@descope/web-js-sdk 1.38.2 → 1.39.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -0
- package/dist/cjs/index.cjs.js +1 -1
- package/dist/cjs/index.cjs.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.esm.js +1 -1
- package/dist/index.esm.js.map +1 -1
- package/dist/index.umd.js +2 -2
- package/dist/index.umd.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -134,6 +134,31 @@ const sdk = descopeSdk({
|
|
|
134
134
|
});
|
|
135
135
|
```
|
|
136
136
|
|
|
137
|
+
#### Using Inbound Apps as OIDC Provider
|
|
138
|
+
|
|
139
|
+
To use an inbound app as an OIDC provider, you must provide both the `issuer` and `clientId` configuration options. The `issuer` is the OIDC authority URL, and the `clientId` is the client ID for your inbound app.
|
|
140
|
+
|
|
141
|
+
> **Note:** When configuring an inbound app as an OIDC provider, you must obtain the issuer URL directly from the inbound app settings page in the Descope console. The issuer URL is specific to your inbound app configuration and cannot be constructed manually. In addition, you'll need to provide the client ID from the same inbound app settings.
|
|
142
|
+
|
|
143
|
+
```js
|
|
144
|
+
// Initialize the SDK with inbound app OIDC configuration
|
|
145
|
+
const sdk = descopeSdk({
|
|
146
|
+
projectId: 'xxx',
|
|
147
|
+
oidcConfig: {
|
|
148
|
+
// Required: Get this from your inbound app settings page
|
|
149
|
+
issuer: 'https://api.descope.com/v1/apps/P1234567890',
|
|
150
|
+
// Required: Client ID from your inbound app settings
|
|
151
|
+
clientId: 'your-inbound-app-client-id',
|
|
152
|
+
// Optional: Custom redirect URI (defaults to current URL)
|
|
153
|
+
redirectUri: 'https://my-app.com/redirect',
|
|
154
|
+
// Optional: Custom scope (defaults to 'openid' when issuer is provided)
|
|
155
|
+
scope: 'openid profile email',
|
|
156
|
+
},
|
|
157
|
+
});
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
When using a custom `issuer` (including inbound apps), the default scope is `'openid'` instead of the full Descope scope. You can override this by providing a custom `scope` value.
|
|
161
|
+
|
|
137
162
|
#### Start OIDC login
|
|
138
163
|
|
|
139
164
|
Login with OIDC is done by calling the `loginWithRedirect` method. This method will redirect the user to the Descope OIDC login page. After the user logs in, they will be redirected back to the application to finish the login process.
|
package/dist/cjs/index.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(n),s=r(o);let l;const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},u=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||u(t)},a)},g=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return p(n)},w=void 0!==l||"undefined"!=typeof localStorage,v=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},h=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},b=(...e)=>{console.debug(...e)},k="3.2.0",S="undefined"!=typeof window,_=Math.pow(2,31)-1,I=`https://descopecdn.com/npm/oidc-client-ts@${k}/dist/browser/oidc-client-ts.min.js`,O=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${k}/dist/browser/oidc-client-ts.min.js`,x=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_&&(b(`Timeout is too large (${t}ms), setting it to ${_}ms`),t=_),t},U="DS",j="DSR",D="DSI";function C(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),u=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:i,domain:u?o:void 0,expires:c,sameSite:r,secure:l})}}const R=e=>(null==e?void 0:e.cookieName)||U;function T(e=""){return h(`${e}${j}`)||""}function E(e="",t){return s.default.get(R(t))||h(`${e}${U}`)||""}function A(e=""){return h(`${e}${D}`)||""}function J(e="",t){y(`${e}${j}`),y(`${e}${U}`),y(`${e}${D}`);const n=R(t);s.default.remove(n)}const N=S&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",$="vsid",L="vrid",P="fp",q=(e=!1)=>{const t=h(P);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},K=async(e,t=N)=>{try{if(q())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[a,i.defaultScriptUrlPattern]}),l=await s,{requestId:c}=await l.get({linkedId:n}),u=((e,t)=>({[$]:e,[L]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};v(P,JSON.stringify(t))})(u)}catch(e){console.warn("Could not load fingerprint",e)}},F=e=>{const t=q(!0);return t&&e.body&&(e.body.fpData=t),e},V="descopeFlowNonce",M="X-Descope-Flow-Nonce",W="/v1/flow/start",H="/v1/flow/next",B=(e,t=V)=>`${t}${e}`,G=(e,t=V)=>{try{const n=B(e,t);y(n)}catch(e){console.error("Error removing flow nonce:",e)}},X=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Z=e=>{var t;return e.path===H&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?X(e.body.executionId):null},Y="dls_last_user_login_id",z="dls_last_user_display_name",Q=e=>v(Y,e),ee=()=>h(Y),te=()=>h(z),ne=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=ee(),r=te();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},oe=e=>t=>async(...n)=>{const o=await t(...n);return e||(y(Y),y(z)),o};function ie(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const re=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function ae(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=pe(n.publicKey.challenge),n.publicKey.user.id=pe(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=pe(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:ge(o.rawId),type:o.type,response:{attestationObject:ge(o.response.attestationObject),clientDataJSON:ge(o.response.clientDataJSON)}});var o}async function se(e){const t=ue(e);return de(await navigator.credentials.get(t))}async function le(e,t){const n=ue(e);n.signal=t.signal,n.mediation="conditional";return de(await navigator.credentials.get(n))}async function ce(e=!1){if(!S)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ue(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=pe(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=pe(e.id)})),n}function de(e){return JSON.stringify({id:e.id,rawId:ge(e.rawId),type:e.type,response:{authenticatorData:ge(e.response.authenticatorData),clientDataJSON:ge(e.response.clientDataJSON),signature:ge(e.response.signature),userHandle:e.response.userHandle?ge(e.response.userHandle):void 0}})}function pe(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function ge(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var fe,we=(fe=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await ae(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await se(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await ae(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await se(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await ae(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:ae,get:se,isSupported:ce,conditional:le}}),(...e)=>{const t=fe(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ve={config:"/fedcm/config"},he=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function ye(e,t){var n;try{await me(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function me(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=he(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const u=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:u,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var be=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ce(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ke=()=>window.location.search.includes("code")&&window.location.search.includes("state");let Se;const _e=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{_e(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Ie=async(e,t,n)=>{Se||(Se=(async()=>{try{return require("oidc-client-ts")}catch(e){return _e([I,O],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await Se;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",l=`${r}_user`;let c=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(c=`${c}/${n.applicationId}`);const u={authority:c,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(u.scope=n.scope),{client:new o(u),stateUserKey:l}},Oe=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Ie(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),v(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(ke())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=h(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||A(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return y(i),t||window.location.replace(a),r}}},xe=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return S?(o&&i&&K(o).catch((()=>null)),t(g(r,{beforeRequest:F}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,a=e.__rest(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,u;S&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(b("Expiration time passed, refreshing session"),d.refresh(T()||u))}));const d=o(g(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await f(n);if(401===(null==n?void 0:n.status))b("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);b("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void b("Could not extract expiration time from session token");u=i;const e=x(c);if(s(),e<=2e4)return void b("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});b(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{b("Refreshing session due to timer"),d.refresh(T()||i)}),e)}}}));return n.wrapWith(d,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return b("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.38.2"},t.baseHeaders)}))),(e=>t=>{const o=ie(),i=ie(),r=ie(),a=ie(),s=e(g(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),a.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:s,claims:l}=await f(t);n&&i.pub(n),l&&a.pub(l),(s||n)&&o.pub(s||42)}}})),l=n.wrapWith(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),a.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=V}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=V)=>{try{if(!w)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=m(o);if(t&&t.startsWith(e)){const e=h(t);if(e)try{JSON.parse(e).expiry<Date.now()&&y(t)}catch(e){y(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(g(r,{afterRequest:async(e,t)=>{if(e.path!==W&&e.path!==H)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(M);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Z(e)),{nonce:n,executionId:X(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=V)=>{try{const i=B(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};v(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===W,i)}},beforeRequest:e=>{if(e.path===H){const t=Z(e);if(t){const n=((e,t=V)=>{try{const n=B(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(G(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[M]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:ee,getLastUserDisplayName:te});const s=t(g(a,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=p((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],a=null==o?void 0:o.name;r?(Q(r),(e=>{v(z,e)})(a)):(null==i?void 0:i.loginId)&&Q(i.loginId)}}));let l=n.wrapWith(s,["flow.start"],ne);return l=n.wrapWith(l,["logout","logoutAll"],oe(r)),Object.assign(l,{getLastUserLoginId:ee,getLastUserDisplayName:te})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!S)return t(s);const l=t(g(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||T(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&v(`${n}${j}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;C(R(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else v(`${n}${U}`,r);e.idToken&&v(`${n}${D}`,e.idToken)})(await f(t),r,a)}}));var c;const u=n.wrapWith(l,["logout","logoutAll","oidc.logout"],re(a,r));return Object.assign(u,{getRefreshToken:()=>T(a),getSessionToken:()=>E(a),getIdToken:()=>A(a)})}))((e=>{const t=a.default(e),n=Oe(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=E(),s=T();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){b("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:be(t),webauthn:we(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){ye(o,e)},requestAuthentication(e){ye(o,e)}},async oneTap(e,t,n,i,r){await me(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+ve.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>S&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+ve.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=j,exports.SESSION_TOKEN_KEY=U,exports.clearFingerprintData=()=>{y(P)},exports.createSdk=xe,exports.default=xe,exports.ensureFingerprintIds=K,exports.hasOidcParamsInUrl=ke;
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(n),s=r(o);let l;const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},u=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||u(t)},a)},g=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return p(n)},w=()=>"undefined"!=typeof window&&!!window.descopeBridge,v=void 0!==l||"undefined"!=typeof localStorage,h=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},b=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},k=(...e)=>{console.debug(...e)},S="3.2.0",_="undefined"!=typeof window,I=Math.pow(2,31)-1,O=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,U=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>I&&(k(`Timeout is too large (${t}ms), setting it to ${I}ms`),t=I),t},j="DS",D="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),u=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:i,domain:u?o:void 0,expires:c,sameSite:r,secure:l})}}const E=e=>(null==e?void 0:e.cookieName)||j;function T(e=""){return y(`${e}${D}`)||""}function A(e="",t){return s.default.get(E(t))||y(`${e}${j}`)||""}function $(e=""){return y(`${e}${C}`)||""}function J(e="",t){m(`${e}${D}`),m(`${e}${j}`),m(`${e}${C}`);const n=E(t);s.default.remove(n)}const N=_&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",q="vsid",L="vrid",P="fp",K=(e=!1)=>{const t=y(P);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},F=async(e,t=N)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[a,i.defaultScriptUrlPattern]}),l=await s,{requestId:c}=await l.get({linkedId:n}),u=((e,t)=>({[q]:e,[L]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};h(P,JSON.stringify(t))})(u)}catch(e){console.warn("Could not load fingerprint",e)}},V=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},M="descopeFlowNonce",W="X-Descope-Flow-Nonce",H="/v1/flow/start",B="/v1/flow/next",G=(e,t=M)=>`${t}${e}`,X=(e,t=M)=>{try{const n=G(e,t);m(n)}catch(e){console.error("Error removing flow nonce:",e)}},Z=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Y=e=>{var t;return e.path===B&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Z(e.body.executionId):null},z="dls_last_user_login_id",Q="dls_last_user_display_name",ee=e=>h(z,e),te=()=>y(z),ne=()=>y(Q),oe=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=te(),r=ne();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ie=e=>t=>async(...n)=>{const o=await t(...n);return e||(m(z),m(Q)),o};function re(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ae=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function se(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ge(n.publicKey.challenge),n.publicKey.user.id=ge(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ge(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:fe(o.rawId),type:o.type,response:{attestationObject:fe(o.response.attestationObject),clientDataJSON:fe(o.response.clientDataJSON)}});var o}async function le(e){const t=de(e);return pe(await navigator.credentials.get(t))}async function ce(e,t){const n=de(e);n.signal=t.signal,n.mediation="conditional";return pe(await navigator.credentials.get(n))}async function ue(e=!1){var t,n;if(!_)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function de(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ge(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ge(e.id)})),n}function pe(e){return JSON.stringify({id:e.id,rawId:fe(e.rawId),type:e.type,response:{authenticatorData:fe(e.response.authenticatorData),clientDataJSON:fe(e.response.clientDataJSON),signature:fe(e.response.signature),userHandle:e.response.userHandle?fe(e.response.userHandle):void 0}})}function ge(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function fe(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var we,ve=(we=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await se(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await le(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await se(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await le(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await se(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:se,get:le,isSupported:ue,conditional:ce}}),(...e)=>{const t=we(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const he={config:"/fedcm/config"},ye=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function me(e,t){var n;try{await be(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function be(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ye(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const u=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:u,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ke=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ue(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Se=()=>window.location.search.includes("code")&&window.location.search.includes("state");let _e;const Ie=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{Ie(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Oe=async(e,t,n)=>{_e||(_e=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ie([O,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await _e;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let a,s,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");a=n.issuer,s=n.clientId,l=`${s}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(a=e.httpClient.buildUrl(t),a=`${a}/${n.applicationId}`,s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access"):(a=e.httpClient.buildUrl(t),s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access");const u={authority:a,client_id:s,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:s}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),{client:new o(u),stateUserKey:l}},xe=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Oe(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),h(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Se())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=y(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||$(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return m(i),t||window.location.replace(a),r}}},Ue=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return _?(o&&i&&F(o).catch((()=>null)),t(g(r,{beforeRequest:V}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,a=e.__rest(i,["autoRefresh"]);if(!r||w())return o(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,u;_&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(k("Expiration time passed, refreshing session"),d.refresh(T()||u))}));const d=o(g(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await f(n);if(401===(null==n?void 0:n.status))k("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);k("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void k("Could not extract expiration time from session token");u=i;const e=U(c);if(s(),e<=2e4)return void k("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});k(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{k("Refreshing session due to timer"),d.refresh(T()||i)}),e)}}}));return n.wrapWith(d,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return k("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.39.0"},t.baseHeaders)}))),(e=>t=>{const o=re(),i=re(),r=re(),a=re(),s=e(g(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),a.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:s,claims:l}=await f(t);n&&i.pub(n),l&&a.pub(l),(s||n)&&o.pub(s||42)}}})),l=n.wrapWith(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),a.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=M}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=M)=>{try{if(!v)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=b(o);if(t&&t.startsWith(e)){const e=y(t);if(e)try{JSON.parse(e).expiry<Date.now()&&m(t)}catch(e){m(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(g(r,{afterRequest:async(e,t)=>{if(e.path!==H&&e.path!==B)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(W);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Y(e)),{nonce:n,executionId:Z(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=M)=>{try{const i=G(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};h(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===H,i)}},beforeRequest:e=>{if(e.path===B){const t=Y(e);if(t){const n=((e,t=M)=>{try{const n=G(e,t),o=y(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(X(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[W]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:te,getLastUserDisplayName:ne});const s=t(g(a,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=p((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],a=null==o?void 0:o.name;r?(ee(r),(e=>{h(Q,e)})(a)):(null==i?void 0:i.loginId)&&ee(i.loginId)}}));let l=n.wrapWith(s,["flow.start"],oe);return l=n.wrapWith(l,["logout","logoutAll"],ie(r)),Object.assign(l,{getLastUserLoginId:te,getLastUserDisplayName:ne})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!_)return t(s);const l=t(g(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||T(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&h(`${n}${D}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;R(E(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else h(`${n}${j}`,r);e.idToken&&h(`${n}${C}`,e.idToken)})(await f(t),r,a)}}));var c;const u=n.wrapWith(l,["logout","logoutAll","oidc.logout"],ae(a,r));return Object.assign(u,{getRefreshToken:()=>T(a),getSessionToken:()=>A(a),getIdToken:()=>$(a)})}))((e=>{const t=a.default(e),n=xe(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=A(),s=T();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){k("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:ke(t),webauthn:ve(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){me(o,e)},requestAuthentication(e){me(o,e)}},async oneTap(e,t,n,i,r){await be(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+he.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>_&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+he.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=D,exports.SESSION_TOKEN_KEY=j,exports.clearFingerprintData=()=>{m(P)},exports.createSdk=Ue,exports.default=Ue,exports.ensureFingerprintIds=F,exports.hasOidcParamsInUrl=Se;
|
|
2
2
|
//# sourceMappingURL=index.cjs.js.map
|