@forgerock/oidc-client 1.2.0 → 2.0.0

package/README.md

@@ -1,3 +1,295 @@
-# oidc-client
+# OIDC Client
 
-A generic OpenID Connect (OIDC) client library for JavaScript and TypeScript, designed to work with any OIDC-compliant identity provider.
+A generic OpenID Connect (OIDC) client library for JavaScript and TypeScript, designed to work with PingOne platforms.
+
+The oidc module follows the [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) specification and provides a simple and easy-to-use API to interact with the OIDC server. It allows you to authenticate, retrieve the access token, revoke the token, and sign out from the OIDC server.
+
+## Table of Contents
+
+- [Installation](#installation)
+- [Initialization](#initialization)
+  - [Configuration Options](#configuration-options)
+- [Quick Start](#quick-start)
+- [API Reference](#api-reference)
+  - [authorize](#authorize)
+  - [token](#token)
+  - [user](#user)
+- [Usage Examples](#usage-examples)
+  - [Redirect-Based Login](#redirect-based-login-authorizeurl)
+  - [Background Authorization](#background-authorization-authorizebackground)
+  - [Automatic Token Renewal](#automatic-token-renewal)
+  - [Error Handling](#error-handling)
+
+## Installation
+
+```bash
+pnpm add @forgerock/oidc-client
+# or
+npm install @forgerock/oidc-client
+# or
+yarn add @forgerock/oidc-client
+```
+
+## Initialization
+
+```typescript
+import { oidc } from '@forgerock/oidc-client';
+import { OidcConfig, OidcClient } from '@forgerock/oidc-client/types';
+
+const config: OidcConfig = {
+  serverConfig: { wellknown: 'https://example.com/.well-known/openid-configuration' },
+  clientId: 'example-client-id',
+  redirectUri: 'https://example-app/redirect-uri',
+  scope: 'openid profile email',
+};
+
+const oidcClient: OidcClient = await oidc({ config });
+```
+
+### Configuration Options
+
+The `oidc()` initialization function accepts the following configuration:
+
+- **serverConfig** (required)
+  - **wellknown** (required) - URL to the OIDC provider's well-known configuration endpoint
+- **clientId** (required) - Your application's client ID registered with the OIDC provider
+- **redirectUri** (required) - The URI where the OIDC provider will redirect after authentication
+- **scope** (required) - Space-separated list of requested scopes (e.g., `'openid profile email'`)
+- **storage** (optional) - Storage configuration for tokens (defaults to localStorage)
+- **timeout** (optional) - Request timeout in milliseconds
+- **additionalParameters** (optional) - Additional parameters to include in authorization requests
+
+## Quick Start
+
+Here's a minimal example to get started:
+
+```js
+import { oidc } from '@forgerock/oidc-client';
+
+// Initialize the client
+const oidcClient = await oidc({ config });
+
+// Start authorization in the background
+const authResponse = await oidcClient.authorize.background();
+
+// Get tokens
+const tokens = await oidcClient.token.exchange(authResponse.code, authResponse.state);
+
+// Get user information
+const user = await oidcClient.user.info();
+
+// Clean up: logout and revoke tokens
+await oidcClient.user.logout();
+```
+
+## API Reference
+
+### authorize
+
+Methods for creating and handling authorization flows.
+
+#### `authorize.url(options?)`
+
+Creates an authorization URL with the provided options or defaults from the configuration.
+
+- **Parameters**: `GetAuthorizationUrlOptions` (optional)
+- **Returns**: `Promise<string | GenericError>` - The authorization URL or an error
+
+```js
+const authUrl = await oidcClient.authorize.url();
+```
+
+#### `authorize.background(options?)`
+
+Initiates the authorization process in the background, returning the authorization code and state or an error. This method handles the authorization flow without requiring user interaction.
+
+- **Parameters**: `GetAuthorizationUrlOptions` (optional)
+- **Returns**: `Promise<AuthorizationSuccess | AuthorizationError>` - An object containing `code` and `state` on success, or error details on failure
+
+```js
+const authResponse = await oidcClient.authorize.background();
+```
+
+### token
+
+Methods for managing OAuth tokens.
+
+#### `token.exchange(code, state, options?)`
+
+Exchanges an authorization code for tokens using the token endpoint from the wellknown configuration. The tokens are automatically stored in the configured storage.
+
+- **Parameters**:
+  - `code` (string) - The authorization code received from the authorization server
+  - `state` (string) - The state parameter from the authorization URL creation
+  - `options` (`Partial<StorageConfig>`, optional) - Storage configuration for persisting tokens
+- **Returns**: `Promise<OauthTokens | TokenExchangeErrorResponse | GenericError>` - The new tokens or an error
+
+```js
+const tokens = await oidcClient.token.exchange(authCode, authState);
+```
+
+#### `token.get(options?)`
+
+Retrieves the current OAuth tokens from storage. Optionally auto-renews tokens if they are expired or if `backgroundRenew` is enabled.
+
+- **Parameters**: `GetTokensOptions` (optional)
+  - `forceRenew` - Force token renewal even if not expired
+  - `backgroundRenew` - Automatically renew expired tokens
+  - `authorizeOptions` - Options for authorization during renewal
+  - `storageOptions` - Storage configuration options
+- **Returns**: `Promise<OauthTokens | TokenExchangeErrorResponse | AuthorizationError | GenericError>` - The tokens or an error
+
+```js
+const tokens = await oidcClient.token.get();
+```
+
+#### `token.revoke()`
+
+Revokes the access token using the revocation endpoint from the wellknown configuration. Requires an access token stored in the configured storage.
+
+- **Parameters**: None
+- **Returns**: `Promise<GenericError | RevokeSuccessResult | RevokeErrorResult>` - Confirmation of revocation or an error
+
+```js
+const response = await oidcClient.token.revoke();
+```
+
+### user
+
+Methods for user information and session management.
+
+#### `user.info()`
+
+Retrieves user information using the userinfo endpoint from the wellknown configuration. Requires an access token stored in the configured storage.
+
+- **Parameters**: None
+- **Returns**: `Promise<GenericError | UserInfoResponse>` - User information object or an error
+
+```js
+const user = await oidcClient.user.info();
+```
+
+#### `user.logout()`
+
+Logs out the user by revoking tokens and clearing the storage. Uses the end session endpoint from the wellknown configuration.
+
+- **Parameters**: None
+- **Returns**: `Promise<GenericError | LogoutSuccessResult | LogoutErrorResult>` - Confirmation of logout or an error
+
+```js
+const logoutResponse = await oidcClient.user.logout();
+```
+
+## Usage Examples
+
+### Redirect-Based Login (`authorize.url()`)
+
+Here's a practical example of implementing a redirect-based authentication flow. The user is redirected to the OIDC provider's login page:
+
+```js
+import { oidc } from '@forgerock/oidc-client';
+
+// 1. Initialize the client
+const oidcClient = await oidc({ config });
+
+// 2. Generate authorization URL and redirect user to OIDC provider
+const authUrl = await oidcClient.authorize.url();
+if (typeof authUrl !== 'string' && 'error' in authUrl) {
+  console.error('Failed to generate authorization URL:', authUrl.error);
+} else {
+  // Redirect to OIDC provider's login page
+  window.location.assign(authUrl);
+}
+
+// After user logs in and is redirected back to your app with authorization code
+// 3. Exchange authorization code for tokens
+const urlParams = new URLSearchParams(window.location.search);
+const code = urlParams.get('code');
+const state = urlParams.get('state');
+
+const tokens = await oidcClient.token.exchange(code, state);
+if ('error' in tokens) {
+  console.error('Failed to exchange code for tokens:', tokens.error);
+}
+
+// 4. Retrieve user information
+const userInfo = await oidcClient.user.info();
+if ('error' in userInfo) {
+  console.error('Failed to fetch user info:', userInfo.error);
+}
+
+// 5. Later, when user wants to logout
+const logoutResult = await oidcClient.user.logout();
+if ('error' in logoutResult) {
+  console.error('Logout failed:', logoutResult.error);
+}
+```
+
+### Background Authorization (`authorize.background()`)
+
+Here's an example of initiating the authorization process in the background without user interaction. This method returns the authorization code and state directly:
+
+```js
+import { oidc } from '@forgerock/oidc-client';
+
+// 1. Initialize the client
+const oidcClient = await oidc({ config });
+
+// 2. Start authorization in the background
+const authResponse = await oidcClient.authorize.background();
+if ('error' in authResponse) {
+  console.error('Background authorization failed:', authResponse.error);
+} else {
+  // 3. Exchange the authorization code for tokens
+  const tokens = await oidcClient.token.exchange(authResponse.code, authResponse.state);
+  if ('error' in tokens) {
+    console.error('Failed to exchange code for tokens:', tokens.error);
+  }
+
+  // 4. Retrieve user information
+  const userInfo = await oidcClient.user.info();
+  if ('error' in userInfo) {
+    console.error('Failed to fetch user info:', userInfo.error);
+  }
+
+  // 5. Later, when user wants to logout
+  const logoutResult = await oidcClient.user.logout();
+  if ('error' in logoutResult) {
+    console.error('Logout failed:', logoutResult.error);
+  }
+}
+```
+
+### Automatic Token Renewal
+
+Use automatic token renewal to keep the user's session valid. With the `backgroundRenew` option, this will either return valid tokens from storage if they exist or fetch new tokens if they are expired.
+
+```js
+// Get tokens with automatic renewal if expired
+const tokens = await oidcClient.token.get({
+  backgroundRenew: true,
+});
+
+if ('error' in tokens) {
+  console.error('Failed to retrieve tokens:', tokens.error);
+} else {
+  console.log('Access token:', tokens.access_token);
+}
+```
+
+### Error Handling
+
+The library uses a consistent error handling pattern. All methods return either a success response or an error object. Check if the response contains an `error` property:
+
+```js
+// Pattern for handling responses
+const result = await oidcClient.user.info();
+if ('error' in result) {
+  // Handle error case
+  console.error('Error:', result.error);
+  console.error('Error description:', result.error_description);
+} else {
+  // Handle success case
+  console.log('User:', result);
+}
+```

package/dist/src/index.d.ts

@@ -1,2 +1,2 @@
-export * from './lib/token-store.js';
+export * from './lib/client.store.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,uBAAuB,CAAC"}

package/dist/src/index.js

@@ -1 +1,8 @@
-export * from './lib/token-store.js';
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+export * from './lib/client.store.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,cAAc,uBAAuB,CAAC"}

package/dist/src/lib/authorize.request.d.ts

@@ -0,0 +1,18 @@
+import { CustomLogger } from '@forgerock/sdk-logger';
+import { Micro } from 'effect';
+import type { ClientStore } from './client.types.js';
+import type { GetAuthorizationUrlOptions, WellknownResponse } from '@forgerock/sdk-types';
+import type { AuthorizationError, AuthorizationSuccess } from './authorize.request.types.js';
+import type { OidcConfig } from './config.types.js';
+/**
+ * @function authorizeµ
+ * @description Creates an authorization URL for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {CustomLogger} log - The logger instance for logging debug information.
+ * @param {ClientStore} store - The Redux store instance for managing OIDC state.
+ * @param {GetAuthorizationUrlOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<AuthorizationSuccess, AuthorizationError, never>} - A micro effect that resolves to the authorization response.
+ */
+export declare function authorizeµ(wellknown: WellknownResponse, config: OidcConfig, log: CustomLogger, store: ClientStore, options?: GetAuthorizationUrlOptions): Micro.Micro<AuthorizationSuccess, AuthorizationError, never>;
+//# sourceMappingURL=authorize.request.d.ts.map

package/dist/src/lib/authorize.request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAS/B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAC7F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,GAAG,EAAE,YAAY,EACjB,KAAK,EAAE,WAAW,EAClB,OAAO,CAAC,EAAE,0BAA0B,gEA8IrC"}

package/dist/src/lib/authorize.request.js

@@ -0,0 +1,125 @@
+import { Micro } from 'effect';
+import { createAuthorizeUrlµ, buildAuthorizeOptionsµ, createAuthorizeErrorµ, } from './authorize.request.utils.js';
+import { oidcApi } from './oidc.api.js';
+/**
+ * @function authorizeµ
+ * @description Creates an authorization URL for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {CustomLogger} log - The logger instance for logging debug information.
+ * @param {ClientStore} store - The Redux store instance for managing OIDC state.
+ * @param {GetAuthorizationUrlOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<AuthorizationSuccess, AuthorizationError, never>} - A micro effect that resolves to the authorization response.
+ */
+export function authorizeµ(wellknown, config, log, store, options) {
+    return buildAuthorizeOptionsµ(wellknown, config, options).pipe(Micro.flatMap(([url, options]) => createAuthorizeUrlµ(url, options)), Micro.tap((url) => log.debug('Authorize URL created', url)), Micro.tapError((url) => Micro.sync(() => log.error('Error creating authorize URL', url))), Micro.flatMap(([url, options]) => {
+        if (options.responseMode === 'pi.flow') {
+            /**
+             * If we support the pi.flow field, this means we are using a PingOne server.
+             * PingOne servers do not support redirection through iframes because they
+             * set iframe's to DENY.
+             *
+             * We do not use RTK Query for this because we don't want caching, or store
+             * updates, and want the request to be made similar to the iframe method below.
+             *
+             * This returns a Micro that resolves to the parsed response JSON.
+             */
+            return Micro.promise(() => store.dispatch(oidcApi.endpoints.authorizeFetch.initiate({ url }))).pipe(Micro.flatMap(({ error, data }) => {
+                if (error) {
+                    // Check for serialized error
+                    if (!('status' in error)) {
+                        // This is a network or fetch error, so return it as-is
+                        return Micro.fail({
+                            error: error.code || 'Unknown_Error',
+                            error_description: error.message || 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    // If there is no data, this is an unknown error
+                    if (!('data' in error)) {
+                        return Micro.fail({
+                            error: 'Unknown_Error',
+                            error_description: 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    const errorDetails = error.data;
+                    // If the error is a configuration issue, return it as-is
+                    if ('statusText' in error && error.statusText === 'CONFIGURATION_ERROR') {
+                        return Micro.fail(errorDetails);
+                    }
+                    // If the error is not a configuration issue, we build a new Authorize URL
+                    // For redirection, we need to remove `pi.flow` from the options
+                    const redirectOptions = options;
+                    delete redirectOptions.responseMode;
+                    // Create an error with a new Authorize URL
+                    return createAuthorizeErrorµ(errorDetails, wellknown, options);
+                }
+                log.debug('Received success response', data);
+                if (data.authorizeResponse) {
+                    // Authorization was successful
+                    return Micro.succeed(data.authorizeResponse);
+                }
+                else {
+                    // This should never be reached, but just in case
+                    return Micro.fail({
+                        error: 'Unknown_Error',
+                        error_description: 'Response schema was not recognized',
+                        type: 'unknown_error',
+                    });
+                }
+            }));
+        }
+        else {
+            /**
+             * If the response mode is not pi.flow, then we are likely using a traditional
+             * redirect based server supporting iframes. An example would be PingAM.
+             *
+             * This returns a Micro that's either the success URL parameters or error URL
+             * parameters.
+             */
+            return Micro.promise(() => store.dispatch(oidcApi.endpoints.authorizeIframe.initiate({ url }))).pipe(Micro.flatMap(({ error, data }) => {
+                if (error) {
+                    // Check for serialized error
+                    if (!('status' in error)) {
+                        // This is a network or fetch error, so return it as-is
+                        return Micro.fail({
+                            error: error.code || 'Unknown_Error',
+                            error_description: error.message || 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    // If there is no data, this is an unknown error
+                    if (!('data' in error)) {
+                        return Micro.fail({
+                            error: 'Unknown_Error',
+                            error_description: 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    const errorDetails = error.data;
+                    // If the error is a configuration issue, return it as-is
+                    if ('statusText' in error && error.statusText === 'CONFIGURATION_ERROR') {
+                        return Micro.fail(errorDetails);
+                    }
+                    // This is an expected error, so combine error with a new Authorize URL
+                    return createAuthorizeErrorµ(errorDetails, wellknown, options);
+                }
+                log.debug('Received success response', data);
+                if (data) {
+                    // Authorization was successful
+                    return Micro.succeed(data);
+                }
+                else {
+                    // This should never be reached, but just in case
+                    return Micro.fail({
+                        error: 'Unknown_Error',
+                        error_description: 'Redirect parameters was not recognized',
+                        type: 'unknown_error',
+                    });
+                }
+            }));
+        }
+    }));
+}
+//# sourceMappingURL=authorize.request.js.map

package/dist/src/lib/authorize.request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAOxC;;;;;;;;;GASG;AACH,MAAM,UAAU,UAAU,CACxB,SAA4B,EAC5B,MAAkB,EAClB,GAAiB,EACjB,KAAkB,EAClB,OAAoC;IAEpC,OAAO,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAC5D,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,EACpE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC,EAC3D,KAAK,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC,CAAC,EACzF,KAAK,CAAC,OAAO,CACX,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,EAAgE,EAAE;QAC/E,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACvC;;;;;;;;;eASG;YACH,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CACxB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CACnE,CAAC,IAAI,CACJ,KAAK,CAAC,OAAO,CACX,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,EAAgE,EAAE;gBAChF,IAAI,KAAK,EAAE,CAAC;oBACV,6BAA6B;oBAC7B,IAAI,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC;wBACzB,uDAAuD;wBACvD,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,eAAe;4BACpC,iBAAiB,EACf,KAAK,CAAC,OAAO,IAAI,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,gDAAgD;oBAChD,IAAI,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,eAAe;4BACtB,iBAAiB,EAAE,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAA0B,CAAC;oBAEtD,yDAAyD;oBACzD,IAAI,YAAY,IAAI,KAAK,IAAI,KAAK,CAAC,UAAU,KAAK,qBAAqB,EAAE,CAAC;wBACxE,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAClC,CAAC;oBAED,0EAA0E;oBAC1E,gEAAgE;oBAChE,MAAM,eAAe,GAAG,OAAO,CAAC;oBAChC,OAAO,eAAe,CAAC,YAAY,CAAC;oBAEpC,2CAA2C;oBAC3C,OAAO,qBAAqB,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;gBACjE,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;gBAE7C,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC3B,+BAA+B;oBAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,iDAAiD;oBACjD,OAAO,KAAK,CAAC,IAAI,CAAC;wBAChB,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,oCAAoC;wBACvD,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN;;;;;;eAMG;YACH,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CACxB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CACpE,CAAC,IAAI,CACJ,KAAK,CAAC,OAAO,CACX,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,EAAgE,EAAE;gBAChF,IAAI,KAAK,EAAE,CAAC;oBACV,6BAA6B;oBAC7B,IAAI,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC;wBACzB,uDAAuD;wBACvD,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,eAAe;4BACpC,iBAAiB,EACf,KAAK,CAAC,OAAO,IAAI,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,gDAAgD;oBAChD,IAAI,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,eAAe;4BACtB,iBAAiB,EAAE,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAA0B,CAAC;oBAEtD,yDAAyD;oBACzD,IAAI,YAAY,IAAI,KAAK,IAAI,KAAK,CAAC,UAAU,KAAK,qBAAqB,EAAE,CAAC;wBACxE,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAClC,CAAC;oBAED,uEAAuE;oBACvE,OAAO,qBAAqB,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;gBACjE,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;gBAE7C,IAAI,IAAI,EAAE,CAAC;oBACT,+BAA+B;oBAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,iDAAiD;oBACjD,OAAO,KAAK,CAAC,IAAI,CAAC;wBAChB,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,wCAAwC;wBAC3D,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CACF,CACF,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/authorize.request.types.d.ts

@@ -0,0 +1,50 @@
+import type { GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+export type BuildAuthorizationData = [string, GetAuthorizationUrlOptions];
+export type OptionalAuthorizeOptions = Partial<GetAuthorizationUrlOptions>;
+export interface AuthorizeErrorResponse {
+    id?: string;
+    code?: string;
+    message?: string;
+    details?: [
+        {
+            code: string;
+            message: string;
+        }
+    ];
+}
+export interface AuthorizeSuccessResponse {
+    _links?: {
+        [key: string]: {
+            href: string;
+        };
+    };
+    _embedded?: {
+        [key: string]: unknown;
+    };
+    id?: string;
+    environment?: {
+        id: string;
+    };
+    session?: {
+        id: string;
+    };
+    resumeUrl?: string;
+    status?: string;
+    createdAt?: string;
+    expiresAt?: string;
+    authorizeResponse?: {
+        code: string;
+        state: string;
+    };
+}
+export interface AuthorizationSuccess {
+    code: string;
+    state: string;
+}
+export interface AuthorizationError {
+    error: string;
+    error_description: string;
+    redirectUrl?: string;
+    type: 'auth_error' | 'argument_error' | 'network_error' | 'unknown_error' | 'wellknown_error';
+}
+//# sourceMappingURL=authorize.request.types.d.ts.map

package/dist/src/lib/authorize.request.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.types.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.types.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAEvE,MAAM,MAAM,sBAAsB,GAAG,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC;AAC1E,MAAM,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAC3E,MAAM,WAAW,sBAAsB;IACrC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE;QACR;YACE,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;SACjB;KACF,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,MAAM,CAAC,EAAE;QACP,CAAC,GAAG,EAAE,MAAM,GAAG;YACb,IAAI,EAAE,MAAM,CAAC;SACd,CAAC;KACH,CAAC;IACF,SAAS,CAAC,EAAE;QACV,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE;QACZ,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;IACF,OAAO,CAAC,EAAE;QACR,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,YAAY,GAAG,gBAAgB,GAAG,eAAe,GAAG,eAAe,GAAG,iBAAiB,CAAC;CAC/F"}

package/dist/src/lib/authorize.request.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=authorize.request.types.js.map

package/dist/src/lib/authorize.request.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.types.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.types.ts"],"names":[],"mappings":""}

package/dist/src/lib/authorize.request.utils.d.ts

@@ -0,0 +1,35 @@
+import { Micro } from 'effect';
+import type { WellknownResponse, GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { AuthorizationError, AuthorizationSuccess, BuildAuthorizationData, OptionalAuthorizeOptions } from './authorize.request.types.js';
+import type { OidcConfig } from './config.types.js';
+/**
+ * @function buildAuthorizeOptionsµ
+ * @description Builds the authorization options for the OIDC client.
+ * @param {WellknownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OptionalAuthorizeOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<BuildAuthorizationData, AuthorizationError, never>}
+ */
+export declare function buildAuthorizeOptionsµ(wellknown: WellknownResponse, config: OidcConfig, options?: OptionalAuthorizeOptions): Micro.Micro<BuildAuthorizationData, AuthorizationError, never>;
+/**
+ * @function createAuthorizeErrorµ
+ * @description Creates an error response with new Authorize URL for the authorization request.
+ * @param { error: string; error_description: string } res - The error response from the authorization request.
+ * @param {WellknownResponse} wellknown- The well-known configuration for the OIDC server.
+ * @param { OidcConfig } config- The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options- Optional parameters for the authorization request.
+ * @returns { Micro.Micro<never, AuthorizationError, never> }
+ */
+export declare function createAuthorizeErrorµ(res: {
+    error: string;
+    error_description: string;
+}, wellknown: WellknownResponse, options: GetAuthorizationUrlOptions): Micro.Micro<never, AuthorizationError, never>;
+/**
+ * @function createAuthorizeUrlµ
+ * @description Creates an authorization URL and related options/config for the Authorize request.
+ * @param {string} path - The path to the authorization endpoint.
+ * @param { GetAuthorizationUrlOptions } options - Optional parameters for the authorization request.
+ * @returns { Micro.Micro<[string, GetAuthorizationUrlOptions], AuthorizationError, never> }
+ */
+export declare function createAuthorizeUrlµ(path: string, options: GetAuthorizationUrlOptions): Micro.Micro<[string, GetAuthorizationUrlOptions], AuthorizationError, never>;
+export declare function handleResponseµ(response: AuthorizationSuccess | AuthorizationError, wellknown: WellknownResponse, options: GetAuthorizationUrlOptions): Micro.Micro<AuthorizationSuccess, AuthorizationError, never>;
+//# sourceMappingURL=authorize.request.utils.d.ts.map

package/dist/src/lib/authorize.request.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.utils.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,KAAK,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EACV,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,EACzB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,wBAAwB,GACjC,KAAK,CAAC,KAAK,CAAC,sBAAsB,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAehE;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAA;CAAE,EACjD,SAAS,EAAE,iBAAiB,EAC5B,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,kBAAkB,EAAE,KAAK,CAAC,CA2B/C;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,0BAA0B,CAAC,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAqB9E;AAED,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,oBAAoB,GAAG,kBAAkB,EACnD,SAAS,EAAE,iBAAiB,EAC5B,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,oBAAoB,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAM9D"}