@crossauth/frontend 0.0.23 → 0.0.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.iife.js +1 -1
- package/dist/index.js +128 -120
- package/dist/oauth/autorefresher.d.ts +1 -2
- package/dist/oauth/bffclient.d.ts +1 -2
- package/dist/oauth/client.d.ts +2 -2
- package/dist/oauth/devicecodepoller.d.ts +1 -2
- package/dist/oauth/tokenconsumer.d.ts +1 -2
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -262,7 +262,7 @@ l(W, "Error", 1), /** Log errors and warning */
|
|
|
262
262
|
l(W, "Warn", 2), /** Log errors, warnings and info messages */
|
|
263
263
|
l(W, "Info", 3), /** Log everything */
|
|
264
264
|
l(W, "Debug", 4), l(W, "levelName", ["NONE", "ERROR", "WARN", "INFO", "DEBUG"]);
|
|
265
|
-
let
|
|
265
|
+
let c = W;
|
|
266
266
|
function h(r) {
|
|
267
267
|
let e;
|
|
268
268
|
typeof r == "object" && "err" in r && typeof r.err == "object" && (e = r.err.stack);
|
|
@@ -284,7 +284,7 @@ function h(r) {
|
|
|
284
284
|
}
|
|
285
285
|
return typeof r == "string" || globalThis.crossauthLoggerAcceptsJson ? r : JSON.stringify(r);
|
|
286
286
|
}
|
|
287
|
-
globalThis.crossauthLogger = new
|
|
287
|
+
globalThis.crossauthLogger = new c(c.None);
|
|
288
288
|
globalThis.crossauthLoggerAcceptsJson = !0;
|
|
289
289
|
const ye = {
|
|
290
290
|
issuer: "",
|
|
@@ -627,17 +627,17 @@ const Se = (r) => (r == null ? void 0 : r[Symbol.toStringTag]) === "KeyObject",
|
|
|
627
627
|
}
|
|
628
628
|
}, be = async (r, e, t, o, i) => {
|
|
629
629
|
let n, s;
|
|
630
|
-
const a = new Uint8Array(atob(t.replace(r, "")).split("").map((u) => u.charCodeAt(0))),
|
|
630
|
+
const a = new Uint8Array(atob(t.replace(r, "")).split("").map((u) => u.charCodeAt(0))), d = e === "spki";
|
|
631
631
|
switch (o) {
|
|
632
632
|
case "PS256":
|
|
633
633
|
case "PS384":
|
|
634
634
|
case "PS512":
|
|
635
|
-
n = { name: "RSA-PSS", hash: `SHA-${o.slice(-3)}` }, s =
|
|
635
|
+
n = { name: "RSA-PSS", hash: `SHA-${o.slice(-3)}` }, s = d ? ["verify"] : ["sign"];
|
|
636
636
|
break;
|
|
637
637
|
case "RS256":
|
|
638
638
|
case "RS384":
|
|
639
639
|
case "RS512":
|
|
640
|
-
n = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${o.slice(-3)}` }, s =
|
|
640
|
+
n = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${o.slice(-3)}` }, s = d ? ["verify"] : ["sign"];
|
|
641
641
|
break;
|
|
642
642
|
case "RSA-OAEP":
|
|
643
643
|
case "RSA-OAEP-256":
|
|
@@ -646,27 +646,27 @@ const Se = (r) => (r == null ? void 0 : r[Symbol.toStringTag]) === "KeyObject",
|
|
|
646
646
|
n = {
|
|
647
647
|
name: "RSA-OAEP",
|
|
648
648
|
hash: `SHA-${parseInt(o.slice(-3), 10) || 1}`
|
|
649
|
-
}, s =
|
|
649
|
+
}, s = d ? ["encrypt", "wrapKey"] : ["decrypt", "unwrapKey"];
|
|
650
650
|
break;
|
|
651
651
|
case "ES256":
|
|
652
|
-
n = { name: "ECDSA", namedCurve: "P-256" }, s =
|
|
652
|
+
n = { name: "ECDSA", namedCurve: "P-256" }, s = d ? ["verify"] : ["sign"];
|
|
653
653
|
break;
|
|
654
654
|
case "ES384":
|
|
655
|
-
n = { name: "ECDSA", namedCurve: "P-384" }, s =
|
|
655
|
+
n = { name: "ECDSA", namedCurve: "P-384" }, s = d ? ["verify"] : ["sign"];
|
|
656
656
|
break;
|
|
657
657
|
case "ES512":
|
|
658
|
-
n = { name: "ECDSA", namedCurve: "P-521" }, s =
|
|
658
|
+
n = { name: "ECDSA", namedCurve: "P-521" }, s = d ? ["verify"] : ["sign"];
|
|
659
659
|
break;
|
|
660
660
|
case "ECDH-ES":
|
|
661
661
|
case "ECDH-ES+A128KW":
|
|
662
662
|
case "ECDH-ES+A192KW":
|
|
663
663
|
case "ECDH-ES+A256KW": {
|
|
664
664
|
const u = le(a);
|
|
665
|
-
n = u.startsWith("P-") ? { name: "ECDH", namedCurve: u } : { name: u }, s =
|
|
665
|
+
n = u.startsWith("P-") ? { name: "ECDH", namedCurve: u } : { name: u }, s = d ? [] : ["deriveBits"];
|
|
666
666
|
break;
|
|
667
667
|
}
|
|
668
668
|
case "EdDSA":
|
|
669
|
-
n = { name: le(a) }, s =
|
|
669
|
+
n = { name: le(a) }, s = d ? ["verify"] : ["sign"];
|
|
670
670
|
break;
|
|
671
671
|
default:
|
|
672
672
|
throw new I('Invalid or unsupported "alg" (Algorithm) value');
|
|
@@ -822,8 +822,8 @@ async function ir(r, e, t) {
|
|
|
822
822
|
throw new S("JWS Payload must be a string");
|
|
823
823
|
} else if (typeof r.payload != "string" && !(r.payload instanceof Uint8Array))
|
|
824
824
|
throw new S("JWS Payload must be a string or an Uint8Array instance");
|
|
825
|
-
let
|
|
826
|
-
typeof e == "function" && (e = await e(o, r),
|
|
825
|
+
let d = !1;
|
|
826
|
+
typeof e == "function" && (e = await e(o, r), d = !0), Ze(a, e, "verify");
|
|
827
827
|
const u = He(X.encode(r.protected ?? ""), X.encode("."), typeof r.payload == "string" ? X.encode(r.payload) : r.payload);
|
|
828
828
|
let y;
|
|
829
829
|
try {
|
|
@@ -842,7 +842,7 @@ async function ir(r, e, t) {
|
|
|
842
842
|
}
|
|
843
843
|
else typeof r.payload == "string" ? k = X.encode(r.payload) : k = r.payload;
|
|
844
844
|
const Y = { payload: k };
|
|
845
|
-
return r.protected !== void 0 && (Y.protectedHeader = o), r.header !== void 0 && (Y.unprotectedHeader = r.header),
|
|
845
|
+
return r.protected !== void 0 && (Y.protectedHeader = o), r.header !== void 0 && (Y.unprotectedHeader = r.header), d ? { ...Y, key: e } : Y;
|
|
846
846
|
}
|
|
847
847
|
async function sr(r, e, t) {
|
|
848
848
|
if (r instanceof Uint8Array && (r = G.decode(r)), typeof r != "string")
|
|
@@ -850,8 +850,8 @@ async function sr(r, e, t) {
|
|
|
850
850
|
const { 0: o, 1: i, 2: n, length: s } = r.split(".");
|
|
851
851
|
if (s !== 3)
|
|
852
852
|
throw new S("Invalid Compact JWS");
|
|
853
|
-
const a = await ir({ payload: i, protected: o, signature: n }, e),
|
|
854
|
-
return typeof e == "function" ? { ...
|
|
853
|
+
const a = await ir({ payload: i, protected: o, signature: n }, e), d = { payload: a.payload, protectedHeader: a.protectedHeader };
|
|
854
|
+
return typeof e == "function" ? { ...d, key: a.key } : d;
|
|
855
855
|
}
|
|
856
856
|
const Ee = M;
|
|
857
857
|
function nr(r) {
|
|
@@ -1033,12 +1033,12 @@ class cr {
|
|
|
1033
1033
|
codeChallengeMethod: n,
|
|
1034
1034
|
stateLength: s,
|
|
1035
1035
|
verifierLength: a,
|
|
1036
|
-
tokenConsumer:
|
|
1036
|
+
tokenConsumer: d,
|
|
1037
1037
|
authServerCredentials: u,
|
|
1038
1038
|
authServerMode: y,
|
|
1039
1039
|
authServerHeaders: k
|
|
1040
1040
|
}) {
|
|
1041
|
-
l(this, "authServerBaseUrl", ""), $(this, _), $(this, T), $(this, q), l(this, "codeChallengeMethod", "S256"), $(this, F), l(this, "verifierLength", 32), l(this, "redirect_uri"), $(this, J, ""), l(this, "stateLength", 32), l(this, "authzCode", ""), l(this, "oidcConfig"), l(this, "tokenConsumer"), l(this, "authServerHeaders", {}), l(this, "authServerMode"), l(this, "authServerCredentials"), this.tokenConsumer =
|
|
1041
|
+
l(this, "authServerBaseUrl", ""), $(this, _), $(this, T), $(this, q), l(this, "codeChallengeMethod", "S256"), $(this, F), l(this, "verifierLength", 32), l(this, "redirect_uri"), $(this, J, ""), l(this, "stateLength", 32), l(this, "authzCode", ""), l(this, "oidcConfig"), l(this, "tokenConsumer"), l(this, "authServerHeaders", {}), l(this, "authServerMode"), l(this, "authServerCredentials"), this.tokenConsumer = d, this.authServerBaseUrl = e, a && (this.verifierLength = a), s && (this.stateLength = s), t && A(this, _, t), o && A(this, T, o), i && (this.redirect_uri = i), n && (this.codeChallengeMethod = n), this.authServerBaseUrl = e, u && (this.authServerCredentials = u), y && (this.authServerMode = y), k && (this.authServerHeaders = k);
|
|
1042
1042
|
}
|
|
1043
1043
|
set client_id(e) {
|
|
1044
1044
|
A(this, _, e);
|
|
@@ -1068,7 +1068,7 @@ class cr {
|
|
|
1068
1068
|
*/
|
|
1069
1069
|
async loadConfig(e) {
|
|
1070
1070
|
if (e) {
|
|
1071
|
-
|
|
1071
|
+
c.logger.debug(h({ msg: "Reading OIDC config locally" })), this.oidcConfig = e;
|
|
1072
1072
|
return;
|
|
1073
1073
|
}
|
|
1074
1074
|
let t;
|
|
@@ -1076,11 +1076,11 @@ class cr {
|
|
|
1076
1076
|
const o = new URL(
|
|
1077
1077
|
this.authServerBaseUrl + "/.well-known/openid-configuration"
|
|
1078
1078
|
);
|
|
1079
|
-
|
|
1079
|
+
c.logger.debug(h({ msg: `Fetching OIDC config from ${o}` }));
|
|
1080
1080
|
let i = { headers: this.authServerHeaders };
|
|
1081
1081
|
this.authServerMode && (i.mode = this.authServerMode), this.authServerCredentials && (i.credentials = this.authServerCredentials), t = await fetch(o, i);
|
|
1082
1082
|
} catch (o) {
|
|
1083
|
-
|
|
1083
|
+
c.logger.error(h({ err: o }));
|
|
1084
1084
|
}
|
|
1085
1085
|
if (!t || !t.ok)
|
|
1086
1086
|
throw new g(
|
|
@@ -1123,7 +1123,7 @@ class cr {
|
|
|
1123
1123
|
*/
|
|
1124
1124
|
async startAuthorizationCodeFlow(e, t = !1) {
|
|
1125
1125
|
var o, i, n;
|
|
1126
|
-
if (
|
|
1126
|
+
if (c.logger.debug(h({ msg: "Starting authorization code flow" })), this.oidcConfig || await this.loadConfig(), !((o = this.oidcConfig) != null && o.response_types_supported.includes("code")) || !((i = this.oidcConfig) != null && i.response_modes_supported.includes("query")))
|
|
1127
1127
|
return {
|
|
1128
1128
|
error: "invalid_request",
|
|
1129
1129
|
error_description: "Server does not support authorization code flow"
|
|
@@ -1181,10 +1181,10 @@ class cr {
|
|
|
1181
1181
|
error_description: "Cannot get token endpoint"
|
|
1182
1182
|
};
|
|
1183
1183
|
const a = this.oidcConfig.token_endpoint;
|
|
1184
|
-
let
|
|
1185
|
-
|
|
1184
|
+
let d, u;
|
|
1185
|
+
d = "authorization_code", u = p(this, T);
|
|
1186
1186
|
let y = {
|
|
1187
|
-
grant_type:
|
|
1187
|
+
grant_type: d,
|
|
1188
1188
|
client_id: p(this, _),
|
|
1189
1189
|
code: this.authzCode
|
|
1190
1190
|
};
|
|
@@ -1193,7 +1193,7 @@ class cr {
|
|
|
1193
1193
|
const k = await this.post(a, y, this.authServerHeaders);
|
|
1194
1194
|
return k.id_token && !await this.validateIdToken(k.id_token) ? { error: "access_denied", error_description: "Invalid ID token" } : k;
|
|
1195
1195
|
} catch (k) {
|
|
1196
|
-
return
|
|
1196
|
+
return c.logger.error(h({ err: k })), {
|
|
1197
1197
|
error: "server_error",
|
|
1198
1198
|
error_description: "Unable to get access token from server"
|
|
1199
1199
|
};
|
|
@@ -1215,7 +1215,7 @@ class cr {
|
|
|
1215
1215
|
*/
|
|
1216
1216
|
async clientCredentialsFlow(e) {
|
|
1217
1217
|
var t, o;
|
|
1218
|
-
if (
|
|
1218
|
+
if (c.logger.debug(h({ msg: "Starting client credentials flow" })), this.oidcConfig || await this.loadConfig(), !((t = this.oidcConfig) != null && t.grant_types_supported.includes("client_credentials")))
|
|
1219
1219
|
return {
|
|
1220
1220
|
error: "invalid_request",
|
|
1221
1221
|
error_description: "Server does not support client credentials grant"
|
|
@@ -1236,7 +1236,7 @@ class cr {
|
|
|
1236
1236
|
try {
|
|
1237
1237
|
return await this.post(i, n, this.authServerHeaders);
|
|
1238
1238
|
} catch (s) {
|
|
1239
|
-
return
|
|
1239
|
+
return c.logger.error(h({ err: s })), {
|
|
1240
1240
|
error: "server_error",
|
|
1241
1241
|
error_description: "Error connecting to authorization server"
|
|
1242
1242
|
};
|
|
@@ -1259,7 +1259,7 @@ class cr {
|
|
|
1259
1259
|
*/
|
|
1260
1260
|
async passwordFlow(e, t, o) {
|
|
1261
1261
|
var i, n;
|
|
1262
|
-
if (
|
|
1262
|
+
if (c.logger.debug(h({ msg: "Starting password flow" })), this.oidcConfig || await this.loadConfig(), !((i = this.oidcConfig) != null && i.grant_types_supported.includes("password")))
|
|
1263
1263
|
return {
|
|
1264
1264
|
error: "invalid_request",
|
|
1265
1265
|
error_description: "Server does not support password grant"
|
|
@@ -1279,10 +1279,10 @@ class cr {
|
|
|
1279
1279
|
};
|
|
1280
1280
|
o && (a.scope = o);
|
|
1281
1281
|
try {
|
|
1282
|
-
let
|
|
1283
|
-
return
|
|
1284
|
-
} catch (
|
|
1285
|
-
return
|
|
1282
|
+
let d = await this.post(s, a, this.authServerHeaders);
|
|
1283
|
+
return d.id_token && !await this.validateIdToken(d.id_token) ? { error: "access_denied", error_description: "Invalid ID token" } : d;
|
|
1284
|
+
} catch (d) {
|
|
1285
|
+
return c.logger.error(h({ err: d })), {
|
|
1286
1286
|
error: "server_error",
|
|
1287
1287
|
error_description: "Error connecting to authorization server"
|
|
1288
1288
|
};
|
|
@@ -1303,7 +1303,7 @@ class cr {
|
|
|
1303
1303
|
*/
|
|
1304
1304
|
async mfaAuthenticators(e) {
|
|
1305
1305
|
var t, o, i;
|
|
1306
|
-
if (
|
|
1306
|
+
if (c.logger.debug(h({ msg: "Getting valid MFA authenticators" })), this.oidcConfig || await this.loadConfig(), !((t = this.oidcConfig) != null && t.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-otp")) && (o = this.oidcConfig) != null && o.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-oob"))
|
|
1307
1307
|
return {
|
|
1308
1308
|
error: "invalid_request",
|
|
1309
1309
|
error_description: "Server does not support password_mfa grant"
|
|
@@ -1317,8 +1317,8 @@ class cr {
|
|
|
1317
1317
|
error_description: "Expected array of authenticators in mfa/authenticators response"
|
|
1318
1318
|
};
|
|
1319
1319
|
let a = [];
|
|
1320
|
-
for (let
|
|
1321
|
-
const u = s[
|
|
1320
|
+
for (let d = 0; d < s.length; ++d) {
|
|
1321
|
+
const u = s[d];
|
|
1322
1322
|
if (!u.id || !u.authenticator_type || !u.active)
|
|
1323
1323
|
return {
|
|
1324
1324
|
error: "server_error",
|
|
@@ -1348,7 +1348,7 @@ class cr {
|
|
|
1348
1348
|
*/
|
|
1349
1349
|
async mfaOtpRequest(e, t) {
|
|
1350
1350
|
var o, i;
|
|
1351
|
-
if (
|
|
1351
|
+
if (c.logger.debug(h({ msg: "Making MFA OTB request" })), this.oidcConfig || await this.loadConfig(), !((o = this.oidcConfig) != null && o.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-otp")))
|
|
1352
1352
|
return {
|
|
1353
1353
|
error: "invalid_request",
|
|
1354
1354
|
error_description: "Server does not support password_mfa grant"
|
|
@@ -1386,7 +1386,7 @@ class cr {
|
|
|
1386
1386
|
*/
|
|
1387
1387
|
async mfaOtpComplete(e, t, o) {
|
|
1388
1388
|
var i, n;
|
|
1389
|
-
if (
|
|
1389
|
+
if (c.logger.debug(h({ msg: "Completing MFA OTP request" })), this.oidcConfig || await this.loadConfig(), !((i = this.oidcConfig) != null && i.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-otp")))
|
|
1390
1390
|
return {
|
|
1391
1391
|
error: "invalid_request",
|
|
1392
1392
|
error_description: "Server does not support password_mfa grant"
|
|
@@ -1433,7 +1433,7 @@ class cr {
|
|
|
1433
1433
|
*/
|
|
1434
1434
|
async mfaOobRequest(e, t) {
|
|
1435
1435
|
var o, i;
|
|
1436
|
-
if (
|
|
1436
|
+
if (c.logger.debug(h({ msg: "Making MFA OOB request" })), this.oidcConfig || await this.loadConfig(), !((o = this.oidcConfig) != null && o.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-otp")))
|
|
1437
1437
|
return {
|
|
1438
1438
|
error: "invalid_request",
|
|
1439
1439
|
error_description: "Server does not support password_mfa grant"
|
|
@@ -1468,14 +1468,14 @@ class cr {
|
|
|
1468
1468
|
*/
|
|
1469
1469
|
async mfaOobComplete(e, t, o, i) {
|
|
1470
1470
|
var n, s;
|
|
1471
|
-
if (
|
|
1471
|
+
if (c.logger.debug(h({ msg: "Completing MFA OOB request" })), this.oidcConfig || await this.loadConfig(), !((n = this.oidcConfig) != null && n.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-oob")))
|
|
1472
1472
|
return {
|
|
1473
1473
|
error: "invalid_request",
|
|
1474
1474
|
error_description: "Server does not support password_mfa grant"
|
|
1475
1475
|
};
|
|
1476
1476
|
if (!((s = this.oidcConfig) != null && s.issuer))
|
|
1477
1477
|
return { error: "server_error", error_description: "Cannot get issuer" };
|
|
1478
|
-
const a = this.oidcConfig.token_endpoint,
|
|
1478
|
+
const a = this.oidcConfig.token_endpoint, d = await this.post(a, {
|
|
1479
1479
|
grant_type: "http://auth0.com/oauth/grant-type/mfa-oob",
|
|
1480
1480
|
client_id: p(this, _),
|
|
1481
1481
|
client_secret: p(this, T),
|
|
@@ -1485,23 +1485,23 @@ class cr {
|
|
|
1485
1485
|
binding_code: o,
|
|
1486
1486
|
scope: i
|
|
1487
1487
|
}, this.authServerHeaders);
|
|
1488
|
-
return
|
|
1489
|
-
error:
|
|
1490
|
-
error_description:
|
|
1491
|
-
} :
|
|
1492
|
-
id_token:
|
|
1493
|
-
access_token:
|
|
1494
|
-
refresh_token:
|
|
1495
|
-
expires_in: "expires_in" in
|
|
1496
|
-
scope:
|
|
1497
|
-
token_type:
|
|
1488
|
+
return d.error ? {
|
|
1489
|
+
error: d.error,
|
|
1490
|
+
error_description: d.error_description
|
|
1491
|
+
} : d.id_token && !await this.validateIdToken(d.id_token) ? { error: "access_denied", error_description: "Invalid ID token" } : {
|
|
1492
|
+
id_token: d.id_token,
|
|
1493
|
+
access_token: d.access_token,
|
|
1494
|
+
refresh_token: d.refresh_token,
|
|
1495
|
+
expires_in: "expires_in" in d ? Number(d.expires_in) : void 0,
|
|
1496
|
+
scope: d.scope,
|
|
1497
|
+
token_type: d.token_type
|
|
1498
1498
|
};
|
|
1499
1499
|
}
|
|
1500
1500
|
//////////////////////////////////////////////////////////////////////
|
|
1501
1501
|
// Refresh Token Flow
|
|
1502
1502
|
async refreshTokenFlow(e) {
|
|
1503
1503
|
var t, o;
|
|
1504
|
-
if (
|
|
1504
|
+
if (c.logger.debug(h({ msg: "Starting refresh token flow" })), this.oidcConfig || await this.loadConfig(), !((t = this.oidcConfig) != null && t.grant_types_supported.includes("refresh_token")))
|
|
1505
1505
|
return {
|
|
1506
1506
|
error: "invalid_request",
|
|
1507
1507
|
error_description: "Server does not support refresh_token grant"
|
|
@@ -1524,7 +1524,7 @@ class cr {
|
|
|
1524
1524
|
let a = await this.post(i, s, this.authServerHeaders);
|
|
1525
1525
|
return a.id_token && !await this.validateIdToken(a.id_token) ? { error: "access_denied", error_description: "Invalid ID token" } : a;
|
|
1526
1526
|
} catch (a) {
|
|
1527
|
-
return
|
|
1527
|
+
return c.logger.error(h({ err: a })), {
|
|
1528
1528
|
error: "server_error",
|
|
1529
1529
|
error_description: "Error connecting to authorization server"
|
|
1530
1530
|
};
|
|
@@ -1540,7 +1540,7 @@ class cr {
|
|
|
1540
1540
|
*/
|
|
1541
1541
|
async startDeviceCodeFlow(e, t) {
|
|
1542
1542
|
var o;
|
|
1543
|
-
if (
|
|
1543
|
+
if (c.logger.debug(h({ msg: "Starting device code flow" })), this.oidcConfig || await this.loadConfig(), !((o = this.oidcConfig) != null && o.grant_types_supported.includes("urn:ietf:params:oauth:grant-type:device_code")))
|
|
1544
1544
|
return {
|
|
1545
1545
|
error: "invalid_request",
|
|
1546
1546
|
error_description: "Server does not support device code grant"
|
|
@@ -1555,7 +1555,7 @@ class cr {
|
|
|
1555
1555
|
let n = await this.post(e, i, this.authServerHeaders);
|
|
1556
1556
|
return n.id_token && !await this.validateIdToken(n.id_token) ? { error: "access_denied", error_description: "Invalid ID token" } : n;
|
|
1557
1557
|
} catch (n) {
|
|
1558
|
-
return
|
|
1558
|
+
return c.logger.error(h({ err: n })), {
|
|
1559
1559
|
error: "server_error",
|
|
1560
1560
|
error_description: "Error connecting to authorization server"
|
|
1561
1561
|
};
|
|
@@ -1570,7 +1570,7 @@ class cr {
|
|
|
1570
1570
|
*/
|
|
1571
1571
|
async pollDeviceCodeFlow(e) {
|
|
1572
1572
|
var t, o, i;
|
|
1573
|
-
if (
|
|
1573
|
+
if (c.logger.debug(h({ msg: "Starting device code flow" })), this.oidcConfig || await this.loadConfig(), !((t = this.oidcConfig) != null && t.grant_types_supported.includes("urn:ietf:params:oauth:grant-type:device_code")))
|
|
1574
1574
|
return {
|
|
1575
1575
|
error: "invalid_request",
|
|
1576
1576
|
error_description: "Server does not support device code grant"
|
|
@@ -1590,7 +1590,7 @@ class cr {
|
|
|
1590
1590
|
const s = await this.post((i = this.oidcConfig) == null ? void 0 : i.token_endpoint, n, this.authServerHeaders);
|
|
1591
1591
|
return s.error ? s : s.id_token && !await this.validateIdToken(s.id_token) ? { error: "access_denied", error_description: "Invalid ID token" } : s;
|
|
1592
1592
|
} catch (s) {
|
|
1593
|
-
return
|
|
1593
|
+
return c.logger.error(h({ err: s })), {
|
|
1594
1594
|
error: "server_error",
|
|
1595
1595
|
error_description: "Error connecting to authorization server"
|
|
1596
1596
|
};
|
|
@@ -1605,7 +1605,7 @@ class cr {
|
|
|
1605
1605
|
* @throws any exception raised by `fetch()`
|
|
1606
1606
|
*/
|
|
1607
1607
|
async post(e, t, o = {}) {
|
|
1608
|
-
|
|
1608
|
+
c.logger.debug(h({
|
|
1609
1609
|
msg: "Fetch POST",
|
|
1610
1610
|
url: e,
|
|
1611
1611
|
params: Object.keys(t)
|
|
@@ -1631,7 +1631,7 @@ class cr {
|
|
|
1631
1631
|
* @throws any exception raised by `fetch()`
|
|
1632
1632
|
*/
|
|
1633
1633
|
async get(e, t = {}) {
|
|
1634
|
-
|
|
1634
|
+
c.logger.debug(h({ msg: "Fetch GET", url: e }));
|
|
1635
1635
|
let o = {};
|
|
1636
1636
|
return this.authServerCredentials && (o.credentials = this.authServerCredentials), this.authServerMode && (o.mode = this.authServerMode), await (await fetch(e, {
|
|
1637
1637
|
method: "GET",
|
|
@@ -1670,7 +1670,7 @@ class cr {
|
|
|
1670
1670
|
try {
|
|
1671
1671
|
return await this.tokenConsumer.tokenAuthorized(e, "id");
|
|
1672
1672
|
} catch (t) {
|
|
1673
|
-
|
|
1673
|
+
c.logger.warn(h({ err: t }));
|
|
1674
1674
|
return;
|
|
1675
1675
|
}
|
|
1676
1676
|
}
|
|
@@ -1728,7 +1728,7 @@ class dr {
|
|
|
1728
1728
|
await this.loadJwks();
|
|
1729
1729
|
}
|
|
1730
1730
|
} catch (e) {
|
|
1731
|
-
throw
|
|
1731
|
+
throw c.logger.debug(h({ err: e })), new g(m.Connection, "Couldn't load keys");
|
|
1732
1732
|
}
|
|
1733
1733
|
}
|
|
1734
1734
|
/**
|
|
@@ -1751,7 +1751,7 @@ class dr {
|
|
|
1751
1751
|
try {
|
|
1752
1752
|
t = await fetch(new URL("/.well-known/openid-configuration", this.authServerBaseUrl));
|
|
1753
1753
|
} catch (o) {
|
|
1754
|
-
|
|
1754
|
+
c.logger.error(h({ err: o }));
|
|
1755
1755
|
}
|
|
1756
1756
|
if (!t || !t.ok)
|
|
1757
1757
|
throw new g(m.Connection, "Couldn't get OIDC configuration");
|
|
@@ -1787,7 +1787,7 @@ class dr {
|
|
|
1787
1787
|
try {
|
|
1788
1788
|
t = await fetch(new URL(this.oidcConfig.jwks_uri));
|
|
1789
1789
|
} catch (o) {
|
|
1790
|
-
|
|
1790
|
+
c.logger.error(h({ err: o }));
|
|
1791
1791
|
}
|
|
1792
1792
|
if (!t || !t.ok)
|
|
1793
1793
|
throw new g(m.Connection, "Couldn't get OIDC configuration");
|
|
@@ -1803,10 +1803,10 @@ class dr {
|
|
|
1803
1803
|
const s = await ue(o.keys[i]);
|
|
1804
1804
|
this.keys[n] = s;
|
|
1805
1805
|
} catch (n) {
|
|
1806
|
-
throw
|
|
1806
|
+
throw c.logger.error(h({ err: n })), new g(m.Connection, "Couldn't load keys");
|
|
1807
1807
|
}
|
|
1808
1808
|
} catch (o) {
|
|
1809
|
-
throw
|
|
1809
|
+
throw c.logger.error(h({ err: o })), new g(m.Connection, "Unrecognized response from OIDC jwks endpoint");
|
|
1810
1810
|
}
|
|
1811
1811
|
}
|
|
1812
1812
|
}
|
|
@@ -1826,27 +1826,27 @@ class dr {
|
|
|
1826
1826
|
const o = await this.validateToken(e);
|
|
1827
1827
|
if (o) {
|
|
1828
1828
|
if (o.type != t) {
|
|
1829
|
-
|
|
1829
|
+
c.logger.error(h({ msg: t + " expected but got " + o.type }));
|
|
1830
1830
|
return;
|
|
1831
1831
|
}
|
|
1832
1832
|
if (o.iss != this.authServerBaseUrl) {
|
|
1833
|
-
|
|
1833
|
+
c.logger.error(h({ msg: `Invalid issuer ${o.iss} in access token`, hashedAccessToken: await this.hash(o.jti) }));
|
|
1834
1834
|
return;
|
|
1835
1835
|
}
|
|
1836
1836
|
if (o.aud && (Array.isArray(o.aud) && !o.aud.includes(this.audience) || !Array.isArray(o.aud) && o.aud != this.audience)) {
|
|
1837
|
-
|
|
1837
|
+
c.logger.error(h({ msg: `Invalid audience ${o.aud} in access token`, hashedAccessToken: await this.hash(o.jti) }));
|
|
1838
1838
|
return;
|
|
1839
1839
|
}
|
|
1840
1840
|
return o;
|
|
1841
1841
|
}
|
|
1842
1842
|
}
|
|
1843
1843
|
async validateToken(e) {
|
|
1844
|
-
(!this.keys || Object.keys(this.keys).length == 0) &&
|
|
1844
|
+
(!this.keys || Object.keys(this.keys).length == 0) && c.logger.warn("No keys loaded so cannot validate tokens");
|
|
1845
1845
|
let t;
|
|
1846
1846
|
try {
|
|
1847
1847
|
t = nr(e).kid;
|
|
1848
1848
|
} catch {
|
|
1849
|
-
|
|
1849
|
+
c.logger.warn(h({ msg: "Invalid access token format" }));
|
|
1850
1850
|
return;
|
|
1851
1851
|
}
|
|
1852
1852
|
let o;
|
|
@@ -1857,18 +1857,18 @@ class dr {
|
|
|
1857
1857
|
break;
|
|
1858
1858
|
}
|
|
1859
1859
|
if (!o) {
|
|
1860
|
-
|
|
1860
|
+
c.logger.warn(h({ msg: "No matching keys found for access token" }));
|
|
1861
1861
|
return;
|
|
1862
1862
|
}
|
|
1863
1863
|
try {
|
|
1864
1864
|
const { payload: i } = await sr(e, o), n = JSON.parse(new TextDecoder().decode(i));
|
|
1865
1865
|
if (n.exp * 1e3 < Date.now() + this.clockTolerance) {
|
|
1866
|
-
|
|
1866
|
+
c.logger.warn(h({ msg: "Access token has expired" }));
|
|
1867
1867
|
return;
|
|
1868
1868
|
}
|
|
1869
1869
|
return n;
|
|
1870
1870
|
} catch {
|
|
1871
|
-
|
|
1871
|
+
c.logger.warn(h({ msg: "Access token did not validate" }));
|
|
1872
1872
|
return;
|
|
1873
1873
|
}
|
|
1874
1874
|
}
|
|
@@ -1898,34 +1898,42 @@ class Ae {
|
|
|
1898
1898
|
this.tokenProvider = e.tokenProvider, this.autoRefreshUrl = e.autoRefreshUrl, e.csrfHeader && (this.csrfHeader = e.csrfHeader), e.headers && (this.headers = e.headers), e.mode && (this.mode = e.mode), e.credentials && (this.credentials = e.credentials);
|
|
1899
1899
|
}
|
|
1900
1900
|
async startAutoRefresh(e = ["access", "id"], t) {
|
|
1901
|
-
|
|
1901
|
+
if (!this.autoRefreshActive) {
|
|
1902
|
+
this.autoRefreshActive = !0, c.logger.debug(h({ msg: "Starting auto refresh" }));
|
|
1903
|
+
try {
|
|
1904
|
+
await this.scheduleAutoRefresh(e, t);
|
|
1905
|
+
} catch (o) {
|
|
1906
|
+
const i = g.asCrossauthError(o);
|
|
1907
|
+
c.logger.error(h({ cerr: i })), c.logger.debug(h({ err: i }));
|
|
1908
|
+
}
|
|
1909
|
+
}
|
|
1902
1910
|
}
|
|
1903
1911
|
stopAutoRefresh() {
|
|
1904
|
-
this.autoRefreshActive = !1,
|
|
1912
|
+
this.autoRefreshActive = !1, c.logger.debug(h({ msg: "Stopping auto refresh" }));
|
|
1905
1913
|
}
|
|
1906
1914
|
async scheduleAutoRefresh(e, t) {
|
|
1907
1915
|
const o = this.tokenProvider.getCsrfToken(), i = o ? await o : void 0, n = await this.tokenProvider.getTokenExpiries([...e, "refresh"], i);
|
|
1908
1916
|
if (n.refresh == null) {
|
|
1909
|
-
|
|
1917
|
+
c.logger.debug(h({ msg: "No refresh token found" }));
|
|
1910
1918
|
return;
|
|
1911
1919
|
}
|
|
1912
1920
|
const s = Date.now();
|
|
1913
1921
|
let a = n.id;
|
|
1914
1922
|
if ((!a || n.access && n.access < a) && (a = n.access), !a) {
|
|
1915
|
-
|
|
1923
|
+
c.logger.debug(h({ msg: "No tokens expire" }));
|
|
1916
1924
|
return;
|
|
1917
1925
|
}
|
|
1918
|
-
const
|
|
1919
|
-
if (
|
|
1920
|
-
|
|
1926
|
+
const d = a * 1e3 - s - fe;
|
|
1927
|
+
if (d < 0) {
|
|
1928
|
+
c.logger.debug(h({ msg: "Expiry time has passed" }));
|
|
1921
1929
|
return;
|
|
1922
1930
|
}
|
|
1923
|
-
if (n.refresh && n.refresh - fe <
|
|
1924
|
-
|
|
1931
|
+
if (n.refresh && n.refresh - fe < d) {
|
|
1932
|
+
c.logger.debug(h({ msg: "Refresh token has expired" }));
|
|
1925
1933
|
return;
|
|
1926
1934
|
}
|
|
1927
1935
|
let u = (y) => new Promise((k) => setTimeout(k, y));
|
|
1928
|
-
|
|
1936
|
+
c.logger.debug(h({ msg: `Waiting ${d} before refreshing tokens` })), await u(d), await this.autoRefresh(e, i, t);
|
|
1929
1937
|
}
|
|
1930
1938
|
async autoRefresh(e, t, o) {
|
|
1931
1939
|
if (this.autoRefreshActive) {
|
|
@@ -1933,8 +1941,8 @@ class Ae {
|
|
|
1933
1941
|
for (; !n && s <= Z; )
|
|
1934
1942
|
try {
|
|
1935
1943
|
let a = { ...this.headers };
|
|
1936
|
-
t && (a[this.csrfHeader] = t),
|
|
1937
|
-
const
|
|
1944
|
+
t && (a[this.csrfHeader] = t), c.logger.debug(h({ msg: "Initiating auto refresh" }));
|
|
1945
|
+
const d = await this.tokenProvider.jsonFetchWithToken(
|
|
1938
1946
|
this.autoRefreshUrl,
|
|
1939
1947
|
{
|
|
1940
1948
|
method: "POST",
|
|
@@ -1951,19 +1959,19 @@ class Ae {
|
|
|
1951
1959
|
},
|
|
1952
1960
|
"refresh"
|
|
1953
1961
|
);
|
|
1954
|
-
if (
|
|
1962
|
+
if (d.ok || c.logger.error(h({ msg: "Failed auto refreshing tokens", status: d.status })), i = await d.json(), i != null && i.ok) {
|
|
1955
1963
|
await this.scheduleAutoRefresh(e, o), n = !0;
|
|
1956
1964
|
try {
|
|
1957
1965
|
await this.tokenProvider.receiveTokens(i);
|
|
1958
1966
|
} catch (u) {
|
|
1959
1967
|
const y = g.asCrossauthError(u);
|
|
1960
|
-
o ? o("Couldn't receive tokens", y) : (
|
|
1968
|
+
o ? o("Couldn't receive tokens", y) : (c.logger.debug(h({ err: u })), c.logger.error(h({ msg: "Error receiving tokens", cerr: y })));
|
|
1961
1969
|
}
|
|
1962
1970
|
} else
|
|
1963
|
-
s < Z ? (
|
|
1971
|
+
s < Z ? (c.logger.error(h({ msg: `Failed auto refreshing tokens. Retrying in ${ae} seconds` })), await ((y) => new Promise((k) => setTimeout(k, y)))(ae * 1e3)) : (c.logger.error(h({ msg: "Failed auto refreshing tokens. Number of retries exceeded" })), o && o("Failed auto refreshing tokens")), s++;
|
|
1964
1972
|
} catch (a) {
|
|
1965
|
-
const
|
|
1966
|
-
|
|
1973
|
+
const d = g.asCrossauthError(a);
|
|
1974
|
+
c.logger.debug(h({ err: d })), s < Z ? (c.logger.error(h({ msg: `Failed auto refreshing tokens. Retrying in ${Z} seconds` })), await ((y) => new Promise((k) => setTimeout(k, y)))(ae)) : (c.logger.error(h({ msg: "Failed auto refreshing tokens. Number of retries exceeded" })), o && o(d.message, d)), s++;
|
|
1967
1975
|
}
|
|
1968
1976
|
}
|
|
1969
1977
|
}
|
|
@@ -1989,18 +1997,18 @@ class Pe {
|
|
|
1989
1997
|
this.oauthClient = e.oauthClient, e.deviceCodePollUrl != null && (this.deviceCodePollUrl = e.deviceCodePollUrl), e.headers && (this.headers = e.headers), e.mode && (this.mode = e.mode), e.credentials && (this.credentials = e.credentials);
|
|
1990
1998
|
}
|
|
1991
1999
|
async startPolling(e, t, o = 5) {
|
|
1992
|
-
this.pollingActive || (this.pollingActive = !0,
|
|
2000
|
+
this.pollingActive || (this.pollingActive = !0, c.logger.debug(h({ msg: "Starting auto refresh" })), await this.poll(e, o, t));
|
|
1993
2001
|
}
|
|
1994
2002
|
stopPolling() {
|
|
1995
|
-
this.pollingActive = !1,
|
|
2003
|
+
this.pollingActive = !1, c.logger.debug(h({ msg: "Stopping auto refresh" }));
|
|
1996
2004
|
}
|
|
1997
2005
|
async poll(e, t, o) {
|
|
1998
2006
|
var i;
|
|
1999
2007
|
if (!e)
|
|
2000
|
-
|
|
2008
|
+
c.logger.debug(h({ msg: "device code poll: no device code provided" })), o("error", "Error waiting for authorization");
|
|
2001
2009
|
else
|
|
2002
2010
|
try {
|
|
2003
|
-
if (
|
|
2011
|
+
if (c.logger.debug(h({ msg: "device code poll: poll" })), !this.deviceCodePollUrl && this.oauthClient) {
|
|
2004
2012
|
if (this.oauthClient.getOidcConfig() || await this.oauthClient.loadConfig(), !((i = this.oauthClient.getOidcConfig()) != null && i.grant_types_supported.includes("http://auth0.com/oauth/grant-type/mfa-oob")))
|
|
2005
2013
|
return {
|
|
2006
2014
|
error: "invalid_request",
|
|
@@ -2029,18 +2037,18 @@ class Pe {
|
|
|
2029
2037
|
this.pollingActive = !1, o("error", "Received an error from the authorization server");
|
|
2030
2038
|
else {
|
|
2031
2039
|
const s = await n.json();
|
|
2032
|
-
if (
|
|
2040
|
+
if (c.logger.debug(h({ msg: "device code poll: received" + JSON.stringify(s) })), s.error == "expired_token")
|
|
2033
2041
|
this.pollingActive = !1, o("expired_token", "Timeout waiting for authorization");
|
|
2034
2042
|
else if (s.error == "authorization_pending" || s.error == "slow_down") {
|
|
2035
2043
|
s.error == "slow_down" && (t += 5);
|
|
2036
|
-
let a = s.interval ?? t,
|
|
2037
|
-
|
|
2044
|
+
let a = s.interval ?? t, d = (u) => new Promise((y) => setTimeout(y, u));
|
|
2045
|
+
c.logger.debug(h({ msg: "device code poll: waiting " + String(a) + " seconds" })), await d(a * 1e3), this.pollingActive && this.poll(e, t, o);
|
|
2038
2046
|
} else s.error ? (this.pollingActive = !1, o("error", s.error_description ?? s.error)) : (this.pollingActive = !1, o("complete"));
|
|
2039
2047
|
}
|
|
2040
2048
|
} catch (n) {
|
|
2041
2049
|
this.pollingActive = !1;
|
|
2042
2050
|
const s = g.asCrossauthError(n);
|
|
2043
|
-
|
|
2051
|
+
c.logger.debug(h({ err: s })), c.logger.error(h({ msg: "Polling failed", cerr: s })), o("error", s.message);
|
|
2044
2052
|
}
|
|
2045
2053
|
}
|
|
2046
2054
|
}
|
|
@@ -2203,8 +2211,8 @@ class ur {
|
|
|
2203
2211
|
...s
|
|
2204
2212
|
}
|
|
2205
2213
|
);
|
|
2206
|
-
let
|
|
2207
|
-
return a.body && (
|
|
2214
|
+
let d = null;
|
|
2215
|
+
return a.body && (d = await a.json()), { status: a.status, body: d };
|
|
2208
2216
|
}
|
|
2209
2217
|
/**
|
|
2210
2218
|
* Return all tokens that the client has been enabled to return.
|
|
@@ -2274,10 +2282,10 @@ class ur {
|
|
|
2274
2282
|
*/
|
|
2275
2283
|
async getTokenExpiries(e, t) {
|
|
2276
2284
|
const o = await this.getTokens(t), i = e.includes("id") ? (o == null ? void 0 : o.id_token) ?? null : null, n = e.includes("access") ? (o == null ? void 0 : o.access_token) ?? null : null, s = e.includes("refresh") ? (o == null ? void 0 : o.refresh_token) ?? null : null;
|
|
2277
|
-
let a,
|
|
2278
|
-
return i && (a = i.exp ? i.exp : null), n && (
|
|
2285
|
+
let a, d, u;
|
|
2286
|
+
return i && (a = i.exp ? i.exp : null), n && (d = n.exp ? n.exp : null), s && (u = s.exp ? s.exp : null), {
|
|
2279
2287
|
id: a,
|
|
2280
|
-
access:
|
|
2288
|
+
access: d,
|
|
2281
2289
|
refresh: u
|
|
2282
2290
|
};
|
|
2283
2291
|
}
|
|
@@ -2408,19 +2416,19 @@ class gr extends cr {
|
|
|
2408
2416
|
}
|
|
2409
2417
|
o ? this.validateIdToken(o).then((s) => {
|
|
2410
2418
|
b(this, R, s), t.autoRefresh && this.startAutoRefresh(t.autoRefresh).then().catch((a) => {
|
|
2411
|
-
|
|
2419
|
+
c.logger.debug(h({ err: a, msg: "Couldn't start auto refresh" }));
|
|
2412
2420
|
});
|
|
2413
2421
|
}).catch((s) => {
|
|
2414
|
-
|
|
2422
|
+
c.logger.debug(h({ err: s, msg: "Couldn't validate ID token" }));
|
|
2415
2423
|
}) : w(this, j) && t.autoRefresh && n ? this.startAutoRefresh(t.autoRefresh).then().catch((s) => {
|
|
2416
|
-
|
|
2424
|
+
c.logger.debug(h({ err: s, msg: "Couldn't start auto refresh" }));
|
|
2417
2425
|
}) : n && !i && this.refreshTokenFlow(n).then((s) => {
|
|
2418
|
-
|
|
2419
|
-
|
|
2426
|
+
c.logger.debug(h({ msg: "Refreshed tokens" })), t.autoRefresh && this.startAutoRefresh(t.autoRefresh).then().catch((a) => {
|
|
2427
|
+
c.logger.debug(h({ err: a, msg: "Couldn't start auto refresh" }));
|
|
2420
2428
|
});
|
|
2421
2429
|
}).catch((s) => {
|
|
2422
2430
|
const a = g.asCrossauthError(s);
|
|
2423
|
-
|
|
2431
|
+
c.logger.debug(h({ err: a })), c.logger.error(h({ msg: "failed refreshing tokens", cerr: a }));
|
|
2424
2432
|
});
|
|
2425
2433
|
}
|
|
2426
2434
|
get idTokenPayload() {
|
|
@@ -2458,14 +2466,14 @@ class gr extends cr {
|
|
|
2458
2466
|
if (!s && !i) return;
|
|
2459
2467
|
if (s) {
|
|
2460
2468
|
const u = g.fromOAuthError(s, a);
|
|
2461
|
-
throw
|
|
2469
|
+
throw c.logger.debug(h({ err: u })), c.logger.error(h({ cerr: u, msg: "Error from authorize endpoint: " + s })), u;
|
|
2462
2470
|
}
|
|
2463
|
-
const
|
|
2464
|
-
if (
|
|
2465
|
-
const u = g.fromOAuthError(
|
|
2466
|
-
throw
|
|
2471
|
+
const d = await this.redirectEndpoint(i, n, s, a);
|
|
2472
|
+
if (d.error) {
|
|
2473
|
+
const u = g.fromOAuthError(d.error, a);
|
|
2474
|
+
throw c.logger.debug(h({ err: u })), c.logger.error(h({ cerr: u, msg: "Error from redirect endpoint: " + d.error })), u;
|
|
2467
2475
|
}
|
|
2468
|
-
return await this.receiveTokens(
|
|
2476
|
+
return await this.receiveTokens(d), d;
|
|
2469
2477
|
}
|
|
2470
2478
|
/**
|
|
2471
2479
|
* Turns auto refresh of tokens on
|
|
@@ -2525,7 +2533,7 @@ class gr extends cr {
|
|
|
2525
2533
|
*/
|
|
2526
2534
|
async sha256(t) {
|
|
2527
2535
|
const i = new TextEncoder().encode(t), n = await crypto.subtle.digest("SHA-256", i), s = Array.from(new Uint8Array(n));
|
|
2528
|
-
return btoa(s.reduce((a,
|
|
2536
|
+
return btoa(s.reduce((a, d) => a + String.fromCharCode(d), "")).replace(/\//g, "_").replace(/\+/g, "-").replace(/=+$/, "");
|
|
2529
2537
|
}
|
|
2530
2538
|
/**
|
|
2531
2539
|
* Calls an API endpoint on the resource server
|
|
@@ -2541,7 +2549,7 @@ class gr extends cr {
|
|
|
2541
2549
|
i && (s.body = JSON.stringify(i));
|
|
2542
2550
|
let a;
|
|
2543
2551
|
this.accessTokenResponseType == "sessionStorage" ? a = sessionStorage.getItem(this.accessTokenName) : this.accessTokenResponseType == "localStorage" && (a = localStorage.getItem(this.accessTokenName)), n.authorization = "Bearer " + a;
|
|
2544
|
-
const
|
|
2552
|
+
const d = await fetch(
|
|
2545
2553
|
this.resServerBaseUrl + o,
|
|
2546
2554
|
{
|
|
2547
2555
|
headers: n,
|
|
@@ -2552,7 +2560,7 @@ class gr extends cr {
|
|
|
2552
2560
|
}
|
|
2553
2561
|
);
|
|
2554
2562
|
let u = null;
|
|
2555
|
-
return
|
|
2563
|
+
return d.body && (u = await d.json()), { status: d.status, body: u };
|
|
2556
2564
|
}
|
|
2557
2565
|
///////////////////////////////////////////////////////////
|
|
2558
2566
|
// OAuthTokenProvider interface
|
|
@@ -2691,7 +2699,7 @@ class gr extends cr {
|
|
|
2691
2699
|
i.error ?? "Couldn't create URL for authorization code flow",
|
|
2692
2700
|
i.error_description
|
|
2693
2701
|
);
|
|
2694
|
-
throw
|
|
2702
|
+
throw c.logger.debug(h({ err: n })), n;
|
|
2695
2703
|
}
|
|
2696
2704
|
location.href = i.url;
|
|
2697
2705
|
}
|
|
@@ -2699,7 +2707,7 @@ class gr extends cr {
|
|
|
2699
2707
|
j = new WeakMap(), O = new WeakMap(), R = new WeakMap(), K = new WeakMap(), D = new WeakMap(), B = new WeakMap(), L = new WeakMap();
|
|
2700
2708
|
export {
|
|
2701
2709
|
g as CrossauthError,
|
|
2702
|
-
|
|
2710
|
+
c as CrossauthLogger,
|
|
2703
2711
|
Ae as OAuthAutoRefresher,
|
|
2704
2712
|
ur as OAuthBffClient,
|
|
2705
2713
|
gr as OAuthClient,
|