@forgerock/oidc-client 0.0.0-beta-20250617173233 → 0.0.0-beta-20250825180717

package/README.md

@@ -1,3 +1,24 @@
 # oidc-client
 
 A generic OpenID Connect (OIDC) client library for JavaScript and TypeScript, designed to work with any OIDC-compliant identity provider.
+
+```js
+// Initialize OIDC Client
+const oidcClient = oidc({
+  /* config */
+});
+
+// Authorize API
+const authResponse = oidcClient.authorize.background(); // Returns code and state if successful, error and Auth URL if not
+const authUrl = oidcClient.authorize.url(); // Returns Auth URL or error
+
+// Tokens API
+const newTokens = oidcClient.token.exchange({
+  /* code, state */
+}); // Returns new tokens or error
+const existingTokens = oidcClient.token.get(); // Returns existing tokens or error
+
+// User API
+const user = oidcClient.user.info(); // Returns user object or error
+const logoutResponse = oidcClient.user.logout(); // Returns null or error
+```

package/dist/src/index.d.ts

@@ -1,2 +1,2 @@
-export * from './lib/token-store.js';
+export * from './lib/client.store.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,uBAAuB,CAAC"}

package/dist/src/index.js

@@ -1 +1,8 @@
-export * from './lib/token-store.js';
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+export * from './lib/client.store.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,cAAc,uBAAuB,CAAC"}

package/dist/src/lib/authorize.request.d.ts

@@ -0,0 +1,16 @@
+import { CustomLogger } from '@forgerock/sdk-logger';
+import { Micro } from 'effect';
+import type { GetAuthorizationUrlOptions, WellKnownResponse } from '@forgerock/sdk-types';
+import type { OidcConfig } from './config.types.js';
+import type { AuthorizeErrorResponse, AuthorizeSuccessResponse } from './authorize.request.types.js';
+/**
+ * @function authorizeµ
+ * @description Creates an authorization URL for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {CustomLogger} log - The logger instance for logging debug information.
+ * @param {GetAuthorizationUrlOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<AuthorizeSuccessResponse, AuthorizeErrorResponse, never>} - A micro effect that resolves to the authorization response.
+ */
+export declare function authorizeµ(wellknown: WellKnownResponse, config: OidcConfig, log: CustomLogger, options?: GetAuthorizationUrlOptions): Micro.Micro<AuthorizeSuccessResponse, AuthorizeErrorResponse, never>;
+//# sourceMappingURL=authorize.request.d.ts.map

package/dist/src/lib/authorize.request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAU/B,OAAO,KAAK,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EACV,sBAAsB,EACtB,wBAAwB,EACzB,MAAM,8BAA8B,CAAC;AAEtC;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,GAAG,EAAE,YAAY,EACjB,OAAO,CAAC,EAAE,0BAA0B,wEAyDrC"}

package/dist/src/lib/authorize.request.js

@@ -0,0 +1,57 @@
+import { Micro } from 'effect';
+import { authorizeFetchµ, createAuthorizeUrlµ, authorizeIframeµ, buildAuthorizeOptionsµ, createAuthorizeErrorµ, } from './authorize.request.utils.js';
+/**
+ * @function authorizeµ
+ * @description Creates an authorization URL for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {CustomLogger} log - The logger instance for logging debug information.
+ * @param {GetAuthorizationUrlOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<AuthorizeSuccessResponse, AuthorizeErrorResponse, never>} - A micro effect that resolves to the authorization response.
+ */
+export function authorizeµ(wellknown, config, log, options) {
+    return buildAuthorizeOptionsµ(wellknown, config, options).pipe(Micro.flatMap(([url, config, options]) => createAuthorizeUrlµ(url, config, options)), Micro.tap((url) => log.debug('Authorize URL created', url)), Micro.tapError((url) => Micro.sync(() => log.error('Error creating authorize URL', url))), Micro.flatMap(([url, config, options]) => {
+        if (options.responseMode === 'pi.flow') {
+            /**
+             * If we support the pi.flow field, this means we are using a PingOne server.
+             * PingOne servers do not support redirection through iframes because they
+             * set iframe's to DENY.
+             *
+             * We do not use RTK Query for this because we don't want caching, or store
+             * updates, and want the request to be made similar to the iframe method below.
+             *
+             * This returns a Micro that resolves to the parsed response JSON.
+             */
+            return authorizeFetchµ(url).pipe(Micro.flatMap((response) => {
+                if ('code' in response) {
+                    log.debug('Received code in response', response);
+                    return Micro.succeed(response);
+                }
+                log.error('Error in authorize response', response);
+                // For redirection, we need to remove `pi.flow` from the options
+                const redirectOptions = options;
+                delete redirectOptions.responseMode;
+                return createAuthorizeErrorµ(response, wellknown, config, options);
+            }));
+        }
+        else {
+            /**
+             * If the response mode is not pi.flow, then we are likely using a traditional
+             * redirect based server supporting iframes. An example would be PingAM.
+             *
+             * This returns a Micro that's either the success URL parameters or error URL
+             * parameters.
+             */
+            return authorizeIframeµ(url, config).pipe(Micro.flatMap((response) => {
+                if ('code' in response && 'state' in response) {
+                    log.debug('Received authorization code', response);
+                    return Micro.succeed(response);
+                }
+                log.error('Error in authorize response', response);
+                const errorResponse = response;
+                return createAuthorizeErrorµ(errorResponse, wellknown, config, options);
+            }));
+        }
+    }));
+}
+//# sourceMappingURL=authorize.request.js.map

package/dist/src/lib/authorize.request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AAStC;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CACxB,SAA4B,EAC5B,MAAkB,EAClB,GAAiB,EACjB,OAAoC;IAEpC,OAAO,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAC5D,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,EACpF,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC,EAC3D,KAAK,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC,CAAC,EACzF,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE;QACvC,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACvC;;;;;;;;;eASG;YACH,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC,IAAI,CAC9B,KAAK,CAAC,OAAO,CACX,CAAC,QAAQ,EAAwE,EAAE;gBACjF,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;oBACvB,GAAG,CAAC,KAAK,CAAC,2BAA2B,EAAE,QAAQ,CAAC,CAAC;oBACjD,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACjC,CAAC;gBACD,GAAG,CAAC,KAAK,CAAC,6BAA6B,EAAE,QAAQ,CAAC,CAAC;gBACnD,gEAAgE;gBAChE,MAAM,eAAe,GAAG,OAAO,CAAC;gBAChC,OAAO,eAAe,CAAC,YAAY,CAAC;gBACpC,OAAO,qBAAqB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YACrE,CAAC,CACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN;;;;;;eAMG;YACH,OAAO,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,IAAI,CACvC,KAAK,CAAC,OAAO,CACX,CAAC,QAAQ,EAAwE,EAAE;gBACjF,IAAI,MAAM,IAAI,QAAQ,IAAI,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC9C,GAAG,CAAC,KAAK,CAAC,6BAA6B,EAAE,QAAQ,CAAC,CAAC;oBACnD,OAAO,KAAK,CAAC,OAAO,CAAC,QAA+C,CAAC,CAAC;gBACxE,CAAC;gBACD,GAAG,CAAC,KAAK,CAAC,6BAA6B,EAAE,QAAQ,CAAC,CAAC;gBACnD,MAAM,aAAa,GAAG,QAA6C,CAAC;gBACpE,OAAO,qBAAqB,CAAC,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1E,CAAC,CACF,CACF,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/src/lib/authorize.request.types.d.ts

@@ -0,0 +1,11 @@
+export interface AuthorizeSuccessResponse {
+    code: string;
+    state: string;
+}
+export interface AuthorizeErrorResponse {
+    error: string;
+    error_description: string;
+    redirectUrl?: string;
+    type: 'auth_error' | 'argument_error' | 'wellknown_error';
+}
+//# sourceMappingURL=authorize.request.types.d.ts.map

package/dist/src/lib/authorize.request.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.types.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.types.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,YAAY,GAAG,gBAAgB,GAAG,iBAAiB,CAAC;CAC3D"}

package/dist/src/lib/authorize.request.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=authorize.request.types.js.map

package/dist/src/lib/authorize.request.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.types.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.types.ts"],"names":[],"mappings":""}

package/dist/src/lib/authorize.request.utils.d.ts

@@ -0,0 +1,55 @@
+import { Micro } from 'effect';
+import { ResolvedParams } from '@forgerock/iframe-manager';
+import type { WellKnownResponse, GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { AuthorizeErrorResponse, AuthorizeSuccessResponse } from './authorize.request.types.js';
+import type { OidcConfig } from './config.types.js';
+/**
+ * @function authorizeFetchµ
+ * @description Fetches the authorization response from the given URL.
+ * @param {string} url - The URL to fetch the authorization response from.
+ * @returns {Micro.Micro<AuthorizeSuccessResponse, AuthorizeErrorResponse, never>} - A micro effect that resolves to the authorization response.
+ */
+export declare function authorizeFetchµ(url: string): Micro.Micro<AuthorizeSuccessResponse | AuthorizeErrorResponse, AuthorizeErrorResponse, never>;
+/**
+ * @function authorizeIframeµ
+ * @description Fetches the authorization response from the given URL using an iframe.
+ * @param {string} url - The authorization URL to be used for the iframe.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @returns {Micro.Micro<ResolvedParams, AuthorizeErrorResponse, never>}
+ */
+export declare function authorizeIframeµ(url: string, config: OidcConfig): Micro.Micro<ResolvedParams, AuthorizeErrorResponse, never>;
+type BuildAuthorizationData = [string, OidcConfig, GetAuthorizationUrlOptions];
+export type OptionalAuthorizeOptions = Partial<GetAuthorizationUrlOptions>;
+/**
+ * @function buildAuthorizeOptionsµ
+ * @description Builds the authorization options for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {OptionalAuthorizeOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<BuildAuthorizationData, AuthorizeErrorResponse, never>}
+ */
+export declare function buildAuthorizeOptionsµ(wellknown: WellKnownResponse, config: OidcConfig, options?: OptionalAuthorizeOptions): Micro.Micro<BuildAuthorizationData, AuthorizeErrorResponse, never>;
+/**
+ * @function createAuthorizeErrorµ
+ * @description Creates an error response with new Authorize URL for the authorization request.
+ * @param { error: string; error_description: string } res - The error response from the authorization request.
+ * @param {WellKnownResponse} wellknown- The well-known configuration for the OIDC server.
+ * @param { OidcConfig } config- The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options- Optional parameters for the authorization request.
+ * @returns { Micro.Micro<never, AuthorizeErrorResponse, never> }
+ */
+export declare function createAuthorizeErrorµ(res: {
+    error: string;
+    error_description: string;
+}, wellknown: WellKnownResponse, config: OidcConfig, options: GetAuthorizationUrlOptions): Micro.Micro<never, AuthorizeErrorResponse, never>;
+/**
+ * @function createAuthorizeUrlµ
+ * @description Creates an authorization URL and related options/config for the Authorize request.
+ * @param {string} path - The path to the authorization endpoint.
+ * @param { OidcConfig } config - The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options - Optional parameters for the authorization request.
+ * @returns { Micro.Micro<[string, OidcConfig, GetAuthorizationUrlOptions], AuthorizeErrorResponse, never> }
+ */
+export declare function createAuthorizeUrlµ(path: string, config: OidcConfig, options: GetAuthorizationUrlOptions): Micro.Micro<[string, OidcConfig, GetAuthorizationUrlOptions], AuthorizeErrorResponse, never>;
+export {};
+//# sourceMappingURL=authorize.request.utils.d.ts.map

package/dist/src/lib/authorize.request.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.utils.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EAAiB,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE1E,OAAO,KAAK,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAE1F,OAAO,KAAK,EACV,sBAAsB,EACtB,wBAAwB,EACzB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,GAAG,EAAE,MAAM,GACV,KAAK,CAAC,KAAK,CAAC,wBAAwB,GAAG,sBAAsB,EAAE,sBAAsB,EAAE,KAAK,CAAC,CAoD/F;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,UAAU,GACjB,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,sBAAsB,EAAE,KAAK,CAAC,CA4B5D;AAED,KAAK,sBAAsB,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,0BAA0B,CAAC,CAAC;AAC/E,MAAM,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAE3E;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,wBAAwB,GACjC,KAAK,CAAC,KAAK,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,KAAK,CAAC,CAgBpE;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAA;CAAE,EACjD,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,sBAAsB,EAAE,KAAK,CAAC,CA2BnD;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,0BAA0B,CAAC,EAAE,sBAAsB,EAAE,KAAK,CAAC,CAsB9F"}

package/dist/src/lib/authorize.request.utils.js

@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import { createAuthorizeUrl } from '@forgerock/sdk-oidc';
+import { Micro } from 'effect';
+import { iFrameManager } from '@forgerock/iframe-manager';
+/**
+ * @function authorizeFetchµ
+ * @description Fetches the authorization response from the given URL.
+ * @param {string} url - The URL to fetch the authorization response from.
+ * @returns {Micro.Micro<AuthorizeSuccessResponse, AuthorizeErrorResponse, never>} - A micro effect that resolves to the authorization response.
+ */
+export function authorizeFetchµ(url) {
+    return Micro.tryPromise({
+        try: async () => {
+            const response = await fetch(url, {
+                method: 'POST',
+                credentials: 'include',
+            });
+            const resJson = (await response.json());
+            if (!resJson || typeof resJson !== 'object') {
+                return {
+                    error: 'Authorization Network Failure',
+                    error_description: 'Failed to fetch authorization response',
+                    type: 'auth_error',
+                };
+            }
+            if ('authorizeResponse' in resJson) {
+                // Return authorizeResponse as it contains the code and state
+                return resJson.authorizeResponse;
+            }
+            else if ('details' in resJson && resJson.details && Array.isArray(resJson.details)) {
+                const details = resJson.details[0];
+                // Return error response
+                return {
+                    error: details.code || 'Unknown_Error',
+                    error_description: details.message || 'An error occurred during authorization',
+                    type: 'auth_error',
+                };
+            }
+            // Unrecognized response format
+            return {
+                error: 'Authorization Network Failure',
+                error_description: 'Unexpected response format from authorization endpoint',
+                type: 'auth_error',
+            };
+        },
+        catch: (err) => {
+            let message = 'Error fetching authorization URL';
+            if (err instanceof Error) {
+                message = err.message;
+            }
+            return {
+                error: 'Authorization Network Failure',
+                error_description: message,
+                type: 'auth_error',
+            };
+        },
+    });
+}
+/**
+ * @function authorizeIframeµ
+ * @description Fetches the authorization response from the given URL using an iframe.
+ * @param {string} url - The authorization URL to be used for the iframe.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @returns {Micro.Micro<ResolvedParams, AuthorizeErrorResponse, never>}
+ */
+export function authorizeIframeµ(url, config) {
+    return Micro.tryPromise({
+        try: () => {
+            const params = iFrameManager().getParamsByRedirect({
+                url,
+                /***
+                 * https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2
+                 * The client MUST ignore unrecognized response parameters.
+                 */
+                successParams: ['code', 'state'],
+                errorParams: ['error', 'error_description'],
+                timeout: config.serverConfig.timeout || 3000,
+            });
+            return params;
+        },
+        catch: (err) => {
+            let message = 'Error calling authorization URL';
+            if (err instanceof Error) {
+                message = err.message;
+            }
+            return {
+                error: 'Authorization Network Failure',
+                error_description: message,
+                type: 'auth_error',
+            };
+        },
+    });
+}
+/**
+ * @function buildAuthorizeOptionsµ
+ * @description Builds the authorization options for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {OptionalAuthorizeOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<BuildAuthorizationData, AuthorizeErrorResponse, never>}
+ */
+export function buildAuthorizeOptionsµ(wellknown, config, options) {
+    const isPiFlow = wellknown.response_modes_supported?.includes('pi.flow');
+    return Micro.sync(() => [
+        wellknown.authorization_endpoint,
+        config,
+        {
+            clientId: config.clientId,
+            redirectUri: config.redirectUri,
+            scope: config.scope || 'openid',
+            responseType: config.responseType || 'code',
+            ...(isPiFlow && { responseMode: 'pi.flow' }),
+            ...options,
+        },
+    ]);
+}
+/**
+ * @function createAuthorizeErrorµ
+ * @description Creates an error response with new Authorize URL for the authorization request.
+ * @param { error: string; error_description: string } res - The error response from the authorization request.
+ * @param {WellKnownResponse} wellknown- The well-known configuration for the OIDC server.
+ * @param { OidcConfig } config- The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options- Optional parameters for the authorization request.
+ * @returns { Micro.Micro<never, AuthorizeErrorResponse, never> }
+ */
+export function createAuthorizeErrorµ(res, wellknown, config, options) {
+    return Micro.tryPromise({
+        try: () => createAuthorizeUrl(wellknown.authorization_endpoint, {
+            ...options,
+        }),
+        catch: (error) => {
+            let message = 'Error creating authorization URL';
+            if (error instanceof Error) {
+                message = error.message;
+            }
+            return {
+                error: 'AuthorizationUrlError',
+                error_description: message,
+                type: 'auth_error',
+            };
+        },
+    }).pipe(Micro.flatMap((url) => {
+        return Micro.fail({
+            error: res.error,
+            error_description: res.error_description,
+            type: 'auth_error',
+            redirectUrl: url,
+        });
+    }));
+}
+/**
+ * @function createAuthorizeUrlµ
+ * @description Creates an authorization URL and related options/config for the Authorize request.
+ * @param {string} path - The path to the authorization endpoint.
+ * @param { OidcConfig } config - The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options - Optional parameters for the authorization request.
+ * @returns { Micro.Micro<[string, OidcConfig, GetAuthorizationUrlOptions], AuthorizeErrorResponse, never> }
+ */
+export function createAuthorizeUrlµ(path, config, options) {
+    return Micro.tryPromise({
+        try: async () => [
+            await createAuthorizeUrl(path, {
+                ...options,
+                prompt: 'none',
+            }),
+            config,
+            options,
+        ],
+        catch: (error) => {
+            let message = 'Error creating authorization URL';
+            if (error instanceof Error) {
+                message = error.message;
+            }
+            return {
+                error: 'AuthorizationUrlError',
+                error_description: message,
+                type: 'auth_error',
+            };
+        },
+    });
+}
+//# sourceMappingURL=authorize.request.utils.js.map

package/dist/src/lib/authorize.request.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.utils.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EAAE,aAAa,EAAkB,MAAM,2BAA2B,CAAC;AAU1E;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAW;IAEX,OAAO,KAAK,CAAC,UAAU,CAAC;QACtB,GAAG,EAAE,KAAK,IAAI,EAAE;YACd,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,WAAW,EAAE,SAAS;aACvB,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAE3B,CAAC;YAEZ,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,+BAA+B;oBACtC,iBAAiB,EAAE,wCAAwC;oBAC3D,IAAI,EAAE,YAAY;iBACnB,CAAC;YACJ,CAAC;YAED,IAAI,mBAAmB,IAAI,OAAO,EAAE,CAAC;gBACnC,6DAA6D;gBAC7D,OAAO,OAAO,CAAC,iBAA6C,CAAC;YAC/D,CAAC;iBAAM,IAAI,SAAS,IAAI,OAAO,IAAI,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAsC,CAAC;gBACxE,wBAAwB;gBACxB,OAAO;oBACL,KAAK,EAAE,OAAO,CAAC,IAAI,IAAI,eAAe;oBACtC,iBAAiB,EAAE,OAAO,CAAC,OAAO,IAAI,wCAAwC;oBAC9E,IAAI,EAAE,YAAY;iBACnB,CAAC;YACJ,CAAC;YAED,+BAA+B;YAC/B,OAAO;gBACL,KAAK,EAAE,+BAA+B;gBACtC,iBAAiB,EAAE,wDAAwD;gBAC3E,IAAI,EAAE,YAAY;aACnB,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,OAAO,GAAG,kCAAkC,CAAC;YACjD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;gBACzB,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;YACxB,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,+BAA+B;gBACtC,iBAAiB,EAAE,OAAO;gBAC1B,IAAI,EAAE,YAAY;aACO,CAAC;QAC9B,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAAW,EACX,MAAkB;IAElB,OAAO,KAAK,CAAC,UAAU,CAAC;QACtB,GAAG,EAAE,GAAG,EAAE;YACR,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC,mBAAmB,CAAC;gBACjD,GAAG;gBACH;;;mBAGG;gBACH,aAAa,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;gBAChC,WAAW,EAAE,CAAC,OAAO,EAAE,mBAAmB,CAAC;gBAC3C,OAAO,EAAE,MAAM,CAAC,YAAY,CAAC,OAAO,IAAI,IAAI;aAC7C,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,OAAO,GAAG,iCAAiC,CAAC;YAChD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;gBACzB,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;YACxB,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,+BAA+B;gBACtC,iBAAiB,EAAE,OAAO;gBAC1B,IAAI,EAAE,YAAY;aACO,CAAC;QAC9B,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAKD;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAA4B,EAC5B,MAAkB,EAClB,OAAkC;IAElC,MAAM,QAAQ,GAAG,SAAS,CAAC,wBAAwB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzE,OAAO,KAAK,CAAC,IAAI,CACf,GAA2B,EAAE,CAAC;QAC5B,SAAS,CAAC,sBAAsB;QAChC,MAAM;QACN;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,MAAM;YAC3C,GAAG,CAAC,QAAQ,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;YAC5C,GAAG,OAAO;SACX;KACF,CACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAiD,EACjD,SAA4B,EAC5B,MAAkB,EAClB,OAAmC;IAEnC,OAAO,KAAK,CAAC,UAAU,CAAC;QACtB,GAAG,EAAE,GAAG,EAAE,CACR,kBAAkB,CAAC,SAAS,CAAC,sBAAsB,EAAE;YACnD,GAAG,OAAO;SACX,CAAC;QACJ,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE;YACf,IAAI,OAAO,GAAG,kCAAkC,CAAC;YACjD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;YAC1B,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,uBAAuB;gBAC9B,iBAAiB,EAAE,OAAO;gBAC1B,IAAI,EAAE,YAAY;aACO,CAAC;QAC9B,CAAC;KACF,CAAC,CAAC,IAAI,CACL,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;YACxC,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,GAAG;SACS,CAAC,CAAC;IAC/B,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAY,EACZ,MAAkB,EAClB,OAAmC;IAEnC,OAAO,KAAK,CAAC,UAAU,CAAC;QACtB,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC;YACf,MAAM,kBAAkB,CAAC,IAAI,EAAE;gBAC7B,GAAG,OAAO;gBACV,MAAM,EAAE,MAAM;aACf,CAAC;YACF,MAAM;YACN,OAAO;SACR;QACD,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE;YACf,IAAI,OAAO,GAAG,kCAAkC,CAAC;YACjD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;YAC1B,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,uBAAuB;gBAC9B,iBAAiB,EAAE,OAAO;gBAC1B,IAAI,EAAE,YAAY;aACO,CAAC;QAC9B,CAAC;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/src/lib/authorize.slice.d.ts

@@ -0,0 +1,5 @@
+declare const authorizeSlice: import("@reduxjs/toolkit/query").Api<import("@reduxjs/toolkit/query").BaseQueryFn<string | import("@reduxjs/toolkit/query").FetchArgs, unknown, import("@reduxjs/toolkit/query").FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, {
+    handleAuthorize: import("@reduxjs/toolkit/query").QueryDefinition<string, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("@reduxjs/toolkit/query").FetchArgs, unknown, import("@reduxjs/toolkit/query").FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, string, "authorizeSlice", unknown>;
+}, "authorizeSlice", never, typeof import("@reduxjs/toolkit/query").coreModuleName>;
+export { authorizeSlice };
+//# sourceMappingURL=authorize.slice.d.ts.map

package/dist/src/lib/authorize.slice.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.slice.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.slice.ts"],"names":[],"mappings":"AAEA,QAAA,MAAM,cAAc;;mFAkBlB,CAAC;AAEH,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/src/lib/authorize.slice.js

@@ -0,0 +1,21 @@
+import { createApi, fetchBaseQuery } from '@reduxjs/toolkit/query';
+const authorizeSlice = createApi({
+    reducerPath: 'authorizeSlice',
+    baseQuery: fetchBaseQuery({
+        credentials: 'include',
+        prepareHeaders: (headers) => {
+            headers.set('Content-Type', 'application/json');
+            headers.set('Accept', 'application/json');
+            headers.set('x-requested-with', 'ping-sdk');
+            headers.set('x-requested-platform', 'javascript');
+            return headers;
+        },
+    }),
+    endpoints: (builder) => ({
+        handleAuthorize: builder.query({
+            query: (authorizeUrl) => authorizeUrl,
+        }),
+    }),
+});
+export { authorizeSlice };
+//# sourceMappingURL=authorize.slice.js.map

package/dist/src/lib/authorize.slice.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.slice.js","sourceRoot":"","sources":["../../../src/lib/authorize.slice.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAEnE,MAAM,cAAc,GAAG,SAAS,CAAC;IAC/B,WAAW,EAAE,gBAAgB;IAC7B,SAAS,EAAE,cAAc,CAAC;QACxB,WAAW,EAAE,SAAS;QACtB,cAAc,EAAE,CAAC,OAAO,EAAE,EAAE;YAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,YAAY,CAAC,CAAC;YAElD,OAAO,OAAO,CAAC;QACjB,CAAC;KACF,CAAC;IACF,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAiB;YAC7C,KAAK,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY;SACtC,CAAC;KACH,CAAC;CACH,CAAC,CAAC;AAEH,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/src/lib/client.store.d.ts

@@ -0,0 +1,108 @@
+import { CustomLogger, LogLevel } from '@forgerock/sdk-logger';
+import { StorageConfig } from '@forgerock/storage';
+import type { ActionTypes, RequestMiddleware } from '@forgerock/sdk-request-middleware';
+import type { GenericError, GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { GetTokensOptions, LogoutResult } from './client.types.js';
+import type { OauthTokens, OidcConfig } from './config.types.js';
+import type { AuthorizeErrorResponse, AuthorizeSuccessResponse } from './authorize.request.types.js';
+import type { TokenExchangeErrorResponse, TokenExchangeResponse } from './exchange.types.js';
+/**
+ * @function oidc
+ * @description Factory function to create an OIDC client with methods for authorization, token exchange,
+ *              user info retrieval, and logout. It initializes the client with the provided configuration,
+ *              request middleware, logger, and storage options.
+ * @param param - configuration object containing the OIDC client configuration, request middleware, logger,
+ * @param {OidcConfig} param.config - OIDC configuration including server details, client ID, redirect URI,
+ *              storage options, scope, and response type.
+ * @param {RequestMiddleware} param.requestMiddleware - optional array of request middleware functions to process requests.
+ * @param {{ level: LogLevel, custom: CustomLogger }} param.logger - optional logger configuration with log level and custom logger.
+ * @param {Partial<StorageConfig>} param.storage - optional storage configuration for persisting OIDC tokens.
+ * @returns {ReturnType<typeof oidc>} - Returns an object with methods for authorization, token exchange, user info retrieval, and logout.
+ */
+export declare function oidc<ActionType extends ActionTypes = ActionTypes>({ config, requestMiddleware, logger, storage, }: {
+    config: OidcConfig;
+    requestMiddleware?: RequestMiddleware<ActionType>[];
+    logger?: {
+        level: LogLevel;
+        custom?: CustomLogger;
+    };
+    storage?: Partial<StorageConfig>;
+}): Promise<{
+    error: string;
+    type: string;
+    /**
+     * An object containing methods for the creation, and background use, of the authorization URL
+     */
+    authorize?: undefined;
+    /**
+     * An object containing methods for token exchange
+     */
+    token?: undefined;
+    /**
+     * An object containing methods for user info retrieval and logout
+     */
+    user?: undefined;
+} | {
+    /**
+     * An object containing methods for the creation, and background use, of the authorization URL
+     */
+    authorize: {
+        /**
+         * @method url
+         * @description Creates an authorization URL with the provided options or defaults from the configuration.
+         * @param {GetAuthorizationUrlOptions} options - Optional parameters to customize the authorization URL.
+         * @returns {Promise<string | GenericError>} - Returns a promise that resolves to the authorization URL or an error.
+         */
+        url: (options?: GetAuthorizationUrlOptions) => Promise<string | GenericError>;
+        /**
+         * @function background - Initiates the authorization process in the background, returning an authorization URL or an error.
+         * @param {GetAuthorizationUrlOptions} options - Optional parameters to customize the authorization URL.
+         * @returns {Promise<AuthorizeErrorResponse | AuthorizeSuccessResponse>} - Returns a promise that resolves to the authorization URL or an error response.
+         */
+        background: (options?: GetAuthorizationUrlOptions) => Promise<AuthorizeErrorResponse | AuthorizeSuccessResponse>;
+    };
+    /**
+     * An object containing methods for token exchange
+     */
+    token: {
+        /**
+         * @method exchange
+         * @description Exchanges an authorization code for tokens using the token endpoint from the wellknown
+         *              configuration and stores them in the configured storage.
+         * @param {string} code - The authorization code received from the authorization server.
+         * @param {string} state - The state parameter from the authorization URL creation.
+         * @param {Partial<StorageConfig>} options - Optional storage configuration for persisting tokens.
+         * @returns {Promise<OauthTokens | GenericError | TokenExchangeErrorResponse>}
+         */
+        exchange: (code: string, state: string, options?: Partial<StorageConfig>) => Promise<OauthTokens | TokenExchangeErrorResponse | GenericError>;
+        /**
+         * @method get
+         * @description Retrieves the current OAuth tokens from storage, or auto-renew if backgroundRenew is true.
+         * @param {GetTokensOptions} param - An object containing options for the token retrieval.
+         * @returns {Promise<OauthTokens | TokenExchangeErrorResponse | AuthorizeErrorResponse | GenericError>}
+         */
+        get: (options?: GetTokensOptions) => Promise<OauthTokens | TokenExchangeErrorResponse | AuthorizeErrorResponse | GenericError>;
+    };
+    /**
+     * An object containing methods for user info retrieval and logout
+     */
+    user: {
+        /**
+         * @method info
+         * @description Retrieves user information using the userinfo endpoint from the wellknown configuration.
+         *              It requires an access token stored in the configured storage.
+         * @returns {Promise<GenericError | TokenExchangeResponse>} - Returns a promise that resolves to user information or an error response.
+         */
+        info: () => Promise<GenericError | TokenExchangeResponse>;
+        /**
+         * @method logout
+         * @description Logs out the user by revoking tokens and clearing the storage.
+         *              It uses the end session endpoint from the wellknown configuration.
+         * @returns {Promise<GenericError | LogoutResult>} - Returns a promise that resolves to the logout response or an error.
+         */
+        logout: () => Promise<GenericError | LogoutResult>;
+    };
+    error?: undefined;
+    type?: undefined;
+}>;
+//# sourceMappingURL=client.store.d.ts.map

package/dist/src/lib/client.store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.store.d.ts","sourceRoot":"","sources":["../../../src/lib/client.store.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAsB,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEnF,OAAO,EAAiB,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAUlE,OAAO,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,KAAK,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAErF,OAAO,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,KAAK,EACV,sBAAsB,EACtB,wBAAwB,EACzB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,0BAA0B,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAI7F;;;;;;;;;;;;GAYG;AACH,wBAAsB,IAAI,CAAC,UAAU,SAAS,WAAW,GAAG,WAAW,EAAE,EACvE,MAAM,EACN,iBAAiB,EACjB,MAAM,EACN,OAAO,GACR,EAAE;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;IACpD,MAAM,CAAC,EAAE;QACP,KAAK,EAAE,QAAQ,CAAC;QAChB,MAAM,CAAC,EAAE,YAAY,CAAC;KACvB,CAAC;IACF,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CAClC;;;IAoCG;;OAEG;;IAkEH;;OAEG;;IA8IH;;OAEG;;;IAtNH;;OAEG;;QAED;;;;;WAKG;wBACmB,0BAA0B,KAAG,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC;QAsBjF;;;;WAIG;+BAES,0BAA0B,KACnC,OAAO,CAAC,sBAAsB,GAAG,wBAAwB,CAAC;;IA6B/D;;OAEG;;QAED;;;;;;;;WAQG;yBAEK,MAAM,SACL,MAAM,YACH,OAAO,CAAC,aAAa,CAAC,KAC/B,OAAO,CAAC,WAAW,GAAG,0BAA0B,GAAG,YAAY,CAAC;QAwCnE;;;;;WAKG;wBAES,gBAAgB,KACzB,OAAO,CACR,WAAW,GAAG,0BAA0B,GAAG,sBAAsB,GAAG,YAAY,CACjF;;IA6EH;;OAEG;;QAED;;;;;WAKG;oBACa,OAAO,CAAC,YAAY,GAAG,qBAAqB,CAAC;QAgE7D;;;;;WAKG;sBACe,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;;;;GA2C3D"}