npm - @logto/browser - Versions diffs - 0.1.2 → 0.1.5 - Mend

@logto/browser 0.1.2 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/index.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
-import { IdTokenClaims, OidcConfigResponse, Requester, UserInfoResponse } from '@logto/js';
+import { IdTokenClaims, Requester, UserInfoResponse } from '@logto/js';
 import { Nullable } from '@silverhand/essentials';
 import { Infer } from 'superstruct';
 export type { IdTokenClaims, UserInfoResponse } from '@logto/js';
 export * from './errors';
 export declare type LogtoConfig = {
     endpoint: string;
-    clientId: string;
+    appId: string;
     scopes?: string[];
     resources?: string[];
     usingPersistStorage?: boolean;
@@ -26,29 +26,40 @@ export declare const LogtoSignInSessionItemSchema: import("superstruct").Struct<
 }>;
 export declare type LogtoSignInSessionItem = Infer<typeof LogtoSignInSessionItemSchema>;
 export default class LogtoClient {
-    protected logtoConfig: LogtoConfig;
-    protected oidcConfig?: OidcConfigResponse;
-    protected logtoStorageKey: string;
-    protected requester: Requester;
-    protected accessTokenMap: Map<string, AccessToken>;
-    private _refreshToken;
+    protected readonly logtoConfig: LogtoConfig;
+    protected readonly getOidcConfig: () => Promise<import("@silverhand/essentials").KeysToCamelCase<{
+        authorization_endpoint: string;
+        token_endpoint: string;
+        userinfo_endpoint: string;
+        end_session_endpoint: string;
+        revocation_endpoint: string;
+        jwks_uri: string;
+        issuer: string;
+    }>>;
+    protected readonly getJwtVerifyGetKey: () => Promise<import("jose/dist/types/types").GetKeyFunction<import("jose").JWSHeaderParameters, import("jose").FlattenedJWSInput>>;
+    protected readonly logtoStorageKey: string;
+    protected readonly requester: Requester;
+    protected readonly accessTokenMap: Map<string, AccessToken>;
+    private readonly getAccessTokenPromiseMap;
     private _idToken;
     constructor(logtoConfig: LogtoConfig, requester?: <T>(input: RequestInfo, init?: RequestInit | undefined) => Promise<T>);
     get isAuthenticated(): boolean;
     protected get signInSession(): Nullable<LogtoSignInSessionItem>;
     protected set signInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>);
-    private get refreshToken();
+    get refreshToken(): Nullable<string>;
     private set refreshToken(value);
-    private get idToken();
+    get idToken(): Nullable<string>;
     private set idToken(value);
-    getAccessToken(resource?: string): Promise<Nullable<string>>;
+    getAccessToken(resource?: string): Promise<string>;
     getIdTokenClaims(): IdTokenClaims;
     fetchUserInfo(): Promise<UserInfoResponse>;
     signIn(redirectUri: string): Promise<void>;
     isSignInRedirected(url: string): boolean;
     handleSignInCallback(callbackUri: string): Promise<void>;
     signOut(postLogoutRedirectUri?: string): Promise<void>;
-    private getOidcConfig;
+    private getAccessTokenByRefreshToken;
+    private _getOidcConfig;
+    private _getJwtVerifyGetKey;
     private verifyIdToken;
     private saveCodeToken;
 }

package/lib/index.js CHANGED Viewed

@@ -9,10 +9,14 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LogtoSignInSessionItemSchema = void 0;
 const js_1 = require("@logto/js");
 const jose_1 = require("jose");
+const lodash_once_1 = __importDefault(require("lodash.once"));
 const superstruct_1 = require("superstruct");
 const errors_1 = require("./errors");
 const utils_1 = require("./utils");
@@ -24,11 +28,13 @@ exports.LogtoSignInSessionItemSchema = (0, superstruct_1.type)({
 });
 class LogtoClient {
     constructor(logtoConfig, requester = (0, js_1.createRequester)()) {
+        this.getOidcConfig = (0, lodash_once_1.default)(this._getOidcConfig);
+        this.getJwtVerifyGetKey = (0, lodash_once_1.default)(this._getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
+        this.getAccessTokenPromiseMap = new Map();
         this.logtoConfig = logtoConfig;
-        this.logtoStorageKey = (0, utils_1.buildLogtoKey)(logtoConfig.clientId);
+        this.logtoStorageKey = (0, utils_1.buildLogtoKey)(logtoConfig.appId);
         this.requester = requester;
-        this._refreshToken = localStorage.getItem((0, utils_1.buildRefreshTokenKey)(this.logtoStorageKey));
         this._idToken = localStorage.getItem((0, utils_1.buildIdTokenKey)(this.logtoStorageKey));
     }
     get isAuthenticated() {
@@ -57,10 +63,9 @@ class LogtoClient {
         sessionStorage.setItem(this.logtoStorageKey, jsonItem);
     }
     get refreshToken() {
-        return this._refreshToken;
+        return localStorage.getItem((0, utils_1.buildRefreshTokenKey)(this.logtoStorageKey));
     }
     set refreshToken(refreshToken) {
-        this._refreshToken = refreshToken;
         const refreshTokenKey = (0, utils_1.buildRefreshTokenKey)(this.logtoStorageKey);
         if (!refreshToken) {
             localStorage.removeItem(refreshTokenKey);
@@ -89,33 +94,28 @@ class LogtoClient {
         if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
             return accessToken.token;
         }
-        // Token expired, remove it from the map
+        // Since the access token has expired, delete it from the map.
         if (accessToken) {
             this.accessTokenMap.delete(accessTokenKey);
         }
-        // Fetch new access token by refresh token
-        const { clientId } = this.logtoConfig;
-        if (!this.refreshToken) {
-            throw new errors_1.LogtoClientError('not_authenticated');
-        }
-        try {
-            const { tokenEndpoint } = await this.getOidcConfig();
-            const { accessToken, refreshToken, idToken, scope, expiresIn } = await (0, js_1.fetchTokenByRefreshToken)({ clientId, tokenEndpoint, refreshToken: this.refreshToken, resource }, this.requester);
-            this.accessTokenMap.set(accessTokenKey, {
-                token: accessToken,
-                scope,
-                expiresAt: Math.round(Date.now() / 1000) + expiresIn,
-            });
-            this.refreshToken = refreshToken;
-            if (idToken) {
-                await this.verifyIdToken(idToken);
-                this.idToken = idToken;
-            }
-            return accessToken;
-        }
-        catch (error) {
-            throw new errors_1.LogtoClientError('get_access_token_by_refresh_token_failed', error);
+        /**
+         * Need to fetch a new access token using refresh token.
+         * Reuse the cached promise if exists.
+         */
+        const cachedPromise = this.getAccessTokenPromiseMap.get(accessTokenKey);
+        if (cachedPromise) {
+            return cachedPromise;
         }
+        /**
+         * Create a new promise and cache in map to avoid race condition.
+         * Since we enable "refresh token rotation" by default,
+         * it will be problematic when calling multiple `getAccessToken()` closely.
+         */
+        const promise = this.getAccessTokenByRefreshToken(resource);
+        this.getAccessTokenPromiseMap.set(accessTokenKey, promise);
+        const token = await promise;
+        this.getAccessTokenPromiseMap.delete(accessTokenKey);
+        return token;
     }
     getIdTokenClaims() {
         if (!this.idToken) {
@@ -132,7 +132,7 @@ class LogtoClient {
         return (0, js_1.fetchUserInfo)(userinfoEndpoint, accessToken, this.requester);
     }
     async signIn(redirectUri) {
-        const { clientId, resources, scopes: customScopes } = this.logtoConfig;
+        const { appId: clientId, resources, scopes: customScopes } = this.logtoConfig;
         const { authorizationEndpoint } = await this.getOidcConfig();
         const codeVerifier = (0, js_1.generateCodeVerifier)();
         const codeChallenge = await (0, js_1.generateCodeChallenge)(codeVerifier);
@@ -166,7 +166,7 @@ class LogtoClient {
         }
         const { redirectUri, state, codeVerifier } = signInSession;
         const code = (0, js_1.verifyAndParseCodeFromCallbackUri)(callbackUri, redirectUri, state);
-        const { clientId } = logtoConfig;
+        const { appId: clientId } = logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
         const codeTokenResponse = await (0, js_1.fetchTokenByAuthorizationCode)({
             clientId,
@@ -177,12 +177,13 @@ class LogtoClient {
         }, requester);
         await this.verifyIdToken(codeTokenResponse.idToken);
         this.saveCodeToken(codeTokenResponse);
+        this.signInSession = null;
     }
     async signOut(postLogoutRedirectUri) {
         if (!this.idToken) {
             throw new errors_1.LogtoClientError('not_authenticated');
         }
-        const { clientId } = this.logtoConfig;
+        const { appId: clientId } = this.logtoConfig;
         const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();
         if (this.refreshToken) {
             try {
@@ -202,19 +203,46 @@ class LogtoClient {
         this.idToken = null;
         window.location.assign(url);
     }
-    async getOidcConfig() {
-        if (!this.oidcConfig) {
-            const { endpoint } = this.logtoConfig;
-            const discoveryEndpoint = (0, utils_1.getDiscoveryEndpoint)(endpoint);
-            this.oidcConfig = await (0, js_1.fetchOidcConfig)(discoveryEndpoint, this.requester);
+    async getAccessTokenByRefreshToken(resource) {
+        if (!this.refreshToken) {
+            throw new errors_1.LogtoClientError('not_authenticated');
         }
-        return this.oidcConfig;
+        try {
+            const accessTokenKey = (0, utils_1.buildAccessTokenKey)(resource);
+            const { appId: clientId } = this.logtoConfig;
+            const { tokenEndpoint } = await this.getOidcConfig();
+            const { accessToken, refreshToken, idToken, scope, expiresIn } = await (0, js_1.fetchTokenByRefreshToken)({ clientId, tokenEndpoint, refreshToken: this.refreshToken, resource }, this.requester);
+            this.accessTokenMap.set(accessTokenKey, {
+                token: accessToken,
+                scope,
+                expiresAt: Math.round(Date.now() / 1000) + expiresIn,
+            });
+            this.refreshToken = refreshToken;
+            if (idToken) {
+                await this.verifyIdToken(idToken);
+                this.idToken = idToken;
+            }
+            return accessToken;
+        }
+        catch (error) {
+            throw new errors_1.LogtoClientError('get_access_token_by_refresh_token_failed', error);
+        }
+    }
+    async _getOidcConfig() {
+        const { endpoint } = this.logtoConfig;
+        const discoveryEndpoint = (0, utils_1.getDiscoveryEndpoint)(endpoint);
+        return (0, js_1.fetchOidcConfig)(discoveryEndpoint, this.requester);
+    }
+    async _getJwtVerifyGetKey() {
+        const { jwksUri } = await this.getOidcConfig();
+        return (0, jose_1.createRemoteJWKSet)(new URL(jwksUri));
     }
     async verifyIdToken(idToken) {
-        const { clientId } = this.logtoConfig;
-        const { issuer, jwksUri } = await this.getOidcConfig();
+        const { appId } = this.logtoConfig;
+        const { issuer } = await this.getOidcConfig();
+        const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
         try {
-            await (0, js_1.verifyIdToken)(idToken, clientId, issuer, (0, jose_1.createRemoteJWKSet)(new URL(jwksUri)));
+            await (0, js_1.verifyIdToken)(idToken, appId, issuer, jwtVerifyGetKey);
         }
         catch (error) {
             throw new errors_1.LogtoClientError('invalid_id_token', error);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@logto/browser",
-  "version": "0.1.2",
+  "version": "0.1.5",
   "main": "./lib/index.js",
   "exports": "./lib/index.js",
   "typings": "./lib/index.d.ts",
@@ -8,6 +8,11 @@
     "lib"
   ],
   "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/logto-io/js.git",
+    "directory": "packages/browser"
+  },
   "scripts": {
     "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
     "preinstall": "npx only-allow pnpm",
@@ -16,21 +21,23 @@
     "lint": "eslint --ext .ts src",
     "test": "jest",
     "test:coverage": "jest --silent --coverage",
-    "prepack": "pnpm test && pnpm build"
+    "prepack": "pnpm test"
   },
   "dependencies": {
-    "@logto/js": "^0.1.2",
+    "@logto/js": "^0.1.5",
     "@silverhand/essentials": "^1.1.6",
     "jose": "^4.5.0",
     "lodash.get": "^4.4.2",
+    "lodash.once": "^4.1.1",
     "superstruct": "^0.15.3"
   },
   "devDependencies": {
     "@jest/types": "^27.5.1",
-    "@silverhand/eslint-config": "^0.9.1",
-    "@silverhand/ts-config": "^0.9.1",
+    "@silverhand/eslint-config": "^0.10.0",
+    "@silverhand/ts-config": "^0.10.0",
     "@types/jest": "^27.4.0",
     "@types/lodash.get": "^4.4.6",
+    "@types/lodash.once": "^4.1.6",
     "eslint": "^8.9.0",
     "jest": "^27.5.1",
     "jest-location-mock": "^1.0.9",
@@ -48,5 +55,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "74bd01ec73a5215b26a96f426b874de9ad474dae"
+  "gitHead": "ed98d55270ae923f95a57fe4f3bc5a5959518c06"
 }