@junobuild/auth 2.1.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/dist/browser/_constants.js +1 -1
  2. package/dist/browser/_context.js +1 -1
  3. package/dist/browser/_session.js +1 -1
  4. package/dist/browser/authenticate.js +1 -1
  5. package/dist/browser/{chunk-PIJCHIUI.js → chunk-FVWXAETP.js} +2 -2
  6. package/dist/browser/chunk-TFUQURYA.js +2 -0
  7. package/dist/browser/chunk-TFUQURYA.js.map +7 -0
  8. package/dist/browser/chunk-TUWQPO6Z.js +2 -0
  9. package/dist/browser/chunk-TUWQPO6Z.js.map +7 -0
  10. package/dist/browser/chunk-VL5VEK6Q.js +2 -0
  11. package/dist/browser/chunk-VL5VEK6Q.js.map +7 -0
  12. package/dist/browser/chunk-YFE7TMHK.js +2 -0
  13. package/dist/browser/{chunk-2BORB4XM.js.map → chunk-YFE7TMHK.js.map} +3 -3
  14. package/dist/browser/chunk-Z5IIWCGH.js +2 -0
  15. package/dist/browser/chunk-Z5IIWCGH.js.map +7 -0
  16. package/dist/browser/chunk-ZTS76UPF.js +2 -0
  17. package/dist/browser/chunk-ZTS76UPF.js.map +7 -0
  18. package/dist/browser/errors.js +1 -1
  19. package/dist/browser/index.js +1 -1
  20. package/dist/browser/index.js.map +1 -1
  21. package/dist/browser/request.js +1 -1
  22. package/dist/node/index.mjs +1 -1
  23. package/dist/node/index.mjs.map +4 -4
  24. package/dist/types/_constants.d.ts +2 -0
  25. package/dist/types/_context.d.ts +5 -1
  26. package/dist/types/errors.d.ts +6 -0
  27. package/dist/types/index.d.ts +5 -0
  28. package/dist/types/providers/github/_api.d.ts +22 -0
  29. package/dist/types/providers/github/_context.d.ts +5 -0
  30. package/dist/types/providers/github/_openid.d.ts +2 -0
  31. package/dist/types/providers/github/authenticate.d.ts +8 -0
  32. package/dist/types/providers/github/types/authenticate.d.ts +2 -0
  33. package/dist/types/providers/github/types/openid.d.ts +5 -0
  34. package/dist/types/providers/github/types/provider.d.ts +7 -0
  35. package/dist/types/providers/github/types/request.d.ts +7 -0
  36. package/dist/types/providers/google/_context.d.ts +4 -0
  37. package/dist/types/{_openid.d.ts → providers/google/_openid.d.ts} +3 -3
  38. package/dist/types/providers/google/authenticate.d.ts +6 -0
  39. package/dist/types/providers/google/types/authenticate.d.ts +3 -0
  40. package/dist/types/providers/google/types/openid.d.ts +10 -0
  41. package/dist/types/providers/google/types/request.d.ts +16 -0
  42. package/dist/types/request.d.ts +7 -3
  43. package/dist/types/types/authenticate.d.ts +13 -7
  44. package/dist/types/types/request.d.ts +0 -15
  45. package/dist/types/utils/url.utils.d.ts +3 -0
  46. package/package.json +1 -1
  47. package/dist/browser/_openid.js +0 -2
  48. package/dist/browser/_openid.js.map +0 -7
  49. package/dist/browser/chunk-2BORB4XM.js +0 -2
  50. package/dist/browser/chunk-AO3TH3FT.js +0 -2
  51. package/dist/browser/chunk-AO3TH3FT.js.map +0 -7
  52. package/dist/browser/chunk-HE7SWFN4.js +0 -2
  53. package/dist/browser/chunk-HE7SWFN4.js.map +0 -7
  54. package/dist/browser/chunk-JYGIWWOR.js +0 -2
  55. package/dist/browser/chunk-JYGIWWOR.js.map +0 -7
  56. package/dist/browser/chunk-VYICNPPG.js +0 -2
  57. package/dist/browser/chunk-VYICNPPG.js.map +0 -7
  58. package/dist/browser/chunk-ZSWBJ7CY.js +0 -2
  59. package/dist/browser/chunk-ZSWBJ7CY.js.map +0 -7
  60. package/dist/types/types/openid.d.ts +0 -10
  61. /package/dist/browser/{chunk-PIJCHIUI.js.map → chunk-FVWXAETP.js.map} +0 -0
package/dist/browser/_constants.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a,b}from"./chunk-VYICNPPG.js";export{a as CONTEXT_KEY,b as GOOGLE_PROVIDER};
1
+ import{a,b,c}from"./chunk-TFUQURYA.js";export{a as CONTEXT_KEY,c as GITHUB_PROVIDER,b as GOOGLE_PROVIDER};
2
2
  //# sourceMappingURL=_constants.js.map
package/dist/browser/_context.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a,b}from"./chunk-HE7SWFN4.js";import"./chunk-VYICNPPG.js";import"./chunk-2BORB4XM.js";export{a as initContext,b as loadContext};
1
+ import{c as a,d as b}from"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as initContext,b as loadContext};
2
2
  //# sourceMappingURL=_context.js.map
package/dist/browser/_session.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a}from"./chunk-PIJCHIUI.js";import"./chunk-2BORB4XM.js";export{a as authenticateSession};
1
+ import{a}from"./chunk-FVWXAETP.js";import"./chunk-YFE7TMHK.js";export{a as authenticateSession};
2
2
  //# sourceMappingURL=_session.js.map
package/dist/browser/authenticate.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a}from"./chunk-JYGIWWOR.js";import"./chunk-PIJCHIUI.js";import"./chunk-HE7SWFN4.js";import"./chunk-VYICNPPG.js";import"./chunk-2BORB4XM.js";export{a as authenticate};
1
+ import{a}from"./chunk-VL5VEK6Q.js";import"./chunk-FVWXAETP.js";import"./chunk-Z5IIWCGH.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as authenticate};
2
2
  //# sourceMappingURL=authenticate.js.map
package/dist/browser/{chunk-PIJCHIUI.js → chunk-FVWXAETP.js} RENAMED
@@ -1,2 +1,2 @@
1
- import{e as m,i as A,j as y}from"./chunk-2BORB4XM.js";import{fromNullable as G}from"@dfinity/utils";import{Delegation as E,ECDSAKeyIdentity as k}from"@icp-sdk/core/identity";import{getConsoleActor as P,getSatelliteActor as S}from"@junobuild/ic-client/actor";var l=({auth:t,identity:e})=>"satellite"in t?S({...t.satellite,identity:e}):P({...t.console,identity:e});var p=async({actorParams:t,args:e})=>{let{authenticate:n}=await l(t);return await n(e)},d=async({actorParams:t,args:e})=>{let{get_delegation:n}=await l(t);return await n(e)};import{DelegationChain as C,DelegationIdentity as I}from"@icp-sdk/core/identity";var h=({delegations:t,sessionKey:e})=>{let[n,i]=t,o=C.fromDelegations(i,Uint8Array.from(n));return{identity:I.fromDelegation(e,o),delegationChain:o,sessionKey:e}};var F=async({jwt:t,context:e,auth:n})=>{let i=await k.generate({extractable:!1}),o=new Uint8Array(i.getPublicKey().toDer()),{delegations:a,data:g}=await K({jwt:t,publicKey:o,context:e,auth:n});return{identity:h({sessionKey:i,delegations:a}),data:g}},K=async({jwt:t,publicKey:e,context:{caller:n,salt:i},auth:o})=>{let a=await p({args:{OpenId:{jwt:t,session_key:e,salt:i}},actorParams:{auth:o,identity:n}});if("Err"in a)throw new m("Authentication failed",{cause:a});let{delegation:{user_key:g,expiration:r},...u}=a.Ok,s=await b({jwt:t,context:{caller:n,salt:i},auth:o,publicKey:e,expiration:r}),{delegation:c,signature:D}=s,{pubkey:f,expiration:x,targets:w}=c;return{delegations:[g,[{delegation:new E(Uint8Array.from(f),x,G(w)),signature:Uint8Array.from(D)}]],data:u}},b=async({jwt:t,publicKey:e,context:{salt:n,caller:i},auth:o,expiration:a,maxRetries:g=5})=>{for(let r=0;r<g;r++){await new Promise(c=>{setInterval(c,1e3*r)});let s=await d({args:{OpenId:{jwt:t,session_key:e,salt:n,expiration:a}},actorParams:{auth:o,identity:i}});if("Err"in s){let{Err:c}=s;if("NoSuchDelegation"in c||"GetCachedJwks"in c)continue;throw new A("Getting delegation failed",{cause:s})}return s.Ok}throw new y};export{F as a};
2
- //# sourceMappingURL=chunk-PIJCHIUI.js.map
1
+ import{e as m,i as A,j as y}from"./chunk-YFE7TMHK.js";import{fromNullable as G}from"@dfinity/utils";import{Delegation as E,ECDSAKeyIdentity as k}from"@icp-sdk/core/identity";import{getConsoleActor as P,getSatelliteActor as S}from"@junobuild/ic-client/actor";var l=({auth:t,identity:e})=>"satellite"in t?S({...t.satellite,identity:e}):P({...t.console,identity:e});var p=async({actorParams:t,args:e})=>{let{authenticate:n}=await l(t);return await n(e)},d=async({actorParams:t,args:e})=>{let{get_delegation:n}=await l(t);return await n(e)};import{DelegationChain as C,DelegationIdentity as I}from"@icp-sdk/core/identity";var h=({delegations:t,sessionKey:e})=>{let[n,i]=t,o=C.fromDelegations(i,Uint8Array.from(n));return{identity:I.fromDelegation(e,o),delegationChain:o,sessionKey:e}};var F=async({jwt:t,context:e,auth:n})=>{let i=await k.generate({extractable:!1}),o=new Uint8Array(i.getPublicKey().toDer()),{delegations:a,data:g}=await K({jwt:t,publicKey:o,context:e,auth:n});return{identity:h({sessionKey:i,delegations:a}),data:g}},K=async({jwt:t,publicKey:e,context:{caller:n,salt:i},auth:o})=>{let a=await p({args:{OpenId:{jwt:t,session_key:e,salt:i}},actorParams:{auth:o,identity:n}});if("Err"in a)throw new m("Authentication failed",{cause:a});let{delegation:{user_key:g,expiration:r},...u}=a.Ok,s=await b({jwt:t,context:{caller:n,salt:i},auth:o,publicKey:e,expiration:r}),{delegation:c,signature:D}=s,{pubkey:f,expiration:x,targets:w}=c;return{delegations:[g,[{delegation:new E(Uint8Array.from(f),x,G(w)),signature:Uint8Array.from(D)}]],data:u}},b=async({jwt:t,publicKey:e,context:{salt:n,caller:i},auth:o,expiration:a,maxRetries:g=5})=>{for(let r=0;r<g;r++){await new Promise(c=>{setInterval(c,1e3*r)});let s=await d({args:{OpenId:{jwt:t,session_key:e,salt:n,expiration:a}},actorParams:{auth:o,identity:i}});if("Err"in s){let{Err:c}=s;if("NoSuchDelegation"in c||"GetCachedJwks"in c)continue;throw new A("Getting delegation failed",{cause:s})}return s.Ok}throw new y};export{F as a};
2
+ //# sourceMappingURL=chunk-FVWXAETP.js.map
package/dist/browser/chunk-TFUQURYA.js ADDED
@@ -0,0 +1,2 @@
1
+ var t="juno:auth:openid",i={authUrl:"https://accounts.google.com/o/oauth2/v2/auth",authScopes:["openid","profile","email"],configUrl:"https://accounts.google.com/gsi/fedcm.json"},o={authUrl:"https://github.com/login/oauth/authorize",authScopes:["read:user","user:email"],initUrl:"https://api.juno.build/v1/auth/init/github",finalizeUrl:"https://api.juno.build/v1/auth/finalize/github"};export{t as a,i as b,o as c};
2
+ //# sourceMappingURL=chunk-TFUQURYA.js.map
package/dist/browser/chunk-TFUQURYA.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/_constants.ts"],
4
+ "sourcesContent": ["import type {OpenIdGitHubProvider} from './providers/github/types/provider';\nimport type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n authScopes: ['openid', 'profile', 'email'],\n configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n\nexport const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://github.com/login/oauth/authorize',\n authScopes: ['read:user', 'user:email'],\n initUrl: 'https://api.juno.build/v1/auth/init/github',\n finalizeUrl: 'https://api.juno.build/v1/auth/finalize/github'\n};\n"],
5
+ "mappings": "AAGO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,EAEaC,EAA0E,CACrF,QAAS,2CACT,WAAY,CAAC,YAAa,YAAY,EACtC,QAAS,6CACT,YAAa,gDACf",
6
+ "names": ["CONTEXT_KEY", "GOOGLE_PROVIDER", "GITHUB_PROVIDER"]
7
+ }
package/dist/browser/chunk-TUWQPO6Z.js ADDED
@@ -0,0 +1,2 @@
1
+ import{a as s}from"./chunk-TFUQURYA.js";import{a,b as i}from"./chunk-YFE7TMHK.js";import{isNullish as N}from"@dfinity/utils";import{Ed25519KeyIdentity as h}from"@icp-sdk/core/identity";import{arrayBufferToUint8Array as x}from"@dfinity/utils";import{uint8ArrayToBase64 as g}from"@dfinity/utils";var c=t=>g(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""),O=({url:t})=>{try{return new URL(t)}catch{throw new a("Cannot parse authURL",{cause:t})}};var S=()=>window.crypto.getRandomValues(new Uint8Array(32)),u=async({salt:t,caller:e})=>{let n=e.getPrincipal().toUint8Array(),o=new Uint8Array(t.length+n.byteLength);o.set(t),o.set(n,t.length);let r=await window.crypto.subtle.digest("SHA-256",o);return c(x(r))},p=async({caller:t})=>{let e=S();return{nonce:await u({salt:e,caller:t}),salt:e}};import{base64ToUint8Array as C,uint8ArrayToBase64 as A}from"@dfinity/utils";import{Ed25519KeyIdentity as E}from"@icp-sdk/core/identity";var y="__caller__",m="__salt__",l="__state__",d=({caller:t,state:e,salt:n})=>{let o={[y]:t.toJSON(),[m]:A(n),[l]:e};return JSON.stringify(o)},_=t=>{let{[y]:e,[m]:n,[l]:o}=JSON.parse(t);return{caller:E.fromParsedJson(e),salt:C(n),state:o}};var D=async({generateState:t})=>{let e=h.generate(),{nonce:n,salt:o}=await p({caller:e}),r=await t({nonce:n}),f=d({caller:e,salt:o,state:r});return sessionStorage.setItem(s,f),{nonce:n,state:r}},H=()=>{let t=sessionStorage.getItem(s);if(N(t))throw new i;return _(t)};export{c as a,O as b,D as c,H as d};
2
+ //# sourceMappingURL=chunk-TUWQPO6Z.js.map
package/dist/browser/chunk-TUWQPO6Z.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/_context.ts", "../../src/utils/auth.utils.ts", "../../src/utils/url.utils.ts", "../../src/utils/session-storage.utils.ts"],
4
+ "sourcesContent": ["import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\n\nexport const initContext = async ({\n generateState\n}: {\n generateState: (params: {nonce: Nonce}) => Promise<string>;\n}): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n const caller = Ed25519KeyIdentity.generate();\n const {nonce, salt} = await generateNonce({caller});\n\n const state = await generateState({nonce});\n\n const storedData = stringifyContext({\n caller,\n salt,\n state\n });\n\n sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n return {\n nonce,\n state\n };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n if (isNullish(storedContext)) {\n throw new ContextUndefinedError();\n }\n\n return parseContext(storedContext);\n};\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n const principal = caller.getPrincipal().toUint8Array();\n\n const bytes = new Uint8Array(salt.length + principal.byteLength);\n bytes.set(salt);\n bytes.set(principal, salt.length);\n\n const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n caller\n}: {\n caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n const salt = generateSalt();\n const nonce = await buildNonce({salt, caller});\n\n return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {InvalidUrlError} from '../errors';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\nexport const parseUrl = ({url}: {url: string}): URL => {\n try {\n // Use the URL constructor, for backwards compatibility with older Android/WebView.\n return new URL(url);\n } catch (_error: unknown) {\n throw new InvalidUrlError('Cannot parse authURL', {cause: url});\n }\n};\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n [JSON_KEY_SALT]: string;\n [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n const data: StoredContext = {\n [JSON_KEY_CALLER]: caller.toJSON(),\n [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n [JSON_KEY_STATE]: state\n };\n\n return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n const {\n [JSON_KEY_CALLER]: jsonCaller,\n [JSON_KEY_SALT]: jsonSalt,\n [JSON_KEY_STATE]: state\n }: StoredContext = JSON.parse(jsonData);\n\n return {\n caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n salt: base64ToUint8Array(jsonSalt),\n state\n };\n};\n"],
5
+ "mappings": "kFAAA,OAAQ,aAAAA,MAAgB,iBACxB,OAAQ,sBAAAC,MAAyB,yBCDjC,OAAQ,2BAAAC,MAA8B,iBCAtC,OAAQ,sBAAAC,MAAyB,iBAK1B,IAAMC,EAAeC,GAC1BC,EAAmBD,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EAE7EE,EAAW,CAAC,CAAC,IAAAC,CAAG,IAA0B,CACrD,GAAI,CAEF,OAAO,IAAI,IAAIA,CAAG,CACpB,MAA0B,CACxB,MAAM,IAAIC,EAAgB,uBAAwB,CAAC,MAAOD,CAAG,CAAC,CAChE,CACF,EDVA,IAAME,EAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,EAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,EAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,EAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,EAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,EAAoB,sBAAAC,MAAyB,iBACrD,OAAQ,sBAAAC,MAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,EAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,EAAmB,eAAeW,CAAU,EACpD,KAAMb,EAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EH3BO,IAAMO,EAAc,MAAO,CAChC,cAAAC,CACF,IAEkE,CAChE,IAAMC,EAASC,EAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAE5CK,EAAQ,MAAMN,EAAc,CAAC,MAAAG,CAAK,CAAC,EAEnCI,EAAaC,EAAiB,CAClC,OAAAP,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQG,EAAaF,CAAU,EAEvC,CACL,MAAAJ,EACA,MAAAG,CACF,CACF,EAEaI,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,EAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC",
6
+ "names": ["isNullish", "Ed25519KeyIdentity", "arrayBufferToUint8Array", "uint8ArrayToBase64", "toBase64URL", "uint8Array", "uint8ArrayToBase64", "parseUrl", "url", "InvalidUrlError", "generateSalt", "buildNonce", "salt", "caller", "principal", "bytes", "hash", "toBase64URL", "arrayBufferToUint8Array", "generateNonce", "base64ToUint8Array", "uint8ArrayToBase64", "Ed25519KeyIdentity", "JSON_KEY_CALLER", "JSON_KEY_SALT", "JSON_KEY_STATE", "stringifyContext", "caller", "state", "salt", "data", "parseContext", "jsonData", "jsonCaller", "jsonSalt", "initContext", "generateState", "caller", "Ed25519KeyIdentity", "nonce", "salt", "generateNonce", "state", "storedData", "stringifyContext", "CONTEXT_KEY", "loadContext", "storedContext", "isNullish", "ContextUndefinedError", "parseContext"]
7
+ }
package/dist/browser/chunk-VL5VEK6Q.js ADDED
@@ -0,0 +1,2 @@
1
+ import{a}from"./chunk-FVWXAETP.js";import{b as w}from"./chunk-Z5IIWCGH.js";import{d as A}from"./chunk-TUWQPO6Z.js";import{c as d}from"./chunk-TFUQURYA.js";import{f as p,g as f,h as c}from"./chunk-YFE7TMHK.js";import{isEmptyString as P}from"@dfinity/utils";var l=async({auth:o,context:i,redirect:{finalizeUrl:t}})=>{let{location:{search:r}}=window,e=new URLSearchParams(r),n=e.get("code"),s=e.get("state"),h=await w({url:t,body:{code:n,state:s}});if("error"in h)throw h.error;let{success:{token:m}}=h;if(P(m))throw new c;return await a({jwt:m,auth:o,context:i})};import{isEmptyString as u}from"@dfinity/utils";var y=async({auth:o,context:i})=>{let{location:{hash:t}}=window;if(u(t)||!t.startsWith("#"))throw new p("No hash found in the current location URL");let r=new URLSearchParams(t.slice(1)),e=r.get("state"),n=r.get("id_token"),{state:s}=i;if(u(s)||e!==s)throw new f("The provided state is invalid",{cause:e});if(u(n))throw new c;return await a({jwt:n,auth:o,context:i})};var k=async o=>{let i=A();if("github"in o){let{github:{redirect:r,auth:e}}=o,{finalizeUrl:n}=d;return await l({redirect:r??{finalizeUrl:n},auth:e,context:i})}let{google:t}=o;if("credentials"in t){let{credentials:{jwt:r},auth:e}=t;return await a({jwt:r,context:i,auth:e})}return await y({...t,context:i})};export{k as a};
2
+ //# sourceMappingURL=chunk-VL5VEK6Q.js.map
package/dist/browser/chunk-VL5VEK6Q.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/providers/github/authenticate.ts", "../../src/providers/google/authenticate.ts", "../../src/authenticate.ts"],
4
+ "sourcesContent": ["import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {AuthenticationUndefinedJwtError} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\nimport {finalizeOAuth} from './_api';\nimport type {AuthenticationGitHubRedirect} from './types/authenticate';\n\nexport const authenticateGitHubWithRedirect = async <T extends AuthParameters>({\n auth,\n context,\n redirect: {finalizeUrl}\n}: {\n auth: AuthParameters;\n context: Omit<OpenIdAuthContext, 'state'>;\n redirect: AuthenticationGitHubRedirect;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {search}\n } = window;\n\n const urlParams = new URLSearchParams(search);\n const code = urlParams.get('code');\n const state = urlParams.get('state');\n\n const result = await finalizeOAuth({\n url: finalizeUrl,\n body: {code, state}\n });\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {token: idToken}\n } = result;\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {\n AuthenticationInvalidStateError,\n AuthenticationUndefinedJwtError,\n AuthenticationUrlHashError\n} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\n\nexport const authenticateGoogleWithRedirect = async <T extends AuthParameters>({\n auth,\n context\n}: {\n auth: AuthParameters;\n context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {hash}\n } = window;\n\n if (isEmptyString(hash) || !hash.startsWith('#')) {\n throw new AuthenticationUrlHashError('No hash found in the current location URL');\n }\n\n const params = new URLSearchParams(hash.slice(1));\n const state = params.get('state');\n const idToken = params.get('id_token');\n\n const {state: savedState} = context;\n\n if (isEmptyString(savedState) || state !== savedState) {\n throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n }\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {GITHUB_PROVIDER} from './_constants';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {authenticateGitHubWithRedirect} from './providers/github/authenticate';\nimport {authenticateGoogleWithRedirect} from './providers/google/authenticate';\nimport type {\n AuthenticatedSession,\n AuthenticationParams,\n AuthParameters\n} from './types/authenticate';\n\nexport const authenticate = async <T extends AuthParameters>(\n params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n const context = loadContext();\n\n if ('github' in params) {\n const {\n github: {redirect, auth}\n } = params;\n\n const {finalizeUrl} = GITHUB_PROVIDER;\n\n return await authenticateGitHubWithRedirect<T>({\n redirect: redirect ?? {finalizeUrl},\n auth,\n context\n });\n }\n\n const {google} = params;\n\n if ('credentials' in google) {\n const {\n credentials: {jwt},\n auth\n } = google;\n\n return await authenticateSession({\n jwt,\n context,\n auth\n });\n }\n\n return await authenticateGoogleWithRedirect<T>({...google, context});\n};\n"],
5
+ "mappings": "iNAAA,OAAQ,iBAAAA,MAAoB,iBAQrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,EACA,SAAU,CAAC,YAAAC,CAAW,CACxB,IAIwC,CACtC,GAAM,CACJ,SAAU,CAAC,OAAAC,CAAM,CACnB,EAAI,OAEEC,EAAY,IAAI,gBAAgBD,CAAM,EACtCE,EAAOD,EAAU,IAAI,MAAM,EAC3BE,EAAQF,EAAU,IAAI,OAAO,EAE7BG,EAAS,MAAMC,EAAc,CACjC,IAAKN,EACL,KAAM,CAAC,KAAAG,EAAM,MAAAC,CAAK,CACpB,CAAC,EAED,GAAI,UAAWC,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAOE,CAAO,CAC1B,EAAIF,EAGJ,GAAIG,EAAcD,CAAO,EACvB,MAAM,IAAIE,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKH,EACL,KAAAT,EACA,QAAAC,CACF,CAAC,CACH,EChDA,OAAQ,iBAAAY,MAAoB,iBAUrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMC,EAAS,IAAI,gBAAgBH,EAAK,MAAM,CAAC,CAAC,EAC1CI,EAAQD,EAAO,IAAI,OAAO,EAC1BE,EAAUF,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOG,CAAU,EAAIP,EAE5B,GAAIE,EAAcK,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIH,EAAcI,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKJ,EACL,KAAAP,EACA,QAAAC,CACF,CAAC,CACH,EClCO,IAAMW,EAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,WAAYF,EAAQ,CACtB,GAAM,CACJ,OAAQ,CAAC,SAAAG,EAAU,KAAAC,CAAI,CACzB,EAAIJ,EAEE,CAAC,YAAAK,CAAW,EAAIC,EAEtB,OAAO,MAAMC,EAAkC,CAC7C,SAAUJ,GAAY,CAAC,YAAAE,CAAW,EAClC,KAAAD,EACA,QAAAH,CACF,CAAC,CACH,CAEA,GAAM,CAAC,OAAAO,CAAM,EAAIR,EAEjB,GAAI,gBAAiBQ,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAC,CAAG,EACjB,KAAAL,CACF,EAAII,EAEJ,OAAO,MAAME,EAAoB,CAC/B,IAAAD,EACA,QAAAR,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAMO,EAAkC,CAAC,GAAGH,EAAQ,QAAAP,CAAO,CAAC,CACrE",
6
+ "names": ["isEmptyString", "authenticateGitHubWithRedirect", "auth", "context", "finalizeUrl", "search", "urlParams", "code", "state", "result", "finalizeOAuth", "idToken", "isEmptyString", "AuthenticationUndefinedJwtError", "authenticateSession", "isEmptyString", "authenticateGoogleWithRedirect", "auth", "context", "hash", "isEmptyString", "AuthenticationUrlHashError", "params", "state", "idToken", "savedState", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "authenticateSession", "authenticate", "params", "context", "loadContext", "redirect", "auth", "finalizeUrl", "GITHUB_PROVIDER", "authenticateGitHubWithRedirect", "google", "jwt", "authenticateSession", "authenticateGoogleWithRedirect"]
7
+ }
package/dist/browser/chunk-YFE7TMHK.js ADDED
@@ -0,0 +1,2 @@
1
+ var r=class extends Error{},o=class extends Error{},p=class extends Error{},c=class extends Error{},e=class extends Error{},l=class extends Error{},t=class extends Error{},a=class extends Error{},O=class extends Error{},u=class extends Error{},E=class extends Error{constructor(x){super("GitHub OAuth initialization failed",x)}},z=class extends Error{constructor(x){super("GitHub OAuth finalization failed",x)}};export{r as a,o as b,p as c,c as d,e,l as f,t as g,a as h,O as i,u as j,E as k,z as l};
2
+ //# sourceMappingURL=chunk-YFE7TMHK.js.map
package/dist/browser/{chunk-2BORB4XM.js.map → chunk-YFE7TMHK.js.map} RENAMED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/errors.ts"],
4
- "sourcesContent": ["export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n"],
5
- "mappings": "AAAO,IAAMA,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC",
6
- "names": ["InvalidUrlError", "ContextUndefinedError", "FedCMIdentityCredentialUndefinedError", "FedCMIdentityCredentialInvalidError", "AuthenticationError", "AuthenticationUrlHashError", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "GetDelegationError", "GetDelegationRetryError"]
4
+ "sourcesContent": ["export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n\nexport class ApiGitHubInitError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth initialization failed', options);\n }\n}\n\nexport class ApiGitHubFinalizeError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth finalization failed', options);\n }\n}\n"],
5
+ "mappings": "AAAO,IAAMA,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,EAEvCC,EAAN,cAAiC,KAAM,CAC5C,YAAYC,EAAwB,CAClC,MAAM,qCAAsCA,CAAO,CACrD,CACF,EAEaC,EAAN,cAAqC,KAAM,CAChD,YAAYD,EAAwB,CAClC,MAAM,mCAAoCA,CAAO,CACnD,CACF",
6
+ "names": ["InvalidUrlError", "ContextUndefinedError", "FedCMIdentityCredentialUndefinedError", "FedCMIdentityCredentialInvalidError", "AuthenticationError", "AuthenticationUrlHashError", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "GetDelegationError", "GetDelegationRetryError", "ApiGitHubInitError", "options", "ApiGitHubFinalizeError"]
7
7
  }
package/dist/browser/chunk-Z5IIWCGH.js ADDED
@@ -0,0 +1,2 @@
1
+ import{k as e,l as o}from"./chunk-YFE7TMHK.js";var i=async({url:t})=>{try{let r=await fetch(t,{credentials:"include"});return r.ok?await r.json():{error:new Error(`Failed to fetch ${t} (${r.status})`)}}catch(r){return{error:new e({cause:r})}}},a=async({url:t,body:r})=>{try{let n=await fetch(t,{method:"POST",credentials:"include",headers:{"Content-Type":"application/json"},body:JSON.stringify(r)});return n.ok?await n.json():{error:new Error(`Failed to fetch ${t} (${n.status})`)}}catch(n){return{error:new o({cause:n})}}};export{i as a,a as b};
2
+ //# sourceMappingURL=chunk-Z5IIWCGH.js.map
package/dist/browser/chunk-Z5IIWCGH.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/providers/github/_api.ts"],
4
+ "sourcesContent": ["import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n url\n}: {\n url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n credentials: 'include'\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n return await result.json();\n } catch (error: unknown) {\n return {error: new ApiGitHubInitError({cause: error})};\n }\n};\n\nexport const finalizeOAuth = async ({\n url,\n body\n}: {\n url: string;\n body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n method: 'POST',\n credentials: 'include',\n headers: {'Content-Type': 'application/json'},\n body: JSON.stringify(body)\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n return await result.json();\n } catch (error: unknown) {\n return {error: new ApiGitHubFinalizeError({cause: error})};\n }\n};\n"],
5
+ "mappings": "+CAEO,IAAMA,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF",
6
+ "names": ["initOAuth", "url", "result", "error", "ApiGitHubInitError", "finalizeOAuth", "body", "ApiGitHubFinalizeError"]
7
+ }
package/dist/browser/chunk-ZTS76UPF.js ADDED
@@ -0,0 +1,2 @@
1
+ import{a as R}from"./chunk-Z5IIWCGH.js";import{a as w,b as c,c as l}from"./chunk-TUWQPO6Z.js";import{b as m,c as d}from"./chunk-TFUQURYA.js";import{c as p,d as g}from"./chunk-YFE7TMHK.js";var h=({initUrl:r})=>async({nonce:o})=>{let i=c({url:r});i.searchParams.set("nonce",o);let s=await R({url:i.toString()});if("error"in s)throw s.error;let{success:{state:e}}=s;return e};var f=({authUrl:r,clientId:n,authScopes:o,state:i,redirectUrl:s})=>{let e=c({url:r});e.searchParams.set("client_id",n);let{location:{origin:a}}=window;e.searchParams.set("redirect_uri",s??a),e.searchParams.set("scope",o.join(" ")),e.searchParams.set("state",i),window.location.href=e.toString()};var q=()=>w(window.crypto.getRandomValues(new Uint8Array(12)));var P=async r=>q();import{isNullish as v,notEmptyString as x}from"@dfinity/utils";var y=({authUrl:r,clientId:n,nonce:o,loginHint:i,authScopes:s,state:e,redirectUrl:a})=>{let t=c({url:r});t.searchParams.set("client_id",n);let{location:{origin:u}}=window;t.searchParams.set("redirect_uri",a??u),t.searchParams.set("response_type","code id_token"),t.searchParams.set("scope",s.join(" ")),t.searchParams.set("state",e),t.searchParams.set("nonce",o),x(i)?t.searchParams.set("login_hint",i):t.searchParams.set("prompt","select_account"),window.location.href=t.toString()},G=async({configUrl:r,clientId:n,nonce:o,loginHint:i,domainHint:s})=>{let e=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:r,clientId:n,nonce:o,loginHint:i,domainHint:s}],mode:"active"},mediation:"required"});if(v(e))throw new p;let{type:a}=e;if(a!=="identity"||!("token"in e)||typeof e.token!="string")throw new g("Invalid credential received from FedCM API",{cause:e});let{token:t}=e;return{jwt:t}};async function Q(r){if("github"in r){let{github:a}=r,{redirect:t}=a,{initUrl:u,...J}=t,{authUrl:U,authScopes:b,initUrl:C}=d,S=await l({generateState:h({initUrl:u??C})});f({...J,...S,authUrl:U,authScopes:b});return}let n=await l({generateState:P}),{google:o}=r;if("credentials"in o){let{credentials:a}=o,{configUrl:t}=m;return await G({...a,...n,configUrl:t})}let{redirect:i}=o,{authUrl:s,authScopes:e}=m;y({...i,...n,authUrl:s,authScopes:e})}export{Q as a};
2
+ //# sourceMappingURL=chunk-ZTS76UPF.js.map
package/dist/browser/chunk-ZTS76UPF.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts"],
4
+ "sourcesContent": ["import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n const requestUrl = parseUrl({url: initUrl});\n requestUrl.searchParams.set('nonce', nonce);\n\n const result = await initOAuth({url: requestUrl.toString()});\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {state}\n } = result;\n\n return state;\n };\n\n return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n authUrl,\n clientId,\n authScopes,\n state,\n redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared by the proxy backend with the value it initiated.\n requestUrl.searchParams.set('state', state);\n\n window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n requestGoogleJwtWithCredentials,\n requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n RequestGoogleJwtCredentialsParams,\n RequestGoogleJwtParams,\n RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n args:\n | {\n google: RequestGoogleJwtParams;\n }\n | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n if ('github' in args) {\n const {github} = args;\n\n const {redirect} = github;\n const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n const context = await initContext({\n generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n });\n\n requestGitHubJwtWithRedirect({\n ...restRedirect,\n ...context,\n authUrl,\n authScopes\n });\n return;\n }\n\n const context = await initContext({generateState: generateGoogleState});\n\n const {google} = args;\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestGoogleJwtWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestGoogleJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n"],
5
+ "mappings": "4LAKO,IAAMA,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAErEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC3BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,EAAW,kBAAAC,MAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,EAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,EAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,EACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH",
6
+ "names": ["buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect"]
7
+ }
package/dist/browser/errors.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a,b,c,d,e,f,g,h,i,j}from"./chunk-2BORB4XM.js";export{e as AuthenticationError,g as AuthenticationInvalidStateError,h as AuthenticationUndefinedJwtError,f as AuthenticationUrlHashError,b as ContextUndefinedError,d as FedCMIdentityCredentialInvalidError,c as FedCMIdentityCredentialUndefinedError,i as GetDelegationError,j as GetDelegationRetryError,a as InvalidUrlError};
1
+ import{a,b,c,d,e,f,g,h,i,j,k,l}from"./chunk-YFE7TMHK.js";export{l as ApiGitHubFinalizeError,k as ApiGitHubInitError,e as AuthenticationError,g as AuthenticationInvalidStateError,h as AuthenticationUndefinedJwtError,f as AuthenticationUrlHashError,b as ContextUndefinedError,d as FedCMIdentityCredentialInvalidError,c as FedCMIdentityCredentialUndefinedError,i as GetDelegationError,j as GetDelegationRetryError,a as InvalidUrlError};
2
2
  //# sourceMappingURL=errors.js.map
package/dist/browser/index.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a as x}from"./chunk-JYGIWWOR.js";import"./chunk-PIJCHIUI.js";import{a as y}from"./chunk-ZSWBJ7CY.js";import"./chunk-AO3TH3FT.js";import"./chunk-HE7SWFN4.js";import"./chunk-VYICNPPG.js";import{a as t,b as o,c as s,d as p,e as n,f as i,g as a,h as m,i as f,j as u}from"./chunk-2BORB4XM.js";var d=()=>{let{userAgent:e}=navigator;return/SamsungBrowser/i.test(e)?!1:"IdentityCredential"in window};export{n as AuthenticationError,a as AuthenticationInvalidStateError,m as AuthenticationUndefinedJwtError,i as AuthenticationUrlHashError,o as ContextUndefinedError,p as FedCMIdentityCredentialInvalidError,s as FedCMIdentityCredentialUndefinedError,f as GetDelegationError,u as GetDelegationRetryError,t as InvalidUrlError,x as authenticate,d as isFedCMSupported,y as requestJwt};
1
+ import{a as d}from"./chunk-VL5VEK6Q.js";import"./chunk-FVWXAETP.js";import{a as g}from"./chunk-ZTS76UPF.js";import"./chunk-Z5IIWCGH.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import{a as r,b as o,c as p,d as s,e as i,f as n,g as y,h as u,i as m,j as a,k as f,l as x}from"./chunk-YFE7TMHK.js";var v=()=>{let{userAgent:e}=navigator;return/SamsungBrowser/i.test(e)?!1:"IdentityCredential"in window};export{x as ApiGitHubFinalizeError,f as ApiGitHubInitError,i as AuthenticationError,y as AuthenticationInvalidStateError,u as AuthenticationUndefinedJwtError,n as AuthenticationUrlHashError,o as ContextUndefinedError,s as FedCMIdentityCredentialInvalidError,p as FedCMIdentityCredentialUndefinedError,m as GetDelegationError,a as GetDelegationRetryError,r as InvalidUrlError,d as authenticate,v as isFedCMSupported,g as requestJwt};
2
2
  //# sourceMappingURL=index.js.map
package/dist/browser/index.js.map CHANGED
@@ -2,6 +2,6 @@
2
2
  "version": 3,
3
3
  "sources": ["../../src/utils/openid.utils.ts"],
4
4
  "sourcesContent": ["/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n * - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n const {userAgent} = navigator;\n\n // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n if (isSamsungBrowser) {\n return false;\n }\n\n return 'IdentityCredential' in window;\n};\n"],
5
- "mappings": "uSAQO,IAAMA,EAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
5
+ "mappings": "qTAQO,IAAMA,EAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
6
6
  "names": ["isFedCMSupported", "userAgent"]
7
7
  }
package/dist/browser/request.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a}from"./chunk-ZSWBJ7CY.js";import"./chunk-AO3TH3FT.js";import"./chunk-HE7SWFN4.js";import"./chunk-VYICNPPG.js";import"./chunk-2BORB4XM.js";export{a as requestJwt};
1
+ import{a}from"./chunk-ZTS76UPF.js";import"./chunk-Z5IIWCGH.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as requestJwt};
2
2
  //# sourceMappingURL=request.js.map
package/dist/node/index.mjs CHANGED
@@ -1,4 +1,4 @@
1
1
  import { createRequire as topLevelCreateRequire } from 'module';
2
2
  const require = topLevelCreateRequire(import.meta.url);
3
- import{isEmptyString as _}from"@dfinity/utils";import{isNullish as Q}from"@dfinity/utils";import{Ed25519KeyIdentity as Z}from"@icp-sdk/core/identity";var S="juno:auth:openid",C={authUrl:"https://accounts.google.com/o/oauth2/v2/auth",authScopes:["openid","profile","email"],configUrl:"https://accounts.google.com/gsi/fedcm.json"};var d=class extends Error{},u=class extends Error{},l=class extends Error{},y=class extends Error{},g=class extends Error{},h=class extends Error{},f=class extends Error{},A=class extends Error{},x=class extends Error{},w=class extends Error{};import{arrayBufferToUint8Array as F}from"@dfinity/utils";import{uint8ArrayToBase64 as V}from"@dfinity/utils";var P=t=>V(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"");var M=()=>window.crypto.getRandomValues(new Uint8Array(32)),X=async({salt:t,caller:e})=>{let r=e.getPrincipal().toUint8Array(),o=new Uint8Array(t.length+r.byteLength);o.set(t),o.set(r,t.length);let n=await window.crypto.subtle.digest("SHA-256",o);return P(F(n))},I=async({caller:t})=>{let e=M();return{nonce:await X({salt:e,caller:t}),salt:e}};import{base64ToUint8Array as $,uint8ArrayToBase64 as z}from"@dfinity/utils";import{Ed25519KeyIdentity as H}from"@icp-sdk/core/identity";var D="__caller__",O="__salt__",J="__state__",U=({caller:t,state:e,salt:r})=>{let o={[D]:t.toJSON(),[O]:z(r),[J]:e};return JSON.stringify(o)},T=t=>{let{[D]:e,[O]:r,[J]:o}=JSON.parse(t);return{caller:H.fromParsedJson(e),salt:$(r),state:o}};var q=()=>P(window.crypto.getRandomValues(new Uint8Array(12)));var K=async()=>{let t=Z.generate(),{nonce:e,salt:r}=await I({caller:t}),o=q(),n=U({caller:t,salt:r,state:o});return sessionStorage.setItem(S,n),{nonce:e,state:o}},N=()=>{let t=sessionStorage.getItem(S);if(Q(t))throw new u;return T(t)};import{fromNullable as nt}from"@dfinity/utils";import{Delegation as st,ECDSAKeyIdentity as it}from"@icp-sdk/core/identity";import{getConsoleActor as tt,getSatelliteActor as et}from"@junobuild/ic-client/actor";var R=({auth:t,identity:e})=>"satellite"in t?et({...t.satellite,identity:e}):tt({...t.console,identity:e});var k=async({actorParams:t,args:e})=>{let{authenticate:r}=await R(t);return await r(e)},v=async({actorParams:t,args:e})=>{let{get_delegation:r}=await R(t);return await r(e)};import{DelegationChain as rt,DelegationIdentity as ot}from"@icp-sdk/core/identity";var L=({delegations:t,sessionKey:e})=>{let[r,o]=t,n=rt.fromDelegations(o,Uint8Array.from(r));return{identity:ot.fromDelegation(e,n),delegationChain:n,sessionKey:e}};var E=async({jwt:t,context:e,auth:r})=>{let o=await it.generate({extractable:!1}),n=new Uint8Array(o.getPublicKey().toDer()),{delegations:s,data:i}=await at({jwt:t,publicKey:n,context:e,auth:r});return{identity:L({sessionKey:o,delegations:s}),data:i}},at=async({jwt:t,publicKey:e,context:{caller:r,salt:o},auth:n})=>{let s=await k({args:{OpenId:{jwt:t,session_key:e,salt:o}},actorParams:{auth:n,identity:r}});if("Err"in s)throw new g("Authentication failed",{cause:s});let{delegation:{user_key:i,expiration:c},...a}=s.Ok,p=await ct({jwt:t,context:{caller:r,salt:o},auth:n,publicKey:e,expiration:c}),{delegation:m,signature:W}=p,{pubkey:j,expiration:B,targets:Y}=m;return{delegations:[i,[{delegation:new st(Uint8Array.from(j),B,nt(Y)),signature:Uint8Array.from(W)}]],data:a}},ct=async({jwt:t,publicKey:e,context:{salt:r,caller:o},auth:n,expiration:s,maxRetries:i=5})=>{for(let c=0;c<i;c++){await new Promise(m=>{setInterval(m,1e3*c)});let p=await v({args:{OpenId:{jwt:t,session_key:e,salt:r,expiration:s}},actorParams:{auth:n,identity:o}});if("Err"in p){let{Err:m}=p;if("NoSuchDelegation"in m||"GetCachedJwks"in m)continue;throw new x("Getting delegation failed",{cause:p})}return p.Ok}throw new w};var $t=async t=>{let e=N();if("credentials"in t){let{credentials:{jwt:r},auth:o}=t;return await E({jwt:r,context:e,auth:o})}return await pt({...t,context:e})},pt=async({auth:t,context:e})=>{let{location:{hash:r}}=window;if(_(r)||!r.startsWith("#"))throw new h("No hash found in the current location URL");let o=new URLSearchParams(r.slice(1)),n=o.get("state"),s=o.get("id_token"),{state:i}=e;if(_(i)||n!==i)throw new f("The provided state is invalid",{cause:n});if(_(s))throw new A;return await E({jwt:s,auth:t,context:e})};import{isNullish as mt,notEmptyString as dt}from"@dfinity/utils";var b=({authUrl:t,clientId:e,nonce:r,loginHint:o,authScopes:n,state:s,redirectUrl:i})=>{let a=(()=>{try{return new URL(t)}catch{throw new d("Cannot parse authURL",{cause:t})}})();a.searchParams.set("client_id",e);let{location:{origin:p}}=window;a.searchParams.set("redirect_uri",i??p),a.searchParams.set("response_type","code id_token"),a.searchParams.set("scope",n.join(" ")),a.searchParams.set("state",s),a.searchParams.set("nonce",r),dt(o)?a.searchParams.set("login_hint",o):a.searchParams.set("prompt","select_account"),window.location.href=a.toString()},G=async({configUrl:t,clientId:e,nonce:r,loginHint:o,domainHint:n})=>{let s=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:t,clientId:e,nonce:r,loginHint:o,domainHint:n}],mode:"active"},mediation:"required"});if(mt(s))throw new l;let{type:i}=s;if(i!=="identity"||!("token"in s)||typeof s.token!="string")throw new y("Invalid credential received from FedCM API",{cause:s});let{token:c}=s;return{jwt:c}};async function oe({google:t}){let e=await K();if("credentials"in t){let{credentials:s}=t,{configUrl:i}=C;return await G({...s,...e,configUrl:i})}let{redirect:r}=t,{authUrl:o,authScopes:n}=C;b({...r,...e,authUrl:o,authScopes:n})}var se=()=>{let{userAgent:t}=navigator;return/SamsungBrowser/i.test(t)?!1:"IdentityCredential"in window};export{g as AuthenticationError,f as AuthenticationInvalidStateError,A as AuthenticationUndefinedJwtError,h as AuthenticationUrlHashError,u as ContextUndefinedError,y as FedCMIdentityCredentialInvalidError,l as FedCMIdentityCredentialUndefinedError,x as GetDelegationError,w as GetDelegationRetryError,d as InvalidUrlError,$t as authenticate,se as isFedCMSupported,oe as requestJwt};
3
+ var U="juno:auth:openid",_={authUrl:"https://accounts.google.com/o/oauth2/v2/auth",authScopes:["openid","profile","email"],configUrl:"https://accounts.google.com/gsi/fedcm.json"},g={authUrl:"https://github.com/login/oauth/authorize",authScopes:["read:user","user:email"],initUrl:"https://api.juno.build/v1/auth/init/github",finalizeUrl:"https://api.juno.build/v1/auth/finalize/github"};import{isNullish as pt}from"@dfinity/utils";import{Ed25519KeyIdentity as ut}from"@icp-sdk/core/identity";var h=class extends Error{},y=class extends Error{},f=class extends Error{},w=class extends Error{},x=class extends Error{},A=class extends Error{},P=class extends Error{},m=class extends Error{},S=class extends Error{},R=class extends Error{},O=class extends Error{constructor(e){super("GitHub OAuth initialization failed",e)}},C=class extends Error{constructor(e){super("GitHub OAuth finalization failed",e)}};import{arrayBufferToUint8Array as ot}from"@dfinity/utils";import{uint8ArrayToBase64 as rt}from"@dfinity/utils";var E=t=>rt(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""),l=({url:t})=>{try{return new URL(t)}catch{throw new h("Cannot parse authURL",{cause:t})}};var nt=()=>window.crypto.getRandomValues(new Uint8Array(32)),it=async({salt:t,caller:e})=>{let r=e.getPrincipal().toUint8Array(),o=new Uint8Array(t.length+r.byteLength);o.set(t),o.set(r,t.length);let n=await window.crypto.subtle.digest("SHA-256",o);return E(ot(n))},T=async({caller:t})=>{let e=nt();return{nonce:await it({salt:e,caller:t}),salt:e}};import{base64ToUint8Array as st,uint8ArrayToBase64 as at}from"@dfinity/utils";import{Ed25519KeyIdentity as ct}from"@icp-sdk/core/identity";var v="__caller__",N="__salt__",k="__state__",K=({caller:t,state:e,salt:r})=>{let o={[v]:t.toJSON(),[N]:at(r),[k]:e};return JSON.stringify(o)},H=t=>{let{[v]:e,[N]:r,[k]:o}=JSON.parse(t);return{caller:ct.fromParsedJson(e),salt:st(r),state:o}};var J=async({generateState:t})=>{let e=ut.generate(),{nonce:r,salt:o}=await T({caller:e}),n=await t({nonce:r}),i=K({caller:e,salt:o,state:n});return sessionStorage.setItem(U,i),{nonce:r,state:n}},L=()=>{let t=sessionStorage.getItem(U);if(pt(t))throw new y;return H(t)};import{fromNullable as ht}from"@dfinity/utils";import{Delegation as yt,ECDSAKeyIdentity as ft}from"@icp-sdk/core/identity";import{getConsoleActor as mt,getSatelliteActor as lt}from"@junobuild/ic-client/actor";var D=({auth:t,identity:e})=>"satellite"in t?lt({...t.satellite,identity:e}):mt({...t.console,identity:e});var W=async({actorParams:t,args:e})=>{let{authenticate:r}=await D(t);return await r(e)},j=async({actorParams:t,args:e})=>{let{get_delegation:r}=await D(t);return await r(e)};import{DelegationChain as dt,DelegationIdentity as gt}from"@icp-sdk/core/identity";var B=({delegations:t,sessionKey:e})=>{let[r,o]=t,n=dt.fromDelegations(o,Uint8Array.from(r));return{identity:gt.fromDelegation(e,n),delegationChain:n,sessionKey:e}};var d=async({jwt:t,context:e,auth:r})=>{let o=await ft.generate({extractable:!1}),n=new Uint8Array(o.getPublicKey().toDer()),{delegations:i,data:a}=await wt({jwt:t,publicKey:n,context:e,auth:r});return{identity:B({sessionKey:o,delegations:i}),data:a}},wt=async({jwt:t,publicKey:e,context:{caller:r,salt:o},auth:n})=>{let i=await W({args:{OpenId:{jwt:t,session_key:e,salt:o}},actorParams:{auth:n,identity:r}});if("Err"in i)throw new x("Authentication failed",{cause:i});let{delegation:{user_key:a,expiration:s},...c}=i.Ok,p=await xt({jwt:t,context:{caller:r,salt:o},auth:n,publicKey:e,expiration:s}),{delegation:u,signature:b}=p,{pubkey:G,expiration:I,targets:et}=u;return{delegations:[a,[{delegation:new yt(Uint8Array.from(G),I,ht(et)),signature:Uint8Array.from(b)}]],data:c}},xt=async({jwt:t,publicKey:e,context:{salt:r,caller:o},auth:n,expiration:i,maxRetries:a=5})=>{for(let s=0;s<a;s++){await new Promise(u=>{setInterval(u,1e3*s)});let p=await j({args:{OpenId:{jwt:t,session_key:e,salt:r,expiration:i}},actorParams:{auth:n,identity:o}});if("Err"in p){let{Err:u}=p;if("NoSuchDelegation"in u||"GetCachedJwks"in u)continue;throw new S("Getting delegation failed",{cause:p})}return p.Ok}throw new R};import{isEmptyString as At}from"@dfinity/utils";var z=async({url:t})=>{try{let e=await fetch(t,{credentials:"include"});return e.ok?await e.json():{error:new Error(`Failed to fetch ${t} (${e.status})`)}}catch(e){return{error:new O({cause:e})}}},Y=async({url:t,body:e})=>{try{let r=await fetch(t,{method:"POST",credentials:"include",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return r.ok?await r.json():{error:new Error(`Failed to fetch ${t} (${r.status})`)}}catch(r){return{error:new C({cause:r})}}};var V=async({auth:t,context:e,redirect:{finalizeUrl:r}})=>{let{location:{search:o}}=window,n=new URLSearchParams(o),i=n.get("code"),a=n.get("state"),s=await Y({url:r,body:{code:i,state:a}});if("error"in s)throw s.error;let{success:{token:c}}=s;if(At(c))throw new m;return await d({jwt:c,auth:t,context:e})};import{isEmptyString as q}from"@dfinity/utils";var $=async({auth:t,context:e})=>{let{location:{hash:r}}=window;if(q(r)||!r.startsWith("#"))throw new A("No hash found in the current location URL");let o=new URLSearchParams(r.slice(1)),n=o.get("state"),i=o.get("id_token"),{state:a}=e;if(q(a)||n!==a)throw new P("The provided state is invalid",{cause:n});if(q(i))throw new m;return await d({jwt:i,auth:t,context:e})};var ye=async t=>{let e=L();if("github"in t){let{github:{redirect:o,auth:n}}=t,{finalizeUrl:i}=g;return await V({redirect:o??{finalizeUrl:i},auth:n,context:e})}let{google:r}=t;if("credentials"in r){let{credentials:{jwt:o},auth:n}=r;return await d({jwt:o,context:e,auth:n})}return await $({...r,context:e})};var F=({initUrl:t})=>async({nonce:r})=>{let o=l({url:t});o.searchParams.set("nonce",r);let n=await z({url:o.toString()});if("error"in n)throw n.error;let{success:{state:i}}=n;return i};var M=({authUrl:t,clientId:e,authScopes:r,state:o,redirectUrl:n})=>{let i=l({url:t});i.searchParams.set("client_id",e);let{location:{origin:a}}=window;i.searchParams.set("redirect_uri",n??a),i.searchParams.set("scope",r.join(" ")),i.searchParams.set("state",o),window.location.href=i.toString()};var X=()=>E(window.crypto.getRandomValues(new Uint8Array(12)));var Q=async t=>X();import{isNullish as Pt,notEmptyString as St}from"@dfinity/utils";var Z=({authUrl:t,clientId:e,nonce:r,loginHint:o,authScopes:n,state:i,redirectUrl:a})=>{let s=l({url:t});s.searchParams.set("client_id",e);let{location:{origin:c}}=window;s.searchParams.set("redirect_uri",a??c),s.searchParams.set("response_type","code id_token"),s.searchParams.set("scope",n.join(" ")),s.searchParams.set("state",i),s.searchParams.set("nonce",r),St(o)?s.searchParams.set("login_hint",o):s.searchParams.set("prompt","select_account"),window.location.href=s.toString()},tt=async({configUrl:t,clientId:e,nonce:r,loginHint:o,domainHint:n})=>{let i=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:t,clientId:e,nonce:r,loginHint:o,domainHint:n}],mode:"active"},mediation:"required"});if(Pt(i))throw new f;let{type:a}=i;if(a!=="identity"||!("token"in i)||typeof i.token!="string")throw new w("Invalid credential received from FedCM API",{cause:i});let{token:s}=i;return{jwt:s}};async function Ne(t){if("github"in t){let{github:a}=t,{redirect:s}=a,{initUrl:c,...p}=s,{authUrl:u,authScopes:b,initUrl:G}=g,I=await J({generateState:F({initUrl:c??G})});M({...p,...I,authUrl:u,authScopes:b});return}let e=await J({generateState:Q}),{google:r}=t;if("credentials"in r){let{credentials:a}=r,{configUrl:s}=_;return await tt({...a,...e,configUrl:s})}let{redirect:o}=r,{authUrl:n,authScopes:i}=_;Z({...o,...e,authUrl:n,authScopes:i})}var Ke=()=>{let{userAgent:t}=navigator;return/SamsungBrowser/i.test(t)?!1:"IdentityCredential"in window};export{C as ApiGitHubFinalizeError,O as ApiGitHubInitError,x as AuthenticationError,P as AuthenticationInvalidStateError,m as AuthenticationUndefinedJwtError,A as AuthenticationUrlHashError,y as ContextUndefinedError,w as FedCMIdentityCredentialInvalidError,f as FedCMIdentityCredentialUndefinedError,S as GetDelegationError,R as GetDelegationRetryError,h as InvalidUrlError,ye as authenticate,Ke as isFedCMSupported,Ne as requestJwt};
4
4
  //# sourceMappingURL=index.mjs.map
package/dist/node/index.mjs.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
- "sources": ["../../src/authenticate.ts", "../../src/_context.ts", "../../src/_constants.ts", "../../src/errors.ts", "../../src/utils/auth.utils.ts", "../../src/utils/url.utils.ts", "../../src/utils/session-storage.utils.ts", "../../src/utils/state.utils.ts", "../../src/_session.ts", "../../src/api/_actor.api.ts", "../../src/api/auth.api.ts", "../../src/utils/session.utils.ts", "../../src/_openid.ts", "../../src/request.ts", "../../src/utils/openid.utils.ts"],
4
- "sourcesContent": ["import {isEmptyString} from '@dfinity/utils';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {\n AuthenticationInvalidStateError,\n AuthenticationUndefinedJwtError,\n AuthenticationUrlHashError\n} from './errors';\nimport type {\n AuthenticatedSession,\n AuthenticationParams,\n AuthParameters\n} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\n\nexport const authenticate = async <T extends AuthParameters>(\n params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n const context = loadContext();\n\n if ('credentials' in params) {\n const {\n credentials: {jwt},\n auth\n } = params;\n\n return await authenticateSession({\n jwt,\n context,\n auth\n });\n }\n\n return await authenticateWithRedirect<T>({...params, context});\n};\n\nconst authenticateWithRedirect = async <T extends AuthParameters>({\n auth,\n context\n}: {\n auth: AuthParameters;\n context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {hash}\n } = window;\n\n if (isEmptyString(hash) || !hash.startsWith('#')) {\n throw new AuthenticationUrlHashError('No hash found in the current location URL');\n }\n\n const params = new URLSearchParams(hash.slice(1));\n const state = params.get('state');\n const idToken = params.get('id_token');\n\n const {state: savedState} = context;\n\n if (isEmptyString(savedState) || state !== savedState) {\n throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n }\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\nimport {generateRandomState} from './utils/state.utils';\n\nexport const initContext = async (): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n const caller = Ed25519KeyIdentity.generate();\n const {nonce, salt} = await generateNonce({caller});\n const state = generateRandomState();\n\n const storedData = stringifyContext({\n caller,\n salt,\n state\n });\n\n sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n return {\n nonce,\n state\n };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n if (isNullish(storedContext)) {\n throw new ContextUndefinedError();\n }\n\n return parseContext(storedContext);\n};\n", "import type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n authScopes: ['openid', 'profile', 'email'],\n configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n", "export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n const principal = caller.getPrincipal().toUint8Array();\n\n const bytes = new Uint8Array(salt.length + principal.byteLength);\n bytes.set(salt);\n bytes.set(principal, salt.length);\n\n const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n caller\n}: {\n caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n const salt = generateSalt();\n const nonce = await buildNonce({salt, caller});\n\n return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n [JSON_KEY_SALT]: string;\n [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n const data: StoredContext = {\n [JSON_KEY_CALLER]: caller.toJSON(),\n [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n [JSON_KEY_STATE]: state\n };\n\n return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n const {\n [JSON_KEY_CALLER]: jsonCaller,\n [JSON_KEY_SALT]: jsonSalt,\n [JSON_KEY_STATE]: state\n }: StoredContext = JSON.parse(jsonData);\n\n return {\n caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n salt: base64ToUint8Array(jsonSalt),\n state\n };\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import {fromNullable} from '@dfinity/utils';\nimport type {Signature} from '@icp-sdk/core/agent';\nimport {Delegation, ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport {authenticate as authenticateApi, getDelegation as getDelegationApi} from './api/auth.api';\nimport {AuthenticationError, GetDelegationError, GetDelegationRetryError} from './errors';\nimport type {AuthenticationData, GetDelegationArgs, SignedDelegation} from './types/actor';\nimport type {AuthenticatedSession, AuthParameters} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Delegations} from './types/session';\nimport {generateIdentity} from './utils/session.utils';\n\ninterface AuthContext {\n context: Omit<OpenIdAuthContext, 'state'>;\n auth: AuthParameters;\n}\ntype AuthenticationArgs = {jwt: string} & AuthContext;\n\nexport const authenticateSession = async <T extends AuthParameters>({\n jwt,\n context,\n auth\n}: AuthenticationArgs): Promise<AuthenticatedSession<T>> => {\n const sessionKey = await ECDSAKeyIdentity.generate({extractable: false});\n\n const publicKey = new Uint8Array(sessionKey.getPublicKey().toDer());\n\n const {delegations, data} = await authenticate<T>({\n jwt,\n publicKey,\n context,\n auth\n });\n\n const identity = generateIdentity({\n sessionKey,\n delegations\n });\n\n return {identity, data};\n};\n\nconst authenticate = async <T extends AuthParameters>({\n jwt,\n publicKey,\n context: {caller, salt},\n auth\n}: {\n publicKey: Uint8Array;\n} & AuthenticationArgs): Promise<{delegations: Delegations; data: AuthenticationData<T>}> => {\n const result = await authenticateApi({\n args: {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt\n }\n },\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n throw new AuthenticationError('Authentication failed', {cause: result});\n }\n\n const {\n delegation: {user_key: userKey, expiration},\n ...rest\n } = result.Ok;\n\n const signedDelegation = await retryGetDelegation({\n jwt,\n context: {caller, salt},\n auth,\n publicKey,\n expiration\n });\n\n const {delegation, signature} = signedDelegation;\n const {pubkey, expiration: signedExpiration, targets} = delegation;\n\n const delegations: Delegations = [\n userKey,\n [\n {\n delegation: new Delegation(\n Uint8Array.from(pubkey),\n signedExpiration,\n fromNullable(targets)\n ),\n signature: Uint8Array.from(signature) as unknown as Signature\n }\n ]\n ];\n\n return {delegations, data: rest as AuthenticationData<T>};\n};\n\nconst retryGetDelegation = async ({\n jwt,\n publicKey,\n context: {salt, caller},\n auth,\n expiration,\n maxRetries = 5\n}: {\n publicKey: Uint8Array;\n expiration: bigint;\n maxRetries?: number;\n} & AuthenticationArgs): Promise<SignedDelegation> => {\n for (let i = 0; i < maxRetries; i++) {\n // Linear backoff\n await new Promise((resolve) => {\n setInterval(resolve, 1000 * i);\n });\n\n const args: GetDelegationArgs = {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt,\n expiration\n }\n };\n\n const result = await getDelegationApi({\n args,\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n const {Err} = result;\n\n if ('NoSuchDelegation' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n if ('GetCachedJwks' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n throw new GetDelegationError('Getting delegation failed', {cause: result});\n }\n\n return result.Ok;\n }\n\n throw new GetDelegationRetryError();\n};\n", "import {\n type ConsoleActor,\n type SatelliteActor,\n getConsoleActor,\n getSatelliteActor\n} from '@junobuild/ic-client/actor';\nimport type {ActorParameters} from '../types/actor';\n\nexport const getAuthActor = ({\n auth,\n identity\n}: ActorParameters): Promise<ConsoleActor | SatelliteActor> =>\n 'satellite' in auth\n ? getSatelliteActor({...auth.satellite, identity})\n : getConsoleActor({...auth.console, identity});\n", "import type {\n ActorParameters,\n AuthenticationArgs,\n AuthenticationResult,\n GetDelegationArgs,\n GetDelegationResult\n} from '../types/actor';\nimport {getAuthActor} from './_actor.api';\n\nexport const authenticate = async ({\n actorParams,\n args\n}: {\n args: AuthenticationArgs;\n actorParams: ActorParameters;\n}): Promise<AuthenticationResult> => {\n const {authenticate} = await getAuthActor(actorParams);\n return await authenticate(args);\n};\n\nexport const getDelegation = async ({\n actorParams,\n args\n}: {\n args: GetDelegationArgs;\n actorParams: ActorParameters;\n}): Promise<GetDelegationResult> => {\n const {get_delegation} = await getAuthActor(actorParams);\n return await get_delegation(args);\n};\n", "import {DelegationChain, DelegationIdentity, type ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport type {AuthenticatedIdentity} from '../types/authenticate';\nimport type {Delegations} from '../types/session';\n\nexport const generateIdentity = ({\n delegations,\n sessionKey\n}: {\n delegations: Delegations;\n sessionKey: ECDSAKeyIdentity;\n}): AuthenticatedIdentity => {\n const [userKey, signedDelegations] = delegations;\n\n const delegationChain = DelegationChain.fromDelegations(\n signedDelegations,\n Uint8Array.from(userKey)\n );\n\n const identity = DelegationIdentity.fromDelegation(sessionKey, delegationChain);\n\n return {identity, delegationChain, sessionKey};\n};\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError,\n InvalidUrlError\n} from './errors';\nimport type {RequestJwtWithCredentials, RequestJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestJwtWithRedirect) => {\n const parseAuthUrl = (): URL => {\n try {\n // Use the URL constructor, for backwards compatibility with older Android/WebView.\n return new URL(authUrl);\n } catch (_error: unknown) {\n throw new InvalidUrlError('Cannot parse authURL', {cause: authUrl});\n }\n };\n\n const requestUrl = parseAuthUrl();\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {requestJwtWithRedirect, requestWithCredentials} from './_openid';\nimport type {\n RequestJwtCredentialsParams,\n RequestJwtCredentialsResult,\n RequestJwtParams,\n RequestJwtRedirectParams\n} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(args: {google: RequestJwtRedirectParams}): Promise<void>;\n\nexport async function requestJwt({\n google\n}: {\n google: RequestJwtParams;\n}): Promise<RequestJwtCredentialsResult | void> {\n const context = await initContext();\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n", "/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n * - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n const {userAgent} = navigator;\n\n // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n if (isSamsungBrowser) {\n return false;\n }\n\n return 'IdentityCredential' in window;\n};\n"],
5
- "mappings": ";;AAAA,OAAQ,iBAAAA,MAAoB,iBCA5B,OAAQ,aAAAC,MAAgB,iBACxB,OAAQ,sBAAAC,MAAyB,yBCC1B,IAAMC,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,ECTO,IAAMC,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,ECZpD,OAAQ,2BAAAC,MAA8B,iBCAtC,OAAQ,sBAAAC,MAAyB,iBAI1B,IAAMC,EAAeC,GAC1BF,EAAmBE,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EDA1F,IAAMC,EAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,EAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,EAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,EAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,EAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,EAAoB,sBAAAC,MAAyB,iBACrD,OAAQ,sBAAAC,MAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,EAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,EAAmB,eAAeW,CAAU,EACpD,KAAMb,EAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EClCO,IAAMO,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ENOxD,IAAMC,EAAc,SAAwE,CACjG,IAAMC,EAASC,EAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAC5CK,EAAQC,EAAoB,EAE5BC,EAAaC,EAAiB,CAClC,OAAAR,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQI,EAAaF,CAAU,EAEvC,CACL,MAAAL,EACA,MAAAG,CACF,CACF,EAEaK,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,EAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC,EOrCA,OAAQ,gBAAAI,OAAmB,iBAE3B,OAAQ,cAAAC,GAAY,oBAAAC,OAAuB,yBCF3C,OAGE,mBAAAC,GACA,qBAAAC,OACK,6BAGA,IAAMC,EAAe,CAAC,CAC3B,KAAAC,EACA,SAAAC,CACF,IACE,cAAeD,EACXF,GAAkB,CAAC,GAAGE,EAAK,UAAW,SAAAC,CAAQ,CAAC,EAC/CJ,GAAgB,CAAC,GAAGG,EAAK,QAAS,SAAAC,CAAQ,CAAC,ECL1C,IAAMC,EAAe,MAAO,CACjC,YAAAC,EACA,KAAAC,CACF,IAGqC,CACnC,GAAM,CAAC,aAAAF,CAAY,EAAI,MAAMG,EAAaF,CAAW,EACrD,OAAO,MAAMD,EAAaE,CAAI,CAChC,EAEaE,EAAgB,MAAO,CAClC,YAAAH,EACA,KAAAC,CACF,IAGoC,CAClC,GAAM,CAAC,eAAAG,CAAc,EAAI,MAAMF,EAAaF,CAAW,EACvD,OAAO,MAAMI,EAAeH,CAAI,CAClC,EC7BA,OAAQ,mBAAAI,GAAiB,sBAAAC,OAAgD,yBAIlE,IAAMC,EAAmB,CAAC,CAC/B,YAAAC,EACA,WAAAC,CACF,IAG6B,CAC3B,GAAM,CAACC,EAASC,CAAiB,EAAIH,EAE/BI,EAAkBP,GAAgB,gBACtCM,EACA,WAAW,KAAKD,CAAO,CACzB,EAIA,MAAO,CAAC,SAFSJ,GAAmB,eAAeG,EAAYG,CAAe,EAE5D,gBAAAA,EAAiB,WAAAH,CAAU,CAC/C,EHJO,IAAMI,EAAsB,MAAiC,CAClE,IAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA4D,CAC1D,IAAMC,EAAa,MAAMC,GAAiB,SAAS,CAAC,YAAa,EAAK,CAAC,EAEjEC,EAAY,IAAI,WAAWF,EAAW,aAAa,EAAE,MAAM,CAAC,EAE5D,CAAC,YAAAG,EAAa,KAAAC,CAAI,EAAI,MAAMC,GAAgB,CAChD,IAAAR,EACA,UAAAK,EACA,QAAAJ,EACA,KAAAC,CACF,CAAC,EAOD,MAAO,CAAC,SALSO,EAAiB,CAChC,WAAAN,EACA,YAAAG,CACF,CAAC,EAEiB,KAAAC,CAAI,CACxB,EAEMC,GAAe,MAAiC,CACpD,IAAAR,EACA,UAAAK,EACA,QAAS,CAAC,OAAAK,EAAQ,KAAAC,CAAI,EACtB,KAAAT,CACF,IAE6F,CAC3F,IAAMU,EAAS,MAAMJ,EAAgB,CACnC,KAAM,CACJ,OAAQ,CACN,IAAAR,EACA,YAAaK,EACb,KAAAM,CACF,CACF,EACA,YAAa,CACX,KAAAT,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EACX,MAAM,IAAIC,EAAoB,wBAAyB,CAAC,MAAOD,CAAM,CAAC,EAGxE,GAAM,CACJ,WAAY,CAAC,SAAUE,EAAS,WAAAC,CAAU,EAC1C,GAAGC,CACL,EAAIJ,EAAO,GAELK,EAAmB,MAAMC,GAAmB,CAChD,IAAAlB,EACA,QAAS,CAAC,OAAAU,EAAQ,KAAAC,CAAI,EACtB,KAAAT,EACA,UAAAG,EACA,WAAAU,CACF,CAAC,EAEK,CAAC,WAAAI,EAAY,UAAAC,CAAS,EAAIH,EAC1B,CAAC,OAAAI,EAAQ,WAAYC,EAAkB,QAAAC,CAAO,EAAIJ,EAgBxD,MAAO,CAAC,YAdyB,CAC/BL,EACA,CACE,CACE,WAAY,IAAIU,GACd,WAAW,KAAKH,CAAM,EACtBC,EACAG,GAAaF,CAAO,CACtB,EACA,UAAW,WAAW,KAAKH,CAAS,CACtC,CACF,CACF,EAEqB,KAAMJ,CAA6B,CAC1D,EAEME,GAAqB,MAAO,CAChC,IAAAlB,EACA,UAAAK,EACA,QAAS,CAAC,KAAAM,EAAM,OAAAD,CAAM,EACtB,KAAAR,EACA,WAAAa,EACA,WAAAW,EAAa,CACf,IAIsD,CACpD,QAASC,EAAI,EAAGA,EAAID,EAAYC,IAAK,CAEnC,MAAM,IAAI,QAASC,GAAY,CAC7B,YAAYA,EAAS,IAAOD,CAAC,CAC/B,CAAC,EAWD,IAAMf,EAAS,MAAMiB,EAAiB,CACpC,KAV8B,CAC9B,OAAQ,CACN,IAAA7B,EACA,YAAaK,EACb,KAAAM,EACA,WAAAI,CACF,CACF,EAIE,YAAa,CACX,KAAAb,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EAAQ,CACnB,GAAM,CAAC,IAAAkB,CAAG,EAAIlB,EAOd,GALI,qBAAsBkB,GAKtB,kBAAmBA,EAErB,SAGF,MAAM,IAAIC,EAAmB,4BAA6B,CAAC,MAAOnB,CAAM,CAAC,CAC3E,CAEA,OAAOA,EAAO,EAChB,CAEA,MAAM,IAAIoB,CACZ,ER5IO,IAAMC,GAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,gBAAiBF,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAG,CAAG,EACjB,KAAAC,CACF,EAAIJ,EAEJ,OAAO,MAAMK,EAAoB,CAC/B,IAAAF,EACA,QAAAF,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAME,GAA4B,CAAC,GAAGN,EAAQ,QAAAC,CAAO,CAAC,CAC/D,EAEMK,GAA2B,MAAiC,CAChE,KAAAF,EACA,QAAAH,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAM,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMT,EAAS,IAAI,gBAAgBO,EAAK,MAAM,CAAC,CAAC,EAC1CG,EAAQV,EAAO,IAAI,OAAO,EAC1BW,EAAUX,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOY,CAAU,EAAIX,EAE5B,GAAIO,EAAcI,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIF,EAAcG,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMT,EAAoB,CAC/B,IAAKM,EACL,KAAAP,EACA,QAAAH,CACF,CAAC,CACH,EYvEA,OAAQ,aAAAc,GAAW,kBAAAC,OAAqB,iBAejC,IAAMC,EAAyB,CAAC,CACrC,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAA8B,CAU5B,IAAMC,GATe,IAAW,CAC9B,GAAI,CAEF,OAAO,IAAI,IAAIP,CAAO,CACxB,MAA0B,CACxB,MAAM,IAAIQ,EAAgB,uBAAwB,CAAC,MAAOR,CAAO,CAAC,CACpE,CACF,GAEgC,EAEhCO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,GAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAyB,MAAO,CAC3C,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAAyD,CACvD,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,GAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECtGA,eAAsBC,GAAW,CAC/B,OAAAC,CACF,EAEgD,CAC9C,IAAMC,EAAU,MAAMC,EAAY,EAElC,GAAI,gBAAiBF,EAAQ,CAC3B,GAAM,CAAC,YAAAG,CAAW,EAAIH,EAChB,CAAC,UAAAI,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAuB,CAClC,GAAGH,EACH,GAAGF,EACH,UAAAG,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAG,CAAQ,EAAIP,EACb,CAAC,QAAAQ,EAAS,WAAAC,CAAU,EAAIJ,EAE9BK,EAAuB,CACrB,GAAGH,EACH,GAAGN,EACH,QAAAO,EACA,WAAAC,CACF,CAAC,CACH,CCnCO,IAAME,GAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
6
- "names": ["isEmptyString", "isNullish", "Ed25519KeyIdentity", "CONTEXT_KEY", "GOOGLE_PROVIDER", "InvalidUrlError", "ContextUndefinedError", "FedCMIdentityCredentialUndefinedError", "FedCMIdentityCredentialInvalidError", "AuthenticationError", "AuthenticationUrlHashError", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "GetDelegationError", "GetDelegationRetryError", "arrayBufferToUint8Array", "uint8ArrayToBase64", "toBase64URL", "uint8Array", "generateSalt", "buildNonce", "salt", "caller", "principal", "bytes", "hash", "toBase64URL", "arrayBufferToUint8Array", "generateNonce", "base64ToUint8Array", "uint8ArrayToBase64", "Ed25519KeyIdentity", "JSON_KEY_CALLER", "JSON_KEY_SALT", "JSON_KEY_STATE", "stringifyContext", "caller", "state", "salt", "data", "parseContext", "jsonData", "jsonCaller", "jsonSalt", "generateRandomState", "toBase64URL", "initContext", "caller", "Ed25519KeyIdentity", "nonce", "salt", "generateNonce", "state", "generateRandomState", "storedData", "stringifyContext", "CONTEXT_KEY", "loadContext", "storedContext", "isNullish", "ContextUndefinedError", "parseContext", "fromNullable", "Delegation", "ECDSAKeyIdentity", "getConsoleActor", "getSatelliteActor", "getAuthActor", "auth", "identity", "authenticate", "actorParams", "args", "getAuthActor", "getDelegation", "get_delegation", "DelegationChain", "DelegationIdentity", "generateIdentity", "delegations", "sessionKey", "userKey", "signedDelegations", "delegationChain", "authenticateSession", "jwt", "context", "auth", "sessionKey", "ECDSAKeyIdentity", "publicKey", "delegations", "data", "authenticate", "generateIdentity", "caller", "salt", "result", "AuthenticationError", "userKey", "expiration", "rest", "signedDelegation", "retryGetDelegation", "delegation", "signature", "pubkey", "signedExpiration", "targets", "Delegation", "fromNullable", "maxRetries", "i", "resolve", "getDelegation", "Err", "GetDelegationError", "GetDelegationRetryError", "authenticate", "params", "context", "loadContext", "jwt", "auth", "authenticateSession", "authenticateWithRedirect", "hash", "isEmptyString", "AuthenticationUrlHashError", "state", "idToken", "savedState", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "isNullish", "notEmptyString", "requestJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "InvalidUrlError", "currentUrl", "notEmptyString", "requestWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "google", "context", "initContext", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestWithCredentials", "redirect", "authUrl", "authScopes", "requestJwtWithRedirect", "isFedCMSupported", "userAgent"]
3
+ "sources": ["../../src/_constants.ts", "../../src/_context.ts", "../../src/errors.ts", "../../src/utils/auth.utils.ts", "../../src/utils/url.utils.ts", "../../src/utils/session-storage.utils.ts", "../../src/_session.ts", "../../src/api/_actor.api.ts", "../../src/api/auth.api.ts", "../../src/utils/session.utils.ts", "../../src/providers/github/authenticate.ts", "../../src/providers/github/_api.ts", "../../src/providers/google/authenticate.ts", "../../src/authenticate.ts", "../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts", "../../src/utils/openid.utils.ts"],
4
+ "sourcesContent": ["import type {OpenIdGitHubProvider} from './providers/github/types/provider';\nimport type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n authScopes: ['openid', 'profile', 'email'],\n configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n\nexport const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://github.com/login/oauth/authorize',\n authScopes: ['read:user', 'user:email'],\n initUrl: 'https://api.juno.build/v1/auth/init/github',\n finalizeUrl: 'https://api.juno.build/v1/auth/finalize/github'\n};\n", "import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\n\nexport const initContext = async ({\n generateState\n}: {\n generateState: (params: {nonce: Nonce}) => Promise<string>;\n}): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n const caller = Ed25519KeyIdentity.generate();\n const {nonce, salt} = await generateNonce({caller});\n\n const state = await generateState({nonce});\n\n const storedData = stringifyContext({\n caller,\n salt,\n state\n });\n\n sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n return {\n nonce,\n state\n };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n if (isNullish(storedContext)) {\n throw new ContextUndefinedError();\n }\n\n return parseContext(storedContext);\n};\n", "export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n\nexport class ApiGitHubInitError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth initialization failed', options);\n }\n}\n\nexport class ApiGitHubFinalizeError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth finalization failed', options);\n }\n}\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n const principal = caller.getPrincipal().toUint8Array();\n\n const bytes = new Uint8Array(salt.length + principal.byteLength);\n bytes.set(salt);\n bytes.set(principal, salt.length);\n\n const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n caller\n}: {\n caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n const salt = generateSalt();\n const nonce = await buildNonce({salt, caller});\n\n return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {InvalidUrlError} from '../errors';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\nexport const parseUrl = ({url}: {url: string}): URL => {\n try {\n // Use the URL constructor, for backwards compatibility with older Android/WebView.\n return new URL(url);\n } catch (_error: unknown) {\n throw new InvalidUrlError('Cannot parse authURL', {cause: url});\n }\n};\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n [JSON_KEY_SALT]: string;\n [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n const data: StoredContext = {\n [JSON_KEY_CALLER]: caller.toJSON(),\n [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n [JSON_KEY_STATE]: state\n };\n\n return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n const {\n [JSON_KEY_CALLER]: jsonCaller,\n [JSON_KEY_SALT]: jsonSalt,\n [JSON_KEY_STATE]: state\n }: StoredContext = JSON.parse(jsonData);\n\n return {\n caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n salt: base64ToUint8Array(jsonSalt),\n state\n };\n};\n", "import {fromNullable} from '@dfinity/utils';\nimport type {Signature} from '@icp-sdk/core/agent';\nimport {Delegation, ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport {authenticate as authenticateApi, getDelegation as getDelegationApi} from './api/auth.api';\nimport {AuthenticationError, GetDelegationError, GetDelegationRetryError} from './errors';\nimport type {AuthenticationData, GetDelegationArgs, SignedDelegation} from './types/actor';\nimport type {AuthenticatedSession, AuthParameters} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Delegations} from './types/session';\nimport {generateIdentity} from './utils/session.utils';\n\ninterface AuthContext {\n context: Omit<OpenIdAuthContext, 'state'>;\n auth: AuthParameters;\n}\ntype AuthenticationArgs = {jwt: string} & AuthContext;\n\nexport const authenticateSession = async <T extends AuthParameters>({\n jwt,\n context,\n auth\n}: AuthenticationArgs): Promise<AuthenticatedSession<T>> => {\n const sessionKey = await ECDSAKeyIdentity.generate({extractable: false});\n\n const publicKey = new Uint8Array(sessionKey.getPublicKey().toDer());\n\n const {delegations, data} = await authenticate<T>({\n jwt,\n publicKey,\n context,\n auth\n });\n\n const identity = generateIdentity({\n sessionKey,\n delegations\n });\n\n return {identity, data};\n};\n\nconst authenticate = async <T extends AuthParameters>({\n jwt,\n publicKey,\n context: {caller, salt},\n auth\n}: {\n publicKey: Uint8Array;\n} & AuthenticationArgs): Promise<{delegations: Delegations; data: AuthenticationData<T>}> => {\n const result = await authenticateApi({\n args: {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt\n }\n },\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n throw new AuthenticationError('Authentication failed', {cause: result});\n }\n\n const {\n delegation: {user_key: userKey, expiration},\n ...rest\n } = result.Ok;\n\n const signedDelegation = await retryGetDelegation({\n jwt,\n context: {caller, salt},\n auth,\n publicKey,\n expiration\n });\n\n const {delegation, signature} = signedDelegation;\n const {pubkey, expiration: signedExpiration, targets} = delegation;\n\n const delegations: Delegations = [\n userKey,\n [\n {\n delegation: new Delegation(\n Uint8Array.from(pubkey),\n signedExpiration,\n fromNullable(targets)\n ),\n signature: Uint8Array.from(signature) as unknown as Signature\n }\n ]\n ];\n\n return {delegations, data: rest as AuthenticationData<T>};\n};\n\nconst retryGetDelegation = async ({\n jwt,\n publicKey,\n context: {salt, caller},\n auth,\n expiration,\n maxRetries = 5\n}: {\n publicKey: Uint8Array;\n expiration: bigint;\n maxRetries?: number;\n} & AuthenticationArgs): Promise<SignedDelegation> => {\n for (let i = 0; i < maxRetries; i++) {\n // Linear backoff\n await new Promise((resolve) => {\n setInterval(resolve, 1000 * i);\n });\n\n const args: GetDelegationArgs = {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt,\n expiration\n }\n };\n\n const result = await getDelegationApi({\n args,\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n const {Err} = result;\n\n if ('NoSuchDelegation' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n if ('GetCachedJwks' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n throw new GetDelegationError('Getting delegation failed', {cause: result});\n }\n\n return result.Ok;\n }\n\n throw new GetDelegationRetryError();\n};\n", "import {\n type ConsoleActor,\n type SatelliteActor,\n getConsoleActor,\n getSatelliteActor\n} from '@junobuild/ic-client/actor';\nimport type {ActorParameters} from '../types/actor';\n\nexport const getAuthActor = ({\n auth,\n identity\n}: ActorParameters): Promise<ConsoleActor | SatelliteActor> =>\n 'satellite' in auth\n ? getSatelliteActor({...auth.satellite, identity})\n : getConsoleActor({...auth.console, identity});\n", "import type {\n ActorParameters,\n AuthenticationArgs,\n AuthenticationResult,\n GetDelegationArgs,\n GetDelegationResult\n} from '../types/actor';\nimport {getAuthActor} from './_actor.api';\n\nexport const authenticate = async ({\n actorParams,\n args\n}: {\n args: AuthenticationArgs;\n actorParams: ActorParameters;\n}): Promise<AuthenticationResult> => {\n const {authenticate} = await getAuthActor(actorParams);\n return await authenticate(args);\n};\n\nexport const getDelegation = async ({\n actorParams,\n args\n}: {\n args: GetDelegationArgs;\n actorParams: ActorParameters;\n}): Promise<GetDelegationResult> => {\n const {get_delegation} = await getAuthActor(actorParams);\n return await get_delegation(args);\n};\n", "import {DelegationChain, DelegationIdentity, type ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport type {AuthenticatedIdentity} from '../types/authenticate';\nimport type {Delegations} from '../types/session';\n\nexport const generateIdentity = ({\n delegations,\n sessionKey\n}: {\n delegations: Delegations;\n sessionKey: ECDSAKeyIdentity;\n}): AuthenticatedIdentity => {\n const [userKey, signedDelegations] = delegations;\n\n const delegationChain = DelegationChain.fromDelegations(\n signedDelegations,\n Uint8Array.from(userKey)\n );\n\n const identity = DelegationIdentity.fromDelegation(sessionKey, delegationChain);\n\n return {identity, delegationChain, sessionKey};\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {AuthenticationUndefinedJwtError} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\nimport {finalizeOAuth} from './_api';\nimport type {AuthenticationGitHubRedirect} from './types/authenticate';\n\nexport const authenticateGitHubWithRedirect = async <T extends AuthParameters>({\n auth,\n context,\n redirect: {finalizeUrl}\n}: {\n auth: AuthParameters;\n context: Omit<OpenIdAuthContext, 'state'>;\n redirect: AuthenticationGitHubRedirect;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {search}\n } = window;\n\n const urlParams = new URLSearchParams(search);\n const code = urlParams.get('code');\n const state = urlParams.get('state');\n\n const result = await finalizeOAuth({\n url: finalizeUrl,\n body: {code, state}\n });\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {token: idToken}\n } = result;\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n url\n}: {\n url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n credentials: 'include'\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n return await result.json();\n } catch (error: unknown) {\n return {error: new ApiGitHubInitError({cause: error})};\n }\n};\n\nexport const finalizeOAuth = async ({\n url,\n body\n}: {\n url: string;\n body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n method: 'POST',\n credentials: 'include',\n headers: {'Content-Type': 'application/json'},\n body: JSON.stringify(body)\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n return await result.json();\n } catch (error: unknown) {\n return {error: new ApiGitHubFinalizeError({cause: error})};\n }\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {\n AuthenticationInvalidStateError,\n AuthenticationUndefinedJwtError,\n AuthenticationUrlHashError\n} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\n\nexport const authenticateGoogleWithRedirect = async <T extends AuthParameters>({\n auth,\n context\n}: {\n auth: AuthParameters;\n context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {hash}\n } = window;\n\n if (isEmptyString(hash) || !hash.startsWith('#')) {\n throw new AuthenticationUrlHashError('No hash found in the current location URL');\n }\n\n const params = new URLSearchParams(hash.slice(1));\n const state = params.get('state');\n const idToken = params.get('id_token');\n\n const {state: savedState} = context;\n\n if (isEmptyString(savedState) || state !== savedState) {\n throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n }\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {GITHUB_PROVIDER} from './_constants';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {authenticateGitHubWithRedirect} from './providers/github/authenticate';\nimport {authenticateGoogleWithRedirect} from './providers/google/authenticate';\nimport type {\n AuthenticatedSession,\n AuthenticationParams,\n AuthParameters\n} from './types/authenticate';\n\nexport const authenticate = async <T extends AuthParameters>(\n params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n const context = loadContext();\n\n if ('github' in params) {\n const {\n github: {redirect, auth}\n } = params;\n\n const {finalizeUrl} = GITHUB_PROVIDER;\n\n return await authenticateGitHubWithRedirect<T>({\n redirect: redirect ?? {finalizeUrl},\n auth,\n context\n });\n }\n\n const {google} = params;\n\n if ('credentials' in google) {\n const {\n credentials: {jwt},\n auth\n } = google;\n\n return await authenticateSession({\n jwt,\n context,\n auth\n });\n }\n\n return await authenticateGoogleWithRedirect<T>({...google, context});\n};\n", "import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n const requestUrl = parseUrl({url: initUrl});\n requestUrl.searchParams.set('nonce', nonce);\n\n const result = await initOAuth({url: requestUrl.toString()});\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {state}\n } = result;\n\n return state;\n };\n\n return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n authUrl,\n clientId,\n authScopes,\n state,\n redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared by the proxy backend with the value it initiated.\n requestUrl.searchParams.set('state', state);\n\n window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n requestGoogleJwtWithCredentials,\n requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n RequestGoogleJwtCredentialsParams,\n RequestGoogleJwtParams,\n RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n args:\n | {\n google: RequestGoogleJwtParams;\n }\n | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n if ('github' in args) {\n const {github} = args;\n\n const {redirect} = github;\n const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n const context = await initContext({\n generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n });\n\n requestGitHubJwtWithRedirect({\n ...restRedirect,\n ...context,\n authUrl,\n authScopes\n });\n return;\n }\n\n const context = await initContext({generateState: generateGoogleState});\n\n const {google} = args;\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestGoogleJwtWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestGoogleJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n", "/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n * - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n const {userAgent} = navigator;\n\n // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n if (isSamsungBrowser) {\n return false;\n }\n\n return 'IdentityCredential' in window;\n};\n"],
5
+ "mappings": ";;AAGO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,EAEaC,EAA0E,CACrF,QAAS,2CACT,WAAY,CAAC,YAAa,YAAY,EACtC,QAAS,6CACT,YAAa,gDACf,ECjBA,OAAQ,aAAAC,OAAgB,iBACxB,OAAQ,sBAAAC,OAAyB,yBCD1B,IAAMC,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,EAEvCC,EAAN,cAAiC,KAAM,CAC5C,YAAYC,EAAwB,CAClC,MAAM,qCAAsCA,CAAO,CACrD,CACF,EAEaC,EAAN,cAAqC,KAAM,CAChD,YAAYD,EAAwB,CAClC,MAAM,mCAAoCA,CAAO,CACnD,CACF,ECxBA,OAAQ,2BAAAE,OAA8B,iBCAtC,OAAQ,sBAAAC,OAAyB,iBAK1B,IAAMC,EAAeC,GAC1BC,GAAmBD,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EAE7EE,EAAW,CAAC,CAAC,IAAAC,CAAG,IAA0B,CACrD,GAAI,CAEF,OAAO,IAAI,IAAIA,CAAG,CACpB,MAA0B,CACxB,MAAM,IAAIC,EAAgB,uBAAwB,CAAC,MAAOD,CAAG,CAAC,CAChE,CACF,EDVA,IAAME,GAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,GAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,GAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,GAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,GAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,GAAoB,sBAAAC,OAAyB,iBACrD,OAAQ,sBAAAC,OAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,GAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,GAAmB,eAAeW,CAAU,EACpD,KAAMb,GAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EJ3BO,IAAMO,EAAc,MAAO,CAChC,cAAAC,CACF,IAEkE,CAChE,IAAMC,EAASC,GAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAE5CK,EAAQ,MAAMN,EAAc,CAAC,MAAAG,CAAK,CAAC,EAEnCI,EAAaC,EAAiB,CAClC,OAAAP,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQG,EAAaF,CAAU,EAEvC,CACL,MAAAJ,EACA,MAAAG,CACF,CACF,EAEaI,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,GAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC,EKzCA,OAAQ,gBAAAI,OAAmB,iBAE3B,OAAQ,cAAAC,GAAY,oBAAAC,OAAuB,yBCF3C,OAGE,mBAAAC,GACA,qBAAAC,OACK,6BAGA,IAAMC,EAAe,CAAC,CAC3B,KAAAC,EACA,SAAAC,CACF,IACE,cAAeD,EACXF,GAAkB,CAAC,GAAGE,EAAK,UAAW,SAAAC,CAAQ,CAAC,EAC/CJ,GAAgB,CAAC,GAAGG,EAAK,QAAS,SAAAC,CAAQ,CAAC,ECL1C,IAAMC,EAAe,MAAO,CACjC,YAAAC,EACA,KAAAC,CACF,IAGqC,CACnC,GAAM,CAAC,aAAAF,CAAY,EAAI,MAAMG,EAAaF,CAAW,EACrD,OAAO,MAAMD,EAAaE,CAAI,CAChC,EAEaE,EAAgB,MAAO,CAClC,YAAAH,EACA,KAAAC,CACF,IAGoC,CAClC,GAAM,CAAC,eAAAG,CAAc,EAAI,MAAMF,EAAaF,CAAW,EACvD,OAAO,MAAMI,EAAeH,CAAI,CAClC,EC7BA,OAAQ,mBAAAI,GAAiB,sBAAAC,OAAgD,yBAIlE,IAAMC,EAAmB,CAAC,CAC/B,YAAAC,EACA,WAAAC,CACF,IAG6B,CAC3B,GAAM,CAACC,EAASC,CAAiB,EAAIH,EAE/BI,EAAkBP,GAAgB,gBACtCM,EACA,WAAW,KAAKD,CAAO,CACzB,EAIA,MAAO,CAAC,SAFSJ,GAAmB,eAAeG,EAAYG,CAAe,EAE5D,gBAAAA,EAAiB,WAAAH,CAAU,CAC/C,EHJO,IAAMI,EAAsB,MAAiC,CAClE,IAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA4D,CAC1D,IAAMC,EAAa,MAAMC,GAAiB,SAAS,CAAC,YAAa,EAAK,CAAC,EAEjEC,EAAY,IAAI,WAAWF,EAAW,aAAa,EAAE,MAAM,CAAC,EAE5D,CAAC,YAAAG,EAAa,KAAAC,CAAI,EAAI,MAAMC,GAAgB,CAChD,IAAAR,EACA,UAAAK,EACA,QAAAJ,EACA,KAAAC,CACF,CAAC,EAOD,MAAO,CAAC,SALSO,EAAiB,CAChC,WAAAN,EACA,YAAAG,CACF,CAAC,EAEiB,KAAAC,CAAI,CACxB,EAEMC,GAAe,MAAiC,CACpD,IAAAR,EACA,UAAAK,EACA,QAAS,CAAC,OAAAK,EAAQ,KAAAC,CAAI,EACtB,KAAAT,CACF,IAE6F,CAC3F,IAAMU,EAAS,MAAMJ,EAAgB,CACnC,KAAM,CACJ,OAAQ,CACN,IAAAR,EACA,YAAaK,EACb,KAAAM,CACF,CACF,EACA,YAAa,CACX,KAAAT,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EACX,MAAM,IAAIC,EAAoB,wBAAyB,CAAC,MAAOD,CAAM,CAAC,EAGxE,GAAM,CACJ,WAAY,CAAC,SAAUE,EAAS,WAAAC,CAAU,EAC1C,GAAGC,CACL,EAAIJ,EAAO,GAELK,EAAmB,MAAMC,GAAmB,CAChD,IAAAlB,EACA,QAAS,CAAC,OAAAU,EAAQ,KAAAC,CAAI,EACtB,KAAAT,EACA,UAAAG,EACA,WAAAU,CACF,CAAC,EAEK,CAAC,WAAAI,EAAY,UAAAC,CAAS,EAAIH,EAC1B,CAAC,OAAAI,EAAQ,WAAYC,EAAkB,QAAAC,EAAO,EAAIJ,EAgBxD,MAAO,CAAC,YAdyB,CAC/BL,EACA,CACE,CACE,WAAY,IAAIU,GACd,WAAW,KAAKH,CAAM,EACtBC,EACAG,GAAaF,EAAO,CACtB,EACA,UAAW,WAAW,KAAKH,CAAS,CACtC,CACF,CACF,EAEqB,KAAMJ,CAA6B,CAC1D,EAEME,GAAqB,MAAO,CAChC,IAAAlB,EACA,UAAAK,EACA,QAAS,CAAC,KAAAM,EAAM,OAAAD,CAAM,EACtB,KAAAR,EACA,WAAAa,EACA,WAAAW,EAAa,CACf,IAIsD,CACpD,QAASC,EAAI,EAAGA,EAAID,EAAYC,IAAK,CAEnC,MAAM,IAAI,QAASC,GAAY,CAC7B,YAAYA,EAAS,IAAOD,CAAC,CAC/B,CAAC,EAWD,IAAMf,EAAS,MAAMiB,EAAiB,CACpC,KAV8B,CAC9B,OAAQ,CACN,IAAA7B,EACA,YAAaK,EACb,KAAAM,EACA,WAAAI,CACF,CACF,EAIE,YAAa,CACX,KAAAb,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EAAQ,CACnB,GAAM,CAAC,IAAAkB,CAAG,EAAIlB,EAOd,GALI,qBAAsBkB,GAKtB,kBAAmBA,EAErB,SAGF,MAAM,IAAIC,EAAmB,4BAA6B,CAAC,MAAOnB,CAAM,CAAC,CAC3E,CAEA,OAAOA,EAAO,EAChB,CAEA,MAAM,IAAIoB,CACZ,EI3JA,OAAQ,iBAAAC,OAAoB,iBCErB,IAAMC,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF,EDrCO,IAAMK,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,EACA,SAAU,CAAC,YAAAC,CAAW,CACxB,IAIwC,CACtC,GAAM,CACJ,SAAU,CAAC,OAAAC,CAAM,CACnB,EAAI,OAEEC,EAAY,IAAI,gBAAgBD,CAAM,EACtCE,EAAOD,EAAU,IAAI,MAAM,EAC3BE,EAAQF,EAAU,IAAI,OAAO,EAE7BG,EAAS,MAAMC,EAAc,CACjC,IAAKN,EACL,KAAM,CAAC,KAAAG,EAAM,MAAAC,CAAK,CACpB,CAAC,EAED,GAAI,UAAWC,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAOE,CAAO,CAC1B,EAAIF,EAGJ,GAAIG,GAAcD,CAAO,EACvB,MAAM,IAAIE,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKH,EACL,KAAAT,EACA,QAAAC,CACF,CAAC,CACH,EEhDA,OAAQ,iBAAAY,MAAoB,iBAUrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMC,EAAS,IAAI,gBAAgBH,EAAK,MAAM,CAAC,CAAC,EAC1CI,EAAQD,EAAO,IAAI,OAAO,EAC1BE,EAAUF,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOG,CAAU,EAAIP,EAE5B,GAAIE,EAAcK,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIH,EAAcI,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKJ,EACL,KAAAP,EACA,QAAAC,CACF,CAAC,CACH,EClCO,IAAMW,GAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,WAAYF,EAAQ,CACtB,GAAM,CACJ,OAAQ,CAAC,SAAAG,EAAU,KAAAC,CAAI,CACzB,EAAIJ,EAEE,CAAC,YAAAK,CAAW,EAAIC,EAEtB,OAAO,MAAMC,EAAkC,CAC7C,SAAUJ,GAAY,CAAC,YAAAE,CAAW,EAClC,KAAAD,EACA,QAAAH,CACF,CAAC,CACH,CAEA,GAAM,CAAC,OAAAO,CAAM,EAAIR,EAEjB,GAAI,gBAAiBQ,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAC,CAAG,EACjB,KAAAL,CACF,EAAII,EAEJ,OAAO,MAAME,EAAoB,CAC/B,IAAAD,EACA,QAAAR,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAMO,EAAkC,CAAC,GAAGH,EAAQ,QAAAP,CAAO,CAAC,CACrE,ECzCO,IAAMW,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAErEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC3BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,GAAW,kBAAAC,OAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,GAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,GAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,GAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,GACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,GAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH,CCrEO,IAAMc,GAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
6
+ "names": ["CONTEXT_KEY", "GOOGLE_PROVIDER", "GITHUB_PROVIDER", "isNullish", "Ed25519KeyIdentity", "InvalidUrlError", "ContextUndefinedError", "FedCMIdentityCredentialUndefinedError", "FedCMIdentityCredentialInvalidError", "AuthenticationError", "AuthenticationUrlHashError", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "GetDelegationError", "GetDelegationRetryError", "ApiGitHubInitError", "options", "ApiGitHubFinalizeError", "arrayBufferToUint8Array", "uint8ArrayToBase64", "toBase64URL", "uint8Array", "uint8ArrayToBase64", "parseUrl", "url", "InvalidUrlError", "generateSalt", "buildNonce", "salt", "caller", "principal", "bytes", "hash", "toBase64URL", "arrayBufferToUint8Array", "generateNonce", "base64ToUint8Array", "uint8ArrayToBase64", "Ed25519KeyIdentity", "JSON_KEY_CALLER", "JSON_KEY_SALT", "JSON_KEY_STATE", "stringifyContext", "caller", "state", "salt", "data", "parseContext", "jsonData", "jsonCaller", "jsonSalt", "initContext", "generateState", "caller", "Ed25519KeyIdentity", "nonce", "salt", "generateNonce", "state", "storedData", "stringifyContext", "CONTEXT_KEY", "loadContext", "storedContext", "isNullish", "ContextUndefinedError", "parseContext", "fromNullable", "Delegation", "ECDSAKeyIdentity", "getConsoleActor", "getSatelliteActor", "getAuthActor", "auth", "identity", "authenticate", "actorParams", "args", "getAuthActor", "getDelegation", "get_delegation", "DelegationChain", "DelegationIdentity", "generateIdentity", "delegations", "sessionKey", "userKey", "signedDelegations", "delegationChain", "authenticateSession", "jwt", "context", "auth", "sessionKey", "ECDSAKeyIdentity", "publicKey", "delegations", "data", "authenticate", "generateIdentity", "caller", "salt", "result", "AuthenticationError", "userKey", "expiration", "rest", "signedDelegation", "retryGetDelegation", "delegation", "signature", "pubkey", "signedExpiration", "targets", "Delegation", "fromNullable", "maxRetries", "i", "resolve", "getDelegation", "Err", "GetDelegationError", "GetDelegationRetryError", "isEmptyString", "initOAuth", "url", "result", "error", "ApiGitHubInitError", "finalizeOAuth", "body", "ApiGitHubFinalizeError", "authenticateGitHubWithRedirect", "auth", "context", "finalizeUrl", "search", "urlParams", "code", "state", "result", "finalizeOAuth", "idToken", "isEmptyString", "AuthenticationUndefinedJwtError", "authenticateSession", "isEmptyString", "authenticateGoogleWithRedirect", "auth", "context", "hash", "isEmptyString", "AuthenticationUrlHashError", "params", "state", "idToken", "savedState", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "authenticateSession", "authenticate", "params", "context", "loadContext", "redirect", "auth", "finalizeUrl", "GITHUB_PROVIDER", "authenticateGitHubWithRedirect", "google", "jwt", "authenticateSession", "authenticateGoogleWithRedirect", "buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect", "isFedCMSupported", "userAgent"]
7
7
  }
package/dist/types/_constants.d.ts CHANGED
@@ -1,3 +1,5 @@
1
+ import type { OpenIdGitHubProvider } from './providers/github/types/provider';
1
2
  import type { OpenIdProvider } from './types/provider';
2
3
  export declare const CONTEXT_KEY = "juno:auth:openid";
3
4
  export declare const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'>;
5
+ export declare const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'>;
package/dist/types/_context.d.ts CHANGED
@@ -1,6 +1,10 @@
1
1
  import type { OpenIdAuthContext } from './types/context';
2
2
  import type { Nonce } from './types/nonce';
3
- export declare const initContext: () => Promise<{
3
+ export declare const initContext: ({ generateState }: {
4
+ generateState: (params: {
5
+ nonce: Nonce;
6
+ }) => Promise<string>;
7
+ }) => Promise<{
4
8
  nonce: Nonce;
5
9
  } & Pick<OpenIdAuthContext, "state">>;
6
10
  export declare const loadContext: () => OpenIdAuthContext;
package/dist/types/errors.d.ts CHANGED
@@ -18,3 +18,9 @@ export declare class GetDelegationError extends Error {
18
18
  }
19
19
  export declare class GetDelegationRetryError extends Error {
20
20
  }
21
+ export declare class ApiGitHubInitError extends Error {
22
+ constructor(options?: ErrorOptions);
23
+ }
24
+ export declare class ApiGitHubFinalizeError extends Error {
25
+ constructor(options?: ErrorOptions);
26
+ }
package/dist/types/index.d.ts CHANGED
@@ -1,5 +1,10 @@
1
1
  export * from './authenticate';
2
2
  export * from './errors';
3
+ export type * from './providers/github/types/authenticate';
4
+ export type * from './providers/github/types/provider';
5
+ export type * from './providers/github/types/request';
6
+ export type * from './providers/google/types/authenticate';
7
+ export type * from './providers/google/types/request';
3
8
  export * from './request';
4
9
  export type * from './types/authenticate';
5
10
  export type * from './types/provider';
package/dist/types/providers/github/_api.d.ts ADDED
@@ -0,0 +1,22 @@
1
+ export declare const initOAuth: ({ url }: {
2
+ url: string;
3
+ }) => Promise<{
4
+ success: {
5
+ state: string;
6
+ };
7
+ } | {
8
+ error: unknown;
9
+ }>;
10
+ export declare const finalizeOAuth: ({ url, body }: {
11
+ url: string;
12
+ body: {
13
+ code: string | null;
14
+ state: string | null;
15
+ };
16
+ }) => Promise<{
17
+ success: {
18
+ token: string;
19
+ };
20
+ } | {
21
+ error: unknown;
22
+ }>;
package/dist/types/providers/github/_context.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ import type { Nonce } from '../../types/nonce';
2
+ import type { OpenIdGitHubProvider } from './types/provider';
3
+ export declare const buildGenerateState: ({ initUrl }: Pick<OpenIdGitHubProvider, "initUrl">) => ({ nonce }: {
4
+ nonce: Nonce;
5
+ }) => Promise<string>;
package/dist/types/providers/github/_openid.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { RequestGitHubJwtWithRedirect } from './types/openid';
2
+ export declare const requestGitHubJwtWithRedirect: ({ authUrl, clientId, authScopes, state, redirectUrl }: RequestGitHubJwtWithRedirect) => void;
package/dist/types/providers/github/authenticate.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ import type { AuthenticatedSession, AuthParameters } from '../../types/authenticate';
2
+ import type { OpenIdAuthContext } from '../../types/context';
3
+ import type { AuthenticationGitHubRedirect } from './types/authenticate';
4
+ export declare const authenticateGitHubWithRedirect: <T extends AuthParameters>({ auth, context, redirect: { finalizeUrl } }: {
5
+ auth: AuthParameters;
6
+ context: Omit<OpenIdAuthContext, "state">;
7
+ redirect: AuthenticationGitHubRedirect;
8
+ }) => Promise<AuthenticatedSession<T>>;
package/dist/types/providers/github/types/authenticate.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { OpenIdGitHubProvider } from './provider';
2
+ export type AuthenticationGitHubRedirect = Pick<OpenIdGitHubProvider, 'finalizeUrl'>;
package/dist/types/providers/github/types/openid.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ import type { OpenIdAuthContext } from '../../../types/context';
2
+ import type { OpenIdProvider } from '../../../types/provider';
3
+ import type { OpenIdGitHubProvider } from './provider';
4
+ import type { RequestGitHubJwtRedirect } from './request';
5
+ export type RequestGitHubJwtWithRedirect = Pick<OpenIdAuthContext, 'state'> & RequestGitHubJwtRedirect & Omit<OpenIdGitHubProvider, 'redirectUrl' | 'initUrl' | 'finalizeUrl'> & Partial<Pick<OpenIdProvider, 'redirectUrl'>>;
package/dist/types/providers/github/types/provider.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ import type { OpenIdProvider } from '../../../types/provider';
2
+ export type GitHubAuthScope = 'read:user' | 'user:email';
3
+ export interface OpenIdGitHubProvider extends Omit<OpenIdProvider, 'authScopes' | 'configUrl'> {
4
+ authScopes: GitHubAuthScope[];
5
+ initUrl: string;
6
+ finalizeUrl: string;
7
+ }
package/dist/types/providers/github/types/request.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ import type { OpenIdProvider } from '../../../types/provider';
2
+ import type { RequestJwt } from '../../../types/request';
3
+ import type { OpenIdGitHubProvider } from './provider';
4
+ export type RequestGitHubJwtRedirect = RequestJwt & Partial<Pick<OpenIdProvider, 'redirectUrl'>> & Partial<Pick<OpenIdGitHubProvider, 'authScopes' | 'initUrl'>>;
5
+ export interface RequestGitHubJwtRedirectParams {
6
+ redirect: RequestGitHubJwtRedirect;
7
+ }
package/dist/types/providers/google/_context.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ import type { Nonce } from '../../types/nonce';
2
+ export declare const generateGoogleState: (_params: {
3
+ nonce: Nonce;
4
+ }) => Promise<string>;
package/dist/types/{_openid.d.ts → providers/google/_openid.d.ts} RENAMED
@@ -1,4 +1,4 @@
1
- import type { RequestJwtWithCredentials, RequestJwtWithRedirect } from './types/openid';
1
+ import type { RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect } from './types/openid';
2
2
  /**
3
3
  * Initiates an OpenID Connect authorization request by redirecting the browser.
4
4
  *
@@ -6,13 +6,13 @@ import type { RequestJwtWithCredentials, RequestJwtWithRedirect } from './types/
6
6
  * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
7
7
  * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect
8
8
  */
9
- export declare const requestJwtWithRedirect: ({ authUrl, clientId, nonce, loginHint, authScopes, state, redirectUrl }: RequestJwtWithRedirect) => void;
9
+ export declare const requestGoogleJwtWithRedirect: ({ authUrl, clientId, nonce, loginHint, authScopes, state, redirectUrl }: RequestGoogleJwtWithRedirect) => void;
10
10
  /**
11
11
  * References:
12
12
  * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options
13
13
  * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider
14
14
  * - https://privacysandbox.google.com/cookies/fedcm/why
15
15
  */
16
- export declare const requestWithCredentials: ({ configUrl: configURL, clientId, nonce, loginHint, domainHint }: RequestJwtWithCredentials) => Promise<{
16
+ export declare const requestGoogleJwtWithCredentials: ({ configUrl: configURL, clientId, nonce, loginHint, domainHint }: RequestGoogleJwtWithCredentials) => Promise<{
17
17
  jwt: string;
18
18
  }>;
package/dist/types/providers/google/authenticate.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ import type { AuthenticatedSession, AuthParameters } from '../../types/authenticate';
2
+ import type { OpenIdAuthContext } from '../../types/context';
3
+ export declare const authenticateGoogleWithRedirect: <T extends AuthParameters>({ auth, context }: {
4
+ auth: AuthParameters;
5
+ context: OpenIdAuthContext;
6
+ }) => Promise<AuthenticatedSession<T>>;
package/dist/types/providers/google/types/authenticate.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export interface AuthenticationGoogleCredentials {
2
+ jwt: string;
3
+ }
package/dist/types/providers/google/types/openid.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ import type { OpenIdAuthContext } from '../../../types/context';
2
+ import type { Nonce } from '../../../types/nonce';
3
+ import type { OpenIdProvider } from '../../../types/provider';
4
+ import type { RequestGoogleJwtCredentials, RequestGoogleJwtRedirect } from './request';
5
+ interface RequestOpenIdJwt {
6
+ nonce: Nonce;
7
+ }
8
+ export type RequestGoogleJwtWithRedirect = RequestOpenIdJwt & Pick<OpenIdAuthContext, 'state'> & RequestGoogleJwtRedirect & Pick<OpenIdProvider, 'clientId' | 'authUrl' | 'authScopes'> & Partial<Pick<OpenIdProvider, 'redirectUrl'>>;
9
+ export type RequestGoogleJwtWithCredentials = RequestOpenIdJwt & RequestGoogleJwtCredentials & Pick<OpenIdProvider, 'clientId' | 'configUrl'>;
10
+ export {};
package/dist/types/providers/google/types/request.d.ts ADDED
@@ -0,0 +1,16 @@
1
+ import type { OpenIdProvider } from '../../../types/provider';
2
+ import type { RequestJwt } from '../../../types/request';
3
+ export type RequestGoogleJwtRedirect = RequestJwt & Partial<Pick<OpenIdProvider, 'authScopes' | 'redirectUrl'>> & {
4
+ loginHint?: string;
5
+ };
6
+ export type RequestGoogleJwtCredentials = RequestJwt & {
7
+ loginHint?: string;
8
+ domainHint?: string | 'any';
9
+ };
10
+ export interface RequestGoogleJwtRedirectParams {
11
+ redirect: RequestGoogleJwtRedirect;
12
+ }
13
+ export interface RequestGoogleJwtCredentialsParams {
14
+ credentials: RequestGoogleJwtCredentials;
15
+ }
16
+ export type RequestGoogleJwtParams = RequestGoogleJwtRedirectParams | RequestGoogleJwtCredentialsParams;
package/dist/types/request.d.ts CHANGED
@@ -1,7 +1,11 @@
1
- import type { RequestJwtCredentialsParams, RequestJwtCredentialsResult, RequestJwtRedirectParams } from './types/request';
1
+ import type { RequestGitHubJwtRedirectParams } from './providers/github/types/request';
2
+ import type { RequestGoogleJwtCredentialsParams, RequestGoogleJwtRedirectParams } from './providers/google/types/request';
3
+ import type { RequestJwtCredentialsResult } from './types/request';
2
4
  export declare function requestJwt(args: {
3
- google: RequestJwtCredentialsParams;
5
+ google: RequestGoogleJwtCredentialsParams;
4
6
  }): Promise<RequestJwtCredentialsResult>;
5
7
  export declare function requestJwt(args: {
6
- google: RequestJwtRedirectParams;
8
+ google: RequestGoogleJwtRedirectParams;
9
+ } | {
10
+ github: RequestGitHubJwtRedirectParams;
7
11
  }): Promise<void>;
package/dist/types/types/authenticate.d.ts CHANGED
@@ -1,15 +1,21 @@
1
1
  import type { DelegationChain, DelegationIdentity, ECDSAKeyIdentity } from '@icp-sdk/core/identity';
2
2
  import type { ConsoleParameters, SatelliteParameters } from '@junobuild/ic-client/actor';
3
+ import type { AuthenticationGitHubRedirect } from '../providers/github/types/authenticate';
4
+ import type { AuthenticationGoogleCredentials } from '../providers/google/types/authenticate';
3
5
  import type { AuthenticationData } from './actor';
4
- export interface AuthenticationCredentials {
5
- jwt: string;
6
- }
7
6
  export type AuthenticationParams<T extends AuthParameters = AuthParameters> = {
8
- redirect: null;
9
- auth: T;
7
+ google: {
8
+ redirect: null;
9
+ auth: T;
10
+ } | {
11
+ credentials: AuthenticationGoogleCredentials;
12
+ auth: T;
13
+ };
10
14
  } | {
11
- credentials: AuthenticationCredentials;
12
- auth: T;
15
+ github: {
16
+ redirect: AuthenticationGitHubRedirect | null;
17
+ auth: T;
18
+ };
13
19
  };
14
20
  export interface AuthenticatedIdentity {
15
21
  identity: DelegationIdentity;
package/dist/types/types/request.d.ts CHANGED
@@ -1,21 +1,6 @@
1
- import type { OpenIdProvider } from './provider';
2
1
  export interface RequestJwt {
3
2
  clientId: string;
4
3
  }
5
- export type RequestJwtRedirect = RequestJwt & Partial<Pick<OpenIdProvider, 'authScopes' | 'redirectUrl'>> & {
6
- loginHint?: string;
7
- };
8
- export type RequestJwtCredentials = RequestJwt & {
9
- loginHint?: string;
10
- domainHint?: string | 'any';
11
- };
12
- export interface RequestJwtRedirectParams {
13
- redirect: RequestJwtRedirect;
14
- }
15
- export interface RequestJwtCredentialsParams {
16
- credentials: RequestJwtCredentials;
17
- }
18
4
  export interface RequestJwtCredentialsResult {
19
5
  jwt: string;
20
6
  }
21
- export type RequestJwtParams = RequestJwtRedirectParams | RequestJwtCredentialsParams;
package/dist/types/utils/url.utils.d.ts CHANGED
@@ -1 +1,4 @@
1
1
  export declare const toBase64URL: (uint8Array: Uint8Array) => string;
2
+ export declare const parseUrl: ({ url }: {
3
+ url: string;
4
+ }) => URL;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@junobuild/auth",
3
- "version": "2.1.1",
3
+ "version": "3.0.0",
4
4
  "description": "A SDK for working with Juno authentication modules",
5
5
  "author": "David Dal Busco (https://daviddalbusco.com)",
6
6
  "license": "MIT",
package/dist/browser/_openid.js DELETED
@@ -1,2 +0,0 @@
1
- import{a,b}from"./chunk-AO3TH3FT.js";import"./chunk-2BORB4XM.js";export{a as requestJwtWithRedirect,b as requestWithCredentials};
2
- //# sourceMappingURL=_openid.js.map
package/dist/browser/_openid.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": [],
4
- "sourcesContent": [],
5
- "mappings": "",
6
- "names": []
7
- }
package/dist/browser/chunk-2BORB4XM.js DELETED
@@ -1,2 +0,0 @@
1
- var x=class extends Error{},p=class extends Error{},c=class extends Error{},r=class extends Error{},e=class extends Error{},o=class extends Error{},l=class extends Error{},b=class extends Error{},j=class extends Error{},k=class extends Error{};export{x as a,p as b,c,r as d,e,o as f,l as g,b as h,j as i,k as j};
2
- //# sourceMappingURL=chunk-2BORB4XM.js.map
package/dist/browser/chunk-AO3TH3FT.js DELETED
@@ -1,2 +0,0 @@
1
- import{a as d,c as h,d as l}from"./chunk-2BORB4XM.js";import{isNullish as p,notEmptyString as u}from"@dfinity/utils";var C=({authUrl:r,clientId:n,nonce:s,loginHint:i,authScopes:o,state:t,redirectUrl:a})=>{let e=(()=>{try{return new URL(r)}catch{throw new d("Cannot parse authURL",{cause:r})}})();e.searchParams.set("client_id",n);let{location:{origin:m}}=window;e.searchParams.set("redirect_uri",a??m),e.searchParams.set("response_type","code id_token"),e.searchParams.set("scope",o.join(" ")),e.searchParams.set("state",t),e.searchParams.set("nonce",s),u(i)?e.searchParams.set("login_hint",i):e.searchParams.set("prompt","select_account"),window.location.href=e.toString()},P=async({configUrl:r,clientId:n,nonce:s,loginHint:i,domainHint:o})=>{let t=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:r,clientId:n,nonce:s,loginHint:i,domainHint:o}],mode:"active"},mediation:"required"});if(p(t))throw new h;let{type:a}=t;if(a!=="identity"||!("token"in t)||typeof t.token!="string")throw new l("Invalid credential received from FedCM API",{cause:t});let{token:c}=t;return{jwt:c}};export{C as a,P as b};
2
- //# sourceMappingURL=chunk-AO3TH3FT.js.map
package/dist/browser/chunk-AO3TH3FT.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/_openid.ts"],
4
- "sourcesContent": ["import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError,\n InvalidUrlError\n} from './errors';\nimport type {RequestJwtWithCredentials, RequestJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestJwtWithRedirect) => {\n const parseAuthUrl = (): URL => {\n try {\n // Use the URL constructor, for backwards compatibility with older Android/WebView.\n return new URL(authUrl);\n } catch (_error: unknown) {\n throw new InvalidUrlError('Cannot parse authURL', {cause: authUrl});\n }\n };\n\n const requestUrl = parseAuthUrl();\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n"],
5
- "mappings": "sDAAA,OAAQ,aAAAA,EAAW,kBAAAC,MAAqB,iBAejC,IAAMC,EAAyB,CAAC,CACrC,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAA8B,CAU5B,IAAMC,GATe,IAAW,CAC9B,GAAI,CAEF,OAAO,IAAI,IAAIP,CAAO,CACxB,MAA0B,CACxB,MAAM,IAAIQ,EAAgB,uBAAwB,CAAC,MAAOR,CAAO,CAAC,CACpE,CACF,GAEgC,EAEhCO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,EAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAyB,MAAO,CAC3C,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAAyD,CACvD,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,EAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb",
6
- "names": ["isNullish", "notEmptyString", "requestJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "InvalidUrlError", "currentUrl", "notEmptyString", "requestWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt"]
7
- }
package/dist/browser/chunk-HE7SWFN4.js DELETED
@@ -1,2 +0,0 @@
1
- import{a}from"./chunk-VYICNPPG.js";import{b as i}from"./chunk-2BORB4XM.js";import{isNullish as E}from"@dfinity/utils";import{Ed25519KeyIdentity as N}from"@icp-sdk/core/identity";import{arrayBufferToUint8Array as S}from"@dfinity/utils";import{uint8ArrayToBase64 as g}from"@dfinity/utils";var r=t=>g(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"");var x=()=>window.crypto.getRandomValues(new Uint8Array(32)),_=async({salt:t,caller:e})=>{let o=e.getPrincipal().toUint8Array(),n=new Uint8Array(t.length+o.byteLength);n.set(t),n.set(o,t.length);let s=await window.crypto.subtle.digest("SHA-256",n);return r(S(s))},c=async({caller:t})=>{let e=x();return{nonce:await _({salt:e,caller:t}),salt:e}};import{base64ToUint8Array as A,uint8ArrayToBase64 as C}from"@dfinity/utils";import{Ed25519KeyIdentity as u}from"@icp-sdk/core/identity";var p="__caller__",y="__salt__",m="__state__",d=({caller:t,state:e,salt:o})=>{let n={[p]:t.toJSON(),[y]:C(o),[m]:e};return JSON.stringify(n)},l=t=>{let{[p]:e,[y]:o,[m]:n}=JSON.parse(t);return{caller:u.fromParsedJson(e),salt:A(o),state:n}};var f=()=>r(window.crypto.getRandomValues(new Uint8Array(12)));var D=async()=>{let t=N.generate(),{nonce:e,salt:o}=await c({caller:t}),n=f(),s=d({caller:t,salt:o,state:n});return sessionStorage.setItem(a,s),{nonce:e,state:n}},H=()=>{let t=sessionStorage.getItem(a);if(E(t))throw new i;return l(t)};export{D as a,H as b};
2
- //# sourceMappingURL=chunk-HE7SWFN4.js.map
package/dist/browser/chunk-HE7SWFN4.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/_context.ts", "../../src/utils/auth.utils.ts", "../../src/utils/url.utils.ts", "../../src/utils/session-storage.utils.ts", "../../src/utils/state.utils.ts"],
4
- "sourcesContent": ["import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\nimport {generateRandomState} from './utils/state.utils';\n\nexport const initContext = async (): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n const caller = Ed25519KeyIdentity.generate();\n const {nonce, salt} = await generateNonce({caller});\n const state = generateRandomState();\n\n const storedData = stringifyContext({\n caller,\n salt,\n state\n });\n\n sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n return {\n nonce,\n state\n };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n if (isNullish(storedContext)) {\n throw new ContextUndefinedError();\n }\n\n return parseContext(storedContext);\n};\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n const principal = caller.getPrincipal().toUint8Array();\n\n const bytes = new Uint8Array(salt.length + principal.byteLength);\n bytes.set(salt);\n bytes.set(principal, salt.length);\n\n const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n caller\n}: {\n caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n const salt = generateSalt();\n const nonce = await buildNonce({salt, caller});\n\n return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n [JSON_KEY_SALT]: string;\n [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n const data: StoredContext = {\n [JSON_KEY_CALLER]: caller.toJSON(),\n [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n [JSON_KEY_STATE]: state\n };\n\n return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n const {\n [JSON_KEY_CALLER]: jsonCaller,\n [JSON_KEY_SALT]: jsonSalt,\n [JSON_KEY_STATE]: state\n }: StoredContext = JSON.parse(jsonData);\n\n return {\n caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n salt: base64ToUint8Array(jsonSalt),\n state\n };\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n"],
5
- "mappings": "2EAAA,OAAQ,aAAAA,MAAgB,iBACxB,OAAQ,sBAAAC,MAAyB,yBCDjC,OAAQ,2BAAAC,MAA8B,iBCAtC,OAAQ,sBAAAC,MAAyB,iBAI1B,IAAMC,EAAeC,GAC1BF,EAAmBE,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EDA1F,IAAMC,EAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,EAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,EAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,EAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,EAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,EAAoB,sBAAAC,MAAyB,iBACrD,OAAQ,sBAAAC,MAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,EAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,EAAmB,eAAeW,CAAU,EACpD,KAAMb,EAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EClCO,IAAMO,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,EJOxD,IAAMC,EAAc,SAAwE,CACjG,IAAMC,EAASC,EAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAC5CK,EAAQC,EAAoB,EAE5BC,EAAaC,EAAiB,CAClC,OAAAR,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQI,EAAaF,CAAU,EAEvC,CACL,MAAAL,EACA,MAAAG,CACF,CACF,EAEaK,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,EAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC",
6
- "names": ["isNullish", "Ed25519KeyIdentity", "arrayBufferToUint8Array", "uint8ArrayToBase64", "toBase64URL", "uint8Array", "generateSalt", "buildNonce", "salt", "caller", "principal", "bytes", "hash", "toBase64URL", "arrayBufferToUint8Array", "generateNonce", "base64ToUint8Array", "uint8ArrayToBase64", "Ed25519KeyIdentity", "JSON_KEY_CALLER", "JSON_KEY_SALT", "JSON_KEY_STATE", "stringifyContext", "caller", "state", "salt", "data", "parseContext", "jsonData", "jsonCaller", "jsonSalt", "generateRandomState", "toBase64URL", "initContext", "caller", "Ed25519KeyIdentity", "nonce", "salt", "generateNonce", "state", "generateRandomState", "storedData", "stringifyContext", "CONTEXT_KEY", "loadContext", "storedContext", "isNullish", "ContextUndefinedError", "parseContext"]
7
- }
package/dist/browser/chunk-JYGIWWOR.js DELETED
@@ -1,2 +0,0 @@
1
- import{a as i}from"./chunk-PIJCHIUI.js";import{b as m}from"./chunk-HE7SWFN4.js";import{f as h,g as u,h as d}from"./chunk-2BORB4XM.js";import{isEmptyString as o}from"@dfinity/utils";var P=async t=>{let e=m();if("credentials"in t){let{credentials:{jwt:n},auth:a}=t;return await i({jwt:n,context:e,auth:a})}return await w({...t,context:e})},w=async({auth:t,context:e})=>{let{location:{hash:n}}=window;if(o(n)||!n.startsWith("#"))throw new h("No hash found in the current location URL");let a=new URLSearchParams(n.slice(1)),r=a.get("state"),s=a.get("id_token"),{state:c}=e;if(o(c)||r!==c)throw new u("The provided state is invalid",{cause:r});if(o(s))throw new d;return await i({jwt:s,auth:t,context:e})};export{P as a};
2
- //# sourceMappingURL=chunk-JYGIWWOR.js.map
package/dist/browser/chunk-JYGIWWOR.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/authenticate.ts"],
4
- "sourcesContent": ["import {isEmptyString} from '@dfinity/utils';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {\n AuthenticationInvalidStateError,\n AuthenticationUndefinedJwtError,\n AuthenticationUrlHashError\n} from './errors';\nimport type {\n AuthenticatedSession,\n AuthenticationParams,\n AuthParameters\n} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\n\nexport const authenticate = async <T extends AuthParameters>(\n params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n const context = loadContext();\n\n if ('credentials' in params) {\n const {\n credentials: {jwt},\n auth\n } = params;\n\n return await authenticateSession({\n jwt,\n context,\n auth\n });\n }\n\n return await authenticateWithRedirect<T>({...params, context});\n};\n\nconst authenticateWithRedirect = async <T extends AuthParameters>({\n auth,\n context\n}: {\n auth: AuthParameters;\n context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {hash}\n } = window;\n\n if (isEmptyString(hash) || !hash.startsWith('#')) {\n throw new AuthenticationUrlHashError('No hash found in the current location URL');\n }\n\n const params = new URLSearchParams(hash.slice(1));\n const state = params.get('state');\n const idToken = params.get('id_token');\n\n const {state: savedState} = context;\n\n if (isEmptyString(savedState) || state !== savedState) {\n throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n }\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n"],
5
- "mappings": "sIAAA,OAAQ,iBAAAA,MAAoB,iBAerB,IAAMC,EAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,gBAAiBF,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAG,CAAG,EACjB,KAAAC,CACF,EAAIJ,EAEJ,OAAO,MAAMK,EAAoB,CAC/B,IAAAF,EACA,QAAAF,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAME,EAA4B,CAAC,GAAGN,EAAQ,QAAAC,CAAO,CAAC,CAC/D,EAEMK,EAA2B,MAAiC,CAChE,KAAAF,EACA,QAAAH,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAM,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMT,EAAS,IAAI,gBAAgBO,EAAK,MAAM,CAAC,CAAC,EAC1CG,EAAQV,EAAO,IAAI,OAAO,EAC1BW,EAAUX,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOY,CAAU,EAAIX,EAE5B,GAAIO,EAAcI,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIF,EAAcG,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMT,EAAoB,CAC/B,IAAKM,EACL,KAAAP,EACA,QAAAH,CACF,CAAC,CACH",
6
- "names": ["isEmptyString", "authenticate", "params", "context", "loadContext", "jwt", "auth", "authenticateSession", "authenticateWithRedirect", "hash", "isEmptyString", "AuthenticationUrlHashError", "state", "idToken", "savedState", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError"]
7
- }
package/dist/browser/chunk-VYICNPPG.js DELETED
@@ -1,2 +0,0 @@
1
- var o="juno:auth:openid",t={authUrl:"https://accounts.google.com/o/oauth2/v2/auth",authScopes:["openid","profile","email"],configUrl:"https://accounts.google.com/gsi/fedcm.json"};export{o as a,t as b};
2
- //# sourceMappingURL=chunk-VYICNPPG.js.map
package/dist/browser/chunk-VYICNPPG.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/_constants.ts"],
4
- "sourcesContent": ["import type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n authScopes: ['openid', 'profile', 'email'],\n configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n"],
5
- "mappings": "AAEO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb",
6
- "names": ["CONTEXT_KEY", "GOOGLE_PROVIDER"]
7
- }
package/dist/browser/chunk-ZSWBJ7CY.js DELETED
@@ -1,2 +0,0 @@
1
- import{a as i,b as o}from"./chunk-AO3TH3FT.js";import{a as s}from"./chunk-HE7SWFN4.js";import{b as e}from"./chunk-VYICNPPG.js";async function d({google:t}){let r=await s();if("credentials"in t){let{credentials:c}=t,{configUrl:m}=e;return await o({...c,...r,configUrl:m})}let{redirect:a}=t,{authUrl:n,authScopes:u}=e;i({...a,...r,authUrl:n,authScopes:u})}export{d as a};
2
- //# sourceMappingURL=chunk-ZSWBJ7CY.js.map
package/dist/browser/chunk-ZSWBJ7CY.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/request.ts"],
4
- "sourcesContent": ["import {GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {requestJwtWithRedirect, requestWithCredentials} from './_openid';\nimport type {\n RequestJwtCredentialsParams,\n RequestJwtCredentialsResult,\n RequestJwtParams,\n RequestJwtRedirectParams\n} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(args: {google: RequestJwtRedirectParams}): Promise<void>;\n\nexport async function requestJwt({\n google\n}: {\n google: RequestJwtParams;\n}): Promise<RequestJwtCredentialsResult | void> {\n const context = await initContext();\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n"],
5
- "mappings": "+HAgBA,eAAsBA,EAAW,CAC/B,OAAAC,CACF,EAEgD,CAC9C,IAAMC,EAAU,MAAMC,EAAY,EAElC,GAAI,gBAAiBF,EAAQ,CAC3B,GAAM,CAAC,YAAAG,CAAW,EAAIH,EAChB,CAAC,UAAAI,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAuB,CAClC,GAAGH,EACH,GAAGF,EACH,UAAAG,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAG,CAAQ,EAAIP,EACb,CAAC,QAAAQ,EAAS,WAAAC,CAAU,EAAIJ,EAE9BK,EAAuB,CACrB,GAAGH,EACH,GAAGN,EACH,QAAAO,EACA,WAAAC,CACF,CAAC,CACH",
6
- "names": ["requestJwt", "google", "context", "initContext", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestWithCredentials", "redirect", "authUrl", "authScopes", "requestJwtWithRedirect"]
7
- }
package/dist/types/types/openid.d.ts DELETED
@@ -1,10 +0,0 @@
1
- import type { OpenIdAuthContext } from './context';
2
- import type { Nonce } from './nonce';
3
- import type { OpenIdProvider } from './provider';
4
- import type { RequestJwtCredentials, RequestJwtRedirect } from './request';
5
- interface RequestOpenIdJwt {
6
- nonce: Nonce;
7
- }
8
- export type RequestJwtWithRedirect = RequestOpenIdJwt & Pick<OpenIdAuthContext, 'state'> & RequestJwtRedirect & Pick<OpenIdProvider, 'clientId' | 'authUrl' | 'authScopes'> & Partial<Pick<OpenIdProvider, 'redirectUrl'>>;
9
- export type RequestJwtWithCredentials = RequestOpenIdJwt & RequestJwtCredentials & Pick<OpenIdProvider, 'clientId' | 'configUrl'>;
10
- export {};