@globus/sdk 3.9.0 → 4.0.0-rc.2

package/esm/index.js

@@ -1,80 +0,0 @@
-/**
- * @module @globus/sdk
- * @description `@globus/sdk` provides modules for interacting with the various APIs that make up the Globus platform.
- *
- * ### Key Concepts
- * - All service methods return a `Promise` that resolves to a [Fetch API Response object](https://developer.mozilla.org/en-US/docs/Web/API/Response).
- *    - Under the hood, we are returning the result of a composed [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/fetch).
- * - All service methods accept a `ServiceMethodOptions` object to pass query parameters, a payload, and headers.
- * - All service methods support a tail argument to pass options to the SDK, including the composed `fetch` call.
- *
- * #### Service Method Names
- *
- * Basic CRUD operations provided by services are exposed as the following:
- *
- * | Service Method Name | HTTP Method | Description                  | Example |
- * | --------------------| ----------- | ---------------------------- | ------- |
- * | `get`               | `GET`       | Fetch a single resource.     | `transfer.endpoint.get()` |
- * | `getAll`            | `GET`       | Fetch a list of resources.   | `flows.flows.getAll()`    |
- * | `create`            | `POST`      | Create a new resource.       | `gcs.roles.create()`      |
- * | `update`            | `PUT`       | Update an existing resource. | `gcs.endpoint.update()`   |
- * | `patch`             | `PATCH`     | Update an existing resource. | `gcs.endpoint.patch()`    |
- * | `remove`            | `DELETE`    | Delete an existing resource. | `gcs.collections.remove()`|
- *
- * Methods that do not map to obvious CRUD operations are named according to the resource. i.e., `groups.groups.getMyGroups()`, `transfer.endpointSearch()`, `search.query.post()`
- *
- * @example <caption>Using the SDK to search for endpoints via Transfer API.</caption>
- * import { transfer } from "@globus/sdk";
- *
- * const result = await (
- *   await globus.transfer.endpointSearch(
- *     {
- *        query: { filter_fulltext: "Globus Tutorial" }
- *        headers: {
- *          Authorization: "Bearer MY_ACCESS_TOKEN",
- *        },
- *     },
- *     {
- *       fetch: {
- *         // Provide parameters to the underlying `fetch` call.
- *         // https://developer.mozilla.org/en-US/docs/Web/API/fetch#parameters
- *         options: {
- *           priority: "high"
- *         },
- *       },
- *     }
- *   )
- * ).json();
- *
- * @example <caption>Using the SDK to fetch a single flow from the Flows API.</caption>
- * import { flows } from "@globus/sdk";
- *
- * const result = await (await flows.flows.get("452bbea3-5e3b-45a5-af08-50179839a4e8")).json();
- */
-/// <reference types="@globus/types" />
-/// <reference types="@globus/types/auth" />
-/// <reference types="@globus/types/transfer" />
-/// <reference types="@globus/types/search" />
-/**
- * Core
- */
-export * as info from './lib/core/info/index.js';
-export * as logger from './lib/core/logger.js';
-export * as authorization from './lib/core/authorization/index.js';
-export * as errors from './lib/core/errors.js';
-/**
- * Services
- */
-export * as auth from './lib/services/auth/index.js';
-export * as transfer from './lib/services/transfer/index.js';
-export * as search from './lib/services/search/index.js';
-export * as groups from './lib/services/groups/index.js';
-export * as flows from './lib/services/flows/index.js';
-export * as gcs from './lib/services/globus-connect-server/index.js';
-export * as timer from './lib/services/timer/index.js';
-export * as compute from './lib/services/compute/index.js';
-/**
- * Applications
- */
-export * as webapp from './lib/apps/web.js';
-//# sourceMappingURL=index.js.map

package/esm/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AAEH,uCAAuC;AACvC,4CAA4C;AAC5C,gDAAgD;AAChD,8CAA8C;AAE9C;;GAEG;AACH,OAAO,KAAK,IAAI,MAAM,0BAA0B,CAAC;AACjD,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,aAAa,MAAM,mCAAmC,CAAC;AACnE,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAE/C;;GAEG;AAEH,OAAO,KAAK,IAAI,MAAM,8BAA8B,CAAC;AACrD,OAAO,KAAK,QAAQ,MAAM,kCAAkC,CAAC;AAC7D,OAAO,KAAK,MAAM,MAAM,gCAAgC,CAAC;AACzD,OAAO,KAAK,MAAM,MAAM,gCAAgC,CAAC;AACzD,OAAO,KAAK,KAAK,MAAM,+BAA+B,CAAC;AACvD,OAAO,KAAK,GAAG,MAAM,+CAA+C,CAAC;AACrE,OAAO,KAAK,KAAK,MAAM,+BAA+B,CAAC;AACvD,OAAO,KAAK,OAAO,MAAM,iCAAiC,CAAC;AAE3D;;GAEG;AAEH,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAC"}

package/esm/lib/apps/web.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"web.d.ts","sourceRoot":"","sources":["../../../../src/lib/apps/web.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,KAAK,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAO7C,CAAC;AAEF;;GAEG;AACH,wBAAgB,IAAI,CAAC,GAAG,GAAE,WAA8B,UAEvD;AAED;;GAEG;AACH,wBAAgB,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,UAAU,OAEzD;AAED,KAAK,mBAAmB,GAAG,MAAM,GAAG,YAAY,GAAG,UAAU,CAAC;AAQ9D;;;;;;GAMG;AACH,wBAAgB,MAAM,CACpB,UAAU,EAAE,mBAAmB,EAC/B,QAAQ,CAAC,EAAE,MAAM,EAAE,EACnB,UAAU,CAAC,EAAE,UAAU,OAIxB"}

package/esm/lib/apps/web.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"web.js","sourceRoot":"","sources":["../../../../src/lib/apps/web.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAoB,MAAM,mBAAmB,CAAC;AAGrE;;GAEG;AACH,MAAM,CAAC,MAAM,KAAK,GAAgC;IAChD,WAAW,EAAE,+BAA+B;IAC5C,OAAO,EAAE,2BAA2B;IACpC,IAAI,EAAE,wBAAwB;IAC9B,OAAO,EAAE,2BAA2B;IACpC,OAAO,EAAE,wBAAwB;IACjC,UAAU,EAAE,gBAAgB;CAC7B,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,IAAI,CAAC,MAAmB,cAAc,EAAE;IACtD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,GAAG,CAAC,IAAa,EAAE,UAAuB;IACxD,OAAO,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,WAAW,IAAI,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,WAAW,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAID,MAAM,WAAW,GAAwC;IACvD,IAAI,EAAE,uBAAuB;IAC7B,UAAU,EAAE,uCAAuC;IACnD,QAAQ,EAAE,uCAAuC;CAClD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,MAAM,CACpB,UAA+B,EAC/B,QAAmB,EACnB,UAAuB;IAEvB,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAC,GAAG,CAAC,KAAI,EAAE,CAAC,CAAC;IAC/E,OAAO,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC/B,CAAC"}

package/esm/lib/core/authorization/AuthorizationManager.d.ts

@@ -1,189 +0,0 @@
-import type IConfig from 'js-pkce/dist/IConfig';
-import { Event } from './Event.js';
-import { RedirectTransportOptions, GetTokenOptions } from './RedirectTransport.js';
-import { TokenLookup } from './TokenLookup.js';
-import { AuthorizationRequirementsError, ConsentRequiredError } from '../errors.js';
-import type { JwtUserInfo, Token, TokenResponse, TokenWithRefresh } from '../../services/auth/types.js';
-export type AuthorizationManagerConfiguration = {
-    client: IConfig['client_id'];
-    scopes?: IConfig['requested_scopes'];
-    redirect: IConfig['redirect_uri'];
-    /**
-     * @private
-     * @default DEFAULT_CONFIGURATION.useRefreshTokens
-     */
-    useRefreshTokens?: boolean;
-    /**
-     * @private
-     * @default DEFAULT_CONFIGURATION.defaultScopes
-     */
-    defaultScopes?: string | false;
-    /**
-     * Provide an object with event listeners to attach to the instance.
-     * This is useful if you need to listen to events that might dispatch immediately
-     * after the creation of the instance (constructor), e.g., the `authenticated`.
-     */
-    events?: Partial<{
-        [Event in keyof AuthorizationManager['events']]: Parameters<AuthorizationManager['events'][Event]['addListener']>[0];
-    }>;
-};
-/**
- * Provides management of Globus authorization context for your application.
- * - Handles the OAuth protcol flow (via PKCE)
- * - Token lifecycle management
- * - Common errors (e.g., `ConsentRequired`, `authorization_requirements`)
- *
- * Once you configure your instance, you can determine the authenticated state using `manager.authenticated`.
- *
- * To prompt a user to authenticate, call `manager.login()` on user interaction – this will initiate the OAuth protocol flow with your configured client and scopes, resulting in an initial redirect to Globus Auth.
- *
- * Once the user authenticates with Globus Auth, they will be redirected to your application using the configured `redirect` URL. On this URL, you will need to call `manager.handleCodeRedirect` (using a manager instance configured in the same manner that initiated the `manager.login()` call) to complete the PKCE flow, exchanging the provided code for a valid token, or tokens.
- *
- * All tokens managed by the `AuthorizationManager` instance can be found on `manager.token`.
- *
- * ### Registering your Globus Application
- *
- * The `AuthorizationManager` expects your Globus Application to be registered as an OAuth public client.
- * In this Globus Web Application, this option is referenced as "_Register a thick client or script that will be installed and run by users on their devices_".
- *
- * @example <caption>Creating an AuthorizationManager instance.</caption>
- * import { authorization } from "globus/sdk";
- *
- * const manager = authorization.create({
- *  // Your registered Globus Application client ID.
- *  client: '...',
- *  // The redirect URL for your application; Where you will call `manager.handleCodeRedirect()`
- *  redirect: 'https://example.com/callback',
- *  // Known scopes required by your application.
- *  scopes: 'urn:globus:auth:scope:transfer.api.globus.org:all',
- * });
- */
-export declare class AuthorizationManager {
-    #private;
-    configuration: AuthorizationManagerConfiguration;
-    /**
-     * The `AuthorizationManager` is considered `authenticated` if it has a valid Globus Auth token.
-     * It does not necessarily mean that it has a valid token for a specific resource server.
-     */
-    get authenticated(): boolean;
-    /**
-     * Set the authenticated state and emit the `authenticated` event.
-     */
-    set authenticated(value: boolean);
-    tokens: TokenLookup;
-    events: {
-        /**
-         * Emitted when the authenticated state changes.
-         * @event AuthorizationManager.events#authenticated
-         * @type {object}
-         * @property {boolean} isAuthenticated - Whether the `AuthorizationManager` is authenticated.
-         * @property {TokenResponse} [token] - The token response if the `AuthorizationManager` is authenticated.
-         */
-        authenticated: Event<"authenticated", {
-            /**
-             * Whether the `AuthorizationManager` is authenticated.
-             * @see {@link AuthorizationManager.authenticated}
-             */
-            isAuthenticated: boolean;
-            token?: TokenResponse;
-        }>;
-        /**
-         * Emitted when the user revokes their authentication.
-         * @event AuthorizationManager.events#revoke
-         */
-        revoke: Event<"revoke", unknown>;
-    };
-    constructor(configuration: AuthorizationManagerConfiguration);
-    get storageKeyPrefix(): string;
-    /**
-     * The user information decoded from the `id_token` (JWT) of the current Globus Auth token.
-     * This method can be used instead of `auth.oauth2.userinfo` to get the user information without an additional request.
-     *
-     * **IMPORTANT**: The `id_token` can only be processed if the `openid` scope is requested during the authorization process.
-     *
-     * Additionally, the `profile` and `email` scopes are required to get the full user information.
-     *
-     * @see {@link https://docs.globus.org/api/auth/reference/#oidc_userinfo_endpoint}
-     */
-    get user(): JwtUserInfo | null;
-    /**
-     * Attempt to refresh all of the tokens managed by the instance.
-     * This method will only attempt to refresh tokens that have a `refresh_token` attribute.
-     */
-    refreshTokens(): Promise<PromiseSettledResult<TokenResponse | null>[]>;
-    /**
-     * Use the `refresh_token` attribute of a token to obtain a new access token.
-     * @param token The well-formed token with a `refresh_token` attribute.
-     */
-    refreshToken(token: TokenWithRefresh): Promise<TokenResponse | null>;
-    /**
-     * Whether or not the instance has a reference to a Globus Auth token.
-     */
-    hasGlobusAuthToken(): boolean;
-    /**
-     * Retrieve the Globus Auth token managed by the instance.
-     */
-    getGlobusAuthToken(): any;
-    /**
-     * Reset the authenticated state and clear all tokens from storage.
-     * This method **does not** emit the `revoke` event. If you need to emit the `revoke` event, use the `AuthorizationManager.revoke` method.
-     */
-    reset(): void;
-    /**
-     * Initiate the login process by redirecting to the Globus Auth login page.
-     */
-    login(options?: {
-        additionalParams: {};
-    }): void;
-    /**
-     * This method will attempt to complete the PKCE protocol flow.
-     */
-    handleCodeRedirect(options?: {
-        shouldReplace: GetTokenOptions['shouldReplace'];
-        additionalParams?: RedirectTransportOptions['params'];
-    }): Promise<void>;
-    /**
-     * Handle an error response from a Globus service in the context of this `AuthorizationManager`.
-     * This method will introspect the response and attempt to handle any errors that should result
-     * in some additional Globus Auth interaction.
-     * @param response The error response from a Globus service.
-     * @param {object|boolean} options Options for handling the error response. If a boolean is provided, this will be treated as the `options.execute` value.
-     * @param options.execute Whether to execute the handler immediately.
-     * @param options.additionalParms Additional query parameters to be included with the transport generated URL.
-     */
-    handleErrorResponse(response: Record<string, unknown>, options?: {
-        execute?: true;
-        additionalParams?: RedirectTransportOptions['params'];
-    } | true): void;
-    handleErrorResponse(response: Record<string, unknown>, options?: {
-        execute?: false;
-        additionalParams?: RedirectTransportOptions['params'];
-    } | false): () => void;
-    /**
-     * Process a well-formed Authorization Requirements error response from a Globus service
-     * and redirect the user to the Globus Auth login page with the necessary parameters.
-     */
-    handleAuthorizationRequirementsError(response: AuthorizationRequirementsError, options?: {
-        additionalParams?: RedirectTransportOptions['params'];
-    }): void;
-    /**
-     * Process a well-formed `ConsentRequired` error response from a Globus service
-     * and redirect the user to the Globus Auth login page with the necessary parameters.
-     */
-    handleConsentRequiredError(response: ConsentRequiredError, options?: {
-        additionalParams?: RedirectTransportOptions['params'];
-    }): void;
-    /**
-     * Add a Globus Auth token response to storage, if `other_tokens` are present they are also added.
-     * This method is mostly used internally by the `AuthorizationManager`, but can be used by downstream
-     * consumers to add tokens to storage if necessary.
-     */
-    addTokenResponse: (token: Token | TokenResponse) => void;
-    /**
-     * Call `AuthroizationManager.reset`, revoke all of the available tokns, and emit the `revoke` event.
-     * @emits AuthorizationManager.events#revoke
-     * @see AuthorizationManager.reset
-     */
-    revoke(): Promise<void>;
-}
-//# sourceMappingURL=AuthorizationManager.d.ts.map

package/esm/lib/core/authorization/AuthorizationManager.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthorizationManager.d.ts","sourceRoot":"","sources":["../../../../../src/lib/core/authorization/AuthorizationManager.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,OAAO,MAAM,sBAAsB,CAAC;AAahD,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EACL,wBAAwB,EACxB,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAGL,8BAA8B,EAC9B,oBAAoB,EAErB,MAAM,cAAc,CAAC;AAEtB,OAAO,KAAK,EACV,WAAW,EACX,KAAK,EACL,aAAa,EACb,gBAAgB,EACjB,MAAM,8BAA8B,CAAC;AAEtC,MAAM,MAAM,iCAAiC,GAAG;IAC9C,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7B,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACrC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAC/B;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;SACd,KAAK,IAAI,MAAM,oBAAoB,CAAC,QAAQ,CAAC,GAAG,UAAU,CACzD,oBAAoB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,aAAa,CAAC,CACrD,CAAC,CAAC,CAAC;KACL,CAAC,CAAC;CACJ,CAAC;AAYF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,qBAAa,oBAAoB;;IAG/B,aAAa,EAAE,iCAAiC,CAAC;IAIjD;;;OAGG;IACH,IAAI,aAAa,IAOQ,OAAO,CAL/B;IAED;;OAEG;IACH,IAAI,aAAa,CAAC,KAAK,EAAE,OAAO,EAS/B;IAED,MAAM,EAAE,WAAW,CAAC;IAEpB,MAAM;QACJ;;;;;;WAMG;;YAIC;;;eAGG;6BACc,OAAO;oBAChB,aAAa;;QAGzB;;;WAGG;;MAEH;gBAEU,aAAa,EAAE,iCAAiC;IA0C5D,IAAI,gBAAgB,WAEnB;IAED;;;;;;;;;OASG;IACH,IAAI,IAAI,uBAGP;IAED;;;OAGG;IACG,aAAa;IAcnB;;;OAGG;IACG,YAAY,CAAC,KAAK,EAAE,gBAAgB;IAsB1C;;OAEG;IACH,kBAAkB;IAIlB;;OAEG;IACH,kBAAkB;IAqBlB;;;OAGG;IACH,KAAK;IAuCL;;OAEG;IACH,KAAK,CAAC,OAAO;;KAA2B;IAUxC;;OAEG;IACG,kBAAkB,CACtB,OAAO,GAAE;QACP,aAAa,EAAE,eAAe,CAAC,eAAe,CAAC,CAAC;QAChD,gBAAgB,CAAC,EAAE,wBAAwB,CAAC,QAAQ,CAAC,CAAC;KACP;IAenD;;;;;;;;OAQG;IACH,mBAAmB,CACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,IAAI,CAAC;QAAC,gBAAgB,CAAC,EAAE,wBAAwB,CAAC,QAAQ,CAAC,CAAA;KAAE,GAAG,IAAI,GACzF,IAAI;IACP,mBAAmB,CACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,KAAK,CAAC;QAAC,gBAAgB,CAAC,EAAE,wBAAwB,CAAC,QAAQ,CAAC,CAAA;KAAE,GAAG,KAAK,GAC3F,MAAM,IAAI;IA4Cb;;;OAGG;IACH,oCAAoC,CAClC,QAAQ,EAAE,8BAA8B,EACxC,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,wBAAwB,CAAC,QAAQ,CAAC,CAAA;KAAE;IAYrE;;;OAGG;IACH,0BAA0B,CACxB,QAAQ,EAAE,oBAAoB,EAC9B,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,wBAAwB,CAAC,QAAQ,CAAC,CAAA;KAAE;IAWrE;;;;OAIG;IACH,gBAAgB,UAAW,KAAK,GAAG,aAAa,UAM9C;IAEF;;;;OAIG;IACG,MAAM;CAoBb"}

package/esm/lib/core/authorization/AuthorizationManager.js

@@ -1,357 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
-    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
-};
-var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
-    if (kind === "m") throw new TypeError("Private method is not writable");
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
-    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
-};
-var _AuthorizationManager_instances, _AuthorizationManager_transport, _AuthorizationManager_authenticated, _AuthorizationManager_checkAuthorizationState, _AuthorizationManager_emitAuthenticatedState, _AuthorizationManager_withOfflineAccess, _AuthorizationManager_buildTransport, _AuthorizationManager_revokeToken;
-import { jwtDecode } from 'jwt-decode';
-import { getAuthorizationEndpoint, getTokenEndpoint, isGlobusAuthTokenResponse, isRefreshToken, oauth2, } from '../../services/auth/index.js';
-import { createStorage, getStorage } from '../storage/index.js';
-import { log } from '../logger.js';
-import { Event } from './Event.js';
-import { RedirectTransport, } from './RedirectTransport.js';
-import { TokenLookup } from './TokenLookup.js';
-import { isConsentRequiredError, isAuthorizationRequirementsError, toAuthorizationQueryParams, } from '../errors.js';
-const DEFAULT_CONFIGURATION = {
-    useRefreshTokens: false,
-    defaultScopes: 'openid profile email',
-};
-const DEFAULT_HANDLE_ERROR_OPTIONS = {
-    execute: true,
-    additionalParams: undefined,
-};
-/**
- * Provides management of Globus authorization context for your application.
- * - Handles the OAuth protcol flow (via PKCE)
- * - Token lifecycle management
- * - Common errors (e.g., `ConsentRequired`, `authorization_requirements`)
- *
- * Once you configure your instance, you can determine the authenticated state using `manager.authenticated`.
- *
- * To prompt a user to authenticate, call `manager.login()` on user interaction – this will initiate the OAuth protocol flow with your configured client and scopes, resulting in an initial redirect to Globus Auth.
- *
- * Once the user authenticates with Globus Auth, they will be redirected to your application using the configured `redirect` URL. On this URL, you will need to call `manager.handleCodeRedirect` (using a manager instance configured in the same manner that initiated the `manager.login()` call) to complete the PKCE flow, exchanging the provided code for a valid token, or tokens.
- *
- * All tokens managed by the `AuthorizationManager` instance can be found on `manager.token`.
- *
- * ### Registering your Globus Application
- *
- * The `AuthorizationManager` expects your Globus Application to be registered as an OAuth public client.
- * In this Globus Web Application, this option is referenced as "_Register a thick client or script that will be installed and run by users on their devices_".
- *
- * @example <caption>Creating an AuthorizationManager instance.</caption>
- * import { authorization } from "globus/sdk";
- *
- * const manager = authorization.create({
- *  // Your registered Globus Application client ID.
- *  client: '...',
- *  // The redirect URL for your application; Where you will call `manager.handleCodeRedirect()`
- *  redirect: 'https://example.com/callback',
- *  // Known scopes required by your application.
- *  scopes: 'urn:globus:auth:scope:transfer.api.globus.org:all',
- * });
- */
-export class AuthorizationManager {
-    /**
-     * The `AuthorizationManager` is considered `authenticated` if it has a valid Globus Auth token.
-     * It does not necessarily mean that it has a valid token for a specific resource server.
-     */
-    get authenticated() {
-        return __classPrivateFieldGet(this, _AuthorizationManager_authenticated, "f");
-    }
-    /**
-     * Set the authenticated state and emit the `authenticated` event.
-     */
-    set authenticated(value) {
-        /**
-         * Avoid emitting the event if the value hasn't changed.
-         */
-        if (value === __classPrivateFieldGet(this, _AuthorizationManager_authenticated, "f")) {
-            return;
-        }
-        __classPrivateFieldSet(this, _AuthorizationManager_authenticated, value, "f");
-        __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_emitAuthenticatedState).call(this);
-    }
-    constructor(configuration) {
-        var _a;
-        _AuthorizationManager_instances.add(this);
-        _AuthorizationManager_transport.set(this, void 0);
-        _AuthorizationManager_authenticated.set(this, false);
-        this.events = {
-            /**
-             * Emitted when the authenticated state changes.
-             * @event AuthorizationManager.events#authenticated
-             * @type {object}
-             * @property {boolean} isAuthenticated - Whether the `AuthorizationManager` is authenticated.
-             * @property {TokenResponse} [token] - The token response if the `AuthorizationManager` is authenticated.
-             */
-            authenticated: new Event('authenticated'),
-            /**
-             * Emitted when the user revokes their authentication.
-             * @event AuthorizationManager.events#revoke
-             */
-            revoke: new Event('revoke'),
-        };
-        /**
-         * Add a Globus Auth token response to storage, if `other_tokens` are present they are also added.
-         * This method is mostly used internally by the `AuthorizationManager`, but can be used by downstream
-         * consumers to add tokens to storage if necessary.
-         */
-        this.addTokenResponse = (token) => {
-            var _a;
-            getStorage().set(`${this.configuration.client}:${token.resource_server}`, token);
-            if ('other_tokens' in token) {
-                (_a = token.other_tokens) === null || _a === void 0 ? void 0 : _a.forEach(this.addTokenResponse);
-            }
-            __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_checkAuthorizationState).call(this);
-        };
-        /**
-         * @todo Add support for passing in an alternative storage mechanism.
-         */
-        createStorage('localStorage');
-        if (!configuration.client) {
-            throw new Error('You must provide a `client` for your application.');
-        }
-        /**
-         * Inject the `openid`, `profile`, `email`, and `offline_access` scopes by default unless
-         * explicitly opted out of.
-         */
-        const scopes = configuration.defaultScopes === false
-            ? ''
-            : ((_a = configuration.defaultScopes) !== null && _a !== void 0 ? _a : DEFAULT_CONFIGURATION.defaultScopes);
-        this.configuration = Object.assign(Object.assign(Object.assign({}, DEFAULT_CONFIGURATION), configuration), { scopes: [configuration.scopes ? configuration.scopes : '', scopes]
-                .filter((s) => s.length)
-                .join(' ') });
-        /**
-         * If an `events` object is provided, add the listeners to the instance before
-         * any event might be dispatched.
-         */
-        if (this.configuration.events) {
-            Object.entries(this.configuration.events).forEach(([name, callback]) => {
-                if (name in this.events) {
-                    this.events[name].addListener(callback);
-                }
-            });
-        }
-        this.tokens = new TokenLookup({
-            manager: this,
-        });
-        __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_checkAuthorizationState).call(this);
-    }
-    get storageKeyPrefix() {
-        return `${this.configuration.client}:`;
-    }
-    /**
-     * The user information decoded from the `id_token` (JWT) of the current Globus Auth token.
-     * This method can be used instead of `auth.oauth2.userinfo` to get the user information without an additional request.
-     *
-     * **IMPORTANT**: The `id_token` can only be processed if the `openid` scope is requested during the authorization process.
-     *
-     * Additionally, the `profile` and `email` scopes are required to get the full user information.
-     *
-     * @see {@link https://docs.globus.org/api/auth/reference/#oidc_userinfo_endpoint}
-     */
-    get user() {
-        const token = this.getGlobusAuthToken();
-        return token && token.id_token ? jwtDecode(token.id_token) : null;
-    }
-    /**
-     * Attempt to refresh all of the tokens managed by the instance.
-     * This method will only attempt to refresh tokens that have a `refresh_token` attribute.
-     */
-    refreshTokens() {
-        return __awaiter(this, void 0, void 0, function* () {
-            log('debug', 'AuthorizationManager.refreshTokens');
-            const tokens = yield Promise.allSettled(this.tokens.getAll().map((token) => {
-                if (isRefreshToken(token)) {
-                    return this.refreshToken(token);
-                }
-                return Promise.resolve(null);
-            }));
-            __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_checkAuthorizationState).call(this);
-            return tokens;
-        });
-    }
-    /**
-     * Use the `refresh_token` attribute of a token to obtain a new access token.
-     * @param token The well-formed token with a `refresh_token` attribute.
-     */
-    refreshToken(token) {
-        return __awaiter(this, void 0, void 0, function* () {
-            log('debug', `AuthorizationManager.refreshToken | resource_server=${token.resource_server}`);
-            try {
-                const response = yield (yield oauth2.token.refresh({
-                    payload: {
-                        client_id: this.configuration.client,
-                        refresh_token: token.refresh_token,
-                        grant_type: 'refresh_token',
-                    },
-                })).json();
-                if (isGlobusAuthTokenResponse(response)) {
-                    this.addTokenResponse(response);
-                    return response;
-                }
-            }
-            catch (error) {
-                log('error', `AuthorizationManager.refreshToken | resource_server=${token.resource_server}`);
-            }
-            return null;
-        });
-    }
-    /**
-     * Whether or not the instance has a reference to a Globus Auth token.
-     */
-    hasGlobusAuthToken() {
-        return this.getGlobusAuthToken() !== null;
-    }
-    /**
-     * Retrieve the Globus Auth token managed by the instance.
-     */
-    getGlobusAuthToken() {
-        const entry = getStorage().get(`${this.storageKeyPrefix}auth.globus.org`);
-        return entry ? JSON.parse(entry) : null;
-    }
-    /**
-     * Reset the authenticated state and clear all tokens from storage.
-     * This method **does not** emit the `revoke` event. If you need to emit the `revoke` event, use the `AuthorizationManager.revoke` method.
-     */
-    reset() {
-        getStorage()
-            .keys()
-            .forEach((key) => {
-            if (key.startsWith(this.storageKeyPrefix)) {
-                getStorage().remove(key);
-            }
-        });
-        this.authenticated = false;
-    }
-    /**
-     * Initiate the login process by redirecting to the Globus Auth login page.
-     */
-    login(options = { additionalParams: {} }) {
-        log('debug', 'AuthorizationManager.login');
-        this.reset();
-        /**
-         * In the future, it's possible that we may want to support different types of transports.
-         */
-        const transport = __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_buildTransport).call(this, { params: options === null || options === void 0 ? void 0 : options.additionalParams });
-        transport.send();
-    }
-    /**
-     * This method will attempt to complete the PKCE protocol flow.
-     */
-    handleCodeRedirect() {
-        return __awaiter(this, arguments, void 0, function* (options = { shouldReplace: true, additionalParams: {} }) {
-            log('debug', 'AuthorizationManager.handleCodeRedirect');
-            const response = yield __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_buildTransport).call(this, { params: options === null || options === void 0 ? void 0 : options.additionalParams }).getToken({
-                shouldReplace: options === null || options === void 0 ? void 0 : options.shouldReplace,
-            });
-            if (isGlobusAuthTokenResponse(response)) {
-                log('debug', `AuthorizationManager.handleCodeRedirect | response=${JSON.stringify(response)}`);
-                this.addTokenResponse(response);
-            }
-        });
-    }
-    handleErrorResponse(response, options) {
-        const opts = typeof options === 'boolean'
-            ? Object.assign(Object.assign({}, DEFAULT_HANDLE_ERROR_OPTIONS), { execute: options }) : Object.assign(Object.assign({}, DEFAULT_HANDLE_ERROR_OPTIONS), options);
-        log('debug', `AuthorizationManager.handleErrorResponse | response=${JSON.stringify(response)} execute=${opts.execute}`);
-        let handler = () => { };
-        if (isAuthorizationRequirementsError(response)) {
-            log('debug', 'AuthorizationManager.handleErrorResponse | error=AuthorizationRequirementsError');
-            handler = () => this.handleAuthorizationRequirementsError(response, {
-                additionalParams: opts.additionalParams,
-            });
-        }
-        if (isConsentRequiredError(response)) {
-            log('debug', 'AuthorizationManager.handleErrorResponse | error=ConsentRequiredError');
-            handler = () => this.handleConsentRequiredError(response, { additionalParams: opts.additionalParams });
-        }
-        if ('code' in response && response['code'] === 'AuthenticationFailed') {
-            log('debug', 'AuthorizationManager.handleErrorResponse | error=AuthenticationFailed');
-            handler = () => this.revoke();
-        }
-        return opts.execute === true ? handler() : handler;
-    }
-    /**
-     * Process a well-formed Authorization Requirements error response from a Globus service
-     * and redirect the user to the Globus Auth login page with the necessary parameters.
-     */
-    handleAuthorizationRequirementsError(response, options) {
-        __classPrivateFieldSet(this, _AuthorizationManager_transport, __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_buildTransport).call(this, {
-            params: Object.assign(Object.assign({ prompt: 'login' }, toAuthorizationQueryParams(response)), options === null || options === void 0 ? void 0 : options.additionalParams),
-        }), "f");
-        __classPrivateFieldGet(this, _AuthorizationManager_transport, "f").send();
-    }
-    /**
-     * Process a well-formed `ConsentRequired` error response from a Globus service
-     * and redirect the user to the Globus Auth login page with the necessary parameters.
-     */
-    handleConsentRequiredError(response, options) {
-        __classPrivateFieldSet(this, _AuthorizationManager_transport, __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_buildTransport).call(this, {
-            requested_scopes: __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_withOfflineAccess).call(this, response.required_scopes.join(' ')),
-            params: Object.assign({}, options === null || options === void 0 ? void 0 : options.additionalParams),
-        }), "f");
-        __classPrivateFieldGet(this, _AuthorizationManager_transport, "f").send();
-    }
-    /**
-     * Call `AuthroizationManager.reset`, revoke all of the available tokns, and emit the `revoke` event.
-     * @emits AuthorizationManager.events#revoke
-     * @see AuthorizationManager.reset
-     */
-    revoke() {
-        return __awaiter(this, void 0, void 0, function* () {
-            log('debug', 'AuthorizationManager.revoke');
-            const revocation = Promise.all(this.tokens.getAll().map(__classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_revokeToken).bind(this)));
-            this.reset();
-            yield revocation;
-            yield this.events.revoke.dispatch();
-        });
-    }
-}
-_AuthorizationManager_transport = new WeakMap(), _AuthorizationManager_authenticated = new WeakMap(), _AuthorizationManager_instances = new WeakSet(), _AuthorizationManager_checkAuthorizationState = function _AuthorizationManager_checkAuthorizationState() {
-    log('debug', 'AuthorizationManager.#checkAuthorizationState');
-    if (this.hasGlobusAuthToken()) {
-        this.authenticated = true;
-    }
-}, _AuthorizationManager_emitAuthenticatedState = function _AuthorizationManager_emitAuthenticatedState() {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a;
-        const isAuthenticated = this.authenticated;
-        const token = (_a = this.getGlobusAuthToken()) !== null && _a !== void 0 ? _a : undefined;
-        yield this.events.authenticated.dispatch({
-            isAuthenticated,
-            token,
-        });
-    });
-}, _AuthorizationManager_withOfflineAccess = function _AuthorizationManager_withOfflineAccess(scopes) {
-    return `${scopes}${this.configuration.useRefreshTokens ? ' offline_access' : ''}`;
-}, _AuthorizationManager_buildTransport = function _AuthorizationManager_buildTransport(overrides) {
-    var _a;
-    const scopes = __classPrivateFieldGet(this, _AuthorizationManager_instances, "m", _AuthorizationManager_withOfflineAccess).call(this, (_a = overrides === null || overrides === void 0 ? void 0 : overrides.requested_scopes) !== null && _a !== void 0 ? _a : (this.configuration.scopes || ''));
-    return new RedirectTransport(Object.assign({ client_id: this.configuration.client, authorization_endpoint: getAuthorizationEndpoint(), token_endpoint: getTokenEndpoint(), redirect_uri: this.configuration.redirect, requested_scopes: scopes }, overrides));
-}, _AuthorizationManager_revokeToken = function _AuthorizationManager_revokeToken(token) {
-    log('debug', `AuthorizationManager.revokeToken | resource_server=${token.resource_server}`);
-    return oauth2.token.revoke({
-        payload: {
-            client_id: this.configuration.client,
-            token: token.access_token,
-        },
-    });
-};
-//# sourceMappingURL=AuthorizationManager.js.map