@civic/auth 0.4.3 → 0.4.4-alpha.0

package/dist/cjs/server/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/server/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;IACnD,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC"}

package/dist/cjs/server/config.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=config.js.map

package/dist/cjs/server/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/server/config.ts"],"names":[],"mappings":"","sourcesContent":["import type { Endpoints } from \"@/types.ts\";\n\nexport type AuthConfig = {\n  clientId: string;\n  redirectUrl: string;\n  oauthServer?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  endpointOverrides?: Partial<Endpoints> | undefined;\n  postLogoutRedirectUrl?: string;\n};\n"]}

package/dist/cjs/server/index.d.ts

@@ -0,0 +1,9 @@
+export { CookieStorage } from "../shared/lib/storage.js";
+export type { SessionStorage, CookieStorageSettings, } from "../shared/lib/storage.js";
+export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, } from "../server/login.js";
+export type { AuthConfig } from "../server/config.js";
+export { getUser, getTokens } from "../shared/lib/session.js";
+export { refreshTokens } from "../server/refresh.js";
+export { buildLogoutRedirectUrl } from "../server/logout.js";
+export { clearTokens } from "../shared/lib/util.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/cjs/server/index.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clearTokens = exports.buildLogoutRedirectUrl = exports.refreshTokens = exports.getTokens = exports.getUser = exports.buildLoginUrl = exports.isLoggedIn = exports.resolveOAuthAccessCode = exports.CookieStorage = void 0;
+const index_js_1 = require("../shared/index.js");
+(0, index_js_1.printVersion)();
+var storage_js_1 = require("../shared/lib/storage.js");
+Object.defineProperty(exports, "CookieStorage", { enumerable: true, get: function () { return storage_js_1.CookieStorage; } });
+var login_js_1 = require("../server/login.js");
+Object.defineProperty(exports, "resolveOAuthAccessCode", { enumerable: true, get: function () { return login_js_1.resolveOAuthAccessCode; } });
+Object.defineProperty(exports, "isLoggedIn", { enumerable: true, get: function () { return login_js_1.isLoggedIn; } });
+Object.defineProperty(exports, "buildLoginUrl", { enumerable: true, get: function () { return login_js_1.buildLoginUrl; } });
+var session_js_1 = require("../shared/lib/session.js");
+Object.defineProperty(exports, "getUser", { enumerable: true, get: function () { return session_js_1.getUser; } });
+Object.defineProperty(exports, "getTokens", { enumerable: true, get: function () { return session_js_1.getTokens; } });
+var refresh_js_1 = require("../server/refresh.js");
+Object.defineProperty(exports, "refreshTokens", { enumerable: true, get: function () { return refresh_js_1.refreshTokens; } });
+var logout_js_1 = require("../server/logout.js");
+Object.defineProperty(exports, "buildLogoutRedirectUrl", { enumerable: true, get: function () { return logout_js_1.buildLogoutRedirectUrl; } });
+var util_js_1 = require("../shared/lib/util.js");
+Object.defineProperty(exports, "clearTokens", { enumerable: true, get: function () { return util_js_1.clearTokens; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":";;;AAAA,gDAAiD;AACjD,IAAA,uBAAY,GAAE,CAAC;AAEf,sDAAwD;AAA/C,2GAAA,aAAa,OAAA;AAKtB,8CAI2B;AAHzB,kHAAA,sBAAsB,OAAA;AACtB,sGAAA,UAAU,OAAA;AACV,yGAAA,aAAa,OAAA;AAGf,sDAA6D;AAApD,qGAAA,OAAO,OAAA;AAAE,uGAAA,SAAS,OAAA;AAC3B,kDAAoD;AAA3C,2GAAA,aAAa,OAAA;AACtB,gDAA4D;AAAnD,mHAAA,sBAAsB,OAAA;AAC/B,gDAAmD;AAA1C,sGAAA,WAAW,OAAA","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\n\nexport { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n  SessionStorage,\n  CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport {\n  resolveOAuthAccessCode,\n  isLoggedIn,\n  buildLoginUrl,\n} from \"@/server/login.js\";\nexport type { AuthConfig } from \"@/server/config.js\";\nexport { getUser, getTokens } from \"@/shared/lib/session.js\";\nexport { refreshTokens } from \"@/server/refresh.js\";\nexport { buildLogoutRedirectUrl } from \"@/server/logout.js\";\nexport { clearTokens } from \"@/shared/lib/util.js\";\n"]}

package/dist/cjs/server/login.d.ts

@@ -0,0 +1,17 @@
+import type { AuthStorage, OIDCTokenResponseBody } from "../types.js";
+import type { AuthConfig } from "../server/config.ts";
+/**
+ * Resolve an OAuth access code to a set of OIDC tokens
+ * @param code The access code, typically from a query parameter in the redirect url
+ * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
+ * @param storage The place that this server uses to store session data (e.g. a cookie store)
+ * @param config Oauth Server configuration
+ */
+export declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
+export declare function isLoggedIn(storage: AuthStorage): Promise<boolean>;
+export declare function buildLoginUrl(config: Pick<AuthConfig, "clientId" | "redirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
+    scopes?: string[];
+    state?: string;
+    nonce?: string;
+}, storage: AuthStorage): Promise<URL>;
+//# sourceMappingURL=login.d.ts.map

package/dist/cjs/server/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAKrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAed"}

package/dist/cjs/server/login.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveOAuthAccessCode = resolveOAuthAccessCode;
+exports.isLoggedIn = isLoggedIn;
+exports.buildLoginUrl = buildLoginUrl;
+const constants_js_1 = require("../constants.js");
+const AuthenticationService_js_1 = require("../services/AuthenticationService.js");
+const PKCE_js_1 = require("../services/PKCE.js");
+const ServerAuthenticationResolver_js_1 = require("../server/ServerAuthenticationResolver.js");
+/**
+ * Resolve an OAuth access code to a set of OIDC tokens
+ * @param code The access code, typically from a query parameter in the redirect url
+ * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
+ * @param storage The place that this server uses to store session data (e.g. a cookie store)
+ * @param config Oauth Server configuration
+ */
+async function resolveOAuthAccessCode(code, state, storage, config) {
+    const authSessionService = await ServerAuthenticationResolver_js_1.ServerAuthenticationResolver.build({
+        ...config,
+        oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
+    }, storage, config.endpointOverrides);
+    return authSessionService.tokenExchange(code, state);
+}
+async function isLoggedIn(storage) {
+    return !!(await storage.get("id_token"));
+}
+async function buildLoginUrl(config, storage) {
+    // generate a random state if not provided
+    const state = config.state ?? Math.random().toString(36).substring(2);
+    const scopes = config.scopes ?? constants_js_1.DEFAULT_SCOPES;
+    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(storage);
+    const authInitiator = new AuthenticationService_js_1.GenericAuthenticationInitiator({
+        ...config,
+        state,
+        scopes,
+        oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
+        // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
+        pkceConsumer: pkceProducer,
+    });
+    return authInitiator.signIn();
+}
+//# sourceMappingURL=login.js.map

package/dist/cjs/server/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":";;AAcA,wDAgBC;AAED,gCAEC;AAED,sCAuBC;AA1DD,iDAAqE;AACrE,kFAAqF;AACrF,gDAAqE;AACrE,8FAAwF;AAGxF;;;;;;GAMG;AACI,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,8DAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAKG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n  return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n      nonce?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n"]}

package/dist/cjs/server/logout.d.ts

@@ -0,0 +1,7 @@
+import type { AuthConfig } from "../server/config.js";
+import type { AuthStorage } from "../types.js";
+export declare function buildLogoutRedirectUrl(config: Pick<AuthConfig, "clientId" | "postLogoutRedirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
+    scopes?: string[];
+    state?: string;
+}, storage: AuthStorage): Promise<URL>;
+//# sourceMappingURL=logout.d.ts.map

package/dist/cjs/server/logout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../../src/server/logout.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,uBAAuB,CAAC,GAC5D,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAkBd"}

package/dist/cjs/server/logout.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildLogoutRedirectUrl = buildLogoutRedirectUrl;
+const constants_js_1 = require("../constants.js");
+const PKCE_js_1 = require("../services/PKCE.js");
+const AuthenticationService_js_1 = require("../services/AuthenticationService.js");
+const types_js_1 = require("../shared/lib/types.js");
+async function buildLogoutRedirectUrl(config, storage) {
+    // generate a random state if not provided
+    const state = config.state ?? Math.random().toString(36).substring(2);
+    const scopes = config.scopes ?? constants_js_1.DEFAULT_SCOPES;
+    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(storage);
+    const authInitiator = new AuthenticationService_js_1.GenericAuthenticationInitiator({
+        ...config,
+        state,
+        scopes,
+        oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
+        pkceConsumer: pkceProducer,
+        redirectUrl: config.postLogoutRedirectUrl || "/",
+    });
+    const idToken = await storage.get(types_js_1.OAuthTokens.ID_TOKEN);
+    if (!idToken)
+        throw new Error("No id_token found in storage");
+    return authInitiator.signOut(idToken);
+}
+//# sourceMappingURL=logout.js.map

package/dist/cjs/server/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../../src/server/logout.ts"],"names":[],"mappings":";;AAOA,wDAyBC;AA9BD,iDAAqE;AACrE,gDAAqE;AACrE,kFAAqF;AACrF,oDAAoD;AAE7C,KAAK,UAAU,sBAAsB,CAC1C,MAIG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,6BAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,yDAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;QACtD,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,MAAM,CAAC,qBAAqB,IAAI,GAAG;KACjD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAE9D,OAAO,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthStorage } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { OAuthTokens } from \"@/shared/lib/types.js\";\n\nexport async function buildLogoutRedirectUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"postLogoutRedirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    pkceConsumer: pkceProducer,\n    redirectUrl: config.postLogoutRedirectUrl || \"/\",\n  });\n\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  if (!idToken) throw new Error(\"No id_token found in storage\");\n\n  return authInitiator.signOut(idToken);\n}\n"]}

package/dist/cjs/server/refresh.d.ts

@@ -0,0 +1,7 @@
+import type { AuthStorage, OIDCTokenResponseBody } from "../types.js";
+import type { AuthConfig } from "../server/config.ts";
+/**
+ * Refresh the current set of OIDC tokens
+ */
+export declare function refreshTokens(storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
+//# sourceMappingURL=refresh.d.ts.map

package/dist/cjs/server/refresh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.d.ts","sourceRoot":"","sources":["../../../src/server/refresh.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAehC"}

package/dist/cjs/server/refresh.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.refreshTokens = refreshTokens;
+const constants_js_1 = require("../constants.js");
+const AuthenticationRefresherImpl_js_1 = require("../shared/lib/AuthenticationRefresherImpl.js");
+/**
+ * Refresh the current set of OIDC tokens
+ */
+async function refreshTokens(storage, config) {
+    const refresher = await AuthenticationRefresherImpl_js_1.AuthenticationRefresherImpl.build({
+        ...config,
+        oauthServer: config.oauthServer ?? constants_js_1.DEFAULT_AUTH_SERVER,
+    }, storage, (error) => {
+        console.error("Error refreshing tokens", error);
+        return Promise.reject(error);
+    }, config.endpointOverrides);
+    return refresher.refreshTokens();
+}
+//# sourceMappingURL=refresh.js.map

package/dist/cjs/server/refresh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.js","sourceRoot":"","sources":["../../../src/server/refresh.ts"],"names":[],"mappings":";;AAQA,sCAkBC;AAzBD,iDAAqD;AAErD,gGAA0F;AAE1F;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,OAAoB,EACpB,MAAkB;IAElB,MAAM,SAAS,GAAG,MAAM,4DAA2B,CAAC,KAAK,CACvD;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,kCAAmB;KACvD,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;QACR,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,EACD,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,SAAS,CAAC,aAAa,EAAE,CAAC;AACnC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const refresher = await AuthenticationRefresherImpl.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    (error) => {\n      console.error(\"Error refreshing tokens\", error);\n      return Promise.reject(error);\n    },\n    config.endpointOverrides,\n  );\n\n  return refresher.refreshTokens();\n}\n"]}

package/dist/cjs/services/AuthenticationService.d.ts

@@ -0,0 +1,93 @@
+import type { DisplayMode, Endpoints, LoginAppDesignOptions, OIDCTokenResponseBody, SessionData } from "../types.js";
+import { BrowserPublicClientPKCEProducer } from "../services/PKCE.js";
+import type { AuthenticationInitiator, AuthenticationResolver, PKCEConsumer } from "../services/types.js";
+export type GenericAuthenticationInitiatorConfig = {
+    clientId: string;
+    redirectUrl: string;
+    state: string;
+    scopes: string[];
+    oauthServer: string;
+    nonce?: string;
+    endpointOverrides?: Partial<Endpoints>;
+    pkceConsumer: PKCEConsumer;
+};
+export type BrowserAuthenticationInitiatorConfig = Omit<GenericAuthenticationInitiatorConfig, "state"> & {
+    logoutUrl?: string;
+    logoutRedirectUrl: string;
+    displayMode: DisplayMode;
+};
+/**
+ * An authentication initiator that works on a browser. Since this is just triggering
+ * login and logout, session data is not stored here.
+ * An associated AuthenticationResolver would be needed to get the session data.
+ * Storage is needed for the code verifier, this is the domain of the PKCEConsumer
+ * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.
+ *
+ * Example usage:
+ *
+ * 1) Client-only SPA -eg a react app with no server:
+ * new BrowserAuthenticationInitiator({
+ *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side
+ *   ... other config
+ * })
+ *
+ * 2) Client-side of a client/server app - eg a react app with a backend:
+ * new BrowserAuthenticationInitiator({
+ *  pkceConsumer: new ConfidentialClientPKCEConsumer("https://myserver.com/pkce"), // get the challenge from the server
+ *  ... other config
+ * })
+ */
+export declare class BrowserAuthenticationInitiator implements AuthenticationInitiator {
+    readonly setDesignOptions: (value: LoginAppDesignOptions) => void;
+    private postMessageHandler;
+    protected config: BrowserAuthenticationInitiatorConfig;
+    setDisplayMode(displayMode: DisplayMode): void;
+    get displayMode(): DisplayMode;
+    get isServerTokenExchange(): boolean;
+    get state(): string;
+    constructor(config: typeof this.config, setDesignOptions?: (value: LoginAppDesignOptions) => void);
+    handleLoginAppPopupFailed(redirectUrl: string): Promise<void>;
+    handleLoginAppDesignUpdate(options: LoginAppDesignOptions): Promise<void>;
+    signIn(iframeRef: HTMLIFrameElement | null): Promise<URL>;
+    protected handleIframeUrlChange(iframe: HTMLIFrameElement, expectedUrl: string): Promise<void>;
+    signOut(idToken: string | undefined, iframeRef: HTMLIFrameElement | null): Promise<URL>;
+    cleanup(): void;
+}
+/** A general-purpose authentication initiator, that just generates urls, but lets
+ * the caller decide how to use them. This is useful for server-side applications
+ * that may serve this URL to their front-ends or just call them directly
+ */
+export declare class GenericAuthenticationInitiator implements AuthenticationInitiator {
+    protected config: GenericAuthenticationInitiatorConfig;
+    constructor(config: typeof this.config);
+    signIn(): Promise<URL>;
+    signOut(idToken: string): Promise<URL>;
+}
+type BrowserAuthenticationConfig = {
+    clientId: string;
+    redirectUrl: string;
+    logoutUrl?: string;
+    logoutRedirectUrl: string;
+    scopes: string[];
+    oauthServer: string;
+    endpointOverrides?: Partial<Endpoints>;
+    displayMode: DisplayMode;
+};
+/**
+ * An authentication resolver that can run on the browser (i.e. a public client)
+ * It uses PKCE for security. PKCE and Session data are stored in local storage
+ */
+export declare class BrowserAuthenticationService extends BrowserAuthenticationInitiator {
+    protected pkceProducer: BrowserPublicClientPKCEProducer;
+    private oauth2client;
+    private endpoints;
+    constructor(config: BrowserAuthenticationConfig, pkceProducer?: BrowserPublicClientPKCEProducer);
+    init(): Promise<this>;
+    tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
+    getSessionData(): Promise<SessionData | null>;
+    validateExistingSession(): Promise<SessionData>;
+    getEndSessionEndpoint(): Promise<string | null>;
+    static build(config: BrowserAuthenticationConfig): Promise<AuthenticationResolver>;
+}
+export {};
+//# sourceMappingURL=AuthenticationService.d.ts.map

package/dist/cjs/services/AuthenticationService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationService.d.ts","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,qBAAqB,EAErB,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,+BAA+B,EAEhC,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EACV,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACb,MAAM,qBAAqB,CAAC;AAS7B,MAAM,MAAM,oCAAoC,GAAG;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG,IAAI,CACrD,oCAAoC,EACpC,OAAO,CACR,GAAG;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAE1B,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAKF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAqB1E,QAAQ,CAAC,gBAAgB,UA7CW,qBAAqB;IAyB3D,OAAO,CAAC,kBAAkB,CAAgD;IAE1E,SAAS,CAAC,MAAM,EAAE,oCAAoC,CAAC;IAEhD,cAAc,CAAC,WAAW,EAAE,WAAW;IAI9C,IAAI,WAAW,gBAEd;IAED,IAAI,qBAAqB,YAExB;IACD,IAAI,KAAK,WAER;gBAEC,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM,EACjB,gBAAgB,WA7CW,qBAAqB,SA6CN;IAiC/C,yBAAyB,CAAC,WAAW,EAAE,MAAM;IAQ7C,0BAA0B,CAAC,OAAO,EAAE,qBAAqB;IAMzD,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAiC/D,SAAS,CAAC,qBAAqB,CAC7B,MAAM,EAAE,iBAAiB,EACzB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAqDV,OAAO,CACX,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,iBAAiB,GAAG,IAAI,GAClC,OAAO,CAAC,GAAG,CAAC;IAiEf,OAAO;CAKR;AAED;;;GAGG;AACH,qBAAa,8BAA+B,YAAW,uBAAuB;IAC5E,SAAS,CAAC,MAAM,EAAE,oCAAoC,CAAC;gBAE3C,MAAM,EAAE,OAAO,IAAI,CAAC,MAAM;IAMhC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC;IAItB,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;CAM7C;AAED,KAAK,2BAA2B,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF;;;GAGG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;IAQ5E,SAAS,CAAC,YAAY;IAPxB,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;gBAIvC,MAAM,EAAE,2BAA2B,EAEzB,YAAY,kCAAwC;IAY1D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IA0C3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAc7C,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;IAiC/C,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;WAOxC,KAAK,CAChB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,sBAAsB,CAAC;CAMnC"}