\n */\n async tryRefreshTokens(\n sessionData: SessionData | null,\n ): Promise<SessionData> {\n logger.debug(\"tryRefreshTokens\", { sessionData });\n // If there's a refresh token, attempt to refresh tokens\n if (sessionData?.refreshToken) {\n try {\n // Only attempt refresh if we have necessary components\n if (!this.oauth2client || !this.endpoints?.jwks) {\n await this.init();\n }\n\n if (!this.oauth2client || !this.endpoints?.jwks) {\n throw new Error(\n \"Failed to initialize OAuth client for token refresh\",\n );\n }\n\n // Use the oauth2client to refresh the access token\n const refreshOptions: Record<string, string> = {};\n if (this.authConfig.clientSecret) {\n refreshOptions.credentials = this.authConfig.clientSecret;\n refreshOptions.authenticateWith = \"request_body\";\n }\n\n const tokenResponseBody = (await this.oauth2client.refreshAccessToken(\n sessionData.refreshToken,\n refreshOptions,\n )) as OIDCTokenResponseBody;\n\n if (!tokenResponseBody) {\n throw new Error(\"Failed to get token response from refresh\");\n }\n\n // Validate the refreshed tokens\n await validateOauth2Tokens(\n tokenResponseBody,\n this.endpoints.jwks,\n this.oauth2client,\n this.oauthServer,\n );\n\n await storeServerTokens(this.storage, tokenResponseBody);\n\n // Store user data if a user can be derived from the tokens\n try {\n const user = await getUserFromTokens(tokenResponseBody);\n if (user) {\n const userSession = new GenericUserSession(this.storage);\n await userSession.set(user);\n logger.debug(\"User cookie stored successfully\", {\n hasUser: !!user,\n });\n } else {\n logger.warn(\"No user found after token exchange\");\n }\n } catch (error) {\n logger.error(\"Failed to store user cookie:\", error);\n }\n // Construct a refreshed session with the new tokens\n return {\n authenticated: true,\n idToken: tokenResponseBody.id_token,\n accessToken: tokenResponseBody.access_token,\n refreshToken: tokenResponseBody.refresh_token,\n oidcSessionExpiresAt: tokenResponseBody.oidc_session_expires_at,\n wasRehydrated: true,\n };\n } catch (error) {\n logger.warn(\"Failed to refresh tokens\", error);\n await clearTokens(this.storage);\n await clearUser(this.storage);\n return { ...sessionData, authenticated: false };\n }\n }\n\n // No refresh token available\n return { ...sessionData, authenticated: false };\n }\n\n /**\n * returns The session data if the session is valid, otherwise an unauthenticated session\n * @returns {Promise<SessionData>}\n */\n async validateExistingSession(\n attemptRehydration = true,\n ): Promise<SessionData> {\n // TODO: investigate a more peformant way to validate a server session\n // other than using JWKS and JWT verification which is what validateOauth2Tokens uses\n const sessionData = await this.getSessionData();\n\n // If we don't have an ID token, try to refresh if we have a refresh token\n // Access token is no longer required for authentication\n if (!sessionData?.idToken) {\n if (attemptRehydration) {\n const refreshedSessionData = await this.tryRefreshTokens(sessionData);\n if (refreshedSessionData.authenticated) {\n return refreshedSessionData;\n }\n }\n\n return { ...sessionData, authenticated: false };\n }\n\n // Initialize if needed\n if (!this.endpoints?.jwks || !this.oauth2client) await this.init();\n\n if (!this.endpoints?.jwks) {\n throw new Error(\"JWKS endpoint not found\");\n }\n\n try {\n // Validate existing tokens - access token validation happens only if it exists\n await validateOauth2Tokens(\n {\n access_token: sessionData.accessToken, // May be undefined\n id_token: sessionData.idToken, // Always required\n refresh_token: sessionData.refreshToken,\n oidc_session_expires_at: sessionData.oidcSessionExpiresAt,\n },\n this.endpoints.jwks,\n this.oauth2client!,\n this.oauthServer,\n );\n return sessionData;\n } catch (error) {\n logger.warn(\"Error validating tokens\", { error });\n if (attemptRehydration) {\n // If token validation fails, try to refresh tokens\n const refreshedSessionData = await this.tryRefreshTokens(sessionData);\n if (refreshedSessionData.authenticated) {\n return refreshedSessionData;\n }\n }\n\n return { ...sessionData, authenticated: false };\n }\n }\n\n get oauthServer(): string {\n return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;\n }\n\n async init(): Promise<this> {\n // Ensure clientId is present for OAuth operations\n if (!this.authConfig.clientId) {\n throw new Error(\"clientId is required for OAuth server operations\");\n }\n\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n\n // Check if we're using PKCE and validate code verifier if needed\n if (this.pkceProducer) {\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n }\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n this.authConfig.clientSecret,\n );\n\n await storeServerTokens(this.storage, tokens);\n\n // Store user data in cookie (like VanillaJS implementation does)\n try {\n const user = await getUser(this.storage);\n if (user) {\n const userSession = new GenericUserSession(this.storage);\n await userSession.set(user);\n logger.debug(\"User cookie stored successfully\", { hasUser: !!user });\n } else {\n logger.warn(\"No user found after token exchange\");\n }\n } catch (error) {\n logger.error(\"Failed to store user cookie:\", error);\n // Don't throw - tokens are already stored, this is just for client-side convenience\n }\n\n // the code verifier should be single-use, so we delete it if using PKCE\n if (this.pkceProducer) {\n await this.storage.delete(CodeVerifier.COOKIE_NAME);\n }\n return tokens;\n }\n\n async getSessionData(): Promise<SessionData | null> {\n const storageData = await retrieveTokens(this.storage);\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token, // User is authenticated if they have an ID token\n idToken: storageData.id_token,\n accessToken: storageData.access_token, // Optional\n refreshToken: storageData.refresh_token,\n oidcSessionExpiresAt: storageData.oidc_session_expires_at,\n };\n }\n\n async getEndSessionEndpoint(): Promise<string | null> {\n if (!this.endpoints) {\n return null;\n }\n return this.endpoints.endsession;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: CookieStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationResolver> {\n const resolver = new ServerAuthenticationResolver(\n authConfig,\n storage,\n endpointOverrides,\n );\n await resolver.init();\n\n return resolver;\n }\n}\n"]}
package/dist/server/index.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  export { CookieStorage } from "../shared/lib/storage.js";
2
+ export type { AuthStorage } from "../types.js";
2
3
  export type { SessionStorage, CookieStorageSettings, } from "../shared/lib/storage.js";
3
4
  export type { AuthConfig } from "./config.js";
4
5
  export { CivicAuth } from "./session.js";
package/dist/server/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,YAAY,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAExE,YAAY,EACV,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,YAAY,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAExE,YAAY,EACV,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC"}
package/dist/server/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AAEf,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAMxD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAuB,MAAM,YAAY,CAAC;AASjD,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\n\nexport { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n SessionStorage,\n CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport type { AuthConfig } from \"./config.js\";\nexport { CivicAuth } from \"./session.js\";\nexport { type RequestContext } from \"./login.js\";\n\nexport type { CivicAuthServerOptions } from \"@/server/types/express.js\";\n\nexport type {\n HandleCallbackRequest,\n HandleCallbackParams,\n UrlDetectionRequest,\n} from \"./session.js\";\nexport { buildLoginUrl, resolveOAuthAccessCode, isLoggedIn } from \"./login.js\";\nexport { buildLogoutRedirectUrl } from \"./logout.js\";\nexport { refreshTokens } from \"./refresh.js\";\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AAEf,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAOxD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAuB,MAAM,YAAY,CAAC;AASjD,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\n\nexport { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type { AuthStorage } from \"@/types.js\";\nexport type {\n SessionStorage,\n CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport type { AuthConfig } from \"./config.js\";\nexport { CivicAuth } from \"./session.js\";\nexport { type RequestContext } from \"./login.js\";\n\nexport type { CivicAuthServerOptions } from \"@/server/types/express.js\";\n\nexport type {\n HandleCallbackRequest,\n HandleCallbackParams,\n UrlDetectionRequest,\n} from \"./session.js\";\nexport { buildLoginUrl, resolveOAuthAccessCode, isLoggedIn } from \"./login.js\";\nexport { buildLogoutRedirectUrl } from \"./logout.js\";\nexport { refreshTokens } from \"./refresh.js\";\n"]}
package/dist/server/login.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import type { AuthStorage, OIDCTokenResponseBody, FrameworkType } from "../types.js";
2
2
  import type { AuthConfig } from "../server/config.ts";
3
+ import type { CookieStorage } from "./index.js";
3
4
  /**
4
5
  * Context interface for detecting frontend vs backend requests
5
6
  */
@@ -16,7 +17,7 @@ export interface RequestContext {
16
17
  * @param storage The place that this server uses to store session data (e.g. a cookie store)
17
18
  * @param config Oauth Server configuration
18
19
  */
19
- export declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
20
+ export declare function resolveOAuthAccessCode(code: string, state: string, storage: CookieStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
20
21
  export declare function isLoggedIn(storage: AuthStorage): Promise<boolean>;
21
22
  export declare function buildLoginUrl(config: Pick<AuthConfig, "clientId" | "redirectUrl"> & Partial<Pick<AuthConfig, "oauthServer" | "pkce" | "clientSecret">> & {
22
23
  scopes?: string[];
package/dist/server/login.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,qBAAqB,EACrB,aAAa,EACd,MAAM,YAAY,CAAC;AAKpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,GAAG,MAAM,GAAG,cAAc,CAAC,CAAC,GAAG;IACnE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,EACH,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,GAAG,CAAC,CA4Cd"}
1
+ {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,qBAAqB,EACrB,aAAa,EACd,MAAM,YAAY,CAAC;AAKpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,aAAa,EACtB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,GAAG,MAAM,GAAG,cAAc,CAAC,CAAC,GAAG;IACnE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,EACH,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,GAAG,CAAC,CA4Cd"}
package/dist/server/login.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/server/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAY/C;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAOG,EACH,OAAqB;IAErB,oFAAoF;IACpF,IAAI,KAAa,CAAC;IAClB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,sEAAsE;QACtE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACvB,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACjD,wDAAwD;QACxD,KAAK,GAAG,aAAa,CAAC;YACpB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,oCAAoC;QACpC,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,cAAc,CAAC;IAE/C,mDAAmD;IACnD,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC;IAEtC,iEAAiE;IACjE,MAAM,YAAY,GAChB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3E,kDAAkD;IAClD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,8BAA8B,CAAC;QACvD,GAAG,MAAM;QACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;QACtD,mGAAmG;QACnG,kEAAkE;QAClE,YAAY,EAAE,YAAY,IAAI,SAAS;KACxC,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type {\n AuthStorage,\n OIDCTokenResponseBody,\n FrameworkType,\n} from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { generateState } from \"@/lib/oauth.js\";\n\n/**\n * Context interface for detecting frontend vs backend requests\n */\nexport interface RequestContext {\n referer?: string;\n origin?: string;\n userAgent?: string;\n acceptsJson?: boolean;\n}\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n Partial<Pick<AuthConfig, \"oauthServer\" | \"pkce\" | \"clientSecret\">> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n framework?: FrameworkType;\n sdkVersion?: string;\n },\n storage?: AuthStorage,\n): Promise<URL> {\n // Generate state: prioritize provided state (which preserves frontend display mode)\n let state: string;\n if (config.state) {\n // Use the provided state (e.g., from frontend with display mode info)\n state = config.state;\n } else if (config.sdkVersion || config.framework) {\n // Generate new structured state with framework/SDK info\n state = generateState({\n framework: config.framework,\n sdkVersion: config.sdkVersion,\n });\n } else {\n // Generate random state as fallback\n state = Math.random().toString(36).substring(2);\n }\n\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n\n // Determine if PKCE should be used based on config\n // Default to true for backward compatibility if not specified\n const usePkce = config.pkce !== false;\n\n // Only create PKCE producer if we're using PKCE and have storage\n const pkceProducer =\n usePkce && storage ? new GenericPublicClientPKCEProducer(storage) : null;\n\n // Ensure clientId is present for OAuth operations\n if (!config.clientId) {\n throw new Error(\"clientId is required for OAuth login operations\");\n }\n\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n clientId: config.clientId,\n state,\n scopes,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n // For confidential clients not using PKCE, this will be undefined\n pkceConsumer: pkceProducer ?? undefined,\n });\n\n return authInitiator.signIn();\n}\n"]}
1
+ {"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/server/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAa/C;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAsB,EACtB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAOG,EACH,OAAqB;IAErB,oFAAoF;IACpF,IAAI,KAAa,CAAC;IAClB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,sEAAsE;QACtE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACvB,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACjD,wDAAwD;QACxD,KAAK,GAAG,aAAa,CAAC;YACpB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,oCAAoC;QACpC,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,cAAc,CAAC;IAE/C,mDAAmD;IACnD,8DAA8D;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC;IAEtC,iEAAiE;IACjE,MAAM,YAAY,GAChB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3E,kDAAkD;IAClD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,8BAA8B,CAAC;QACvD,GAAG,MAAM;QACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;QACtD,mGAAmG;QACnG,kEAAkE;QAClE,YAAY,EAAE,YAAY,IAAI,SAAS;KACxC,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type {\n AuthStorage,\n OIDCTokenResponseBody,\n FrameworkType,\n} from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { generateState } from \"@/lib/oauth.js\";\nimport type { CookieStorage } from \"./index.js\";\n\n/**\n * Context interface for detecting frontend vs backend requests\n */\nexport interface RequestContext {\n referer?: string;\n origin?: string;\n userAgent?: string;\n acceptsJson?: boolean;\n}\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: CookieStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n Partial<Pick<AuthConfig, \"oauthServer\" | \"pkce\" | \"clientSecret\">> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n framework?: FrameworkType;\n sdkVersion?: string;\n },\n storage?: AuthStorage,\n): Promise<URL> {\n // Generate state: prioritize provided state (which preserves frontend display mode)\n let state: string;\n if (config.state) {\n // Use the provided state (e.g., from frontend with display mode info)\n state = config.state;\n } else if (config.sdkVersion || config.framework) {\n // Generate new structured state with framework/SDK info\n state = generateState({\n framework: config.framework,\n sdkVersion: config.sdkVersion,\n });\n } else {\n // Generate random state as fallback\n state = Math.random().toString(36).substring(2);\n }\n\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n\n // Determine if PKCE should be used based on config\n // Default to true for backward compatibility if not specified\n const usePkce = config.pkce !== false;\n\n // Only create PKCE producer if we're using PKCE and have storage\n const pkceProducer =\n usePkce && storage ? new GenericPublicClientPKCEProducer(storage) : null;\n\n // Ensure clientId is present for OAuth operations\n if (!config.clientId) {\n throw new Error(\"clientId is required for OAuth login operations\");\n }\n\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n clientId: config.clientId,\n state,\n scopes,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n // For confidential clients not using PKCE, this will be undefined\n pkceConsumer: pkceProducer ?? undefined,\n });\n\n return authInitiator.signIn();\n}\n"]}
package/dist/server/session.d.ts CHANGED
@@ -1,6 +1,7 @@
1
- import { type AuthStorage, type OAuthTokens, type User, type EmptyObject, type UnknownObject, type OIDCTokenResponseBody } from "../types.js";
1
+ import { type OAuthTokens, type User, type EmptyObject, type UnknownObject, type OIDCTokenResponseBody } from "../types.js";
2
2
  import type { AuthConfig } from "../server/config.js";
3
3
  import type { AuthenticationResolver } from "../services/types.js";
4
+ import type { CookieStorage } from "./index.js";
4
5
  export type UrlDetectionRequest = {
5
6
  url: string;
6
7
  headers: Record<string, string | string[] | undefined>;
@@ -34,10 +35,10 @@ export type HandleCallbackParams = {
34
35
  * It provides a unified interface to all the authentication functions.
35
36
  */
36
37
  export declare class CivicAuth {
37
- readonly storage: AuthStorage;
38
+ readonly storage: CookieStorage;
38
39
  readonly authConfig: AuthConfig;
39
40
  _authResolver: AuthenticationResolver | null;
40
- constructor(storage: AuthStorage, authConfig: AuthConfig);
41
+ constructor(storage: CookieStorage, authConfig: AuthConfig);
41
42
  get oauthServer(): string;
42
43
  getAuthResolver(): Promise<AuthenticationResolver>;
43
44
  /**
package/dist/server/session.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/server/session.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,IAAI,EACT,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,qBAAqB,EAE3B,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAoBrD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAQlE,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,YAAY,EAAE;QACZ,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;KAClC,CAAC;IACF,OAAO,EAAE;QACP,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,SAAS,CAAC;KAClD,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE;QACP,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;QAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,qBAAqB,CAAC;CAC5B,CAAC;AAgDF;;;GAGG;AACH,qBAAa,SAAS;IAGlB,QAAQ,CAAC,OAAO,EAAE,WAAW;IAC7B,QAAQ,CAAC,UAAU,EAAE,UAAU;IAHjC,aAAa,EAAE,sBAAsB,GAAG,IAAI,CAAQ;gBAEzC,OAAO,EAAE,WAAW,EACpB,UAAU,EAAE,UAAU;IAGjC,IAAI,WAAW,IAAI,MAAM,CAExB;IAEK,eAAe,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAaxD;;;OAGG;IACG,OAAO,CACX,CAAC,SAAS,aAAa,GAAG,WAAW,KAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAkB5B;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAoB9C;;;;;OAKG;IACG,sBAAsB,CAC1B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAIjC;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC;IAMpC;;;;OAIG;IACG,aAAa,CAAC,OAAO,CAAC,EAAE;QAC5B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,GAAG,CAAC;IAchB;;;;OAIG;IACG,sBAAsB,CAAC,OAAO,CAAC,EAAE;QACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,GAAG,CAAC;IAuEhB;;;OAGG;IACG,aAAa,IAAI,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC;IAI5D;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IAIlC;;;OAGG;IAEH;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAS1C;;OAEG;IACH,MAAM,CAAC,oBAAoB,CACzB,OAAO,EAAE,mBAAmB,EAC5B,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,IAAI;IAQhB;;OAEG;IACH,MAAM,CAAC,qBAAqB,CAC1B,OAAO,EAAE,mBAAmB,EAC5B,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,IAAI;IAWhB;;;OAGG;IACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,GAAG,IAAI;IAQ7D;;;OAGG;IACH,MAAM,CAAC,kBAAkB,CACvB,OAAO,EAAE,mBAAmB,EAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,GACtB,MAAM,GAAG,IAAI;IAahB;;OAEG;IACH,MAAM,CAAC,aAAa,CAClB,OAAO,EAAE,mBAAmB,EAC5B,GAAG,EAAE,MAAM,EACX,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GACrB,MAAM;IAUT;;OAEG;IACH,wBAAwB,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM;IAyB9D;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACG,cAAc,CAClB,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,oBAAoB,EAC1C,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,GACA,OAAO,CAAC;QACT,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,GAAG;YAAE,OAAO,EAAE,OAAO,CAAC;YAAC,IAAI,CAAC,EAAE,IAAI,GAAG,IAAI,CAAA;SAAE,CAAC;KAC7D,CAAC;IAwPF;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAyEpC;;OAEG;IACH,OAAO,CAAC,8BAA8B,CAkCpC;CACH"}
1
+ {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/server/session.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,IAAI,EACT,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,qBAAqB,EAE3B,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAoBrD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAMlE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,YAAY,EAAE;QACZ,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;KAClC,CAAC;IACF,OAAO,EAAE;QACP,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,GAAG,SAAS,CAAC;KAClD,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE;QACP,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;QAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,qBAAqB,CAAC;CAC5B,CAAC;AAgDF;;;GAGG;AACH,qBAAa,SAAS;IAGlB,QAAQ,CAAC,OAAO,EAAE,aAAa;IAC/B,QAAQ,CAAC,UAAU,EAAE,UAAU;IAHjC,aAAa,EAAE,sBAAsB,GAAG,IAAI,CAAQ;gBAEzC,OAAO,EAAE,aAAa,EACtB,UAAU,EAAE,UAAU;IAGjC,IAAI,WAAW,IAAI,MAAM,CAExB;IAEK,eAAe,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAaxD;;;OAGG;IACG,OAAO,CACX,CAAC,SAAS,aAAa,GAAG,WAAW,KAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAkB5B;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAoB9C;;;;;OAKG;IACG,sBAAsB,CAC1B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAIjC;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC;IAMpC;;;;OAIG;IACG,aAAa,CAAC,OAAO,CAAC,EAAE;QAC5B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,GAAG,CAAC;IAchB;;;;OAIG;IACG,sBAAsB,CAAC,OAAO,CAAC,EAAE;QACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,GAAG,CAAC;IAuEhB;;;OAGG;IACG,aAAa,IAAI,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC;IAI5D;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IAIlC;;;OAGG;IAEH;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAS1C;;OAEG;IACH,MAAM,CAAC,oBAAoB,CACzB,OAAO,EAAE,mBAAmB,EAC5B,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,IAAI;IAQhB;;OAEG;IACH,MAAM,CAAC,qBAAqB,CAC1B,OAAO,EAAE,mBAAmB,EAC5B,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAChB,MAAM,GAAG,IAAI;IAWhB;;;OAGG;IACH,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,GAAG,IAAI;IAQ7D;;;OAGG;IACH,MAAM,CAAC,kBAAkB,CACvB,OAAO,EAAE,mBAAmB,EAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,GACtB,MAAM,GAAG,IAAI;IAahB;;OAEG;IACH,MAAM,CAAC,aAAa,CAClB,OAAO,EAAE,mBAAmB,EAC5B,GAAG,EAAE,MAAM,EACX,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GACrB,MAAM;IAUT;;OAEG;IACH,wBAAwB,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM;IAyB9D;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACG,cAAc,CAClB,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,oBAAoB,EAC1C,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,GACA,OAAO,CAAC;QACT,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,OAAO,CAAC,EAAE,MAAM,GAAG;YAAE,OAAO,EAAE,OAAO,CAAC;YAAC,IAAI,CAAC,EAAE,IAAI,GAAG,IAAI,CAAA;SAAE,CAAC;KAC7D,CAAC;IAwPF;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAyEpC;;OAEG;IACH,OAAO,CAAC,8BAA8B,CAkCpC;CACH"}