@darajs/core 1.22.4 → 1.23.0

package/dist/auth/index.d.ts

@@ -3,4 +3,7 @@ export * from './auth';
 export { default as BasicAuthLogin } from './basic/basic-auth-login';
 export { default as BasicAuthLogout } from './basic/basic-auth-logout';
 export { default as DefaultAuthLogin } from './default/default-auth-login';
+export { default as OIDCAuthLogin } from './oidc/oidc-login';
+export { default as OIDCAuthLogout } from './oidc/oidc-logout';
+export { default as OIDCAuthSSOCallback } from './oidc/sso-callback';
 //# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../js/auth/index.tsx"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,QAAQ,CAAC;AACvB,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,8BAA8B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../js/auth/index.tsx"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,QAAQ,CAAC;AACvB,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAE3E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/auth/index.js

@@ -3,4 +3,7 @@ export * from './auth';
 export { default as BasicAuthLogin } from './basic/basic-auth-login';
 export { default as BasicAuthLogout } from './basic/basic-auth-logout';
 export { default as DefaultAuthLogin } from './default/default-auth-login';
+export { default as OIDCAuthLogin } from './oidc/oidc-login';
+export { default as OIDCAuthLogout } from './oidc/oidc-logout';
+export { default as OIDCAuthSSOCallback } from './oidc/sso-callback';
 //# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../js/auth/index.tsx"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,QAAQ,CAAC;AACvB,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,8BAA8B,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../js/auth/index.tsx"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,QAAQ,CAAC;AACvB,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAE3E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,OAAO,IAAI,mBAAmB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/auth/oidc/oidc-login.d.ts

@@ -0,0 +1,6 @@
+/**
+ * The Login component gets the username and password from the user and generates a session token.
+ */
+declare function OIDCAuthLogin(): JSX.Element;
+export default OIDCAuthLogin;
+//# sourceMappingURL=oidc-login.d.ts.map

package/dist/auth/oidc/oidc-login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-login.d.ts","sourceRoot":"","sources":["../../../js/auth/oidc/oidc-login.tsx"],"names":[],"mappings":"AAaA;;GAEG;AACH,iBAAS,aAAa,IAAI,GAAG,CAAC,OAAO,CAmEpC;AAED,eAAe,aAAa,CAAC"}

package/dist/auth/oidc/oidc-login.js

@@ -0,0 +1,82 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { jsx as _jsx } from "react/jsx-runtime";
+import { useCallback, useEffect, useMemo } from 'react';
+import { useLocation, useNavigate } from 'react-router';
+import { HTTP_METHOD } from '@darajs/ui-utils';
+import { request } from '../../api/http';
+import DefaultFallback from '../../components/fallback/default';
+import { useRouterContext } from '../../router/context';
+import Center from '../../shared/center/center';
+import { handleAuthErrors, verifySessionToken } from '../auth';
+import { useSessionToken } from '../use-session-token';
+/**
+ * The Login component gets the username and password from the user and generates a session token.
+ */
+function OIDCAuthLogin() {
+    const navigate = useNavigate();
+    const location = useLocation();
+    const token = useSessionToken();
+    const { defaultPath } = useRouterContext();
+    const previousLocation = useMemo(() => {
+        var _a;
+        const queryParams = new URLSearchParams(location.search);
+        return (_a = queryParams.get('referrer')) !== null && _a !== void 0 ? _a : defaultPath;
+    }, [location, defaultPath]);
+    /**
+     * Verify existing token
+     */
+    const verifyToken = useCallback(() => __awaiter(this, void 0, void 0, function* () {
+        // send a call to backend to check the token (token will be automatically sent in the headers)
+        const verified = yield verifySessionToken();
+        // token is valid, redirect back
+        if (verified) {
+            navigate(decodeURIComponent(previousLocation), { replace: true });
+        }
+        else {
+            // not valid, go to logout to clear the token
+            navigate('/logout', { replace: true });
+        }
+    }), [previousLocation, navigate]);
+    /**
+     * Get new token
+     */
+    const getNewToken = useCallback(() => __awaiter(this, void 0, void 0, function* () {
+        const res = yield request('/api/auth/session', {
+            body: JSON.stringify({
+                redirect_to: previousLocation,
+            }),
+            method: HTTP_METHOD.POST,
+        });
+        // check for auth errors, redirecting to /error as needed
+        const loggedOut = yield handleAuthErrors(res, false);
+        if (loggedOut) {
+            return;
+        }
+        // Redirect to the SSO login page
+        // The redirect_uri already contains the state parameter with the encoded redirect URL
+        if (res.ok) {
+            const resContent = yield res.json();
+            window.location.href = resContent.redirect_uri;
+        }
+    }), [previousLocation]);
+    useEffect(() => {
+        // If we landed on this page with a token already, verify it
+        if (token) {
+            verifyToken();
+        }
+        else {
+            getNewToken();
+        }
+    }, [getNewToken, verifyToken, token]);
+    return (_jsx(Center, { children: _jsx(DefaultFallback, {}) }));
+}
+export default OIDCAuthLogin;
+//# sourceMappingURL=oidc-login.js.map

package/dist/auth/oidc/oidc-login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-login.js","sourceRoot":"","sources":["../../../js/auth/oidc/oidc-login.tsx"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAExD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,eAAe,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,MAAM,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD;;GAEG;AACH,SAAS,aAAa;IAClB,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,MAAM,EAAE,WAAW,EAAE,GAAG,gBAAgB,EAAE,CAAC;IAE3C,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,EAAE;;QAClC,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzD,OAAO,MAAA,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,mCAAI,WAAW,CAAC;IACtD,CAAC,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;IAE5B;;OAEG;IACH,MAAM,WAAW,GAAG,WAAW,CAAC,GAAwB,EAAE;QACtD,8FAA8F;QAC9F,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE5C,gCAAgC;QAChC,IAAI,QAAQ,EAAE,CAAC;YACX,QAAQ,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACJ,6CAA6C;YAC7C,QAAQ,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,CAAC;IACL,CAAC,CAAA,EAAE,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEjC;;OAEG;IACH,MAAM,WAAW,GAAG,WAAW,CAAC,GAAwB,EAAE;QACtD,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,mBAAmB,EAAE;YAC3C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACjB,WAAW,EAAE,gBAAgB;aAChC,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,IAAI;SAC3B,CAAC,CAAC;QAEH,yDAAyD;QACzD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAErD,IAAI,SAAS,EAAE,CAAC;YACZ,OAAO;QACX,CAAC;QAED,iCAAiC;QACjC,sFAAsF;QACtF,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACT,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC;QACnD,CAAC;IACL,CAAC,CAAA,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,SAAS,CAAC,GAAG,EAAE;QACX,4DAA4D;QAC5D,IAAI,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,CAAC;QAClB,CAAC;aAAM,CAAC;YACJ,WAAW,EAAE,CAAC;QAClB,CAAC;IACL,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;IAEtC,OAAO,CACH,KAAC,MAAM,cACH,KAAC,eAAe,KAAG,GACd,CACZ,CAAC;AACN,CAAC;AAED,eAAe,aAAa,CAAC"}

package/dist/auth/oidc/oidc-logout.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Auth component that handles OIDC logout.
+ *
+ * If the IDP supports RP-Initiated Logout, redirects to the IDP's end_session_endpoint
+ * with post_logout_redirect_uri pointing back to /login.
+ *
+ * If the IDP doesn't support logout (server returns { success: true }), simply
+ * clears the local session and redirects to /login.
+ */
+declare function OIDCAuthLogout(): JSX.Element;
+export default OIDCAuthLogout;
+//# sourceMappingURL=oidc-logout.d.ts.map

package/dist/auth/oidc/oidc-logout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-logout.d.ts","sourceRoot":"","sources":["../../../js/auth/oidc/oidc-logout.tsx"],"names":[],"mappings":"AASA;;;;;;;;GAQG;AACH,iBAAS,cAAc,IAAI,GAAG,CAAC,OAAO,CA6BrC;AAED,eAAe,cAAc,CAAC"}

package/dist/auth/oidc/oidc-logout.js

@@ -0,0 +1,40 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+import { useEffect } from 'react';
+import { useNavigate } from 'react-router';
+import DefaultFallback from '../../components/fallback/default';
+import Center from '../../shared/center/center';
+import { revokeSession } from '../auth';
+import { setSessionToken } from '../use-session-token';
+/**
+ * Auth component that handles OIDC logout.
+ *
+ * If the IDP supports RP-Initiated Logout, redirects to the IDP's end_session_endpoint
+ * with post_logout_redirect_uri pointing back to /login.
+ *
+ * If the IDP doesn't support logout (server returns { success: true }), simply
+ * clears the local session and redirects to /login.
+ */
+function OIDCAuthLogout() {
+    const navigate = useNavigate();
+    useEffect(() => {
+        revokeSession().then((responseData) => {
+            // Always clear the local session token
+            setSessionToken(null);
+            // Check if we got a redirect URL (IDP supports RP-Initiated Logout)
+            if (responseData && 'redirect_uri' in responseData) {
+                // Append the post_logout_redirect_uri to redirect back to /login after IDP logout
+                const loginUrl = new URL('/login', window.location.origin);
+                const finalRedirectUrl = new URL(responseData.redirect_uri);
+                finalRedirectUrl.searchParams.append('post_logout_redirect_uri', loginUrl.toString());
+                window.location.href = finalRedirectUrl.toString();
+                return;
+            }
+            // No redirect URL - IDP doesn't support logout, just go to login
+            navigate('/login');
+        });
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, []);
+    return (_jsx(Center, { children: _jsx(DefaultFallback, {}) }));
+}
+export default OIDCAuthLogout;
+//# sourceMappingURL=oidc-logout.js.map

package/dist/auth/oidc/oidc-logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-logout.js","sourceRoot":"","sources":["../../../js/auth/oidc/oidc-logout.tsx"],"names":[],"mappings":";AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,eAAe,MAAM,+BAA+B,CAAC;AAC5D,OAAO,MAAM,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD;;;;;;;;GAQG;AACH,SAAS,cAAc;IACnB,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAE/B,SAAS,CAAC,GAAG,EAAE;QACX,aAAa,EAAE,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;YAClC,uCAAuC;YACvC,eAAe,CAAC,IAAI,CAAC,CAAC;YAEtB,oEAAoE;YACpE,IAAI,YAAY,IAAI,cAAc,IAAI,YAAY,EAAE,CAAC;gBACjD,kFAAkF;gBAClF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC3D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;gBAC5D,gBAAgB,CAAC,YAAY,CAAC,MAAM,CAAC,0BAA0B,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACtF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,gBAAgB,CAAC,QAAQ,EAAE,CAAC;gBACnD,OAAO;YACX,CAAC;YAED,iEAAiE;YACjE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QACH,uDAAuD;IAC3D,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO,CACH,KAAC,MAAM,cACH,KAAC,eAAe,KAAG,GACd,CACZ,CAAC;AACN,CAAC;AAED,eAAe,cAAc,CAAC"}

package/dist/auth/oidc/sso-callback.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Makes a call to /sso-callback and returns a new token
+ * Returns null if no token was returned (i.e. 403)
+ *
+ * @param search current search string
+ */
+export declare function getSSOCallbackToken(search: string, defaultPath: string): Promise<{
+    token: string;
+    redirectTo: string;
+} | null>;
+declare function OIDCAuthSSOCallback(): JSX.Element;
+export default OIDCAuthSSOCallback;
+//# sourceMappingURL=sso-callback.d.ts.map

package/dist/auth/oidc/sso-callback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-callback.d.ts","sourceRoot":"","sources":["../../../js/auth/oidc/sso-callback.tsx"],"names":[],"mappings":"AA0CA;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACrC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA8BvD;AAED,iBAAS,mBAAmB,IAAI,GAAG,CAAC,OAAO,CA0B1C;AAED,eAAe,mBAAmB,CAAC"}

package/dist/auth/oidc/sso-callback.js

@@ -0,0 +1,105 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { jsx as _jsx } from "react/jsx-runtime";
+import { jwtDecode } from 'jwt-decode';
+import { useEffect } from 'react';
+import { useLocation, useNavigate } from 'react-router';
+import { HTTP_METHOD } from '@darajs/ui-utils';
+import { request } from '../../api/http';
+import DefaultFallback from '../../components/fallback/default';
+import { useRouterContext } from '../../router/context';
+import Center from '../../shared/center/center';
+import { handleAuthErrors } from '../auth';
+import { setSessionToken } from '../use-session-token';
+/**
+ * Decode the state parameter which is a JWT containing the redirect URL.
+ *
+ * @param state The state parameter from the callback URL
+ * @returns The redirect URL extracted from the state
+ */
+function decodeStateRedirect(state) {
+    var _a;
+    if (!state) {
+        return null;
+    }
+    try {
+        const payload = jwtDecode(state);
+        return (_a = payload.redirect_to) !== null && _a !== void 0 ? _a : null;
+    }
+    catch (_b) {
+        // If decoding fails, try using the raw state as a URL (fallback for non-JWT states)
+        try {
+            return decodeURIComponent(state);
+        }
+        catch (_c) {
+            return null;
+        }
+    }
+}
+/**
+ * Makes a call to /sso-callback and returns a new token
+ * Returns null if no token was returned (i.e. 403)
+ *
+ * @param search current search string
+ */
+export function getSSOCallbackToken(search, defaultPath) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var _a;
+        try {
+            const params = new URLSearchParams(search);
+            const state = params.get('state');
+            const res = yield request('/api/auth/sso-callback', {
+                body: JSON.stringify({
+                    auth_code: params.get('code'),
+                    state,
+                }),
+                method: HTTP_METHOD.POST,
+            });
+            const shouldLogOut = yield handleAuthErrors(res);
+            if (shouldLogOut) {
+                return null;
+            }
+            if (res.ok) {
+                const { token } = yield res.json();
+                return {
+                    token,
+                    redirectTo: (_a = decodeStateRedirect(state)) !== null && _a !== void 0 ? _a : defaultPath,
+                };
+            }
+            throw new Error(`${res.status}: ${res.statusText}`);
+        }
+        catch (_b) {
+            return null;
+        }
+    });
+}
+function OIDCAuthSSOCallback() {
+    const { search } = useLocation();
+    const navigate = useNavigate();
+    const routerContext = useRouterContext();
+    useEffect(() => {
+        getSSOCallbackToken(search, routerContext.defaultPath)
+            .then((result) => {
+            if (result) {
+                setSessionToken(result.token);
+                navigate(result.redirectTo);
+            }
+        })
+            .catch((err) => {
+            // eslint-disable-next-line no-console
+            console.error('Failed to run SSO callback', err);
+            navigate('/logout');
+        });
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, []);
+    return (_jsx(Center, { children: _jsx(DefaultFallback, {}) }));
+}
+export default OIDCAuthSSOCallback;
+//# sourceMappingURL=sso-callback.js.map

package/dist/auth/oidc/sso-callback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-callback.js","sourceRoot":"","sources":["../../../js/auth/oidc/sso-callback.tsx"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAExD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,eAAe,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,MAAM,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAMvD;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,KAAoB;;IAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CAAe,KAAK,CAAC,CAAC;QAC/C,OAAO,MAAA,OAAO,CAAC,WAAW,mCAAI,IAAI,CAAC;IACvC,CAAC;IAAC,WAAM,CAAC;QACL,oFAAoF;QACpF,IAAI,CAAC;YACD,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAAC,WAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAgB,mBAAmB,CACrC,MAAc,EACd,WAAmB;;;QAEnB,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,wBAAwB,EAAE;gBAChD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACjB,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;oBAC7B,KAAK;iBACR,CAAC;gBACF,MAAM,EAAE,WAAW,CAAC,IAAI;aAC3B,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACjD,IAAI,YAAY,EAAE,CAAC;gBACf,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACT,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBACnC,OAAO;oBACH,KAAK;oBACL,UAAU,EAAE,MAAA,mBAAmB,CAAC,KAAK,CAAC,mCAAI,WAAW;iBACxD,CAAC;YACN,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;QACxD,CAAC;QAAC,WAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;CAAA;AAED,SAAS,mBAAmB;IACxB,MAAM,EAAE,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IAEzC,SAAS,CAAC,GAAG,EAAE;QACX,mBAAmB,CAAC,MAAM,EAAE,aAAa,CAAC,WAAW,CAAC;aACjD,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACb,IAAI,MAAM,EAAE,CAAC;gBACT,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAChC,CAAC;QACL,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACX,sCAAsC;YACtC,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;YACjD,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC,CAAC,CAAC;QACP,uDAAuD;IAC3D,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO,CACH,KAAC,MAAM,cACH,KAAC,eAAe,KAAG,GACd,CACZ,CAAC;AACN,CAAC;AAED,eAAe,mBAAmB,CAAC"}

package/dist/types/auth.d.ts

@@ -8,8 +8,4 @@ export interface UserData {
     identity_id?: string;
     identity_name: string;
 }
-export declare enum AuthType {
-    BASIC = "BASIC",
-    SSO = "SSO"
-}
 //# sourceMappingURL=auth.d.ts.map

package/dist/types/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../js/types/auth.tsx"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACzB;AAED,oBAAY,QAAQ;IAChB,KAAK,UAAU;IACf,GAAG,QAAQ;CACd"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../js/types/auth.tsx"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACzB"}

package/dist/types/auth.js

@@ -1,6 +1 @@
-export var AuthType;
-(function (AuthType) {
-    AuthType["BASIC"] = "BASIC";
-    AuthType["SSO"] = "SSO";
-})(AuthType || (AuthType = {}));
 //# sourceMappingURL=auth.js.map

package/dist/types/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../js/types/auth.tsx"],"names":[],"mappings":"AAYA,MAAM,CAAN,IAAY,QAGX;AAHD,WAAY,QAAQ;IAChB,2BAAe,CAAA;IACf,uBAAW,CAAA;AACf,CAAC,EAHW,QAAQ,KAAR,QAAQ,QAGnB"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../js/types/auth.tsx"],"names":[],"mappings":""}

package/dist/umd/dara.core.umd.cjs

@@ -40389,11 +40389,6 @@ You must set sticky: 'left' | 'right' for the '${bugWithUnderColumnsSticky.Heade
     const mergedInits = React$1.useMemo(() => mergeRequestInits(parentOptions, options), [parentOptions, options]);
     return /* @__PURE__ */ React.createElement(requestExtrasCtx.Provider, { value: { options: mergedInits } }, children);
   }
-  var AuthType = /* @__PURE__ */ ((AuthType2) => {
-    AuthType2["BASIC"] = "BASIC";
-    AuthType2["SSO"] = "SSO";
-    return AuthType2;
-  })(AuthType || {});
   function $constructor(name, initializer2, params) {
     function init(inst, def) {
       var _a;
@@ -74361,6 +74356,178 @@ Inferred class string: "${iconClasses}."`
     }, []);
     return /* @__PURE__ */ React.createElement(Center, null, /* @__PURE__ */ React.createElement(DefaultFallback$1, null));
   }
+  function OIDCAuthLogin() {
+    const navigate = useNavigate();
+    const location2 = useLocation();
+    const token = useSessionToken();
+    const { defaultPath } = useRouterContext();
+    const previousLocation = React$1.useMemo(() => {
+      const queryParams = new URLSearchParams(location2.search);
+      return queryParams.get("referrer") ?? defaultPath;
+    }, [location2, defaultPath]);
+    const verifyToken = React$1.useCallback(async () => {
+      const verified = await verifySessionToken();
+      if (verified) {
+        navigate(decodeURIComponent(previousLocation), { replace: true });
+      } else {
+        navigate("/logout", { replace: true });
+      }
+    }, [previousLocation, navigate]);
+    const getNewToken = React$1.useCallback(async () => {
+      const res = await request("/api/auth/session", {
+        body: JSON.stringify({
+          redirect_to: previousLocation
+        }),
+        method: HTTP_METHOD.POST
+      });
+      const loggedOut = await handleAuthErrors(res, false);
+      if (loggedOut) {
+        return;
+      }
+      if (res.ok) {
+        const resContent = await res.json();
+        window.location.href = resContent.redirect_uri;
+      }
+    }, [previousLocation]);
+    React$1.useEffect(() => {
+      if (token) {
+        verifyToken();
+      } else {
+        getNewToken();
+      }
+    }, [getNewToken, verifyToken, token]);
+    return /* @__PURE__ */ React.createElement(Center, null, /* @__PURE__ */ React.createElement(DefaultFallback$1, null));
+  }
+  function OIDCAuthLogout() {
+    const navigate = useNavigate();
+    React$1.useEffect(() => {
+      revokeSession().then((responseData) => {
+        setSessionToken(null);
+        if (responseData && "redirect_uri" in responseData) {
+          const loginUrl = new URL("/login", window.location.origin);
+          const finalRedirectUrl = new URL(responseData.redirect_uri);
+          finalRedirectUrl.searchParams.append("post_logout_redirect_uri", loginUrl.toString());
+          window.location.href = finalRedirectUrl.toString();
+          return;
+        }
+        navigate("/login");
+      });
+    }, []);
+    return /* @__PURE__ */ React.createElement(Center, null, /* @__PURE__ */ React.createElement(DefaultFallback$1, null));
+  }
+  class InvalidTokenError extends Error {
+  }
+  InvalidTokenError.prototype.name = "InvalidTokenError";
+  function b64DecodeUnicode(str) {
+    return decodeURIComponent(atob(str).replace(/(.)/g, (m, p2) => {
+      let code = p2.charCodeAt(0).toString(16).toUpperCase();
+      if (code.length < 2) {
+        code = "0" + code;
+      }
+      return "%" + code;
+    }));
+  }
+  function base64UrlDecode(str) {
+    let output = str.replace(/-/g, "+").replace(/_/g, "/");
+    switch (output.length % 4) {
+      case 0:
+        break;
+      case 2:
+        output += "==";
+        break;
+      case 3:
+        output += "=";
+        break;
+      default:
+        throw new Error("base64 string is not of the correct length");
+    }
+    try {
+      return b64DecodeUnicode(output);
+    } catch (err2) {
+      return atob(output);
+    }
+  }
+  function jwtDecode(token, options) {
+    if (typeof token !== "string") {
+      throw new InvalidTokenError("Invalid token specified: must be a string");
+    }
+    options || (options = {});
+    const pos = options.header === true ? 0 : 1;
+    const part = token.split(".")[pos];
+    if (typeof part !== "string") {
+      throw new InvalidTokenError(`Invalid token specified: missing part #${pos + 1}`);
+    }
+    let decoded;
+    try {
+      decoded = base64UrlDecode(part);
+    } catch (e2) {
+      throw new InvalidTokenError(`Invalid token specified: invalid base64 for part #${pos + 1} (${e2.message})`);
+    }
+    try {
+      return JSON.parse(decoded);
+    } catch (e2) {
+      throw new InvalidTokenError(`Invalid token specified: invalid json for part #${pos + 1} (${e2.message})`);
+    }
+  }
+  function decodeStateRedirect(state) {
+    if (!state) {
+      return null;
+    }
+    try {
+      const payload = jwtDecode(state);
+      return payload.redirect_to ?? null;
+    } catch {
+      try {
+        return decodeURIComponent(state);
+      } catch {
+        return null;
+      }
+    }
+  }
+  async function getSSOCallbackToken(search, defaultPath) {
+    try {
+      const params = new URLSearchParams(search);
+      const state = params.get("state");
+      const res = await request("/api/auth/sso-callback", {
+        body: JSON.stringify({
+          auth_code: params.get("code"),
+          state
+        }),
+        method: HTTP_METHOD.POST
+      });
+      const shouldLogOut = await handleAuthErrors(res);
+      if (shouldLogOut) {
+        return null;
+      }
+      if (res.ok) {
+        const { token } = await res.json();
+        return {
+          token,
+          redirectTo: decodeStateRedirect(state) ?? defaultPath
+        };
+      }
+      throw new Error(`${res.status}: ${res.statusText}`);
+    } catch {
+      return null;
+    }
+  }
+  function OIDCAuthSSOCallback() {
+    const { search } = useLocation();
+    const navigate = useNavigate();
+    const routerContext = useRouterContext();
+    React$1.useEffect(() => {
+      getSSOCallbackToken(search, routerContext.defaultPath).then((result) => {
+        if (result) {
+          setSessionToken(result.token);
+          navigate(result.redirectTo);
+        }
+      }).catch((err2) => {
+        console.error("Failed to run SSO callback", err2);
+        navigate("/logout");
+      });
+    }, []);
+    return /* @__PURE__ */ React.createElement(Center, null, /* @__PURE__ */ React.createElement(DefaultFallback$1, null));
+  }
   const CenteredDivWithGap$1 = styled(Center)`
     gap: 1rem;
     margin: 10px;
@@ -98864,7 +99031,6 @@ body,
     return /* @__PURE__ */ React.createElement(DynamicComponent$1, { component });
   }
   exports.ActionImpl = ActionImpl;
-  exports.AuthType = AuthType;
   exports.AuthenticatedRoot = AuthenticatedRoot;
   exports.BasicAuthLogin = BasicAuthLogin;
   exports.BasicAuthLogout = BasicAuthLogout;
@@ -98897,6 +99063,9 @@ body,
   exports.NavigateTo = NavigateTo;
   exports.Notifications = index$1;
   exports.Notify = Notify;
+  exports.OIDCAuthLogin = OIDCAuthLogin;
+  exports.OIDCAuthLogout = OIDCAuthLogout;
+  exports.OIDCAuthSSOCallback = OIDCAuthSSOCallback;
   exports.Outlet = Outlet;
   exports.PartialRequestExtrasProvider = PartialRequestExtrasProvider;
   exports.PoweredByCausalens = PoweredByCausalens;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@darajs/core",
-  "version": "1.22.4",
+  "version": "1.23.0",
   "description": "Dara Framework core",
   "main": "dist/index.js",
   "module": "dist/index.js",
@@ -39,9 +39,9 @@
     "@babel/preset-env": "^7.23.0",
     "@babel/preset-react": "^7.22.15",
     "@babel/preset-typescript": "^7.23.0",
-    "@darajs/eslint-config": "1.22.4",
-    "@darajs/prettier-config": "1.22.4",
-    "@darajs/stylelint-config": "1.22.4",
+    "@darajs/eslint-config": "1.23.0",
+    "@darajs/prettier-config": "1.23.0",
+    "@darajs/stylelint-config": "1.23.0",
     "@rollup/plugin-inject": "^4.0.4",
     "@testing-library/dom": "^9.3.0",
     "@testing-library/jest-dom": "^6.0.0",
@@ -75,10 +75,10 @@
     "whatwg-fetch": "^3.6.20"
   },
   "dependencies": {
-    "@darajs/styled-components": "1.22.4",
-    "@darajs/ui-components": "1.22.4",
-    "@darajs/ui-notifications": "1.22.4",
-    "@darajs/ui-utils": "1.22.4",
+    "@darajs/styled-components": "1.23.0",
+    "@darajs/ui-components": "1.23.0",
+    "@darajs/ui-notifications": "1.23.0",
+    "@darajs/ui-utils": "1.23.0",
     "@fortawesome/fontawesome-free": "~6.4.0",
     "@recoiljs/refine": "^0.1.1",
     "@tanstack/query-core": "^4.40.0",
@@ -87,6 +87,7 @@
     "exceljs": "^4.3.0",
     "fast-json-patch": "^3.1.1",
     "file-saver": "^2.0.5",
+    "jwt-decode": "^4.0.0",
     "lodash": "^4.17.21",
     "nanoid": "^3.3.0",
     "nprogress": "^0.2.0",
@@ -116,5 +117,5 @@
   "engines": {
     "node": ">=20.19.0"
   },
-  "gitHead": "fa0e89c75ecd2a39bda5ca938239d069286f1e34"
+  "gitHead": "1dee57b6df63904db955f9abf4f984040baab0eb"
 }

package/dist/pages/sso-callback-page.d.ts

@@ -1,7 +0,0 @@
-import * as React from 'react';
-/**
- * SSO Auth callback placeholder
- */
-declare function SSOCallbackPage(): React.ReactNode;
-export default SSOCallbackPage;
-//# sourceMappingURL=sso-callback-page.d.ts.map

package/dist/pages/sso-callback-page.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sso-callback-page.d.ts","sourceRoot":"","sources":["../../js/pages/sso-callback-page.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,iBAAS,eAAe,IAAI,KAAK,CAAC,SAAS,CAE1C;AAED,eAAe,eAAe,CAAC"}

package/dist/pages/sso-callback-page.js

@@ -1,9 +0,0 @@
-import * as React from 'react';
-/**
- * SSO Auth callback placeholder
- */
-function SSOCallbackPage() {
-    return null;
-}
-export default SSOCallbackPage;
-//# sourceMappingURL=sso-callback-page.js.map

package/dist/pages/sso-callback-page.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"sso-callback-page.js","sourceRoot":"","sources":["../../js/pages/sso-callback-page.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,SAAS,eAAe;IACpB,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,eAAe,eAAe,CAAC"}