@forgerock/oidc-client 0.0.0-beta-20250626185724 → 0.0.0-beta-20250924163704

package/dist/src/lib/client.store.utils.js

@@ -0,0 +1,92 @@
+import { configureStore } from '@reduxjs/toolkit';
+import { oidcApi } from './oidc.api.js';
+import { wellknownApi } from './wellknown.api.js';
+/**
+ * @function createClientStore
+ * @description Creates a Redux store configured with OIDC and well-known APIs.
+ * @param param - Configuration options for the client store.
+ * @param {RequestMiddleware} param.requestMiddleware - An array of request middleware functions to be applied to the store.
+ * @param {ReturnType<typeof loggerFn>} param.logger - An optional logger function for logging messages.
+ * @returns { ReturnType<typeof configureStore> } - Returns a configured Redux store with OIDC and well-known APIs.
+ */
+export function createClientStore({ requestMiddleware, logger, }) {
+    return configureStore({
+        reducer: {
+            [oidcApi.reducerPath]: oidcApi.reducer,
+            [wellknownApi.reducerPath]: wellknownApi.reducer,
+        },
+        middleware: (getDefaultMiddleware) => getDefaultMiddleware({
+            thunk: {
+                extraArgument: {
+                    /**
+                     * This becomes the `api.extra` argument, and will be passed into the
+                     * customer query wrapper for `baseQuery`
+                     */
+                    requestMiddleware,
+                    logger,
+                },
+            },
+        })
+            .concat(wellknownApi.middleware)
+            .concat(oidcApi.middleware),
+    });
+}
+/**
+ * @function createLogoutError
+ * @description Creates a logout error object based on the provided data and error.
+ * @param  {object | null | undefined} data - The data returned from the logout API call.
+ * @param {FetchBaseQueryError | SerializedError} error - An optional error object that may contain details about the error that occurred during the logout process.
+ * @returns {null | GenericError} - Returns a `GenericError` object if an error occurred, or `null` if no error is present.
+ */
+export function createLogoutError(data, error) {
+    if (error) {
+        let message = 'An error occurred while ending the session';
+        let status = 'unknown';
+        if ('message' in error && error.message) {
+            message = error.message;
+        }
+        if ('status' in error) {
+            status = error.status;
+        }
+        return {
+            error: 'End Session failure',
+            message,
+            type: 'auth_error',
+            status,
+        };
+    }
+    return null;
+}
+export function createTokenError(type) {
+    let error;
+    if (type === 'no_tokens') {
+        error = {
+            error: 'Token_Error',
+            message: 'Required for ending session and revoking access token',
+            type: 'state_error',
+        };
+    }
+    else if (type === 'no_access_token') {
+        error = {
+            error: 'Token_Error',
+            message: 'No access token found in storage; required for revoking access token',
+            type: 'state_error',
+        };
+    }
+    else if (type === 'no_id_token') {
+        error = {
+            error: 'Token_Error',
+            message: 'No ID token found in storage; required for ending session',
+            type: 'state_error',
+        };
+    }
+    else {
+        error = {
+            error: 'Token_Error',
+            message: 'An unknown error occurred while creating the error object',
+            type: 'unknown_error',
+        };
+    }
+    return error;
+}
+//# sourceMappingURL=client.store.utils.js.map

package/dist/src/lib/client.store.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.store.utils.js","sourceRoot":"","sources":["../../../src/lib/client.store.utils.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,cAAc,EAAmB,MAAM,kBAAkB,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAKlD;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAiC,EAChE,iBAAiB,EACjB,MAAM,GAIP;IACC,OAAO,cAAc,CAAC;QACpB,OAAO,EAAE;YACP,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,OAAO;YACtC,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,YAAY,CAAC,OAAO;SACjD;QACD,UAAU,EAAE,CAAC,oBAAoB,EAAE,EAAE,CACnC,oBAAoB,CAAC;YACnB,KAAK,EAAE;gBACL,aAAa,EAAE;oBACb;;;uBAGG;oBACH,iBAAiB;oBACjB,MAAM;iBACP;aACF;SACF,CAAC;aACC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC;aAC/B,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;KAChC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAA+B,EAC/B,KAA6C;IAE7C,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,OAAO,GAAG,4CAA4C,CAAC;QAC3D,IAAI,MAAM,GAAoB,SAAS,CAAC;QACxC,IAAI,SAAS,IAAI,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YACxC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC1B,CAAC;QACD,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACxB,CAAC;QACD,OAAO;YACL,KAAK,EAAE,qBAAqB;YAC5B,OAAO;YACP,IAAI,EAAE,YAAY;YAClB,MAAM;SACE,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAqD;IACpF,IAAI,KAAmB,CAAC;IAExB,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,KAAK,GAAG;YACN,KAAK,EAAE,aAAa;YACpB,OAAO,EAAE,uDAAuD;YAChE,IAAI,EAAE,aAAa;SACX,CAAC;IACb,CAAC;SAAM,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACtC,KAAK,GAAG;YACN,KAAK,EAAE,aAAa;YACpB,OAAO,EAAE,sEAAsE;YAC/E,IAAI,EAAE,aAAa;SACX,CAAC;IACb,CAAC;SAAM,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAClC,KAAK,GAAG;YACN,KAAK,EAAE,aAAa;YACpB,OAAO,EAAE,2DAA2D;YACpE,IAAI,EAAE,aAAa;SACX,CAAC;IACb,CAAC;SAAM,CAAC;QACN,KAAK,GAAG;YACN,KAAK,EAAE,aAAa;YACpB,OAAO,EAAE,2DAA2D;YACpE,IAAI,EAAE,eAAe;SACb,CAAC;IACb,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/lib/client.types.d.ts

@@ -0,0 +1,26 @@
+import type { GenericError, GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { StorageConfig } from '@forgerock/storage';
+export interface GetTokensOptions {
+    authorizeOptions?: GetAuthorizationUrlOptions;
+    backgroundRenew?: boolean;
+    forceRenew?: boolean;
+    storageOptions?: Partial<StorageConfig>;
+}
+export type RevokeSuccessResult = {
+    revokeResponse: GenericError | null;
+    deleteResponse: GenericError | null;
+};
+export type RevokeErrorResult = RevokeSuccessResult & {
+    error: string;
+};
+export type LogoutSuccessResult = RevokeSuccessResult & {
+    sessionResponse: GenericError | null;
+};
+export type LogoutErrorResult = LogoutSuccessResult & {
+    error: string;
+};
+export type UserInfoResponse = {
+    sub: string;
+    [key: string]: unknown;
+};
+//# sourceMappingURL=client.types.d.ts.map

package/dist/src/lib/client.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.types.d.ts","sourceRoot":"","sources":["../../../src/lib/client.types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AACrF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD,MAAM,WAAW,gBAAgB;IAC/B,gBAAgB,CAAC,EAAE,0BAA0B,CAAC;IAC9C,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CACzC;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG;IACpD,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,GAAG;IACtD,eAAe,EAAE,YAAY,GAAG,IAAI,CAAC;CACtC,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG;IACpD,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC"}

package/dist/src/lib/client.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=client.types.js.map

package/dist/src/lib/client.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.types.js","sourceRoot":"","sources":["../../../src/lib/client.types.ts"],"names":[],"mappings":""}

package/dist/src/lib/config.types.d.ts

@@ -0,0 +1,22 @@
+import type { AsyncLegacyConfigOptions, WellKnownResponse, ResponseType } from '@forgerock/sdk-types';
+export interface OidcConfig extends AsyncLegacyConfigOptions {
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    serverConfig: {
+        wellknown: string;
+        timeout?: number;
+    };
+    responseType?: ResponseType;
+}
+export interface InternalDaVinciConfig extends OidcConfig {
+    wellknownResponse: WellKnownResponse;
+}
+export interface OauthTokens {
+    accessToken: string;
+    idToken: string;
+    refreshToken?: string;
+    expiresAt?: number;
+    expiryTimestamp?: number;
+}
+//# sourceMappingURL=config.types.d.ts.map

package/dist/src/lib/config.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.types.d.ts","sourceRoot":"","sources":["../../../src/lib/config.types.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,wBAAwB,EACxB,iBAAiB,EACjB,YAAY,EACb,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,UAAW,SAAQ,wBAAwB;IAE1D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE;QACZ,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,MAAM,WAAW,qBAAsB,SAAQ,UAAU;IACvD,iBAAiB,EAAE,iBAAiB,CAAC;CACtC;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/dist/src/lib/config.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=config.types.js.map

package/dist/src/lib/config.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.types.js","sourceRoot":"","sources":["../../../src/lib/config.types.ts"],"names":[],"mappings":""}

package/dist/src/lib/exchange.request.d.ts

@@ -0,0 +1,18 @@
+import { Micro } from 'effect';
+import { logger } from '@forgerock/sdk-logger';
+import { createClientStore } from './client.store.utils.js';
+import type { OauthTokens, OidcConfig } from './config.types.js';
+import type { StorageConfig } from 'node_modules/@forgerock/storage/src/lib/storage.effects.js';
+import { TokenExchangeErrorResponse } from './exchange.types.js';
+interface BuildTokenExchangeµParams {
+    code: string;
+    config: OidcConfig;
+    endpoint: string;
+    log: ReturnType<typeof logger>;
+    state: string;
+    store: ReturnType<typeof createClientStore>;
+    options?: Partial<StorageConfig>;
+}
+export declare function buildTokenExchangeµ({ code, config, endpoint, log, state, store, options, }: BuildTokenExchangeµParams): Micro.Micro<OauthTokens, TokenExchangeErrorResponse, never>;
+export {};
+//# sourceMappingURL=exchange.request.d.ts.map

package/dist/src/lib/exchange.request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.request.d.ts","sourceRoot":"","sources":["../../../src/lib/exchange.request.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAI/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4DAA4D,CAAC;AAChG,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAEjE,UAAU,yBAAyB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CAClC;AAED,wBAAgB,mBAAmB,CAAC,EAClC,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,GAAG,EACH,KAAK,EACL,KAAK,EACL,OAAO,GACR,EAAE,yBAAyB,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,0BAA0B,EAAE,KAAK,CAAC,CA2BzF"}

package/dist/src/lib/exchange.request.js

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import { Micro } from 'effect';
+import { createValuesµ, handleTokenResponseµ, validateValuesµ } from './exchange.utils.js';
+import { oidcApi } from './oidc.api.js';
+export function buildTokenExchangeµ({ code, config, endpoint, log, state, store, options, }) {
+    return createValuesµ(code, config, state, endpoint, options).pipe(Micro.flatMap((options) => validateValuesµ(options)), Micro.tap((options) => log.debug('Token exchange values created', options)), Micro.tapError((options) => Micro.sync(() => log.error('Error creating token exchange values', options))), Micro.flatMap((requestOptions) => Micro.promise(() => store.dispatch(oidcApi.endpoints.exchange.initiate(requestOptions)))), Micro.flatMap(({ data, error }) => handleTokenResponseµ(data, error)), Micro.tap((data) => log.debug('Token exchange response handled', data)), Micro.tapError((error) => Micro.sync(() => log.error('Error handling token exchange response', error))), Micro.map((data) => {
+        const tokens = {
+            accessToken: data.access_token,
+            idToken: data.id_token,
+            ...(data.refresh_token && { refreshToken: data.refresh_token }),
+            ...(data.expires_in && { expiresAt: data.expires_in }),
+            ...(data.expires_in && { expiryTimestamp: Date.now() + data.expires_in * 1000 }),
+        };
+        return tokens;
+    }));
+}
+//# sourceMappingURL=exchange.request.js.map

package/dist/src/lib/exchange.request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.request.js","sourceRoot":"","sources":["../../../src/lib/exchange.request.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAI/B,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3F,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAiBxC,MAAM,UAAU,mBAAmB,CAAC,EAClC,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,GAAG,EACH,KAAK,EACL,KAAK,EACL,OAAO,GACmB;IAC1B,OAAO,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,CAC/D,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,EACpD,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC,EAC3E,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE,CACzB,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,sCAAsC,EAAE,OAAO,CAAC,CAAC,CAC7E,EACD,KAAK,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE,CAC/B,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,CACzF,EACD,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,EACrE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,iCAAiC,EAAE,IAAI,CAAC,CAAC,EACvE,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,EAAE,CACvB,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,wCAAwC,EAAE,KAAK,CAAC,CAAC,CAC7E,EACD,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACjB,MAAM,MAAM,GAAG;YACb,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;YAC/D,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,EAAE,CAAC;SACjF,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/src/lib/exchange.types.d.ts

@@ -0,0 +1,21 @@
+import { OidcConfig } from './config.types.js';
+export interface TokenExchangeResponse {
+    access_token: string;
+    id_token: string;
+    refresh_token?: string;
+    expires_in?: number;
+    scope?: string;
+    token_type?: string;
+}
+export interface TokenExchangeErrorResponse {
+    error: string;
+    message: string;
+    type: 'exchange_error' | 'network_error' | 'state_error' | 'unknown_error';
+}
+export interface TokenRequestOptions {
+    code: string;
+    config: OidcConfig;
+    endpoint: string;
+    verifier?: string;
+}
+//# sourceMappingURL=exchange.types.d.ts.map

package/dist/src/lib/exchange.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.types.d.ts","sourceRoot":"","sources":["../../../src/lib/exchange.types.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,gBAAgB,GAAG,eAAe,GAAG,aAAa,GAAG,eAAe,CAAC;CAC5E;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/src/lib/exchange.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=exchange.types.js.map

package/dist/src/lib/exchange.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.types.js","sourceRoot":"","sources":["../../../src/lib/exchange.types.ts"],"names":[],"mappings":""}

package/dist/src/lib/exchange.utils.d.ts

@@ -0,0 +1,28 @@
+import { SerializedError } from '@reduxjs/toolkit';
+import { FetchBaseQueryError } from '@reduxjs/toolkit/query';
+import { Micro } from 'effect';
+import type { GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { StorageConfig } from '@forgerock/storage';
+import type { TokenExchangeResponse, TokenRequestOptions } from './exchange.types.js';
+import type { TokenExchangeErrorResponse } from './exchange.types.js';
+import type { OidcConfig } from './config.types.js';
+export declare function createValuesµ(code: string, config: OidcConfig, state: string, endpoint: string, options?: Partial<StorageConfig>): Micro.Micro<{
+    code: string;
+    config: OidcConfig;
+    state: string;
+    storedValues: GetAuthorizationUrlOptions;
+    endpoint: string;
+}, never, never>;
+export declare function handleTokenResponseµ(data: TokenExchangeResponse | undefined, error?: FetchBaseQueryError | SerializedError): Micro.Micro<TokenExchangeResponse, TokenExchangeErrorResponse, never>;
+export declare function validateValuesµ({ code, config, state, storedValues, endpoint, }: {
+    code: string;
+    config: OidcConfig;
+    state: string;
+    storedValues: GetAuthorizationUrlOptions;
+    endpoint: string;
+}): Micro.Micro<never, {
+    readonly error: "State mismatch";
+    readonly message: "The provided state does not match the stored state. This is likely due to passing in used, returned, authorize parameters.";
+    readonly type: "state_error";
+}, never> | Micro.Micro<TokenRequestOptions, never, never>;
+//# sourceMappingURL=exchange.utils.d.ts.map

package/dist/src/lib/exchange.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.utils.d.ts","sourceRoot":"","sources":["../../../src/lib/exchange.utils.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAG/B,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,KAAK,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACtF,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC;;;;;;iBAajC;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,qBAAqB,GAAG,SAAS,EACvC,KAAK,CAAC,EAAE,mBAAmB,GAAG,eAAe,GAC5C,KAAK,CAAC,KAAK,CAAC,qBAAqB,EAAE,0BAA0B,EAAE,KAAK,CAAC,CAyBvE;AAED,wBAAgB,eAAe,CAAC,EAC9B,IAAI,EACJ,MAAM,EACN,KAAK,EACL,YAAY,EACZ,QAAQ,GACT,EAAE;IACD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,UAAU,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,0BAA0B,CAAC;IACzC,QAAQ,EAAE,MAAM,CAAC;CAClB;;;;2DAiBA"}

package/dist/src/lib/exchange.utils.js

@@ -0,0 +1,55 @@
+import { Micro } from 'effect';
+import { getStoredAuthUrlValues } from '@forgerock/sdk-oidc';
+export function createValuesµ(code, config, state, endpoint, options) {
+    return Micro.sync(() => {
+        const storedValues = getStoredAuthUrlValues(config.clientId, options?.prefix);
+        return {
+            code,
+            config,
+            state,
+            storedValues,
+            endpoint,
+        };
+    });
+}
+export function handleTokenResponseµ(data, error) {
+    if (error) {
+        let message;
+        if ('status' in error) {
+            message = 'error' in error ? error.error : JSON.stringify(error.data);
+        }
+        else if ('message' in error) {
+            message = error.message;
+        }
+        return Micro.fail({
+            error: 'Token Exchange failure',
+            message: message || 'Unknown error during token exchange',
+            type: 'exchange_error',
+        });
+    }
+    if (!data) {
+        return Micro.fail({
+            error: 'Token Exchange failure',
+            message: 'No data returned from token exchange',
+            type: 'exchange_error',
+        });
+    }
+    return Micro.succeed(data);
+}
+export function validateValuesµ({ code, config, state, storedValues, endpoint, }) {
+    if (!storedValues || storedValues.state !== state) {
+        const err = {
+            error: 'State mismatch',
+            message: 'The provided state does not match the stored state. This is likely due to passing in used, returned, authorize parameters.',
+            type: 'state_error',
+        };
+        return Micro.fail(err);
+    }
+    return Micro.succeed({
+        code,
+        config,
+        endpoint,
+        ...(storedValues.verifier && { verifier: storedValues.verifier }), // Optional PKCE
+    });
+}
+//# sourceMappingURL=exchange.utils.js.map

package/dist/src/lib/exchange.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exchange.utils.js","sourceRoot":"","sources":["../../../src/lib/exchange.utils.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAQ7D,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,MAAkB,EAClB,KAAa,EACb,QAAgB,EAChB,OAAgC;IAEhC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACrB,MAAM,YAAY,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAE9E,OAAO;YACL,IAAI;YACJ,MAAM;YACN,KAAK;YACL,YAAY;YACZ,QAAQ;SACT,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,IAAuC,EACvC,KAA6C;IAE7C,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,OAAO,CAAC;QACZ,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,OAAO,GAAG,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxE,CAAC;aAAM,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;YAC9B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC1B,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,wBAAwB;YAC/B,OAAO,EAAE,OAAO,IAAI,qCAAqC;YACzD,IAAI,EAAE,gBAAgB;SACO,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,KAAK,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,wBAAwB;YAC/B,OAAO,EAAE,sCAAsC;YAC/C,IAAI,EAAE,gBAAgB;SACO,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,EAC9B,IAAI,EACJ,MAAM,EACN,KAAK,EACL,YAAY,EACZ,QAAQ,GAOT;IACC,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG;YACV,KAAK,EAAE,gBAAgB;YACvB,OAAO,EACL,4HAA4H;YAC9H,IAAI,EAAE,aAAa;SACX,CAAC;QAEX,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,KAAK,CAAC,OAAO,CAAC;QACnB,IAAI;QACJ,MAAM;QACN,QAAQ;QACR,GAAG,CAAC,YAAY,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,CAAC,EAAE,gBAAgB;KAC7D,CAAC,CAAC;AAC5B,CAAC"}

package/dist/src/lib/logout.request.d.ts

@@ -0,0 +1,14 @@
+import { Micro } from 'effect';
+import { createClientStore } from './client.store.utils.js';
+import { OauthTokens, OidcConfig } from './config.types.js';
+import { WellKnownResponse } from '@forgerock/sdk-types';
+import { createStorage } from '@forgerock/storage';
+import { LogoutErrorResult, LogoutSuccessResult } from './client.types.js';
+export declare function logoutµ({ tokens, config, wellknown, store, storageClient, }: {
+    tokens: OauthTokens;
+    config: OidcConfig;
+    wellknown: WellKnownResponse;
+    store: ReturnType<typeof createClientStore>;
+    storageClient: ReturnType<typeof createStorage<OauthTokens>>;
+}): Micro.Micro<LogoutSuccessResult, LogoutErrorResult, never>;
+//# sourceMappingURL=logout.request.d.ts.map

package/dist/src/lib/logout.request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.request.d.ts","sourceRoot":"","sources":["../../../src/lib/logout.request.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAqB,MAAM,yBAAyB,CAAC;AAC/E,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAE3E,wBAAgB,OAAO,CAAC,EACtB,MAAM,EACN,MAAM,EACN,SAAS,EACT,KAAK,EACL,aAAa,GACd,EAAE;IACD,MAAM,EAAE,WAAW,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;IACnB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,KAAK,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC5C,aAAa,EAAE,UAAU,CAAC,OAAO,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC;CAC9D,8DAsDA"}

package/dist/src/lib/logout.request.js

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import { Micro } from 'effect';
+import { oidcApi } from './oidc.api.js';
+import { createLogoutError } from './client.store.utils.js';
+export function logoutµ({ tokens, config, wellknown, store, storageClient, }) {
+    return Micro.zip(
+    // End session with the ID token
+    Micro.promise(() => store.dispatch(oidcApi.endpoints.endSession.initiate({
+        idToken: tokens.idToken,
+        endpoint: wellknown.ping_end_idp_session_endpoint || wellknown.end_session_endpoint,
+    }))).pipe(Micro.map(({ data, error }) => createLogoutError(data, error))), 
+    // Revoke the access token
+    Micro.promise(() => store.dispatch(oidcApi.endpoints.revoke.initiate({
+        accessToken: tokens.accessToken,
+        clientId: config.clientId,
+        endpoint: wellknown.revocation_endpoint,
+    }))).pipe(Micro.map(({ data, error }) => createLogoutError(data, error)))).pipe(
+    // Delete local token and return combined results
+    Micro.flatMap(([sessionResponse, revokeResponse]) => Micro.promise(() => storageClient.remove()).pipe(Micro.flatMap((deleteRes) => {
+        const deleteResponse = typeof deleteRes === 'undefined' ? null : deleteRes;
+        const isInnerRequestError = (sessionResponse && 'error' in sessionResponse) ||
+            (revokeResponse && 'error' in revokeResponse) ||
+            (deleteResponse && typeof deleteResponse === 'object' && 'error' in deleteResponse);
+        if (isInnerRequestError) {
+            const result = {
+                error: 'Inner request error',
+                sessionResponse,
+                revokeResponse,
+                deleteResponse,
+            };
+            return Micro.fail(result);
+        }
+        else {
+            const result = {
+                sessionResponse: null,
+                revokeResponse: null,
+                deleteResponse: null,
+            };
+            return Micro.succeed(result);
+        }
+    }))));
+}
+//# sourceMappingURL=logout.request.js.map

package/dist/src/lib/logout.request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.request.js","sourceRoot":"","sources":["../../../src/lib/logout.request.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAqB,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAM/E,MAAM,UAAU,OAAO,CAAC,EACtB,MAAM,EACN,MAAM,EACN,SAAS,EACT,KAAK,EACL,aAAa,GAOd;IACC,OAAO,KAAK,CAAC,GAAG;IACd,gCAAgC;IAChC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CACjB,KAAK,CAAC,QAAQ,CACZ,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC;QACpC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,SAAS,CAAC,6BAA6B,IAAI,SAAS,CAAC,oBAAoB;KACpF,CAAC,CACH,CACF,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IAEtE,0BAA0B;IAC1B,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CACjB,KAAK,CAAC,QAAQ,CACZ,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,SAAS,CAAC,mBAAmB;KACxC,CAAC,CACH,CACF,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CACvE,CAAC,IAAI;IACJ,iDAAiD;IACjD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,EAAE,CAClD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAC9C,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QAC1B,MAAM,cAAc,GAAG,OAAO,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAE3E,MAAM,mBAAmB,GACvB,CAAC,eAAe,IAAI,OAAO,IAAI,eAAe,CAAC;YAC/C,CAAC,cAAc,IAAI,OAAO,IAAI,cAAc,CAAC;YAC7C,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,OAAO,IAAI,cAAc,CAAC,CAAC;QAEtF,IAAI,mBAAmB,EAAE,CAAC;YACxB,MAAM,MAAM,GAAsB;gBAChC,KAAK,EAAE,qBAAqB;gBAC5B,eAAe;gBACf,cAAc;gBACd,cAAc;aACf,CAAC;YACF,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAwB;gBAClC,eAAe,EAAE,IAAI;gBACrB,cAAc,EAAE,IAAI;gBACpB,cAAc,EAAE,IAAI;aACrB,CAAC;YACF,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CACH,CACF,CACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/oidc.api.d.ts

@@ -0,0 +1,33 @@
+import { FetchArgs, FetchBaseQueryError } from '@reduxjs/toolkit/query';
+import { OidcConfig } from './config.types.js';
+import type { TokenExchangeResponse } from './exchange.types.js';
+import { AuthorizationSuccess, AuthorizeSuccessResponse } from './authorize.request.types.js';
+import { UserInfoResponse } from './client.types.js';
+export declare const oidcApi: import("@reduxjs/toolkit/query").Api<import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, {
+    authorizeFetch: import("@reduxjs/toolkit/query").MutationDefinition<{
+        url: string;
+    }, import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, AuthorizeSuccessResponse, "oidc", unknown>;
+    authorizeIframe: import("@reduxjs/toolkit/query").MutationDefinition<{
+        url: string;
+    }, import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, AuthorizationSuccess, "oidc", unknown>;
+    endSession: import("@reduxjs/toolkit/query").MutationDefinition<{
+        idToken: string;
+        endpoint: string;
+    }, import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, null, "oidc", unknown>;
+    exchange: import("@reduxjs/toolkit/query").MutationDefinition<{
+        code: string;
+        config: OidcConfig;
+        endpoint: string;
+        verifier?: string;
+    }, import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, TokenExchangeResponse, "oidc", unknown>;
+    revoke: import("@reduxjs/toolkit/query").MutationDefinition<{
+        accessToken: string;
+        clientId?: string;
+        endpoint: string;
+    }, import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, object, "oidc", unknown>;
+    userInfo: import("@reduxjs/toolkit/query").MutationDefinition<{
+        accessToken: string;
+        endpoint: string;
+    }, import("@reduxjs/toolkit/query").BaseQueryFn<string | FetchArgs, unknown, FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, UserInfoResponse, "oidc", unknown>;
+}, "oidc", never, typeof import("@reduxjs/toolkit/query").coreModuleName>;
+//# sourceMappingURL=oidc.api.d.ts.map

package/dist/src/lib/oidc.api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.api.d.ts","sourceRoot":"","sources":["../../../src/lib/oidc.api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,SAAS,EAAkB,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAU/C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AAE9F,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAOrD,eAAO,MAAM,OAAO;;aAIkD,MAAM;;;aAqET,MAAM;;;iBAoFvB,MAAM;kBAAY,MAAM;;;cA+C5D,MAAM;gBACJ,UAAU;kBACR,MAAM;mBACL,MAAM;;;qBA6D2B,MAAM;mBAAa,MAAM;kBAAY,MAAM;;;qBAkD/B,MAAM;kBAAY,MAAM;;yEA2CtF,CAAC"}