@hmcts/opal-frontend-common-node 0.0.12 → 0.0.14

package/interfaces/index.d.ts

@@ -1,4 +1,3 @@
-import UserState from './userState';
 import SecurityToken from './securityToken';
 import launchDarklyConfig from './launch-darkly-config';
 import appInsightsConfig from './app-insights-config';
@@ -8,5 +7,5 @@ import SessionStorageConfiguration from './session-storage-config';
 import RoutesConfiguration from './routes-config';
 import SsoConfiguration from './sso-config';
 import SessionConfiguration from './session-config';
-export { UserState, SecurityToken, launchDarklyConfig, appInsightsConfig, TransferServerState, ExpiryConfiguration, SessionStorageConfiguration, RoutesConfiguration, SsoConfiguration, SessionConfiguration, };
+export { SecurityToken, launchDarklyConfig, appInsightsConfig, TransferServerState, ExpiryConfiguration, SessionStorageConfiguration, RoutesConfiguration, SsoConfiguration, SessionConfiguration, };
 //# sourceMappingURL=index.d.ts.map

package/interfaces/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,aAAa,CAAC;AACpC,OAAO,aAAa,MAAM,iBAAiB,CAAC;AAC5C,OAAO,kBAAkB,MAAM,wBAAwB,CAAC;AACxD,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,2BAA2B,MAAM,0BAA0B,CAAC;AACnE,OAAO,mBAAmB,MAAM,iBAAiB,CAAC;AAClD,OAAO,gBAAgB,MAAM,cAAc,CAAC;AAC5C,OAAO,oBAAoB,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,SAAS,EACT,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,GACrB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,MAAM,iBAAiB,CAAC;AAC5C,OAAO,kBAAkB,MAAM,wBAAwB,CAAC;AACxD,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,2BAA2B,MAAM,0BAA0B,CAAC;AACnE,OAAO,mBAAmB,MAAM,iBAAiB,CAAC;AAClD,OAAO,gBAAgB,MAAM,cAAc,CAAC;AAC5C,OAAO,oBAAoB,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,GACrB,CAAC"}

package/interfaces/index.js

@@ -1,4 +1,3 @@
-import UserState from './userState';
 import SecurityToken from './securityToken';
 import launchDarklyConfig from './launch-darkly-config';
 import appInsightsConfig from './app-insights-config';
@@ -8,5 +7,5 @@ import SessionStorageConfiguration from './session-storage-config';
 import RoutesConfiguration from './routes-config';
 import SsoConfiguration from './sso-config';
 import SessionConfiguration from './session-config';
-export { UserState, SecurityToken, launchDarklyConfig, appInsightsConfig, TransferServerState, ExpiryConfiguration, SessionStorageConfiguration, RoutesConfiguration, SsoConfiguration, SessionConfiguration, };
+export { SecurityToken, launchDarklyConfig, appInsightsConfig, TransferServerState, ExpiryConfiguration, SessionStorageConfiguration, RoutesConfiguration, SsoConfiguration, SessionConfiguration, };
 //# sourceMappingURL=index.js.map

package/interfaces/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,aAAa,CAAC;AACpC,OAAO,aAAa,MAAM,iBAAiB,CAAC;AAC5C,OAAO,kBAAkB,MAAM,wBAAwB,CAAC;AACxD,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,2BAA2B,MAAM,0BAA0B,CAAC;AACnE,OAAO,mBAAmB,MAAM,iBAAiB,CAAC;AAClD,OAAO,gBAAgB,MAAM,cAAc,CAAC;AAC5C,OAAO,oBAAoB,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,SAAS,EACT,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,GACrB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,MAAM,iBAAiB,CAAC;AAC5C,OAAO,kBAAkB,MAAM,wBAAwB,CAAC;AACxD,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,2BAA2B,MAAM,0BAA0B,CAAC;AACnE,OAAO,mBAAmB,MAAM,iBAAiB,CAAC;AAClD,OAAO,gBAAgB,MAAM,cAAc,CAAC;AAC5C,OAAO,oBAAoB,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,2BAA2B,EAC3B,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,GACrB,CAAC"}

package/interfaces/routes-config.d.ts

@@ -1,8 +1,13 @@
 declare class RoutesConfiguration {
     opalApiTarget: string;
     opalFinesServiceTarget: string;
+    opalUserServiceTarget: string;
     frontendHostname: string;
     prefix: string;
+    clientId: string;
+    clientSecret: string;
+    tenantId: string;
+    microsoftUrl: string;
 }
 export default RoutesConfiguration;
 //# sourceMappingURL=routes-config.d.ts.map

package/interfaces/routes-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes-config.d.ts","sourceRoot":"","sources":["../../src/interfaces/routes-config.ts"],"names":[],"mappings":"AAAA,cAAM,mBAAmB;IACvB,aAAa,EAAG,MAAM,CAAC;IACvB,sBAAsB,EAAG,MAAM,CAAC;IAChC,gBAAgB,EAAG,MAAM,CAAC;IAC1B,MAAM,EAAG,MAAM,CAAC;CACjB;AAED,eAAe,mBAAmB,CAAC"}
+{"version":3,"file":"routes-config.d.ts","sourceRoot":"","sources":["../../src/interfaces/routes-config.ts"],"names":[],"mappings":"AAAA,cAAM,mBAAmB;IACvB,aAAa,EAAG,MAAM,CAAC;IACvB,sBAAsB,EAAG,MAAM,CAAC;IAChC,qBAAqB,EAAG,MAAM,CAAC;IAC/B,gBAAgB,EAAG,MAAM,CAAC;IAC1B,MAAM,EAAG,MAAM,CAAC;IAChB,QAAQ,EAAG,MAAM,CAAC;IAClB,YAAY,EAAG,MAAM,CAAC;IACtB,QAAQ,EAAG,MAAM,CAAC;IAClB,YAAY,EAAG,MAAM,CAAC;CACvB;AAED,eAAe,mBAAmB,CAAC"}

package/interfaces/routes-config.js

@@ -1,8 +1,13 @@
 class RoutesConfiguration {
     opalApiTarget;
     opalFinesServiceTarget;
+    opalUserServiceTarget;
     frontendHostname;
     prefix;
+    clientId;
+    clientSecret;
+    tenantId;
+    microsoftUrl;
 }
 export default RoutesConfiguration;
 //# sourceMappingURL=routes-config.js.map

package/interfaces/routes-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"routes-config.js","sourceRoot":"","sources":["../../src/interfaces/routes-config.ts"],"names":[],"mappings":"AAAA,MAAM,mBAAmB;IACvB,aAAa,CAAU;IACvB,sBAAsB,CAAU;IAChC,gBAAgB,CAAU;IAC1B,MAAM,CAAU;CACjB;AAED,eAAe,mBAAmB,CAAC"}
+{"version":3,"file":"routes-config.js","sourceRoot":"","sources":["../../src/interfaces/routes-config.ts"],"names":[],"mappings":"AAAA,MAAM,mBAAmB;IACvB,aAAa,CAAU;IACvB,sBAAsB,CAAU;IAChC,qBAAqB,CAAU;IAC/B,gBAAgB,CAAU;IAC1B,MAAM,CAAU;IAChB,QAAQ,CAAU;IAClB,YAAY,CAAU;IACtB,QAAQ,CAAU;IAClB,YAAY,CAAU;CACvB;AAED,eAAe,mBAAmB,CAAC"}

package/interfaces/securityToken.d.ts

@@ -1,6 +1,5 @@
-import UserState from './userState';
 declare class SecurityToken {
-    user_state: UserState | undefined;
+    user_state: undefined;
     access_token: string;
 }
 export default SecurityToken;

package/interfaces/securityToken.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"securityToken.d.ts","sourceRoot":"","sources":["../../src/interfaces/securityToken.ts"],"names":[],"mappings":"AAAA,OAAO,SAAS,MAAM,aAAa,CAAC;AAEpC,cAAM,aAAa;IACjB,UAAU,EAAE,SAAS,GAAG,SAAS,CAAC;IAClC,YAAY,EAAG,MAAM,CAAC;CACvB;AAED,eAAe,aAAa,CAAC"}
+{"version":3,"file":"securityToken.d.ts","sourceRoot":"","sources":["../../src/interfaces/securityToken.ts"],"names":[],"mappings":"AAAA,cAAM,aAAa;IACjB,UAAU,EAAE,SAAS,CAAC;IACtB,YAAY,EAAG,MAAM,CAAC;CACvB;AAED,eAAe,aAAa,CAAC"}

package/interfaces/securityToken.js.map

@@ -1 +1 @@
-{"version":3,"file":"securityToken.js","sourceRoot":"","sources":["../../src/interfaces/securityToken.ts"],"names":[],"mappings":"AAEA,MAAM,aAAa;IACjB,UAAU,CAAwB;IAClC,YAAY,CAAU;CACvB;AAED,eAAe,aAAa,CAAC"}
+{"version":3,"file":"securityToken.js","sourceRoot":"","sources":["../../src/interfaces/securityToken.ts"],"names":[],"mappings":"AAAA,MAAM,aAAa;IACjB,UAAU,CAAY;IACtB,YAAY,CAAU;CACvB;AAED,eAAe,aAAa,CAAC"}

package/interfaces/session-config.d.ts

@@ -1,5 +1,4 @@
 declare class SessionConfiguration {
-    userStateUrl: string;
     sessionExpiryUrl: string;
 }
 export default SessionConfiguration;

package/interfaces/session-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session-config.d.ts","sourceRoot":"","sources":["../../src/interfaces/session-config.ts"],"names":[],"mappings":"AAAA,cAAM,oBAAoB;IACxB,YAAY,EAAG,MAAM,CAAC;IACtB,gBAAgB,EAAG,MAAM,CAAC;CAC3B;AACD,eAAe,oBAAoB,CAAC"}
+{"version":3,"file":"session-config.d.ts","sourceRoot":"","sources":["../../src/interfaces/session-config.ts"],"names":[],"mappings":"AAAA,cAAM,oBAAoB;IACxB,gBAAgB,EAAG,MAAM,CAAC;CAC3B;AACD,eAAe,oBAAoB,CAAC"}

package/interfaces/session-config.js

@@ -1,5 +1,4 @@
 class SessionConfiguration {
-    userStateUrl;
     sessionExpiryUrl;
 }
 export default SessionConfiguration;

package/interfaces/session-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"session-config.js","sourceRoot":"","sources":["../../src/interfaces/session-config.ts"],"names":[],"mappings":"AAAA,MAAM,oBAAoB;IACxB,YAAY,CAAU;IACtB,gBAAgB,CAAU;CAC3B;AACD,eAAe,oBAAoB,CAAC"}
+{"version":3,"file":"session-config.js","sourceRoot":"","sources":["../../src/interfaces/session-config.ts"],"names":[],"mappings":"AAAA,MAAM,oBAAoB;IACxB,gBAAgB,CAAU;CAC3B;AACD,eAAe,oBAAoB,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hmcts/opal-frontend-common-node",
   "type": "module",
-  "version": "0.0.12",
+  "version": "0.0.14",
   "license": "MIT",
   "description": "Common nodejs library components for opal",
   "main": "dist/index",
@@ -16,6 +16,7 @@
     "audit:check": "yarn audit --recursive --environment production --json > yarn-known-issues-current || true && jq -s '[.[] | select(.type==\"auditAdvisory\") | .data.advisory.id] | sort' yarn-known-issues-current > current-ids.json && jq -s '[.[] | select(.type==\"auditAdvisory\") | .data.advisory.id] | sort' yarn-known-issues > known-ids.json && diff -q known-ids.json current-ids.json || (echo '❌ New vulnerabilities detected. Please review.' && exit 1)"
   },
   "dependencies": {
+    "@azure/msal-browser": "^4.11.0",
     "@hmcts/info-provider": "^1.1.0",
     "@hmcts/nodejs-healthcheck": "^1.8.5",
     "@hmcts/nodejs-logging": "^4.0.4",
@@ -44,8 +45,8 @@
     "@types/luxon": "^3.4.2",
     "@types/node": "^22.0.0",
     "@types/session-file-store": "^1.2.5",
-    "@typescript-eslint/eslint-plugin": "8.39.0",
-    "@typescript-eslint/parser": "8.39.0",
+    "@typescript-eslint/eslint-plugin": "8.44.1",
+    "@typescript-eslint/parser": "8.44.1",
     "eslint": "^9.0.0",
     "eslint-plugin-prettier": "^5.2.6",
     "typescript": "~5.9.0",

package/routes/index.d.ts

@@ -5,6 +5,7 @@ import SsoConfiguration from '@hmcts/opal-frontend-common-node/interfaces/sso-co
 import SessionConfiguration from '@hmcts/opal-frontend-common-node/interfaces/session-config';
 export declare class Routes {
     private setupSSORoutes;
+    private setupStubRoutes;
     enableFor(app: Application, ssoEnabled: boolean, expiryConfiguration: ExpiryConfiguration, routesConfiguration: RoutesConfiguration, sessionConfiguration: SessionConfiguration, ssoConfiguration: SsoConfiguration): void;
 }
 //# sourceMappingURL=index.d.ts.map

package/routes/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAatC,OAAO,mBAAmB,MAAM,mEAAmE,CAAC;AACpG,OAAO,mBAAmB,MAAM,2DAA2D,CAAC;AAC5F,OAAO,gBAAgB,MAAM,wDAAwD,CAAC;AACtF,OAAO,oBAAoB,MAAM,4DAA4D,CAAC;AAE9F,qBAAa,MAAM;IACjB,OAAO,CAAC,cAAc;IAuCf,SAAS,CACd,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,OAAO,EACnB,mBAAmB,EAAE,mBAAmB,EACxC,mBAAmB,EAAE,mBAAmB,EACxC,oBAAoB,EAAE,oBAAoB,EAC1C,gBAAgB,EAAE,gBAAgB,GACjC,IAAI;CAyBR"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAQtC,OAAO,mBAAmB,MAAM,mEAAmE,CAAC;AACpG,OAAO,mBAAmB,MAAM,2DAA2D,CAAC;AAC5F,OAAO,gBAAgB,MAAM,wDAAwD,CAAC;AACtF,OAAO,oBAAoB,MAAM,4DAA4D,CAAC;AAG9F,qBAAa,MAAM;IACjB,OAAO,CAAC,cAAc;IAoDtB,OAAO,CAAC,eAAe;IA2BhB,SAAS,CACd,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,OAAO,EACnB,mBAAmB,EAAE,mBAAmB,EACxC,mBAAmB,EAAE,mBAAmB,EACxC,oBAAoB,EAAE,oBAAoB,EAC1C,gBAAgB,EAAE,gBAAgB,GACjC,IAAI;CAqBR"}

package/routes/index.js

@@ -1,35 +1,50 @@
 import bodyParser from 'body-parser';
-import { ssoAuthenticated, ssoLoginCallback, ssoLogin, ssoLogout, ssoLogoutCallback } from '../sso';
-import { ssoLoginStub, ssoLoginCallbackStub, ssoAuthenticatedStub, ssoLogoutStub, ssoLogoutCallbackStub, } from '../stubs/sso';
+import { ssoAuthenticated, ssoLogin, ssoLoginCallback } from '../sso';
+import createMsalInstance from '../sso/sso-configuration';
+import ssoLogout from '../sso/sso-logout';
+import { ssoAuthenticatedStub, ssoLogoutCallbackStub, ssoLoginStub, ssoLoginCallbackStub } from '../stubs/sso';
 import sessionExpiry from '@hmcts/opal-frontend-common-node/session/session-expiry';
-import sessionUserState from '@hmcts/opal-frontend-common-node/session/session-user-state';
+import ssoLogoutCallback from '../sso/sso-logout-callback';
 export class Routes {
-    setupSSORoutes(app, ssoEnabled, opalApiUrl, frontendHostname, prefix, ssoConfiguration) {
-        const login = ssoEnabled ? ssoLogin : ssoLoginStub;
-        const loginCallback = ssoEnabled ? ssoLoginCallback : ssoLoginCallbackStub;
-        const logout = ssoEnabled ? ssoLogout : ssoLogoutStub;
-        const logoutCallback = ssoEnabled ? ssoLogoutCallback : ssoLogoutCallbackStub;
-        const authenticated = ssoEnabled ? ssoAuthenticated : ssoAuthenticatedStub;
-        const loginCallbackType = ssoEnabled ? 'post' : 'get';
-        app.get(ssoConfiguration.login, (req, res, next) => login(req, res, next, opalApiUrl, frontendHostname));
-        const routePath = ssoConfiguration.loginCallback;
-        const callbackHandler = (req, res, next) => loginCallback(req, res, next, opalApiUrl);
-        if (loginCallbackType === 'post') {
-            app.post(routePath, callbackHandler);
+    setupSSORoutes(app, ssoConfiguration, routesConfiguration) {
+        if (!routesConfiguration.clientId || !routesConfiguration.clientSecret || !routesConfiguration.tenantId) {
+            throw new Error('Missing essential SSO configuration fields: clientId, clientSecret, or tenantId');
         }
-        else {
-            app.get(routePath, callbackHandler);
-        }
-        app.get(ssoConfiguration.logout, (req, res, next) => logout(req, res, next, opalApiUrl, frontendHostname));
-        app.get(ssoConfiguration.logoutCallback, (req, res, next) => logoutCallback(req, res, next, prefix));
-        app.get(ssoConfiguration.authenticated, (req, res) => authenticated(req, res));
+        // SSO CONFIGURATION
+        const confidentialClient = createMsalInstance(routesConfiguration.clientId, routesConfiguration.clientSecret, routesConfiguration.tenantId, routesConfiguration.microsoftUrl);
+        // LOGIN
+        app.get(ssoConfiguration.login, (req, res, next) => ssoLogin(res, next, confidentialClient, routesConfiguration.frontendHostname, ssoConfiguration.loginCallback));
+        // LOGIN CALLBACK
+        app.post(ssoConfiguration.loginCallback, (req, res) => ssoLoginCallback(req, res, confidentialClient, routesConfiguration.clientId, routesConfiguration.frontendHostname, ssoConfiguration.loginCallback));
+        // LOGOUT
+        app.get(ssoConfiguration.logout, (req, res) => ssoLogout(res, `${routesConfiguration.microsoftUrl}${routesConfiguration.tenantId}`, `${routesConfiguration.frontendHostname}${ssoConfiguration.logoutCallback}`));
+        // LOGOUT CALLBACK
+        app.get(ssoConfiguration.logoutCallback, (req, res, next) => ssoLogoutCallback(req, res, next, routesConfiguration.prefix));
+        // AUTHENTICATED
+        app.get(ssoConfiguration.authenticated, (req, res) => ssoAuthenticated(req, res));
+    }
+    setupStubRoutes(app, ssoConfiguration, routesConfiguration) {
+        // LOGIN
+        app.get(ssoConfiguration.login, (req, res, next) => ssoLoginStub(req, res, next));
+        // LOGIN CALLBACK
+        app.get(ssoConfiguration.loginCallback, (req, res, next) => ssoLoginCallbackStub(req, res, next, routesConfiguration.opalApiTarget));
+        // LOGOUT
+        app.get(ssoConfiguration.logout, (req, res, next) => ssoLogoutCallbackStub(req, res, next, routesConfiguration.prefix));
+        // LOGOUT CALLBACK
+        app.get(ssoConfiguration.logoutCallback, (req, res, next) => ssoLogoutCallbackStub(req, res, next, routesConfiguration.prefix));
+        // AUTHENTICATED
+        app.get(ssoConfiguration.authenticated, (req, res) => ssoAuthenticatedStub(req, res));
     }
     enableFor(app, ssoEnabled, expiryConfiguration, routesConfiguration, sessionConfiguration, ssoConfiguration) {
         // Declare use of body-parser AFTER the use of proxy https://github.com/villadora/express-http-proxy
         app.use(bodyParser.json());
         app.use(bodyParser.urlencoded({ extended: false }));
-        this.setupSSORoutes(app, ssoEnabled, routesConfiguration.opalApiTarget, routesConfiguration.frontendHostname, routesConfiguration.prefix, ssoConfiguration);
-        app.get(sessionConfiguration.userStateUrl, (req, res) => sessionUserState(req, res));
+        if (ssoEnabled) {
+            this.setupSSORoutes(app, ssoConfiguration, routesConfiguration);
+        }
+        else {
+            this.setupStubRoutes(app, ssoConfiguration, routesConfiguration);
+        }
         app.get(sessionConfiguration.sessionExpiryUrl, (req, res) => sessionExpiry(req, res, expiryConfiguration.testMode, expiryConfiguration.expiryTimeInMilliseconds, expiryConfiguration.warningThresholdInMilliseconds));
     }
 }

package/routes/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AACpG,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACb,qBAAqB,GACtB,MAAM,cAAc,CAAC;AACtB,OAAO,aAAa,MAAM,yDAAyD,CAAC;AACpF,OAAO,gBAAgB,MAAM,6DAA6D,CAAC;AAM3F,MAAM,OAAO,MAAM;IACT,cAAc,CACpB,GAAgB,EAChB,UAAmB,EACnB,UAAkB,EAClB,gBAAwB,EACxB,MAAc,EACd,gBAAkC;QAElC,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC;QACnD,MAAM,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAC3E,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC;QACtD,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,qBAAqB,CAAC;QAC9E,MAAM,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAE3E,MAAM,iBAAiB,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QAEtD,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAClF,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,gBAAgB,CAAC,CACpD,CAAC;QAEF,MAAM,SAAS,GAAG,gBAAgB,CAAC,aAAa,CAAC;QACjD,MAAM,eAAe,GAAG,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAC1E,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;QAE5C,IAAI,iBAAiB,KAAK,MAAM,EAAE,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;QACtC,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CACnF,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,gBAAgB,CAAC,CACrD,CAAC;QACF,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,cAAc,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAC3F,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CACvC,CAAC;QACF,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IACpG,CAAC;IAEM,SAAS,CACd,GAAgB,EAChB,UAAmB,EACnB,mBAAwC,EACxC,mBAAwC,EACxC,oBAA0C,EAC1C,gBAAkC;QAElC,oGAAoG;QACpG,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAEpD,IAAI,CAAC,cAAc,CACjB,GAAG,EACH,UAAU,EACV,mBAAmB,CAAC,aAAa,EACjC,mBAAmB,CAAC,gBAAgB,EACpC,mBAAmB,CAAC,MAAM,EAC1B,gBAAgB,CACjB,CAAC;QAEF,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,YAAY,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACxG,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,gBAAgB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAC7E,aAAa,CACX,GAAG,EACH,GAAG,EACH,mBAAmB,CAAC,QAAQ,EAC5B,mBAAmB,CAAC,wBAAwB,EAC5C,mBAAmB,CAAC,8BAA8B,CACnD,CACF,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,aAAa,CAAC;AAErC,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AACtE,OAAO,kBAAkB,MAAM,0BAA0B,CAAC;AAC1D,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAC/G,OAAO,aAAa,MAAM,yDAAyD,CAAC;AAKpF,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAE3D,MAAM,OAAO,MAAM;IACT,cAAc,CACpB,GAAgB,EAChB,gBAAkC,EAClC,mBAAwC;QAExC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,IAAI,CAAC,mBAAmB,CAAC,YAAY,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YACxG,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;QACrG,CAAC;QAED,oBAAoB;QACpB,MAAM,kBAAkB,GAAG,kBAAkB,CAC3C,mBAAmB,CAAC,QAAQ,EAC5B,mBAAmB,CAAC,YAAY,EAChC,mBAAmB,CAAC,QAAQ,EAC5B,mBAAmB,CAAC,YAAY,CACjC,CAAC;QAEF,QAAQ;QACR,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAClF,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE,mBAAmB,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,aAAa,CAAC,CAC9G,CAAC;QAEF,iBAAiB;QACjB,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CACvE,gBAAgB,CACd,GAAG,EACH,GAAG,EACH,kBAAkB,EAClB,mBAAmB,CAAC,QAAQ,EAC5B,mBAAmB,CAAC,gBAAgB,EACpC,gBAAgB,CAAC,aAAa,CAC/B,CACF,CAAC;QAEF,SAAS;QACT,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAC/D,SAAS,CACP,GAAG,EACH,GAAG,mBAAmB,CAAC,YAAY,GAAG,mBAAmB,CAAC,QAAQ,EAAE,EACpE,GAAG,mBAAmB,CAAC,gBAAgB,GAAG,gBAAgB,CAAC,cAAc,EAAE,CAC5E,CACF,CAAC;QAEF,kBAAkB;QAClB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,cAAc,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAC3F,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAC9D,CAAC;QAEF,gBAAgB;QAChB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IACvG,CAAC;IAEO,eAAe,CACrB,GAAgB,EAChB,gBAAkC,EAClC,mBAAwC;QAExC,QAAQ;QACR,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAEnH,iBAAiB;QACjB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAC1F,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,CAAC,aAAa,CAAC,CACxE,CAAC;QAEF,SAAS;QACT,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CACnF,qBAAqB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAClE,CAAC;QAEF,kBAAkB;QAClB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,cAAc,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE,CAC3F,qBAAqB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAClE,CAAC;QAEF,gBAAgB;QAChB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3G,CAAC;IAEM,SAAS,CACd,GAAgB,EAChB,UAAmB,EACnB,mBAAwC,EACxC,mBAAwC,EACxC,oBAA0C,EAC1C,gBAAkC;QAElC,oGAAoG;QACpG,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAEpD,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,gBAAgB,EAAE,mBAAmB,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,gBAAgB,EAAE,mBAAmB,CAAC,CAAC;QACnE,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,gBAAgB,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE,CAC7E,aAAa,CACX,GAAG,EACH,GAAG,EACH,mBAAmB,CAAC,QAAQ,EAC5B,mBAAmB,CAAC,wBAAwB,EAC5C,mBAAmB,CAAC,8BAA8B,CACnD,CACF,CAAC;IACJ,CAAC;CACF"}

package/session/index.d.ts

@@ -1,5 +1,4 @@
 import SessionStorage from './session-storage';
 import sessionExpiry from './session-expiry';
-import sessionUserState from './session-user-state';
-export { SessionStorage, sessionUserState, sessionExpiry };
+export { SessionStorage, sessionExpiry };
 //# sourceMappingURL=index.d.ts.map

package/session/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,cAAc,MAAM,mBAAmB,CAAC;AAC/C,OAAO,aAAa,MAAM,kBAAkB,CAAC;AAC7C,OAAO,gBAAgB,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,cAAc,MAAM,mBAAmB,CAAC;AAC/C,OAAO,aAAa,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC"}

package/session/index.js

@@ -1,5 +1,4 @@
 import SessionStorage from './session-storage';
 import sessionExpiry from './session-expiry';
-import sessionUserState from './session-user-state';
-export { SessionStorage, sessionUserState, sessionExpiry };
+export { SessionStorage, sessionExpiry };
 //# sourceMappingURL=index.js.map

package/session/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,cAAc,MAAM,mBAAmB,CAAC;AAC/C,OAAO,aAAa,MAAM,kBAAkB,CAAC;AAC7C,OAAO,gBAAgB,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,cAAc,MAAM,mBAAmB,CAAC;AAC/C,OAAO,aAAa,MAAM,kBAAkB,CAAC;AAE7C,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC"}

package/session.d.ts

@@ -1,8 +1,8 @@
-import { SecurityToken, UserState } from './interfaces/index';
+import { SecurityToken } from './interfaces/index';
 
 declare module 'express-session' {
   interface SessionData {
-    user_state: UserState | undefined;
+    user_state: undefined;
     securityToken: SecurityToken | undefined;
   }
 }

package/sso/index.d.ts

@@ -1,7 +1,7 @@
 import ssoLogin from './sso-login';
 import ssoLogout from './sso-logout';
 import ssoLoginCallback from './sso-login-callback';
-import ssoLogoutCallback from './sso-logout-callback';
 import ssoAuthenticated from './sso-authenticated';
-export { ssoLogin, ssoLoginCallback, ssoLogout, ssoAuthenticated, ssoLogoutCallback };
+import ssoConfig from './sso-configuration';
+export { ssoLogin, ssoLoginCallback, ssoLogout, ssoAuthenticated, ssoConfig };
 //# sourceMappingURL=index.d.ts.map

package/sso/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sso/index.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,aAAa,CAAC;AACnC,OAAO,SAAS,MAAM,cAAc,CAAC;AACrC,OAAO,gBAAgB,MAAM,sBAAsB,CAAC;AACpD,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,gBAAgB,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sso/index.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,aAAa,CAAC;AACnC,OAAO,SAAS,MAAM,cAAc,CAAC;AACrC,OAAO,gBAAgB,MAAM,sBAAsB,CAAC;AACpD,OAAO,gBAAgB,MAAM,qBAAqB,CAAC;AACnD,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAE5C,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,SAAS,EAAE,CAAC"}

package/sso/index.js

@@ -1,7 +1,7 @@
 import ssoLogin from './sso-login';
 import ssoLogout from './sso-logout';
 import ssoLoginCallback from './sso-login-callback';
-import ssoLogoutCallback from './sso-logout-callback';
 import ssoAuthenticated from './sso-authenticated';
-export { ssoLogin, ssoLoginCallback, ssoLogout, ssoAuthenticated, ssoLogoutCallback };
+import ssoConfig from './sso-configuration';
+export { ssoLogin, ssoLoginCallback, ssoLogout, ssoAuthenticated, ssoConfig };
 //# sourceMappingURL=index.js.map

package/sso/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sso/index.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,aAAa,CAAC;AACnC,OAAO,SAAS,MAAM,cAAc,CAAC;AACrC,OAAO,gBAAgB,MAAM,sBAAsB,CAAC;AACpD,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,gBAAgB,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sso/index.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,aAAa,CAAC;AACnC,OAAO,SAAS,MAAM,cAAc,CAAC;AACrC,OAAO,gBAAgB,MAAM,sBAAsB,CAAC;AACpD,OAAO,gBAAgB,MAAM,qBAAqB,CAAC;AACnD,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAE5C,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,gBAAgB,EAAE,SAAS,EAAE,CAAC"}

package/sso/sso-authenticated.d.ts

@@ -1,4 +1,28 @@
 import { Request, Response } from 'express';
+/**
+ * Express handler that verifies whether the current session has a valid (non-expired) access token.
+ *
+ * Behavior:
+ * - Reads the access token from `req.session.securityToken?.access_token`.
+ * - Prevents caching of the endpoint by setting the `Cache-Control: no-store, must-revalidate` header.
+ * - If the token is missing or expired (determined by `Jwt.isJwtExpired`), responds with HTTP 401 and sends `false`.
+ * - If the token is present and not expired, responds with HTTP 200 and sends `true`.
+ *
+ * @param req - Express Request; expected to contain `session.securityToken?.access_token` (string).
+ * @param res - Express Response used to set headers, status code, and send a boolean result.
+ * @returns void
+ *
+ * @remarks
+ * This endpoint is a lightweight authentication status check and has the side-effect of modifying response headers
+ * and sending an HTTP status and boolean payload. It relies on `Jwt.isJwtExpired` for token expiry checks.
+ *
+ * @example
+ * // GET /sso/authenticated
+ * // -> 200 true   (valid token)
+ * // -> 401 false  (missing or expired token)
+ *
+ * @see Jwt.isJwtExpired
+ */
 declare const _default: (req: Request, res: Response) => void;
 export default _default;
 //# sourceMappingURL=sso-authenticated.d.ts.map

package/sso/sso-authenticated.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.d.ts","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAG5B,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}
+{"version":3,"file":"sso-authenticated.d.ts","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG5C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;yBACa,KAAK,OAAO,EAAE,KAAK,QAAQ;AAA3C,wBAWE"}

package/sso/sso-authenticated.js

@@ -1,10 +1,33 @@
 import { Jwt } from '../utils';
+/**
+ * Express handler that verifies whether the current session has a valid (non-expired) access token.
+ *
+ * Behavior:
+ * - Reads the access token from `req.session.securityToken?.access_token`.
+ * - Prevents caching of the endpoint by setting the `Cache-Control: no-store, must-revalidate` header.
+ * - If the token is missing or expired (determined by `Jwt.isJwtExpired`), responds with HTTP 401 and sends `false`.
+ * - If the token is present and not expired, responds with HTTP 200 and sends `true`.
+ *
+ * @param req - Express Request; expected to contain `session.securityToken?.access_token` (string).
+ * @param res - Express Response used to set headers, status code, and send a boolean result.
+ * @returns void
+ *
+ * @remarks
+ * This endpoint is a lightweight authentication status check and has the side-effect of modifying response headers
+ * and sending an HTTP status and boolean payload. It relies on `Jwt.isJwtExpired` for token expiry checks.
+ *
+ * @example
+ * // GET /sso/authenticated
+ * // -> 200 true   (valid token)
+ * // -> 401 false  (missing or expired token)
+ *
+ * @see Jwt.isJwtExpired
+ */
 export default (req, res) => {
-    const isJwtExpired = Jwt.isJwtExpired(req.session.securityToken?.access_token);
-    const userId = req.session.securityToken?.user_state?.user_id;
+    const accessToken = req.session.securityToken?.access_token;
     // Don't allow caching of this endpoint
     res.header('Cache-Control', 'no-store, must-revalidate');
-    if (isJwtExpired || !userId) {
+    if (!accessToken || Jwt.isJwtExpired(accessToken)) {
         res.status(401).send(false);
     }
     else {

package/sso/sso-authenticated.js.map

@@ -1 +1 @@
-{"version":3,"file":"sso-authenticated.js","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC/E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC;IAC9D,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,IAAI,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"sso-authenticated.js","sourceRoot":"","sources":["../../src/sso/sso-authenticated.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAe,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IAC7C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;IAE5D,uCAAuC;IACvC,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,2BAA2B,CAAC,CAAC;IAEzD,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC"}

package/sso/sso-configuration.d.ts

@@ -0,0 +1,12 @@
+import { ConfidentialClientApplication } from '@azure/msal-node';
+/**
+ * Creates and configures a new instance of `ConfidentialClientApplication` for Microsoft SSO authentication.
+ *
+ * @param clientId - The client (application) ID registered in Azure AD.
+ * @param clientSecret - The client secret associated with the application.
+ * @param tenantId - The Azure AD tenant ID.
+ * @param microsoftUrl - The base Microsoft authority URL (e.g., "https://login.microsoftonline.com/").
+ * @returns A configured `ConfidentialClientApplication` instance for use with MSAL.
+ */
+export default function ssoConfig(clientId: string, clientSecret: string, tenantId: string, microsoftUrl: string): ConfidentialClientApplication;
+//# sourceMappingURL=sso-configuration.d.ts.map

package/sso/sso-configuration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-configuration.d.ts","sourceRoot":"","sources":["../../src/sso/sso-configuration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAA2B,MAAM,kBAAkB,CAAC;AAG1F;;;;;;;;GAQG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAC/B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,6BAA6B,CAiC/B"}

package/sso/sso-configuration.js

@@ -0,0 +1,44 @@
+import { ConfidentialClientApplication, LogLevel } from '@azure/msal-node';
+import { Logger } from '@hmcts/nodejs-logging';
+/**
+ * Creates and configures a new instance of `ConfidentialClientApplication` for Microsoft SSO authentication.
+ *
+ * @param clientId - The client (application) ID registered in Azure AD.
+ * @param clientSecret - The client secret associated with the application.
+ * @param tenantId - The Azure AD tenant ID.
+ * @param microsoftUrl - The base Microsoft authority URL (e.g., "https://login.microsoftonline.com/").
+ * @returns A configured `ConfidentialClientApplication` instance for use with MSAL.
+ */
+export default function ssoConfig(clientId, clientSecret, tenantId, microsoftUrl) {
+    const logger = Logger.getLogger('sso-msal-configuration');
+    const msalConfig = {
+        auth: {
+            clientId,
+            authority: microsoftUrl + tenantId,
+            clientSecret,
+        },
+        system: {
+            loggerOptions: {
+                loggerCallback(logLevel, message, containsPii) {
+                    if (containsPii) {
+                        return;
+                    }
+                    switch (logLevel) {
+                        case LogLevel.Error:
+                            logger.error('Error on SSO Configuration:', message);
+                            break;
+                        case LogLevel.Warning:
+                        case LogLevel.Info:
+                        case LogLevel.Verbose:
+                        default:
+                            break;
+                    }
+                },
+                piiLoggingEnabled: false,
+                logLevel: LogLevel.Verbose,
+            },
+        },
+    };
+    return new ConfidentialClientApplication(msalConfig);
+}
+//# sourceMappingURL=sso-configuration.js.map

package/sso/sso-configuration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso-configuration.js","sourceRoot":"","sources":["../../src/sso/sso-configuration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAiB,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC1F,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C;;;;;;;;GAQG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAC/B,QAAgB,EAChB,YAAoB,EACpB,QAAgB,EAChB,YAAoB;IAEpB,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAkB;QAChC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS,EAAE,YAAY,GAAG,QAAQ;YAClC,YAAY;SACb;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,WAAW;oBAC3C,IAAI,WAAW,EAAE,CAAC;wBAChB,OAAO;oBACT,CAAC;oBAED,QAAQ,QAAQ,EAAE,CAAC;wBACjB,KAAK,QAAQ,CAAC,KAAK;4BACjB,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,OAAO,CAAC,CAAC;4BACrD,MAAM;wBACR,KAAK,QAAQ,CAAC,OAAO,CAAC;wBACtB,KAAK,QAAQ,CAAC,IAAI,CAAC;wBACnB,KAAK,QAAQ,CAAC,OAAO,CAAC;wBACtB;4BACE,MAAM;oBACV,CAAC;gBACH,CAAC;gBACD,iBAAiB,EAAE,KAAK;gBACxB,QAAQ,EAAE,QAAQ,CAAC,OAAO;aAC3B;SACF;KACF,CAAC;IAEF,OAAO,IAAI,6BAA6B,CAAC,UAAU,CAAC,CAAC;AACvD,CAAC"}

package/sso/sso-login-callback.d.ts

@@ -1,4 +1,22 @@
-import { NextFunction, Request, Response } from 'express';
-declare const _default: (req: Request, res: Response, next: NextFunction, opalApiUrl: string) => Promise<void>;
-export default _default;
+import { Request, Response } from 'express';
+import { ConfidentialClientApplication } from '@azure/msal-node';
+import 'express-session';
+/**
+ * Handles the SSO login callback by exchanging the authorization code for tokens using MSAL,
+ * storing the access token in the session, and redirecting the user to the frontend.
+ *
+ * @param req - The Express request object, expected to contain the authorization code in the body.
+ * @param res - The Express response object, used to send responses or perform redirects.
+ * @param msalInstance - An instance of MSAL ConfidentialClientApplication used to acquire tokens.
+ * @param clientId - The client ID of the application, used to build the token request scope.
+ * @param frontendHostname - The base URL of the frontend application, used for redirect URIs.
+ * @param ssoLoginCallback - The path of the SSO login callback, appended to the frontend hostname for redirect URI.
+ * @returns A promise that resolves when the callback handling is complete.
+ *
+ * @remarks
+ * - If the authorization code is missing, responds with HTTP 400.
+ * - On successful token acquisition, stores the access token in the session and redirects to the frontend.
+ * - On error, logs the error and responds with HTTP 500.
+ */
+export default function ssoLoginCallbackHandler(req: Request, res: Response, msalInstance: ConfidentialClientApplication, clientId: string, frontendHostname: string, ssoLoginCallback: string): Promise<void>;
 //# sourceMappingURL=sso-login-callback.d.ts.map

package/sso/sso-login-callback.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-login-callback.d.ts","sourceRoot":"","sources":["../../src/sso/sso-login-callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;yBAIpC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,EAAE,YAAY,MAAM;AAAzF,wBAyBE"}
+{"version":3,"file":"sso-login-callback.d.ts","sourceRoot":"","sources":["../../src/sso/sso-login-callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,6BAA6B,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,iBAAiB,CAAC;AAOzB;;;;;;;;;;;;;;;;GAgBG;AACH,wBAA8B,uBAAuB,CACnD,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,YAAY,EAAE,6BAA6B,EAC3C,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EACxB,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,IAAI,CAAC,CA6Df"}