npm - @globus/sdk - Versions diffs - 6.0.0-rc.7 → 6.0.0-rc.8 - Mend

@globus/sdk 6.0.0-rc.7 → 6.0.0-rc.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/cjs/core/authorization/index.js CHANGED Viewed

@@ -647,16 +647,23 @@ async function generateCodeChallenge(verifier) {
 function generateState() {
   return Array.from(getCrypto().getRandomValues(new Uint8Array(16))).map((v) => CHARSET[v % CHARSET.length]).join("");
 }
-// src/core/authorization/RedirectTransport.ts
 var KEYS = {
   PKCE_STATE: "pkce_state",
   PKCE_CODE_VERIFIER: "pkce_code_verifier"
 };
-function resetPKCE() {
-  sessionStorage.removeItem(KEYS.PKCE_STATE);
-  sessionStorage.removeItem(KEYS.PKCE_CODE_VERIFIER);
-}
+var store = {
+  getKey(key) {
+    return key === "state" ? KEYS.PKCE_STATE : KEYS.PKCE_CODE_VERIFIER;
+  },
+  get: (entry) => sessionStorage.getItem(store.getKey(entry)),
+  set: (entry, value) => sessionStorage.setItem(store.getKey(entry), value),
+  reset: () => {
+    sessionStorage.removeItem(KEYS.PKCE_STATE);
+    sessionStorage.removeItem(KEYS.PKCE_CODE_VERIFIER);
+  }
+};
+// src/core/authorization/RedirectTransport.ts
 var RedirectTransport = class _RedirectTransport {
   #options;
   constructor(options) {
@@ -673,8 +680,8 @@ var RedirectTransport = class _RedirectTransport {
     const verifier = generateCodeVerifier();
     const challenge = await generateCodeChallenge(verifier);
     const state = this.#options.params?.["state"] ?? generateState();
-    sessionStorage.setItem(KEYS.PKCE_CODE_VERIFIER, verifier);
-    sessionStorage.setItem(KEYS.PKCE_STATE, state);
+    store.set("code_verifier", verifier);
+    store.set("state", state);
     const params = {
       response_type: "code",
       client_id: this.#options.client,
@@ -703,9 +710,9 @@ var RedirectTransport = class _RedirectTransport {
     }
     const code = params.get("code");
     if (!code) return void 0;
-    const state = sessionStorage.getItem(KEYS.PKCE_STATE);
-    const verifier = sessionStorage.getItem(KEYS.PKCE_CODE_VERIFIER);
-    resetPKCE();
+    const state = store.get("state");
+    const verifier = store.get("code_verifier");
+    store.reset();
     if (params.get("state") !== state) {
       throw new Error(
         'Invalid State. The received "state" parameter does not match the expected state.'
@@ -870,10 +877,119 @@ var MemoryStorage = class {
   }
 };
+// src/core/authorization/PopupTransport.ts
+var MESSAGE_SOURCE = "globus-sdk";
+var PopupTransport = class _PopupTransport {
+  #options;
+  #window = null;
+  constructor(options) {
+    this.#options = options;
+    if (_PopupTransport.supported === false) {
+      throw new Error("PopupTransport is not supported in this environment.");
+    }
+  }
+  /**
+   * The `PopupTransport` is supported in environments where the `window` object is available.
+   */
+  static supported = isSupported() && "window" in globalThis && typeof globalThis.window.open === "function";
+  /**
+   * For the redirect transport, sending the request will redirect the user to the authorization endpoint, initiating the OAuth flow.
+   */
+  async send() {
+    const verifier = generateCodeVerifier();
+    const challenge = await generateCodeChallenge(verifier);
+    const state = this.#options.params?.["state"] ?? generateState();
+    store.set("code_verifier", verifier);
+    store.set("state", state);
+    const params = {
+      response_type: "code",
+      client_id: this.#options.client,
+      scope: this.#options.scopes || "",
+      redirect_uri: this.#options.redirect,
+      state,
+      code_challenge: challenge,
+      code_challenge_method: "S256",
+      ...this.#options.params || {}
+    };
+    const url = new URL(getAuthorizationEndpoint());
+    url.search = new URLSearchParams(params).toString();
+    const promise = new Promise((resolve) => {
+      window.addEventListener(
+        "message",
+        async (e) => {
+          const { data } = e;
+          if (e.origin !== window.location.origin || data?.source !== MESSAGE_SOURCE) {
+            return;
+          }
+          this.#window?.close();
+          const response = await this.#getToken(data.url);
+          resolve(response);
+        },
+        false
+      );
+    });
+    this.#window = window.open(url.toString(), "_blank", "width=800,height=600");
+    if (!this.#window) {
+      throw new Error("Unable to open window for PopupTransport.");
+    }
+    this.#window.focus();
+    return promise;
+  }
+  async #getToken(href) {
+    const url = new URL(href);
+    const params = new URLSearchParams(url.search);
+    if (params.get("error")) {
+      throw new Error(
+        params.get("error_description") || "An error occurred during the authorization process."
+      );
+    }
+    const code = params.get("code");
+    if (!code) return void 0;
+    const state = store.get("state");
+    const verifier = store.get("code_verifier");
+    store.reset();
+    if (params.get("state") !== state) {
+      throw new Error(
+        'Invalid State. The received "state" parameter does not match the expected state.'
+      );
+    }
+    if (!verifier) {
+      throw new Error("Invalid Code Verifier");
+    }
+    const payload = {
+      code,
+      client_id: this.#options.client,
+      /**
+       * Retrieve the code verifier from session storage.
+       */
+      code_verifier: verifier,
+      redirect_uri: this.#options.redirect,
+      grant_type: "authorization_code"
+    };
+    const response = await (await oauth2_exports.token.exchange({
+      payload
+    })).json();
+    return response;
+  }
+  // eslint-disable-next-line class-methods-use-this
+  getToken() {
+    if (!window.opener) {
+      return;
+    }
+    window.opener.postMessage(
+      {
+        source: MESSAGE_SOURCE,
+        url: window.location.href
+      },
+      window.location.origin
+    );
+  }
+};
 // src/core/authorization/AuthorizationManager.ts
 var TRANSPORTS = {
-  redirect: RedirectTransport
-  // popup: PopupTransport,
+  redirect: RedirectTransport,
+  popup: PopupTransport
 };
 var DEFAULT_CONFIGURATION = {
   useRefreshTokens: false,
@@ -1085,7 +1201,11 @@ var AuthorizationManager = class {
     log("debug", "AuthorizationManager.login");
     this.reset();
     const transport = this.#buildTransport({ params: options?.additionalParams });
-    await transport.send();
+    const result = await transport.send();
+    if (isGlobusAuthTokenResponse(result)) {
+      this.addTokenResponse(result);
+    }
+    return result;
   }
   /**
    * Prompt the user to authenticate with Globus Auth.
@@ -1093,7 +1213,11 @@ var AuthorizationManager = class {
   async prompt(options) {
     log("debug", "AuthorizationManager.prompt");
     const transport = this.#buildTransport(options);
-    await transport.send();
+    const result = await transport.send();
+    if (isGlobusAuthTokenResponse(result)) {
+      this.addTokenResponse(result);
+    }
+    return result;
   }
   /**
    * This method will attempt to complete the PKCE protocol flow.