npm - @icp-sdk/auth - Versions diffs - 4.0.0-beta.1 - Mend

@icp-sdk/auth 4.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/README.md +11 -0
package/dist/esm/client/auth-client.d.ts +177 -0
package/dist/esm/client/auth-client.js +328 -0
package/dist/esm/client/auth-client.js.map +1 -0
package/dist/esm/client/db.d.ts +47 -0
package/dist/esm/client/db.js +83 -0
package/dist/esm/client/db.js.map +1 -0
package/dist/esm/client/idle-manager.d.ts +81 -0
package/dist/esm/client/idle-manager.js +81 -0
package/dist/esm/client/idle-manager.js.map +1 -0
package/dist/esm/client/index.d.ts +4 -0
package/dist/esm/client/index.js +15 -0
package/dist/esm/client/index.js.map +1 -0
package/dist/esm/client/storage.d.ts +51 -0
package/dist/esm/client/storage.js +83 -0
package/dist/esm/client/storage.js.map +1 -0
package/dist/esm/index.d.ts +1 -0
package/dist/esm/index.js +4 -0
package/dist/esm/index.js.map +1 -0
package/package.json +62 -0
package/src/client/auth-client.ts +593 -0
package/src/client/db.ts +114 -0
package/src/client/idle-manager.ts +144 -0
package/src/client/index.ts +10 -0
package/src/client/storage.ts +112 -0
package/src/index.ts +3 -0

package/README.md ADDED Viewed

@@ -0,0 +1,11 @@
+# @icp-sdk/auth
+Authentication library for Internet Computer web apps.
+## Contributing
+Contributions are welcome! Please see the [contribution guide](./CONTRIBUTING.md) for more information.
+## License
+This project is licensed under the [Apache-2.0](./LICENSE) license.

package/dist/esm/client/auth-client.d.ts ADDED Viewed

@@ -0,0 +1,177 @@
+import { Identity, SignIdentity } from '@icp-sdk/core/agent';
+import { DelegationChain, PartialIdentity } from '@icp-sdk/core/identity';
+import { Principal } from '@icp-sdk/core/principal';
+import { IdleManager, IdleManagerOptions } from './idle-manager.ts';
+import { AuthClientStorage } from './storage.ts';
+declare const ECDSA_KEY_LABEL = "ECDSA";
+declare const ED25519_KEY_LABEL = "Ed25519";
+type BaseKeyType = typeof ECDSA_KEY_LABEL | typeof ED25519_KEY_LABEL;
+export declare const ERROR_USER_INTERRUPT = "UserInterrupt";
+/**
+ * List of options for creating an {@link AuthClient}.
+ */
+export interface AuthClientCreateOptions {
+    /**
+     * An {@link SignIdentity} or {@link PartialIdentity} to authenticate via delegation.
+     */
+    identity?: SignIdentity | PartialIdentity;
+    /**
+     * Optional storage with get, set, and remove. Uses {@link IdbStorage} by default.
+     * @see {@link AuthClientStorage}
+     */
+    storage?: AuthClientStorage;
+    /**
+     * Type to use for the base key.
+     *
+     * If you are using a custom storage provider that does not support CryptoKey storage,
+     * you should use `Ed25519` as the key type, as it can serialize to a string.
+     * @default 'ECDSA'
+     */
+    keyType?: BaseKeyType;
+    /**
+     * Options to handle idle timeouts
+     * @default after 10 minutes, invalidates the identity
+     */
+    idleOptions?: IdleOptions;
+    /**
+     * Options to handle login, passed to the login method
+     */
+    loginOptions?: AuthClientLoginOptions;
+}
+export interface IdleOptions extends IdleManagerOptions {
+    /**
+     * Disables idle functionality for {@link IdleManager}
+     * @default false
+     */
+    disableIdle?: boolean;
+    /**
+     * Disables default idle behavior - call logout & reload window
+     * @default false
+     */
+    disableDefaultIdleCallback?: boolean;
+}
+export type OnSuccessFunc = (() => void | Promise<void>) | ((message: InternetIdentityAuthResponseSuccess) => void | Promise<void>);
+export type OnErrorFunc = (error?: string) => void | Promise<void>;
+export interface AuthClientLoginOptions {
+    /**
+     * Identity provider
+     * @default "https://identity.internetcomputer.org"
+     */
+    identityProvider?: string | URL;
+    /**
+     * Expiration of the authentication in nanoseconds
+     * @default  BigInt(8) hours * BigInt(3_600_000_000_000) nanoseconds
+     */
+    maxTimeToLive?: bigint;
+    /**
+     * If present, indicates whether or not the Identity Provider should allow the user to authenticate and/or register using a temporary key/PIN identity. Authenticating dapps may want to prevent users from using Temporary keys/PIN identities because Temporary keys/PIN identities are less secure than Passkeys (webauthn credentials) and because Temporary keys/PIN identities generally only live in a browser database (which may get cleared by the browser/OS).
+     */
+    allowPinAuthentication?: boolean;
+    /**
+     * Origin for Identity Provider to use while generating the delegated identity. For II, the derivation origin must authorize this origin by setting a record at `<derivation-origin>/.well-known/ii-alternative-origins`.
+     * @see https://github.com/dfinity/internet-identity/blob/main/docs/internet-identity-spec.adoc
+     */
+    derivationOrigin?: string | URL;
+    /**
+     * Auth Window feature config string
+     * @example "toolbar=0,location=0,menubar=0,width=500,height=500,left=100,top=100"
+     */
+    windowOpenerFeatures?: string;
+    /**
+     * Callback once login has completed
+     */
+    onSuccess?: OnSuccessFunc;
+    /**
+     * Callback in case authentication fails
+     */
+    onError?: OnErrorFunc;
+    /**
+     * Extra values to be passed in the login request during the authorize-ready phase
+     */
+    customValues?: Record<string, unknown>;
+}
+export interface InternetIdentityAuthResponseSuccess {
+    kind: 'authorize-client-success';
+    delegations: {
+        delegation: {
+            pubkey: Uint8Array;
+            expiration: bigint;
+            targets?: Principal[];
+        };
+        signature: Uint8Array;
+    }[];
+    userPublicKey: Uint8Array;
+    authnMethod: 'passkey' | 'pin' | 'recovery';
+}
+/**
+ * Tool to manage authentication and identity
+ * @see {@link AuthClient}
+ */
+export declare class AuthClient {
+    private _identity;
+    private _key;
+    private _chain;
+    private _storage;
+    idleManager: IdleManager | undefined;
+    private _createOptions;
+    private _idpWindow?;
+    private _eventHandler?;
+    /**
+     * Create an AuthClient to manage authentication and identity
+     * @param {AuthClientCreateOptions} options - Options for creating an {@link AuthClient}
+     * @see {@link AuthClientCreateOptions}
+     * @param options.identity Optional Identity to use as the base
+     * @see {@link SignIdentity}
+     * @param options.storage Storage mechanism for delegation credentials
+     * @see {@link AuthClientStorage}
+     * @param options.keyType Type of key to use for the base key
+     * @param {IdleOptions} options.idleOptions Configures an {@link IdleManager}
+     * @see {@link IdleOptions}
+     * Default behavior is to clear stored identity and reload the page when a user goes idle, unless you set the disableDefaultIdleCallback flag or pass in a custom idle callback.
+     * @example
+     * const authClient = await AuthClient.create({
+     *   idleOptions: {
+     *     disableIdle: true
+     *   }
+     * })
+     */
+    static create(options?: AuthClientCreateOptions): Promise<AuthClient>;
+    protected constructor(_identity: Identity | PartialIdentity, _key: SignIdentity | PartialIdentity, _chain: DelegationChain | null, _storage: AuthClientStorage, idleManager: IdleManager | undefined, _createOptions: AuthClientCreateOptions | undefined, _idpWindow?: Window | undefined, _eventHandler?: ((event: MessageEvent) => void) | undefined);
+    private _registerDefaultIdleCallback;
+    private _handleSuccess;
+    getIdentity(): Identity;
+    isAuthenticated(): Promise<boolean>;
+    /**
+     * AuthClient Login - Opens up a new window to authenticate with Internet Identity
+     * @param {AuthClientLoginOptions} options - Options for logging in, merged with the options set during creation if any. Note: we only perform a shallow merge for the `customValues` property.
+     * @param options.identityProvider Identity provider
+     * @param options.maxTimeToLive Expiration of the authentication in nanoseconds
+     * @param options.allowPinAuthentication If present, indicates whether or not the Identity Provider should allow the user to authenticate and/or register using a temporary key/PIN identity. Authenticating dapps may want to prevent users from using Temporary keys/PIN identities because Temporary keys/PIN identities are less secure than Passkeys (webauthn credentials) and because Temporary keys/PIN identities generally only live in a browser database (which may get cleared by the browser/OS).
+     * @param options.derivationOrigin Origin for Identity Provider to use while generating the delegated identity
+     * @param options.windowOpenerFeatures Configures the opened authentication window
+     * @param options.onSuccess Callback once login has completed
+     * @param options.onError Callback in case authentication fails
+     * @param options.customValues Extra values to be passed in the login request during the authorize-ready phase. Note: we only perform a shallow merge for the `customValues` property.
+     * @example
+     * const authClient = await AuthClient.create();
+     * authClient.login({
+     *  identityProvider: 'http://<canisterID>.127.0.0.1:8000',
+     *  maxTimeToLive: BigInt (7) * BigInt(24) * BigInt(3_600_000_000_000), // 1 week
+     *  windowOpenerFeatures: "toolbar=0,location=0,menubar=0,width=500,height=500,left=100,top=100",
+     *  onSuccess: () => {
+     *    console.log('Login Successful!');
+     *  },
+     *  onError: (error) => {
+     *    console.error('Login Failed: ', error);
+     *  }
+     * });
+     */
+    login(options?: AuthClientLoginOptions): Promise<void>;
+    private _getEventHandler;
+    private _handleFailure;
+    private _removeEventListener;
+    logout(options?: {
+        returnTo?: string;
+    }): Promise<void>;
+}
+export {};

package/dist/esm/client/auth-client.js ADDED Viewed

@@ -0,0 +1,328 @@
+import { AnonymousIdentity } from "@icp-sdk/core/agent";
+import { Ed25519KeyIdentity, ECDSAKeyIdentity, DelegationChain, isDelegationValid, PartialDelegationIdentity, DelegationIdentity, Delegation } from "@icp-sdk/core/identity";
+import { IdleManager } from "./idle-manager.js";
+import { IdbStorage, KEY_STORAGE_KEY, LocalStorage, KEY_STORAGE_DELEGATION, KEY_VECTOR } from "./storage.js";
+const NANOSECONDS_PER_SECOND = BigInt(1e9);
+const SECONDS_PER_HOUR = BigInt(3600);
+const NANOSECONDS_PER_HOUR = NANOSECONDS_PER_SECOND * SECONDS_PER_HOUR;
+const IDENTITY_PROVIDER_DEFAULT = "https://identity.internetcomputer.org";
+const IDENTITY_PROVIDER_ENDPOINT = "#authorize";
+const DEFAULT_MAX_TIME_TO_LIVE = BigInt(8) * NANOSECONDS_PER_HOUR;
+const ECDSA_KEY_LABEL = "ECDSA";
+const ED25519_KEY_LABEL = "Ed25519";
+const INTERRUPT_CHECK_INTERVAL = 500;
+const ERROR_USER_INTERRUPT = "UserInterrupt";
+class AuthClient {
+  constructor(_identity, _key, _chain, _storage, idleManager, _createOptions, _idpWindow, _eventHandler) {
+    this._identity = _identity;
+    this._key = _key;
+    this._chain = _chain;
+    this._storage = _storage;
+    this.idleManager = idleManager;
+    this._createOptions = _createOptions;
+    this._idpWindow = _idpWindow;
+    this._eventHandler = _eventHandler;
+    this._registerDefaultIdleCallback();
+  }
+  /**
+   * Create an AuthClient to manage authentication and identity
+   * @param {AuthClientCreateOptions} options - Options for creating an {@link AuthClient}
+   * @see {@link AuthClientCreateOptions}
+   * @param options.identity Optional Identity to use as the base
+   * @see {@link SignIdentity}
+   * @param options.storage Storage mechanism for delegation credentials
+   * @see {@link AuthClientStorage}
+   * @param options.keyType Type of key to use for the base key
+   * @param {IdleOptions} options.idleOptions Configures an {@link IdleManager}
+   * @see {@link IdleOptions}
+   * Default behavior is to clear stored identity and reload the page when a user goes idle, unless you set the disableDefaultIdleCallback flag or pass in a custom idle callback.
+   * @example
+   * const authClient = await AuthClient.create({
+   *   idleOptions: {
+   *     disableIdle: true
+   *   }
+   * })
+   */
+  static async create(options = {}) {
+    const storage = options.storage ?? new IdbStorage();
+    const keyType = options.keyType ?? ECDSA_KEY_LABEL;
+    let key = null;
+    if (options.identity) {
+      key = options.identity;
+    } else {
+      let maybeIdentityStorage = await storage.get(KEY_STORAGE_KEY);
+      if (!maybeIdentityStorage) {
+        try {
+          const fallbackLocalStorage = new LocalStorage();
+          const localChain = await fallbackLocalStorage.get(KEY_STORAGE_DELEGATION);
+          const localKey = await fallbackLocalStorage.get(KEY_STORAGE_KEY);
+          if (localChain && localKey && keyType === ECDSA_KEY_LABEL) {
+            console.log("Discovered an identity stored in localstorage. Migrating to IndexedDB");
+            await storage.set(KEY_STORAGE_DELEGATION, localChain);
+            await storage.set(KEY_STORAGE_KEY, localKey);
+            maybeIdentityStorage = localChain;
+            await fallbackLocalStorage.remove(KEY_STORAGE_DELEGATION);
+            await fallbackLocalStorage.remove(KEY_STORAGE_KEY);
+          }
+        } catch (error) {
+          console.error(`error while attempting to recover localstorage: ${error}`);
+        }
+      }
+      if (maybeIdentityStorage) {
+        try {
+          if (typeof maybeIdentityStorage === "object") {
+            if (keyType === ED25519_KEY_LABEL && typeof maybeIdentityStorage === "string") {
+              key = Ed25519KeyIdentity.fromJSON(maybeIdentityStorage);
+            } else {
+              key = await ECDSAKeyIdentity.fromKeyPair(maybeIdentityStorage);
+            }
+          } else if (typeof maybeIdentityStorage === "string") {
+            key = Ed25519KeyIdentity.fromJSON(maybeIdentityStorage);
+          }
+        } catch {
+        }
+      }
+    }
+    let identity = new AnonymousIdentity();
+    let chain = null;
+    if (key) {
+      try {
+        const chainStorage = await storage.get(KEY_STORAGE_DELEGATION);
+        if (typeof chainStorage === "object" && chainStorage !== null) {
+          throw new Error(
+            "Delegation chain is incorrectly stored. A delegation chain should be stored as a string."
+          );
+        }
+        if (options.identity) {
+          identity = options.identity;
+        } else if (chainStorage) {
+          chain = DelegationChain.fromJSON(chainStorage);
+          if (!isDelegationValid(chain)) {
+            await _deleteStorage(storage);
+            key = null;
+          } else {
+            if ("toDer" in key) {
+              identity = PartialDelegationIdentity.fromDelegation(key, chain);
+            } else {
+              identity = DelegationIdentity.fromDelegation(key, chain);
+            }
+          }
+        }
+      } catch (e) {
+        console.error(e);
+        await _deleteStorage(storage);
+        key = null;
+      }
+    }
+    let idleManager;
+    if (options.idleOptions?.disableIdle) {
+      idleManager = void 0;
+    } else if (chain || options.identity) {
+      idleManager = IdleManager.create(options.idleOptions);
+    }
+    if (!key) {
+      if (keyType === ED25519_KEY_LABEL) {
+        key = Ed25519KeyIdentity.generate();
+        await storage.set(KEY_STORAGE_KEY, JSON.stringify(key.toJSON()));
+      } else {
+        if (options.storage && keyType === ECDSA_KEY_LABEL) {
+          console.warn(
+            `You are using a custom storage provider that may not support CryptoKey storage. If you are using a custom storage provider that does not support CryptoKey storage, you should use '${ED25519_KEY_LABEL}' as the key type, as it can serialize to a string`
+          );
+        }
+        key = await ECDSAKeyIdentity.generate();
+        await storage.set(KEY_STORAGE_KEY, key.getKeyPair());
+      }
+    }
+    return new AuthClient(identity, key, chain, storage, idleManager, options);
+  }
+  _registerDefaultIdleCallback() {
+    const idleOptions = this._createOptions?.idleOptions;
+    if (!idleOptions?.onIdle && !idleOptions?.disableDefaultIdleCallback) {
+      this.idleManager?.registerCallback(() => {
+        this.logout();
+        location.reload();
+      });
+    }
+  }
+  async _handleSuccess(message, onSuccess) {
+    const delegations = message.delegations.map((signedDelegation) => {
+      return {
+        delegation: new Delegation(
+          signedDelegation.delegation.pubkey,
+          signedDelegation.delegation.expiration,
+          signedDelegation.delegation.targets
+        ),
+        signature: signedDelegation.signature
+      };
+    });
+    const delegationChain = DelegationChain.fromDelegations(
+      delegations,
+      message.userPublicKey
+    );
+    const key = this._key;
+    if (!key) {
+      return;
+    }
+    this._chain = delegationChain;
+    if ("toDer" in key) {
+      this._identity = PartialDelegationIdentity.fromDelegation(key, this._chain);
+    } else {
+      this._identity = DelegationIdentity.fromDelegation(key, this._chain);
+    }
+    this._idpWindow?.close();
+    const idleOptions = this._createOptions?.idleOptions;
+    if (!this.idleManager && !idleOptions?.disableIdle) {
+      this.idleManager = IdleManager.create(idleOptions);
+      this._registerDefaultIdleCallback();
+    }
+    this._removeEventListener();
+    delete this._idpWindow;
+    if (this._chain) {
+      await this._storage.set(KEY_STORAGE_DELEGATION, JSON.stringify(this._chain.toJSON()));
+    }
+    onSuccess?.(message);
+  }
+  getIdentity() {
+    return this._identity;
+  }
+  async isAuthenticated() {
+    return !this.getIdentity().getPrincipal().isAnonymous() && this._chain !== null && isDelegationValid(this._chain);
+  }
+  /**
+   * AuthClient Login - Opens up a new window to authenticate with Internet Identity
+   * @param {AuthClientLoginOptions} options - Options for logging in, merged with the options set during creation if any. Note: we only perform a shallow merge for the `customValues` property.
+   * @param options.identityProvider Identity provider
+   * @param options.maxTimeToLive Expiration of the authentication in nanoseconds
+   * @param options.allowPinAuthentication If present, indicates whether or not the Identity Provider should allow the user to authenticate and/or register using a temporary key/PIN identity. Authenticating dapps may want to prevent users from using Temporary keys/PIN identities because Temporary keys/PIN identities are less secure than Passkeys (webauthn credentials) and because Temporary keys/PIN identities generally only live in a browser database (which may get cleared by the browser/OS).
+   * @param options.derivationOrigin Origin for Identity Provider to use while generating the delegated identity
+   * @param options.windowOpenerFeatures Configures the opened authentication window
+   * @param options.onSuccess Callback once login has completed
+   * @param options.onError Callback in case authentication fails
+   * @param options.customValues Extra values to be passed in the login request during the authorize-ready phase. Note: we only perform a shallow merge for the `customValues` property.
+   * @example
+   * const authClient = await AuthClient.create();
+   * authClient.login({
+   *  identityProvider: 'http://<canisterID>.127.0.0.1:8000',
+   *  maxTimeToLive: BigInt (7) * BigInt(24) * BigInt(3_600_000_000_000), // 1 week
+   *  windowOpenerFeatures: "toolbar=0,location=0,menubar=0,width=500,height=500,left=100,top=100",
+   *  onSuccess: () => {
+   *    console.log('Login Successful!');
+   *  },
+   *  onError: (error) => {
+   *    console.error('Login Failed: ', error);
+   *  }
+   * });
+   */
+  async login(options) {
+    const loginOptions = mergeLoginOptions(this._createOptions?.loginOptions, options);
+    const maxTimeToLive = loginOptions?.maxTimeToLive ?? DEFAULT_MAX_TIME_TO_LIVE;
+    const identityProviderUrl = new URL(
+      loginOptions?.identityProvider?.toString() || IDENTITY_PROVIDER_DEFAULT
+    );
+    identityProviderUrl.hash = IDENTITY_PROVIDER_ENDPOINT;
+    this._idpWindow?.close();
+    this._removeEventListener();
+    this._eventHandler = this._getEventHandler(identityProviderUrl, {
+      maxTimeToLive,
+      ...loginOptions
+    });
+    window.addEventListener("message", this._eventHandler);
+    this._idpWindow = window.open(
+      identityProviderUrl.toString(),
+      "idpWindow",
+      loginOptions?.windowOpenerFeatures
+    ) ?? void 0;
+    const checkInterruption = () => {
+      if (this._idpWindow) {
+        if (this._idpWindow.closed) {
+          this._handleFailure(ERROR_USER_INTERRUPT, loginOptions?.onError);
+        } else {
+          setTimeout(checkInterruption, INTERRUPT_CHECK_INTERVAL);
+        }
+      }
+    };
+    checkInterruption();
+  }
+  _getEventHandler(identityProviderUrl, options) {
+    return async (event) => {
+      if (event.origin !== identityProviderUrl.origin) {
+        return;
+      }
+      const message = event.data;
+      switch (message.kind) {
+        case "authorize-ready": {
+          const request = {
+            kind: "authorize-client",
+            sessionPublicKey: new Uint8Array(this._key?.getPublicKey().toDer()),
+            maxTimeToLive: options?.maxTimeToLive,
+            allowPinAuthentication: options?.allowPinAuthentication,
+            derivationOrigin: options?.derivationOrigin?.toString(),
+            // Pass any custom values to the IDP.
+            ...options?.customValues
+          };
+          this._idpWindow?.postMessage(request, identityProviderUrl.origin);
+          break;
+        }
+        case "authorize-client-success":
+          try {
+            await this._handleSuccess(message, options?.onSuccess);
+          } catch (err) {
+            this._handleFailure(err.message, options?.onError);
+          }
+          break;
+        case "authorize-client-failure":
+          this._handleFailure(message.text, options?.onError);
+          break;
+      }
+    };
+  }
+  _handleFailure(errorMessage, onError) {
+    this._idpWindow?.close();
+    onError?.(errorMessage);
+    this._removeEventListener();
+    delete this._idpWindow;
+  }
+  _removeEventListener() {
+    if (this._eventHandler) {
+      window.removeEventListener("message", this._eventHandler);
+    }
+    this._eventHandler = void 0;
+  }
+  async logout(options = {}) {
+    await _deleteStorage(this._storage);
+    this._identity = new AnonymousIdentity();
+    this._chain = null;
+    if (options.returnTo) {
+      try {
+        window.history.pushState({}, "", options.returnTo);
+      } catch {
+        window.location.href = options.returnTo;
+      }
+    }
+  }
+}
+async function _deleteStorage(storage) {
+  await storage.remove(KEY_STORAGE_KEY);
+  await storage.remove(KEY_STORAGE_DELEGATION);
+  await storage.remove(KEY_VECTOR);
+}
+function mergeLoginOptions(loginOptions, otherLoginOptions) {
+  if (!loginOptions && !otherLoginOptions) {
+    return void 0;
+  }
+  const customValues = loginOptions?.customValues || otherLoginOptions?.customValues ? {
+    ...loginOptions?.customValues,
+    ...otherLoginOptions?.customValues
+  } : void 0;
+  return {
+    ...loginOptions,
+    ...otherLoginOptions,
+    customValues
+  };
+}
+export {
+  AuthClient,
+  ERROR_USER_INTERRUPT
+};
+//# sourceMappingURL=auth-client.js.map

package/dist/esm/client/auth-client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth-client.js","sources":["../../../src/client/auth-client.ts"],"sourcesContent":["import {\n AnonymousIdentity,\n type DerEncodedPublicKey,\n type Identity,\n type Signature,\n type SignIdentity,\n} from '@icp-sdk/core/agent';\nimport {\n Delegation,\n DelegationChain,\n DelegationIdentity,\n ECDSAKeyIdentity,\n Ed25519KeyIdentity,\n isDelegationValid,\n PartialDelegationIdentity,\n type PartialIdentity,\n} from '@icp-sdk/core/identity';\nimport type { Principal } from '@icp-sdk/core/principal';\nimport { IdleManager, type IdleManagerOptions } from './idle-manager.ts';\nimport {\n type AuthClientStorage,\n IdbStorage,\n KEY_STORAGE_DELEGATION,\n KEY_STORAGE_KEY,\n KEY_VECTOR,\n LocalStorage,\n} from './storage.ts';\n\nconst NANOSECONDS_PER_SECOND = BigInt(1_000_000_000);\nconst SECONDS_PER_HOUR = BigInt(3_600);\nconst NANOSECONDS_PER_HOUR = NANOSECONDS_PER_SECOND * SECONDS_PER_HOUR;\n\nconst IDENTITY_PROVIDER_DEFAULT = 'https://identity.internetcomputer.org';\nconst IDENTITY_PROVIDER_ENDPOINT = '#authorize';\n\nconst DEFAULT_MAX_TIME_TO_LIVE = BigInt(8) * NANOSECONDS_PER_HOUR;\n\nconst ECDSA_KEY_LABEL = 'ECDSA';\nconst ED25519_KEY_LABEL = 'Ed25519';\ntype BaseKeyType = typeof ECDSA_KEY_LABEL | typeof ED25519_KEY_LABEL;\n\nconst INTERRUPT_CHECK_INTERVAL = 500;\n\nexport const ERROR_USER_INTERRUPT = 'UserInterrupt';\n\n/**\n * List of options for creating an {@link AuthClient}.\n */\nexport interface AuthClientCreateOptions {\n /**\n * An {@link SignIdentity} or {@link PartialIdentity} to authenticate via delegation.\n */\n identity?: SignIdentity | PartialIdentity;\n /**\n * Optional storage with get, set, and remove. Uses {@link IdbStorage} by default.\n * @see {@link AuthClientStorage}\n */\n storage?: AuthClientStorage;\n\n /**\n * Type to use for the base key.\n *\n * If you are using a custom storage provider that does not support CryptoKey storage,\n * you should use `Ed25519` as the key type, as it can serialize to a string.\n * @default 'ECDSA'\n */\n keyType?: BaseKeyType;\n\n /**\n * Options to handle idle timeouts\n * @default after 10 minutes, invalidates the identity\n */\n idleOptions?: IdleOptions;\n\n /**\n * Options to handle login, passed to the login method\n */\n loginOptions?: AuthClientLoginOptions;\n}\n\nexport interface IdleOptions extends IdleManagerOptions {\n /**\n * Disables idle functionality for {@link IdleManager}\n * @default false\n */\n disableIdle?: boolean;\n\n /**\n * Disables default idle behavior - call logout & reload window\n * @default false\n */\n disableDefaultIdleCallback?: boolean;\n}\n\nexport type OnSuccessFunc =\n | (() => void | Promise<void>)\n | ((message: InternetIdentityAuthResponseSuccess) => void | Promise<void>);\n\nexport type OnErrorFunc = (error?: string) => void | Promise<void>;\n\nexport interface AuthClientLoginOptions {\n /**\n * Identity provider\n * @default \"https://identity.internetcomputer.org\"\n */\n identityProvider?: string | URL;\n /**\n * Expiration of the authentication in nanoseconds\n * @default BigInt(8) hours * BigInt(3_600_000_000_000) nanoseconds\n */\n maxTimeToLive?: bigint;\n /**\n * If present, indicates whether or not the Identity Provider should allow the user to authenticate and/or register using a temporary key/PIN identity. Authenticating dapps may want to prevent users from using Temporary keys/PIN identities because Temporary keys/PIN identities are less secure than Passkeys (webauthn credentials) and because Temporary keys/PIN identities generally only live in a browser database (which may get cleared by the browser/OS).\n */\n allowPinAuthentication?: boolean;\n /**\n * Origin for Identity Provider to use while generating the delegated identity. For II, the derivation origin must authorize this origin by setting a record at `<derivation-origin>/.well-known/ii-alternative-origins`.\n * @see https://github.com/dfinity/internet-identity/blob/main/docs/internet-identity-spec.adoc\n */\n derivationOrigin?: string | URL;\n /**\n * Auth Window feature config string\n * @example \"toolbar=0,location=0,menubar=0,width=500,height=500,left=100,top=100\"\n */\n windowOpenerFeatures?: string;\n /**\n * Callback once login has completed\n */\n onSuccess?: OnSuccessFunc;\n /**\n * Callback in case authentication fails\n */\n onError?: OnErrorFunc;\n /**\n * Extra values to be passed in the login request during the authorize-ready phase\n */\n customValues?: Record<string, unknown>;\n}\n\ninterface InternetIdentityAuthRequest {\n kind: 'authorize-client';\n sessionPublicKey: Uint8Array;\n maxTimeToLive?: bigint;\n allowPinAuthentication?: boolean;\n derivationOrigin?: string;\n}\n\nexport interface InternetIdentityAuthResponseSuccess {\n kind: 'authorize-client-success';\n delegations: {\n delegation: {\n pubkey: Uint8Array;\n expiration: bigint;\n targets?: Principal[];\n };\n signature: Uint8Array;\n }[];\n userPublicKey: Uint8Array;\n authnMethod: 'passkey' | 'pin' | 'recovery';\n}\n\ninterface AuthReadyMessage {\n kind: 'authorize-ready';\n}\n\ninterface AuthResponseSuccess {\n kind: 'authorize-client-success';\n delegations: {\n delegation: {\n pubkey: Uint8Array;\n expiration: bigint;\n targets?: Principal[];\n };\n signature: Uint8Array;\n }[];\n userPublicKey: Uint8Array;\n authnMethod: 'passkey' | 'pin' | 'recovery';\n}\n\ninterface AuthResponseFailure {\n kind: 'authorize-client-failure';\n text: string;\n}\n\ntype IdentityServiceResponseMessage = AuthReadyMessage | AuthResponse;\ntype AuthResponse = AuthResponseSuccess | AuthResponseFailure;\n\n/**\n * Tool to manage authentication and identity\n * @see {@link AuthClient}\n */\nexport class AuthClient {\n /**\n * Create an AuthClient to manage authentication and identity\n * @param {AuthClientCreateOptions} options - Options for creating an {@link AuthClient}\n * @see {@link AuthClientCreateOptions}\n * @param options.identity Optional Identity to use as the base\n * @see {@link SignIdentity}\n * @param options.storage Storage mechanism for delegation credentials\n * @see {@link AuthClientStorage}\n * @param options.keyType Type of key to use for the base key\n * @param {IdleOptions} options.idleOptions Configures an {@link IdleManager}\n * @see {@link IdleOptions}\n * Default behavior is to clear stored identity and reload the page when a user goes idle, unless you set the disableDefaultIdleCallback flag or pass in a custom idle callback.\n * @example\n * const authClient = await AuthClient.create({\n * idleOptions: {\n * disableIdle: true\n * }\n * })\n */\n public static async create(options: AuthClientCreateOptions = {}): Promise<AuthClient> {\n const storage = options.storage ?? new IdbStorage();\n const keyType = options.keyType ?? ECDSA_KEY_LABEL;\n\n let key: null | SignIdentity | PartialIdentity = null;\n if (options.identity) {\n key = options.identity;\n } else {\n let maybeIdentityStorage = await storage.get(KEY_STORAGE_KEY);\n if (!maybeIdentityStorage) {\n // Attempt to migrate from localstorage\n try {\n const fallbackLocalStorage = new LocalStorage();\n const localChain = await fallbackLocalStorage.get(KEY_STORAGE_DELEGATION);\n const localKey = await fallbackLocalStorage.get(KEY_STORAGE_KEY);\n // not relevant for Ed25519\n if (localChain && localKey && keyType === ECDSA_KEY_LABEL) {\n console.log('Discovered an identity stored in localstorage. Migrating to IndexedDB');\n await storage.set(KEY_STORAGE_DELEGATION, localChain);\n await storage.set(KEY_STORAGE_KEY, localKey);\n\n maybeIdentityStorage = localChain;\n // clean up\n await fallbackLocalStorage.remove(KEY_STORAGE_DELEGATION);\n await fallbackLocalStorage.remove(KEY_STORAGE_KEY);\n }\n } catch (error) {\n console.error(`error while attempting to recover localstorage: ${error}`);\n }\n }\n if (maybeIdentityStorage) {\n try {\n if (typeof maybeIdentityStorage === 'object') {\n if (keyType === ED25519_KEY_LABEL && typeof maybeIdentityStorage === 'string') {\n key = Ed25519KeyIdentity.fromJSON(maybeIdentityStorage);\n } else {\n key = await ECDSAKeyIdentity.fromKeyPair(maybeIdentityStorage);\n }\n } else if (typeof maybeIdentityStorage === 'string') {\n // This is a legacy identity, which is a serialized Ed25519KeyIdentity.\n key = Ed25519KeyIdentity.fromJSON(maybeIdentityStorage);\n }\n } catch {\n // Ignore this, this means that the localStorage value isn't a valid Ed25519KeyIdentity or ECDSAKeyIdentity\n // serialization.\n }\n }\n }\n\n let identity: SignIdentity | PartialIdentity = new AnonymousIdentity() as PartialIdentity;\n let chain: null | DelegationChain = null;\n if (key) {\n try {\n const chainStorage = await storage.get(KEY_STORAGE_DELEGATION);\n if (typeof chainStorage === 'object' && chainStorage !== null) {\n throw new Error(\n 'Delegation chain is incorrectly stored. A delegation chain should be stored as a string.',\n );\n }\n\n if (options.identity) {\n identity = options.identity;\n } else if (chainStorage) {\n chain = DelegationChain.fromJSON(chainStorage);\n\n // Verify that the delegation isn't expired.\n if (!isDelegationValid(chain)) {\n await _deleteStorage(storage);\n key = null;\n } else {\n // If the key is a public key, then we create a PartialDelegationIdentity.\n if ('toDer' in key) {\n identity = PartialDelegationIdentity.fromDelegation(key, chain);\n // otherwise, we create a DelegationIdentity.\n } else {\n identity = DelegationIdentity.fromDelegation(key, chain);\n }\n }\n }\n } catch (e) {\n console.error(e);\n // If there was a problem loading the chain, delete the key.\n await _deleteStorage(storage);\n key = null;\n }\n }\n let idleManager: IdleManager | undefined;\n if (options.idleOptions?.disableIdle) {\n idleManager = undefined;\n }\n // if there is a delegation chain or provided identity, setup idleManager\n else if (chain || options.identity) {\n idleManager = IdleManager.create(options.idleOptions);\n }\n\n if (!key) {\n // Create a new key (whether or not one was in storage).\n if (keyType === ED25519_KEY_LABEL) {\n key = Ed25519KeyIdentity.generate();\n await storage.set(KEY_STORAGE_KEY, JSON.stringify((key as Ed25519KeyIdentity).toJSON()));\n } else {\n if (options.storage && keyType === ECDSA_KEY_LABEL) {\n console.warn(\n `You are using a custom storage provider that may not support CryptoKey storage. If you are using a custom storage provider that does not support CryptoKey storage, you should use '${ED25519_KEY_LABEL}' as the key type, as it can serialize to a string`,\n );\n }\n key = await ECDSAKeyIdentity.generate();\n await storage.set(KEY_STORAGE_KEY, (key as ECDSAKeyIdentity).getKeyPair());\n }\n }\n\n return new AuthClient(identity, key, chain, storage, idleManager, options);\n }\n\n protected constructor(\n private _identity: Identity | PartialIdentity,\n private _key: SignIdentity | PartialIdentity,\n private _chain: DelegationChain | null,\n private _storage: AuthClientStorage,\n public idleManager: IdleManager | undefined,\n private _createOptions: AuthClientCreateOptions | undefined,\n // A handle on the IdP window.\n private _idpWindow?: Window,\n // The event handler for processing events from the IdP.\n private _eventHandler?: (event: MessageEvent) => void,\n ) {\n this._registerDefaultIdleCallback();\n }\n\n private _registerDefaultIdleCallback() {\n const idleOptions = this._createOptions?.idleOptions;\n /**\n * Default behavior is to clear stored identity and reload the page.\n * By either setting the disableDefaultIdleCallback flag or passing in a custom idle callback, we will ignore this config\n */\n if (!idleOptions?.onIdle && !idleOptions?.disableDefaultIdleCallback) {\n this.idleManager?.registerCallback(() => {\n this.logout();\n location.reload();\n });\n }\n }\n\n private async _handleSuccess(\n message: InternetIdentityAuthResponseSuccess,\n onSuccess?: OnSuccessFunc,\n ) {\n const delegations = message.delegations.map((signedDelegation) => {\n return {\n delegation: new Delegation(\n signedDelegation.delegation.pubkey,\n signedDelegation.delegation.expiration,\n signedDelegation.delegation.targets,\n ),\n signature: signedDelegation.signature as Signature,\n };\n });\n\n const delegationChain = DelegationChain.fromDelegations(\n delegations,\n message.userPublicKey as DerEncodedPublicKey,\n );\n\n const key = this._key;\n if (!key) {\n return;\n }\n\n this._chain = delegationChain;\n\n if ('toDer' in key) {\n this._identity = PartialDelegationIdentity.fromDelegation(key, this._chain);\n } else {\n this._identity = DelegationIdentity.fromDelegation(key, this._chain);\n }\n\n this._idpWindow?.close();\n const idleOptions = this._createOptions?.idleOptions;\n // create the idle manager on a successful login if we haven't disabled it\n // and it doesn't already exist.\n if (!this.idleManager && !idleOptions?.disableIdle) {\n this.idleManager = IdleManager.create(idleOptions);\n this._registerDefaultIdleCallback();\n }\n\n this._removeEventListener();\n delete this._idpWindow;\n\n if (this._chain) {\n await this._storage.set(KEY_STORAGE_DELEGATION, JSON.stringify(this._chain.toJSON()));\n }\n\n // onSuccess should be the last thing to do to avoid consumers\n // interfering by navigating or refreshing the page\n onSuccess?.(message);\n }\n\n public getIdentity(): Identity {\n return this._identity;\n }\n\n public async isAuthenticated(): Promise<boolean> {\n return (\n !this.getIdentity().getPrincipal().isAnonymous() &&\n this._chain !== null &&\n isDelegationValid(this._chain)\n );\n }\n\n /**\n * AuthClient Login - Opens up a new window to authenticate with Internet Identity\n * @param {AuthClientLoginOptions} options - Options for logging in, merged with the options set during creation if any. Note: we only perform a shallow merge for the `customValues` property.\n * @param options.identityProvider Identity provider\n * @param options.maxTimeToLive Expiration of the authentication in nanoseconds\n * @param options.allowPinAuthentication If present, indicates whether or not the Identity Provider should allow the user to authenticate and/or register using a temporary key/PIN identity. Authenticating dapps may want to prevent users from using Temporary keys/PIN identities because Temporary keys/PIN identities are less secure than Passkeys (webauthn credentials) and because Temporary keys/PIN identities generally only live in a browser database (which may get cleared by the browser/OS).\n * @param options.derivationOrigin Origin for Identity Provider to use while generating the delegated identity\n * @param options.windowOpenerFeatures Configures the opened authentication window\n * @param options.onSuccess Callback once login has completed\n * @param options.onError Callback in case authentication fails\n * @param options.customValues Extra values to be passed in the login request during the authorize-ready phase. Note: we only perform a shallow merge for the `customValues` property.\n * @example\n * const authClient = await AuthClient.create();\n * authClient.login({\n * identityProvider: 'http://<canisterID>.127.0.0.1:8000',\n * maxTimeToLive: BigInt (7) * BigInt(24) * BigInt(3_600_000_000_000), // 1 week\n * windowOpenerFeatures: \"toolbar=0,location=0,menubar=0,width=500,height=500,left=100,top=100\",\n * onSuccess: () => {\n * console.log('Login Successful!');\n * },\n * onError: (error) => {\n * console.error('Login Failed: ', error);\n * }\n * });\n */\n public async login(options?: AuthClientLoginOptions): Promise<void> {\n // Merge the passed options with the options set during creation\n const loginOptions = mergeLoginOptions(this._createOptions?.loginOptions, options);\n\n // Set default maxTimeToLive to 8 hours\n const maxTimeToLive = loginOptions?.maxTimeToLive ?? DEFAULT_MAX_TIME_TO_LIVE;\n\n // Create the URL of the IDP. (e.g. https://XXXX/#authorize)\n const identityProviderUrl = new URL(\n loginOptions?.identityProvider?.toString() || IDENTITY_PROVIDER_DEFAULT,\n );\n // Set the correct hash if it isn't already set.\n identityProviderUrl.hash = IDENTITY_PROVIDER_ENDPOINT;\n\n // If `login` has been called previously, then close/remove any previous windows\n // and event listeners.\n this._idpWindow?.close();\n this._removeEventListener();\n\n // Add an event listener to handle responses.\n this._eventHandler = this._getEventHandler(identityProviderUrl, {\n maxTimeToLive,\n ...loginOptions,\n });\n window.addEventListener('message', this._eventHandler);\n\n // Open a new window with the IDP provider.\n this._idpWindow =\n window.open(\n identityProviderUrl.toString(),\n 'idpWindow',\n loginOptions?.windowOpenerFeatures,\n ) ?? undefined;\n\n // Check if the _idpWindow is closed by user.\n const checkInterruption = (): void => {\n // The _idpWindow is opened and not yet closed by the client\n if (this._idpWindow) {\n if (this._idpWindow.closed) {\n this._handleFailure(ERROR_USER_INTERRUPT, loginOptions?.onError);\n } else {\n setTimeout(checkInterruption, INTERRUPT_CHECK_INTERVAL);\n }\n }\n };\n checkInterruption();\n }\n\n private _getEventHandler(identityProviderUrl: URL, options?: AuthClientLoginOptions) {\n return async (event: MessageEvent) => {\n if (event.origin !== identityProviderUrl.origin) {\n // Ignore any event that is not from the identity provider\n return;\n }\n\n const message = event.data as IdentityServiceResponseMessage;\n\n switch (message.kind) {\n case 'authorize-ready': {\n // IDP is ready. Send a message to request authorization.\n const request: InternetIdentityAuthRequest = {\n kind: 'authorize-client',\n sessionPublicKey: new Uint8Array(this._key?.getPublicKey().toDer()),\n maxTimeToLive: options?.maxTimeToLive,\n allowPinAuthentication: options?.allowPinAuthentication,\n derivationOrigin: options?.derivationOrigin?.toString(),\n // Pass any custom values to the IDP.\n ...options?.customValues,\n };\n this._idpWindow?.postMessage(request, identityProviderUrl.origin);\n break;\n }\n case 'authorize-client-success':\n // Create the delegation chain and store it.\n try {\n await this._handleSuccess(message, options?.onSuccess);\n } catch (err) {\n this._handleFailure((err as Error).message, options?.onError);\n }\n break;\n case 'authorize-client-failure':\n this._handleFailure(message.text, options?.onError);\n break;\n default:\n break;\n }\n };\n }\n\n private _handleFailure(errorMessage?: string, onError?: (error?: string) => void): void {\n this._idpWindow?.close();\n onError?.(errorMessage);\n this._removeEventListener();\n delete this._idpWindow;\n }\n\n private _removeEventListener() {\n if (this._eventHandler) {\n window.removeEventListener('message', this._eventHandler);\n }\n this._eventHandler = undefined;\n }\n\n public async logout(options: { returnTo?: string } = {}): Promise<void> {\n await _deleteStorage(this._storage);\n\n // Reset this auth client to a non-authenticated state.\n this._identity = new AnonymousIdentity();\n this._chain = null;\n\n if (options.returnTo) {\n try {\n window.history.pushState({}, '', options.returnTo);\n } catch {\n window.location.href = options.returnTo;\n }\n }\n }\n}\n\nasync function _deleteStorage(storage: AuthClientStorage) {\n await storage.remove(KEY_STORAGE_KEY);\n await storage.remove(KEY_STORAGE_DELEGATION);\n await storage.remove(KEY_VECTOR);\n}\n\nfunction mergeLoginOptions(\n loginOptions: AuthClientLoginOptions | undefined,\n otherLoginOptions: AuthClientLoginOptions | undefined,\n): AuthClientLoginOptions | undefined {\n if (!loginOptions && !otherLoginOptions) {\n return undefined;\n }\n\n const customValues =\n loginOptions?.customValues || otherLoginOptions?.customValues\n ? {\n ...loginOptions?.customValues,\n ...otherLoginOptions?.customValues,\n }\n : undefined;\n\n return {\n ...loginOptions,\n ...otherLoginOptions,\n customValues,\n };\n}\n"],"names":[],"mappings":";;;;AA4BA,MAAM,yBAAyB,OAAO,GAAa;AACnD,MAAM,mBAAmB,OAAO,IAAK;AACrC,MAAM,uBAAuB,yBAAyB;AAEtD,MAAM,4BAA4B;AAClC,MAAM,6BAA6B;AAEnC,MAAM,2BAA2B,OAAO,CAAC,IAAI;AAE7C,MAAM,kBAAkB;AACxB,MAAM,oBAAoB;AAG1B,MAAM,2BAA2B;AAE1B,MAAM,uBAAuB;AAoJ7B,MAAM,WAAW;AAAA,EAsIZ,YACA,WACA,MACA,QACA,UACD,aACC,gBAEA,YAEA,eACR;AAVQ,SAAA,YAAA;AACA,SAAA,OAAA;AACA,SAAA,SAAA;AACA,SAAA,WAAA;AACD,SAAA,cAAA;AACC,SAAA,iBAAA;AAEA,SAAA,aAAA;AAEA,SAAA,gBAAA;AAER,SAAK,6BAAA;AAAA,EACP;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA/HA,aAAoB,OAAO,UAAmC,IAAyB;AACrF,UAAM,UAAU,QAAQ,WAAW,IAAI,WAAA;AACvC,UAAM,UAAU,QAAQ,WAAW;AAEnC,QAAI,MAA6C;AACjD,QAAI,QAAQ,UAAU;AACpB,YAAM,QAAQ;AAAA,IAChB,OAAO;AACL,UAAI,uBAAuB,MAAM,QAAQ,IAAI,eAAe;AAC5D,UAAI,CAAC,sBAAsB;AAEzB,YAAI;AACF,gBAAM,uBAAuB,IAAI,aAAA;AACjC,gBAAM,aAAa,MAAM,qBAAqB,IAAI,sBAAsB;AACxE,gBAAM,WAAW,MAAM,qBAAqB,IAAI,eAAe;AAE/D,cAAI,cAAc,YAAY,YAAY,iBAAiB;AACzD,oBAAQ,IAAI,uEAAuE;AACnF,kBAAM,QAAQ,IAAI,wBAAwB,UAAU;AACpD,kBAAM,QAAQ,IAAI,iBAAiB,QAAQ;AAE3C,mCAAuB;AAEvB,kBAAM,qBAAqB,OAAO,sBAAsB;AACxD,kBAAM,qBAAqB,OAAO,eAAe;AAAA,UACnD;AAAA,QACF,SAAS,OAAO;AACd,kBAAQ,MAAM,mDAAmD,KAAK,EAAE;AAAA,QAC1E;AAAA,MACF;AACA,UAAI,sBAAsB;AACxB,YAAI;AACF,cAAI,OAAO,yBAAyB,UAAU;AAC5C,gBAAI,YAAY,qBAAqB,OAAO,yBAAyB,UAAU;AAC7E,oBAAM,mBAAmB,SAAS,oBAAoB;AAAA,YACxD,OAAO;AACL,oBAAM,MAAM,iBAAiB,YAAY,oBAAoB;AAAA,YAC/D;AAAA,UACF,WAAW,OAAO,yBAAyB,UAAU;AAEnD,kBAAM,mBAAmB,SAAS,oBAAoB;AAAA,UACxD;AAAA,QACF,QAAQ;AAAA,QAGR;AAAA,MACF;AAAA,IACF;AAEA,QAAI,WAA2C,IAAI,kBAAA;AACnD,QAAI,QAAgC;AACpC,QAAI,KAAK;AACP,UAAI;AACF,cAAM,eAAe,MAAM,QAAQ,IAAI,sBAAsB;AAC7D,YAAI,OAAO,iBAAiB,YAAY,iBAAiB,MAAM;AAC7D,gBAAM,IAAI;AAAA,YACR;AAAA,UAAA;AAAA,QAEJ;AAEA,YAAI,QAAQ,UAAU;AACpB,qBAAW,QAAQ;AAAA,QACrB,WAAW,cAAc;AACvB,kBAAQ,gBAAgB,SAAS,YAAY;AAG7C,cAAI,CAAC,kBAAkB,KAAK,GAAG;AAC7B,kBAAM,eAAe,OAAO;AAC5B,kBAAM;AAAA,UACR,OAAO;AAEL,gBAAI,WAAW,KAAK;AAClB,yBAAW,0BAA0B,eAAe,KAAK,KAAK;AAAA,YAEhE,OAAO;AACL,yBAAW,mBAAmB,eAAe,KAAK,KAAK;AAAA,YACzD;AAAA,UACF;AAAA,QACF;AAAA,MACF,SAAS,GAAG;AACV,gBAAQ,MAAM,CAAC;AAEf,cAAM,eAAe,OAAO;AAC5B,cAAM;AAAA,MACR;AAAA,IACF;AACA,QAAI;AACJ,QAAI,QAAQ,aAAa,aAAa;AACpC,oBAAc;AAAA,IAChB,WAES,SAAS,QAAQ,UAAU;AAClC,oBAAc,YAAY,OAAO,QAAQ,WAAW;AAAA,IACtD;AAEA,QAAI,CAAC,KAAK;AAER,UAAI,YAAY,mBAAmB;AACjC,cAAM,mBAAmB,SAAA;AACzB,cAAM,QAAQ,IAAI,iBAAiB,KAAK,UAAW,IAA2B,OAAA,CAAQ,CAAC;AAAA,MACzF,OAAO;AACL,YAAI,QAAQ,WAAW,YAAY,iBAAiB;AAClD,kBAAQ;AAAA,YACN,uLAAuL,iBAAiB;AAAA,UAAA;AAAA,QAE5M;AACA,cAAM,MAAM,iBAAiB,SAAA;AAC7B,cAAM,QAAQ,IAAI,iBAAkB,IAAyB,YAAY;AAAA,MAC3E;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,UAAU,KAAK,OAAO,SAAS,aAAa,OAAO;AAAA,EAC3E;AAAA,EAiBQ,+BAA+B;AACrC,UAAM,cAAc,KAAK,gBAAgB;AAKzC,QAAI,CAAC,aAAa,UAAU,CAAC,aAAa,4BAA4B;AACpE,WAAK,aAAa,iBAAiB,MAAM;AACvC,aAAK,OAAA;AACL,iBAAS,OAAA;AAAA,MACX,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAc,eACZ,SACA,WACA;AACA,UAAM,cAAc,QAAQ,YAAY,IAAI,CAAC,qBAAqB;AAChE,aAAO;AAAA,QACL,YAAY,IAAI;AAAA,UACd,iBAAiB,WAAW;AAAA,UAC5B,iBAAiB,WAAW;AAAA,UAC5B,iBAAiB,WAAW;AAAA,QAAA;AAAA,QAE9B,WAAW,iBAAiB;AAAA,MAAA;AAAA,IAEhC,CAAC;AAED,UAAM,kBAAkB,gBAAgB;AAAA,MACtC;AAAA,MACA,QAAQ;AAAA,IAAA;AAGV,UAAM,MAAM,KAAK;AACjB,QAAI,CAAC,KAAK;AACR;AAAA,IACF;AAEA,SAAK,SAAS;AAEd,QAAI,WAAW,KAAK;AAClB,WAAK,YAAY,0BAA0B,eAAe,KAAK,KAAK,MAAM;AAAA,IAC5E,OAAO;AACL,WAAK,YAAY,mBAAmB,eAAe,KAAK,KAAK,MAAM;AAAA,IACrE;AAEA,SAAK,YAAY,MAAA;AACjB,UAAM,cAAc,KAAK,gBAAgB;AAGzC,QAAI,CAAC,KAAK,eAAe,CAAC,aAAa,aAAa;AAClD,WAAK,cAAc,YAAY,OAAO,WAAW;AACjD,WAAK,6BAAA;AAAA,IACP;AAEA,SAAK,qBAAA;AACL,WAAO,KAAK;AAEZ,QAAI,KAAK,QAAQ;AACf,YAAM,KAAK,SAAS,IAAI,wBAAwB,KAAK,UAAU,KAAK,OAAO,OAAA,CAAQ,CAAC;AAAA,IACtF;AAIA,gBAAY,OAAO;AAAA,EACrB;AAAA,EAEO,cAAwB;AAC7B,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,MAAa,kBAAoC;AAC/C,WACE,CAAC,KAAK,cAAc,aAAA,EAAe,YAAA,KACnC,KAAK,WAAW,QAChB,kBAAkB,KAAK,MAAM;AAAA,EAEjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,MAAa,MAAM,SAAiD;AAElE,UAAM,eAAe,kBAAkB,KAAK,gBAAgB,cAAc,OAAO;AAGjF,UAAM,gBAAgB,cAAc,iBAAiB;AAGrD,UAAM,sBAAsB,IAAI;AAAA,MAC9B,cAAc,kBAAkB,cAAc;AAAA,IAAA;AAGhD,wBAAoB,OAAO;AAI3B,SAAK,YAAY,MAAA;AACjB,SAAK,qBAAA;AAGL,SAAK,gBAAgB,KAAK,iBAAiB,qBAAqB;AAAA,MAC9D;AAAA,MACA,GAAG;AAAA,IAAA,CACJ;AACD,WAAO,iBAAiB,WAAW,KAAK,aAAa;AAGrD,SAAK,aACH,OAAO;AAAA,MACL,oBAAoB,SAAA;AAAA,MACpB;AAAA,MACA,cAAc;AAAA,IAAA,KACX;AAGP,UAAM,oBAAoB,MAAY;AAEpC,UAAI,KAAK,YAAY;AACnB,YAAI,KAAK,WAAW,QAAQ;AAC1B,eAAK,eAAe,sBAAsB,cAAc,OAAO;AAAA,QACjE,OAAO;AACL,qBAAW,mBAAmB,wBAAwB;AAAA,QACxD;AAAA,MACF;AAAA,IACF;AACA,sBAAA;AAAA,EACF;AAAA,EAEQ,iBAAiB,qBAA0B,SAAkC;AACnF,WAAO,OAAO,UAAwB;AACpC,UAAI,MAAM,WAAW,oBAAoB,QAAQ;AAE/C;AAAA,MACF;AAEA,YAAM,UAAU,MAAM;AAEtB,cAAQ,QAAQ,MAAA;AAAA,QACd,KAAK,mBAAmB;AAEtB,gBAAM,UAAuC;AAAA,YAC3C,MAAM;AAAA,YACN,kBAAkB,IAAI,WAAW,KAAK,MAAM,aAAA,EAAe,OAAO;AAAA,YAClE,eAAe,SAAS;AAAA,YACxB,wBAAwB,SAAS;AAAA,YACjC,kBAAkB,SAAS,kBAAkB,SAAA;AAAA;AAAA,YAE7C,GAAG,SAAS;AAAA,UAAA;AAEd,eAAK,YAAY,YAAY,SAAS,oBAAoB,MAAM;AAChE;AAAA,QACF;AAAA,QACA,KAAK;AAEH,cAAI;AACF,kBAAM,KAAK,eAAe,SAAS,SAAS,SAAS;AAAA,UACvD,SAAS,KAAK;AACZ,iBAAK,eAAgB,IAAc,SAAS,SAAS,OAAO;AAAA,UAC9D;AACA;AAAA,QACF,KAAK;AACH,eAAK,eAAe,QAAQ,MAAM,SAAS,OAAO;AAClD;AAAA,MAEA;AAAA,IAEN;AAAA,EACF;AAAA,EAEQ,eAAe,cAAuB,SAA0C;AACtF,SAAK,YAAY,MAAA;AACjB,cAAU,YAAY;AACtB,SAAK,qBAAA;AACL,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,uBAAuB;AAC7B,QAAI,KAAK,eAAe;AACtB,aAAO,oBAAoB,WAAW,KAAK,aAAa;AAAA,IAC1D;AACA,SAAK,gBAAgB;AAAA,EACvB;AAAA,EAEA,MAAa,OAAO,UAAiC,IAAmB;AACtE,UAAM,eAAe,KAAK,QAAQ;AAGlC,SAAK,YAAY,IAAI,kBAAA;AACrB,SAAK,SAAS;AAEd,QAAI,QAAQ,UAAU;AACpB,UAAI;AACF,eAAO,QAAQ,UAAU,CAAA,GAAI,IAAI,QAAQ,QAAQ;AAAA,MACnD,QAAQ;AACN,eAAO,SAAS,OAAO,QAAQ;AAAA,MACjC;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAe,eAAe,SAA4B;AACxD,QAAM,QAAQ,OAAO,eAAe;AACpC,QAAM,QAAQ,OAAO,sBAAsB;AAC3C,QAAM,QAAQ,OAAO,UAAU;AACjC;AAEA,SAAS,kBACP,cACA,mBACoC;AACpC,MAAI,CAAC,gBAAgB,CAAC,mBAAmB;AACvC,WAAO;AAAA,EACT;AAEA,QAAM,eACJ,cAAc,gBAAgB,mBAAmB,eAC7C;AAAA,IACE,GAAG,cAAc;AAAA,IACjB,GAAG,mBAAmB;AAAA,EAAA,IAExB;AAEN,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,IACH;AAAA,EAAA;AAEJ;"}

package/dist/esm/client/db.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+type IDBValidKey = string | number | Date | BufferSource | IDBValidKey[];
+export type DBCreateOptions = {
+    dbName?: string;
+    storeName?: string;
+    version?: number;
+};
+/**
+ * Simple Key Value store
+ * Defaults to `'auth-client-db'` with an object store of `'ic-keyval'`
+ */
+export declare class IdbKeyVal {
+    private _db;
+    private _storeName;
+    /**
+     * @param {DBCreateOptions} options - DBCreateOptions
+     * @param {DBCreateOptions['dbName']} options.dbName name for the indexeddb database
+     * @default
+     * @param {DBCreateOptions['storeName']} options.storeName name for the indexeddb Data Store
+     * @default
+     * @param {DBCreateOptions['version']} options.version version of the database. Increment to safely upgrade
+     */
+    static create(options?: DBCreateOptions): Promise<IdbKeyVal>;
+    private constructor();
+    /**
+     * Basic setter
+     * @param {IDBValidKey} key string | number | Date | BufferSource | IDBValidKey[]
+     * @param value value to set
+     * @returns void
+     */
+    set<T>(key: IDBValidKey, value: T): Promise<IDBValidKey>;
+    /**
+     * Basic getter
+     * Pass in a type T for type safety if you know the type the value will have if it is found
+     * @param {IDBValidKey} key string | number | Date | BufferSource | IDBValidKey[]
+     * @returns `Promise<T | null>`
+     * @example
+     * await get<string>('exampleKey') -> 'exampleValue'
+     */
+    get<T>(key: IDBValidKey): Promise<T | null>;
+    /**
+     * Remove a key
+     * @param key {@link IDBValidKey}
+     * @returns void
+     */
+    remove(key: IDBValidKey): Promise<void>;
+}
+export {};