@civic/auth 0.3.7 → 0.3.8-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/dist/cjs/nextjs/GetUser.d.ts +6 -0
- package/dist/cjs/nextjs/GetUser.d.ts.map +1 -0
- package/dist/cjs/nextjs/GetUser.js +11 -0
- package/dist/cjs/nextjs/GetUser.js.map +1 -0
- package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.d.ts +11 -0
- package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.d.ts.map +1 -0
- package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.js +21 -0
- package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.js.map +1 -0
- package/dist/cjs/nextjs/NextClientAuthenticationRefresher.d.ts +3 -4
- package/dist/cjs/nextjs/NextClientAuthenticationRefresher.d.ts.map +1 -1
- package/dist/cjs/nextjs/NextClientAuthenticationRefresher.js +14 -12
- package/dist/cjs/nextjs/NextClientAuthenticationRefresher.js.map +1 -1
- package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.d.ts +2 -1
- package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map +1 -1
- package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.js +10 -2
- package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.js.map +1 -1
- package/dist/cjs/nextjs/hooks/useRefresh.d.ts +3 -1
- package/dist/cjs/nextjs/hooks/useRefresh.d.ts.map +1 -1
- package/dist/cjs/nextjs/hooks/useRefresh.js +10 -2
- package/dist/cjs/nextjs/hooks/useRefresh.js.map +1 -1
- package/dist/cjs/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
- package/dist/cjs/nextjs/providers/NextAuthProvider.js +7 -1
- package/dist/cjs/nextjs/providers/NextAuthProvider.js.map +1 -1
- package/dist/cjs/nextjs/routeHandler.d.ts.map +1 -1
- package/dist/cjs/nextjs/routeHandler.js +18 -11
- package/dist/cjs/nextjs/routeHandler.js.map +1 -1
- package/dist/cjs/reactjs/components/LoadingSpinner.d.ts +7 -0
- package/dist/cjs/reactjs/components/LoadingSpinner.d.ts.map +1 -0
- package/dist/cjs/reactjs/components/LoadingSpinner.js +33 -0
- package/dist/cjs/reactjs/components/LoadingSpinner.js.map +1 -0
- package/dist/cjs/reactjs/hooks/useAuth.d.ts +3 -0
- package/dist/cjs/reactjs/hooks/useAuth.d.ts.map +1 -0
- package/dist/cjs/reactjs/hooks/useAuth.js +15 -0
- package/dist/cjs/reactjs/hooks/useAuth.js.map +1 -0
- package/dist/cjs/reactjs/hooks/useSignIn.d.ts +6 -0
- package/dist/cjs/reactjs/hooks/useSignIn.d.ts.map +1 -0
- package/dist/cjs/reactjs/hooks/useSignIn.js +38 -0
- package/dist/cjs/reactjs/hooks/useSignIn.js.map +1 -0
- package/dist/cjs/reactjs/providers/AuthProvider.d.ts.map +1 -1
- package/dist/cjs/reactjs/providers/AuthProvider.js +8 -0
- package/dist/cjs/reactjs/providers/AuthProvider.js.map +1 -1
- package/dist/cjs/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -1
- package/dist/cjs/reactjs/providers/ClientTokenExchangeSessionProvider.js +0 -1
- package/dist/cjs/reactjs/providers/ClientTokenExchangeSessionProvider.js.map +1 -1
- package/dist/cjs/server/refresh.d.ts.map +1 -1
- package/dist/cjs/server/refresh.js +4 -1
- package/dist/cjs/server/refresh.js.map +1 -1
- package/dist/cjs/services/AuthenticationService.d.ts.map +1 -1
- package/dist/cjs/services/AuthenticationService.js +0 -5
- package/dist/cjs/services/AuthenticationService.js.map +1 -1
- package/dist/cjs/shared/components/CivicAuthIframe.d.ts.map +1 -1
- package/dist/cjs/shared/components/CivicAuthIframe.js +7 -1
- package/dist/cjs/shared/components/CivicAuthIframe.js.map +1 -1
- package/dist/cjs/shared/hooks/useClientTokenExchangeSession.d.ts +3 -0
- package/dist/cjs/shared/hooks/useClientTokenExchangeSession.d.ts.map +1 -0
- package/dist/cjs/shared/hooks/useClientTokenExchangeSession.js +16 -0
- package/dist/cjs/shared/hooks/useClientTokenExchangeSession.js.map +1 -0
- package/dist/cjs/shared/hooks/useRefresh.d.ts +3 -1
- package/dist/cjs/shared/hooks/useRefresh.d.ts.map +1 -1
- package/dist/cjs/shared/hooks/useRefresh.js +10 -2
- package/dist/cjs/shared/hooks/useRefresh.js.map +1 -1
- package/dist/cjs/shared/lib/AuthenticationRefresherImpl.d.ts +2 -2
- package/dist/cjs/shared/lib/AuthenticationRefresherImpl.d.ts.map +1 -1
- package/dist/cjs/shared/lib/AuthenticationRefresherImpl.js +7 -4
- package/dist/cjs/shared/lib/AuthenticationRefresherImpl.js.map +1 -1
- package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.d.ts +11 -0
- package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -0
- package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.js +63 -0
- package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.js.map +1 -0
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.d.ts +18 -0
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.d.ts.map +1 -0
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.js +85 -0
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.js.map +1 -0
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher.d.ts +2 -4
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher.js +9 -36
- package/dist/cjs/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
- package/dist/cjs/shared/lib/util.d.ts.map +1 -1
- package/dist/cjs/shared/lib/util.js +14 -1
- package/dist/cjs/shared/lib/util.js.map +1 -1
- package/dist/cjs/shared/providers/AuthProvider.d.ts +22 -0
- package/dist/cjs/shared/providers/AuthProvider.d.ts.map +1 -0
- package/dist/cjs/shared/providers/AuthProvider.js +108 -0
- package/dist/cjs/shared/providers/AuthProvider.js.map +1 -0
- package/dist/cjs/shared/providers/CivicAuthProvider.d.ts +6 -0
- package/dist/cjs/shared/providers/CivicAuthProvider.d.ts.map +1 -0
- package/dist/cjs/shared/providers/CivicAuthProvider.js +38 -0
- package/dist/cjs/shared/providers/CivicAuthProvider.js.map +1 -0
- package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.d.ts +17 -0
- package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -0
- package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.js +168 -0
- package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.js.map +1 -0
- package/dist/esm/nextjs/GetUser.d.ts +6 -0
- package/dist/esm/nextjs/GetUser.d.ts.map +1 -0
- package/dist/esm/nextjs/GetUser.js +7 -0
- package/dist/esm/nextjs/GetUser.js.map +1 -0
- package/dist/esm/nextjs/NextClientAuthenticationRefresher.d.ts +3 -4
- package/dist/esm/nextjs/NextClientAuthenticationRefresher.d.ts.map +1 -1
- package/dist/esm/nextjs/NextClientAuthenticationRefresher.js +14 -12
- package/dist/esm/nextjs/NextClientAuthenticationRefresher.js.map +1 -1
- package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.d.ts +2 -1
- package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map +1 -1
- package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.js +10 -2
- package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.js.map +1 -1
- package/dist/esm/nextjs/hooks/useRefresh.d.ts +3 -1
- package/dist/esm/nextjs/hooks/useRefresh.d.ts.map +1 -1
- package/dist/esm/nextjs/hooks/useRefresh.js +10 -2
- package/dist/esm/nextjs/hooks/useRefresh.js.map +1 -1
- package/dist/esm/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
- package/dist/esm/nextjs/providers/NextAuthProvider.js +7 -1
- package/dist/esm/nextjs/providers/NextAuthProvider.js.map +1 -1
- package/dist/esm/nextjs/routeHandler.d.ts.map +1 -1
- package/dist/esm/nextjs/routeHandler.js +18 -11
- package/dist/esm/nextjs/routeHandler.js.map +1 -1
- package/dist/esm/reactjs/hooks/useAuth.d.ts +3 -0
- package/dist/esm/reactjs/hooks/useAuth.d.ts.map +1 -0
- package/dist/esm/reactjs/hooks/useAuth.js +12 -0
- package/dist/esm/reactjs/hooks/useAuth.js.map +1 -0
- package/dist/esm/reactjs/hooks/useSignIn.d.ts +6 -0
- package/dist/esm/reactjs/hooks/useSignIn.d.ts.map +1 -0
- package/dist/esm/reactjs/hooks/useSignIn.js +34 -0
- package/dist/esm/reactjs/hooks/useSignIn.js.map +1 -0
- package/dist/esm/reactjs/providers/AuthProvider.d.ts.map +1 -1
- package/dist/esm/reactjs/providers/AuthProvider.js +8 -0
- package/dist/esm/reactjs/providers/AuthProvider.js.map +1 -1
- package/dist/esm/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -1
- package/dist/esm/reactjs/providers/ClientTokenExchangeSessionProvider.js +1 -2
- package/dist/esm/reactjs/providers/ClientTokenExchangeSessionProvider.js.map +1 -1
- package/dist/esm/server/refresh.d.ts.map +1 -1
- package/dist/esm/server/refresh.js +4 -1
- package/dist/esm/server/refresh.js.map +1 -1
- package/dist/esm/services/AuthenticationService.d.ts.map +1 -1
- package/dist/esm/services/AuthenticationService.js +0 -5
- package/dist/esm/services/AuthenticationService.js.map +1 -1
- package/dist/esm/shared/components/CivicAuthIframe.d.ts.map +1 -1
- package/dist/esm/shared/components/CivicAuthIframe.js +8 -2
- package/dist/esm/shared/components/CivicAuthIframe.js.map +1 -1
- package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts +3 -0
- package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts.map +1 -0
- package/dist/esm/shared/hooks/useClientTokenExchangeSession.js +13 -0
- package/dist/esm/shared/hooks/useClientTokenExchangeSession.js.map +1 -0
- package/dist/esm/shared/hooks/useRefresh.d.ts +3 -1
- package/dist/esm/shared/hooks/useRefresh.d.ts.map +1 -1
- package/dist/esm/shared/hooks/useRefresh.js +10 -2
- package/dist/esm/shared/hooks/useRefresh.js.map +1 -1
- package/dist/esm/shared/lib/AuthenticationRefresherImpl.d.ts +2 -2
- package/dist/esm/shared/lib/AuthenticationRefresherImpl.d.ts.map +1 -1
- package/dist/esm/shared/lib/AuthenticationRefresherImpl.js +7 -4
- package/dist/esm/shared/lib/AuthenticationRefresherImpl.js.map +1 -1
- package/dist/esm/shared/lib/BrowserAuthenticationRefresher.d.ts +11 -0
- package/dist/esm/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -0
- package/dist/esm/shared/lib/BrowserAuthenticationRefresher.js +59 -0
- package/dist/esm/shared/lib/BrowserAuthenticationRefresher.js.map +1 -0
- package/dist/esm/shared/lib/GenericAuthenticationRefresher.d.ts +2 -4
- package/dist/esm/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
- package/dist/esm/shared/lib/GenericAuthenticationRefresher.js +11 -38
- package/dist/esm/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
- package/dist/esm/shared/lib/util.d.ts.map +1 -1
- package/dist/esm/shared/lib/util.js +14 -1
- package/dist/esm/shared/lib/util.js.map +1 -1
- package/dist/esm/shared/providers/AuthProvider.d.ts +22 -0
- package/dist/esm/shared/providers/AuthProvider.d.ts.map +1 -0
- package/dist/esm/shared/providers/AuthProvider.js +72 -0
- package/dist/esm/shared/providers/AuthProvider.js.map +1 -0
- package/dist/esm/shared/providers/CivicAuthProvider.d.ts +6 -0
- package/dist/esm/shared/providers/CivicAuthProvider.d.ts.map +1 -0
- package/dist/esm/shared/providers/CivicAuthProvider.js +32 -0
- package/dist/esm/shared/providers/CivicAuthProvider.js.map +1 -0
- package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.d.ts +17 -0
- package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -0
- package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.js +131 -0
- package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.js.map +1 -0
- package/dist/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
- package/dist/nextjs/providers/NextAuthProvider.js +9 -4
- package/dist/nextjs/providers/NextAuthProvider.js.map +1 -1
- package/dist/reactjs/providers/AuthProvider.d.ts.map +1 -1
- package/dist/reactjs/providers/AuthProvider.js +3 -1
- package/dist/reactjs/providers/AuthProvider.js.map +1 -1
- package/dist/shared/components/CivicAuthIframeContainer.d.ts.map +1 -1
- package/dist/shared/components/CivicAuthIframeContainer.js +4 -1
- package/dist/shared/components/CivicAuthIframeContainer.js.map +1 -1
- package/dist/shared/hooks/useSignIn.js +3 -3
- package/dist/shared/hooks/useSignIn.js.map +1 -1
- package/dist/shared/lib/iframeUtils.d.ts +1 -1
- package/dist/shared/lib/iframeUtils.d.ts.map +1 -1
- package/dist/shared/lib/iframeUtils.js +2 -2
- package/dist/shared/lib/iframeUtils.js.map +1 -1
- package/dist/shared/providers/IframeProvider.d.ts +3 -0
- package/dist/shared/providers/IframeProvider.d.ts.map +1 -1
- package/dist/shared/providers/IframeProvider.js +5 -0
- package/dist/shared/providers/IframeProvider.js.map +1 -1
- package/dist/shared/version.d.ts +1 -1
- package/dist/shared/version.d.ts.map +1 -1
- package/dist/shared/version.js +1 -1
- package/dist/shared/version.js.map +1 -1
- package/dist/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/tsconfig.esm.tsbuildinfo +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAMrD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEhF,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,qBAAa,2BAA4B,SAAQ,8BAA8B;
|
|
1
|
+
{"version":3,"file":"AuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAMrD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEhF,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,qBAAa,2BAA4B,SAAQ,8BAA8B;IAO3E,SAAS,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IANlD,OAAO,CAAC,SAAS,CAAwB;IACzC,OAAO,CAAC,YAAY,CAA2B;gBAE7C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EAC9B,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAQ5C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;WAmBd,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,2BAA2B,CAAC;IAYjC,WAAW,CAAC,iBAAiB,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpE,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CAsB3D"}
|
|
@@ -8,8 +8,8 @@ class AuthenticationRefresherImpl extends GenericAuthenticationRefresher_js_1.Ge
|
|
|
8
8
|
endpointOverrides;
|
|
9
9
|
endpoints;
|
|
10
10
|
oauth2client;
|
|
11
|
-
constructor(authConfig, storage, endpointOverrides) {
|
|
12
|
-
super();
|
|
11
|
+
constructor(authConfig, storage, onError, endpointOverrides) {
|
|
12
|
+
super(onError);
|
|
13
13
|
this.endpointOverrides = endpointOverrides;
|
|
14
14
|
this.authConfig = authConfig;
|
|
15
15
|
this.storage = storage;
|
|
@@ -25,8 +25,8 @@ class AuthenticationRefresherImpl extends GenericAuthenticationRefresher_js_1.Ge
|
|
|
25
25
|
});
|
|
26
26
|
return this;
|
|
27
27
|
}
|
|
28
|
-
static async build(authConfig, storage, endpointOverrides) {
|
|
29
|
-
const refresher = new AuthenticationRefresherImpl(authConfig, storage, endpointOverrides);
|
|
28
|
+
static async build(authConfig, storage, onError, endpointOverrides) {
|
|
29
|
+
const refresher = new AuthenticationRefresherImpl(authConfig, storage, onError, endpointOverrides);
|
|
30
30
|
await refresher.init();
|
|
31
31
|
return refresher;
|
|
32
32
|
}
|
|
@@ -39,6 +39,9 @@ class AuthenticationRefresherImpl extends GenericAuthenticationRefresher_js_1.Ge
|
|
|
39
39
|
if (!this.storage)
|
|
40
40
|
throw new Error("No storage available");
|
|
41
41
|
const refreshToken = await this.getRefreshToken();
|
|
42
|
+
console.log("AuthenticationRefresherImpl refreshAccessToken", {
|
|
43
|
+
refreshToken,
|
|
44
|
+
});
|
|
42
45
|
if (!this.oauth2client)
|
|
43
46
|
this.init();
|
|
44
47
|
const oauth2Client = this.oauth2client;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":";;;AACA,kDAI8B;AAE9B,wCAA2C;AAC3C,2FAAqF;AAErF,MAAa,2BAA4B,SAAQ,kEAA8B;
|
|
1
|
+
{"version":3,"file":"AuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":";;;AACA,kDAI8B;AAE9B,wCAA2C;AAC3C,2FAAqF;AAErF,MAAa,2BAA4B,SAAQ,kEAA8B;IAOjE;IANJ,SAAS,CAAwB;IACjC,YAAY,CAA2B;IAC/C,YACE,UAAsB,EACtB,OAAoB,EACpB,OAAwC,EAC9B,iBAAsC;QAEhD,KAAK,CAAC,OAAO,CAAC,CAAC;QAFL,sBAAiB,GAAjB,iBAAiB,CAAqB;QAGhD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,IAAA,mCAAyB,EAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,qBAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,OAAwC,EACxC,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,2BAA2B,CAC/C,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,iBAAwC;QACxD,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,IAAA,qBAAW,EAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE;YAC5D,YAAY;SACb,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAa,CAAC;QACxC,MAAM,iBAAiB,GACrB,MAAM,YAAY,CAAC,kBAAkB,CACnC,YAAY,CACb,CAAC;QACJ,MAAM,IAAA,8BAAoB,EACxB,iBAAiB,EACjB,IAAI,CAAC,SAAU,EACf,YAAY,EACZ,IAAI,CAAC,WAAW,CACjB,CAAC;QAEF,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;QAC1C,OAAO,iBAAiB,CAAC;IAC3B,CAAC;CACF;AA9ED,kEA8EC","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport {\n getEndpointsWithOverrides,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { GenericAuthenticationRefresher } from \"./GenericAuthenticationRefresher.js\";\n\nexport class AuthenticationRefresherImpl extends GenericAuthenticationRefresher {\n private endpoints: Endpoints | undefined;\n private oauth2client: OAuth2Client | undefined;\n constructor(\n authConfig: AuthConfig,\n storage: AuthStorage,\n onError: (error: Error) => Promise<void>,\n protected endpointOverrides?: Partial<Endpoints>,\n ) {\n super(onError);\n this.authConfig = authConfig;\n this.storage = storage;\n this.init();\n }\n\n async init(): Promise<this> {\n if (!this.authConfig) throw new Error(\"No auth config available\");\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n onError: (error: Error) => Promise<void>,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationRefresherImpl> {\n const refresher = new AuthenticationRefresherImpl(\n authConfig,\n storage,\n onError,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n async storeTokens(tokenResponseBody: OIDCTokenResponseBody): Promise<void> {\n if (!this.storage) throw new Error(\"No storage available\");\n await storeTokens(this.storage, tokenResponseBody);\n }\n\n async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n if (!this.storage) throw new Error(\"No storage available\");\n const refreshToken = await this.getRefreshToken();\n console.log(\"AuthenticationRefresherImpl refreshAccessToken\", {\n refreshToken,\n });\n if (!this.oauth2client) this.init();\n const oauth2Client = this.oauth2client!;\n const tokenResponseBody =\n await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n refreshToken,\n );\n await validateOauth2Tokens(\n tokenResponseBody,\n this.endpoints!,\n oauth2Client,\n this.oauthServer,\n );\n\n await this.storeTokens(tokenResponseBody);\n return tokenResponseBody;\n }\n}\n"]}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AuthenticationRefresherImpl } from "./AuthenticationRefresherImpl.js";
|
|
2
|
+
import type { AuthStorage, Endpoints } from "../../types.js";
|
|
3
|
+
import type { AuthConfig } from "../../server/config.js";
|
|
4
|
+
export declare class BrowserAuthenticationRefresher extends AuthenticationRefresherImpl {
|
|
5
|
+
static build(authConfig: AuthConfig, storage: AuthStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints>): Promise<BrowserAuthenticationRefresher>;
|
|
6
|
+
protected handleError(error: Error): void;
|
|
7
|
+
protected handleRefresh(): Promise<void>;
|
|
8
|
+
setupAutorefresh(): Promise<void>;
|
|
9
|
+
clearAutorefresh(): void;
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=BrowserAuthenticationRefresher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BrowserAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,qBAAa,8BAA+B,SAAQ,2BAA2B;WACvD,KAAK,CACzB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,8BAA8B,CAAC;IAY1C,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK;cAMlB,aAAa;IAmBvB,gBAAgB;IAuBtB,gBAAgB;CASjB"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BrowserAuthenticationRefresher = void 0;
|
|
4
|
+
const constants_js_1 = require("../../constants.js");
|
|
5
|
+
const util_js_1 = require("../../shared/lib/util.js");
|
|
6
|
+
const AuthenticationRefresherImpl_js_1 = require("./AuthenticationRefresherImpl.js");
|
|
7
|
+
class BrowserAuthenticationRefresher extends AuthenticationRefresherImpl_js_1.AuthenticationRefresherImpl {
|
|
8
|
+
static async build(authConfig, storage, onError, endpointOverrides) {
|
|
9
|
+
const refresher = new BrowserAuthenticationRefresher(authConfig, storage, onError, endpointOverrides);
|
|
10
|
+
await refresher.init();
|
|
11
|
+
return refresher;
|
|
12
|
+
}
|
|
13
|
+
handleError(error) {
|
|
14
|
+
console.error("BrowserAuthenticationRefresher: Error", error);
|
|
15
|
+
this.clearAutorefresh();
|
|
16
|
+
this.onError(error);
|
|
17
|
+
}
|
|
18
|
+
async handleRefresh() {
|
|
19
|
+
try {
|
|
20
|
+
// ensure only one refresh is in progress
|
|
21
|
+
if (localStorage.getItem(constants_js_1.REFRESH_IN_PROGRESS) !== "true") {
|
|
22
|
+
localStorage.setItem(constants_js_1.REFRESH_IN_PROGRESS, "true");
|
|
23
|
+
await this.refreshTokens();
|
|
24
|
+
localStorage.removeItem(constants_js_1.REFRESH_IN_PROGRESS);
|
|
25
|
+
await this.setupAutorefresh(); // Reset the timeout after successful refresh
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
catch (error) {
|
|
29
|
+
console.error("BrowserAuthenticationRefresher: Failed to refresh tokens:", error);
|
|
30
|
+
// TODO detect if refresh token has expired and if yes then logout
|
|
31
|
+
this.handleError(error);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
async setupAutorefresh() {
|
|
35
|
+
// clear any existing state
|
|
36
|
+
localStorage.removeItem(constants_js_1.REFRESH_IN_PROGRESS);
|
|
37
|
+
if (!this.storage)
|
|
38
|
+
throw new Error("No storage available");
|
|
39
|
+
// Clear any existing timeout
|
|
40
|
+
this.clearAutorefresh();
|
|
41
|
+
// get expires_in
|
|
42
|
+
const now = Math.floor(Date.now() / 1000);
|
|
43
|
+
const expiresAt = (await (0, util_js_1.retrieveAccessTokenExpiresAt)(this.storage)) || now + 60;
|
|
44
|
+
// Calculate time until expiry (subtract 30 seconds as buffer)
|
|
45
|
+
const bufferTime = 30; // 30 seconds
|
|
46
|
+
const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past
|
|
47
|
+
const refreshTimeout = setTimeout(() => {
|
|
48
|
+
this.handleRefresh();
|
|
49
|
+
}, 1000 * refreshTime);
|
|
50
|
+
localStorage.setItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());
|
|
51
|
+
}
|
|
52
|
+
clearAutorefresh() {
|
|
53
|
+
// use local storage to store the timeout id so that if multiple instances
|
|
54
|
+
// of the refresher are created they can all clear the same timeout
|
|
55
|
+
const existingTimeout = localStorage.getItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME);
|
|
56
|
+
if (existingTimeout) {
|
|
57
|
+
clearTimeout(existingTimeout);
|
|
58
|
+
localStorage.removeItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
exports.BrowserAuthenticationRefresher = BrowserAuthenticationRefresher;
|
|
63
|
+
//# sourceMappingURL=BrowserAuthenticationRefresher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BrowserAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserAuthenticationRefresher.ts"],"names":[],"mappings":";;;AAAA,iDAA+E;AAC/E,kDAAoE;AACpE,qFAA+E;AAI/E,MAAa,8BAA+B,SAAQ,4DAA2B;IAC7E,MAAM,CAAU,KAAK,CAAC,KAAK,CACzB,UAAsB,EACtB,OAAoB,EACpB,OAAwC,EACxC,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAClD,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAES,WAAW,CAAC,KAAY;QAChC,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;IAES,KAAK,CAAC,aAAa;QAC3B,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,YAAY,CAAC,OAAO,CAAC,kCAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;gBACzD,YAAY,CAAC,OAAO,CAAC,kCAAmB,EAAE,MAAM,CAAC,CAAC;gBAClD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,YAAY,CAAC,UAAU,CAAC,kCAAmB,CAAC,CAAC;gBAC7C,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,6CAA6C;YAC9E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,2DAA2D,EAC3D,KAAK,CACN,CAAC;YACF,kEAAkE;YAClE,IAAI,CAAC,WAAW,CAAC,KAAc,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,2BAA2B;QAC3B,YAAY,CAAC,UAAU,CAAC,kCAAmB,CAAC,CAAC;QAE7C,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GACb,CAAC,MAAM,IAAA,sCAA4B,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;QAEjE,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAEhH,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACrC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;QACvB,YAAY,CAAC,OAAO,CAAC,uCAAwB,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,gBAAgB;QACd,0EAA0E;QAC1E,mEAAmE;QACnE,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,uCAAwB,CAAC,CAAC;QACvE,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,CAAC,eAAe,CAAC,CAAC;YAC9B,YAAY,CAAC,UAAU,CAAC,uCAAwB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF;AA3ED,wEA2EC","sourcesContent":["import { AUTOREFRESH_TIMEOUT_NAME, REFRESH_IN_PROGRESS } from \"@/constants.js\";\nimport { retrieveAccessTokenExpiresAt } from \"@/shared/lib/util.js\";\nimport { AuthenticationRefresherImpl } from \"./AuthenticationRefresherImpl.js\";\nimport type { AuthStorage, Endpoints } from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\n\nexport class BrowserAuthenticationRefresher extends AuthenticationRefresherImpl {\n static override async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n onError: (error: Error) => Promise<void>,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<BrowserAuthenticationRefresher> {\n const refresher = new BrowserAuthenticationRefresher(\n authConfig,\n storage,\n onError,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n protected handleError(error: Error) {\n console.error(\"BrowserAuthenticationRefresher: Error\", error);\n this.clearAutorefresh();\n this.onError(error);\n }\n\n protected async handleRefresh() {\n try {\n // ensure only one refresh is in progress\n if (localStorage.getItem(REFRESH_IN_PROGRESS) !== \"true\") {\n localStorage.setItem(REFRESH_IN_PROGRESS, \"true\");\n await this.refreshTokens();\n localStorage.removeItem(REFRESH_IN_PROGRESS);\n await this.setupAutorefresh(); // Reset the timeout after successful refresh\n }\n } catch (error) {\n console.error(\n \"BrowserAuthenticationRefresher: Failed to refresh tokens:\",\n error,\n );\n // TODO detect if refresh token has expired and if yes then logout\n this.handleError(error as Error);\n }\n }\n\n async setupAutorefresh() {\n // clear any existing state\n localStorage.removeItem(REFRESH_IN_PROGRESS);\n\n if (!this.storage) throw new Error(\"No storage available\");\n // Clear any existing timeout\n this.clearAutorefresh();\n\n // get expires_in\n const now = Math.floor(Date.now() / 1000);\n const expiresAt =\n (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;\n\n // Calculate time until expiry (subtract 30 seconds as buffer)\n const bufferTime = 30; // 30 seconds\n const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past\n\n const refreshTimeout = setTimeout(() => {\n this.handleRefresh();\n }, 1000 * refreshTime);\n localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());\n }\n\n clearAutorefresh() {\n // use local storage to store the timeout id so that if multiple instances\n // of the refresher are created they can all clear the same timeout\n const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);\n if (existingTimeout) {\n clearTimeout(existingTimeout);\n localStorage.removeItem(AUTOREFRESH_TIMEOUT_NAME);\n }\n }\n}\n"]}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { AuthConfig } from "../../server/config.js";
|
|
2
|
+
import type { AuthenticationRefresher } from "../../services/types.js";
|
|
3
|
+
import type { AuthStorage, OIDCTokenResponseBody } from "../../types.js";
|
|
4
|
+
export declare abstract class GenericAuthenticationRefresher implements AuthenticationRefresher {
|
|
5
|
+
readonly onError: (error: Error) => Promise<void>;
|
|
6
|
+
protected authConfig: AuthConfig | undefined;
|
|
7
|
+
protected storage: AuthStorage | undefined;
|
|
8
|
+
static refreshInProgress: boolean;
|
|
9
|
+
constructor(onError: (error: Error) => Promise<void>);
|
|
10
|
+
get oauthServer(): string;
|
|
11
|
+
abstract refreshAccessToken(refreshToken?: string): Promise<OIDCTokenResponseBody>;
|
|
12
|
+
getRefreshToken(): Promise<string>;
|
|
13
|
+
refreshTokens(): Promise<OIDCTokenResponseBody>;
|
|
14
|
+
private handleRefresh;
|
|
15
|
+
setupAutorefresh(): Promise<void>;
|
|
16
|
+
clearAutorefresh(): void;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=GenericAuthenticationRefresher%20copy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"GenericAuthenticationRefresher copy.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher copy.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAKnE,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,8BAAsB,8BACpB,YAAW,uBAAuB;IAMtB,QAAQ,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC;IAJ7D,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,CAAC;IAC3C,MAAM,CAAC,iBAAiB,UAAS;gBAEZ,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC;IAE7D,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,CAAC,kBAAkB,CACzB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC;IAE3B,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IASlC,aAAa;YAaL,aAAa;IAoBrB,gBAAgB;IAyBtB,gBAAgB;CASjB"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.GenericAuthenticationRefresher = void 0;
|
|
4
|
+
const constants_js_1 = require("../../constants.js");
|
|
5
|
+
const util_js_1 = require("../../shared/lib/util.js");
|
|
6
|
+
class GenericAuthenticationRefresher {
|
|
7
|
+
onError;
|
|
8
|
+
authConfig;
|
|
9
|
+
storage;
|
|
10
|
+
static refreshInProgress = false;
|
|
11
|
+
constructor(onError) {
|
|
12
|
+
this.onError = onError;
|
|
13
|
+
}
|
|
14
|
+
get oauthServer() {
|
|
15
|
+
return this.authConfig?.oauthServer || constants_js_1.DEFAULT_AUTH_SERVER;
|
|
16
|
+
}
|
|
17
|
+
async getRefreshToken() {
|
|
18
|
+
if (!this.storage)
|
|
19
|
+
throw new Error("No storage available");
|
|
20
|
+
const tokens = await (0, util_js_1.retrieveTokens)(this.storage);
|
|
21
|
+
console.log("getRefreshToken tokens", tokens);
|
|
22
|
+
if (!tokens?.refresh_token)
|
|
23
|
+
throw new Error("No refresh token available");
|
|
24
|
+
return tokens.refresh_token;
|
|
25
|
+
}
|
|
26
|
+
async refreshTokens() {
|
|
27
|
+
console.log("GenericAuthenticationRefresher refreshTokens calling refreshAccessToken()");
|
|
28
|
+
try {
|
|
29
|
+
return await this.refreshAccessToken();
|
|
30
|
+
}
|
|
31
|
+
catch (error) {
|
|
32
|
+
console.error("refreshTokens: Failed to refresh tokens:", error);
|
|
33
|
+
// TODO detect if refresh token has expired and if yes then logout
|
|
34
|
+
throw error;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
async handleRefresh() {
|
|
38
|
+
try {
|
|
39
|
+
console.log("GenericAuthenticationRefresher handleRefresh REFRESH_IN_PROGRESS", localStorage.getItem(constants_js_1.REFRESH_IN_PROGRESS));
|
|
40
|
+
// ensure only one refresh is in progress
|
|
41
|
+
if (localStorage.getItem(constants_js_1.REFRESH_IN_PROGRESS) !== "true") {
|
|
42
|
+
localStorage.setItem(constants_js_1.REFRESH_IN_PROGRESS, "true");
|
|
43
|
+
await this.refreshTokens();
|
|
44
|
+
localStorage.removeItem(constants_js_1.REFRESH_IN_PROGRESS);
|
|
45
|
+
await this.setupAutorefresh(); // Reset the timeout after successful refresh
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
catch (error) {
|
|
49
|
+
console.error("Failed to refresh tokens:", error);
|
|
50
|
+
// TODO detect if refresh token has expired and if yes then logout
|
|
51
|
+
this.onError(error);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
async setupAutorefresh() {
|
|
55
|
+
if (!this.storage)
|
|
56
|
+
throw new Error("No storage available");
|
|
57
|
+
console.log("removing REFRESH_IN_PROGRESS and AUTOREFRESH_TIMEOUT_NAME");
|
|
58
|
+
console.log("setupAutorefresh");
|
|
59
|
+
// Clear any existing timeout
|
|
60
|
+
this.clearAutorefresh();
|
|
61
|
+
localStorage.removeItem(constants_js_1.REFRESH_IN_PROGRESS);
|
|
62
|
+
localStorage.removeItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME);
|
|
63
|
+
// get expires_in
|
|
64
|
+
const now = Math.floor(Date.now() / 1000);
|
|
65
|
+
const expiresAt = (await (0, util_js_1.retrieveAccessTokenExpiresAt)(this.storage)) || now + 60;
|
|
66
|
+
// Calculate time until expiry (subtract 30 seconds as buffer)
|
|
67
|
+
const bufferTime = 30; // 30 seconds
|
|
68
|
+
const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past
|
|
69
|
+
const refreshTimeout = setTimeout(() => {
|
|
70
|
+
this.handleRefresh();
|
|
71
|
+
}, 1000 * refreshTime);
|
|
72
|
+
localStorage.setItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());
|
|
73
|
+
}
|
|
74
|
+
clearAutorefresh() {
|
|
75
|
+
// use local storage to store the timeout id so that if multiple instances
|
|
76
|
+
// of the refresher are created they can all clear the same timeout
|
|
77
|
+
const existingTimeout = localStorage.getItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME);
|
|
78
|
+
if (existingTimeout) {
|
|
79
|
+
console.log("clearAutorefresh clearTimeout", existingTimeout);
|
|
80
|
+
clearTimeout(existingTimeout);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
exports.GenericAuthenticationRefresher = GenericAuthenticationRefresher;
|
|
85
|
+
//# sourceMappingURL=GenericAuthenticationRefresher%20copy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"GenericAuthenticationRefresher copy.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher copy.ts"],"names":[],"mappings":";;;AAAA,iDAIwB;AAGxB,kDAG8B;AAG9B,MAAsB,8BAA8B;IAO7B;IAJX,UAAU,CAAyB;IACnC,OAAO,CAA0B;IAC3C,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC;IAEjC,YAAqB,OAAwC;QAAxC,YAAO,GAAP,OAAO,CAAiC;IAAG,CAAC;IAEjE,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,EAAE,WAAW,IAAI,kCAAmB,CAAC;IAC7D,CAAC;IAMD,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACF,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;YACjE,kEAAkE;YAClE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CACT,kEAAkE,EAClE,YAAY,CAAC,OAAO,CAAC,kCAAmB,CAAC,CAC1C,CAAC;YACF,yCAAyC;YACzC,IAAI,YAAY,CAAC,OAAO,CAAC,kCAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;gBACzD,YAAY,CAAC,OAAO,CAAC,kCAAmB,EAAE,MAAM,CAAC,CAAC;gBAClD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,YAAY,CAAC,UAAU,CAAC,kCAAmB,CAAC,CAAC;gBAC7C,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,6CAA6C;YAC9E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAClD,kEAAkE;YAClE,IAAI,CAAC,OAAO,CAAC,KAAc,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,YAAY,CAAC,UAAU,CAAC,kCAAmB,CAAC,CAAC;QAC7C,YAAY,CAAC,UAAU,CAAC,uCAAwB,CAAC,CAAC;QAElD,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GACb,CAAC,MAAM,IAAA,sCAA4B,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;QAEjE,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAEhH,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACrC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;QACvB,YAAY,CAAC,OAAO,CAAC,uCAAwB,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,gBAAgB;QACd,0EAA0E;QAC1E,mEAAmE;QACnE,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,uCAAwB,CAAC,CAAC;QACvE,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,eAAe,CAAC,CAAC;YAC9D,YAAY,CAAC,eAAe,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;;AA5FH,wEA6FC","sourcesContent":["import {\n AUTOREFRESH_TIMEOUT_NAME,\n DEFAULT_AUTH_SERVER,\n REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthenticationRefresher } from \"@/services/types.js\";\nimport {\n retrieveAccessTokenExpiresAt,\n retrieveTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\n\nexport abstract class GenericAuthenticationRefresher\n implements AuthenticationRefresher\n{\n protected authConfig: AuthConfig | undefined;\n protected storage: AuthStorage | undefined;\n static refreshInProgress = false;\n\n constructor(readonly onError: (error: Error) => Promise<void>) {}\n\n get oauthServer(): string {\n return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;\n }\n\n abstract refreshAccessToken(\n refreshToken?: string,\n ): Promise<OIDCTokenResponseBody>;\n\n async getRefreshToken(): Promise<string> {\n if (!this.storage) throw new Error(\"No storage available\");\n\n const tokens = await retrieveTokens(this.storage);\n console.log(\"getRefreshToken tokens\", tokens);\n if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n return tokens.refresh_token;\n }\n\n async refreshTokens() {\n console.log(\n \"GenericAuthenticationRefresher refreshTokens calling refreshAccessToken()\",\n );\n try {\n return await this.refreshAccessToken();\n } catch (error) {\n console.error(\"refreshTokens: Failed to refresh tokens:\", error);\n // TODO detect if refresh token has expired and if yes then logout\n throw error;\n }\n }\n\n private async handleRefresh() {\n try {\n console.log(\n \"GenericAuthenticationRefresher handleRefresh REFRESH_IN_PROGRESS\",\n localStorage.getItem(REFRESH_IN_PROGRESS),\n );\n // ensure only one refresh is in progress\n if (localStorage.getItem(REFRESH_IN_PROGRESS) !== \"true\") {\n localStorage.setItem(REFRESH_IN_PROGRESS, \"true\");\n await this.refreshTokens();\n localStorage.removeItem(REFRESH_IN_PROGRESS);\n await this.setupAutorefresh(); // Reset the timeout after successful refresh\n }\n } catch (error) {\n console.error(\"Failed to refresh tokens:\", error);\n // TODO detect if refresh token has expired and if yes then logout\n this.onError(error as Error);\n }\n }\n\n async setupAutorefresh() {\n if (!this.storage) throw new Error(\"No storage available\");\n console.log(\"removing REFRESH_IN_PROGRESS and AUTOREFRESH_TIMEOUT_NAME\");\n console.log(\"setupAutorefresh\");\n // Clear any existing timeout\n this.clearAutorefresh();\n\n localStorage.removeItem(REFRESH_IN_PROGRESS);\n localStorage.removeItem(AUTOREFRESH_TIMEOUT_NAME);\n\n // get expires_in\n const now = Math.floor(Date.now() / 1000);\n const expiresAt =\n (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;\n\n // Calculate time until expiry (subtract 30 seconds as buffer)\n const bufferTime = 30; // 30 seconds\n const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past\n\n const refreshTimeout = setTimeout(() => {\n this.handleRefresh();\n }, 1000 * refreshTime);\n localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());\n }\n\n clearAutorefresh() {\n // use local storage to store the timeout id so that if multiple instances\n // of the refresher are created they can all clear the same timeout\n const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);\n if (existingTimeout) {\n console.log(\"clearAutorefresh clearTimeout\", existingTimeout);\n clearTimeout(existingTimeout);\n }\n }\n}\n"]}
|
|
@@ -2,15 +2,13 @@ import type { AuthConfig } from "../../server/config.js";
|
|
|
2
2
|
import type { AuthenticationRefresher } from "../../services/types.js";
|
|
3
3
|
import type { AuthStorage, OIDCTokenResponseBody } from "../../types.js";
|
|
4
4
|
export declare abstract class GenericAuthenticationRefresher implements AuthenticationRefresher {
|
|
5
|
+
readonly onError: (error: Error) => Promise<void>;
|
|
5
6
|
protected authConfig: AuthConfig | undefined;
|
|
6
7
|
protected storage: AuthStorage | undefined;
|
|
7
|
-
|
|
8
|
+
constructor(onError: (error: Error) => Promise<void>);
|
|
8
9
|
get oauthServer(): string;
|
|
9
10
|
abstract refreshAccessToken(refreshToken?: string): Promise<OIDCTokenResponseBody>;
|
|
10
11
|
getRefreshToken(): Promise<string>;
|
|
11
12
|
refreshTokens(): Promise<OIDCTokenResponseBody>;
|
|
12
|
-
private handleRefresh;
|
|
13
|
-
setupAutorefresh(): Promise<void>;
|
|
14
|
-
clearAutorefresh(): void;
|
|
15
13
|
}
|
|
16
14
|
//# sourceMappingURL=GenericAuthenticationRefresher.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAEnE,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,8BAAsB,8BACpB,YAAW,uBAAuB;IAKtB,QAAQ,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC;IAH7D,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,CAAC;gBAEtB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC;IAE7D,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,CAAC,kBAAkB,CACzB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC;IAE3B,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IASlC,aAAa;CAepB"}
|
|
@@ -4,9 +4,12 @@ exports.GenericAuthenticationRefresher = void 0;
|
|
|
4
4
|
const constants_js_1 = require("../../constants.js");
|
|
5
5
|
const util_js_1 = require("../../shared/lib/util.js");
|
|
6
6
|
class GenericAuthenticationRefresher {
|
|
7
|
+
onError;
|
|
7
8
|
authConfig;
|
|
8
9
|
storage;
|
|
9
|
-
|
|
10
|
+
constructor(onError) {
|
|
11
|
+
this.onError = onError;
|
|
12
|
+
}
|
|
10
13
|
get oauthServer() {
|
|
11
14
|
return this.authConfig?.oauthServer || constants_js_1.DEFAULT_AUTH_SERVER;
|
|
12
15
|
}
|
|
@@ -14,50 +17,20 @@ class GenericAuthenticationRefresher {
|
|
|
14
17
|
if (!this.storage)
|
|
15
18
|
throw new Error("No storage available");
|
|
16
19
|
const tokens = await (0, util_js_1.retrieveTokens)(this.storage);
|
|
20
|
+
console.log("getRefreshToken tokens", tokens);
|
|
17
21
|
if (!tokens?.refresh_token)
|
|
18
22
|
throw new Error("No refresh token available");
|
|
19
23
|
return tokens.refresh_token;
|
|
20
24
|
}
|
|
21
25
|
async refreshTokens() {
|
|
22
|
-
|
|
23
|
-
}
|
|
24
|
-
async handleRefresh() {
|
|
26
|
+
console.log("GenericAuthenticationRefresher refreshTokens calling refreshAccessToken()");
|
|
25
27
|
try {
|
|
26
|
-
|
|
27
|
-
if (localStorage.getItem(constants_js_1.REFRESH_IN_PROGRESS) !== "true") {
|
|
28
|
-
localStorage.setItem(constants_js_1.REFRESH_IN_PROGRESS, "true");
|
|
29
|
-
await this.refreshTokens();
|
|
30
|
-
localStorage.setItem(constants_js_1.REFRESH_IN_PROGRESS, "false");
|
|
31
|
-
await this.setupAutorefresh(); // Reset the timeout after successful refresh
|
|
32
|
-
}
|
|
28
|
+
return await this.refreshAccessToken();
|
|
33
29
|
}
|
|
34
30
|
catch (error) {
|
|
35
|
-
console.error("Failed to refresh tokens:", error);
|
|
31
|
+
console.error("GenericAuthenticationRefresher: Failed to refresh tokens:", error);
|
|
36
32
|
// TODO detect if refresh token has expired and if yes then logout
|
|
37
|
-
|
|
38
|
-
}
|
|
39
|
-
async setupAutorefresh() {
|
|
40
|
-
if (!this.storage)
|
|
41
|
-
throw new Error("No storage available");
|
|
42
|
-
// Clear any existing timeout
|
|
43
|
-
this.clearAutorefresh();
|
|
44
|
-
// get expires_in
|
|
45
|
-
const now = Math.floor(Date.now() / 1000);
|
|
46
|
-
const expiresAt = (await (0, util_js_1.retrieveAccessTokenExpiresAt)(this.storage)) || now + 60;
|
|
47
|
-
// Calculate time until expiry (subtract 30 seconds as buffer)
|
|
48
|
-
const bufferTime = 30; // 30 seconds
|
|
49
|
-
const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past
|
|
50
|
-
const refreshTimeout = setTimeout(() => {
|
|
51
|
-
this.handleRefresh();
|
|
52
|
-
}, 1000 * refreshTime);
|
|
53
|
-
localStorage.setItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());
|
|
54
|
-
}
|
|
55
|
-
clearAutorefresh() {
|
|
56
|
-
// use local storage to store the timeout id so that if multiple instances
|
|
57
|
-
// of the refresher are created they can all clear the same timeout
|
|
58
|
-
const existingTimeout = localStorage.getItem(constants_js_1.AUTOREFRESH_TIMEOUT_NAME);
|
|
59
|
-
if (existingTimeout) {
|
|
60
|
-
clearTimeout(existingTimeout);
|
|
33
|
+
throw error;
|
|
61
34
|
}
|
|
62
35
|
}
|
|
63
36
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":";;;AAAA,iDAAqD;AAGrD,kDAAsD;AAGtD,MAAsB,8BAA8B;IAM7B;IAHX,UAAU,CAAyB;IACnC,OAAO,CAA0B;IAE3C,YAAqB,OAAwC;QAAxC,YAAO,GAAP,OAAO,CAAiC;IAAG,CAAC;IAEjE,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,EAAE,WAAW,IAAI,kCAAmB,CAAC;IAC7D,CAAC;IAMD,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACF,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,2DAA2D,EAC3D,KAAK,CACN,CAAC;YACF,kEAAkE;YAClE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AAxCD,wEAwCC","sourcesContent":["import { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthenticationRefresher } from \"@/services/types.js\";\nimport { retrieveTokens } from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\n\nexport abstract class GenericAuthenticationRefresher\n implements AuthenticationRefresher\n{\n protected authConfig: AuthConfig | undefined;\n protected storage: AuthStorage | undefined;\n\n constructor(readonly onError: (error: Error) => Promise<void>) {}\n\n get oauthServer(): string {\n return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;\n }\n\n abstract refreshAccessToken(\n refreshToken?: string,\n ): Promise<OIDCTokenResponseBody>;\n\n async getRefreshToken(): Promise<string> {\n if (!this.storage) throw new Error(\"No storage available\");\n\n const tokens = await retrieveTokens(this.storage);\n console.log(\"getRefreshToken tokens\", tokens);\n if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n return tokens.refresh_token;\n }\n\n async refreshTokens() {\n console.log(\n \"GenericAuthenticationRefresher refreshTokens calling refreshAccessToken()\",\n );\n try {\n return await this.refreshAccessToken();\n } catch (error) {\n console.error(\n \"GenericAuthenticationRefresher: Failed to refresh tokens:\",\n error,\n );\n // TODO detect if refresh token has expired and if yes then logout\n throw error;\n }\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAOlD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM,GACzC,OAAO,CAAC,SAAS,CAAC,CAMpB;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA2Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;CACxC,GAAG,OAAO,CAAC,GAAG,CAAC,CAcf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAoBrB;AAED,eAAO,MAAM,uBAAuB,WAC1B,qBAAqB,KAC5B,MAUF,CAAC;AACF,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAOlD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM,GACzC,OAAO,CAAC,SAAS,CAAC,CAMpB;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA2Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;CACxC,GAAG,OAAO,CAAC,GAAG,CAAC,CAcf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAoBrB;AAED,eAAO,MAAM,uBAAuB,WAC1B,qBAAqB,KAC5B,MAUF,CAAC;AACF,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBA8C9B;AAED,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,iBAYrD;AAED,wBAAsB,sBAAsB,CAAC,OAAO,EAAE,WAAW,iBAGhE;AAED,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,iBAGnD;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAkBvC;AAED,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,MAAM,CAAC,CAEjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CA2BvB"}
|
|
@@ -163,6 +163,11 @@ async function storeServerTokens(storage, tokens) {
|
|
|
163
163
|
const cookieStorage = storage;
|
|
164
164
|
const now = Math.floor(Date.now() / 1000);
|
|
165
165
|
const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;
|
|
166
|
+
console.log("storeServerTokens timestamps", {
|
|
167
|
+
now,
|
|
168
|
+
accessTokenMaxAge,
|
|
169
|
+
accessTokenExpiresAt,
|
|
170
|
+
});
|
|
166
171
|
const cookiesOverride = {
|
|
167
172
|
...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),
|
|
168
173
|
};
|
|
@@ -172,7 +177,15 @@ async function storeServerTokens(storage, tokens) {
|
|
|
172
177
|
const refreshCookiesOverride = {
|
|
173
178
|
...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),
|
|
174
179
|
};
|
|
175
|
-
|
|
180
|
+
console.log("storeServerTokens overrides", {
|
|
181
|
+
cookiesOverride,
|
|
182
|
+
refreshCookiesOverride,
|
|
183
|
+
});
|
|
184
|
+
const idTokenExpiry = (0, jose_1.decodeJwt)(tokens.id_token)?.exp;
|
|
185
|
+
const idTokenMaxAge = idTokenExpiry && idTokenExpiry - now;
|
|
186
|
+
await cookieStorage.set(types_js_1.OAuthTokens.ID_TOKEN, tokens.id_token, {
|
|
187
|
+
...(idTokenMaxAge ? { maxAge: idTokenMaxAge } : {}),
|
|
188
|
+
});
|
|
176
189
|
await cookieStorage.set(types_js_1.OAuthTokens.ACCESS_TOKEN, tokens.access_token, cookiesOverride);
|
|
177
190
|
if (tokens.refresh_token) {
|
|
178
191
|
await cookieStorage.set(types_js_1.OAuthTokens.REFRESH_TOKEN, tokens.refresh_token, refreshCookiesOverride);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,kDAgBC;AAED,8DASC;AAED,sDAqCC;AAED,wDAqBC;AAED,8CAQC;AAED,wCA0BC;AAeD,0DAUC;AAED,kCAUC;AAED,8CAwCC;AAED,kCAYC;AAED,wDAGC;AAED,8BAGC;AAED,wCAqBC;AAED,oEAIC;AAED,oDAgCC;AA3TD,yCAIoB;AACpB,wCAA2C;AAC3C,6CAAwE;AACxE,2CAA6B;AAC7B,yCAA8C;AAE9C,gEAAiE;AACjE,+BAAkD;AAElD,iDAIwB;AAExB;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,aAAa,CAAC,YAAY,CAAC,MAAM,CAC/B,0BAA0B,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;IACF,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,MAAM,uBAAuB,GAAG,CACrC,MAA6B,EACrB,EAAE;IACV,MAAM,iBAAiB,GAAG,IAAA,gBAAS,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,IAAI,iBAAiB,EAAE,GAAG,IAAI,KAAK,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC,GAAG,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC,CAAC;AAZW,QAAA,uBAAuB,2BAYlC;AACK,KAAK,UAAU,uBAAuB,CAC3C,OAAoC,EACpC,MAA6B;IAE7B,oGAAoG;IACpG,MAAM,oBAAoB,GAAG,IAAA,+BAAuB,EAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,CAChC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAA6B;IAE7B,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,OAAoC,EACpC,MAA6B;IAE7B,MAAM,oBAAoB,GAAG,IAAA,+BAAuB,EAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAwB,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,iBAAiB,GAAG,oBAAoB,IAAI,oBAAoB,GAAG,GAAG,CAAC;IAE7E,MAAM,eAAe,GAAG;QACtB,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC;IACF,2GAA2G;IAC3G,iFAAiF;IACjF,MAAM,kBAAkB,GAAG,iBAAiB,IAAI,iBAAiB,GAAG,CAAC,GAAG,EAAE,CAAC;IAC3E,MAAM,sBAAsB,GAAG;QAC7B,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;IACF,MAAM,aAAa,CAAC,GAAG,CACrB,sBAAW,CAAC,QAAQ,EACpB,MAAM,CAAC,QAAQ,EACf,eAAe,CAChB,CAAC;IACF,MAAM,aAAa,CAAC,GAAG,CACrB,sBAAW,CAAC,YAAY,EACxB,MAAM,CAAC,YAAY,EACnB,eAAe,CAChB,CAAC;IACF,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,aAAa,CAAC,GAAG,CACrB,sBAAW,CAAC,aAAa,EACzB,MAAM,CAAC,aAAa,EACpB,sBAAsB,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,EAC/B,eAAe,CAChB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,kEAAkE;IAClE,MAAM,kBAAkB,GAAG;QACzB,GAAG,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC;QAC7B,kCAAmB;QACnB,uCAAwB;QACxB,2BAAY;KACb,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAClB,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAC7C,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,OAAoB;IAC/D,MAAM,OAAO,CAAC,MAAM,CAAC,8BAAmB,CAAC,CAAC;IAC1C,MAAM,OAAO,CAAC,MAAM,CAAC,qCAA0B,CAAC,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,SAAS,CAAC,OAAoB;IAClD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5C,sBAAW,CAAC,uBAAuB,CACpC,CAAC;IAEF,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,uBAAuB,EACrB,oBAAoB,KAAK,IAAI;YAC3B,CAAC,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACpC,CAAC,CAAC,SAAS,EAAE,2BAA2B;KAC7C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,4BAA4B,CAChD,OAAoB;IAEpB,OAAO,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;AACxE,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport {\n AUTH_SERVER_LEGACY_SESSION,\n AUTH_SERVER_SESSION,\n OAuthTokens,\n} from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { decodeJwt, type JWTPayload } from \"jose\";\nimport type { CookieStorage } from \"./storage.js\";\nimport {\n AUTOREFRESH_TIMEOUT_NAME,\n LOGOUT_STATE,\n REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n redirectUrl: string;\n idToken: string;\n state: string;\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const endSessionUrl = new URL(endpoints.endsession);\n endSessionUrl.searchParams.append(\"client_id\", config.clientId);\n endSessionUrl.searchParams.append(\"id_token_hint\", config.idToken);\n endSessionUrl.searchParams.append(\"state\", config.state);\n endSessionUrl.searchParams.append(\n \"post_logout_redirect_uri\",\n config.redirectUrl,\n );\n return endSessionUrl;\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n return tokens;\n}\n\nexport const getAccessTokenExpiresAt = (\n tokens: OIDCTokenResponseBody,\n): number => {\n const parsedAccessToken = decodeJwt(tokens.access_token);\n if (parsedAccessToken?.exp || false) {\n return parsedAccessToken.exp;\n } else if (tokens.expires_in) {\n const now = Math.floor(new Date().getTime() / 1000);\n return now + tokens.expires_in;\n } else {\n throw new Error(\"Cannot determine access token expiry!\");\n }\n};\nexport async function setAccessTokenExpiresAt(\n storage: AuthStorage | CookieStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // try to extract absolute expiry time from access token but fallback to calculation if not possible\n const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n accessTokenExpiresAt.toString(),\n );\n}\n\nexport async function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token) {\n await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n }\n await setAccessTokenExpiresAt(storage, tokens);\n}\n\nexport async function storeServerTokens(\n storage: AuthStorage | CookieStorage,\n tokens: OIDCTokenResponseBody,\n) {\n const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n const cookieStorage = storage as CookieStorage;\n const now = Math.floor(Date.now() / 1000);\n const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;\n\n const cookiesOverride = {\n ...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),\n };\n // the refresh token must be longer-lived than the access token max age to allow time for automatic refresh\n // as it's not a JWT, we derive it from the access token max age and add a margin\n const refreshTokenMaxAge = accessTokenMaxAge && accessTokenMaxAge + 5 * 60;\n const refreshCookiesOverride = {\n ...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),\n };\n await cookieStorage.set(\n OAuthTokens.ID_TOKEN,\n tokens.id_token,\n cookiesOverride,\n );\n await cookieStorage.set(\n OAuthTokens.ACCESS_TOKEN,\n tokens.access_token,\n cookiesOverride,\n );\n if (tokens.refresh_token) {\n await cookieStorage.set(\n OAuthTokens.REFRESH_TOKEN,\n tokens.refresh_token,\n refreshCookiesOverride,\n );\n }\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n accessTokenExpiresAt.toString(),\n cookiesOverride,\n );\n}\n\nexport async function clearTokens(storage: AuthStorage) {\n console.log(\"clearTokens\");\n // clear all local storage keys related to OAuth and CivicAuth SDK\n const clearOAuthPromises = [\n ...Object.values(OAuthTokens),\n REFRESH_IN_PROGRESS,\n AUTOREFRESH_TIMEOUT_NAME,\n LOGOUT_STATE,\n ].map(async (key) => {\n await storage.delete(key);\n });\n await Promise.all([...clearOAuthPromises]);\n}\n\nexport async function clearAuthServerSession(storage: AuthStorage) {\n await storage.delete(AUTH_SERVER_SESSION);\n await storage.delete(AUTH_SERVER_LEGACY_SESSION);\n}\n\nexport async function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n await userSession.clear();\n}\n\nexport async function retrieveTokens(\n storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n const accessTokenExpiresAt = await storage.get(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n );\n\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n access_token_expires_at:\n accessTokenExpiresAt !== null\n ? parseInt(accessTokenExpiresAt, 10)\n : undefined, // Convert string to number\n };\n}\n\nexport async function retrieveAccessTokenExpiresAt(\n storage: AuthStorage,\n): Promise<number> {\n return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n"]}
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,kDAgBC;AAED,8DASC;AAED,sDAqCC;AAED,wDAqBC;AAED,8CAQC;AAED,wCA0BC;AAeD,0DAUC;AAED,kCAUC;AAED,8CAgDC;AAED,kCAYC;AAED,wDAGC;AAED,8BAGC;AAED,wCAoBC;AAED,oEAIC;AAED,oDAgCC;AAlUD,yCAIoB;AACpB,wCAA2C;AAC3C,6CAAwE;AACxE,2CAA6B;AAC7B,yCAA8C;AAE9C,gEAAiE;AACjE,+BAAkD;AAElD,iDAIwB;AAExB;;GAEG;AACI,KAAK,UAAU,mBAAmB,CACvC,YAAoB,EACpB,SAA2B,MAAM;IAEjC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC3D,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;SACxD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,oBAAwC,EAAE;IAE1C,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAiB,EAAC,WAAW,CAAC,CAAC;IACvD,OAAO;QACL,GAAG,SAAS;QACZ,GAAG,iBAAiB;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,MAU3C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,YAAY,GAAG,iBAAiB,CACpC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,EAClB,SAAS,CACV,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC,CAAC;IACH,yGAAyG;IACzG,yEAAyE;IACzE,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAC1D,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,uDAAuD;QACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IACD,uDAAuD;IACvD,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,MAO5C;IACC,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IACF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpD,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACnE,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,aAAa,CAAC,YAAY,CAAC,MAAM,CAC/B,0BAA0B,EAC1B,MAAM,CAAC,WAAW,CACnB,CAAC;IACF,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,WAAmB,EACnB,SAAoB;IAEpB,OAAO,IAAI,qBAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE;QACjE,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,KAAa,EACb,YAA0B,EAC1B,YAA0B,EAC1B,WAAmB,EACnB,SAAoB;IAEpB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,eAAe,EAAE,CAAC;IAC1D,IAAI,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAEvE,MAAM,MAAM,GACV,MAAM,YAAY,CAAC,yBAAyB,CAAwB,IAAI,EAAE;QACxE,YAAY;KACb,CAAC,CAAC;IAEL,2BAA2B;IAC3B,IAAI,CAAC;QACH,MAAM,oBAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IAC3E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,kCAAmC,KAAe,CAAC,OAAO,EAAE,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,MAAM,uBAAuB,GAAG,CACrC,MAA6B,EACrB,EAAE;IACV,MAAM,iBAAiB,GAAG,IAAA,gBAAS,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzD,IAAI,iBAAiB,EAAE,GAAG,IAAI,KAAK,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC,GAAG,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC,CAAC;AAZW,QAAA,uBAAuB,2BAYlC;AACK,KAAK,UAAU,uBAAuB,CAC3C,OAAoC,EACpC,MAA6B;IAE7B,oGAAoG;IACpG,MAAM,oBAAoB,GAAG,IAAA,+BAAuB,EAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,CAChC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAA6B;IAE7B,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,OAAoC,EACpC,MAA6B;IAE7B,MAAM,oBAAoB,GAAG,IAAA,+BAAuB,EAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAwB,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,iBAAiB,GAAG,oBAAoB,IAAI,oBAAoB,GAAG,GAAG,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,8BAA8B,EAAE;QAC1C,GAAG;QACH,iBAAiB;QACjB,oBAAoB;KACrB,CAAC,CAAC;IACH,MAAM,eAAe,GAAG;QACtB,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5D,CAAC;IACF,2GAA2G;IAC3G,iFAAiF;IACjF,MAAM,kBAAkB,GAAG,iBAAiB,IAAI,iBAAiB,GAAG,CAAC,GAAG,EAAE,CAAC;IAC3E,MAAM,sBAAsB,GAAG;QAC7B,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE;QACzC,eAAe;QACf,sBAAsB;KACvB,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,IAAA,gBAAS,EAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,GAAG,CAAC;IACtD,MAAM,aAAa,GAAG,aAAa,IAAI,aAAa,GAAG,GAAG,CAAC;IAC3D,MAAM,aAAa,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;QAC7D,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpD,CAAC,CAAC;IACH,MAAM,aAAa,CAAC,GAAG,CACrB,sBAAW,CAAC,YAAY,EACxB,MAAM,CAAC,YAAY,EACnB,eAAe,CAChB,CAAC;IACF,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,MAAM,aAAa,CAAC,GAAG,CACrB,sBAAW,CAAC,aAAa,EACzB,MAAM,CAAC,aAAa,EACpB,sBAAsB,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,sBAAW,CAAC,uBAAuB,EACnC,oBAAoB,CAAC,QAAQ,EAAE,EAC/B,eAAe,CAChB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,kEAAkE;IAClE,MAAM,kBAAkB,GAAG;QACzB,GAAG,MAAM,CAAC,MAAM,CAAC,sBAAW,CAAC;QAC7B,kCAAmB;QACnB,uCAAwB;QACxB,2BAAY;KACb,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAClB,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC;AAC7C,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAAC,OAAoB;IAC/D,MAAM,OAAO,CAAC,MAAM,CAAC,8BAAmB,CAAC,CAAC;IAC1C,MAAM,OAAO,CAAC,MAAM,CAAC,qCAA0B,CAAC,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,SAAS,CAAC,OAAoB;IAClD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,OAAoB;IAEpB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,YAAY,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5C,sBAAW,CAAC,uBAAuB,CACpC,CAAC;IACF,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,YAAY,IAAI,SAAS;QACxC,uBAAuB,EACrB,oBAAoB,KAAK,IAAI;YAC3B,CAAC,CAAC,QAAQ,CAAC,oBAAoB,EAAE,EAAE,CAAC;YACpC,CAAC,CAAC,SAAS,EAAE,2BAA2B;KAC7C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,4BAA4B,CAChD,OAAoB;IAEpB,OAAO,MAAM,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC;AACxE,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,SAAoB,EACpB,YAA0B,EAC1B,MAAc;IAEd,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAE9D,wBAAwB;IACxB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAC1C,MAAM,CAAC,QAAQ,EACf,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,SAAS,CAC9C,MAAM,CAAC,YAAY,EACnB,IAAI,EACJ;QACE,MAAM,EAAE,IAAA,8BAAmB,EAAC,MAAM,CAAC;KACpC,CACF,CAAC;IAEF,OAAO,IAAA,2BAAgB,EAAC;QACtB,QAAQ,EAAE,eAAe,CAAC,OAAO;QACjC,YAAY,EAAE,mBAAmB,CAAC,OAAO;QACzC,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\nimport type {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n ParsedTokens,\n} from \"@/types.js\";\nimport {\n AUTH_SERVER_LEGACY_SESSION,\n AUTH_SERVER_SESSION,\n OAuthTokens,\n} from \"./types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport type { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { decodeJwt, type JWTPayload } from \"jose\";\nimport type { CookieStorage } from \"./storage.js\";\nimport {\n AUTOREFRESH_TIMEOUT_NAME,\n LOGOUT_STATE,\n REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n codeVerifier: string,\n method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n if (method === \"Plain\") {\n console.warn(\"Using insecure plain code challenge method\");\n return codeVerifier;\n }\n\n const encoder = new TextEncoder();\n const data = encoder.encode(codeVerifier);\n const digest = await crypto.subtle.digest(\"SHA-256\", data);\n return btoa(String.fromCharCode(...new Uint8Array(digest)))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n oauthServer: string,\n endpointOverrides: Partial<Endpoints> = {},\n): Promise<Endpoints> {\n const endpoints = await getOauthEndpoints(oauthServer);\n return {\n ...endpoints,\n ...endpointOverrides,\n };\n}\n\nexport async function generateOauthLoginUrl(config: {\n clientId: string;\n scopes: string[];\n state: string;\n redirectUrl: string;\n oauthServer: string;\n nonce?: string;\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const oauth2Client = buildOauth2Client(\n config.clientId,\n config.redirectUrl,\n endpoints,\n );\n const challenge = await config.pkceConsumer.getCodeChallenge();\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state: config.state,\n scopes: config.scopes,\n });\n // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n // It only allows passing in a code verifier which it then hashes itself.\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n if (config.nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", config.nonce);\n }\n // Required by the auth server for offline_access scope\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n\n return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n clientId: string;\n redirectUrl: string;\n idToken: string;\n state: string;\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n}): Promise<URL> {\n const endpoints = await getEndpointsWithOverrides(\n config.oauthServer,\n config.endpointOverrides,\n );\n const endSessionUrl = new URL(endpoints.endsession);\n endSessionUrl.searchParams.append(\"client_id\", config.clientId);\n endSessionUrl.searchParams.append(\"id_token_hint\", config.idToken);\n endSessionUrl.searchParams.append(\"state\", config.state);\n endSessionUrl.searchParams.append(\n \"post_logout_redirect_uri\",\n config.redirectUrl,\n );\n return endSessionUrl;\n}\n\nexport function buildOauth2Client(\n clientId: string,\n redirectUri: string,\n endpoints: Endpoints,\n): OAuth2Client {\n return new OAuth2Client(clientId, endpoints.auth, endpoints.token, {\n redirectURI: redirectUri,\n });\n}\n\nexport async function exchangeTokens(\n code: string,\n state: string,\n pkceProducer: PKCEProducer,\n oauth2Client: OAuth2Client,\n oauthServer: string,\n endpoints: Endpoints,\n) {\n const codeVerifier = await pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n codeVerifier,\n });\n\n // Validate relevant tokens\n try {\n await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n } catch (error) {\n console.error(\"tokenExchange error\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n return tokens;\n}\n\nexport const getAccessTokenExpiresAt = (\n tokens: OIDCTokenResponseBody,\n): number => {\n const parsedAccessToken = decodeJwt(tokens.access_token);\n if (parsedAccessToken?.exp || false) {\n return parsedAccessToken.exp;\n } else if (tokens.expires_in) {\n const now = Math.floor(new Date().getTime() / 1000);\n return now + tokens.expires_in;\n } else {\n throw new Error(\"Cannot determine access token expiry!\");\n }\n};\nexport async function setAccessTokenExpiresAt(\n storage: AuthStorage | CookieStorage,\n tokens: OIDCTokenResponseBody,\n) {\n // try to extract absolute expiry time from access token but fallback to calculation if not possible\n const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n accessTokenExpiresAt.toString(),\n );\n}\n\nexport async function storeTokens(\n storage: AuthStorage,\n tokens: OIDCTokenResponseBody,\n) {\n await storage.set(OAuthTokens.ID_TOKEN, tokens.id_token);\n await storage.set(OAuthTokens.ACCESS_TOKEN, tokens.access_token);\n if (tokens.refresh_token) {\n await storage.set(OAuthTokens.REFRESH_TOKEN, tokens.refresh_token);\n }\n await setAccessTokenExpiresAt(storage, tokens);\n}\n\nexport async function storeServerTokens(\n storage: AuthStorage | CookieStorage,\n tokens: OIDCTokenResponseBody,\n) {\n const accessTokenExpiresAt = getAccessTokenExpiresAt(tokens);\n const cookieStorage = storage as CookieStorage;\n const now = Math.floor(Date.now() / 1000);\n const accessTokenMaxAge = accessTokenExpiresAt && accessTokenExpiresAt - now;\n console.log(\"storeServerTokens timestamps\", {\n now,\n accessTokenMaxAge,\n accessTokenExpiresAt,\n });\n const cookiesOverride = {\n ...(accessTokenMaxAge ? { maxAge: accessTokenMaxAge } : {}),\n };\n // the refresh token must be longer-lived than the access token max age to allow time for automatic refresh\n // as it's not a JWT, we derive it from the access token max age and add a margin\n const refreshTokenMaxAge = accessTokenMaxAge && accessTokenMaxAge + 5 * 60;\n const refreshCookiesOverride = {\n ...(refreshTokenMaxAge ? { maxAge: refreshTokenMaxAge } : {}),\n };\n console.log(\"storeServerTokens overrides\", {\n cookiesOverride,\n refreshCookiesOverride,\n });\n const idTokenExpiry = decodeJwt(tokens.id_token)?.exp;\n const idTokenMaxAge = idTokenExpiry && idTokenExpiry - now;\n await cookieStorage.set(OAuthTokens.ID_TOKEN, tokens.id_token, {\n ...(idTokenMaxAge ? { maxAge: idTokenMaxAge } : {}),\n });\n await cookieStorage.set(\n OAuthTokens.ACCESS_TOKEN,\n tokens.access_token,\n cookiesOverride,\n );\n if (tokens.refresh_token) {\n await cookieStorage.set(\n OAuthTokens.REFRESH_TOKEN,\n tokens.refresh_token,\n refreshCookiesOverride,\n );\n }\n await storage.set(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n accessTokenExpiresAt.toString(),\n cookiesOverride,\n );\n}\n\nexport async function clearTokens(storage: AuthStorage) {\n console.log(\"clearTokens\");\n // clear all local storage keys related to OAuth and CivicAuth SDK\n const clearOAuthPromises = [\n ...Object.values(OAuthTokens),\n REFRESH_IN_PROGRESS,\n AUTOREFRESH_TIMEOUT_NAME,\n LOGOUT_STATE,\n ].map(async (key) => {\n await storage.delete(key);\n });\n await Promise.all([...clearOAuthPromises]);\n}\n\nexport async function clearAuthServerSession(storage: AuthStorage) {\n await storage.delete(AUTH_SERVER_SESSION);\n await storage.delete(AUTH_SERVER_LEGACY_SESSION);\n}\n\nexport async function clearUser(storage: AuthStorage) {\n const userSession = new GenericUserSession(storage);\n await userSession.clear();\n}\n\nexport async function retrieveTokens(\n storage: AuthStorage,\n): Promise<OIDCTokenResponseBody | null> {\n const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n const accessToken = await storage.get(OAuthTokens.ACCESS_TOKEN);\n const refreshToken = await storage.get(OAuthTokens.REFRESH_TOKEN);\n const accessTokenExpiresAt = await storage.get(\n OAuthTokens.ACCESS_TOKEN_EXPIRES_AT,\n );\n if (!idToken || !accessToken) return null;\n\n return {\n id_token: idToken,\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n access_token_expires_at:\n accessTokenExpiresAt !== null\n ? parseInt(accessTokenExpiresAt, 10)\n : undefined, // Convert string to number\n };\n}\n\nexport async function retrieveAccessTokenExpiresAt(\n storage: AuthStorage,\n): Promise<number> {\n return Number(await storage.get(OAuthTokens.ACCESS_TOKEN_EXPIRES_AT));\n}\n\nexport async function validateOauth2Tokens(\n tokens: OIDCTokenResponseBody,\n endpoints: Endpoints,\n oauth2Client: OAuth2Client,\n issuer: string,\n): Promise<ParsedTokens> {\n const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n // validate the ID token\n const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.id_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n audience: oauth2Client.clientId,\n },\n );\n\n // validate the access token\n const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n tokens.access_token,\n JWKS,\n {\n issuer: getIssuerVariations(issuer),\n },\n );\n\n return withoutUndefined({\n id_token: idTokenResponse.payload,\n access_token: accessTokenResponse.payload,\n refresh_token: tokens.refresh_token,\n });\n}\n"]}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import React, { type ReactNode } from "react";
|
|
2
|
+
import type { Config, DisplayMode, SessionData } from "../../types.js";
|
|
3
|
+
import type { PKCEConsumer } from "../../services/types.js";
|
|
4
|
+
export type IframeMode = "embedded" | "modal";
|
|
5
|
+
export type AuthProviderProps = {
|
|
6
|
+
children: ReactNode;
|
|
7
|
+
clientId: string;
|
|
8
|
+
nonce?: string;
|
|
9
|
+
onSignIn?: (error?: Error) => void;
|
|
10
|
+
onSignOut?: () => Promise<void>;
|
|
11
|
+
iframeMode?: IframeMode;
|
|
12
|
+
config?: Config;
|
|
13
|
+
redirectUrl?: string;
|
|
14
|
+
displayMode?: DisplayMode;
|
|
15
|
+
};
|
|
16
|
+
export type InternalAuthProviderProps = AuthProviderProps & {
|
|
17
|
+
sessionData?: SessionData;
|
|
18
|
+
pkceConsumer?: PKCEConsumer;
|
|
19
|
+
};
|
|
20
|
+
declare const AuthProvider: ({ children, onSignIn, onSignOut, pkceConsumer, iframeMode, displayMode, }: InternalAuthProviderProps) => React.JSX.Element;
|
|
21
|
+
export { AuthProvider };
|
|
22
|
+
//# sourceMappingURL=AuthProvider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/shared/providers/AuthProvider.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,EAAE,KAAK,SAAS,EAAgC,MAAM,OAAO,CAAC;AAC5E,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEnE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAkBxD,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,OAAO,CAAC;AAC9C,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,iBAAiB,GAAG;IAC1D,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,CAAC;AAEF,QAAA,MAAM,YAAY,8EAOf,yBAAyB,sBAsE3B,CAAC;AAEF,OAAO,EAAE,YAAY,EAAE,CAAC"}
|