@jbrowse/plugin-authentication 2.2.0

package/dist/HTTPBasicModel/model.d.ts

@@ -0,0 +1,67 @@
+/// <reference types="react" />
+import { UriLocation } from '@jbrowse/core/util/types';
+import { HTTPBasicInternetAccountConfigModel } from './configSchema';
+import { Instance } from 'mobx-state-tree';
+declare const stateModelFactory: (configSchema: HTTPBasicInternetAccountConfigModel) => import("mobx-state-tree").IModelType<{
+    id: import("mobx-state-tree").IOptionalIType<import("mobx-state-tree").ISimpleType<string>, [undefined]>;
+    type: import("mobx-state-tree").ISimpleType<string>;
+} & {
+    type: import("mobx-state-tree").ISimpleType<"HTTPBasicInternetAccount">;
+    configuration: import("mobx-state-tree").ITypeUnion<any, any, any>;
+}, {
+    readonly name: string;
+    readonly description: string;
+    readonly internetAccountId: string;
+    readonly authHeader: string;
+    readonly tokenType: string;
+    readonly domains: string[];
+    readonly toggleContents: import("react").ReactNode;
+    readonly SelectorComponent: import("@jbrowse/core/util/types").AnyReactComponentType | undefined;
+    readonly selectorLabel: string | undefined;
+} & {
+    handlesLocation(location: UriLocation): boolean;
+    readonly tokenKey: string;
+} & {
+    getTokenFromUser(resolve: (token: string) => void, reject: (error: Error) => void): void;
+    storeToken(token: string): void;
+    removeToken(): void;
+    retrieveToken(): string | null;
+    validateToken(token: string, location: UriLocation): Promise<string>;
+} & {
+    getToken(location?: UriLocation | undefined): Promise<string>;
+} & {
+    addAuthHeaderToInit(init: RequestInit | undefined, token: string): {
+        headers: Headers;
+        body?: BodyInit | null | undefined;
+        cache?: RequestCache | undefined;
+        credentials?: RequestCredentials | undefined;
+        integrity?: string | undefined;
+        keepalive?: boolean | undefined;
+        method?: string | undefined;
+        mode?: RequestMode | undefined;
+        redirect?: RequestRedirect | undefined;
+        referrer?: string | undefined;
+        referrerPolicy?: ReferrerPolicy | undefined;
+        signal?: AbortSignal | null | undefined;
+        window?: null | undefined;
+    };
+    getPreAuthorizationInformation(location: UriLocation): Promise<{
+        internetAccountType: string;
+        authInfo: {
+            token: string;
+            configuration: any;
+        };
+    }>;
+} & {
+    getFetcher(location?: UriLocation | undefined): (input: RequestInfo, init?: RequestInit | undefined) => Promise<Response>;
+} & {
+    openLocation(location: UriLocation): import("@jbrowse/core/util/io").RemoteFileWithRangeCache;
+} & {
+    readonly validateWithHEAD: boolean;
+} & {
+    getTokenFromUser(resolve: (token: string) => void, reject: (error: Error) => void): void;
+    validateToken(token: string, location: UriLocation): Promise<string>;
+}, import("mobx-state-tree")._NotCustomized, import("mobx-state-tree")._NotCustomized>;
+export default stateModelFactory;
+export declare type HTTPBasicStateModel = ReturnType<typeof stateModelFactory>;
+export declare type HTTPBasicModel = Instance<HTTPBasicStateModel>;

package/dist/HTTPBasicModel/model.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const configuration_1 = require("@jbrowse/core/configuration");
+const models_1 = require("@jbrowse/core/pluggableElementTypes/models");
+const mobx_state_tree_1 = require("mobx-state-tree");
+const HTTPBasicLoginForm_1 = require("./HTTPBasicLoginForm");
+const stateModelFactory = (configSchema) => {
+    return models_1.InternetAccount.named('HTTPBasicInternetAccount')
+        .props({
+        type: mobx_state_tree_1.types.literal('HTTPBasicInternetAccount'),
+        configuration: (0, configuration_1.ConfigurationReference)(configSchema),
+    })
+        .views(self => ({
+        get validateWithHEAD() {
+            return (0, configuration_1.getConf)(self, 'validateWithHEAD');
+        },
+    }))
+        .actions(self => ({
+        getTokenFromUser(resolve, reject) {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const { session } = (0, mobx_state_tree_1.getRoot)(self);
+            session.queueDialog((doneCallback) => [
+                HTTPBasicLoginForm_1.HTTPBasicLoginForm,
+                {
+                    internetAccountId: self.internetAccountId,
+                    handleClose: (token) => {
+                        if (token) {
+                            resolve(token);
+                        }
+                        else {
+                            reject(new Error('user cancelled entry'));
+                        }
+                        doneCallback();
+                    },
+                },
+            ]);
+        },
+        async validateToken(token, location) {
+            if (!self.validateWithHEAD) {
+                return token;
+            }
+            const newInit = self.addAuthHeaderToInit({ method: 'HEAD' }, token);
+            const response = await fetch(location.uri, newInit);
+            if (!response.ok) {
+                let errorMessage;
+                try {
+                    errorMessage = await response.text();
+                }
+                catch (error) {
+                    errorMessage = '';
+                }
+                throw new Error(`Error validating token — ${response.status} (${response.statusText})${errorMessage ? ` (${errorMessage})` : ''}`);
+            }
+            return token;
+        },
+    }));
+};
+exports.default = stateModelFactory;
+//# sourceMappingURL=model.js.map

package/dist/HTTPBasicModel/model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"model.js","sourceRoot":"","sources":["../../src/HTTPBasicModel/model.tsx"],"names":[],"mappings":";;AAAA,+DAA6E;AAC7E,uEAA4E;AAG5E,qDAA0D;AAE1D,6DAAyD;AAEzD,MAAM,iBAAiB,GAAG,CACxB,YAAiD,EACjD,EAAE;IACF,OAAO,wBAAe,CAAC,KAAK,CAAC,0BAA0B,CAAC;SACrD,KAAK,CAAC;QACL,IAAI,EAAE,uBAAK,CAAC,OAAO,CAAC,0BAA0B,CAAC;QAC/C,aAAa,EAAE,IAAA,sCAAsB,EAAC,YAAY,CAAC;KACpD,CAAC;SACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACd,IAAI,gBAAgB;YAClB,OAAO,IAAA,uBAAO,EAAC,IAAI,EAAE,kBAAkB,CAAC,CAAA;QAC1C,CAAC;KACF,CAAC,CAAC;SACF,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChB,gBAAgB,CACd,OAAgC,EAChC,MAA8B;YAE9B,8DAA8D;YAC9D,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,yBAAO,EAAM,IAAI,CAAC,CAAA;YACtC,OAAO,CAAC,WAAW,CAAC,CAAC,YAAwB,EAAE,EAAE,CAAC;gBAChD,uCAAkB;gBAClB;oBACE,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;oBACzC,WAAW,EAAE,CAAC,KAAa,EAAE,EAAE;wBAC7B,IAAI,KAAK,EAAE;4BACT,OAAO,CAAC,KAAK,CAAC,CAAA;yBACf;6BAAM;4BACL,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAA;yBAC1C;wBACD,YAAY,EAAE,CAAA;oBAChB,CAAC;iBACF;aACF,CAAC,CAAA;QACJ,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,QAAqB;YACtD,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;gBAC1B,OAAO,KAAK,CAAA;aACb;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,CAAA;YACnE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YACnD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;gBAChB,IAAI,YAAY,CAAA;gBAChB,IAAI;oBACF,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;iBACrC;gBAAC,OAAO,KAAK,EAAE;oBACd,YAAY,GAAG,EAAE,CAAA;iBAClB;gBACD,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,CAAC,MAAM,KACzC,QAAQ,CAAC,UACX,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,CAAA;aACF;YACD,OAAO,KAAK,CAAA;QACd,CAAC;KACF,CAAC,CAAC,CAAA;AACP,CAAC,CAAA;AAED,kBAAe,iBAAiB,CAAA"}

package/dist/OAuthModel/configSchema.d.ts

@@ -0,0 +1,5 @@
+import { Instance } from 'mobx-state-tree';
+declare const OAuthConfigSchema: import("@jbrowse/core/configuration").AnyConfigurationSchemaType;
+export declare type OAuthInternetAccountConfigModel = typeof OAuthConfigSchema;
+export declare type OAuthInternetAccountConfig = Instance<OAuthInternetAccountConfigModel>;
+export default OAuthConfigSchema;

package/dist/OAuthModel/configSchema.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const configuration_1 = require("@jbrowse/core/configuration");
+const models_1 = require("@jbrowse/core/pluggableElementTypes/models");
+/**
+ * #config OAuthInternetAccount
+ */
+function x() { } // eslint-disable-line @typescript-eslint/no-unused-vars
+const OAuthConfigSchema = (0, configuration_1.ConfigurationSchema)('OAuthInternetAccount', {
+    /**
+     * #slot
+     */
+    tokenType: {
+        description: 'a custom name for a token to include in the header',
+        type: 'string',
+        defaultValue: 'Bearer',
+    },
+    /**
+     * #slot
+     */
+    authEndpoint: {
+        description: 'the authorization code endpoint of the internet account',
+        type: 'string',
+        defaultValue: '',
+    },
+    /**
+     * #slot
+     */
+    tokenEndpoint: {
+        description: 'the token endpoint of the internet account',
+        type: 'string',
+        defaultValue: '',
+    },
+    /**
+     * #slot
+     */
+    needsPKCE: {
+        description: 'boolean to indicate if the endpoint needs a PKCE code',
+        type: 'boolean',
+        defaultValue: false,
+    },
+    /**
+     * #slot
+     */
+    clientId: {
+        description: 'id for the OAuth application',
+        type: 'string',
+        defaultValue: '',
+    },
+    /**
+     * #slot
+     */
+    scopes: {
+        description: 'optional scopes for the authorization call',
+        type: 'string',
+        defaultValue: '',
+    },
+    /**
+     * #slot
+     */
+    state: {
+        description: 'optional state for the authorization call',
+        type: 'string',
+        defaultValue: '',
+    },
+    /**
+     * #slot
+     */
+    responseType: {
+        description: 'the type of response from the authorization endpoint',
+        type: 'string',
+        defaultValue: 'code',
+    },
+    /**
+     * #slot
+     */
+    hasRefreshToken: {
+        description: 'true if the endpoint can supply a refresh token',
+        type: 'boolean',
+        defaultValue: false,
+    },
+}, {
+    /**
+     * #baseConfiguration
+     */
+    baseConfiguration: models_1.BaseInternetAccountConfig,
+    explicitlyTyped: true,
+});
+exports.default = OAuthConfigSchema;
+//# sourceMappingURL=configSchema.js.map

package/dist/OAuthModel/configSchema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configSchema.js","sourceRoot":"","sources":["../../src/OAuthModel/configSchema.ts"],"names":[],"mappings":";;AAAA,+DAAiE;AAEjE,uEAAsF;AAEtF;;GAEG;AACH,SAAS,CAAC,KAAI,CAAC,CAAC,wDAAwD;AAExE,MAAM,iBAAiB,GAAG,IAAA,mCAAmB,EAC3C,sBAAsB,EACtB;IACE;;OAEG;IACH,SAAS,EAAE;QACT,WAAW,EAAE,oDAAoD;QACjE,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,QAAQ;KACvB;IACD;;OAEG;IACH,YAAY,EAAE;QACZ,WAAW,EAAE,yDAAyD;QACtE,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,EAAE;KACjB;IACD;;OAEG;IACH,aAAa,EAAE;QACb,WAAW,EAAE,4CAA4C;QACzD,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,EAAE;KACjB;IACD;;OAEG;IACH,SAAS,EAAE;QACT,WAAW,EAAE,uDAAuD;QACpE,IAAI,EAAE,SAAS;QACf,YAAY,EAAE,KAAK;KACpB;IACD;;OAEG;IACH,QAAQ,EAAE;QACR,WAAW,EAAE,8BAA8B;QAC3C,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,EAAE;KACjB;IACD;;OAEG;IACH,MAAM,EAAE;QACN,WAAW,EAAE,4CAA4C;QACzD,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,EAAE;KACjB;IACD;;OAEG;IACH,KAAK,EAAE;QACL,WAAW,EAAE,2CAA2C;QACxD,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,EAAE;KACjB;IACD;;OAEG;IACH,YAAY,EAAE;QACZ,WAAW,EAAE,sDAAsD;QACnE,IAAI,EAAE,QAAQ;QACd,YAAY,EAAE,MAAM;KACrB;IACD;;OAEG;IACH,eAAe,EAAE;QACf,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,SAAS;QACf,YAAY,EAAE,KAAK;KACpB;CACF,EACD;IACE;;OAEG;IACH,iBAAiB,EAAE,kCAAyB;IAC5C,eAAe,EAAE,IAAI;CACtB,CACF,CAAA;AAKD,kBAAe,iBAAiB,CAAA"}

package/dist/OAuthModel/index.d.ts

@@ -0,0 +1,2 @@
+export { default as configSchema } from './configSchema';
+export { default as modelFactory } from './model';

package/dist/OAuthModel/index.js

@@ -0,0 +1,11 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.modelFactory = exports.configSchema = void 0;
+var configSchema_1 = require("./configSchema");
+Object.defineProperty(exports, "configSchema", { enumerable: true, get: function () { return __importDefault(configSchema_1).default; } });
+var model_1 = require("./model");
+Object.defineProperty(exports, "modelFactory", { enumerable: true, get: function () { return __importDefault(model_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/OAuthModel/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/OAuthModel/index.ts"],"names":[],"mappings":";;;;;;AAAA,+CAAwD;AAA/C,6HAAA,OAAO,OAAgB;AAChC,iCAAiD;AAAxC,sHAAA,OAAO,OAAgB"}

package/dist/OAuthModel/model.d.ts

@@ -0,0 +1,91 @@
+/// <reference types="react" />
+import { UriLocation } from '@jbrowse/core/util';
+import { Instance } from 'mobx-state-tree';
+import { OAuthInternetAccountConfigModel } from './configSchema';
+declare const stateModelFactory: (configSchema: OAuthInternetAccountConfigModel) => import("mobx-state-tree").IModelType<{
+    id: import("mobx-state-tree").IOptionalIType<import("mobx-state-tree").ISimpleType<string>, [undefined]>;
+    type: import("mobx-state-tree").ISimpleType<string>;
+} & {
+    type: import("mobx-state-tree").ISimpleType<"OAuthInternetAccount">;
+    configuration: import("mobx-state-tree").ITypeUnion<any, any, any>;
+}, {
+    readonly name: string;
+    readonly description: string;
+    readonly internetAccountId: string;
+    readonly authHeader: string;
+    readonly tokenType: string;
+    readonly domains: string[];
+    readonly toggleContents: import("react").ReactNode;
+    readonly SelectorComponent: import("@jbrowse/core/util").AnyReactComponentType | undefined;
+    readonly selectorLabel: string | undefined;
+} & {
+    handlesLocation(location: UriLocation): boolean;
+    readonly tokenKey: string;
+} & {
+    getTokenFromUser(resolve: (token: string) => void, reject: (error: Error) => void): void;
+    storeToken(token: string): void;
+    removeToken(): void;
+    retrieveToken(): string | null;
+    validateToken(token: string, location: UriLocation): Promise<string>;
+} & {
+    getToken(location?: UriLocation | undefined): Promise<string>;
+} & {
+    addAuthHeaderToInit(init: RequestInit | undefined, token: string): {
+        headers: Headers;
+        body?: BodyInit | null | undefined;
+        cache?: RequestCache | undefined;
+        credentials?: RequestCredentials | undefined;
+        integrity?: string | undefined;
+        keepalive?: boolean | undefined;
+        method?: string | undefined;
+        mode?: RequestMode | undefined;
+        redirect?: RequestRedirect | undefined;
+        referrer?: string | undefined;
+        referrerPolicy?: ReferrerPolicy | undefined;
+        signal?: AbortSignal | null | undefined;
+        window?: null | undefined;
+    };
+    getPreAuthorizationInformation(location: UriLocation): Promise<{
+        internetAccountType: string;
+        authInfo: {
+            token: string;
+            configuration: any;
+        };
+    }>;
+} & {
+    getFetcher(location?: UriLocation | undefined): (input: RequestInfo, init?: RequestInit | undefined) => Promise<Response>;
+} & {
+    openLocation(location: UriLocation): import("@jbrowse/core/util/io").RemoteFileWithRangeCache;
+} & {
+    readonly codeVerifierPKCE: string;
+} & {
+    readonly authEndpoint: string;
+    readonly tokenEndpoint: string;
+    readonly needsPKCE: boolean;
+    readonly clientId: string;
+    readonly scopes: string;
+    /**
+     * OAuth state parameter: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
+     * Can override or extend if dynamic state is needed.
+     */
+    state(): string | undefined;
+    readonly responseType: "code" | "token";
+    readonly hasRefreshToken: boolean;
+    readonly refreshTokenKey: string;
+} & {
+    storeRefreshToken(refreshToken: string): void;
+    removeRefreshToken(): void;
+    retrieveRefreshToken(): string | null;
+    exchangeAuthorizationForAccessToken(token: string, redirectUri: string): Promise<string>;
+    exchangeRefreshForAccessToken(refreshToken: string): Promise<string>;
+} & {
+    addMessageChannel(resolve: (token: string) => void, reject: (error: Error) => void): void;
+    deleteMessageChannel(): void;
+    finishOAuthWindow(event: MessageEvent, resolve: (token: string) => void, reject: (error: Error) => void): Promise<void>;
+    useEndpointForAuthorization(resolve: (token: string) => void, reject: (error: Error) => void): Promise<void>;
+    getTokenFromUser(resolve: (token: string) => void, reject: (error: Error) => void): Promise<void>;
+    validateToken(token: string, location: UriLocation): Promise<string>;
+}, import("mobx-state-tree")._NotCustomized, import("mobx-state-tree")._NotCustomized>;
+export default stateModelFactory;
+export declare type OAuthStateModel = ReturnType<typeof stateModelFactory>;
+export declare type OAuthModel = Instance<OAuthStateModel>;

package/dist/OAuthModel/model.js

@@ -0,0 +1,317 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const configuration_1 = require("@jbrowse/core/configuration");
+const models_1 = require("@jbrowse/core/pluggableElementTypes/models");
+const util_1 = require("@jbrowse/core/util");
+const mobx_state_tree_1 = require("mobx-state-tree");
+const jwt_decode_1 = __importDefault(require("jwt-decode"));
+function fixup(buf) {
+    return buf.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}
+function getGlobalObject() {
+    // Based on window-or-global
+    // https://github.com/purposeindustries/window-or-global/blob/322abc71de0010c9e5d9d0729df40959e1ef8775/lib/index.js
+    return (
+    // eslint-disable-next-line no-restricted-globals
+    (typeof self === 'object' && self.self === self && self) ||
+        (typeof global === 'object' && global.global === global && global) ||
+        // @ts-ignore
+        this);
+}
+const stateModelFactory = (configSchema) => {
+    return models_1.InternetAccount.named('OAuthInternetAccount')
+        .props({
+        type: mobx_state_tree_1.types.literal('OAuthInternetAccount'),
+        configuration: (0, configuration_1.ConfigurationReference)(configSchema),
+    })
+        .views(() => {
+        let codeVerifier = undefined;
+        return {
+            get codeVerifierPKCE() {
+                if (codeVerifier) {
+                    return codeVerifier;
+                }
+                const global = getGlobalObject();
+                const array = new Uint8Array(32);
+                global.crypto.getRandomValues(array);
+                codeVerifier = fixup(Buffer.from(array).toString('base64'));
+                return codeVerifier;
+            },
+        };
+    })
+        .views(self => ({
+        get authEndpoint() {
+            return (0, configuration_1.getConf)(self, 'authEndpoint');
+        },
+        get tokenEndpoint() {
+            return (0, configuration_1.getConf)(self, 'tokenEndpoint');
+        },
+        get needsPKCE() {
+            return (0, configuration_1.getConf)(self, 'needsPKCE');
+        },
+        get clientId() {
+            return (0, configuration_1.getConf)(self, 'clientId');
+        },
+        get scopes() {
+            return (0, configuration_1.getConf)(self, 'scopes');
+        },
+        /**
+         * OAuth state parameter: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
+         * Can override or extend if dynamic state is needed.
+         */
+        state() {
+            return (0, configuration_1.getConf)(self, 'state') || undefined;
+        },
+        get responseType() {
+            return (0, configuration_1.getConf)(self, 'responseType');
+        },
+        get hasRefreshToken() {
+            return (0, configuration_1.getConf)(self, 'hasRefreshToken');
+        },
+        get refreshTokenKey() {
+            return `${self.internetAccountId}-refreshToken`;
+        },
+    }))
+        .actions(self => ({
+        storeRefreshToken(refreshToken) {
+            localStorage.setItem(self.refreshTokenKey, refreshToken);
+        },
+        removeRefreshToken() {
+            localStorage.removeItem(self.refreshTokenKey);
+        },
+        retrieveRefreshToken() {
+            return localStorage.getItem(self.refreshTokenKey);
+        },
+        async exchangeAuthorizationForAccessToken(token, redirectUri) {
+            const data = {
+                code: token,
+                grant_type: 'authorization_code',
+                client_id: self.clientId,
+                code_verifier: self.codeVerifierPKCE,
+                redirect_uri: redirectUri,
+            };
+            const params = new URLSearchParams(Object.entries(data));
+            const response = await fetch(self.tokenEndpoint, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: params.toString(),
+            });
+            if (!response.ok) {
+                let errorMessage;
+                try {
+                    errorMessage = await response.text();
+                }
+                catch (error) {
+                    errorMessage = '';
+                }
+                throw new Error(`Failed to obtain token from endpoint: ${response.status} (${response.statusText})${errorMessage ? ` (${errorMessage})` : ''}`);
+            }
+            const accessToken = await response.json();
+            if (accessToken.refresh_token) {
+                this.storeRefreshToken(accessToken.refresh_token);
+            }
+            return accessToken.access_token;
+        },
+        async exchangeRefreshForAccessToken(refreshToken) {
+            var _a;
+            const data = {
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+                client_id: self.clientId,
+            };
+            const params = new URLSearchParams(Object.entries(data));
+            const response = await fetch(self.tokenEndpoint, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: params.toString(),
+            });
+            if (!response.ok) {
+                self.removeToken();
+                let text = await response.text();
+                try {
+                    const obj = JSON.parse(text);
+                    if (obj.error === 'invalid_grant') {
+                        this.removeRefreshToken();
+                    }
+                    text = (_a = obj === null || obj === void 0 ? void 0 : obj.error_description) !== null && _a !== void 0 ? _a : text;
+                }
+                catch (e) {
+                    /* just use original text as error */
+                }
+                throw new Error(`Network response failure — ${response.status} (${response.statusText}) ${text ? ` (${text})` : ''}`);
+            }
+            const accessToken = await response.json();
+            if (accessToken.refresh_token) {
+                this.storeRefreshToken(accessToken.refresh_token);
+            }
+            return accessToken.access_token;
+        },
+    }))
+        .actions(self => {
+        let listener;
+        let refreshTokenPromise = undefined;
+        return {
+            // used to listen to child window for auth code/token
+            addMessageChannel(resolve, reject) {
+                listener = event => {
+                    this.finishOAuthWindow(event, resolve, reject);
+                };
+                window.addEventListener('message', listener);
+            },
+            deleteMessageChannel() {
+                window.removeEventListener('message', listener);
+            },
+            async finishOAuthWindow(event, resolve, reject) {
+                if (event.data.name !== `JBrowseAuthWindow-${self.internetAccountId}`) {
+                    return this.deleteMessageChannel();
+                }
+                const redirectUriWithInfo = event.data.redirectUri;
+                const fixedQueryString = redirectUriWithInfo.replace('#', '?');
+                const redirectUrl = new URL(fixedQueryString);
+                const queryStringSearch = redirectUrl.search;
+                const urlParams = new URLSearchParams(queryStringSearch);
+                if (urlParams.has('access_token')) {
+                    const token = urlParams.get('access_token');
+                    if (!token) {
+                        return reject(new Error('Error with token endpoint'));
+                    }
+                    self.storeToken(token);
+                    return resolve(token);
+                }
+                if (urlParams.has('code')) {
+                    const code = urlParams.get('code');
+                    if (!code) {
+                        return reject(new Error('Error with authorization endpoint'));
+                    }
+                    try {
+                        const token = await self.exchangeAuthorizationForAccessToken(code, redirectUrl.origin + redirectUrl.pathname);
+                        self.storeToken(token);
+                        return resolve(token);
+                    }
+                    catch (error) {
+                        if (error instanceof Error) {
+                            return reject(error);
+                        }
+                        else {
+                            return reject(new Error(String(error)));
+                        }
+                    }
+                }
+                if (redirectUriWithInfo.includes('access_denied')) {
+                    return reject(new Error('OAuth flow was cancelled'));
+                }
+                if (redirectUriWithInfo.includes('error')) {
+                    return reject(new Error('Oauth flow error: ' + queryStringSearch));
+                }
+                this.deleteMessageChannel();
+            },
+            // opens external OAuth flow, popup for web and new browser window for desktop
+            async useEndpointForAuthorization(resolve, reject) {
+                const redirectUri = util_1.isElectron
+                    ? 'http://localhost/auth'
+                    : window.location.origin + window.location.pathname;
+                const data = {
+                    client_id: self.clientId,
+                    redirect_uri: redirectUri,
+                    response_type: self.responseType || 'code',
+                };
+                if (self.state()) {
+                    data.state = self.state();
+                }
+                if (self.scopes) {
+                    data.scope = self.scopes;
+                }
+                if (self.needsPKCE) {
+                    const { codeVerifierPKCE } = self;
+                    const sha256 = await Promise.resolve().then(() => __importStar(require('crypto-js/sha256'))).then(f => f.default);
+                    const Base64 = await Promise.resolve().then(() => __importStar(require('crypto-js/enc-base64')));
+                    const codeChallenge = fixup(Base64.stringify(sha256(codeVerifierPKCE)));
+                    data.code_challenge = codeChallenge;
+                    data.code_challenge_method = 'S256';
+                }
+                if (self.hasRefreshToken) {
+                    data.token_access_type = 'offline';
+                }
+                const params = new URLSearchParams(Object.entries(data));
+                const url = new URL(self.authEndpoint);
+                url.search = params.toString();
+                const eventName = `JBrowseAuthWindow-${self.internetAccountId}`;
+                if (util_1.isElectron) {
+                    const { ipcRenderer } = window.require('electron');
+                    const redirectUri = await ipcRenderer.invoke('openAuthWindow', {
+                        internetAccountId: self.internetAccountId,
+                        data,
+                        url: url.toString(),
+                    });
+                    const eventFromDesktop = new MessageEvent('message', {
+                        data: { name: eventName, redirectUri: redirectUri },
+                    });
+                    this.finishOAuthWindow(eventFromDesktop, resolve, reject);
+                }
+                else {
+                    const options = `width=500,height=600,left=0,top=0`;
+                    window.open(url, eventName, options);
+                }
+            },
+            async getTokenFromUser(resolve, reject) {
+                const refreshToken = self.hasRefreshToken && self.retrieveRefreshToken();
+                if (refreshToken) {
+                    resolve(await self.exchangeRefreshForAccessToken(refreshToken));
+                }
+                this.addMessageChannel(resolve, reject);
+                this.useEndpointForAuthorization(resolve, reject);
+            },
+            async validateToken(token, location) {
+                const decoded = (0, jwt_decode_1.default)(token);
+                if (decoded.exp && decoded.exp < new Date().getTime() / 1000) {
+                    const refreshToken = self.hasRefreshToken && self.retrieveRefreshToken();
+                    if (refreshToken) {
+                        try {
+                            if (!refreshTokenPromise) {
+                                refreshTokenPromise =
+                                    self.exchangeRefreshForAccessToken(refreshToken);
+                            }
+                            const newToken = await refreshTokenPromise;
+                            return this.validateToken(newToken, location);
+                        }
+                        catch (err) {
+                            throw new Error(`Token could not be refreshed. ${err}`);
+                        }
+                    }
+                }
+                else {
+                    refreshTokenPromise = undefined;
+                }
+                return token;
+            },
+        };
+    });
+};
+exports.default = stateModelFactory;
+//# sourceMappingURL=model.js.map