@crossauth/common 1.1.7 → 1.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.iife.js +1 -1
- package/dist/index.js +134 -134
- package/dist/interfaces.d.ts +2 -0
- package/dist/interfaces.d.ts.map +1 -1
- package/dist/logger.d.ts +1 -1
- package/dist/oauth/client.d.ts +1 -2
- package/dist/oauth/client.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -56,20 +56,21 @@ c(R, "factor2ResetNeeded", "factor2resetneeded"), /**
|
|
|
56
56
|
* Upon login, the user is redirected to the reset password page.
|
|
57
57
|
*/
|
|
58
58
|
c(R, "passwordAndFactor2ResetNeeded", "passwordandfactor2resetneeded");
|
|
59
|
-
class
|
|
59
|
+
class A {
|
|
60
60
|
}
|
|
61
61
|
/** Session ID */
|
|
62
|
-
c(
|
|
63
|
-
c(
|
|
64
|
-
c(
|
|
65
|
-
c(
|
|
66
|
-
c(
|
|
67
|
-
c(
|
|
68
|
-
c(
|
|
69
|
-
c(
|
|
70
|
-
c(
|
|
71
|
-
c(
|
|
72
|
-
|
|
62
|
+
c(A, "session", "s:"), /** Password Reset Token */
|
|
63
|
+
c(A, "passwordResetToken", "p:"), /** Email verification token */
|
|
64
|
+
c(A, "emailVerificationToken", "e:"), /** API key */
|
|
65
|
+
c(A, "apiKey", "api:"), /** OAuth authorization code */
|
|
66
|
+
c(A, "authorizationCode", "authz:"), /** OAuth access token */
|
|
67
|
+
c(A, "accessToken", "access:"), /** OAuth refresh token */
|
|
68
|
+
c(A, "refreshToken", "refresh:"), /** OAuth MFA key (used by the password MFA flow) */
|
|
69
|
+
c(A, "mfaToken", "omfa:"), /** Device code device code */
|
|
70
|
+
c(A, "deviceCode", "dc:"), /** Device code flow user code */
|
|
71
|
+
c(A, "userCode", "uc:"), /** Device code flow user code */
|
|
72
|
+
c(A, "knownDevice", "kd:");
|
|
73
|
+
var y = /* @__PURE__ */ ((e) => (e[e.UserNotExist = 0] = "UserNotExist", e[e.PasswordInvalid = 1] = "PasswordInvalid", e[e.EmailNotExist = 2] = "EmailNotExist", e[e.UsernameOrPasswordInvalid = 3] = "UsernameOrPasswordInvalid", e[e.InvalidClientId = 4] = "InvalidClientId", e[e.ClientExists = 5] = "ClientExists", e[e.InvalidClientSecret = 6] = "InvalidClientSecret", e[e.InvalidClientIdOrSecret = 7] = "InvalidClientIdOrSecret", e[e.InvalidRedirectUri = 8] = "InvalidRedirectUri", e[e.InvalidOAuthFlow = 9] = "InvalidOAuthFlow", e[e.UserNotActive = 10] = "UserNotActive", e[e.EmailNotVerified = 11] = "EmailNotVerified", e[e.TwoFactorIncomplete = 12] = "TwoFactorIncomplete", e[e.Unauthorized = 13] = "Unauthorized", e[e.UnauthorizedClient = 14] = "UnauthorizedClient", e[e.InvalidScope = 15] = "InvalidScope", e[e.InsufficientScope = 16] = "InsufficientScope", e[e.InsufficientPriviledges = 17] = "InsufficientPriviledges", e[e.Forbidden = 18] = "Forbidden", e[e.InvalidKey = 19] = "InvalidKey", e[e.InvalidCsrf = 20] = "InvalidCsrf", e[e.InvalidSession = 21] = "InvalidSession", e[e.Expired = 22] = "Expired", e[e.Connection = 23] = "Connection", e[e.InvalidHash = 24] = "InvalidHash", e[e.UnsupportedAlgorithm = 25] = "UnsupportedAlgorithm", e[e.KeyExists = 26] = "KeyExists", e[e.PasswordChangeNeeded = 27] = "PasswordChangeNeeded", e[e.PasswordResetNeeded = 28] = "PasswordResetNeeded", e[e.Factor2ResetNeeded = 29] = "Factor2ResetNeeded", e[e.Configuration = 30] = "Configuration", e[e.InvalidEmail = 31] = "InvalidEmail", e[e.InvalidPhoneNumber = 32] = "InvalidPhoneNumber", e[e.InvalidUsername = 33] = "InvalidUsername", e[e.PasswordMatch = 34] = "PasswordMatch", e[e.InvalidToken = 35] = "InvalidToken", e[e.MfaRequired = 36] = "MfaRequired", e[e.PasswordFormat = 37] = "PasswordFormat", e[e.DataFormat = 38] = "DataFormat", e[e.FetchError = 39] = "FetchError", e[e.UserExists = 40] = "UserExists", e[e.FormEntry = 41] = "FormEntry", e[e.BadRequest = 42] = "BadRequest", e[e.AuthorizationPending = 43] = "AuthorizationPending", e[e.SlowDown = 44] = "SlowDown", e[e.ExpiredToken = 45] = "ExpiredToken", e[e.ConstraintViolation = 46] = "ConstraintViolation", e[e.NotImplemented = 47] = "NotImplemented", e[e.UnknownError = 48] = "UnknownError", e))(y || {});
|
|
73
74
|
class p extends Error {
|
|
74
75
|
/**
|
|
75
76
|
* Creates a new error to throw,
|
|
@@ -96,7 +97,7 @@ class p extends Error {
|
|
|
96
97
|
* it will be a concatenation of them with `". "` in between.
|
|
97
98
|
*/
|
|
98
99
|
c(this, "messages");
|
|
99
|
-
this.code = r, this.codeName =
|
|
100
|
+
this.code = r, this.codeName = y[r], this.httpStatus = o, this.name = "CrossauthError", Array.isArray(n) ? this.messages = n : this.messages = [i], Object.setPrototypeOf(this, p.prototype);
|
|
100
101
|
}
|
|
101
102
|
/**
|
|
102
103
|
* OAuth defines certain error types. To convert the error in an OAuth
|
|
@@ -201,10 +202,10 @@ class p extends Error {
|
|
|
201
202
|
o = Number(r.errorCode) ?? 48;
|
|
202
203
|
} catch {
|
|
203
204
|
}
|
|
204
|
-
let s = n ??
|
|
205
|
+
let s = n ?? y[o];
|
|
205
206
|
return "errorMessage" in r ? s = r.errorMessage : "message" in r && (s = r.message), new p(o, s);
|
|
206
207
|
}
|
|
207
|
-
let i = n ??
|
|
208
|
+
let i = n ?? y[
|
|
208
209
|
48
|
|
209
210
|
/* UnknownError */
|
|
210
211
|
];
|
|
@@ -256,7 +257,7 @@ const B = {
|
|
|
256
257
|
503: "Service Unavailable",
|
|
257
258
|
504: "Gateway Timeout",
|
|
258
259
|
505: "HTTP Version Not Supported"
|
|
259
|
-
},
|
|
260
|
+
}, m = class m {
|
|
260
261
|
/**
|
|
261
262
|
* Create a logger with the given level
|
|
262
263
|
* @param level the level to report to
|
|
@@ -267,9 +268,9 @@ const B = {
|
|
|
267
268
|
if (t) this.level = t;
|
|
268
269
|
else if (typeof process < "u" && "CROSSAUTH_LOG_LEVEL" in process.env) {
|
|
269
270
|
const r = (process.env.CROSSAUTH_LOG_LEVEL ?? "ERROR").toUpperCase();
|
|
270
|
-
|
|
271
|
+
m.levelName.includes(r) ? this.level = m.levelName.indexOf(r) : this.level = m.Error;
|
|
271
272
|
} else
|
|
272
|
-
this.level =
|
|
273
|
+
this.level = m.Error;
|
|
273
274
|
}
|
|
274
275
|
/**
|
|
275
276
|
* Return the singleton instance of the logger.
|
|
@@ -282,35 +283,35 @@ const B = {
|
|
|
282
283
|
this.level = t;
|
|
283
284
|
}
|
|
284
285
|
log(t, r) {
|
|
285
|
-
t <= this.level && (typeof r == "string" ? console.log("Crossauth " +
|
|
286
|
+
t <= this.level && (typeof r == "string" ? console.log("Crossauth " + m.levelName[t] + " " + (/* @__PURE__ */ new Date()).toISOString(), r) : console.log(JSON.stringify({ level: m.levelName[t], time: (/* @__PURE__ */ new Date()).toISOString(), ...r })));
|
|
286
287
|
}
|
|
287
288
|
/**
|
|
288
289
|
* Report an error
|
|
289
290
|
* @param output object to output
|
|
290
291
|
*/
|
|
291
292
|
error(t) {
|
|
292
|
-
this.log(
|
|
293
|
+
this.log(m.Error, t);
|
|
293
294
|
}
|
|
294
295
|
/**
|
|
295
296
|
* Report an warning
|
|
296
297
|
* @param output object to output
|
|
297
298
|
*/
|
|
298
299
|
warn(t) {
|
|
299
|
-
this.log(
|
|
300
|
+
this.log(m.Warn, t);
|
|
300
301
|
}
|
|
301
302
|
/**
|
|
302
303
|
* Report information
|
|
303
304
|
* @param output object to output
|
|
304
305
|
*/
|
|
305
306
|
info(t) {
|
|
306
|
-
this.log(
|
|
307
|
+
this.log(m.Info, t);
|
|
307
308
|
}
|
|
308
309
|
/**
|
|
309
310
|
* Print a debugging message
|
|
310
311
|
* @param output object to output
|
|
311
312
|
*/
|
|
312
313
|
debug(t) {
|
|
313
|
-
this.log(
|
|
314
|
+
this.log(m.Debug, t);
|
|
314
315
|
}
|
|
315
316
|
/**
|
|
316
317
|
* Override the default logger.
|
|
@@ -327,12 +328,12 @@ const B = {
|
|
|
327
328
|
}
|
|
328
329
|
};
|
|
329
330
|
/** Don't log anything */
|
|
330
|
-
c(
|
|
331
|
-
c(
|
|
332
|
-
c(
|
|
333
|
-
c(
|
|
334
|
-
c(
|
|
335
|
-
let l =
|
|
331
|
+
c(m, "None", 0), /** Only log errors */
|
|
332
|
+
c(m, "Error", 1), /** Log errors and warning */
|
|
333
|
+
c(m, "Warn", 2), /** Log errors, warnings and info messages */
|
|
334
|
+
c(m, "Info", 3), /** Log everything */
|
|
335
|
+
c(m, "Debug", 4), c(m, "levelName", ["NONE", "ERROR", "WARN", "INFO", "DEBUG"]);
|
|
336
|
+
let l = m;
|
|
336
337
|
function u(e) {
|
|
337
338
|
let t;
|
|
338
339
|
typeof e == "object" && "err" in e && typeof e.err == "object" && (t = e.err.stack);
|
|
@@ -418,12 +419,12 @@ class be extends b {
|
|
|
418
419
|
}
|
|
419
420
|
}
|
|
420
421
|
be.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
421
|
-
class
|
|
422
|
+
class I extends b {
|
|
422
423
|
constructor() {
|
|
423
424
|
super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
424
425
|
}
|
|
425
426
|
}
|
|
426
|
-
|
|
427
|
+
I.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
427
428
|
class Ce extends b {
|
|
428
429
|
constructor(t = "decryption operation failed", r) {
|
|
429
430
|
super(t, r), this.code = "ERR_JWE_DECRYPTION_FAILED";
|
|
@@ -436,18 +437,18 @@ class Ae extends b {
|
|
|
436
437
|
}
|
|
437
438
|
}
|
|
438
439
|
Ae.code = "ERR_JWE_INVALID";
|
|
439
|
-
class
|
|
440
|
+
class w extends b {
|
|
440
441
|
constructor() {
|
|
441
442
|
super(...arguments), this.code = "ERR_JWS_INVALID";
|
|
442
443
|
}
|
|
443
444
|
}
|
|
444
|
-
|
|
445
|
-
class
|
|
445
|
+
w.code = "ERR_JWS_INVALID";
|
|
446
|
+
class P extends b {
|
|
446
447
|
constructor() {
|
|
447
448
|
super(...arguments), this.code = "ERR_JWT_INVALID";
|
|
448
449
|
}
|
|
449
450
|
}
|
|
450
|
-
|
|
451
|
+
P.code = "ERR_JWT_INVALID";
|
|
451
452
|
class Ie extends b {
|
|
452
453
|
constructor() {
|
|
453
454
|
super(...arguments), this.code = "ERR_JWK_INVALID";
|
|
@@ -472,12 +473,12 @@ class Te extends b {
|
|
|
472
473
|
}
|
|
473
474
|
}
|
|
474
475
|
Te.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
|
|
475
|
-
class
|
|
476
|
+
class ke extends b {
|
|
476
477
|
constructor(t = "request timed out", r) {
|
|
477
478
|
super(t, r), this.code = "ERR_JWKS_TIMEOUT";
|
|
478
479
|
}
|
|
479
480
|
}
|
|
480
|
-
|
|
481
|
+
ke.code = "ERR_JWKS_TIMEOUT";
|
|
481
482
|
class oe extends b {
|
|
482
483
|
constructor(t = "signature verification failed", r) {
|
|
483
484
|
super(t, r), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
@@ -493,7 +494,7 @@ function z(e, t) {
|
|
|
493
494
|
function V(e) {
|
|
494
495
|
return parseInt(e.name.slice(4), 10);
|
|
495
496
|
}
|
|
496
|
-
function
|
|
497
|
+
function Pe(e) {
|
|
497
498
|
switch (e) {
|
|
498
499
|
case "ES256":
|
|
499
500
|
return "P-256";
|
|
@@ -562,7 +563,7 @@ function Oe(e, t, ...r) {
|
|
|
562
563
|
case "ES512": {
|
|
563
564
|
if (!z(e.algorithm, "ECDSA"))
|
|
564
565
|
throw E("ECDSA");
|
|
565
|
-
const n =
|
|
566
|
+
const n = Pe(t);
|
|
566
567
|
if (e.algorithm.namedCurve !== n)
|
|
567
568
|
throw E(n, "algorithm.namedCurve");
|
|
568
569
|
break;
|
|
@@ -660,7 +661,7 @@ function ze(e) {
|
|
|
660
661
|
}, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
|
|
661
662
|
break;
|
|
662
663
|
default:
|
|
663
|
-
throw new
|
|
664
|
+
throw new I('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
664
665
|
}
|
|
665
666
|
break;
|
|
666
667
|
}
|
|
@@ -682,7 +683,7 @@ function ze(e) {
|
|
|
682
683
|
t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
|
|
683
684
|
break;
|
|
684
685
|
default:
|
|
685
|
-
throw new
|
|
686
|
+
throw new I('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
686
687
|
}
|
|
687
688
|
break;
|
|
688
689
|
}
|
|
@@ -701,12 +702,12 @@ function ze(e) {
|
|
|
701
702
|
t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
|
|
702
703
|
break;
|
|
703
704
|
default:
|
|
704
|
-
throw new
|
|
705
|
+
throw new I('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
705
706
|
}
|
|
706
707
|
break;
|
|
707
708
|
}
|
|
708
709
|
default:
|
|
709
|
-
throw new
|
|
710
|
+
throw new I('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
|
|
710
711
|
}
|
|
711
712
|
return { algorithm: t, keyUsages: r };
|
|
712
713
|
}
|
|
@@ -763,7 +764,7 @@ const ue = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
763
764
|
case K(e, [43, 101, 113]):
|
|
764
765
|
return "Ed448";
|
|
765
766
|
default:
|
|
766
|
-
throw new
|
|
767
|
+
throw new I("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
|
|
767
768
|
}
|
|
768
769
|
}, he = async (e, t, r, n, i) => {
|
|
769
770
|
let o, s;
|
|
@@ -812,7 +813,7 @@ const ue = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject",
|
|
|
812
813
|
o = { name: Z(a) }, s = d ? ["verify"] : ["sign"];
|
|
813
814
|
break;
|
|
814
815
|
default:
|
|
815
|
-
throw new
|
|
816
|
+
throw new I('Invalid or unsupported "alg" (Algorithm) value');
|
|
816
817
|
}
|
|
817
818
|
return q.subtle.importKey(t, a, o, !1, s);
|
|
818
819
|
}, Fe = (e, t, r) => he(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g, "pkcs8", e, t), qe = (e, t, r) => he(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
|
|
@@ -836,12 +837,12 @@ async function j(e, t) {
|
|
|
836
837
|
return O(e.k);
|
|
837
838
|
case "RSA":
|
|
838
839
|
if ("oth" in e && e.oth !== void 0)
|
|
839
|
-
throw new
|
|
840
|
+
throw new I('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
|
|
840
841
|
case "EC":
|
|
841
842
|
case "OKP":
|
|
842
843
|
return de({ ...e, alg: t });
|
|
843
844
|
default:
|
|
844
|
-
throw new
|
|
845
|
+
throw new I('Unsupported "kty" (Key Type) Parameter value');
|
|
845
846
|
}
|
|
846
847
|
}
|
|
847
848
|
const J = (e) => e == null ? void 0 : e[Symbol.toStringTag], G = (e, t, r) => {
|
|
@@ -906,7 +907,7 @@ function Ge(e, t, r, n, i) {
|
|
|
906
907
|
o = t;
|
|
907
908
|
for (const s of n.crit) {
|
|
908
909
|
if (!o.has(s))
|
|
909
|
-
throw new
|
|
910
|
+
throw new I(`Extension Header Parameter "${s}" is not recognized`);
|
|
910
911
|
if (i[s] === void 0)
|
|
911
912
|
throw new e(`Extension Header Parameter "${s}" is missing`);
|
|
912
913
|
if (o.get(s) && n[s] === void 0)
|
|
@@ -938,7 +939,7 @@ function Ye(e, t) {
|
|
|
938
939
|
case "EdDSA":
|
|
939
940
|
return { name: t.name };
|
|
940
941
|
default:
|
|
941
|
-
throw new
|
|
942
|
+
throw new I(`alg ${e} is not supported either by JOSE or your javascript runtime`);
|
|
942
943
|
}
|
|
943
944
|
}
|
|
944
945
|
async function Xe(e, t, r) {
|
|
@@ -963,70 +964,70 @@ const Qe = async (e, t, r, n) => {
|
|
|
963
964
|
};
|
|
964
965
|
async function Ze(e, t, r) {
|
|
965
966
|
if (!x(e))
|
|
966
|
-
throw new
|
|
967
|
+
throw new w("Flattened JWS must be an object");
|
|
967
968
|
if (e.protected === void 0 && e.header === void 0)
|
|
968
|
-
throw new
|
|
969
|
+
throw new w('Flattened JWS must have either of the "protected" or "header" members');
|
|
969
970
|
if (e.protected !== void 0 && typeof e.protected != "string")
|
|
970
|
-
throw new
|
|
971
|
+
throw new w("JWS Protected Header incorrect type");
|
|
971
972
|
if (e.payload === void 0)
|
|
972
|
-
throw new
|
|
973
|
+
throw new w("JWS Payload missing");
|
|
973
974
|
if (typeof e.signature != "string")
|
|
974
|
-
throw new
|
|
975
|
+
throw new w("JWS Signature missing or incorrect type");
|
|
975
976
|
if (e.header !== void 0 && !x(e.header))
|
|
976
|
-
throw new
|
|
977
|
+
throw new w("JWS Unprotected Header incorrect type");
|
|
977
978
|
let n = {};
|
|
978
979
|
if (e.protected)
|
|
979
980
|
try {
|
|
980
981
|
const ge = O(e.protected);
|
|
981
982
|
n = JSON.parse(H.decode(ge));
|
|
982
983
|
} catch {
|
|
983
|
-
throw new
|
|
984
|
+
throw new w("JWS Protected Header is invalid");
|
|
984
985
|
}
|
|
985
986
|
if (!Ne(n, e.header))
|
|
986
|
-
throw new
|
|
987
|
+
throw new w("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
987
988
|
const i = {
|
|
988
989
|
...n,
|
|
989
990
|
...e.header
|
|
990
|
-
}, o = Ge(
|
|
991
|
+
}, o = Ge(w, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, i);
|
|
991
992
|
let s = !0;
|
|
992
993
|
if (o.has("b64") && (s = n.b64, typeof s != "boolean"))
|
|
993
|
-
throw new
|
|
994
|
+
throw new w('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
994
995
|
const { alg: a } = i;
|
|
995
996
|
if (typeof a != "string" || !a)
|
|
996
|
-
throw new
|
|
997
|
+
throw new w('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
997
998
|
if (s) {
|
|
998
999
|
if (typeof e.payload != "string")
|
|
999
|
-
throw new
|
|
1000
|
+
throw new w("JWS Payload must be a string");
|
|
1000
1001
|
} else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
|
|
1001
|
-
throw new
|
|
1002
|
+
throw new w("JWS Payload must be a string or an Uint8Array instance");
|
|
1002
1003
|
let d = !1;
|
|
1003
1004
|
typeof t == "function" ? (t = await t(n, e), d = !0, ee(a, t, "verify"), U(t) && (t = await j(t, a))) : ee(a, t, "verify");
|
|
1004
1005
|
const f = we(M.encode(e.protected ?? ""), M.encode("."), typeof e.payload == "string" ? M.encode(e.payload) : e.payload);
|
|
1005
|
-
let
|
|
1006
|
+
let v;
|
|
1006
1007
|
try {
|
|
1007
|
-
|
|
1008
|
+
v = O(e.signature);
|
|
1008
1009
|
} catch {
|
|
1009
|
-
throw new
|
|
1010
|
+
throw new w("Failed to base64url decode the signature");
|
|
1010
1011
|
}
|
|
1011
|
-
if (!await Qe(a, t,
|
|
1012
|
+
if (!await Qe(a, t, v, f))
|
|
1012
1013
|
throw new oe();
|
|
1013
1014
|
let C;
|
|
1014
1015
|
if (s)
|
|
1015
1016
|
try {
|
|
1016
1017
|
C = O(e.payload);
|
|
1017
1018
|
} catch {
|
|
1018
|
-
throw new
|
|
1019
|
+
throw new w("Failed to base64url decode the payload");
|
|
1019
1020
|
}
|
|
1020
1021
|
else typeof e.payload == "string" ? C = M.encode(e.payload) : C = e.payload;
|
|
1021
|
-
const
|
|
1022
|
-
return e.protected !== void 0 && (
|
|
1022
|
+
const k = { payload: C };
|
|
1023
|
+
return e.protected !== void 0 && (k.protectedHeader = n), e.header !== void 0 && (k.unprotectedHeader = e.header), d ? { ...k, key: t } : k;
|
|
1023
1024
|
}
|
|
1024
1025
|
async function et(e, t, r) {
|
|
1025
1026
|
if (e instanceof Uint8Array && (e = H.decode(e)), typeof e != "string")
|
|
1026
|
-
throw new
|
|
1027
|
+
throw new w("Compact JWS must be a string or Uint8Array");
|
|
1027
1028
|
const { 0: n, 1: i, 2: o, length: s } = e.split(".");
|
|
1028
1029
|
if (s !== 3)
|
|
1029
|
-
throw new
|
|
1030
|
+
throw new w("Invalid Compact JWS");
|
|
1030
1031
|
const a = await Ze({ payload: i, protected: n, signature: o }, t, r), d = { payload: a.payload, protectedHeader: a.protectedHeader };
|
|
1031
1032
|
return typeof t == "function" ? { ...d, key: a.key } : d;
|
|
1032
1033
|
}
|
|
@@ -1054,28 +1055,28 @@ function te(e) {
|
|
|
1054
1055
|
}
|
|
1055
1056
|
function tt(e) {
|
|
1056
1057
|
if (typeof e != "string")
|
|
1057
|
-
throw new
|
|
1058
|
+
throw new P("JWTs must use Compact JWS serialization, JWT must be a string");
|
|
1058
1059
|
const { 1: t, length: r } = e.split(".");
|
|
1059
1060
|
if (r === 5)
|
|
1060
|
-
throw new
|
|
1061
|
+
throw new P("Only JWTs using Compact JWS serialization can be decoded");
|
|
1061
1062
|
if (r !== 3)
|
|
1062
|
-
throw new
|
|
1063
|
+
throw new P("Invalid JWT");
|
|
1063
1064
|
if (!t)
|
|
1064
|
-
throw new
|
|
1065
|
+
throw new P("JWTs must contain a payload");
|
|
1065
1066
|
let n;
|
|
1066
1067
|
try {
|
|
1067
1068
|
n = pe(t);
|
|
1068
1069
|
} catch {
|
|
1069
|
-
throw new
|
|
1070
|
+
throw new P("Failed to base64url decode the payload");
|
|
1070
1071
|
}
|
|
1071
1072
|
let i;
|
|
1072
1073
|
try {
|
|
1073
1074
|
i = JSON.parse(H.decode(n));
|
|
1074
1075
|
} catch {
|
|
1075
|
-
throw new
|
|
1076
|
+
throw new P("Failed to parse the decoded payload as JSON");
|
|
1076
1077
|
}
|
|
1077
1078
|
if (!x(i))
|
|
1078
|
-
throw new
|
|
1079
|
+
throw new P("Invalid JWT Claims Set");
|
|
1079
1080
|
return i;
|
|
1080
1081
|
}
|
|
1081
1082
|
const h = class h {
|
|
@@ -1175,7 +1176,7 @@ c(h, "flowName", {
|
|
|
1175
1176
|
[h.OidcAuthorizationCode]: "OIDC Authorization Code"
|
|
1176
1177
|
});
|
|
1177
1178
|
let re = h;
|
|
1178
|
-
var
|
|
1179
|
+
var _, S;
|
|
1179
1180
|
class nt {
|
|
1180
1181
|
/**
|
|
1181
1182
|
* Constructor.
|
|
@@ -1214,11 +1215,11 @@ class nt {
|
|
|
1214
1215
|
verifierLength: a,
|
|
1215
1216
|
tokenConsumer: d,
|
|
1216
1217
|
authServerCredentials: f,
|
|
1217
|
-
authServerMode:
|
|
1218
|
+
authServerMode: v,
|
|
1218
1219
|
authServerHeaders: T
|
|
1219
1220
|
}) {
|
|
1220
1221
|
c(this, "authServerBaseUrl", "");
|
|
1221
|
-
$(this,
|
|
1222
|
+
$(this, _);
|
|
1222
1223
|
$(this, S);
|
|
1223
1224
|
c(this, "codeChallengeMethod", "S256");
|
|
1224
1225
|
c(this, "verifierLength", 32);
|
|
@@ -1234,10 +1235,10 @@ class nt {
|
|
|
1234
1235
|
c(this, "oauthLogFetch", !1);
|
|
1235
1236
|
c(this, "oauthUseUserInfoEndpoint", !1);
|
|
1236
1237
|
c(this, "oauthAuthorizeRedirect");
|
|
1237
|
-
this.tokenConsumer = d, this.authServerBaseUrl = t, a && (this.verifierLength = a), s && (this.stateLength = s), r && D(this,
|
|
1238
|
+
this.tokenConsumer = d, this.authServerBaseUrl = t, a && (this.verifierLength = a), s && (this.stateLength = s), r && D(this, _, r), n && D(this, S, n), i && (this.redirect_uri = i), o && (this.codeChallengeMethod = o), this.authServerBaseUrl = t, f && (this.authServerCredentials = f), v && (this.authServerMode = v), T && (this.authServerHeaders = T);
|
|
1238
1239
|
}
|
|
1239
1240
|
set client_id(t) {
|
|
1240
|
-
D(this,
|
|
1241
|
+
D(this, _, t);
|
|
1241
1242
|
}
|
|
1242
1243
|
set client_secret(t) {
|
|
1243
1244
|
D(this, S, t);
|
|
@@ -1271,7 +1272,7 @@ class nt {
|
|
|
1271
1272
|
}
|
|
1272
1273
|
if (!r || !r.ok)
|
|
1273
1274
|
throw new p(
|
|
1274
|
-
|
|
1275
|
+
y.Connection,
|
|
1275
1276
|
"Couldn't get OIDC configuration from URL" + this.authServerBaseUrl + "/.well-known/openid-configuration"
|
|
1276
1277
|
);
|
|
1277
1278
|
this.oidcConfig = { ...ie };
|
|
@@ -1281,7 +1282,7 @@ class nt {
|
|
|
1281
1282
|
this.oidcConfig[i] = o;
|
|
1282
1283
|
} catch {
|
|
1283
1284
|
throw new p(
|
|
1284
|
-
|
|
1285
|
+
y.Connection,
|
|
1285
1286
|
"Unrecognized response from OIDC configuration endpoint"
|
|
1286
1287
|
);
|
|
1287
1288
|
}
|
|
@@ -1311,21 +1312,20 @@ class nt {
|
|
|
1311
1312
|
async startAuthorizationCodeFlow(t, {
|
|
1312
1313
|
scope: r,
|
|
1313
1314
|
codeChallenge: n,
|
|
1314
|
-
pkce: i = !1
|
|
1315
|
-
upstream: o
|
|
1315
|
+
pkce: i = !1
|
|
1316
1316
|
}) {
|
|
1317
|
-
var d, f
|
|
1318
|
-
if (l.logger.debug(u({ msg: "Starting authorization code flow, scope " + r })), this.oidcConfig || await this.loadConfig(), !((
|
|
1317
|
+
var a, d, f;
|
|
1318
|
+
if (l.logger.debug(u({ msg: "Starting authorization code flow, scope " + r })), this.oidcConfig || await this.loadConfig(), !((a = this.oidcConfig) != null && a.response_types_supported.includes("code")) || !((d = this.oidcConfig) != null && d.response_modes_supported.includes("query")))
|
|
1319
1319
|
return {
|
|
1320
1320
|
error: "invalid_request",
|
|
1321
1321
|
error_description: "Server does not support authorization code flow"
|
|
1322
1322
|
};
|
|
1323
|
-
if (!((
|
|
1323
|
+
if (!((f = this.oidcConfig) != null && f.authorization_endpoint))
|
|
1324
1324
|
return {
|
|
1325
1325
|
error: "server_error",
|
|
1326
1326
|
error_description: "Cannot get authorize endpoint"
|
|
1327
1327
|
};
|
|
1328
|
-
if (!g(this,
|
|
1328
|
+
if (!g(this, _)) return {
|
|
1329
1329
|
error: "invalid_request",
|
|
1330
1330
|
error_description: "Cannot make authorization code flow without client id"
|
|
1331
1331
|
};
|
|
@@ -1333,10 +1333,10 @@ class nt {
|
|
|
1333
1333
|
error: "invalid_request",
|
|
1334
1334
|
error_description: "Cannot make authorization code flow without Redirect Uri"
|
|
1335
1335
|
};
|
|
1336
|
-
let
|
|
1337
|
-
this.oauthAuthorizeRedirect && (
|
|
1338
|
-
let
|
|
1339
|
-
return r && (
|
|
1336
|
+
let o = this.oidcConfig.authorization_endpoint;
|
|
1337
|
+
this.oauthAuthorizeRedirect && (o = this.oauthAuthorizeRedirect);
|
|
1338
|
+
let s = o + "?response_type=code&client_id=" + encodeURIComponent(g(this, _)) + "&state=" + encodeURIComponent(t) + "&redirect_uri=" + encodeURIComponent(this.redirect_uri);
|
|
1339
|
+
return r && (s += "&scope=" + encodeURIComponent(r)), i && n && (s += "&code_challenge=" + n), { url: s };
|
|
1340
1340
|
}
|
|
1341
1341
|
async codeChallengeAndVerifier() {
|
|
1342
1342
|
const t = this.randomValue(this.verifierLength);
|
|
@@ -1397,10 +1397,10 @@ class nt {
|
|
|
1397
1397
|
error: i,
|
|
1398
1398
|
errorDescription: o
|
|
1399
1399
|
}) {
|
|
1400
|
-
var
|
|
1400
|
+
var v, T;
|
|
1401
1401
|
if (this.oidcConfig || await this.loadConfig(), i || !t)
|
|
1402
1402
|
return i || (i = "server_error"), o || (o = "Unknown error"), { error: i, error_description: o };
|
|
1403
|
-
if (this.authzCode = t, !((
|
|
1403
|
+
if (this.authzCode = t, !((v = this.oidcConfig) != null && v.grant_types_supported.includes("authorization_code")))
|
|
1404
1404
|
return {
|
|
1405
1405
|
error: "invalid_request",
|
|
1406
1406
|
error_description: "Server does not support authorization code grant"
|
|
@@ -1415,7 +1415,7 @@ class nt {
|
|
|
1415
1415
|
a = "authorization_code", d = g(this, S);
|
|
1416
1416
|
let f = {
|
|
1417
1417
|
grant_type: a,
|
|
1418
|
-
client_id: g(this,
|
|
1418
|
+
client_id: g(this, _),
|
|
1419
1419
|
code: this.authzCode,
|
|
1420
1420
|
redirect_uri: this.redirect_uri
|
|
1421
1421
|
};
|
|
@@ -1423,10 +1423,10 @@ class nt {
|
|
|
1423
1423
|
try {
|
|
1424
1424
|
let C = await this.post(s, f, this.authServerHeaders);
|
|
1425
1425
|
if (C.id_token) {
|
|
1426
|
-
const
|
|
1427
|
-
if (
|
|
1428
|
-
return
|
|
1429
|
-
C.id_payload =
|
|
1426
|
+
const k = await this.getIdPayload(C.id_token, C.access_token);
|
|
1427
|
+
if (k.error)
|
|
1428
|
+
return k;
|
|
1429
|
+
C.id_payload = k.payload;
|
|
1430
1430
|
}
|
|
1431
1431
|
return C;
|
|
1432
1432
|
} catch (C) {
|
|
@@ -1459,14 +1459,14 @@ class nt {
|
|
|
1459
1459
|
};
|
|
1460
1460
|
if (!((o = this.oidcConfig) != null && o.token_endpoint))
|
|
1461
1461
|
return { error: "server_error", error_description: "Cannot get token endpoint" };
|
|
1462
|
-
if (!g(this,
|
|
1462
|
+
if (!g(this, _)) return {
|
|
1463
1463
|
error: "invalid_request",
|
|
1464
1464
|
error_description: "Cannot make client credentials flow without client id"
|
|
1465
1465
|
};
|
|
1466
1466
|
const r = this.oidcConfig.token_endpoint;
|
|
1467
1467
|
let n = {
|
|
1468
1468
|
grant_type: "client_credentials",
|
|
1469
|
-
client_id: g(this,
|
|
1469
|
+
client_id: g(this, _),
|
|
1470
1470
|
client_secret: g(this, S)
|
|
1471
1471
|
};
|
|
1472
1472
|
t && (n.scope = t);
|
|
@@ -1516,7 +1516,7 @@ class nt {
|
|
|
1516
1516
|
const i = this.oidcConfig.token_endpoint;
|
|
1517
1517
|
let o = {
|
|
1518
1518
|
grant_type: "password",
|
|
1519
|
-
client_id: g(this,
|
|
1519
|
+
client_id: g(this, _),
|
|
1520
1520
|
client_secret: g(this, S),
|
|
1521
1521
|
username: t,
|
|
1522
1522
|
password: r
|
|
@@ -1606,7 +1606,7 @@ class nt {
|
|
|
1606
1606
|
if (!((s = this.oidcConfig) != null && s.issuer))
|
|
1607
1607
|
return { error: "server_error", error_description: "Cannot get issuer" };
|
|
1608
1608
|
const n = this.oidcConfig.issuer + (this.oidcConfig.issuer.endsWith("/") ? "" : "/") + "mfa/challenge", i = await this.post(n, {
|
|
1609
|
-
client_id: g(this,
|
|
1609
|
+
client_id: g(this, _),
|
|
1610
1610
|
client_secret: g(this, S),
|
|
1611
1611
|
challenge_type: "otp",
|
|
1612
1612
|
mfa_token: t,
|
|
@@ -1645,7 +1645,7 @@ class nt {
|
|
|
1645
1645
|
return { error: "server_error", error_description: "Cannot get issuer" };
|
|
1646
1646
|
const i = this.oidcConfig.token_endpoint, o = await this.post(i, {
|
|
1647
1647
|
grant_type: "http://auth0.com/oauth/grant-type/mfa-otp",
|
|
1648
|
-
client_id: g(this,
|
|
1648
|
+
client_id: g(this, _),
|
|
1649
1649
|
client_secret: g(this, S),
|
|
1650
1650
|
challenge_type: "otp",
|
|
1651
1651
|
mfa_token: t,
|
|
@@ -1697,7 +1697,7 @@ class nt {
|
|
|
1697
1697
|
if (!((s = this.oidcConfig) != null && s.issuer))
|
|
1698
1698
|
return { error: "server_error", error_description: "Cannot get issuer" };
|
|
1699
1699
|
const n = this.oidcConfig.issuer + (this.oidcConfig.issuer.endsWith("/") ? "" : "/") + "mfa/challenge", i = await this.post(n, {
|
|
1700
|
-
client_id: g(this,
|
|
1700
|
+
client_id: g(this, _),
|
|
1701
1701
|
client_secret: g(this, S),
|
|
1702
1702
|
challenge_type: "oob",
|
|
1703
1703
|
mfa_token: t,
|
|
@@ -1733,7 +1733,7 @@ class nt {
|
|
|
1733
1733
|
return { error: "server_error", error_description: "Cannot get issuer" };
|
|
1734
1734
|
const o = this.oidcConfig.token_endpoint, s = await this.post(o, {
|
|
1735
1735
|
grant_type: "http://auth0.com/oauth/grant-type/mfa-oob",
|
|
1736
|
-
client_id: g(this,
|
|
1736
|
+
client_id: g(this, _),
|
|
1737
1737
|
client_secret: g(this, S),
|
|
1738
1738
|
challenge_type: "otp",
|
|
1739
1739
|
mfa_token: t,
|
|
@@ -1781,7 +1781,7 @@ class nt {
|
|
|
1781
1781
|
let i = {
|
|
1782
1782
|
grant_type: "refresh_token",
|
|
1783
1783
|
refresh_token: t,
|
|
1784
|
-
client_id: g(this,
|
|
1784
|
+
client_id: g(this, _)
|
|
1785
1785
|
};
|
|
1786
1786
|
n && (i.client_secret = n);
|
|
1787
1787
|
try {
|
|
@@ -1817,7 +1817,7 @@ class nt {
|
|
|
1817
1817
|
};
|
|
1818
1818
|
let n = {
|
|
1819
1819
|
grant_type: "urn:ietf:params:oauth:grant-type:device_code",
|
|
1820
|
-
client_id: g(this,
|
|
1820
|
+
client_id: g(this, _),
|
|
1821
1821
|
client_secret: g(this, S)
|
|
1822
1822
|
};
|
|
1823
1823
|
r && (n.scope = r);
|
|
@@ -1852,7 +1852,7 @@ class nt {
|
|
|
1852
1852
|
};
|
|
1853
1853
|
let r = {
|
|
1854
1854
|
grant_type: "urn:ietf:params:oauth:grant-type:device_code",
|
|
1855
|
-
client_id: g(this,
|
|
1855
|
+
client_id: g(this, _),
|
|
1856
1856
|
client_secret: g(this, S),
|
|
1857
1857
|
device_code: t
|
|
1858
1858
|
};
|
|
@@ -1906,8 +1906,8 @@ class nt {
|
|
|
1906
1906
|
s = JSON.stringify(r), a = "application/json";
|
|
1907
1907
|
else {
|
|
1908
1908
|
s = "";
|
|
1909
|
-
for (let
|
|
1910
|
-
s != "" && (s += "&"), s += encodeURIComponent(
|
|
1909
|
+
for (let v in r)
|
|
1910
|
+
s != "" && (s += "&"), s += encodeURIComponent(v) + "=" + encodeURIComponent(r[v]);
|
|
1911
1911
|
a = "application/x-www-form-urlencoded";
|
|
1912
1912
|
}
|
|
1913
1913
|
this.oauthLogFetch && l.logger.debug(u({ msg: "OAuth fetch", method: "POST", url: t, body: s }));
|
|
@@ -1925,10 +1925,10 @@ class nt {
|
|
|
1925
1925
|
body: s
|
|
1926
1926
|
});
|
|
1927
1927
|
try {
|
|
1928
|
-
const
|
|
1929
|
-
return this.oauthLogFetch && l.logger.debug(u({ msg: "OAuth fetch response", body: JSON.stringify(
|
|
1930
|
-
} catch (
|
|
1931
|
-
let T = p.asCrossauthError(
|
|
1928
|
+
const v = await f.clone().json();
|
|
1929
|
+
return this.oauthLogFetch && l.logger.debug(u({ msg: "OAuth fetch response", body: JSON.stringify(v) })), await f.json(), v;
|
|
1930
|
+
} catch (v) {
|
|
1931
|
+
let T = p.asCrossauthError(v);
|
|
1932
1932
|
throw s = await f.text(), l.logger.debug(u({ msg: "Response is not JSON", response: s })), T;
|
|
1933
1933
|
}
|
|
1934
1934
|
}
|
|
@@ -2007,7 +2007,7 @@ class nt {
|
|
|
2007
2007
|
return tt(t);
|
|
2008
2008
|
}
|
|
2009
2009
|
}
|
|
2010
|
-
|
|
2010
|
+
_ = new WeakMap(), S = new WeakMap();
|
|
2011
2011
|
class ot {
|
|
2012
2012
|
/**
|
|
2013
2013
|
* Constrctor
|
|
@@ -2037,7 +2037,7 @@ class ot {
|
|
|
2037
2037
|
c(this, "keys", {});
|
|
2038
2038
|
if (this.audience = t, r.authServerBaseUrl && (this.authServerBaseUrl = r.authServerBaseUrl), r.jwtKeyType && (this.jwtKeyType = r.jwtKeyType), r.jwtSecretKey && (this.jwtSecretKey = r.jwtSecretKey), r.jwtPublicKey && (this.jwtPublicKey = r.jwtPublicKey), r.clockTolerance && (this.clockTolerance = r.clockTolerance), r.oidcConfig && (this.oidcConfig = r.oidcConfig), this.jwtPublicKey && !this.jwtKeyType)
|
|
2039
2039
|
throw new p(
|
|
2040
|
-
|
|
2040
|
+
y.Configuration,
|
|
2041
2041
|
"If specifying jwtPublic key, must also specify jwtKeyType"
|
|
2042
2042
|
);
|
|
2043
2043
|
}
|
|
@@ -2054,14 +2054,14 @@ class ot {
|
|
|
2054
2054
|
if (this.jwtSecretKey) {
|
|
2055
2055
|
if (!this.jwtKeyType)
|
|
2056
2056
|
throw new p(
|
|
2057
|
-
|
|
2057
|
+
y.Configuration,
|
|
2058
2058
|
"Must specify jwtKeyType if setting jwtSecretKey"
|
|
2059
2059
|
);
|
|
2060
2060
|
this.keys._default = await Be(this.jwtSecretKey, this.jwtKeyType);
|
|
2061
2061
|
} else if (this.jwtPublicKey) {
|
|
2062
2062
|
if (!this.jwtKeyType)
|
|
2063
2063
|
throw new p(
|
|
2064
|
-
|
|
2064
|
+
y.Configuration,
|
|
2065
2065
|
"Must specify jwtKeyType if setting jwtPublicKey"
|
|
2066
2066
|
);
|
|
2067
2067
|
const r = await $e(this.jwtPublicKey, this.jwtKeyType);
|
|
@@ -2069,13 +2069,13 @@ class ot {
|
|
|
2069
2069
|
} else {
|
|
2070
2070
|
if (this.oidcConfig || await this.loadConfig(), !this.oidcConfig)
|
|
2071
2071
|
throw new p(
|
|
2072
|
-
|
|
2072
|
+
y.Connection,
|
|
2073
2073
|
"Load OIDC config before Jwks"
|
|
2074
2074
|
);
|
|
2075
2075
|
await this.loadJwks(void 0, t);
|
|
2076
2076
|
}
|
|
2077
2077
|
} catch (r) {
|
|
2078
|
-
throw l.logger.debug(u({ err: r })), new p(
|
|
2078
|
+
throw l.logger.debug(u({ err: r })), new p(y.Connection, "Couldn't load keys");
|
|
2079
2079
|
}
|
|
2080
2080
|
}
|
|
2081
2081
|
/**
|
|
@@ -2093,7 +2093,7 @@ class ot {
|
|
|
2093
2093
|
return;
|
|
2094
2094
|
}
|
|
2095
2095
|
if (!this.authServerBaseUrl)
|
|
2096
|
-
throw new p(
|
|
2096
|
+
throw new p(y.Connection, "Couldn't get OIDC configuration. Either set authServerBaseUrl or set config manually");
|
|
2097
2097
|
let r;
|
|
2098
2098
|
try {
|
|
2099
2099
|
let n = this.authServerBaseUrl;
|
|
@@ -2102,14 +2102,14 @@ class ot {
|
|
|
2102
2102
|
l.logger.error(u({ err: n }));
|
|
2103
2103
|
}
|
|
2104
2104
|
if (!r || !r.ok)
|
|
2105
|
-
throw new p(
|
|
2105
|
+
throw new p(y.Connection, "Couldn't get OIDC configuration");
|
|
2106
2106
|
this.oidcConfig = { ...ie };
|
|
2107
2107
|
try {
|
|
2108
2108
|
const n = await r.json();
|
|
2109
2109
|
for (const [i, o] of Object.entries(n))
|
|
2110
2110
|
this.oidcConfig[i] = o;
|
|
2111
2111
|
} catch {
|
|
2112
|
-
throw new p(
|
|
2112
|
+
throw new p(y.Connection, "Unrecognized response from OIDC configuration endpoint");
|
|
2113
2113
|
}
|
|
2114
2114
|
}
|
|
2115
2115
|
/**
|
|
@@ -2130,7 +2130,7 @@ class ot {
|
|
|
2130
2130
|
}
|
|
2131
2131
|
} else {
|
|
2132
2132
|
if (!this.oidcConfig)
|
|
2133
|
-
throw new p(
|
|
2133
|
+
throw new p(y.Connection, "Load OIDC config before Jwks");
|
|
2134
2134
|
let n;
|
|
2135
2135
|
try {
|
|
2136
2136
|
n = await fetch(new URL(this.oidcConfig.jwks_uri));
|
|
@@ -2138,12 +2138,12 @@ class ot {
|
|
|
2138
2138
|
l.logger.error(u({ err: i }));
|
|
2139
2139
|
}
|
|
2140
2140
|
if (!n || !n.ok)
|
|
2141
|
-
throw new p(
|
|
2141
|
+
throw new p(y.Connection, "Couldn't get OIDC configuration");
|
|
2142
2142
|
this.keys = {};
|
|
2143
2143
|
try {
|
|
2144
2144
|
const i = await n.json();
|
|
2145
2145
|
if (!("keys" in i) || !Array.isArray(i.keys))
|
|
2146
|
-
throw new p(
|
|
2146
|
+
throw new p(y.Connection, "Couldn't fetch keys");
|
|
2147
2147
|
for (let o = 0; o < i.keys.length; ++o)
|
|
2148
2148
|
try {
|
|
2149
2149
|
let s = "_default", a = { ...i.keys[o] };
|
|
@@ -2157,10 +2157,10 @@ class ot {
|
|
|
2157
2157
|
const d = await j(a);
|
|
2158
2158
|
this.keys[s] = d;
|
|
2159
2159
|
} catch (s) {
|
|
2160
|
-
throw l.logger.error(u({ err: s })), new p(
|
|
2160
|
+
throw l.logger.error(u({ err: s })), new p(y.Connection, "Couldn't load keys");
|
|
2161
2161
|
}
|
|
2162
2162
|
} catch (i) {
|
|
2163
|
-
throw l.logger.error(u({ err: i })), new p(
|
|
2163
|
+
throw l.logger.error(u({ err: i })), new p(y.Connection, "Unrecognized response from OIDC jwks endpoint");
|
|
2164
2164
|
}
|
|
2165
2165
|
}
|
|
2166
2166
|
}
|
|
@@ -2234,8 +2234,8 @@ export {
|
|
|
2234
2234
|
p as CrossauthError,
|
|
2235
2235
|
l as CrossauthLogger,
|
|
2236
2236
|
ie as DEFAULT_OIDCCONFIG,
|
|
2237
|
-
|
|
2238
|
-
|
|
2237
|
+
y as ErrorCode,
|
|
2238
|
+
A as KeyPrefix,
|
|
2239
2239
|
nt as OAuthClientBase,
|
|
2240
2240
|
re as OAuthFlows,
|
|
2241
2241
|
ot as OAuthTokenConsumerBase,
|