@faable/auth-js 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/Base.d.ts +8 -0
- package/dist/Base.d.ts.map +1 -0
- package/dist/Base.js +16 -0
- package/dist/BaseLog.d.ts +11 -0
- package/dist/BaseLog.d.ts.map +1 -0
- package/dist/BaseLog.js +21 -0
- package/dist/FaableAuthApi.d.ts +14 -0
- package/dist/FaableAuthApi.d.ts.map +1 -0
- package/dist/FaableAuthApi.js +37 -0
- package/dist/FaableAuthClient.d.ts +227 -0
- package/dist/FaableAuthClient.d.ts.map +1 -0
- package/dist/FaableAuthClient.js +1073 -0
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +13 -0
- package/dist/lib/constants.d.ts +11 -0
- package/dist/lib/constants.d.ts.map +1 -0
- package/dist/lib/constants.js +13 -0
- package/dist/lib/errors.d.ts +83 -0
- package/dist/lib/errors.d.ts.map +1 -0
- package/dist/lib/errors.js +100 -0
- package/dist/lib/fetch.d.ts +8 -0
- package/dist/lib/fetch.d.ts.map +1 -0
- package/dist/lib/fetch.js +53 -0
- package/dist/lib/helpers.d.ts +42 -0
- package/dist/lib/helpers.d.ts.map +1 -0
- package/dist/lib/helpers.js +257 -0
- package/dist/lib/jwt.d.ts +56 -0
- package/dist/lib/jwt.d.ts.map +1 -0
- package/dist/lib/jwt.js +139 -0
- package/dist/lib/local-storage.d.ts +13 -0
- package/dist/lib/local-storage.d.ts.map +1 -0
- package/dist/lib/local-storage.js +45 -0
- package/dist/lib/storage_helpers.d.ts +5 -0
- package/dist/lib/storage_helpers.d.ts.map +1 -0
- package/dist/lib/storage_helpers.js +34 -0
- package/dist/lib/types.d.ts +384 -0
- package/dist/lib/types.d.ts.map +1 -0
- package/dist/lib/types.js +6 -0
- package/dist/lib/version.d.ts +2 -0
- package/dist/lib/version.d.ts.map +1 -0
- package/dist/lib/version.js +5 -0
- package/dist/lock/Lock.d.ts +20 -0
- package/dist/lock/Lock.d.ts.map +1 -0
- package/dist/lock/Lock.js +82 -0
- package/dist/lock/locks.d.ts +64 -0
- package/dist/lock/locks.d.ts.map +1 -0
- package/dist/lock/locks.js +137 -0
- package/dist/utils.d.ts +18 -0
- package/dist/utils.d.ts.map +1 -0
- package/dist/utils.js +88 -0
- package/package.json +31 -0
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @ignore
|
|
3
|
+
*/
|
|
4
|
+
export interface JWTVerifyOptions {
|
|
5
|
+
iss: string;
|
|
6
|
+
aud: string;
|
|
7
|
+
id_token: string;
|
|
8
|
+
nonce?: string;
|
|
9
|
+
leeway?: number;
|
|
10
|
+
max_age?: number;
|
|
11
|
+
organizationId?: string;
|
|
12
|
+
now?: number;
|
|
13
|
+
}
|
|
14
|
+
export interface IdToken {
|
|
15
|
+
__raw: string;
|
|
16
|
+
name?: string;
|
|
17
|
+
given_name?: string;
|
|
18
|
+
family_name?: string;
|
|
19
|
+
middle_name?: string;
|
|
20
|
+
nickname?: string;
|
|
21
|
+
preferred_username?: string;
|
|
22
|
+
profile?: string;
|
|
23
|
+
picture?: string;
|
|
24
|
+
website?: string;
|
|
25
|
+
email?: string;
|
|
26
|
+
email_verified?: boolean;
|
|
27
|
+
gender?: string;
|
|
28
|
+
birthdate?: string;
|
|
29
|
+
zoneinfo?: string;
|
|
30
|
+
locale?: string;
|
|
31
|
+
phone_number?: string;
|
|
32
|
+
phone_number_verified?: boolean;
|
|
33
|
+
address?: string;
|
|
34
|
+
updated_at?: string;
|
|
35
|
+
iss?: string;
|
|
36
|
+
aud?: string;
|
|
37
|
+
exp?: number;
|
|
38
|
+
nbf?: number;
|
|
39
|
+
iat?: number;
|
|
40
|
+
jti?: string;
|
|
41
|
+
azp?: string;
|
|
42
|
+
nonce?: string;
|
|
43
|
+
auth_time?: string;
|
|
44
|
+
at_hash?: string;
|
|
45
|
+
c_hash?: string;
|
|
46
|
+
acr?: string;
|
|
47
|
+
amr?: string;
|
|
48
|
+
sub_jwk?: string;
|
|
49
|
+
cnf?: string;
|
|
50
|
+
sid?: string;
|
|
51
|
+
org_id?: string;
|
|
52
|
+
[key: string]: any;
|
|
53
|
+
}
|
|
54
|
+
export declare function decodeJWTPayload(token: string): any;
|
|
55
|
+
export declare const verify: (options: JWTVerifyOptions) => any;
|
|
56
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/lib/jwt.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAqCD,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,OAiB7C;AAED,eAAO,MAAM,MAAM,YAAa,gBAAgB,QAkJ/C,CAAC"}
|
package/dist/lib/jwt.js
ADDED
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.verify = exports.decodeJWTPayload = void 0;
|
|
4
|
+
const helpers_1 = require("./helpers");
|
|
5
|
+
const isNumber = (n) => typeof n === "number";
|
|
6
|
+
const idTokendecoded = [
|
|
7
|
+
"iss",
|
|
8
|
+
"aud",
|
|
9
|
+
"exp",
|
|
10
|
+
"nbf",
|
|
11
|
+
"iat",
|
|
12
|
+
"jti",
|
|
13
|
+
"azp",
|
|
14
|
+
"nonce",
|
|
15
|
+
"auth_time",
|
|
16
|
+
"at_hash",
|
|
17
|
+
"c_hash",
|
|
18
|
+
"acr",
|
|
19
|
+
"amr",
|
|
20
|
+
"sub_jwk",
|
|
21
|
+
"cnf",
|
|
22
|
+
"sip_from_tag",
|
|
23
|
+
"sip_date",
|
|
24
|
+
"sip_callid",
|
|
25
|
+
"sip_cseq_num",
|
|
26
|
+
"sip_via_branch",
|
|
27
|
+
"orig",
|
|
28
|
+
"dest",
|
|
29
|
+
"mky",
|
|
30
|
+
"events",
|
|
31
|
+
"toe",
|
|
32
|
+
"txn",
|
|
33
|
+
"rph",
|
|
34
|
+
"sid",
|
|
35
|
+
"vot",
|
|
36
|
+
"vtm",
|
|
37
|
+
];
|
|
38
|
+
function decodeJWTPayload(token) {
|
|
39
|
+
// Regex checks for base64url format
|
|
40
|
+
const base64UrlRegex = /^([a-z0-9_-]{4})*($|[a-z0-9_-]{3}=?$|[a-z0-9_-]{2}(==)?$)$/i;
|
|
41
|
+
const parts = token.split(".");
|
|
42
|
+
if (parts.length !== 3) {
|
|
43
|
+
throw new Error("JWT is not valid: not a JWT structure");
|
|
44
|
+
}
|
|
45
|
+
if (!base64UrlRegex.test(parts[1])) {
|
|
46
|
+
throw new Error("JWT is not valid: payload is not in base64url format");
|
|
47
|
+
}
|
|
48
|
+
const base64Url = parts[1];
|
|
49
|
+
return JSON.parse((0, helpers_1.decodeBase64URL)(base64Url));
|
|
50
|
+
}
|
|
51
|
+
exports.decodeJWTPayload = decodeJWTPayload;
|
|
52
|
+
const verify = (options) => {
|
|
53
|
+
if (!options.id_token) {
|
|
54
|
+
throw new Error("ID token is required but missing");
|
|
55
|
+
}
|
|
56
|
+
const decoded = decodeJWTPayload(options.id_token);
|
|
57
|
+
if (!decoded.claims.iss) {
|
|
58
|
+
throw new Error("Issuer (iss) claim must be a string present in the ID token");
|
|
59
|
+
}
|
|
60
|
+
if (decoded.claims.iss !== options.iss) {
|
|
61
|
+
throw new Error(`Issuer (iss) claim mismatch in the ID token; expected "${options.iss}", found "${decoded.claims.iss}"`);
|
|
62
|
+
}
|
|
63
|
+
if (!decoded.user.sub) {
|
|
64
|
+
throw new Error("Subject (sub) claim must be a string present in the ID token");
|
|
65
|
+
}
|
|
66
|
+
if (decoded.header.alg !== "RS256") {
|
|
67
|
+
throw new Error(`Signature algorithm of "${decoded.header.alg}" is not supported. Expected the ID token to be signed with "RS256".`);
|
|
68
|
+
}
|
|
69
|
+
if (!decoded.claims.aud ||
|
|
70
|
+
!(typeof decoded.claims.aud === "string" ||
|
|
71
|
+
Array.isArray(decoded.claims.aud))) {
|
|
72
|
+
throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");
|
|
73
|
+
}
|
|
74
|
+
if (Array.isArray(decoded.claims.aud)) {
|
|
75
|
+
if (!decoded.claims.aud.includes(options.aud)) {
|
|
76
|
+
throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${options.aud}" but was not one of "${decoded.claims.aud.join(", ")}"`);
|
|
77
|
+
}
|
|
78
|
+
if (decoded.claims.aud.length > 1) {
|
|
79
|
+
if (!decoded.claims.azp) {
|
|
80
|
+
throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
|
|
81
|
+
}
|
|
82
|
+
if (decoded.claims.azp !== options.aud) {
|
|
83
|
+
throw new Error(`Authorized Party (azp) claim mismatch in the ID token; expected "${options.aud}", found "${decoded.claims.azp}"`);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
else if (decoded.claims.aud !== options.aud) {
|
|
88
|
+
throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${options.aud}" but found "${decoded.claims.aud}"`);
|
|
89
|
+
}
|
|
90
|
+
if (options.nonce) {
|
|
91
|
+
if (!decoded.claims.nonce) {
|
|
92
|
+
throw new Error("Nonce (nonce) claim must be a string present in the ID token");
|
|
93
|
+
}
|
|
94
|
+
if (decoded.claims.nonce !== options.nonce) {
|
|
95
|
+
throw new Error(`Nonce (nonce) claim mismatch in the ID token; expected "${options.nonce}", found "${decoded.claims.nonce}"`);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
if (options.max_age && !isNumber(decoded.claims.auth_time)) {
|
|
99
|
+
throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
|
|
100
|
+
}
|
|
101
|
+
/* c8 ignore next 5 */
|
|
102
|
+
if (decoded.claims.exp == null || !isNumber(decoded.claims.exp)) {
|
|
103
|
+
throw new Error("Expiration Time (exp) claim must be a number present in the ID token");
|
|
104
|
+
}
|
|
105
|
+
if (!isNumber(decoded.claims.iat)) {
|
|
106
|
+
throw new Error("Issued At (iat) claim must be a number present in the ID token");
|
|
107
|
+
}
|
|
108
|
+
const leeway = options.leeway || 60;
|
|
109
|
+
const now = new Date(options.now || Date.now());
|
|
110
|
+
const expDate = new Date(0);
|
|
111
|
+
expDate.setUTCSeconds(decoded.claims.exp + leeway);
|
|
112
|
+
if (now > expDate) {
|
|
113
|
+
throw new Error(`Expiration Time (exp) claim error in the ID token; current time (${now}) is after expiration time (${expDate})`);
|
|
114
|
+
}
|
|
115
|
+
if (decoded.claims.nbf != null && isNumber(decoded.claims.nbf)) {
|
|
116
|
+
const nbfDate = new Date(0);
|
|
117
|
+
nbfDate.setUTCSeconds(decoded.claims.nbf - leeway);
|
|
118
|
+
if (now < nbfDate) {
|
|
119
|
+
throw new Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${now}) is before ${nbfDate}`);
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
if (decoded.claims.auth_time != null && isNumber(decoded.claims.auth_time)) {
|
|
123
|
+
const authTimeDate = new Date(0);
|
|
124
|
+
authTimeDate.setUTCSeconds(parseInt(decoded.claims.auth_time) + options.max_age + leeway);
|
|
125
|
+
if (now > authTimeDate) {
|
|
126
|
+
throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${now}) is after last auth at ${authTimeDate}`);
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
if (options.organizationId) {
|
|
130
|
+
if (!decoded.claims.org_id) {
|
|
131
|
+
throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
|
|
132
|
+
}
|
|
133
|
+
else if (options.organizationId !== decoded.claims.org_id) {
|
|
134
|
+
throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${options.organizationId}", found "${decoded.claims.org_id}"`);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
return decoded;
|
|
138
|
+
};
|
|
139
|
+
exports.verify = verify;
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { SupportedStorage } from "./types";
|
|
2
|
+
/**
|
|
3
|
+
* Provides safe access to the globalThis.localStorage property.
|
|
4
|
+
*/
|
|
5
|
+
export declare const localStorageAdapter: SupportedStorage;
|
|
6
|
+
/**
|
|
7
|
+
* Returns a localStorage-like object that stores the key-value pairs in
|
|
8
|
+
* memory.
|
|
9
|
+
*/
|
|
10
|
+
export declare function memoryLocalStorageAdapter(store?: {
|
|
11
|
+
[key: string]: string;
|
|
12
|
+
}): SupportedStorage;
|
|
13
|
+
//# sourceMappingURL=local-storage.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"local-storage.d.ts","sourceRoot":"","sources":["../../src/lib/local-storage.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,gBAsBjC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,GAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAO,GACpC,gBAAgB,CAclB"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.memoryLocalStorageAdapter = exports.localStorageAdapter = void 0;
|
|
4
|
+
const helpers_1 = require("./helpers");
|
|
5
|
+
/**
|
|
6
|
+
* Provides safe access to the globalThis.localStorage property.
|
|
7
|
+
*/
|
|
8
|
+
exports.localStorageAdapter = {
|
|
9
|
+
getItem: (key) => {
|
|
10
|
+
if (!(0, helpers_1.supportsLocalStorage)()) {
|
|
11
|
+
return null;
|
|
12
|
+
}
|
|
13
|
+
return globalThis.localStorage.getItem(key);
|
|
14
|
+
},
|
|
15
|
+
setItem: (key, value) => {
|
|
16
|
+
if (!(0, helpers_1.supportsLocalStorage)()) {
|
|
17
|
+
return;
|
|
18
|
+
}
|
|
19
|
+
globalThis.localStorage.setItem(key, value);
|
|
20
|
+
},
|
|
21
|
+
removeItem: (key) => {
|
|
22
|
+
if (!(0, helpers_1.supportsLocalStorage)()) {
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
globalThis.localStorage.removeItem(key);
|
|
26
|
+
},
|
|
27
|
+
};
|
|
28
|
+
/**
|
|
29
|
+
* Returns a localStorage-like object that stores the key-value pairs in
|
|
30
|
+
* memory.
|
|
31
|
+
*/
|
|
32
|
+
function memoryLocalStorageAdapter(store = {}) {
|
|
33
|
+
return {
|
|
34
|
+
getItem: (key) => {
|
|
35
|
+
return store[key] || null;
|
|
36
|
+
},
|
|
37
|
+
setItem: (key, value) => {
|
|
38
|
+
store[key] = value;
|
|
39
|
+
},
|
|
40
|
+
removeItem: (key) => {
|
|
41
|
+
delete store[key];
|
|
42
|
+
},
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
exports.memoryLocalStorageAdapter = memoryLocalStorageAdapter;
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { SupportedStorage } from "./types";
|
|
2
|
+
export declare const setItemAsync: (storage: SupportedStorage, key: string, data: any) => Promise<void>;
|
|
3
|
+
export declare const getItemAsync: (storage: SupportedStorage, key: string) => Promise<unknown>;
|
|
4
|
+
export declare const removeItemAsync: (storage: SupportedStorage, key: string) => Promise<void>;
|
|
5
|
+
//# sourceMappingURL=storage_helpers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"storage_helpers.d.ts","sourceRoot":"","sources":["../../src/lib/storage_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAG3C,eAAO,MAAM,YAAY,YACd,gBAAgB,OACpB,MAAM,QACL,GAAG,KACR,QAAQ,IAAI,CAEd,CAAC;AAEF,eAAO,MAAM,YAAY,YACd,gBAAgB,OACpB,MAAM,KACV,QAAQ,OAAO,CAYjB,CAAC;AAEF,eAAO,MAAM,eAAe,YACjB,gBAAgB,OACpB,MAAM,KACV,QAAQ,IAAI,CAEd,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.removeItemAsync = exports.getItemAsync = exports.setItemAsync = void 0;
|
|
13
|
+
// Storage helpers
|
|
14
|
+
const setItemAsync = (storage, key, data) => __awaiter(void 0, void 0, void 0, function* () {
|
|
15
|
+
yield storage.setItem(key, JSON.stringify(data));
|
|
16
|
+
});
|
|
17
|
+
exports.setItemAsync = setItemAsync;
|
|
18
|
+
const getItemAsync = (storage, key) => __awaiter(void 0, void 0, void 0, function* () {
|
|
19
|
+
const value = yield storage.getItem(key);
|
|
20
|
+
if (!value) {
|
|
21
|
+
return null;
|
|
22
|
+
}
|
|
23
|
+
try {
|
|
24
|
+
return JSON.parse(value);
|
|
25
|
+
}
|
|
26
|
+
catch (_a) {
|
|
27
|
+
return value;
|
|
28
|
+
}
|
|
29
|
+
});
|
|
30
|
+
exports.getItemAsync = getItemAsync;
|
|
31
|
+
const removeItemAsync = (storage, key) => __awaiter(void 0, void 0, void 0, function* () {
|
|
32
|
+
yield storage.removeItem(key);
|
|
33
|
+
});
|
|
34
|
+
exports.removeItemAsync = removeItemAsync;
|
|
@@ -0,0 +1,384 @@
|
|
|
1
|
+
import { AuthError } from "./errors";
|
|
2
|
+
import { LockFunc } from "../lock/locks";
|
|
3
|
+
import { BaseLogOptions } from "../BaseLog";
|
|
4
|
+
/**
|
|
5
|
+
* @ignore
|
|
6
|
+
*/
|
|
7
|
+
export interface AuthenticationResult {
|
|
8
|
+
state: string;
|
|
9
|
+
code?: string;
|
|
10
|
+
error?: string;
|
|
11
|
+
error_description?: string;
|
|
12
|
+
}
|
|
13
|
+
export declare class User {
|
|
14
|
+
name?: string;
|
|
15
|
+
profile?: string;
|
|
16
|
+
picture?: string;
|
|
17
|
+
email?: string;
|
|
18
|
+
website?: string;
|
|
19
|
+
birthdate?: string;
|
|
20
|
+
locale?: string;
|
|
21
|
+
sub?: string;
|
|
22
|
+
[key: string]: any;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* The state of the application before the user was redirected to the login page.
|
|
26
|
+
*/
|
|
27
|
+
export type AppState = {
|
|
28
|
+
returnTo?: string;
|
|
29
|
+
[key: string]: any;
|
|
30
|
+
};
|
|
31
|
+
export interface AuthorizationParams {
|
|
32
|
+
/**
|
|
33
|
+
* - `'page'`: displays the UI with a full page view
|
|
34
|
+
* - `'popup'`: displays the UI with a popup window
|
|
35
|
+
* - `'touch'`: displays the UI in a way that leverages a touch interface
|
|
36
|
+
* - `'wap'`: displays the UI with a "feature phone" type interface
|
|
37
|
+
*/
|
|
38
|
+
display?: "page" | "popup" | "touch" | "wap";
|
|
39
|
+
/**
|
|
40
|
+
* - `'none'`: do not prompt user for login or consent on reauthentication
|
|
41
|
+
* - `'login'`: prompt user for reauthentication
|
|
42
|
+
* - `'consent'`: prompt user for consent before processing request
|
|
43
|
+
* - `'select_account'`: prompt user to select an account
|
|
44
|
+
*/
|
|
45
|
+
prompt?: "none" | "login" | "consent" | "select_account";
|
|
46
|
+
/**
|
|
47
|
+
* Maximum allowable elapsed time (in seconds) since authentication.
|
|
48
|
+
* If the last time the user authenticated is greater than this value,
|
|
49
|
+
* the user must be reauthenticated.
|
|
50
|
+
*/
|
|
51
|
+
max_age?: string | number;
|
|
52
|
+
/**
|
|
53
|
+
* The space-separated list of language tags, ordered by preference.
|
|
54
|
+
* For example: `'fr-CA fr en'`.
|
|
55
|
+
*/
|
|
56
|
+
ui_locales?: string;
|
|
57
|
+
/**
|
|
58
|
+
* Previously issued ID Token.
|
|
59
|
+
*/
|
|
60
|
+
id_token_hint?: string;
|
|
61
|
+
/**
|
|
62
|
+
* Provides a hint to Auth0 as to what flow should be displayed.
|
|
63
|
+
* The default behavior is to show a login page but you can override
|
|
64
|
+
* this by passing 'signup' to show the signup page instead.
|
|
65
|
+
*
|
|
66
|
+
* This only affects the New Universal Login Experience.
|
|
67
|
+
*/
|
|
68
|
+
screen_hint?: "signup" | "login" | string;
|
|
69
|
+
/**
|
|
70
|
+
* The user's email address or other identifier. When your app knows
|
|
71
|
+
* which user is trying to authenticate, you can provide this parameter
|
|
72
|
+
* to pre-fill the email box or select the right session for sign-in.
|
|
73
|
+
*
|
|
74
|
+
* This currently only affects the classic Lock experience.
|
|
75
|
+
*/
|
|
76
|
+
login_hint?: string;
|
|
77
|
+
acr_values?: string;
|
|
78
|
+
/**
|
|
79
|
+
* The default scope to be used on authentication requests.
|
|
80
|
+
*
|
|
81
|
+
* This defaults to `profile email` if not set. If you are setting extra scopes and require
|
|
82
|
+
* `profile` and `email` to be included then you must include them in the provided scope.
|
|
83
|
+
*
|
|
84
|
+
* Note: The `openid` scope is **always applied** regardless of this setting.
|
|
85
|
+
*/
|
|
86
|
+
scope?: string;
|
|
87
|
+
/**
|
|
88
|
+
* The default audience to be used for requesting API access.
|
|
89
|
+
*/
|
|
90
|
+
audience?: string;
|
|
91
|
+
/**
|
|
92
|
+
* The name of the connection configured for your application.
|
|
93
|
+
* If null, it will redirect to the Auth0 Login Page and show
|
|
94
|
+
* the Login Widget.
|
|
95
|
+
*/
|
|
96
|
+
connection?: string;
|
|
97
|
+
/**
|
|
98
|
+
* The Id of an organization to log in to.
|
|
99
|
+
*
|
|
100
|
+
* This will specify an `organization` parameter in your user's login request and will add a step to validate
|
|
101
|
+
* the `org_id` claim in your user's ID Token.
|
|
102
|
+
*/
|
|
103
|
+
organization?: string;
|
|
104
|
+
/**
|
|
105
|
+
* The Id of an invitation to accept. This is available from the user invitation URL that is given when participating in a user invitation flow.
|
|
106
|
+
*/
|
|
107
|
+
invitation?: string;
|
|
108
|
+
/**
|
|
109
|
+
* The default URL where Auth0 will redirect your browser to with
|
|
110
|
+
* the authentication result. It must be whitelisted in
|
|
111
|
+
* the "Allowed Callback URLs" field in your Auth0 Application's
|
|
112
|
+
* settings. If not provided here, it should be provided in the other
|
|
113
|
+
* methods that provide authentication.
|
|
114
|
+
*/
|
|
115
|
+
redirect_uri?: string;
|
|
116
|
+
/**
|
|
117
|
+
* If you need to send custom parameters to the Authorization Server,
|
|
118
|
+
* make sure to use the original parameter name.
|
|
119
|
+
*/
|
|
120
|
+
[key: string]: any;
|
|
121
|
+
}
|
|
122
|
+
interface BaseLoginOptions {
|
|
123
|
+
/**
|
|
124
|
+
* URL parameters that will be sent back to the Authorization Server. This can be known parameters
|
|
125
|
+
* defined by Auth0 or custom parameters that you define.
|
|
126
|
+
*/
|
|
127
|
+
authorizationParams?: AuthorizationParams;
|
|
128
|
+
}
|
|
129
|
+
export interface RedirectLoginOptions<TAppState = any> extends BaseLoginOptions {
|
|
130
|
+
/**
|
|
131
|
+
* Used to store state before doing the redirect
|
|
132
|
+
*/
|
|
133
|
+
appState?: TAppState;
|
|
134
|
+
}
|
|
135
|
+
export interface IdToken {
|
|
136
|
+
__raw: string;
|
|
137
|
+
name?: string;
|
|
138
|
+
given_name?: string;
|
|
139
|
+
family_name?: string;
|
|
140
|
+
middle_name?: string;
|
|
141
|
+
nickname?: string;
|
|
142
|
+
preferred_username?: string;
|
|
143
|
+
profile?: string;
|
|
144
|
+
picture?: string;
|
|
145
|
+
website?: string;
|
|
146
|
+
email?: string;
|
|
147
|
+
email_verified?: boolean;
|
|
148
|
+
gender?: string;
|
|
149
|
+
birthdate?: string;
|
|
150
|
+
zoneinfo?: string;
|
|
151
|
+
locale?: string;
|
|
152
|
+
phone_number?: string;
|
|
153
|
+
phone_number_verified?: boolean;
|
|
154
|
+
address?: string;
|
|
155
|
+
updated_at?: string;
|
|
156
|
+
iss?: string;
|
|
157
|
+
aud?: string;
|
|
158
|
+
exp?: number;
|
|
159
|
+
nbf?: number;
|
|
160
|
+
iat?: number;
|
|
161
|
+
jti?: string;
|
|
162
|
+
azp?: string;
|
|
163
|
+
nonce?: string;
|
|
164
|
+
auth_time?: string;
|
|
165
|
+
at_hash?: string;
|
|
166
|
+
c_hash?: string;
|
|
167
|
+
acr?: string;
|
|
168
|
+
amr?: string;
|
|
169
|
+
sub_jwk?: string;
|
|
170
|
+
cnf?: string;
|
|
171
|
+
sid?: string;
|
|
172
|
+
org_id?: string;
|
|
173
|
+
[key: string]: any;
|
|
174
|
+
}
|
|
175
|
+
export interface GetTokenSilentlyOptions {
|
|
176
|
+
/**
|
|
177
|
+
* When `off`, ignores the cache and always sends a
|
|
178
|
+
* request to Auth0.
|
|
179
|
+
* When `cache-only`, only reads from the cache and never sends a request to Auth0.
|
|
180
|
+
* Defaults to `on`, where it both reads from the cache and sends a request to Auth0 as needed.
|
|
181
|
+
*/
|
|
182
|
+
cacheMode?: "on" | "off" | "cache-only";
|
|
183
|
+
/**
|
|
184
|
+
* Parameters that will be sent back to Auth0 as part of a request.
|
|
185
|
+
*/
|
|
186
|
+
authorizationParams?: {
|
|
187
|
+
/**
|
|
188
|
+
* There's no actual redirect when getting a token silently,
|
|
189
|
+
* but, according to the spec, a `redirect_uri` param is required.
|
|
190
|
+
* Auth0 uses this parameter to validate that the current `origin`
|
|
191
|
+
* matches the `redirect_uri` `origin` when sending the response.
|
|
192
|
+
* It must be whitelisted in the "Allowed Web Origins" in your
|
|
193
|
+
* Auth0 Application's settings.
|
|
194
|
+
*/
|
|
195
|
+
redirect_uri?: string;
|
|
196
|
+
/**
|
|
197
|
+
* The scope that was used in the authentication request
|
|
198
|
+
*/
|
|
199
|
+
scope?: string;
|
|
200
|
+
/**
|
|
201
|
+
* The audience that was used in the authentication request
|
|
202
|
+
*/
|
|
203
|
+
audience?: string;
|
|
204
|
+
/**
|
|
205
|
+
* If you need to send custom parameters to the Authorization Server,
|
|
206
|
+
* make sure to use the original parameter name.
|
|
207
|
+
*/
|
|
208
|
+
[key: string]: any;
|
|
209
|
+
};
|
|
210
|
+
/** A maximum number of seconds to wait before declaring the background /authorize call as failed for timeout
|
|
211
|
+
* Defaults to 60s.
|
|
212
|
+
*/
|
|
213
|
+
timeoutInSeconds?: number;
|
|
214
|
+
/**
|
|
215
|
+
* If true, the full response from the /oauth/token endpoint (or the cache, if the cache was used) is returned
|
|
216
|
+
* (minus `refresh_token` if one was issued). Otherwise, just the access token is returned.
|
|
217
|
+
*
|
|
218
|
+
* The default is `false`.
|
|
219
|
+
*/
|
|
220
|
+
detailedResponse?: boolean;
|
|
221
|
+
}
|
|
222
|
+
export type GetTokenSilentlyVerboseResponse = Omit<TokenEndpointResponse, "refresh_token">;
|
|
223
|
+
export type TokenEndpointResponse = {
|
|
224
|
+
id_token: string;
|
|
225
|
+
access_token: string;
|
|
226
|
+
refresh_token?: string;
|
|
227
|
+
expires_in: number;
|
|
228
|
+
scope?: string;
|
|
229
|
+
};
|
|
230
|
+
export type FaableAuthClientConfig = {
|
|
231
|
+
domain: string;
|
|
232
|
+
scope?: string;
|
|
233
|
+
audience?: string;
|
|
234
|
+
redirect_uri?: string;
|
|
235
|
+
clientId: string;
|
|
236
|
+
authorizationParams?: AuthorizationParams;
|
|
237
|
+
cookieDomain?: string;
|
|
238
|
+
useRefreshTokens?: boolean;
|
|
239
|
+
flowType?: AuthFlowType;
|
|
240
|
+
storage?: SupportedStorage;
|
|
241
|
+
storageKey?: string;
|
|
242
|
+
/**
|
|
243
|
+
* Provide your own locking mechanism based on the environment. By default no locking is done at this time.
|
|
244
|
+
*
|
|
245
|
+
* @experimental
|
|
246
|
+
*/
|
|
247
|
+
lock?: LockFunc;
|
|
248
|
+
} & BaseLogOptions;
|
|
249
|
+
type AnyFunction = (...args: any[]) => any;
|
|
250
|
+
type MaybePromisify<T> = T | Promise<T>;
|
|
251
|
+
type PromisifyMethods<T> = {
|
|
252
|
+
[K in keyof T]: T[K] extends AnyFunction ? (...args: Parameters<T[K]>) => MaybePromisify<ReturnType<T[K]>> : T[K];
|
|
253
|
+
};
|
|
254
|
+
export type SupportedStorage = PromisifyMethods<Pick<Storage, "getItem" | "setItem" | "removeItem">> & {
|
|
255
|
+
/**
|
|
256
|
+
* If set to `true` signals to the library that the storage medium is used
|
|
257
|
+
* on a server and the values may not be authentic, such as reading from
|
|
258
|
+
* request cookies. Implementations should not set this to true if the client
|
|
259
|
+
* is used on a server that reads storage information from authenticated
|
|
260
|
+
* sources, such as a secure database or file.
|
|
261
|
+
*/
|
|
262
|
+
isServer?: boolean;
|
|
263
|
+
};
|
|
264
|
+
export type Provider = "google" | "github";
|
|
265
|
+
export type AuthFlowType = "implicit" | "pkce";
|
|
266
|
+
export type SignInWithOAuthConnection = {
|
|
267
|
+
/** Default connection is used if not setted. */
|
|
268
|
+
connection?: string;
|
|
269
|
+
/** A URL to send the user to after they are confirmed. */
|
|
270
|
+
redirectTo?: string;
|
|
271
|
+
/** A space-separated list of scopes granted to the OAuth application. */
|
|
272
|
+
scopes?: string;
|
|
273
|
+
/** An object of query params */
|
|
274
|
+
queryParams?: {
|
|
275
|
+
[key: string]: string;
|
|
276
|
+
};
|
|
277
|
+
/** If set to true does not immediately redirect the current browser context to visit the OAuth authorization page for the provider. */
|
|
278
|
+
skipBrowserRedirect?: boolean;
|
|
279
|
+
};
|
|
280
|
+
export type OAuthResponse = {
|
|
281
|
+
data: {
|
|
282
|
+
url: string;
|
|
283
|
+
};
|
|
284
|
+
error: null;
|
|
285
|
+
} | {
|
|
286
|
+
data: {
|
|
287
|
+
url: null;
|
|
288
|
+
};
|
|
289
|
+
error: AuthError;
|
|
290
|
+
};
|
|
291
|
+
export interface Session {
|
|
292
|
+
/**
|
|
293
|
+
* The oauth provider token. If present, this can be used to make external API requests to the oauth provider used.
|
|
294
|
+
*/
|
|
295
|
+
provider_token?: string | null;
|
|
296
|
+
/**
|
|
297
|
+
* The oauth provider refresh token. If present, this can be used to refresh the provider_token via the oauth provider's API.
|
|
298
|
+
* Not all oauth providers return a provider refresh token. If the provider_refresh_token is missing, please refer to the oauth provider's documentation for information on how to obtain the provider refresh token.
|
|
299
|
+
*/
|
|
300
|
+
provider_refresh_token?: string | null;
|
|
301
|
+
/**
|
|
302
|
+
* The access token jwt. It is recommended to set the JWT_EXPIRY to a shorter expiry value.
|
|
303
|
+
*/
|
|
304
|
+
access_token: string;
|
|
305
|
+
/**
|
|
306
|
+
* A one-time used refresh token that never expires.
|
|
307
|
+
*/
|
|
308
|
+
refresh_token: string;
|
|
309
|
+
/**
|
|
310
|
+
* The number of seconds until the token expires (since it was issued). Returned when a login is confirmed.
|
|
311
|
+
*/
|
|
312
|
+
expires_in: number;
|
|
313
|
+
/**
|
|
314
|
+
* A timestamp of when the token will expire. Returned when a login is confirmed.
|
|
315
|
+
*/
|
|
316
|
+
expires_at?: number;
|
|
317
|
+
token_type: string;
|
|
318
|
+
user: User;
|
|
319
|
+
}
|
|
320
|
+
export type AuthResponse = {
|
|
321
|
+
data: {
|
|
322
|
+
user: User | null;
|
|
323
|
+
session: Session | null;
|
|
324
|
+
};
|
|
325
|
+
error: null;
|
|
326
|
+
} | {
|
|
327
|
+
data: {
|
|
328
|
+
user: null;
|
|
329
|
+
session: null;
|
|
330
|
+
};
|
|
331
|
+
error: AuthError;
|
|
332
|
+
};
|
|
333
|
+
export type AuthChangeEventMFA = "MFA_CHALLENGE_VERIFIED";
|
|
334
|
+
export type AuthChangeEvent = "INITIAL_SESSION" | "PASSWORD_RECOVERY" | "SIGNED_IN" | "SIGNED_OUT" | "TOKEN_REFRESHED" | "USER_UPDATED" | AuthChangeEventMFA;
|
|
335
|
+
export interface Subscription {
|
|
336
|
+
/**
|
|
337
|
+
* The subscriber UUID. This will be set by the client.
|
|
338
|
+
*/
|
|
339
|
+
id: string;
|
|
340
|
+
/**
|
|
341
|
+
* The function to call every time there is an event. eg: (eventName) => {}
|
|
342
|
+
*/
|
|
343
|
+
callback: (event: AuthChangeEvent, session: Session | null) => void;
|
|
344
|
+
/**
|
|
345
|
+
* Call this to remove the listener.
|
|
346
|
+
*/
|
|
347
|
+
unsubscribe: () => void;
|
|
348
|
+
}
|
|
349
|
+
export type SignOut = {
|
|
350
|
+
/**
|
|
351
|
+
* Determines which sessions should be
|
|
352
|
+
* logged out. Global means all
|
|
353
|
+
* sessions by this account. Local
|
|
354
|
+
* means only this session. Others
|
|
355
|
+
* means all other sessions except the
|
|
356
|
+
* current one. When using others,
|
|
357
|
+
* there is no sign-out event fired on
|
|
358
|
+
* the current session!
|
|
359
|
+
*/
|
|
360
|
+
scope?: "global" | "local" | "others";
|
|
361
|
+
};
|
|
362
|
+
export type InitializeResult = {
|
|
363
|
+
error: AuthError | null;
|
|
364
|
+
};
|
|
365
|
+
export type UserResponse = {
|
|
366
|
+
data: {
|
|
367
|
+
user: User;
|
|
368
|
+
};
|
|
369
|
+
error: null;
|
|
370
|
+
} | {
|
|
371
|
+
data: {
|
|
372
|
+
user: null;
|
|
373
|
+
};
|
|
374
|
+
error: AuthError;
|
|
375
|
+
};
|
|
376
|
+
export type CallRefreshTokenResult = {
|
|
377
|
+
session: Session;
|
|
378
|
+
error: null;
|
|
379
|
+
} | {
|
|
380
|
+
session: null;
|
|
381
|
+
error: AuthError;
|
|
382
|
+
};
|
|
383
|
+
export {};
|
|
384
|
+
//# sourceMappingURL=types.d.ts.map
|