@civic/auth 0.2.5-alpha.3 → 0.2.6-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1 -0
- package/dist/cjs/browser/storage.d.ts +1 -0
- package/dist/cjs/browser/storage.d.ts.map +1 -1
- package/dist/cjs/browser/storage.js +3 -0
- package/dist/cjs/browser/storage.js.map +1 -1
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +3 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/lib/cookies.d.ts +1 -12
- package/dist/cjs/lib/cookies.d.ts.map +1 -1
- package/dist/cjs/lib/cookies.js +2 -30
- package/dist/cjs/lib/cookies.js.map +1 -1
- package/dist/cjs/lib/logger.js +1 -1
- package/dist/cjs/lib/logger.js.map +1 -1
- package/dist/cjs/nextjs/cookies.d.ts +1 -0
- package/dist/cjs/nextjs/cookies.d.ts.map +1 -1
- package/dist/cjs/nextjs/cookies.js +6 -2
- package/dist/cjs/nextjs/cookies.js.map +1 -1
- package/dist/cjs/nextjs/hooks/useRefresh.d.ts.map +1 -1
- package/dist/cjs/nextjs/hooks/useRefresh.js +5 -7
- package/dist/cjs/nextjs/hooks/useRefresh.js.map +1 -1
- package/dist/cjs/nextjs/routeHandler.js +1 -1
- package/dist/cjs/nextjs/routeHandler.js.map +1 -1
- package/dist/cjs/server/index.d.ts +3 -1
- package/dist/cjs/server/index.d.ts.map +1 -1
- package/dist/cjs/server/index.js +5 -2
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/login.d.ts +0 -4
- package/dist/cjs/server/login.d.ts.map +1 -1
- package/dist/cjs/server/login.js +0 -20
- package/dist/cjs/server/login.js.map +1 -1
- package/dist/cjs/server/logout.d.ts +7 -0
- package/dist/cjs/server/logout.d.ts.map +1 -0
- package/dist/cjs/server/logout.js +26 -0
- package/dist/cjs/server/logout.js.map +1 -0
- package/dist/cjs/shared/index.d.ts +1 -0
- package/dist/cjs/shared/index.d.ts.map +1 -1
- package/dist/cjs/shared/index.js +3 -1
- package/dist/cjs/shared/index.js.map +1 -1
- package/dist/cjs/shared/lib/BrowserCookieStorage.d.ts +1 -0
- package/dist/cjs/shared/lib/BrowserCookieStorage.d.ts.map +1 -1
- package/dist/cjs/shared/lib/BrowserCookieStorage.js +3 -0
- package/dist/cjs/shared/lib/BrowserCookieStorage.js.map +1 -1
- package/dist/cjs/shared/lib/UserSession.d.ts +1 -0
- package/dist/cjs/shared/lib/UserSession.d.ts.map +1 -1
- package/dist/cjs/shared/lib/UserSession.js +3 -0
- package/dist/cjs/shared/lib/UserSession.js.map +1 -1
- package/dist/cjs/shared/lib/session.d.ts.map +1 -1
- package/dist/cjs/shared/lib/session.js +10 -2
- package/dist/cjs/shared/lib/session.js.map +1 -1
- package/dist/cjs/shared/lib/storage.d.ts +1 -0
- package/dist/cjs/shared/lib/storage.d.ts.map +1 -1
- package/dist/cjs/shared/lib/storage.js.map +1 -1
- package/dist/cjs/shared/lib/types.d.ts +1 -1
- package/dist/cjs/shared/lib/types.d.ts.map +1 -1
- package/dist/cjs/shared/lib/types.js.map +1 -1
- package/dist/cjs/shared/lib/util.js +3 -3
- package/dist/cjs/shared/lib/util.js.map +1 -1
- package/dist/cjs/shared/version.d.ts +1 -1
- package/dist/cjs/shared/version.js +1 -1
- package/dist/cjs/shared/version.js.map +1 -1
- package/dist/cjs/types.d.ts +1 -0
- package/dist/cjs/types.d.ts.map +1 -1
- package/dist/cjs/types.js +7 -1
- package/dist/cjs/types.js.map +1 -1
- package/dist/cjs/utils.d.ts +2 -2
- package/dist/cjs/utils.d.ts.map +1 -1
- package/dist/cjs/utils.js +1 -1
- package/dist/cjs/utils.js.map +1 -1
- package/dist/esm/browser/storage.d.ts +1 -0
- package/dist/esm/browser/storage.d.ts.map +1 -1
- package/dist/esm/browser/storage.js +3 -0
- package/dist/esm/browser/storage.js.map +1 -1
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/lib/cookies.d.ts +1 -12
- package/dist/esm/lib/cookies.d.ts.map +1 -1
- package/dist/esm/lib/cookies.js +2 -29
- package/dist/esm/lib/cookies.js.map +1 -1
- package/dist/esm/lib/logger.js +1 -1
- package/dist/esm/lib/logger.js.map +1 -1
- package/dist/esm/nextjs/cookies.d.ts +1 -0
- package/dist/esm/nextjs/cookies.d.ts.map +1 -1
- package/dist/esm/nextjs/cookies.js +6 -2
- package/dist/esm/nextjs/cookies.js.map +1 -1
- package/dist/esm/nextjs/hooks/useRefresh.d.ts.map +1 -1
- package/dist/esm/nextjs/hooks/useRefresh.js +6 -8
- package/dist/esm/nextjs/hooks/useRefresh.js.map +1 -1
- package/dist/esm/nextjs/routeHandler.js +1 -1
- package/dist/esm/nextjs/routeHandler.js.map +1 -1
- package/dist/esm/server/index.d.ts +3 -1
- package/dist/esm/server/index.d.ts.map +1 -1
- package/dist/esm/server/index.js +3 -1
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/login.d.ts +0 -4
- package/dist/esm/server/login.d.ts.map +1 -1
- package/dist/esm/server/login.js +0 -19
- package/dist/esm/server/login.js.map +1 -1
- package/dist/esm/server/logout.d.ts +7 -0
- package/dist/esm/server/logout.d.ts.map +1 -0
- package/dist/esm/server/logout.js +23 -0
- package/dist/esm/server/logout.js.map +1 -0
- package/dist/esm/shared/index.d.ts +1 -0
- package/dist/esm/shared/index.d.ts.map +1 -1
- package/dist/esm/shared/index.js +1 -0
- package/dist/esm/shared/index.js.map +1 -1
- package/dist/esm/shared/lib/BrowserCookieStorage.d.ts +1 -0
- package/dist/esm/shared/lib/BrowserCookieStorage.d.ts.map +1 -1
- package/dist/esm/shared/lib/BrowserCookieStorage.js +3 -0
- package/dist/esm/shared/lib/BrowserCookieStorage.js.map +1 -1
- package/dist/esm/shared/lib/UserSession.d.ts +1 -0
- package/dist/esm/shared/lib/UserSession.d.ts.map +1 -1
- package/dist/esm/shared/lib/UserSession.js +3 -0
- package/dist/esm/shared/lib/UserSession.js.map +1 -1
- package/dist/esm/shared/lib/session.d.ts.map +1 -1
- package/dist/esm/shared/lib/session.js +10 -2
- package/dist/esm/shared/lib/session.js.map +1 -1
- package/dist/esm/shared/lib/storage.d.ts +1 -0
- package/dist/esm/shared/lib/storage.d.ts.map +1 -1
- package/dist/esm/shared/lib/storage.js.map +1 -1
- package/dist/esm/shared/lib/types.d.ts +1 -1
- package/dist/esm/shared/lib/types.d.ts.map +1 -1
- package/dist/esm/shared/lib/types.js.map +1 -1
- package/dist/esm/shared/lib/util.js +3 -3
- package/dist/esm/shared/lib/util.js.map +1 -1
- package/dist/esm/shared/version.d.ts +1 -1
- package/dist/esm/shared/version.js +1 -1
- package/dist/esm/shared/version.js.map +1 -1
- package/dist/esm/types.d.ts +1 -0
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +7 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/esm/utils.d.ts +2 -2
- package/dist/esm/utils.d.ts.map +1 -1
- package/dist/esm/utils.js +1 -2
- package/dist/esm/utils.js.map +1 -1
- package/dist/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/tsconfig.esm.tsbuildinfo +1 -1
- package/package.json +18 -19
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":";;AAcA,wDAgBC;AAED,gCAEC;AAED,sCAuBC;
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":";;AAcA,wDAgBC;AAED,gCAEC;AAED,sCAuBC;AA1DD,iDAAqE;AACrE,kFAAqF;AACrF,gDAAqE;AACrE,8FAAwF;AAGxF;;;;;;GAMG;AACI,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,8DAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAKG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n Partial<Pick<AuthConfig, \"oauthServer\">> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n },\n storage: AuthStorage,\n): Promise<URL> {\n // generate a random state if not provided\n const state = config.state ?? Math.random().toString(36).substring(2);\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n state,\n scopes,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n pkceConsumer: pkceProducer,\n });\n\n return authInitiator.signIn();\n}\n"]}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { AuthConfig } from "../server/config.js";
|
|
2
|
+
import type { AuthStorage } from "../types.js";
|
|
3
|
+
export declare function buildLogoutRedirectUrl(config: Pick<AuthConfig, "clientId" | "postLogoutRedirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
|
|
4
|
+
scopes?: string[];
|
|
5
|
+
state?: string;
|
|
6
|
+
}, storage: AuthStorage): Promise<URL>;
|
|
7
|
+
//# sourceMappingURL=logout.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../../src/server/logout.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,uBAAuB,CAAC,GAC5D,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAkBd"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.buildLogoutRedirectUrl = buildLogoutRedirectUrl;
|
|
4
|
+
const constants_js_1 = require("../constants.js");
|
|
5
|
+
const PKCE_js_1 = require("../services/PKCE.js");
|
|
6
|
+
const AuthenticationService_js_1 = require("../services/AuthenticationService.js");
|
|
7
|
+
const types_js_1 = require("../shared/lib/types.js");
|
|
8
|
+
async function buildLogoutRedirectUrl(config, storage) {
|
|
9
|
+
// generate a random state if not provided
|
|
10
|
+
const state = config.state ?? Math.random().toString(36).substring(2);
|
|
11
|
+
const scopes = config.scopes ?? constants_js_1.DEFAULT_SCOPES;
|
|
12
|
+
const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(storage);
|
|
13
|
+
const authInitiator = new AuthenticationService_js_1.GenericAuthenticationInitiator({
|
|
14
|
+
...config,
|
|
15
|
+
state,
|
|
16
|
+
scopes,
|
|
17
|
+
oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
|
|
18
|
+
pkceConsumer: pkceProducer,
|
|
19
|
+
redirectUrl: config.postLogoutRedirectUrl || "/",
|
|
20
|
+
});
|
|
21
|
+
const idToken = await storage.get(types_js_1.OAuthTokens.ID_TOKEN);
|
|
22
|
+
if (!idToken)
|
|
23
|
+
throw new Error("No id_token found in storage");
|
|
24
|
+
return authInitiator.signOut(idToken);
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=logout.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../../src/server/logout.ts"],"names":[],"mappings":";;AAOA,wDAyBC;AA9BD,iDAAqE;AACrE,gDAAqE;AACrE,kFAAqF;AACrF,oDAAoD;AAE7C,KAAK,UAAU,sBAAsB,CAC1C,MAIG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,MAAM,CAAC,qBAAqB,IAAI,GAAG;KACjD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAE9D,OAAO,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { OAuthTokens } from \"@/shared/lib/types.js\";\n\nexport async function buildLogoutRedirectUrl(\n config: Pick<AuthConfig, \"clientId\" | \"postLogoutRedirectUrl\"> &\n Partial<Pick<AuthConfig, \"oauthServer\">> & {\n scopes?: string[];\n state?: string;\n },\n storage: AuthStorage,\n): Promise<URL> {\n // generate a random state if not provided\n const state = config.state ?? Math.random().toString(36).substring(2);\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n state,\n scopes,\n oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n pkceConsumer: pkceProducer,\n redirectUrl: config.postLogoutRedirectUrl || \"/\",\n });\n\n const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n if (!idToken) throw new Error(\"No id_token found in storage\");\n\n return authInitiator.signOut(idToken);\n}\n"]}
|
|
@@ -3,4 +3,5 @@ export { VERSION };
|
|
|
3
3
|
export declare const getVersion: () => string;
|
|
4
4
|
export declare const printVersion: () => void;
|
|
5
5
|
export { BrowserCookieStorage } from "../shared/lib/BrowserCookieStorage.js";
|
|
6
|
+
export { clearTokens } from "../shared/lib/util.js";
|
|
6
7
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,CAAC;AAEnB,eAAO,MAAM,UAAU,cAAgB,CAAC;AAExC,eAAO,MAAM,YAAY,YAWxB,CAAC;AACF,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,CAAC;AAEnB,eAAO,MAAM,UAAU,cAAgB,CAAC;AAExC,eAAO,MAAM,YAAY,YAWxB,CAAC;AACF,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/cjs/shared/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BrowserCookieStorage = exports.printVersion = exports.getVersion = exports.VERSION = void 0;
|
|
3
|
+
exports.clearTokens = exports.BrowserCookieStorage = exports.printVersion = exports.getVersion = exports.VERSION = void 0;
|
|
4
4
|
const version_js_1 = require("./version.js");
|
|
5
5
|
Object.defineProperty(exports, "VERSION", { enumerable: true, get: function () { return version_js_1.VERSION; } });
|
|
6
6
|
let versionPrinted = false;
|
|
@@ -20,4 +20,6 @@ const printVersion = () => {
|
|
|
20
20
|
exports.printVersion = printVersion;
|
|
21
21
|
var BrowserCookieStorage_js_1 = require("../shared/lib/BrowserCookieStorage.js");
|
|
22
22
|
Object.defineProperty(exports, "BrowserCookieStorage", { enumerable: true, get: function () { return BrowserCookieStorage_js_1.BrowserCookieStorage; } });
|
|
23
|
+
var util_js_1 = require("../shared/lib/util.js");
|
|
24
|
+
Object.defineProperty(exports, "clearTokens", { enumerable: true, get: function () { return util_js_1.clearTokens; } });
|
|
23
25
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":";;;AAAA,6CAAuC;AAC9B,wFADA,oBAAO,OACA;AAChB,IAAI,cAAc,GAAG,KAAK,CAAC;AACpB,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,oBAAO,CAAC;AAA3B,QAAA,UAAU,cAAiB;AACxC,mCAAmC;AAC5B,MAAM,YAAY,GAAG,GAAG,EAAE;IAC/B,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,IAAI,CAAC;QACtB,IACE,IAAA,kBAAU,GAAE;YACZ,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,QAAQ,KAAK,WAAW,EAC/B,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAA,kBAAU,GAAE,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,YAAY,gBAWvB;AACF,gFAA4E;AAAnE,+HAAA,oBAAoB,OAAA","sourcesContent":["import { VERSION } from \"./version.js\";\nexport { VERSION };\nlet versionPrinted = false;\nexport const getVersion = () => VERSION;\n// print the version to the browser\nexport const printVersion = () => {\n if (!versionPrinted) {\n versionPrinted = true;\n if (\n getVersion() &&\n typeof window !== \"undefined\" &&\n typeof document !== \"undefined\"\n ) {\n console.log(getVersion());\n }\n }\n};\nexport { BrowserCookieStorage } from \"@/shared/lib/BrowserCookieStorage.js\";\n"]}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":";;;AAAA,6CAAuC;AAC9B,wFADA,oBAAO,OACA;AAChB,IAAI,cAAc,GAAG,KAAK,CAAC;AACpB,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,oBAAO,CAAC;AAA3B,QAAA,UAAU,cAAiB;AACxC,mCAAmC;AAC5B,MAAM,YAAY,GAAG,GAAG,EAAE;IAC/B,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,IAAI,CAAC;QACtB,IACE,IAAA,kBAAU,GAAE;YACZ,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,QAAQ,KAAK,WAAW,EAC/B,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAA,kBAAU,GAAE,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,YAAY,gBAWvB;AACF,gFAA4E;AAAnE,+HAAA,oBAAoB,OAAA;AAC7B,gDAAmD;AAA1C,sGAAA,WAAW,OAAA","sourcesContent":["import { VERSION } from \"./version.js\";\nexport { VERSION };\nlet versionPrinted = false;\nexport const getVersion = () => VERSION;\n// print the version to the browser\nexport const printVersion = () => {\n if (!versionPrinted) {\n versionPrinted = true;\n if (\n getVersion() &&\n typeof window !== \"undefined\" &&\n typeof document !== \"undefined\"\n ) {\n console.log(getVersion());\n }\n }\n};\nexport { BrowserCookieStorage } from \"@/shared/lib/BrowserCookieStorage.js\";\nexport { clearTokens } from \"@/shared/lib/util.js\";\n"]}
|
|
@@ -3,5 +3,6 @@ export declare class BrowserCookieStorage extends CookieStorage {
|
|
|
3
3
|
constructor(config?: Partial<CookieStorageSettings>);
|
|
4
4
|
get(key: string): Promise<string | null>;
|
|
5
5
|
set(key: string, value: string): Promise<void>;
|
|
6
|
+
delete(key: string): Promise<void>;
|
|
6
7
|
}
|
|
7
8
|
//# sourceMappingURL=BrowserCookieStorage.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BrowserCookieStorage.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserCookieStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAajC,qBAAa,oBAAqB,SAAQ,aAAa;gBACzC,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IASjD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"BrowserCookieStorage.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserCookieStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAajC,qBAAa,oBAAqB,SAAQ,aAAa;gBACzC,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IASjD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA2B9C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC"}
|
|
@@ -48,6 +48,9 @@ class BrowserCookieStorage extends storage_js_1.CookieStorage {
|
|
|
48
48
|
}
|
|
49
49
|
documentObj().cookie = `${key}=${encodedValue}; ${cookieSettings.trim()}`;
|
|
50
50
|
}
|
|
51
|
+
async delete(key) {
|
|
52
|
+
documentObj().cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
|
|
53
|
+
}
|
|
51
54
|
}
|
|
52
55
|
exports.BrowserCookieStorage = BrowserCookieStorage;
|
|
53
56
|
//# sourceMappingURL=BrowserCookieStorage.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BrowserCookieStorage.js","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserCookieStorage.ts"],"names":[],"mappings":";;;AAAA,wDAGiC;AAEjC,4CAA4C;AAC5C,SAAS,WAAW;IAClB,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW;QAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IACzE,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC,KAAK,CAAC;IAChC,MAAM,IAAI,KAAK,CACb,gDAAgD,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CACzE,CAAC;AACJ,CAAC;AAED,MAAM,KAAK,GAAG,CAAC,SAAiB,EAAE,EAAE,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;AAE3E,MAAa,oBAAqB,SAAQ,0BAAa;IACrD,YAAY,SAAyC,EAAE;QACrD,KAAK,CAAC;YACJ,4BAA4B;YAC5B,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,KAAK;YACf,GAAG,MAAM;SACV,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,YAAY,GAAG,WAAW,EAAE;aAC/B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;aACjB,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aACf,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAEzD,OAAO,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,cAAc,GAAG,EAAE,CAAC;QAExB,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,IAAI,QAAQ,QAAQ,CAAC,IAAI,IAAI,CAAC;QAC9C,CAAC;QACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,cAAc,IAAI,WAAW,QAAQ,CAAC,OAAO,IAAI,CAAC;QACpD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpB,cAAc,IAAI,UAAU,CAAC;QAC/B,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,qFAAqF;YACrF,OAAO,CAAC,IAAI,CACV,uEAAuE,CACxE,CAAC;QACJ,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,cAAc,IAAI,YAAY,QAAQ,CAAC,QAAQ,IAAI,CAAC;QACtD,CAAC;QAED,WAAW,EAAE,CAAC,MAAM,GAAG,GAAG,GAAG,IAAI,YAAY,KAAK,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;IAC5E,CAAC;CACF;
|
|
1
|
+
{"version":3,"file":"BrowserCookieStorage.js","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserCookieStorage.ts"],"names":[],"mappings":";;;AAAA,wDAGiC;AAEjC,4CAA4C;AAC5C,SAAS,WAAW;IAClB,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW;QAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IACzE,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC,KAAK,CAAC;IAChC,MAAM,IAAI,KAAK,CACb,gDAAgD,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CACzE,CAAC;AACJ,CAAC;AAED,MAAM,KAAK,GAAG,CAAC,SAAiB,EAAE,EAAE,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;AAE3E,MAAa,oBAAqB,SAAQ,0BAAa;IACrD,YAAY,SAAyC,EAAE;QACrD,KAAK,CAAC;YACJ,4BAA4B;YAC5B,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,KAAK;YACf,GAAG,MAAM;SACV,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,YAAY,GAAG,WAAW,EAAE;aAC/B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;aACjB,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aACf,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAEzD,OAAO,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,cAAc,GAAG,EAAE,CAAC;QAExB,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,IAAI,QAAQ,QAAQ,CAAC,IAAI,IAAI,CAAC;QAC9C,CAAC;QACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,cAAc,IAAI,WAAW,QAAQ,CAAC,OAAO,IAAI,CAAC;QACpD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpB,cAAc,IAAI,UAAU,CAAC;QAC/B,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,qFAAqF;YACrF,OAAO,CAAC,IAAI,CACV,uEAAuE,CACxE,CAAC;QACJ,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,cAAc,IAAI,YAAY,QAAQ,CAAC,QAAQ,IAAI,CAAC;QACtD,CAAC;QAED,WAAW,EAAE,CAAC,MAAM,GAAG,GAAG,GAAG,IAAI,YAAY,KAAK,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;IAC5E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,WAAW,EAAE,CAAC,MAAM,GAAG,GAAG,GAAG,mDAAmD,CAAC;IACnF,CAAC;CACF;AAjDD,oDAiDC","sourcesContent":["import {\n CookieStorage,\n type CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\n\n// Ensure only runs in a browser environment\nfunction documentObj() {\n if (typeof globalThis.window !== \"undefined\") return globalThis.document;\n const stack = new Error().stack;\n throw new Error(\n \"Document is not available in this environment:\" + JSON.stringify(stack),\n );\n}\n\nconst split = (separator: string) => (str: string) => str.split(separator);\n\nexport class BrowserCookieStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n // sensible browser defaults\n secure: false,\n httpOnly: false,\n ...config,\n });\n }\n\n async get(key: string): Promise<string | null> {\n const encodedValue = documentObj()\n .cookie.split(\";\")\n .map(split(\"=\"))\n .find(([cookieKey]) => cookieKey?.trim() === key)?.[1];\n\n return encodedValue ? decodeURIComponent(encodedValue) : null;\n }\n\n async set(key: string, value: string): Promise<void> {\n const encodedValue = encodeURIComponent(value);\n const settings = this.settings;\n let cookieSettings = \"\";\n\n if (settings.path) {\n cookieSettings += `Path=${settings.path}; `;\n }\n if (settings.expires) {\n cookieSettings += `Expires=${settings.expires}; `;\n }\n if (settings.secure) {\n cookieSettings += `Secure; `;\n }\n if (settings.httpOnly) {\n // HttpOnly cannot be set from client-side JavaScript, so this clause can be omitted.\n console.warn(\n \"HttpOnly cannot be set on client-side cookies. Ignoring this setting.\",\n );\n }\n if (settings.sameSite) {\n cookieSettings += `SameSite=${settings.sameSite}; `;\n }\n\n documentObj().cookie = `${key}=${encodedValue}; ${cookieSettings.trim()}`;\n }\n\n async delete(key: string): Promise<void> {\n documentObj().cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;\n }\n}\n"]}
|
|
@@ -8,5 +8,6 @@ export declare class GenericUserSession<T extends UnknownObject> implements User
|
|
|
8
8
|
constructor(storage: AuthStorage);
|
|
9
9
|
get(): Promise<User<T> | null>;
|
|
10
10
|
set(user: User<T> | null): Promise<void>;
|
|
11
|
+
clear(): Promise<void>;
|
|
11
12
|
}
|
|
12
13
|
//# sourceMappingURL=UserSession.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"UserSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EAEX,aAAa,EACb,IAAI,EACL,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,WAAW,CAAC,CAAC,SAAS,aAAa;IAClD,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/B,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,qBAAa,kBAAkB,CAAC,CAAC,SAAS,aAAa,CACrD,YAAW,WAAW,CAAC,CAAC,CAAC;IAEb,QAAQ,CAAC,OAAO,EAAE,WAAW;gBAApB,OAAO,EAAE,WAAW;IAEnC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAK9B,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"UserSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EAEX,aAAa,EACb,IAAI,EACL,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,WAAW,CAAC,CAAC,SAAS,aAAa;IAClD,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/B,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnC;AAED,qBAAa,kBAAkB,CAAC,CAAC,SAAS,aAAa,CACrD,YAAW,WAAW,CAAC,CAAC,CAAC;IAEb,QAAQ,CAAC,OAAO,EAAE,WAAW;gBAApB,OAAO,EAAE,WAAW;IAEnC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAK9B,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
|
|
@@ -19,6 +19,9 @@ class GenericUserSession {
|
|
|
19
19
|
const value = user ? JSON.stringify({ ...user, forwardedTokens }) : "";
|
|
20
20
|
await this.storage.set(types_js_1.UserStorage.USER, value);
|
|
21
21
|
}
|
|
22
|
+
async clear() {
|
|
23
|
+
await this.storage.delete(types_js_1.UserStorage.USER);
|
|
24
|
+
}
|
|
22
25
|
}
|
|
23
26
|
exports.GenericUserSession = GenericUserSession;
|
|
24
27
|
//# sourceMappingURL=UserSession.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"UserSession.js","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":";;;AAMA,oDAAoD;AACpD,yCAA2D;AAO3D,MAAa,kBAAkB;IAGR;IAArB,YAAqB,OAAoB;QAApB,YAAO,GAAP,OAAO,CAAa;IAAG,CAAC;IAE7C,KAAK,CAAC,GAAG;QACP,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAoB;QAC5B,MAAM,eAAe,GAAG,IAAI,EAAE,eAAe;YAC3C,CAAC,CAAC,IAAA,oCAA2B,EAAC,IAAI,EAAE,eAAqC,CAAC;YAC1E,CAAC,CAAC,IAAI,CAAC;QACT,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;CACF;
|
|
1
|
+
{"version":3,"file":"UserSession.js","sourceRoot":"","sources":["../../../../src/shared/lib/UserSession.ts"],"names":[],"mappings":";;;AAMA,oDAAoD;AACpD,yCAA2D;AAO3D,MAAa,kBAAkB;IAGR;IAArB,YAAqB,OAAoB;QAApB,YAAO,GAAP,OAAO,CAAa;IAAG,CAAC;IAE7C,KAAK,CAAC,GAAG;QACP,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,IAAoB;QAC5B,MAAM,eAAe,GAAG,IAAI,EAAE,eAAe;YAC3C,CAAC,CAAC,IAAA,oCAA2B,EAAC,IAAI,EAAE,eAAqC,CAAC;YAC1E,CAAC,CAAC,IAAI,CAAC;QACT,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAW,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;CACF;AArBD,gDAqBC","sourcesContent":["import type {\n AuthStorage,\n ForwardedTokensJWT,\n UnknownObject,\n User,\n} from \"@/types.js\";\nimport { UserStorage } from \"@/shared/lib/types.js\";\nimport { convertForwardedTokenFormat } from \"@/lib/jwt.js\";\n\nexport interface UserSession<T extends UnknownObject> {\n get(): Promise<User<T> | null>;\n set(user: User<T>): Promise<void>;\n}\n\nexport class GenericUserSession<T extends UnknownObject>\n implements UserSession<T>\n{\n constructor(readonly storage: AuthStorage) {}\n\n async get(): Promise<User<T> | null> {\n const user = await this.storage.get(UserStorage.USER);\n return user ? JSON.parse(user) : null;\n }\n\n async set(user: User<T> | null): Promise<void> {\n const forwardedTokens = user?.forwardedTokens\n ? convertForwardedTokenFormat(user?.forwardedTokens as ForwardedTokensJWT)\n : null;\n const value = user ? JSON.stringify({ ...user, forwardedTokens }) : \"\";\n await this.storage.set(UserStorage.USER, value);\n }\n\n async clear(): Promise<void> {\n await this.storage.delete(UserStorage.USER);\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/session.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,IAAI,
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/session.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,IAAI,EAEV,MAAM,YAAY,CAAC;AAcpB,wBAAsB,OAAO,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAiBxE;AAED,wBAAsB,SAAS,CAC7B,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAS7B"}
|
|
@@ -17,10 +17,18 @@ async function getUser(storage) {
|
|
|
17
17
|
const tokens = await (0, util_js_1.retrieveTokens)(storage);
|
|
18
18
|
if (!tokens)
|
|
19
19
|
return null;
|
|
20
|
-
const
|
|
20
|
+
const parseResult = (0, jwt_1.parseJWT)(tokens.id_token);
|
|
21
|
+
if (!parseResult)
|
|
22
|
+
return null;
|
|
23
|
+
const parsedToken = parseResult.payload;
|
|
24
|
+
// set the user ID from the token sub
|
|
25
|
+
const user = {
|
|
26
|
+
...parsedToken,
|
|
27
|
+
id: parsedToken.sub,
|
|
28
|
+
};
|
|
21
29
|
// Assumes all information is in the ID token
|
|
22
30
|
// remove the token keys from the user object to stop it getting too large
|
|
23
|
-
return parsedToken ? omitKeys(types_js_1.tokenKeys,
|
|
31
|
+
return parsedToken ? omitKeys(types_js_1.tokenKeys, user) : null;
|
|
24
32
|
}
|
|
25
33
|
async function getTokens(storage) {
|
|
26
34
|
const storageData = await (0, util_js_1.retrieveTokens)(storage);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../../src/shared/lib/session.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../../src/shared/lib/session.ts"],"names":[],"mappings":";;AAsBA,0BAiBC;AAED,8BAWC;AApDD,kDAAsD;AACtD,kCAAoC;AACpC,yCAMoB;AAEpB,uCAAuC;AACvC,MAAM,QAAQ,GAAG,CACf,IAAS,EACT,GAAM,EACM,EAAE;IACd,MAAM,MAAM,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;IAC1B,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACnB,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEK,KAAK,UAAU,OAAO,CAAC,OAAoB;IAChD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,WAAW,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,MAAM,WAAW,GAAG,WAAW,CAAC,OAAqB,CAAC;IAEtD,qCAAqC;IACrC,MAAM,IAAI,GAAG;QACX,GAAG,WAAW;QACd,EAAE,EAAE,WAAW,CAAC,GAAG;KACC,CAAC;IACvB,6CAA6C;IAC7C,0EAA0E;IAC1E,OAAO,WAAW,CAAC,CAAC,CAAE,QAAQ,CAAC,oBAAS,EAAE,IAAI,CAAU,CAAC,CAAC,CAAC,IAAI,CAAC;AAClE,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,OAAoB;IAEpB,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAc,EAAC,OAAO,CAAC,CAAC;IAClD,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,OAAO;QACL,OAAO,EAAE,WAAW,CAAC,QAAQ;QAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,YAAY,EAAE,WAAW,CAAC,aAAa;KACxC,CAAC;AACJ,CAAC","sourcesContent":["import { retrieveTokens } from \"@/shared/lib/util.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport {\n tokenKeys,\n type AuthStorage,\n type OAuthTokens,\n type User,\n type JWTPayload,\n} from \"@/types.js\";\n\n// Function to omit keys from an object\nconst omitKeys = <K extends keyof T, T extends Record<string, unknown>>(\n keys: K[],\n obj: T,\n): Omit<T, K> => {\n const result = { ...obj };\n keys.forEach((key) => {\n delete result[key];\n });\n return result;\n};\n\nexport async function getUser(storage: AuthStorage): Promise<User | null> {\n const tokens = await retrieveTokens(storage);\n if (!tokens) return null;\n\n const parseResult = parseJWT(tokens.id_token);\n if (!parseResult) return null;\n\n const parsedToken = parseResult.payload as JWTPayload;\n\n // set the user ID from the token sub\n const user = {\n ...parsedToken,\n id: parsedToken.sub,\n } as User & JWTPayload;\n // Assumes all information is in the ID token\n // remove the token keys from the user object to stop it getting too large\n return parsedToken ? (omitKeys(tokenKeys, user) as User) : null;\n}\n\nexport async function getTokens(\n storage: AuthStorage,\n): Promise<OAuthTokens | null> {\n const storageData = await retrieveTokens(storage);\n if (!storageData) return null;\n\n return {\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n}\n"]}
|
|
@@ -20,6 +20,7 @@ export declare abstract class CookieStorage implements AuthStorage {
|
|
|
20
20
|
protected constructor(settings?: Partial<CookieStorageSettings>);
|
|
21
21
|
abstract get(key: string): Promise<string | null>;
|
|
22
22
|
abstract set(key: string, value: string): Promise<void>;
|
|
23
|
+
abstract delete(key: string): Promise<void>;
|
|
23
24
|
}
|
|
24
25
|
export type AuthCookieStorageSettings = {
|
|
25
26
|
httpOnly: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEhF,KAAK,cAAc,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,MAAM,WAAW,cAAc;IAC7B,GAAG,IAAI,WAAW,CAAC;IACnB,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IACtC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;IACtC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;IAChD,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,eAAO,MAAM,uBAAuB,QAAU,CAAC;AAE/C,8BAAsB,aAAc,YAAW,WAAW;IACxD,SAAS,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IAC1C,SAAS,aAAa,QAAQ,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAanE,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IACjD,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEhF,KAAK,cAAc,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,MAAM,WAAW,cAAc;IAC7B,GAAG,IAAI,WAAW,CAAC;IACnB,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IACtC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;IACtC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;IAChD,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,eAAO,MAAM,uBAAuB,QAAU,CAAC;AAE/C,8BAAsB,aAAc,YAAW,WAAW;IACxD,SAAS,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IAC1C,SAAS,aAAa,QAAQ,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAanE,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IACjD,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IACvD,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAC5C;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../../src/shared/lib/storage.ts"],"names":[],"mappings":";;;AAoBa,QAAA,uBAAuB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,aAAa;AAE7D,MAAsB,aAAa;IACvB,QAAQ,CAAwB;IAC1C,YAAsB,WAA2C,EAAE;QACjE,IAAI,CAAC,QAAQ,GAAG;YACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,IAAI;YACnC,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,IAAI;YAC/B,6CAA6C;YAC7C,kEAAkE;YAClE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,KAAK;YACpC,OAAO,EACL,QAAQ,CAAC,OAAO;gBAChB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,+BAAuB,CAAC;YACvD,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,GAAG;SAC3B,CAAC;IACJ,CAAC;
|
|
1
|
+
{"version":3,"file":"storage.js","sourceRoot":"","sources":["../../../../src/shared/lib/storage.ts"],"names":[],"mappings":";;;AAoBa,QAAA,uBAAuB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,aAAa;AAE7D,MAAsB,aAAa;IACvB,QAAQ,CAAwB;IAC1C,YAAsB,WAA2C,EAAE;QACjE,IAAI,CAAC,QAAQ,GAAG;YACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,IAAI;YACnC,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,IAAI;YAC/B,6CAA6C;YAC7C,kEAAkE;YAClE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,KAAK;YACpC,OAAO,EACL,QAAQ,CAAC,OAAO;gBAChB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,+BAAuB,CAAC;YACvD,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,GAAG;SAC3B,CAAC;IACJ,CAAC;CAIF;AAlBD,sCAkBC","sourcesContent":["import type { AuthStorage, SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n}\n\nexport type CookieStorageSettings = {\n httpOnly: boolean;\n secure: boolean;\n sameSite: SameSiteOption;\n expires: Date;\n path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n protected settings: CookieStorageSettings;\n protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n this.settings = {\n httpOnly: settings.httpOnly ?? true,\n secure: settings.secure ?? true,\n // the callback request comes the auth server\n // 'lax' ensures the code_verifier cookie is sent with the request\n sameSite: settings.sameSite ?? \"lax\",\n expires:\n settings.expires ??\n new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n path: settings.path ?? \"/\",\n };\n }\n abstract get(key: string): Promise<string | null>;\n abstract set(key: string, value: string): Promise<void>;\n abstract delete(key: string): Promise<void>;\n}\n\nexport type AuthCookieStorageSettings = {\n httpOnly: boolean;\n secure: boolean;\n sameSite: SameSiteOption;\n expires: Date;\n path: string;\n timestamp: Date;\n};\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,oBAAY,WAAW;IACrB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;IAC7B,aAAa,kBAAkB;IAC/B,uBAAuB,4BAA4B;CACpD;AAED,eAAO,MAAM,mBAAmB,aAAa,CAAC;AAE9C,oBAAY,YAAY;IACtB,WAAW,kBAAkB;IAC7B,OAAO,YAAY;CACpB;AACD,oBAAY,WAAW;IACrB,IAAI,SAAS;CACd;AACD,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,MAAM,kBAAkB,GAAG,MAAM,CACrC,WAAW,GAAG,YAAY,EAC1B,YAAY,CACb,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,IAAI,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,oBAAY,WAAW;IACrB,QAAQ,aAAa;IACrB,YAAY,iBAAiB;IAC7B,aAAa,kBAAkB;IAC/B,uBAAuB,4BAA4B;CACpD;AAED,eAAO,MAAM,mBAAmB,aAAa,CAAC;AAE9C,oBAAY,YAAY;IACtB,WAAW,kBAAkB;IAC7B,OAAO,YAAY;CACpB;AACD,oBAAY,WAAW;IACrB,IAAI,SAAS;CACd;AACD,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,MAAM,kBAAkB,GAAG,MAAM,CACrC,WAAW,GAAG,YAAY,EAC1B,YAAY,CACb,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG,IAAI,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/shared/lib/types.ts"],"names":[],"mappings":";;;AAEA,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,oCAAqB,CAAA;IACrB,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,kEAAmD,CAAA;AACrD,CAAC,EALW,WAAW,2BAAX,WAAW,QAKtB;AAEY,QAAA,mBAAmB,GAAG,UAAU,CAAC;AAE9C,IAAY,YAGX;AAHD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,mCAAmB,CAAA;AACrB,CAAC,EAHW,YAAY,4BAAZ,YAAY,QAGvB;AACD,IAAY,WAEX;AAFD,WAAY,WAAW;IACrB,4BAAa,CAAA;AACf,CAAC,EAFW,WAAW,2BAAX,WAAW,QAEtB","sourcesContent":["import type { Endpoints } from \"@/types.js\";\n\nexport enum OAuthTokens {\n ID_TOKEN = \"id_token\",\n ACCESS_TOKEN = \"access_token\",\n REFRESH_TOKEN = \"refresh_token\",\n ACCESS_TOKEN_EXPIRES_AT = \"access_token_expires_at\",\n}\n\nexport const AUTH_SERVER_SESSION = \"_session\";\n\nexport enum CodeVerifier {\n COOKIE_NAME = \"code_verifier\",\n APP_URL = \"app_url\",\n}\nexport enum UserStorage {\n USER = \"user\",\n}\nexport interface CookieConfig {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n httpOnly?: boolean;\n}\n\nexport type TokensCookieConfig = Record<\n OAuthTokens | CodeVerifier,\n CookieConfig\n>;\n\nexport type CivicAuthConfig = null | {\n clientId: string;\n redirectUrl: string;\n logoutRedirectUrl: string;\n oauthServer: string;\n endpoints: Endpoints;\n scopes: string[];\n nonce?: string;\n challengeUrl?: string;\n
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/shared/lib/types.ts"],"names":[],"mappings":";;;AAEA,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,oCAAqB,CAAA;IACrB,4CAA6B,CAAA;IAC7B,8CAA+B,CAAA;IAC/B,kEAAmD,CAAA;AACrD,CAAC,EALW,WAAW,2BAAX,WAAW,QAKtB;AAEY,QAAA,mBAAmB,GAAG,UAAU,CAAC;AAE9C,IAAY,YAGX;AAHD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,mCAAmB,CAAA;AACrB,CAAC,EAHW,YAAY,4BAAZ,YAAY,QAGvB;AACD,IAAY,WAEX;AAFD,WAAY,WAAW;IACrB,4BAAa,CAAA;AACf,CAAC,EAFW,WAAW,2BAAX,WAAW,QAEtB","sourcesContent":["import type { Endpoints } from \"@/types.js\";\n\nexport enum OAuthTokens {\n ID_TOKEN = \"id_token\",\n ACCESS_TOKEN = \"access_token\",\n REFRESH_TOKEN = \"refresh_token\",\n ACCESS_TOKEN_EXPIRES_AT = \"access_token_expires_at\",\n}\n\nexport const AUTH_SERVER_SESSION = \"_session\";\n\nexport enum CodeVerifier {\n COOKIE_NAME = \"code_verifier\",\n APP_URL = \"app_url\",\n}\nexport enum UserStorage {\n USER = \"user\",\n}\nexport interface CookieConfig {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n httpOnly?: boolean;\n}\n\nexport type TokensCookieConfig = Record<\n OAuthTokens | CodeVerifier,\n CookieConfig\n>;\n\nexport type CivicAuthConfig = null | {\n clientId: string;\n redirectUrl: string;\n logoutRedirectUrl: string;\n oauthServer: string;\n endpoints: Endpoints;\n scopes: string[];\n nonce?: string;\n challengeUrl?: string;\n refreshUrl?: string;\n logoutUrl?: string;\n};\n"]}
|
|
@@ -153,16 +153,16 @@ async function storeTokens(storage, tokens) {
|
|
|
153
153
|
}
|
|
154
154
|
async function clearTokens(storage) {
|
|
155
155
|
const clearOAuthPromises = Object.values(types_js_1.OAuthTokens).map(async (key) => {
|
|
156
|
-
await storage.
|
|
156
|
+
await storage.delete(key);
|
|
157
157
|
});
|
|
158
158
|
await Promise.all([...clearOAuthPromises]);
|
|
159
159
|
}
|
|
160
160
|
async function clearAuthServerSession(storage) {
|
|
161
|
-
await storage.
|
|
161
|
+
await storage.delete(types_js_1.AUTH_SERVER_SESSION);
|
|
162
162
|
}
|
|
163
163
|
async function clearUser(storage) {
|
|
164
164
|
const userSession = new UserSession_js_1.GenericUserSession(storage);
|
|
165
|
-
await userSession.
|
|
165
|
+
await userSession.clear();
|
|
166
166
|
}
|
|
167
167
|
async function retrieveTokens(storage) {
|
|
168
168
|
const idToken = await storage.get(types_js_1.OAuthTokens.ID_TOKEN);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,kDAgBC;AAED,8DASC;AAED,sDAqCC;AAED,wDAqBC;AAED,8CAQC;AAED,wCA0BC;AAED,0DAoBC;AAED,kCAWC;AAED,kCAKC;AAED,wDAEC;AAED,8BAGC;AAED,wCAqBC;AAED,oEAIC;AAED,oDAgCC;AA7PD,yCAA8D;AAC9D,wCAA2C;AAC3C,6CAAwE;AACxE,2CAA6B;AAC7B,yCAA8C;AAE9C,gEAAiE;AACjE,kCAAoC;AAEpC;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,aAAa,CAAC,YAAY,CAAC,MAAM,CAC/B,0BAA0B,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;IACF,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,OAAoB,EACpB,MAA6B;IAE7B,mGAAmG;IACnG,MAAM,iBAAiB,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACxD,IAAI,iBAAiB,IAAI,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACtD,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,iBAAiB,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC,QAAQ,EAAE,CAClD,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,CACrC,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAA6B;IAE7B,4GAA4G;IAC5G,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACtE,MAAM,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAC7C,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,OAAoB;IAC/D,MAAM,OAAO,CAAC,GAAG,CAAC,8BAAmB,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAEM,KAAK,UAAU,SAAS,CAAC,OAAoB;IAClD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5C,sBAAW,CAAC,uBAAuB,CACpC,CAAC;IAEF,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,uBAAuB,EACrB,oBAAoB,KAAK,IAAI;YAC3B,CAAC,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACpC,CAAC,CAAC,SAAS,EAAE,2BAA2B;KAC7C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,4BAA4B,CAChD,OAAoB;IAEpB,OAAO,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;AACxE,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n AuthStorage,\n Endpoints,\n JWTPayload,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport { AUTH_SERVER_SESSION, OAuthTokens } from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { parseJWT } from \"oslo/jwt\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n redirectUrl: string;\n idToken: string;\n state: string;\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const endSessionUrl = new URL(endpoints.endsession);\n endSessionUrl.searchParams.append(\"client_id\", config.clientId);\n endSessionUrl.searchParams.append(\"id_token_hint\", config.idToken);\n endSessionUrl.searchParams.append(\"state\", config.state);\n endSessionUrl.searchParams.append(\n \"post_logout_redirect_uri\",\n config.redirectUrl,\n );\n return endSessionUrl;\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n return tokens;\n}\n\nexport async function setAccessTokenExpiresAt(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // try to extract absolut expiry time from access token but fallback to calculation if not possible\n const parsedAccessToken = parseJWT(tokens.access_token);\n if (parsedAccessToken && parsedAccessToken?.expiresAt) {\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n parsedAccessToken.expiresAt?.getTime().toString(),\n );\n } else if (tokens.expires_in) {\n const now = Math.floor(new Date().getTime() / 1000);\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n (now + tokens.expires_in).toString(),\n );\n } else {\n throw new Error(\"Cannot determine access token expiry!\");\n }\n}\n\nexport async function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token) {\n await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n }\n await setAccessTokenExpiresAt(storage, tokens);\n}\n\nexport async function clearTokens(storage: AuthStorage) {\n const clearOAuthPromises = Object.values(OAuthTokens).map(async (key) => {\n await storage.set(key, \"\");\n });\n await Promise.all([...clearOAuthPromises]);\n}\n\nexport async function clearAuthServerSession(storage: AuthStorage) {\n await storage.set(AUTH_SERVER_SESSION, \"\");\n}\n\nexport async function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n await userSession.set(null);\n}\n\nexport async function retrieveTokens(\n storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n const accessTokenExpiresAt = await storage.get(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n );\n\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n access_token_expires_at:\n accessTokenExpiresAt !== null\n ? parseInt(accessTokenExpiresAt, 10)\n : undefined, // Convert string to number\n };\n}\n\nexport async function retrieveAccessTokenExpiresAt(\n storage: AuthStorage,\n): Promise<number> {\n return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n"]}
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,kDAgBC;AAED,8DASC;AAED,sDAqCC;AAED,wDAqBC;AAED,8CAQC;AAED,wCA0BC;AAED,0DAoBC;AAED,kCAWC;AAED,kCAKC;AAED,wDAEC;AAED,8BAGC;AAED,wCAqBC;AAED,oEAIC;AAED,oDAgCC;AA7PD,yCAA8D;AAC9D,wCAA2C;AAC3C,6CAAwE;AACxE,2CAA6B;AAC7B,yCAA8C;AAE9C,gEAAiE;AACjE,kCAAoC;AAEpC;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,aAAa,CAAC,YAAY,CAAC,MAAM,CAC/B,0BAA0B,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;IACF,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,OAAoB,EACpB,MAA6B;IAE7B,mGAAmG;IACnG,MAAM,iBAAiB,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACxD,IAAI,iBAAiB,IAAI,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACtD,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,iBAAiB,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC,QAAQ,EAAE,CAClD,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,CACrC,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAA6B;IAE7B,4GAA4G;IAC5G,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACtE,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAC7C,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,OAAoB;IAC/D,MAAM,OAAO,CAAC,MAAM,CAAC,8BAAmB,CAAC,CAAC;AAC5C,CAAC;AAEM,KAAK,UAAU,SAAS,CAAC,OAAoB;IAClD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5C,sBAAW,CAAC,uBAAuB,CACpC,CAAC;IAEF,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,uBAAuB,EACrB,oBAAoB,KAAK,IAAI;YAC3B,CAAC,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACpC,CAAC,CAAC,SAAS,EAAE,2BAA2B;KAC7C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,4BAA4B,CAChD,OAAoB;IAEpB,OAAO,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;AACxE,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n AuthStorage,\n Endpoints,\n JWTPayload,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport { AUTH_SERVER_SESSION, OAuthTokens } from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { parseJWT } from \"oslo/jwt\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n redirectUrl: string;\n idToken: string;\n state: string;\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const endSessionUrl = new URL(endpoints.endsession);\n endSessionUrl.searchParams.append(\"client_id\", config.clientId);\n endSessionUrl.searchParams.append(\"id_token_hint\", config.idToken);\n endSessionUrl.searchParams.append(\"state\", config.state);\n endSessionUrl.searchParams.append(\n \"post_logout_redirect_uri\",\n config.redirectUrl,\n );\n return endSessionUrl;\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n return tokens;\n}\n\nexport async function setAccessTokenExpiresAt(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // try to extract absolut expiry time from access token but fallback to calculation if not possible\n const parsedAccessToken = parseJWT(tokens.access_token);\n if (parsedAccessToken && parsedAccessToken?.expiresAt) {\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n parsedAccessToken.expiresAt?.getTime().toString(),\n );\n } else if (tokens.expires_in) {\n const now = Math.floor(new Date().getTime() / 1000);\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n (now + tokens.expires_in).toString(),\n );\n } else {\n throw new Error(\"Cannot determine access token expiry!\");\n }\n}\n\nexport async function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token) {\n await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n }\n await setAccessTokenExpiresAt(storage, tokens);\n}\n\nexport async function clearTokens(storage: AuthStorage) {\n const clearOAuthPromises = Object.values(OAuthTokens).map(async (key) => {\n await storage.delete(key);\n });\n await Promise.all([...clearOAuthPromises]);\n}\n\nexport async function clearAuthServerSession(storage: AuthStorage) {\n await storage.delete(AUTH_SERVER_SESSION);\n}\n\nexport async function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n await userSession.clear();\n}\n\nexport async function retrieveTokens(\n storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n const accessTokenExpiresAt = await storage.get(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n );\n\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n access_token_expires_at:\n accessTokenExpiresAt !== null\n ? parseInt(accessTokenExpiresAt, 10)\n : undefined, // Convert string to number\n };\n}\n\nexport async function retrieveAccessTokenExpiresAt(\n storage: AuthStorage,\n): Promise<number> {\n return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n"]}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const VERSION = "@civic/auth:0.2.
|
|
1
|
+
export declare const VERSION = "@civic/auth:0.2.6-alpha.0";
|
|
2
2
|
//# sourceMappingURL=version.d.ts.map
|
|
@@ -2,5 +2,5 @@
|
|
|
2
2
|
// This is an auto-generated file. Do not edit.
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
4
|
exports.VERSION = void 0;
|
|
5
|
-
exports.VERSION = "@civic/auth:0.2.
|
|
5
|
+
exports.VERSION = "@civic/auth:0.2.6-alpha.0";
|
|
6
6
|
//# sourceMappingURL=version.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,2BAA2B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.
|
|
1
|
+
{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,2BAA2B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.6-alpha.0\";\n"]}
|
package/dist/cjs/types.d.ts
CHANGED
|
@@ -163,6 +163,7 @@ export { tokenKeys };
|
|
|
163
163
|
export interface AuthStorage {
|
|
164
164
|
get(key: string): Promise<string | null>;
|
|
165
165
|
set(key: string, value: string): Promise<void>;
|
|
166
|
+
delete(key: string): Promise<void>;
|
|
166
167
|
}
|
|
167
168
|
export type IframeMode = "embedded" | "modal";
|
|
168
169
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/cjs/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC7C,KAAK,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAEzC,oBAAY,UAAU;IACpB,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,WAAW,gBAAgB;CAC5B;AAED,KAAK,WAAW,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,CAAC;AAGpE,UAAU,kBAAkB;IAE1B,oBAAoB,CAClB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC;IAER,mBAAmB,CACjB,MAAM,EAAE,MAAM,EAAE,EAChB,mBAAmB,EAAE,WAAW,EAChC,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB,MAAM,CACJ,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzD,cAAc,IAAI,WAAW,CAAC;IAE9B,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,kBAAkB,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;CAChD;AAGD,UAAU,YAAY;IACpB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACzD,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC3D;AAGD,UAAU,eAAe;IACvB,WAAW,CAAC,CAAC,SAAS,aAAa,EACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GAAG,IAAI,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC5B;AAGD,UAAU,eAAe;IACvB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7D;AAGD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,qBAAqB,GAAG,iBAAiB,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,eAAe,GAAG,MAAM,CAC3B,MAAM,EACN;IACE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CACF,CAAC;AAGF,KAAK,kBAAkB,GAAG,MAAM,CAC9B,MAAM,EACN;IACE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CACF,CAAC;AAEF,KAAK,UAAU,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,KAAK,cAAc,GAAG,UAAU,GAAG;IACjC,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG;IACpC,OAAO,EAAE,cAAc,CAAC;CACzB,CAAC;AAGF,QAAA,MAAM,SAAS,UAMd,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,MAAM,GAAG;KACX,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,iBAAiB,GAC1D,eAAe,GACf,MAAM;CACX,CAAC;AAGF,KAAK,QAAQ,GAAG;IACd,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,KAAK,IAAI,CAAC,CAAC,SAAS,aAAa,GAAG,WAAW,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEhE,KAAK,mBAAmB,GAAG;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B,EAAE,OAAO,CAAC;IACpC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gCAAgC,EAAE,MAAM,EAAE,CAAC;IAC3C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C,EAAE,OAAO,CAAC;IACxD,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,gDAAgD,EAAE,MAAM,EAAE,CAAC;IAC3D,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC,EAAE,MAAM,EAAE,CAAC;IAChD,qCAAqC,EAAE,MAAM,CAAC;IAC9C,2BAA2B,EAAE,OAAO,CAAC;IACrC,+BAA+B,EAAE,OAAO,CAAC;IACzC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,YAAY,GAAG,sBAAsB,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF,YAAY,EACV,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,EACN,WAAW,EACX,qBAAqB,EACrB,YAAY,EACZ,QAAQ,EACR,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,EACd,OAAO,EACP,mBAAmB,GACpB,CAAC;AACF,OAAO,EAAE,SAAS,EAAE,CAAC;AACrB,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC"}
|
package/dist/cjs/types.js
CHANGED
|
@@ -10,6 +10,12 @@ var AuthStatus;
|
|
|
10
10
|
AuthStatus["SIGNING_OUT"] = "signing_out";
|
|
11
11
|
})(AuthStatus || (exports.AuthStatus = AuthStatus = {}));
|
|
12
12
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
13
|
-
const tokenKeys = [
|
|
13
|
+
const tokenKeys = [
|
|
14
|
+
"sub",
|
|
15
|
+
"idToken",
|
|
16
|
+
"accessToken",
|
|
17
|
+
"refreshToken",
|
|
18
|
+
"forwardedTokens",
|
|
19
|
+
];
|
|
14
20
|
exports.tokenKeys = tokenKeys;
|
|
15
21
|
//# sourceMappingURL=types.js.map
|
package/dist/cjs/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";;;AAMA,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB;AA4ID,6DAA6D;AAC7D,MAAM,SAAS,GAAG,
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":";;;AAMA,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,6CAA+B,CAAA;IAC/B,iDAAmC,CAAA;IACnC,+CAAiC,CAAA;IACjC,6BAAe,CAAA;IACf,yCAA2B,CAAA;AAC7B,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB;AA4ID,6DAA6D;AAC7D,MAAM,SAAS,GAAG;IAChB,KAAK;IACL,SAAS;IACT,aAAa;IACb,cAAc;IACd,iBAAiB;CAClB,CAAC;AAgGO,8BAAS","sourcesContent":["import type { TokenResponseBody } from \"oslo/oauth2\";\nimport type { JWT } from \"oslo/jwt\";\n\ntype UnknownObject = Record<string, unknown>;\ntype EmptyObject = Record<string, never>;\n\nexport enum AuthStatus {\n AUTHENTICATED = \"authenticated\",\n UNAUTHENTICATED = \"unauthenticated\",\n AUTHENTICATING = \"authenticating\",\n ERROR = \"error\",\n SIGNING_OUT = \"signing_out\",\n}\n// Display modes for the auth flow\ntype DisplayMode = \"iframe\" | \"redirect\" | \"new_tab\" | \"custom_tab\";\n\n// Combined Auth and Session Service\ninterface AuthSessionService {\n // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend\n loadAuthorizationUrl(\n authorizationURL: string,\n displayMode: DisplayMode,\n ): void;\n // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?\n getAuthorizationUrl(\n scopes: string[],\n overrideDisplayMode: DisplayMode,\n nonce?: string,\n ): Promise<string>;\n // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?\n signIn(\n displayMode: DisplayMode,\n scopes: string[],\n nonce?: string,\n ): Promise<void>;\n // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url\n tokenExchange(responseUrl: string): Promise<SessionData>;\n // TODO DK NOTES: Should be async for flexibility\n getSessionData(): SessionData;\n // TODO DK NOTES: Should be async for flexibility\n updateSessionData(data: SessionData): void;\n getUserInfoService(): Promise<UserInfoService>;\n}\n\n// Token Service\ninterface TokenService {\n exchangeCodeForTokens(authCode: string): Promise<Tokens>;\n validateIdToken(idToken: string, nonce: string): boolean;\n refreshAccessToken(refreshToken: string): Promise<Tokens>;\n}\n\n// User Info Service\ninterface UserInfoService {\n getUserInfo<T extends UnknownObject>(\n accessToken: string,\n idToken: string | null,\n ): Promise<User<T> | null>;\n}\n\n// Resource Service\ninterface ResourceService {\n getProtectedResource(accessToken: string): Promise<unknown>;\n}\n\n// Auth Request (for internal use in AuthSessionService)\ntype AuthRequest = {\n clientId: string;\n redirectUri: string;\n state: string;\n nonce: string;\n scope: string;\n};\n\ntype Endpoints = {\n jwks: string;\n auth: string;\n token: string;\n userinfo: string;\n challenge?: string;\n endsession: string;\n};\n\ntype Config = {\n oauthServer: string;\n endpoints?: Endpoints;\n};\n\ntype SessionData = {\n authenticated: boolean; // TODO can this be inferred from the presence of the tokens?\n state?: string;\n accessToken?: string;\n refreshToken?: string;\n idToken?: string;\n accessTokenExpiresAt?: number;\n codeVerifier?: string;\n displayMode?: DisplayMode;\n openerUrl?: string;\n};\n\ntype OIDCTokenResponseBody = TokenResponseBody & {\n id_token: string;\n access_token_expires_at?: number;\n};\n\ntype ParsedTokens = {\n id_token: JWTPayload;\n access_token: JWTPayload;\n refresh_token?: string;\n};\n\n// The format we expose to the frontend via hooks\ntype ForwardedTokens = Record<\n string,\n {\n idToken?: string;\n accessToken?: string;\n refreshToken?: string;\n }\n>;\n\n// The format in the JWT payload\ntype ForwardedTokensJWT = Record<\n string,\n {\n id_token?: string;\n access_token?: string;\n refresh_token?: string;\n scope?: string;\n }\n>;\n\ntype JWTPayload = JWT[\"payload\"] & {\n iss: string;\n aud: string;\n sub: string;\n iat: number;\n exp: number;\n};\n\ntype IdTokenPayload = JWTPayload & {\n forwardedTokens?: ForwardedTokensJWT;\n email?: string;\n name?: string;\n picture?: string;\n nonce: string;\n at_hash: string;\n};\n\ntype IdToken = Omit<JWT, \"payload\"> & {\n payload: IdTokenPayload;\n};\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst tokenKeys = [\n \"sub\",\n \"idToken\",\n \"accessToken\",\n \"refreshToken\",\n \"forwardedTokens\",\n];\n\nexport type OAuthTokens = {\n idToken?: string;\n accessToken?: string;\n refreshToken?: string;\n};\n// Derive the Tokens type from the array\ntype Tokens = {\n [K in (typeof tokenKeys)[number]]: K extends \"forwardedTokens\"\n ? ForwardedTokens\n : string;\n};\n\n// Base user interface\ntype BaseUser = {\n id: string;\n email?: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n updated_at?: Date;\n};\n\ntype User<T extends UnknownObject = EmptyObject> = BaseUser & T;\n\ntype OpenIdConfiguration = {\n authorization_endpoint: string;\n claims_parameter_supported: boolean;\n claims_supported: string[];\n code_challenge_methods_supported: string[];\n end_session_endpoint: string;\n grant_types_supported: string[];\n issuer: string;\n jwks_uri: string;\n authorization_response_iss_parameter_supported: boolean;\n response_modes_supported: string[];\n response_types_supported: string[];\n scopes_supported: string[];\n subject_types_supported: string[];\n token_endpoint_auth_methods_supported: string[];\n token_endpoint_auth_signing_alg_values_supported: string[];\n token_endpoint: string;\n id_token_signing_alg_values_supported: string[];\n pushed_authorization_request_endpoint: string;\n request_parameter_supported: boolean;\n request_uri_parameter_supported: boolean;\n userinfo_endpoint: string;\n claim_types_supported: string[];\n};\n\ntype LoginPostMessage = {\n source: string;\n type: string;\n clientId: string;\n data: {\n url: string;\n };\n};\n\nexport type IframeAuthMessage = {\n source: \"civicloginApp\";\n type: \"auth_error\" | \"auth_error_try_again\";\n clientId: string;\n data: {\n url?: string;\n error?: string;\n };\n};\n\nexport type {\n LoginPostMessage,\n AuthSessionService,\n TokenService,\n UserInfoService,\n ResourceService,\n AuthRequest,\n Tokens,\n Endpoints,\n Config,\n SessionData,\n OIDCTokenResponseBody,\n ParsedTokens,\n BaseUser,\n User,\n DisplayMode,\n UnknownObject,\n EmptyObject,\n ForwardedTokens,\n ForwardedTokensJWT,\n JWTPayload,\n IdTokenPayload,\n IdToken,\n OpenIdConfiguration,\n};\nexport { tokenKeys };\nexport interface AuthStorage {\n get(key: string): Promise<string | null>;\n set(key: string, value: string): Promise<void>;\n delete(key: string): Promise<void>;\n}\n\nexport type IframeMode = \"embedded\" | \"modal\";\n"]}
|
package/dist/cjs/utils.d.ts
CHANGED
|
@@ -6,10 +6,10 @@
|
|
|
6
6
|
*
|
|
7
7
|
* @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
|
|
8
8
|
*/
|
|
9
|
-
declare const isPopupBlocked: () => boolean;
|
|
9
|
+
export declare const isPopupBlocked: () => boolean;
|
|
10
10
|
type WithoutUndefined<T> = {
|
|
11
11
|
[K in keyof T as undefined extends T[K] ? never : K]: T[K];
|
|
12
12
|
};
|
|
13
13
|
export declare const withoutUndefined: <T extends { [K in keyof T]: unknown; }>(obj: T) => WithoutUndefined<T>;
|
|
14
|
-
export {
|
|
14
|
+
export {};
|
|
15
15
|
//# sourceMappingURL=utils.d.ts.map
|
package/dist/cjs/utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,OAsBjC,CAAC;AAOF,KAAK,gBAAgB,CAAC,CAAC,IAAI;KACxB,CAAC,IAAI,MAAM,CAAC,IAAI,SAAS,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC3D,CAAC;AACF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,OAAO,GAAE,OAC/D,CAAC,KACL,gBAAgB,CAAC,CAAC,CAapB,CAAC"}
|
package/dist/cjs/utils.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.withoutUndefined = exports.isPopupBlocked = void 0;
|
|
4
4
|
/**
|
|
5
5
|
* Checks if a popup window is blocked by the browser.
|
|
6
6
|
*
|
package/dist/cjs/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";;;AAAA;;;;;;;GAOG;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";;;AAAA;;;;;;;GAOG;AACI,MAAM,cAAc,GAAG,GAAY,EAAE;IAC1C,wFAAwF;IACxF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEtD,6DAA6D;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAtBW,QAAA,cAAc,kBAsBzB;AAUK,MAAM,gBAAgB,GAAG,CAC9B,GAAM,EACe,EAAE;IACvB,MAAM,MAAM,GAAG,EAAyB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YAC3B,4EAA4E;YAC5E,6BAA6B;YAC7B,8DAA8D;YAC7D,MAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAfW,QAAA,gBAAgB,oBAe3B","sourcesContent":["/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nexport const isPopupBlocked = (): boolean => {\n // First we try to open a small popup window. It either returns a window object or null.\n const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n // If window.open() returns null, popup is definitely blocked\n if (!popup) {\n return true;\n }\n\n try {\n // Try to access a property of the popup to check if it's usable\n if (typeof popup.closed === \"undefined\") {\n throw new Error(\"Popup is blocked\");\n }\n } catch {\n // Accessing the popup's properties throws an error if the popup is blocked\n return true;\n }\n\n // Close the popup immediately if it was opened\n popup.close();\n return false;\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n obj: T,\n): WithoutUndefined<T> => {\n const result = {} as WithoutUndefined<T>;\n\n for (const key in obj) {\n if (obj[key] !== undefined) {\n // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n // We use type assertion here\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (result as any)[key] = obj[key];\n }\n }\n\n return result;\n};\n"]}
|
|
@@ -5,5 +5,6 @@ export declare class LocalStorageAdapter implements AuthStorage {
|
|
|
5
5
|
static get emitter(): EventEmitter;
|
|
6
6
|
get(key: string): Promise<string>;
|
|
7
7
|
set(key: string, value: string): Promise<void>;
|
|
8
|
+
delete(key: string): Promise<void>;
|
|
8
9
|
}
|
|
9
10
|
//# sourceMappingURL=storage.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/browser/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,qBAAa,mBAAoB,YAAW,WAAW;IACrD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC;IAC9B,MAAM,KAAK,OAAO,IAAI,YAAY,CAKjC;IAEK,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/browser/storage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,qBAAa,mBAAoB,YAAW,WAAW;IACrD,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC;IAC9B,MAAM,KAAK,OAAO,IAAI,YAAY,CAKjC;IAEK,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC"}
|