@logto/client 1.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/lib/index.d.ts +96 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +355 -0
- package/lib/index.js.map +1 -0
- package/lib/module.js +323 -0
- package/lib/module.js.map +1 -0
- package/package.json +71 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2022 Silverhand
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/lib/index.d.ts
ADDED
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
import { Requester, Prompt, IdTokenClaims } from "@logto/js";
|
|
2
|
+
import { Nullable, NormalizeKeyPaths } from "@silverhand/essentials";
|
|
3
|
+
import { Infer } from "superstruct";
|
|
4
|
+
export type StorageKey = 'idToken' | 'refreshToken' | 'accessToken' | 'signInSession';
|
|
5
|
+
export interface Storage {
|
|
6
|
+
getItem(key: StorageKey): Nullable<string>;
|
|
7
|
+
setItem(key: StorageKey, value: string): void;
|
|
8
|
+
removeItem(key: StorageKey): void;
|
|
9
|
+
}
|
|
10
|
+
type Navigate = (url: string) => void;
|
|
11
|
+
export type ClientAdapter = {
|
|
12
|
+
requester: Requester;
|
|
13
|
+
storage: Storage;
|
|
14
|
+
navigate: Navigate;
|
|
15
|
+
generateState: () => string;
|
|
16
|
+
generateCodeVerifier: () => string;
|
|
17
|
+
generateCodeChallenge: (codeVerifier: string) => Promise<string>;
|
|
18
|
+
};
|
|
19
|
+
declare const logtoClientErrorCodes: Readonly<{
|
|
20
|
+
sign_in_session: {
|
|
21
|
+
invalid: string;
|
|
22
|
+
not_found: string;
|
|
23
|
+
};
|
|
24
|
+
not_authenticated: string;
|
|
25
|
+
get_access_token_by_refresh_token_failed: string;
|
|
26
|
+
invalid_id_token: string;
|
|
27
|
+
}>;
|
|
28
|
+
export type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;
|
|
29
|
+
export class LogtoClientError extends Error {
|
|
30
|
+
code: LogtoClientErrorCode;
|
|
31
|
+
data: unknown;
|
|
32
|
+
constructor(code: LogtoClientErrorCode, data?: unknown);
|
|
33
|
+
}
|
|
34
|
+
export type LogtoConfig = {
|
|
35
|
+
endpoint: string;
|
|
36
|
+
appId: string;
|
|
37
|
+
scopes?: string[];
|
|
38
|
+
resources?: string[];
|
|
39
|
+
prompt?: Prompt;
|
|
40
|
+
persistAccessToken?: boolean;
|
|
41
|
+
};
|
|
42
|
+
export const AccessTokenSchema: import("superstruct").Struct<{
|
|
43
|
+
token: string;
|
|
44
|
+
scope: string;
|
|
45
|
+
expiresAt: number;
|
|
46
|
+
}, {
|
|
47
|
+
token: import("superstruct").Struct<string, null>;
|
|
48
|
+
scope: import("superstruct").Struct<string, null>;
|
|
49
|
+
expiresAt: import("superstruct").Struct<number, null>;
|
|
50
|
+
}>;
|
|
51
|
+
export type AccessToken = Infer<typeof AccessTokenSchema>;
|
|
52
|
+
export const LogtoSignInSessionItemSchema: import("superstruct").Struct<{
|
|
53
|
+
redirectUri: string;
|
|
54
|
+
codeVerifier: string;
|
|
55
|
+
state: string;
|
|
56
|
+
}, {
|
|
57
|
+
redirectUri: import("superstruct").Struct<string, null>;
|
|
58
|
+
codeVerifier: import("superstruct").Struct<string, null>;
|
|
59
|
+
state: import("superstruct").Struct<string, null>;
|
|
60
|
+
}>;
|
|
61
|
+
export const LogtoAccessTokenMapSchema: import("superstruct").Struct<Record<string, {
|
|
62
|
+
token: string;
|
|
63
|
+
scope: string;
|
|
64
|
+
expiresAt: number;
|
|
65
|
+
}>, null>;
|
|
66
|
+
export type LogtoSignInSessionItem = Infer<typeof LogtoSignInSessionItemSchema>;
|
|
67
|
+
export const createRequester: (fetchFunction: typeof fetch) => Requester;
|
|
68
|
+
export type { IdTokenClaims, LogtoErrorCode } from '@logto/js';
|
|
69
|
+
export { LogtoError, OidcError, Prompt, LogtoRequestError } from '@logto/js';
|
|
70
|
+
export default class LogtoClient {
|
|
71
|
+
protected readonly logtoConfig: LogtoConfig;
|
|
72
|
+
protected readonly getOidcConfig: () => Promise<import("@silverhand/essentials").KeysToCamelCase<import("@logto/js").OidcConfigSnakeCaseResponse>>;
|
|
73
|
+
protected readonly getJwtVerifyGetKey: () => Promise<import("jose/dist/types/types").GetKeyFunction<import("jose").JWSHeaderParameters, import("jose").FlattenedJWSInput>>;
|
|
74
|
+
protected readonly adapter: ClientAdapter;
|
|
75
|
+
protected readonly accessTokenMap: Map<string, {
|
|
76
|
+
token: string;
|
|
77
|
+
scope: string;
|
|
78
|
+
expiresAt: number;
|
|
79
|
+
}>;
|
|
80
|
+
constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter);
|
|
81
|
+
get isAuthenticated(): boolean;
|
|
82
|
+
protected get signInSession(): Nullable<LogtoSignInSessionItem>;
|
|
83
|
+
protected set signInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>);
|
|
84
|
+
get refreshToken(): Nullable<string>;
|
|
85
|
+
private set refreshToken(value);
|
|
86
|
+
get idToken(): Nullable<string>;
|
|
87
|
+
private set idToken(value);
|
|
88
|
+
getAccessToken(resource?: string): Promise<string>;
|
|
89
|
+
getIdTokenClaims(): IdTokenClaims;
|
|
90
|
+
signIn(redirectUri: string): Promise<void>;
|
|
91
|
+
isSignInRedirected(url: string): boolean;
|
|
92
|
+
handleSignInCallback(callbackUri: string): Promise<void>;
|
|
93
|
+
signOut(postLogoutRedirectUri?: string): Promise<void>;
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"mappings":";;;AAGA,yBAAyB,SAAS,GAAG,cAAc,GAAG,aAAa,GAAG,eAAe,CAAC;AAEtF;IACE,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,SAAS,MAAM,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAAC;CACnC;AAED,gBAAuB,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;AAE7C,4BAA4B;IAC1B,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,MAAM,CAAC;IACnC,qBAAqB,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CAClE,CAAC;ACjBF,QAAA,MAAM;;;;;;;;EAQJ,CAAC;AAEH,mCAAmC,kBAAkB,4BAA4B,CAAC,CAAC;AAanF,6BAA8B,SAAQ,KAAK;IACzC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,oBAAoB,EAAE,IAAI,CAAC,EAAE,OAAO;CAKvD;AChCD,0BAA0B;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAEF,OAAO,MAAM;;;;;;;;EAIX,CAAC;AAEH,0BAA0B,MAAM,wBAAwB,CAAC,CAAC;AAE1D,OAAO,MAAM;;;;;;;;EAIX,CAAC;AAEH,OAAO,MAAM;;;;SAA+D,CAAC;AAE7E,qCAAqC,MAAM,mCAAmC,CAAC,CAAC;AC1BhF,OAAO,MAAM,iCAAkC,YAAY,KAAG,SAY7D,CAAC;AEiBF,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAM7E;IACE,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAC5C,SAAS,CAAC,QAAQ,CAAC,aAAa,mHAA6B;IAC7D,SAAS,CAAC,QAAQ,CAAC,kBAAkB,sIAAkC;IAEvE,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAE1C,SAAS,CAAC,QAAQ,CAAC,cAAc;;;;OAAkC;gBAKvD,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa;IAc5D,IAAW,eAAe,YAEzB;IAED,SAAS,KAAK,aAAa,IAAI,SAAS,sBAAsB,CAAC,CAe9D;IAED,SAAS,KAAK,aAAa,CAAC,sBAAsB,EAAE,SAAS,sBAAsB,CAAC,EASnF;IAED,IAAI,YAAY,IAIuB,SAAS,MAAM,CAAC,CAFtD;IAED,OAAO,KAAK,YAAY,QAQvB;IAED,IAAI,OAAO,IAIkB,SAAS,MAAM,CAAC,CAF5C;IAED,OAAO,KAAK,OAAO,QAUlB;IAGY,cAAc,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAyCxD,gBAAgB,IAAI,aAAa;IAQ3B,MAAM,CAAC,WAAW,EAAE,MAAM;IAyBhC,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAYlC,oBAAoB,CAAC,WAAW,EAAE,MAAM;IA8BxC,OAAO,CAAC,qBAAqB,CAAC,EAAE,MAAM;CAgJpD","sources":["packages/client/src/src/adapter.ts","packages/client/src/src/errors.ts","packages/client/src/src/types/index.ts","packages/client/src/src/utils/requester.ts","packages/client/src/src/utils/index.ts","packages/client/src/src/index.ts","packages/client/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,"import {\n CodeTokenResponse,\n decodeIdToken,\n fetchOidcConfig,\n fetchTokenByAuthorizationCode,\n fetchTokenByRefreshToken,\n generateSignInUri,\n generateSignOutUri,\n IdTokenClaims,\n Prompt,\n revoke,\n verifyAndParseCodeFromCallbackUri,\n verifyIdToken,\n withReservedScopes,\n} from '@logto/js';\nimport { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\nimport { assert } from 'superstruct';\n\nimport { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport {\n AccessToken,\n LogtoAccessTokenMapSchema,\n LogtoConfig,\n LogtoSignInSessionItem,\n LogtoSignInSessionItemSchema,\n} from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode } from '@logto/js';\nexport { LogtoError, OidcError, Prompt, LogtoRequestError } from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n protected readonly logtoConfig: LogtoConfig;\n protected readonly getOidcConfig = once(this._getOidcConfig);\n protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n\n protected readonly adapter: ClientAdapter;\n\n protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n private readonly getAccessTokenPromiseMap = new Map<string, Promise<string>>();\n private _idToken: Nullable<string>;\n\n constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n this.logtoConfig = {\n ...logtoConfig,\n prompt: logtoConfig.prompt ?? Prompt.Consent,\n scopes: withReservedScopes(logtoConfig.scopes).split(' '),\n };\n this.adapter = adapter;\n this._idToken = this.adapter.storage.getItem('idToken');\n\n if (this.logtoConfig.persistAccessToken) {\n this.loadAccessTokenMap();\n }\n }\n\n public get isAuthenticated() {\n return Boolean(this.idToken);\n }\n\n protected get signInSession(): Nullable<LogtoSignInSessionItem> {\n const jsonItem = this.adapter.storage.getItem('signInSession');\n\n if (!jsonItem) {\n return null;\n }\n\n try {\n const item: unknown = JSON.parse(jsonItem);\n assert(item, LogtoSignInSessionItemSchema);\n\n return item;\n } catch (error: unknown) {\n throw new LogtoClientError('sign_in_session.invalid', error);\n }\n }\n\n protected set signInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n if (!logtoSignInSessionItem) {\n this.adapter.storage.removeItem('signInSession');\n\n return;\n }\n\n const jsonItem = JSON.stringify(logtoSignInSessionItem);\n this.adapter.storage.setItem('signInSession', jsonItem);\n }\n\n get refreshToken() {\n return this.adapter.storage.getItem('refreshToken');\n }\n\n private set refreshToken(refreshToken: Nullable<string>) {\n if (!refreshToken) {\n this.adapter.storage.removeItem('refreshToken');\n\n return;\n }\n\n this.adapter.storage.setItem('refreshToken', refreshToken);\n }\n\n get idToken() {\n return this._idToken;\n }\n\n private set idToken(idToken: Nullable<string>) {\n this._idToken = idToken;\n\n if (!idToken) {\n this.adapter.storage.removeItem('idToken');\n\n return;\n }\n\n this.adapter.storage.setItem('idToken', idToken);\n }\n\n // eslint-disable-next-line complexity\n public async getAccessToken(resource?: string): Promise<string> {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const accessTokenKey = buildAccessTokenKey(resource);\n const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n return accessToken.token;\n }\n\n // Since the access token has expired, delete it from the map.\n if (accessToken) {\n this.accessTokenMap.delete(accessTokenKey);\n }\n\n /**\n * Need to fetch a new access token using refresh token.\n * Reuse the cached promise if exists.\n */\n const cachedPromise = this.getAccessTokenPromiseMap.get(accessTokenKey);\n\n if (cachedPromise) {\n return cachedPromise;\n }\n\n /**\n * Create a new promise and cache in map to avoid race condition.\n * Since we enable \"refresh token rotation\" by default,\n * it will be problematic when calling multiple `getAccessToken()` closely.\n */\n const promise = this.getAccessTokenByRefreshToken(resource);\n this.getAccessTokenPromiseMap.set(accessTokenKey, promise);\n\n const token = await promise;\n this.getAccessTokenPromiseMap.delete(accessTokenKey);\n\n return token;\n }\n\n public getIdTokenClaims(): IdTokenClaims {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n return decodeIdToken(this.idToken);\n }\n\n public async signIn(redirectUri: string) {\n const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n const { authorizationEndpoint } = await this.getOidcConfig();\n const codeVerifier = this.adapter.generateCodeVerifier();\n const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n const state = this.adapter.generateState();\n\n const signInUri = generateSignInUri({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n });\n\n this.signInSession = { redirectUri, codeVerifier, state };\n this.refreshToken = null;\n this.idToken = null;\n\n this.adapter.navigate(signInUri);\n }\n\n public isSignInRedirected(url: string): boolean {\n const { signInSession } = this;\n\n if (!signInSession) {\n return false;\n }\n const { redirectUri } = signInSession;\n const { origin, pathname } = new URL(url);\n\n return `${origin}${pathname}` === redirectUri;\n }\n\n public async handleSignInCallback(callbackUri: string) {\n const { signInSession, logtoConfig, adapter } = this;\n const { requester } = adapter;\n\n if (!signInSession) {\n throw new LogtoClientError('sign_in_session.not_found');\n }\n\n const { redirectUri, state, codeVerifier } = signInSession;\n const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n const { appId: clientId } = logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const codeTokenResponse = await fetchTokenByAuthorizationCode(\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n },\n requester\n );\n\n await this.verifyIdToken(codeTokenResponse.idToken);\n\n this.saveCodeToken(codeTokenResponse);\n this.signInSession = null;\n }\n\n public async signOut(postLogoutRedirectUri?: string) {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const { appId: clientId } = this.logtoConfig;\n const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n\n if (this.refreshToken) {\n try {\n await revoke(revocationEndpoint, clientId, this.refreshToken, this.adapter.requester);\n } catch {\n // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n }\n }\n\n const url = generateSignOutUri({\n endSessionEndpoint,\n postLogoutRedirectUri,\n idToken: this.idToken,\n });\n\n this.accessTokenMap.clear();\n this.refreshToken = null;\n this.idToken = null;\n\n this.adapter.navigate(url);\n }\n\n private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n if (!this.refreshToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n try {\n const accessTokenKey = buildAccessTokenKey(resource);\n const { appId: clientId } = this.logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const { accessToken, refreshToken, idToken, scope, expiresIn } =\n await fetchTokenByRefreshToken(\n {\n clientId,\n tokenEndpoint,\n refreshToken: this.refreshToken,\n resource,\n scopes: resource ? ['offline_access'] : undefined, // Force remove openid scope from the request\n },\n this.adapter.requester\n );\n\n this.accessTokenMap.set(accessTokenKey, {\n token: accessToken,\n scope,\n expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n });\n this.saveAccessTokenMap();\n\n this.refreshToken = refreshToken;\n\n if (idToken) {\n await this.verifyIdToken(idToken);\n this.idToken = idToken;\n }\n\n return accessToken;\n } catch (error: unknown) {\n throw new LogtoClientError('get_access_token_by_refresh_token_failed', error);\n }\n }\n\n private async _getOidcConfig() {\n const { endpoint } = this.logtoConfig;\n const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n }\n\n private async _getJwtVerifyGetKey() {\n const { jwksUri } = await this.getOidcConfig();\n\n return createRemoteJWKSet(new URL(jwksUri));\n }\n\n private async verifyIdToken(idToken: string) {\n const { appId } = this.logtoConfig;\n const { issuer } = await this.getOidcConfig();\n const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n try {\n await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n } catch (error: unknown) {\n throw new LogtoClientError('invalid_id_token', error);\n }\n }\n\n private saveCodeToken({\n refreshToken,\n idToken,\n scope,\n accessToken,\n expiresIn,\n }: CodeTokenResponse) {\n this.refreshToken = refreshToken ?? null;\n this.idToken = idToken;\n\n // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n const accessTokenKey = buildAccessTokenKey();\n const expiresAt = Date.now() / 1000 + expiresIn;\n this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n this.saveAccessTokenMap();\n }\n\n private saveAccessTokenMap() {\n if (!this.logtoConfig.persistAccessToken) {\n return;\n }\n\n const data: Record<string, AccessToken> = {};\n\n for (const [key, accessToken] of this.accessTokenMap.entries()) {\n // eslint-disable-next-line @silverhand/fp/no-mutation\n data[key] = accessToken;\n }\n\n this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n }\n\n private loadAccessTokenMap() {\n const raw = this.adapter.storage.getItem('accessToken');\n\n if (!raw) {\n return;\n }\n\n try {\n const json: unknown = JSON.parse(raw);\n assert(json, LogtoAccessTokenMapSchema);\n this.accessTokenMap.clear();\n\n for (const [key, accessToken] of Object.entries(json)) {\n this.accessTokenMap.set(key, accessToken);\n }\n } catch {}\n }\n}\n"],"names":[],"version":3,"file":"index.d.ts.map"}
|
package/lib/index.js
ADDED
|
@@ -0,0 +1,355 @@
|
|
|
1
|
+
var $4R6L3$logtojs = require("@logto/js");
|
|
2
|
+
var $4R6L3$jose = require("jose");
|
|
3
|
+
var $4R6L3$lodashonce = require("lodash.once");
|
|
4
|
+
var $4R6L3$superstruct = require("superstruct");
|
|
5
|
+
var $4R6L3$lodashget = require("lodash.get");
|
|
6
|
+
|
|
7
|
+
function $parcel$interopDefault(a) {
|
|
8
|
+
return a && a.__esModule ? a.default : a;
|
|
9
|
+
}
|
|
10
|
+
function $parcel$defineInteropFlag(a) {
|
|
11
|
+
Object.defineProperty(a, '__esModule', {value: true, configurable: true});
|
|
12
|
+
}
|
|
13
|
+
function $parcel$export(e, n, v, s) {
|
|
14
|
+
Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
|
|
15
|
+
}
|
|
16
|
+
function $parcel$exportWildcard(dest, source) {
|
|
17
|
+
Object.keys(source).forEach(function(key) {
|
|
18
|
+
if (key === 'default' || key === '__esModule' || dest.hasOwnProperty(key)) {
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
Object.defineProperty(dest, key, {
|
|
23
|
+
enumerable: true,
|
|
24
|
+
get: function get() {
|
|
25
|
+
return source[key];
|
|
26
|
+
}
|
|
27
|
+
});
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
return dest;
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
$parcel$defineInteropFlag(module.exports);
|
|
34
|
+
|
|
35
|
+
$parcel$export(module.exports, "default", () => $f73788ae50447ce9$export$2e2bcd8739ae039);
|
|
36
|
+
$parcel$export(module.exports, "LogtoError", () => $f73788ae50447ce9$re_export$LogtoError);
|
|
37
|
+
$parcel$export(module.exports, "OidcError", () => $f73788ae50447ce9$re_export$OidcError);
|
|
38
|
+
$parcel$export(module.exports, "Prompt", () => $4R6L3$logtojs.Prompt);
|
|
39
|
+
$parcel$export(module.exports, "LogtoRequestError", () => $f73788ae50447ce9$re_export$LogtoRequestError);
|
|
40
|
+
$parcel$export(module.exports, "createRequester", () => $b455f57f80fbf6bf$export$8d54726fdbf08e0a);
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
var $9166104b36889c59$exports = {};
|
|
46
|
+
|
|
47
|
+
$parcel$export($9166104b36889c59$exports, "LogtoClientError", () => $9166104b36889c59$export$877962ca249b8fc8);
|
|
48
|
+
|
|
49
|
+
const $9166104b36889c59$var$logtoClientErrorCodes = Object.freeze({
|
|
50
|
+
sign_in_session: {
|
|
51
|
+
invalid: "Invalid sign-in session.",
|
|
52
|
+
not_found: "Sign-in session not found."
|
|
53
|
+
},
|
|
54
|
+
not_authenticated: "Not authenticated.",
|
|
55
|
+
get_access_token_by_refresh_token_failed: "Failed to get access token by refresh token.",
|
|
56
|
+
invalid_id_token: "Invalid id token."
|
|
57
|
+
});
|
|
58
|
+
const $9166104b36889c59$var$getMessageByErrorCode = (errorCode)=>{
|
|
59
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
|
|
60
|
+
const message = (0, ($parcel$interopDefault($4R6L3$lodashget)))($9166104b36889c59$var$logtoClientErrorCodes, errorCode);
|
|
61
|
+
if (typeof message === "string") return message;
|
|
62
|
+
return errorCode;
|
|
63
|
+
};
|
|
64
|
+
class $9166104b36889c59$export$877962ca249b8fc8 extends Error {
|
|
65
|
+
constructor(code, data){
|
|
66
|
+
super($9166104b36889c59$var$getMessageByErrorCode(code));
|
|
67
|
+
this.code = code;
|
|
68
|
+
this.data = data;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
var $6d3989f7f53311af$exports = {};
|
|
74
|
+
|
|
75
|
+
$parcel$export($6d3989f7f53311af$exports, "AccessTokenSchema", () => $6d3989f7f53311af$export$77bdbaff506443f4);
|
|
76
|
+
$parcel$export($6d3989f7f53311af$exports, "LogtoSignInSessionItemSchema", () => $6d3989f7f53311af$export$7b65a75f516b80e1);
|
|
77
|
+
$parcel$export($6d3989f7f53311af$exports, "LogtoAccessTokenMapSchema", () => $6d3989f7f53311af$export$4ae7b9c313038df5);
|
|
78
|
+
|
|
79
|
+
const $6d3989f7f53311af$export$77bdbaff506443f4 = (0, $4R6L3$superstruct.type)({
|
|
80
|
+
token: (0, $4R6L3$superstruct.string)(),
|
|
81
|
+
scope: (0, $4R6L3$superstruct.string)(),
|
|
82
|
+
expiresAt: (0, $4R6L3$superstruct.number)()
|
|
83
|
+
});
|
|
84
|
+
const $6d3989f7f53311af$export$7b65a75f516b80e1 = (0, $4R6L3$superstruct.type)({
|
|
85
|
+
redirectUri: (0, $4R6L3$superstruct.string)(),
|
|
86
|
+
codeVerifier: (0, $4R6L3$superstruct.string)(),
|
|
87
|
+
state: (0, $4R6L3$superstruct.string)()
|
|
88
|
+
});
|
|
89
|
+
const $6d3989f7f53311af$export$4ae7b9c313038df5 = (0, $4R6L3$superstruct.record)((0, $4R6L3$superstruct.string)(), $6d3989f7f53311af$export$77bdbaff506443f4);
|
|
90
|
+
|
|
91
|
+
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
const $b455f57f80fbf6bf$export$8d54726fdbf08e0a = (fetchFunction)=>{
|
|
95
|
+
return async (...args)=>{
|
|
96
|
+
const response = await fetchFunction(...args);
|
|
97
|
+
if (!response.ok) {
|
|
98
|
+
// Expected request error from server
|
|
99
|
+
const { code: code , message: message } = await response.json();
|
|
100
|
+
throw new (0, $4R6L3$logtojs.LogtoRequestError)(code, message);
|
|
101
|
+
}
|
|
102
|
+
return response.json();
|
|
103
|
+
};
|
|
104
|
+
};
|
|
105
|
+
|
|
106
|
+
|
|
107
|
+
const $e2aabdbdb3cc09f0$export$8f595bd2a47bcea6 = (resource = "", scopes = [])=>`${scopes.slice().sort().join(" ")}@${resource}`;
|
|
108
|
+
const $e2aabdbdb3cc09f0$export$5d9c34f69c80822b = (endpoint)=>new URL((0, $4R6L3$logtojs.discoveryPath), endpoint).toString();
|
|
109
|
+
|
|
110
|
+
|
|
111
|
+
|
|
112
|
+
|
|
113
|
+
|
|
114
|
+
|
|
115
|
+
class $f73788ae50447ce9$export$2e2bcd8739ae039 {
|
|
116
|
+
getOidcConfig = (0, ($parcel$interopDefault($4R6L3$lodashonce)))(this._getOidcConfig);
|
|
117
|
+
getJwtVerifyGetKey = (0, ($parcel$interopDefault($4R6L3$lodashonce)))(this._getJwtVerifyGetKey);
|
|
118
|
+
accessTokenMap = new Map();
|
|
119
|
+
getAccessTokenPromiseMap = new Map();
|
|
120
|
+
constructor(logtoConfig, adapter){
|
|
121
|
+
this.logtoConfig = {
|
|
122
|
+
...logtoConfig,
|
|
123
|
+
prompt: logtoConfig.prompt ?? (0, $4R6L3$logtojs.Prompt).Consent,
|
|
124
|
+
scopes: (0, $4R6L3$logtojs.withReservedScopes)(logtoConfig.scopes).split(" ")
|
|
125
|
+
};
|
|
126
|
+
this.adapter = adapter;
|
|
127
|
+
this._idToken = this.adapter.storage.getItem("idToken");
|
|
128
|
+
if (this.logtoConfig.persistAccessToken) this.loadAccessTokenMap();
|
|
129
|
+
}
|
|
130
|
+
get isAuthenticated() {
|
|
131
|
+
return Boolean(this.idToken);
|
|
132
|
+
}
|
|
133
|
+
get signInSession() {
|
|
134
|
+
const jsonItem = this.adapter.storage.getItem("signInSession");
|
|
135
|
+
if (!jsonItem) return null;
|
|
136
|
+
try {
|
|
137
|
+
const item = JSON.parse(jsonItem);
|
|
138
|
+
(0, $4R6L3$superstruct.assert)(item, (0, $6d3989f7f53311af$export$7b65a75f516b80e1));
|
|
139
|
+
return item;
|
|
140
|
+
} catch (error) {
|
|
141
|
+
throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("sign_in_session.invalid", error);
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
set signInSession(logtoSignInSessionItem) {
|
|
145
|
+
if (!logtoSignInSessionItem) {
|
|
146
|
+
this.adapter.storage.removeItem("signInSession");
|
|
147
|
+
return;
|
|
148
|
+
}
|
|
149
|
+
const jsonItem = JSON.stringify(logtoSignInSessionItem);
|
|
150
|
+
this.adapter.storage.setItem("signInSession", jsonItem);
|
|
151
|
+
}
|
|
152
|
+
get refreshToken() {
|
|
153
|
+
return this.adapter.storage.getItem("refreshToken");
|
|
154
|
+
}
|
|
155
|
+
set refreshToken(refreshToken) {
|
|
156
|
+
if (!refreshToken) {
|
|
157
|
+
this.adapter.storage.removeItem("refreshToken");
|
|
158
|
+
return;
|
|
159
|
+
}
|
|
160
|
+
this.adapter.storage.setItem("refreshToken", refreshToken);
|
|
161
|
+
}
|
|
162
|
+
get idToken() {
|
|
163
|
+
return this._idToken;
|
|
164
|
+
}
|
|
165
|
+
set idToken(idToken) {
|
|
166
|
+
this._idToken = idToken;
|
|
167
|
+
if (!idToken) {
|
|
168
|
+
this.adapter.storage.removeItem("idToken");
|
|
169
|
+
return;
|
|
170
|
+
}
|
|
171
|
+
this.adapter.storage.setItem("idToken", idToken);
|
|
172
|
+
}
|
|
173
|
+
// eslint-disable-next-line complexity
|
|
174
|
+
async getAccessToken(resource) {
|
|
175
|
+
if (!this.idToken) throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("not_authenticated");
|
|
176
|
+
const accessTokenKey = (0, $e2aabdbdb3cc09f0$export$8f595bd2a47bcea6)(resource);
|
|
177
|
+
const accessToken = this.accessTokenMap.get(accessTokenKey);
|
|
178
|
+
if (accessToken && accessToken.expiresAt > Date.now() / 1000) return accessToken.token;
|
|
179
|
+
// Since the access token has expired, delete it from the map.
|
|
180
|
+
if (accessToken) this.accessTokenMap.delete(accessTokenKey);
|
|
181
|
+
/**
|
|
182
|
+
* Need to fetch a new access token using refresh token.
|
|
183
|
+
* Reuse the cached promise if exists.
|
|
184
|
+
*/ const cachedPromise = this.getAccessTokenPromiseMap.get(accessTokenKey);
|
|
185
|
+
if (cachedPromise) return cachedPromise;
|
|
186
|
+
/**
|
|
187
|
+
* Create a new promise and cache in map to avoid race condition.
|
|
188
|
+
* Since we enable "refresh token rotation" by default,
|
|
189
|
+
* it will be problematic when calling multiple `getAccessToken()` closely.
|
|
190
|
+
*/ const promise = this.getAccessTokenByRefreshToken(resource);
|
|
191
|
+
this.getAccessTokenPromiseMap.set(accessTokenKey, promise);
|
|
192
|
+
const token = await promise;
|
|
193
|
+
this.getAccessTokenPromiseMap.delete(accessTokenKey);
|
|
194
|
+
return token;
|
|
195
|
+
}
|
|
196
|
+
getIdTokenClaims() {
|
|
197
|
+
if (!this.idToken) throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("not_authenticated");
|
|
198
|
+
return (0, $4R6L3$logtojs.decodeIdToken)(this.idToken);
|
|
199
|
+
}
|
|
200
|
+
async signIn(redirectUri) {
|
|
201
|
+
const { appId: clientId , prompt: prompt , resources: resources , scopes: scopes } = this.logtoConfig;
|
|
202
|
+
const { authorizationEndpoint: authorizationEndpoint } = await this.getOidcConfig();
|
|
203
|
+
const codeVerifier = this.adapter.generateCodeVerifier();
|
|
204
|
+
const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
|
|
205
|
+
const state = this.adapter.generateState();
|
|
206
|
+
const signInUri = (0, $4R6L3$logtojs.generateSignInUri)({
|
|
207
|
+
authorizationEndpoint: authorizationEndpoint,
|
|
208
|
+
clientId: clientId,
|
|
209
|
+
redirectUri: redirectUri,
|
|
210
|
+
codeChallenge: codeChallenge,
|
|
211
|
+
state: state,
|
|
212
|
+
scopes: scopes,
|
|
213
|
+
resources: resources,
|
|
214
|
+
prompt: prompt
|
|
215
|
+
});
|
|
216
|
+
this.signInSession = {
|
|
217
|
+
redirectUri: redirectUri,
|
|
218
|
+
codeVerifier: codeVerifier,
|
|
219
|
+
state: state
|
|
220
|
+
};
|
|
221
|
+
this.refreshToken = null;
|
|
222
|
+
this.idToken = null;
|
|
223
|
+
this.adapter.navigate(signInUri);
|
|
224
|
+
}
|
|
225
|
+
isSignInRedirected(url) {
|
|
226
|
+
const { signInSession: signInSession } = this;
|
|
227
|
+
if (!signInSession) return false;
|
|
228
|
+
const { redirectUri: redirectUri } = signInSession;
|
|
229
|
+
const { origin: origin , pathname: pathname } = new URL(url);
|
|
230
|
+
return `${origin}${pathname}` === redirectUri;
|
|
231
|
+
}
|
|
232
|
+
async handleSignInCallback(callbackUri) {
|
|
233
|
+
const { signInSession: signInSession , logtoConfig: logtoConfig , adapter: adapter } = this;
|
|
234
|
+
const { requester: requester } = adapter;
|
|
235
|
+
if (!signInSession) throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("sign_in_session.not_found");
|
|
236
|
+
const { redirectUri: redirectUri , state: state , codeVerifier: codeVerifier } = signInSession;
|
|
237
|
+
const code = (0, $4R6L3$logtojs.verifyAndParseCodeFromCallbackUri)(callbackUri, redirectUri, state);
|
|
238
|
+
const { appId: clientId } = logtoConfig;
|
|
239
|
+
const { tokenEndpoint: tokenEndpoint } = await this.getOidcConfig();
|
|
240
|
+
const codeTokenResponse = await (0, $4R6L3$logtojs.fetchTokenByAuthorizationCode)({
|
|
241
|
+
clientId: clientId,
|
|
242
|
+
tokenEndpoint: tokenEndpoint,
|
|
243
|
+
redirectUri: redirectUri,
|
|
244
|
+
codeVerifier: codeVerifier,
|
|
245
|
+
code: code
|
|
246
|
+
}, requester);
|
|
247
|
+
await this.verifyIdToken(codeTokenResponse.idToken);
|
|
248
|
+
this.saveCodeToken(codeTokenResponse);
|
|
249
|
+
this.signInSession = null;
|
|
250
|
+
}
|
|
251
|
+
async signOut(postLogoutRedirectUri) {
|
|
252
|
+
if (!this.idToken) throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("not_authenticated");
|
|
253
|
+
const { appId: clientId } = this.logtoConfig;
|
|
254
|
+
const { endSessionEndpoint: endSessionEndpoint , revocationEndpoint: revocationEndpoint } = await this.getOidcConfig();
|
|
255
|
+
if (this.refreshToken) try {
|
|
256
|
+
await (0, $4R6L3$logtojs.revoke)(revocationEndpoint, clientId, this.refreshToken, this.adapter.requester);
|
|
257
|
+
} catch {
|
|
258
|
+
// Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
|
|
259
|
+
}
|
|
260
|
+
const url = (0, $4R6L3$logtojs.generateSignOutUri)({
|
|
261
|
+
endSessionEndpoint: endSessionEndpoint,
|
|
262
|
+
postLogoutRedirectUri: postLogoutRedirectUri,
|
|
263
|
+
idToken: this.idToken
|
|
264
|
+
});
|
|
265
|
+
this.accessTokenMap.clear();
|
|
266
|
+
this.refreshToken = null;
|
|
267
|
+
this.idToken = null;
|
|
268
|
+
this.adapter.navigate(url);
|
|
269
|
+
}
|
|
270
|
+
async getAccessTokenByRefreshToken(resource) {
|
|
271
|
+
if (!this.refreshToken) throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("not_authenticated");
|
|
272
|
+
try {
|
|
273
|
+
const accessTokenKey = (0, $e2aabdbdb3cc09f0$export$8f595bd2a47bcea6)(resource);
|
|
274
|
+
const { appId: clientId } = this.logtoConfig;
|
|
275
|
+
const { tokenEndpoint: tokenEndpoint } = await this.getOidcConfig();
|
|
276
|
+
const { accessToken: accessToken , refreshToken: refreshToken , idToken: idToken , scope: scope , expiresIn: expiresIn } = await (0, $4R6L3$logtojs.fetchTokenByRefreshToken)({
|
|
277
|
+
clientId: clientId,
|
|
278
|
+
tokenEndpoint: tokenEndpoint,
|
|
279
|
+
refreshToken: this.refreshToken,
|
|
280
|
+
resource: resource,
|
|
281
|
+
scopes: resource ? [
|
|
282
|
+
"offline_access"
|
|
283
|
+
] : undefined
|
|
284
|
+
}, this.adapter.requester);
|
|
285
|
+
this.accessTokenMap.set(accessTokenKey, {
|
|
286
|
+
token: accessToken,
|
|
287
|
+
scope: scope,
|
|
288
|
+
expiresAt: Math.round(Date.now() / 1000) + expiresIn
|
|
289
|
+
});
|
|
290
|
+
this.saveAccessTokenMap();
|
|
291
|
+
this.refreshToken = refreshToken;
|
|
292
|
+
if (idToken) {
|
|
293
|
+
await this.verifyIdToken(idToken);
|
|
294
|
+
this.idToken = idToken;
|
|
295
|
+
}
|
|
296
|
+
return accessToken;
|
|
297
|
+
} catch (error) {
|
|
298
|
+
throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("get_access_token_by_refresh_token_failed", error);
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
async _getOidcConfig() {
|
|
302
|
+
const { endpoint: endpoint } = this.logtoConfig;
|
|
303
|
+
const discoveryEndpoint = (0, $e2aabdbdb3cc09f0$export$5d9c34f69c80822b)(endpoint);
|
|
304
|
+
return (0, $4R6L3$logtojs.fetchOidcConfig)(discoveryEndpoint, this.adapter.requester);
|
|
305
|
+
}
|
|
306
|
+
async _getJwtVerifyGetKey() {
|
|
307
|
+
const { jwksUri: jwksUri } = await this.getOidcConfig();
|
|
308
|
+
return (0, $4R6L3$jose.createRemoteJWKSet)(new URL(jwksUri));
|
|
309
|
+
}
|
|
310
|
+
async verifyIdToken(idToken) {
|
|
311
|
+
const { appId: appId } = this.logtoConfig;
|
|
312
|
+
const { issuer: issuer } = await this.getOidcConfig();
|
|
313
|
+
const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
|
|
314
|
+
try {
|
|
315
|
+
await (0, $4R6L3$logtojs.verifyIdToken)(idToken, appId, issuer, jwtVerifyGetKey);
|
|
316
|
+
} catch (error) {
|
|
317
|
+
throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("invalid_id_token", error);
|
|
318
|
+
}
|
|
319
|
+
}
|
|
320
|
+
saveCodeToken({ refreshToken: refreshToken , idToken: idToken , scope: scope , accessToken: accessToken , expiresIn: expiresIn }) {
|
|
321
|
+
this.refreshToken = refreshToken ?? null;
|
|
322
|
+
this.idToken = idToken;
|
|
323
|
+
// NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
|
|
324
|
+
const accessTokenKey = (0, $e2aabdbdb3cc09f0$export$8f595bd2a47bcea6)();
|
|
325
|
+
const expiresAt = Date.now() / 1000 + expiresIn;
|
|
326
|
+
this.accessTokenMap.set(accessTokenKey, {
|
|
327
|
+
token: accessToken,
|
|
328
|
+
scope: scope,
|
|
329
|
+
expiresAt: expiresAt
|
|
330
|
+
});
|
|
331
|
+
this.saveAccessTokenMap();
|
|
332
|
+
}
|
|
333
|
+
saveAccessTokenMap() {
|
|
334
|
+
if (!this.logtoConfig.persistAccessToken) return;
|
|
335
|
+
const data = {};
|
|
336
|
+
for (const [key, accessToken] of this.accessTokenMap.entries())// eslint-disable-next-line @silverhand/fp/no-mutation
|
|
337
|
+
data[key] = accessToken;
|
|
338
|
+
this.adapter.storage.setItem("accessToken", JSON.stringify(data));
|
|
339
|
+
}
|
|
340
|
+
loadAccessTokenMap() {
|
|
341
|
+
const raw = this.adapter.storage.getItem("accessToken");
|
|
342
|
+
if (!raw) return;
|
|
343
|
+
try {
|
|
344
|
+
const json = JSON.parse(raw);
|
|
345
|
+
(0, $4R6L3$superstruct.assert)(json, (0, $6d3989f7f53311af$export$4ae7b9c313038df5));
|
|
346
|
+
this.accessTokenMap.clear();
|
|
347
|
+
for (const [key, accessToken] of Object.entries(json))this.accessTokenMap.set(key, accessToken);
|
|
348
|
+
} catch {}
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
$parcel$exportWildcard(module.exports, $9166104b36889c59$exports);
|
|
352
|
+
$parcel$exportWildcard(module.exports, $6d3989f7f53311af$exports);
|
|
353
|
+
|
|
354
|
+
|
|
355
|
+
//# sourceMappingURL=index.js.map
|
package/lib/index.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;ACAA;AAGA,MAAM,2CAAqB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC1C,eAAe,EAAE;QACf,OAAO,EAAE,0BAA0B;QACnC,SAAS,EAAE,4BAA4B;KACxC;IACD,iBAAiB,EAAE,oBAAoB;IACvC,wCAAwC,EAAE,8CAA8C;IACxF,gBAAgB,EAAE,mBAAmB;CACtC,CAAC,AAAC;AAIH,MAAM,2CAAqB,GAAG,CAAC,SAA+B,GAAa;IACzE,mEAAmE;IACnE,MAAM,OAAO,GAAG,CAAA,GAAA,0CAAG,CAAA,CAAC,2CAAqB,EAAE,SAAS,CAAC,AAAC;IAEtD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAC7B,OAAO,OAAO,CAAC;IAGjB,OAAO,SAAS,CAAC;CAClB,AAAC;AAEK,MAAM,yCAAgB,SAAS,KAAK;IAIzC,YAAY,IAA0B,EAAE,IAAc,CAAE;QACtD,KAAK,CAAC,2CAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;;;;;;;;ACnCD;AAYO,MAAM,yCAAiB,GAAG,CAAA,GAAA,uBAAI,CAAA,CAAC;IACpC,KAAK,EAAE,CAAA,GAAA,yBAAM,CAAA,EAAE;IACf,KAAK,EAAE,CAAA,GAAA,yBAAM,CAAA,EAAE;IACf,SAAS,EAAE,CAAA,GAAA,yBAAM,CAAA,EAAE;CACpB,CAAC,AAAC;AAII,MAAM,yCAA4B,GAAG,CAAA,GAAA,uBAAI,CAAA,CAAC;IAC/C,WAAW,EAAE,CAAA,GAAA,yBAAM,CAAA,EAAE;IACrB,YAAY,EAAE,CAAA,GAAA,yBAAM,CAAA,EAAE;IACtB,KAAK,EAAE,CAAA,GAAA,yBAAM,CAAA,EAAE;CAChB,CAAC,AAAC;AAEI,MAAM,yCAAyB,GAAG,CAAA,GAAA,yBAAM,CAAA,CAAC,CAAA,GAAA,yBAAM,CAAA,EAAE,EAAE,yCAAiB,CAAC,AAAC;;;AC1B7E;ACAA;AAEO,MAAM,yCAAe,GAAG,CAAC,aAA2B,GAAgB;IACzE,OAAO,OAAU,GAAG,IAAI,AAA0B,GAAiB;QACjE,MAAM,QAAQ,GAAG,MAAM,aAAa,IAAI,IAAI,CAAC,AAAC;QAE9C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,qCAAqC;YACrC,MAAM,QAAE,IAAI,CAAA,WAAE,OAAO,CAAA,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,AAAC;YACvE,MAAM,IAAI,CAAA,GAAA,gCAAiB,CAAA,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;SAC5C;QAED,OAAO,QAAQ,CAAC,IAAI,EAAK,CAAC;KAC3B,CAAC;CACH,AAAC;;;ADVK,MAAM,yCAAmB,GAAG,CAAC,QAAQ,GAAG,EAAE,EAAE,MAAgB,GAAG,EAAE,GACtE,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,AAAC;AAE5C,MAAM,yCAAoB,GAAG,CAAC,QAAgB,GACnD,IAAI,GAAG,CAAC,CAAA,GAAA,4BAAa,CAAA,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,AAAC;;;;;;;AH8B/B;IAEb,AAAmB,aAAa,GAAG,CAAA,GAAA,2CAAI,CAAA,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7D,AAAmB,kBAAkB,GAAG,CAAA,GAAA,2CAAI,CAAA,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAIvE,AAAmB,cAAc,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEnE,AAAiB,wBAAwB,GAAG,IAAI,GAAG,EAA2B,CAAC;IAG/E,YAAY,WAAwB,EAAE,OAAsB,CAAE;QAC5D,IAAI,CAAC,WAAW,GAAG;YACjB,GAAG,WAAW;YACd,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,CAAA,GAAA,qBAAM,CAAA,CAAC,OAAO;YAC5C,MAAM,EAAE,CAAA,GAAA,iCAAkB,CAAA,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;SAC1D,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,IAAI,CAAC,WAAW,CAAC,kBAAkB,EACrC,IAAI,CAAC,kBAAkB,EAAE,CAAC;KAE7B;IAED,IAAW,eAAe,GAAG;QAC3B,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;KAC9B;IAED,IAAc,aAAa,GAAqC;QAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,AAAC;QAE/D,IAAI,CAAC,QAAQ,EACX,OAAO,IAAI,CAAC;QAGd,IAAI;YACF,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,AAAC;YAC3C,CAAA,GAAA,yBAAM,CAAA,CAAC,IAAI,EAAE,CAAA,GAAA,yCAA4B,CAAA,CAAC,CAAC;YAE3C,OAAO,IAAI,CAAC;SACb,CAAC,OAAO,KAAK,EAAW;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;SAC9D;KACF;IAED,IAAc,aAAa,CAAC,sBAAwD,EAAE;QACpF,IAAI,CAAC,sBAAsB,EAAE;YAC3B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAEjD,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,sBAAsB,CAAC,AAAC;QACxD,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;KACzD;IAED,IAAI,YAAY,GAAG;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;KACrD;IAED,IAAY,YAAY,CAAC,YAA8B,EAAE;QACvD,IAAI,CAAC,YAAY,EAAE;YACjB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;YAEhD,OAAO;SACR;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;KAC5D;IAED,IAAI,OAAO,GAAG;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC;KACtB;IAED,IAAY,OAAO,CAAC,OAAyB,EAAE;QAC7C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QAExB,IAAI,CAAC,OAAO,EAAE;YACZ,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAE3C,OAAO;SACR;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;KAClD;IAED,sCAAsC;IACtC,MAAa,cAAc,CAAC,QAAiB,EAAmB;QAC9D,IAAI,CAAC,IAAI,CAAC,OAAO,EACf,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,MAAM,cAAc,GAAG,CAAA,GAAA,yCAAmB,CAAA,CAAC,QAAQ,CAAC,AAAC;QACrD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,AAAC;QAE5D,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAC1D,OAAO,WAAW,CAAC,KAAK,CAAC;QAG3B,8DAA8D;QAC9D,IAAI,WAAW,EACb,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAG7C;;;OAGG,CACH,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,cAAc,CAAC,AAAC;QAExE,IAAI,aAAa,EACf,OAAO,aAAa,CAAC;QAGvB;;;;OAIG,CACH,MAAM,OAAO,GAAG,IAAI,CAAC,4BAA4B,CAAC,QAAQ,CAAC,AAAC;QAC5D,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAE3D,MAAM,KAAK,GAAG,MAAM,OAAO,AAAC;QAC5B,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAErD,OAAO,KAAK,CAAC;KACd;IAED,AAAO,gBAAgB,GAAkB;QACvC,IAAI,CAAC,IAAI,CAAC,OAAO,EACf,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,OAAO,CAAA,GAAA,4BAAa,CAAA,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;KACpC;IAED,MAAa,MAAM,CAAC,WAAmB,EAAE;QACvC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,UAAE,MAAM,CAAA,aAAE,SAAS,CAAA,UAAE,MAAM,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QACxE,MAAM,yBAAE,qBAAqB,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,AAAC;QACzD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,AAAC;QAC7E,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,AAAC;QAE3C,MAAM,SAAS,GAAG,CAAA,GAAA,gCAAiB,CAAA,CAAC;mCAClC,qBAAqB;sBACrB,QAAQ;yBACR,WAAW;2BACX,aAAa;mBACb,KAAK;oBACL,MAAM;uBACN,SAAS;oBACT,MAAM;SACP,CAAC,AAAC;QAEH,IAAI,CAAC,aAAa,GAAG;yBAAE,WAAW;0BAAE,YAAY;mBAAE,KAAK;SAAE,CAAC;QAC1D,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;KAClC;IAED,AAAO,kBAAkB,CAAC,GAAW,EAAW;QAC9C,MAAM,iBAAE,aAAa,CAAA,EAAE,GAAG,IAAI,AAAC;QAE/B,IAAI,CAAC,aAAa,EAChB,OAAO,KAAK,CAAC;QAEf,MAAM,eAAE,WAAW,CAAA,EAAE,GAAG,aAAa,AAAC;QACtC,MAAM,UAAE,MAAM,CAAA,YAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,AAAC;QAE1C,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,KAAK,WAAW,CAAC;KAC/C;IAED,MAAa,oBAAoB,CAAC,WAAmB,EAAE;QACrD,MAAM,iBAAE,aAAa,CAAA,eAAE,WAAW,CAAA,WAAE,OAAO,CAAA,EAAE,GAAG,IAAI,AAAC;QACrD,MAAM,aAAE,SAAS,CAAA,EAAE,GAAG,OAAO,AAAC;QAE9B,IAAI,CAAC,aAAa,EAChB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,2BAA2B,CAAC,CAAC;QAG1D,MAAM,eAAE,WAAW,CAAA,SAAE,KAAK,CAAA,gBAAE,YAAY,CAAA,EAAE,GAAG,aAAa,AAAC;QAC3D,MAAM,IAAI,GAAG,CAAA,GAAA,gDAAiC,CAAA,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC,AAAC;QAEhF,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,EAAE,GAAG,WAAW,AAAC;QACxC,MAAM,iBAAE,aAAa,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QACrD,MAAM,iBAAiB,GAAG,MAAM,CAAA,GAAA,4CAA6B,CAAA,CAC3D;sBACE,QAAQ;2BACR,aAAa;yBACb,WAAW;0BACX,YAAY;kBACZ,IAAI;SACL,EACD,SAAS,CACV,AAAC;QAEF,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;KAC3B;IAED,MAAa,OAAO,CAAC,qBAA8B,EAAE;QACnD,IAAI,CAAC,IAAI,CAAC,OAAO,EACf,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QAC7C,MAAM,sBAAE,kBAAkB,CAAA,sBAAE,kBAAkB,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAE9E,IAAI,IAAI,CAAC,YAAY,EACnB,IAAI;YACF,MAAM,CAAA,GAAA,qBAAM,CAAA,CAAC,kBAAkB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;SACvF,CAAC,OAAM;QACN,yGAAyG;SAC1G;QAGH,MAAM,GAAG,GAAG,CAAA,GAAA,iCAAkB,CAAA,CAAC;gCAC7B,kBAAkB;mCAClB,qBAAqB;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,AAAC;QAEH,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;KAC5B;IAED,MAAc,4BAA4B,CAAC,QAAiB,EAAmB;QAC7E,IAAI,CAAC,IAAI,CAAC,YAAY,EACpB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,IAAI;YACF,MAAM,cAAc,GAAG,CAAA,GAAA,yCAAmB,CAAA,CAAC,QAAQ,CAAC,AAAC;YACrD,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;YAC7C,MAAM,iBAAE,aAAa,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;YACrD,MAAM,eAAE,WAAW,CAAA,gBAAE,YAAY,CAAA,WAAE,OAAO,CAAA,SAAE,KAAK,CAAA,aAAE,SAAS,CAAA,EAAE,GAC5D,MAAM,CAAA,GAAA,uCAAwB,CAAA,CAC5B;0BACE,QAAQ;+BACR,aAAa;gBACb,YAAY,EAAE,IAAI,CAAC,YAAY;0BAC/B,QAAQ;gBACR,MAAM,EAAE,QAAQ,GAAG;oBAAC,gBAAgB;iBAAC,GAAG,SAAS;aAClD,EACD,IAAI,CAAC,OAAO,CAAC,SAAS,CACvB,AAAC;YAEJ,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,EAAE;gBACtC,KAAK,EAAE,WAAW;uBAClB,KAAK;gBACL,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,SAAS;aACrD,CAAC,CAAC;YACH,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAE1B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAEjC,IAAI,OAAO,EAAE;gBACX,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBAClC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;aACxB;YAED,OAAO,WAAW,CAAC;SACpB,CAAC,OAAO,KAAK,EAAW;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;SAC/E;KACF;IAED,MAAc,cAAc,GAAG;QAC7B,MAAM,YAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QACtC,MAAM,iBAAiB,GAAG,CAAA,GAAA,yCAAoB,CAAA,CAAC,QAAQ,CAAC,AAAC;QAEzD,OAAO,CAAA,GAAA,8BAAe,CAAA,CAAC,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;KACnE;IAED,MAAc,mBAAmB,GAAG;QAClC,MAAM,WAAE,OAAO,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAE/C,OAAO,CAAA,GAAA,8BAAkB,CAAA,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;KAC7C;IAED,MAAc,aAAa,CAAC,OAAe,EAAE;QAC3C,MAAM,SAAE,KAAK,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QACnC,MAAM,UAAE,MAAM,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAC9C,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,AAAC;QAExD,IAAI;YACF,MAAM,CAAA,GAAA,4BAAa,CAAA,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;SAC9D,CAAC,OAAO,KAAK,EAAW;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;SACvD;KACF;IAED,AAAQ,aAAa,CAAC,gBACpB,YAAY,CAAA,WACZ,OAAO,CAAA,SACP,KAAK,CAAA,eACL,WAAW,CAAA,aACX,SAAS,CAAA,EACS,EAAE;QACpB,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,8EAA8E;QAC9E,MAAM,cAAc,GAAG,CAAA,GAAA,yCAAmB,CAAA,EAAE,AAAC;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,SAAS,AAAC;QAChD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,EAAE;YAAE,KAAK,EAAE,WAAW;mBAAE,KAAK;uBAAE,SAAS;SAAE,CAAC,CAAC;QAClF,IAAI,CAAC,kBAAkB,EAAE,CAAC;KAC3B;IAED,AAAQ,kBAAkB,GAAG;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,kBAAkB,EACtC,OAAO;QAGT,MAAM,IAAI,GAAgC,EAAE,AAAC;QAE7C,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAC5D,sDAAsD;QACtD,IAAI,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC;QAG1B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;KACnE;IAED,AAAQ,kBAAkB,GAAG;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,AAAC;QAExD,IAAI,CAAC,GAAG,EACN,OAAO;QAGT,IAAI;YACF,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;YACtC,CAAA,GAAA,yBAAM,CAAA,CAAC,IAAI,EAAE,CAAA,GAAA,yCAAyB,CAAA,CAAC,CAAC;YACxC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;YAE5B,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CACnD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;SAE7C,CAAC,OAAM,EAAE;KACX;CACF","sources":["packages/client/src/index.ts","packages/client/src/errors.ts","packages/client/src/types/index.ts","packages/client/src/utils/index.ts","packages/client/src/utils/requester.ts"],"sourcesContent":["import {\n CodeTokenResponse,\n decodeIdToken,\n fetchOidcConfig,\n fetchTokenByAuthorizationCode,\n fetchTokenByRefreshToken,\n generateSignInUri,\n generateSignOutUri,\n IdTokenClaims,\n Prompt,\n revoke,\n verifyAndParseCodeFromCallbackUri,\n verifyIdToken,\n withReservedScopes,\n} from '@logto/js';\nimport { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\nimport { assert } from 'superstruct';\n\nimport { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport {\n AccessToken,\n LogtoAccessTokenMapSchema,\n LogtoConfig,\n LogtoSignInSessionItem,\n LogtoSignInSessionItemSchema,\n} from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode } from '@logto/js';\nexport { LogtoError, OidcError, Prompt, LogtoRequestError } from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n protected readonly logtoConfig: LogtoConfig;\n protected readonly getOidcConfig = once(this._getOidcConfig);\n protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n\n protected readonly adapter: ClientAdapter;\n\n protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n private readonly getAccessTokenPromiseMap = new Map<string, Promise<string>>();\n private _idToken: Nullable<string>;\n\n constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n this.logtoConfig = {\n ...logtoConfig,\n prompt: logtoConfig.prompt ?? Prompt.Consent,\n scopes: withReservedScopes(logtoConfig.scopes).split(' '),\n };\n this.adapter = adapter;\n this._idToken = this.adapter.storage.getItem('idToken');\n\n if (this.logtoConfig.persistAccessToken) {\n this.loadAccessTokenMap();\n }\n }\n\n public get isAuthenticated() {\n return Boolean(this.idToken);\n }\n\n protected get signInSession(): Nullable<LogtoSignInSessionItem> {\n const jsonItem = this.adapter.storage.getItem('signInSession');\n\n if (!jsonItem) {\n return null;\n }\n\n try {\n const item: unknown = JSON.parse(jsonItem);\n assert(item, LogtoSignInSessionItemSchema);\n\n return item;\n } catch (error: unknown) {\n throw new LogtoClientError('sign_in_session.invalid', error);\n }\n }\n\n protected set signInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n if (!logtoSignInSessionItem) {\n this.adapter.storage.removeItem('signInSession');\n\n return;\n }\n\n const jsonItem = JSON.stringify(logtoSignInSessionItem);\n this.adapter.storage.setItem('signInSession', jsonItem);\n }\n\n get refreshToken() {\n return this.adapter.storage.getItem('refreshToken');\n }\n\n private set refreshToken(refreshToken: Nullable<string>) {\n if (!refreshToken) {\n this.adapter.storage.removeItem('refreshToken');\n\n return;\n }\n\n this.adapter.storage.setItem('refreshToken', refreshToken);\n }\n\n get idToken() {\n return this._idToken;\n }\n\n private set idToken(idToken: Nullable<string>) {\n this._idToken = idToken;\n\n if (!idToken) {\n this.adapter.storage.removeItem('idToken');\n\n return;\n }\n\n this.adapter.storage.setItem('idToken', idToken);\n }\n\n // eslint-disable-next-line complexity\n public async getAccessToken(resource?: string): Promise<string> {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const accessTokenKey = buildAccessTokenKey(resource);\n const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n return accessToken.token;\n }\n\n // Since the access token has expired, delete it from the map.\n if (accessToken) {\n this.accessTokenMap.delete(accessTokenKey);\n }\n\n /**\n * Need to fetch a new access token using refresh token.\n * Reuse the cached promise if exists.\n */\n const cachedPromise = this.getAccessTokenPromiseMap.get(accessTokenKey);\n\n if (cachedPromise) {\n return cachedPromise;\n }\n\n /**\n * Create a new promise and cache in map to avoid race condition.\n * Since we enable \"refresh token rotation\" by default,\n * it will be problematic when calling multiple `getAccessToken()` closely.\n */\n const promise = this.getAccessTokenByRefreshToken(resource);\n this.getAccessTokenPromiseMap.set(accessTokenKey, promise);\n\n const token = await promise;\n this.getAccessTokenPromiseMap.delete(accessTokenKey);\n\n return token;\n }\n\n public getIdTokenClaims(): IdTokenClaims {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n return decodeIdToken(this.idToken);\n }\n\n public async signIn(redirectUri: string) {\n const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n const { authorizationEndpoint } = await this.getOidcConfig();\n const codeVerifier = this.adapter.generateCodeVerifier();\n const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n const state = this.adapter.generateState();\n\n const signInUri = generateSignInUri({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n });\n\n this.signInSession = { redirectUri, codeVerifier, state };\n this.refreshToken = null;\n this.idToken = null;\n\n this.adapter.navigate(signInUri);\n }\n\n public isSignInRedirected(url: string): boolean {\n const { signInSession } = this;\n\n if (!signInSession) {\n return false;\n }\n const { redirectUri } = signInSession;\n const { origin, pathname } = new URL(url);\n\n return `${origin}${pathname}` === redirectUri;\n }\n\n public async handleSignInCallback(callbackUri: string) {\n const { signInSession, logtoConfig, adapter } = this;\n const { requester } = adapter;\n\n if (!signInSession) {\n throw new LogtoClientError('sign_in_session.not_found');\n }\n\n const { redirectUri, state, codeVerifier } = signInSession;\n const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n const { appId: clientId } = logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const codeTokenResponse = await fetchTokenByAuthorizationCode(\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n },\n requester\n );\n\n await this.verifyIdToken(codeTokenResponse.idToken);\n\n this.saveCodeToken(codeTokenResponse);\n this.signInSession = null;\n }\n\n public async signOut(postLogoutRedirectUri?: string) {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const { appId: clientId } = this.logtoConfig;\n const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n\n if (this.refreshToken) {\n try {\n await revoke(revocationEndpoint, clientId, this.refreshToken, this.adapter.requester);\n } catch {\n // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n }\n }\n\n const url = generateSignOutUri({\n endSessionEndpoint,\n postLogoutRedirectUri,\n idToken: this.idToken,\n });\n\n this.accessTokenMap.clear();\n this.refreshToken = null;\n this.idToken = null;\n\n this.adapter.navigate(url);\n }\n\n private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n if (!this.refreshToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n try {\n const accessTokenKey = buildAccessTokenKey(resource);\n const { appId: clientId } = this.logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const { accessToken, refreshToken, idToken, scope, expiresIn } =\n await fetchTokenByRefreshToken(\n {\n clientId,\n tokenEndpoint,\n refreshToken: this.refreshToken,\n resource,\n scopes: resource ? ['offline_access'] : undefined, // Force remove openid scope from the request\n },\n this.adapter.requester\n );\n\n this.accessTokenMap.set(accessTokenKey, {\n token: accessToken,\n scope,\n expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n });\n this.saveAccessTokenMap();\n\n this.refreshToken = refreshToken;\n\n if (idToken) {\n await this.verifyIdToken(idToken);\n this.idToken = idToken;\n }\n\n return accessToken;\n } catch (error: unknown) {\n throw new LogtoClientError('get_access_token_by_refresh_token_failed', error);\n }\n }\n\n private async _getOidcConfig() {\n const { endpoint } = this.logtoConfig;\n const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n }\n\n private async _getJwtVerifyGetKey() {\n const { jwksUri } = await this.getOidcConfig();\n\n return createRemoteJWKSet(new URL(jwksUri));\n }\n\n private async verifyIdToken(idToken: string) {\n const { appId } = this.logtoConfig;\n const { issuer } = await this.getOidcConfig();\n const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n try {\n await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n } catch (error: unknown) {\n throw new LogtoClientError('invalid_id_token', error);\n }\n }\n\n private saveCodeToken({\n refreshToken,\n idToken,\n scope,\n accessToken,\n expiresIn,\n }: CodeTokenResponse) {\n this.refreshToken = refreshToken ?? null;\n this.idToken = idToken;\n\n // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n const accessTokenKey = buildAccessTokenKey();\n const expiresAt = Date.now() / 1000 + expiresIn;\n this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n this.saveAccessTokenMap();\n }\n\n private saveAccessTokenMap() {\n if (!this.logtoConfig.persistAccessToken) {\n return;\n }\n\n const data: Record<string, AccessToken> = {};\n\n for (const [key, accessToken] of this.accessTokenMap.entries()) {\n // eslint-disable-next-line @silverhand/fp/no-mutation\n data[key] = accessToken;\n }\n\n this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n }\n\n private loadAccessTokenMap() {\n const raw = this.adapter.storage.getItem('accessToken');\n\n if (!raw) {\n return;\n }\n\n try {\n const json: unknown = JSON.parse(raw);\n assert(json, LogtoAccessTokenMapSchema);\n this.accessTokenMap.clear();\n\n for (const [key, accessToken] of Object.entries(json)) {\n this.accessTokenMap.set(key, accessToken);\n }\n } catch {}\n }\n}\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nconst logtoClientErrorCodes = Object.freeze({\n sign_in_session: {\n invalid: 'Invalid sign-in session.',\n not_found: 'Sign-in session not found.',\n },\n not_authenticated: 'Not authenticated.',\n get_access_token_by_refresh_token_failed: 'Failed to get access token by refresh token.',\n invalid_id_token: 'Invalid id token.',\n});\n\nexport type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoClientErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoClientErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoClientError extends Error {\n code: LogtoClientErrorCode;\n data: unknown;\n\n constructor(code: LogtoClientErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n","import { Prompt } from '@logto/js';\nimport { Infer, number, record, string, type } from 'superstruct';\n\nexport type LogtoConfig = {\n endpoint: string;\n appId: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n persistAccessToken?: boolean;\n};\n\nexport const AccessTokenSchema = type({\n token: string(),\n scope: string(),\n expiresAt: number(),\n});\n\nexport type AccessToken = Infer<typeof AccessTokenSchema>;\n\nexport const LogtoSignInSessionItemSchema = type({\n redirectUri: string(),\n codeVerifier: string(),\n state: string(),\n});\n\nexport const LogtoAccessTokenMapSchema = record(string(), AccessTokenSchema);\n\nexport type LogtoSignInSessionItem = Infer<typeof LogtoSignInSessionItemSchema>;\n","import { discoveryPath } from '@logto/js';\n\nexport * from './requester';\n\nexport const buildAccessTokenKey = (resource = '', scopes: string[] = []): string =>\n `${scopes.slice().sort().join(' ')}@${resource}`;\n\nexport const getDiscoveryEndpoint = (endpoint: string): string =>\n new URL(discoveryPath, endpoint).toString();\n","import { LogtoRequestError, LogtoRequestErrorBody, Requester } from '@logto/js';\n\nexport const createRequester = (fetchFunction: typeof fetch): Requester => {\n return async <T>(...args: Parameters<typeof fetch>): Promise<T> => {\n const response = await fetchFunction(...args);\n\n if (!response.ok) {\n // Expected request error from server\n const { code, message } = await response.json<LogtoRequestErrorBody>();\n throw new LogtoRequestError(code, message);\n }\n\n return response.json<T>();\n };\n};\n"],"names":[],"version":3,"file":"index.js.map"}
|
package/lib/module.js
ADDED
|
@@ -0,0 +1,323 @@
|
|
|
1
|
+
import {Prompt as $19775a679e2952df$import$5548085c5b0a2ee3$83716a4aa1642908, withReservedScopes as $kqBTI$withReservedScopes, decodeIdToken as $kqBTI$decodeIdToken, generateSignInUri as $kqBTI$generateSignInUri, verifyAndParseCodeFromCallbackUri as $kqBTI$verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode as $kqBTI$fetchTokenByAuthorizationCode, revoke as $kqBTI$revoke, generateSignOutUri as $kqBTI$generateSignOutUri, fetchTokenByRefreshToken as $kqBTI$fetchTokenByRefreshToken, fetchOidcConfig as $kqBTI$fetchOidcConfig, verifyIdToken as $kqBTI$verifyIdToken, LogtoError as $19775a679e2952df$re_export$LogtoError, OidcError as $19775a679e2952df$re_export$OidcError, LogtoRequestError as $19775a679e2952df$re_export$LogtoRequestError, discoveryPath as $kqBTI$discoveryPath} from "@logto/js";
|
|
2
|
+
import {createRemoteJWKSet as $kqBTI$createRemoteJWKSet} from "jose";
|
|
3
|
+
import $kqBTI$lodashonce from "lodash.once";
|
|
4
|
+
import {assert as $kqBTI$assert, type as $kqBTI$type, string as $kqBTI$string, number as $kqBTI$number, record as $kqBTI$record} from "superstruct";
|
|
5
|
+
import $kqBTI$lodashget from "lodash.get";
|
|
6
|
+
|
|
7
|
+
function $parcel$export(e, n, v, s) {
|
|
8
|
+
Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
var $4ec05cedcef20733$exports = {};
|
|
15
|
+
|
|
16
|
+
$parcel$export($4ec05cedcef20733$exports, "LogtoClientError", () => $4ec05cedcef20733$export$877962ca249b8fc8);
|
|
17
|
+
|
|
18
|
+
const $4ec05cedcef20733$var$logtoClientErrorCodes = Object.freeze({
|
|
19
|
+
sign_in_session: {
|
|
20
|
+
invalid: "Invalid sign-in session.",
|
|
21
|
+
not_found: "Sign-in session not found."
|
|
22
|
+
},
|
|
23
|
+
not_authenticated: "Not authenticated.",
|
|
24
|
+
get_access_token_by_refresh_token_failed: "Failed to get access token by refresh token.",
|
|
25
|
+
invalid_id_token: "Invalid id token."
|
|
26
|
+
});
|
|
27
|
+
const $4ec05cedcef20733$var$getMessageByErrorCode = (errorCode)=>{
|
|
28
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
|
|
29
|
+
const message = (0, $kqBTI$lodashget)($4ec05cedcef20733$var$logtoClientErrorCodes, errorCode);
|
|
30
|
+
if (typeof message === "string") return message;
|
|
31
|
+
return errorCode;
|
|
32
|
+
};
|
|
33
|
+
class $4ec05cedcef20733$export$877962ca249b8fc8 extends Error {
|
|
34
|
+
constructor(code, data){
|
|
35
|
+
super($4ec05cedcef20733$var$getMessageByErrorCode(code));
|
|
36
|
+
this.code = code;
|
|
37
|
+
this.data = data;
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
var $50f2bb780a45e70c$exports = {};
|
|
43
|
+
|
|
44
|
+
$parcel$export($50f2bb780a45e70c$exports, "AccessTokenSchema", () => $50f2bb780a45e70c$export$77bdbaff506443f4);
|
|
45
|
+
$parcel$export($50f2bb780a45e70c$exports, "LogtoSignInSessionItemSchema", () => $50f2bb780a45e70c$export$7b65a75f516b80e1);
|
|
46
|
+
$parcel$export($50f2bb780a45e70c$exports, "LogtoAccessTokenMapSchema", () => $50f2bb780a45e70c$export$4ae7b9c313038df5);
|
|
47
|
+
|
|
48
|
+
const $50f2bb780a45e70c$export$77bdbaff506443f4 = (0, $kqBTI$type)({
|
|
49
|
+
token: (0, $kqBTI$string)(),
|
|
50
|
+
scope: (0, $kqBTI$string)(),
|
|
51
|
+
expiresAt: (0, $kqBTI$number)()
|
|
52
|
+
});
|
|
53
|
+
const $50f2bb780a45e70c$export$7b65a75f516b80e1 = (0, $kqBTI$type)({
|
|
54
|
+
redirectUri: (0, $kqBTI$string)(),
|
|
55
|
+
codeVerifier: (0, $kqBTI$string)(),
|
|
56
|
+
state: (0, $kqBTI$string)()
|
|
57
|
+
});
|
|
58
|
+
const $50f2bb780a45e70c$export$4ae7b9c313038df5 = (0, $kqBTI$record)((0, $kqBTI$string)(), $50f2bb780a45e70c$export$77bdbaff506443f4);
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
|
|
62
|
+
|
|
63
|
+
const $8449a5dbad0d6387$export$8d54726fdbf08e0a = (fetchFunction)=>{
|
|
64
|
+
return async (...args)=>{
|
|
65
|
+
const response = await fetchFunction(...args);
|
|
66
|
+
if (!response.ok) {
|
|
67
|
+
// Expected request error from server
|
|
68
|
+
const { code: code , message: message } = await response.json();
|
|
69
|
+
throw new (0, $19775a679e2952df$re_export$LogtoRequestError)(code, message);
|
|
70
|
+
}
|
|
71
|
+
return response.json();
|
|
72
|
+
};
|
|
73
|
+
};
|
|
74
|
+
|
|
75
|
+
|
|
76
|
+
const $dcfd5d64758ae70b$export$8f595bd2a47bcea6 = (resource = "", scopes = [])=>`${scopes.slice().sort().join(" ")}@${resource}`;
|
|
77
|
+
const $dcfd5d64758ae70b$export$5d9c34f69c80822b = (endpoint)=>new URL((0, $kqBTI$discoveryPath), endpoint).toString();
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
class $19775a679e2952df$export$2e2bcd8739ae039 {
|
|
85
|
+
getOidcConfig = (0, $kqBTI$lodashonce)(this._getOidcConfig);
|
|
86
|
+
getJwtVerifyGetKey = (0, $kqBTI$lodashonce)(this._getJwtVerifyGetKey);
|
|
87
|
+
accessTokenMap = new Map();
|
|
88
|
+
getAccessTokenPromiseMap = new Map();
|
|
89
|
+
constructor(logtoConfig, adapter){
|
|
90
|
+
this.logtoConfig = {
|
|
91
|
+
...logtoConfig,
|
|
92
|
+
prompt: logtoConfig.prompt ?? (0, $19775a679e2952df$import$5548085c5b0a2ee3$83716a4aa1642908).Consent,
|
|
93
|
+
scopes: (0, $kqBTI$withReservedScopes)(logtoConfig.scopes).split(" ")
|
|
94
|
+
};
|
|
95
|
+
this.adapter = adapter;
|
|
96
|
+
this._idToken = this.adapter.storage.getItem("idToken");
|
|
97
|
+
if (this.logtoConfig.persistAccessToken) this.loadAccessTokenMap();
|
|
98
|
+
}
|
|
99
|
+
get isAuthenticated() {
|
|
100
|
+
return Boolean(this.idToken);
|
|
101
|
+
}
|
|
102
|
+
get signInSession() {
|
|
103
|
+
const jsonItem = this.adapter.storage.getItem("signInSession");
|
|
104
|
+
if (!jsonItem) return null;
|
|
105
|
+
try {
|
|
106
|
+
const item = JSON.parse(jsonItem);
|
|
107
|
+
(0, $kqBTI$assert)(item, (0, $50f2bb780a45e70c$export$7b65a75f516b80e1));
|
|
108
|
+
return item;
|
|
109
|
+
} catch (error) {
|
|
110
|
+
throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("sign_in_session.invalid", error);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
set signInSession(logtoSignInSessionItem) {
|
|
114
|
+
if (!logtoSignInSessionItem) {
|
|
115
|
+
this.adapter.storage.removeItem("signInSession");
|
|
116
|
+
return;
|
|
117
|
+
}
|
|
118
|
+
const jsonItem = JSON.stringify(logtoSignInSessionItem);
|
|
119
|
+
this.adapter.storage.setItem("signInSession", jsonItem);
|
|
120
|
+
}
|
|
121
|
+
get refreshToken() {
|
|
122
|
+
return this.adapter.storage.getItem("refreshToken");
|
|
123
|
+
}
|
|
124
|
+
set refreshToken(refreshToken) {
|
|
125
|
+
if (!refreshToken) {
|
|
126
|
+
this.adapter.storage.removeItem("refreshToken");
|
|
127
|
+
return;
|
|
128
|
+
}
|
|
129
|
+
this.adapter.storage.setItem("refreshToken", refreshToken);
|
|
130
|
+
}
|
|
131
|
+
get idToken() {
|
|
132
|
+
return this._idToken;
|
|
133
|
+
}
|
|
134
|
+
set idToken(idToken) {
|
|
135
|
+
this._idToken = idToken;
|
|
136
|
+
if (!idToken) {
|
|
137
|
+
this.adapter.storage.removeItem("idToken");
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
140
|
+
this.adapter.storage.setItem("idToken", idToken);
|
|
141
|
+
}
|
|
142
|
+
// eslint-disable-next-line complexity
|
|
143
|
+
async getAccessToken(resource) {
|
|
144
|
+
if (!this.idToken) throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("not_authenticated");
|
|
145
|
+
const accessTokenKey = (0, $dcfd5d64758ae70b$export$8f595bd2a47bcea6)(resource);
|
|
146
|
+
const accessToken = this.accessTokenMap.get(accessTokenKey);
|
|
147
|
+
if (accessToken && accessToken.expiresAt > Date.now() / 1000) return accessToken.token;
|
|
148
|
+
// Since the access token has expired, delete it from the map.
|
|
149
|
+
if (accessToken) this.accessTokenMap.delete(accessTokenKey);
|
|
150
|
+
/**
|
|
151
|
+
* Need to fetch a new access token using refresh token.
|
|
152
|
+
* Reuse the cached promise if exists.
|
|
153
|
+
*/ const cachedPromise = this.getAccessTokenPromiseMap.get(accessTokenKey);
|
|
154
|
+
if (cachedPromise) return cachedPromise;
|
|
155
|
+
/**
|
|
156
|
+
* Create a new promise and cache in map to avoid race condition.
|
|
157
|
+
* Since we enable "refresh token rotation" by default,
|
|
158
|
+
* it will be problematic when calling multiple `getAccessToken()` closely.
|
|
159
|
+
*/ const promise = this.getAccessTokenByRefreshToken(resource);
|
|
160
|
+
this.getAccessTokenPromiseMap.set(accessTokenKey, promise);
|
|
161
|
+
const token = await promise;
|
|
162
|
+
this.getAccessTokenPromiseMap.delete(accessTokenKey);
|
|
163
|
+
return token;
|
|
164
|
+
}
|
|
165
|
+
getIdTokenClaims() {
|
|
166
|
+
if (!this.idToken) throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("not_authenticated");
|
|
167
|
+
return (0, $kqBTI$decodeIdToken)(this.idToken);
|
|
168
|
+
}
|
|
169
|
+
async signIn(redirectUri) {
|
|
170
|
+
const { appId: clientId , prompt: prompt , resources: resources , scopes: scopes } = this.logtoConfig;
|
|
171
|
+
const { authorizationEndpoint: authorizationEndpoint } = await this.getOidcConfig();
|
|
172
|
+
const codeVerifier = this.adapter.generateCodeVerifier();
|
|
173
|
+
const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
|
|
174
|
+
const state = this.adapter.generateState();
|
|
175
|
+
const signInUri = (0, $kqBTI$generateSignInUri)({
|
|
176
|
+
authorizationEndpoint: authorizationEndpoint,
|
|
177
|
+
clientId: clientId,
|
|
178
|
+
redirectUri: redirectUri,
|
|
179
|
+
codeChallenge: codeChallenge,
|
|
180
|
+
state: state,
|
|
181
|
+
scopes: scopes,
|
|
182
|
+
resources: resources,
|
|
183
|
+
prompt: prompt
|
|
184
|
+
});
|
|
185
|
+
this.signInSession = {
|
|
186
|
+
redirectUri: redirectUri,
|
|
187
|
+
codeVerifier: codeVerifier,
|
|
188
|
+
state: state
|
|
189
|
+
};
|
|
190
|
+
this.refreshToken = null;
|
|
191
|
+
this.idToken = null;
|
|
192
|
+
this.adapter.navigate(signInUri);
|
|
193
|
+
}
|
|
194
|
+
isSignInRedirected(url) {
|
|
195
|
+
const { signInSession: signInSession } = this;
|
|
196
|
+
if (!signInSession) return false;
|
|
197
|
+
const { redirectUri: redirectUri } = signInSession;
|
|
198
|
+
const { origin: origin , pathname: pathname } = new URL(url);
|
|
199
|
+
return `${origin}${pathname}` === redirectUri;
|
|
200
|
+
}
|
|
201
|
+
async handleSignInCallback(callbackUri) {
|
|
202
|
+
const { signInSession: signInSession , logtoConfig: logtoConfig , adapter: adapter } = this;
|
|
203
|
+
const { requester: requester } = adapter;
|
|
204
|
+
if (!signInSession) throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("sign_in_session.not_found");
|
|
205
|
+
const { redirectUri: redirectUri , state: state , codeVerifier: codeVerifier } = signInSession;
|
|
206
|
+
const code = (0, $kqBTI$verifyAndParseCodeFromCallbackUri)(callbackUri, redirectUri, state);
|
|
207
|
+
const { appId: clientId } = logtoConfig;
|
|
208
|
+
const { tokenEndpoint: tokenEndpoint } = await this.getOidcConfig();
|
|
209
|
+
const codeTokenResponse = await (0, $kqBTI$fetchTokenByAuthorizationCode)({
|
|
210
|
+
clientId: clientId,
|
|
211
|
+
tokenEndpoint: tokenEndpoint,
|
|
212
|
+
redirectUri: redirectUri,
|
|
213
|
+
codeVerifier: codeVerifier,
|
|
214
|
+
code: code
|
|
215
|
+
}, requester);
|
|
216
|
+
await this.verifyIdToken(codeTokenResponse.idToken);
|
|
217
|
+
this.saveCodeToken(codeTokenResponse);
|
|
218
|
+
this.signInSession = null;
|
|
219
|
+
}
|
|
220
|
+
async signOut(postLogoutRedirectUri) {
|
|
221
|
+
if (!this.idToken) throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("not_authenticated");
|
|
222
|
+
const { appId: clientId } = this.logtoConfig;
|
|
223
|
+
const { endSessionEndpoint: endSessionEndpoint , revocationEndpoint: revocationEndpoint } = await this.getOidcConfig();
|
|
224
|
+
if (this.refreshToken) try {
|
|
225
|
+
await (0, $kqBTI$revoke)(revocationEndpoint, clientId, this.refreshToken, this.adapter.requester);
|
|
226
|
+
} catch {
|
|
227
|
+
// Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
|
|
228
|
+
}
|
|
229
|
+
const url = (0, $kqBTI$generateSignOutUri)({
|
|
230
|
+
endSessionEndpoint: endSessionEndpoint,
|
|
231
|
+
postLogoutRedirectUri: postLogoutRedirectUri,
|
|
232
|
+
idToken: this.idToken
|
|
233
|
+
});
|
|
234
|
+
this.accessTokenMap.clear();
|
|
235
|
+
this.refreshToken = null;
|
|
236
|
+
this.idToken = null;
|
|
237
|
+
this.adapter.navigate(url);
|
|
238
|
+
}
|
|
239
|
+
async getAccessTokenByRefreshToken(resource) {
|
|
240
|
+
if (!this.refreshToken) throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("not_authenticated");
|
|
241
|
+
try {
|
|
242
|
+
const accessTokenKey = (0, $dcfd5d64758ae70b$export$8f595bd2a47bcea6)(resource);
|
|
243
|
+
const { appId: clientId } = this.logtoConfig;
|
|
244
|
+
const { tokenEndpoint: tokenEndpoint } = await this.getOidcConfig();
|
|
245
|
+
const { accessToken: accessToken , refreshToken: refreshToken , idToken: idToken , scope: scope , expiresIn: expiresIn } = await (0, $kqBTI$fetchTokenByRefreshToken)({
|
|
246
|
+
clientId: clientId,
|
|
247
|
+
tokenEndpoint: tokenEndpoint,
|
|
248
|
+
refreshToken: this.refreshToken,
|
|
249
|
+
resource: resource,
|
|
250
|
+
scopes: resource ? [
|
|
251
|
+
"offline_access"
|
|
252
|
+
] : undefined
|
|
253
|
+
}, this.adapter.requester);
|
|
254
|
+
this.accessTokenMap.set(accessTokenKey, {
|
|
255
|
+
token: accessToken,
|
|
256
|
+
scope: scope,
|
|
257
|
+
expiresAt: Math.round(Date.now() / 1000) + expiresIn
|
|
258
|
+
});
|
|
259
|
+
this.saveAccessTokenMap();
|
|
260
|
+
this.refreshToken = refreshToken;
|
|
261
|
+
if (idToken) {
|
|
262
|
+
await this.verifyIdToken(idToken);
|
|
263
|
+
this.idToken = idToken;
|
|
264
|
+
}
|
|
265
|
+
return accessToken;
|
|
266
|
+
} catch (error) {
|
|
267
|
+
throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("get_access_token_by_refresh_token_failed", error);
|
|
268
|
+
}
|
|
269
|
+
}
|
|
270
|
+
async _getOidcConfig() {
|
|
271
|
+
const { endpoint: endpoint } = this.logtoConfig;
|
|
272
|
+
const discoveryEndpoint = (0, $dcfd5d64758ae70b$export$5d9c34f69c80822b)(endpoint);
|
|
273
|
+
return (0, $kqBTI$fetchOidcConfig)(discoveryEndpoint, this.adapter.requester);
|
|
274
|
+
}
|
|
275
|
+
async _getJwtVerifyGetKey() {
|
|
276
|
+
const { jwksUri: jwksUri } = await this.getOidcConfig();
|
|
277
|
+
return (0, $kqBTI$createRemoteJWKSet)(new URL(jwksUri));
|
|
278
|
+
}
|
|
279
|
+
async verifyIdToken(idToken) {
|
|
280
|
+
const { appId: appId } = this.logtoConfig;
|
|
281
|
+
const { issuer: issuer } = await this.getOidcConfig();
|
|
282
|
+
const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
|
|
283
|
+
try {
|
|
284
|
+
await (0, $kqBTI$verifyIdToken)(idToken, appId, issuer, jwtVerifyGetKey);
|
|
285
|
+
} catch (error) {
|
|
286
|
+
throw new (0, $4ec05cedcef20733$export$877962ca249b8fc8)("invalid_id_token", error);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
289
|
+
saveCodeToken({ refreshToken: refreshToken , idToken: idToken , scope: scope , accessToken: accessToken , expiresIn: expiresIn }) {
|
|
290
|
+
this.refreshToken = refreshToken ?? null;
|
|
291
|
+
this.idToken = idToken;
|
|
292
|
+
// NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
|
|
293
|
+
const accessTokenKey = (0, $dcfd5d64758ae70b$export$8f595bd2a47bcea6)();
|
|
294
|
+
const expiresAt = Date.now() / 1000 + expiresIn;
|
|
295
|
+
this.accessTokenMap.set(accessTokenKey, {
|
|
296
|
+
token: accessToken,
|
|
297
|
+
scope: scope,
|
|
298
|
+
expiresAt: expiresAt
|
|
299
|
+
});
|
|
300
|
+
this.saveAccessTokenMap();
|
|
301
|
+
}
|
|
302
|
+
saveAccessTokenMap() {
|
|
303
|
+
if (!this.logtoConfig.persistAccessToken) return;
|
|
304
|
+
const data = {};
|
|
305
|
+
for (const [key, accessToken] of this.accessTokenMap.entries())// eslint-disable-next-line @silverhand/fp/no-mutation
|
|
306
|
+
data[key] = accessToken;
|
|
307
|
+
this.adapter.storage.setItem("accessToken", JSON.stringify(data));
|
|
308
|
+
}
|
|
309
|
+
loadAccessTokenMap() {
|
|
310
|
+
const raw = this.adapter.storage.getItem("accessToken");
|
|
311
|
+
if (!raw) return;
|
|
312
|
+
try {
|
|
313
|
+
const json = JSON.parse(raw);
|
|
314
|
+
(0, $kqBTI$assert)(json, (0, $50f2bb780a45e70c$export$4ae7b9c313038df5));
|
|
315
|
+
this.accessTokenMap.clear();
|
|
316
|
+
for (const [key, accessToken] of Object.entries(json))this.accessTokenMap.set(key, accessToken);
|
|
317
|
+
} catch {}
|
|
318
|
+
}
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
|
|
322
|
+
export {$19775a679e2952df$export$2e2bcd8739ae039 as default, $19775a679e2952df$re_export$LogtoError as LogtoError, $19775a679e2952df$re_export$OidcError as OidcError, $19775a679e2952df$import$5548085c5b0a2ee3$83716a4aa1642908 as Prompt, $19775a679e2952df$re_export$LogtoRequestError as LogtoRequestError, $8449a5dbad0d6387$export$8d54726fdbf08e0a as createRequester, $4ec05cedcef20733$export$877962ca249b8fc8 as LogtoClientError, $50f2bb780a45e70c$export$77bdbaff506443f4 as AccessTokenSchema, $50f2bb780a45e70c$export$7b65a75f516b80e1 as LogtoSignInSessionItemSchema, $50f2bb780a45e70c$export$4ae7b9c313038df5 as LogtoAccessTokenMapSchema};
|
|
323
|
+
//# sourceMappingURL=module.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"mappings":";;;;;;;;;AAAA;;;;;;;ACAA;AAGA,MAAM,2CAAqB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC1C,eAAe,EAAE;QACf,OAAO,EAAE,0BAA0B;QACnC,SAAS,EAAE,4BAA4B;KACxC;IACD,iBAAiB,EAAE,oBAAoB;IACvC,wCAAwC,EAAE,8CAA8C;IACxF,gBAAgB,EAAE,mBAAmB;CACtC,CAAC,AAAC;AAIH,MAAM,2CAAqB,GAAG,CAAC,SAA+B,GAAa;IACzE,mEAAmE;IACnE,MAAM,OAAO,GAAG,CAAA,GAAA,gBAAG,CAAA,CAAC,2CAAqB,EAAE,SAAS,CAAC,AAAC;IAEtD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAC7B,OAAO,OAAO,CAAC;IAGjB,OAAO,SAAS,CAAC;CAClB,AAAC;AAEK,MAAM,yCAAgB,SAAS,KAAK;IAIzC,YAAY,IAA0B,EAAE,IAAc,CAAE;QACtD,KAAK,CAAC,2CAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;;;;;;;;ACnCD;AAYO,MAAM,yCAAiB,GAAG,CAAA,GAAA,WAAI,CAAA,CAAC;IACpC,KAAK,EAAE,CAAA,GAAA,aAAM,CAAA,EAAE;IACf,KAAK,EAAE,CAAA,GAAA,aAAM,CAAA,EAAE;IACf,SAAS,EAAE,CAAA,GAAA,aAAM,CAAA,EAAE;CACpB,CAAC,AAAC;AAII,MAAM,yCAA4B,GAAG,CAAA,GAAA,WAAI,CAAA,CAAC;IAC/C,WAAW,EAAE,CAAA,GAAA,aAAM,CAAA,EAAE;IACrB,YAAY,EAAE,CAAA,GAAA,aAAM,CAAA,EAAE;IACtB,KAAK,EAAE,CAAA,GAAA,aAAM,CAAA,EAAE;CAChB,CAAC,AAAC;AAEI,MAAM,yCAAyB,GAAG,CAAA,GAAA,aAAM,CAAA,CAAC,CAAA,GAAA,aAAM,CAAA,EAAE,EAAE,yCAAiB,CAAC,AAAC;;;AC1B7E;ACAA;AAEO,MAAM,yCAAe,GAAG,CAAC,aAA2B,GAAgB;IACzE,OAAO,OAAU,GAAG,IAAI,AAA0B,GAAiB;QACjE,MAAM,QAAQ,GAAG,MAAM,aAAa,IAAI,IAAI,CAAC,AAAC;QAE9C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,qCAAqC;YACrC,MAAM,QAAE,IAAI,CAAA,WAAE,OAAO,CAAA,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,AAAC;YACvE,MAAM,IAAI,CAAA,GAAA,6CAAiB,CAAA,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;SAC5C;QAED,OAAO,QAAQ,CAAC,IAAI,EAAK,CAAC;KAC3B,CAAC;CACH,AAAC;;;ADVK,MAAM,yCAAmB,GAAG,CAAC,QAAQ,GAAG,EAAE,EAAE,MAAgB,GAAG,EAAE,GACtE,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,AAAC;AAE5C,MAAM,yCAAoB,GAAG,CAAC,QAAgB,GACnD,IAAI,GAAG,CAAC,CAAA,GAAA,oBAAa,CAAA,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,AAAC;;;;;;;AH8B/B;IAEb,AAAmB,aAAa,GAAG,CAAA,GAAA,iBAAI,CAAA,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7D,AAAmB,kBAAkB,GAAG,CAAA,GAAA,iBAAI,CAAA,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAIvE,AAAmB,cAAc,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEnE,AAAiB,wBAAwB,GAAG,IAAI,GAAG,EAA2B,CAAC;IAG/E,YAAY,WAAwB,EAAE,OAAsB,CAAE;QAC5D,IAAI,CAAC,WAAW,GAAG;YACjB,GAAG,WAAW;YACd,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,CAAA,GAAA,0DAAM,CAAA,CAAC,OAAO;YAC5C,MAAM,EAAE,CAAA,GAAA,yBAAkB,CAAA,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;SAC1D,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,IAAI,CAAC,WAAW,CAAC,kBAAkB,EACrC,IAAI,CAAC,kBAAkB,EAAE,CAAC;KAE7B;IAED,IAAW,eAAe,GAAG;QAC3B,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;KAC9B;IAED,IAAc,aAAa,GAAqC;QAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,AAAC;QAE/D,IAAI,CAAC,QAAQ,EACX,OAAO,IAAI,CAAC;QAGd,IAAI;YACF,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,AAAC;YAC3C,CAAA,GAAA,aAAM,CAAA,CAAC,IAAI,EAAE,CAAA,GAAA,yCAA4B,CAAA,CAAC,CAAC;YAE3C,OAAO,IAAI,CAAC;SACb,CAAC,OAAO,KAAK,EAAW;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;SAC9D;KACF;IAED,IAAc,aAAa,CAAC,sBAAwD,EAAE;QACpF,IAAI,CAAC,sBAAsB,EAAE;YAC3B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAEjD,OAAO;SACR;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,sBAAsB,CAAC,AAAC;QACxD,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;KACzD;IAED,IAAI,YAAY,GAAG;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;KACrD;IAED,IAAY,YAAY,CAAC,YAA8B,EAAE;QACvD,IAAI,CAAC,YAAY,EAAE;YACjB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;YAEhD,OAAO;SACR;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;KAC5D;IAED,IAAI,OAAO,GAAG;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC;KACtB;IAED,IAAY,OAAO,CAAC,OAAyB,EAAE;QAC7C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QAExB,IAAI,CAAC,OAAO,EAAE;YACZ,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAE3C,OAAO;SACR;QAED,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;KAClD;IAED,sCAAsC;IACtC,MAAa,cAAc,CAAC,QAAiB,EAAmB;QAC9D,IAAI,CAAC,IAAI,CAAC,OAAO,EACf,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,MAAM,cAAc,GAAG,CAAA,GAAA,yCAAmB,CAAA,CAAC,QAAQ,CAAC,AAAC;QACrD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,AAAC;QAE5D,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAC1D,OAAO,WAAW,CAAC,KAAK,CAAC;QAG3B,8DAA8D;QAC9D,IAAI,WAAW,EACb,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAG7C;;;OAGG,CACH,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,cAAc,CAAC,AAAC;QAExE,IAAI,aAAa,EACf,OAAO,aAAa,CAAC;QAGvB;;;;OAIG,CACH,MAAM,OAAO,GAAG,IAAI,CAAC,4BAA4B,CAAC,QAAQ,CAAC,AAAC;QAC5D,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAE3D,MAAM,KAAK,GAAG,MAAM,OAAO,AAAC;QAC5B,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAErD,OAAO,KAAK,CAAC;KACd;IAED,AAAO,gBAAgB,GAAkB;QACvC,IAAI,CAAC,IAAI,CAAC,OAAO,EACf,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,OAAO,CAAA,GAAA,oBAAa,CAAA,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;KACpC;IAED,MAAa,MAAM,CAAC,WAAmB,EAAE;QACvC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,UAAE,MAAM,CAAA,aAAE,SAAS,CAAA,UAAE,MAAM,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QACxE,MAAM,yBAAE,qBAAqB,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,AAAC;QACzD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,AAAC;QAC7E,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,AAAC;QAE3C,MAAM,SAAS,GAAG,CAAA,GAAA,wBAAiB,CAAA,CAAC;mCAClC,qBAAqB;sBACrB,QAAQ;yBACR,WAAW;2BACX,aAAa;mBACb,KAAK;oBACL,MAAM;uBACN,SAAS;oBACT,MAAM;SACP,CAAC,AAAC;QAEH,IAAI,CAAC,aAAa,GAAG;yBAAE,WAAW;0BAAE,YAAY;mBAAE,KAAK;SAAE,CAAC;QAC1D,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;KAClC;IAED,AAAO,kBAAkB,CAAC,GAAW,EAAW;QAC9C,MAAM,iBAAE,aAAa,CAAA,EAAE,GAAG,IAAI,AAAC;QAE/B,IAAI,CAAC,aAAa,EAChB,OAAO,KAAK,CAAC;QAEf,MAAM,eAAE,WAAW,CAAA,EAAE,GAAG,aAAa,AAAC;QACtC,MAAM,UAAE,MAAM,CAAA,YAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,AAAC;QAE1C,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,KAAK,WAAW,CAAC;KAC/C;IAED,MAAa,oBAAoB,CAAC,WAAmB,EAAE;QACrD,MAAM,iBAAE,aAAa,CAAA,eAAE,WAAW,CAAA,WAAE,OAAO,CAAA,EAAE,GAAG,IAAI,AAAC;QACrD,MAAM,aAAE,SAAS,CAAA,EAAE,GAAG,OAAO,AAAC;QAE9B,IAAI,CAAC,aAAa,EAChB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,2BAA2B,CAAC,CAAC;QAG1D,MAAM,eAAE,WAAW,CAAA,SAAE,KAAK,CAAA,gBAAE,YAAY,CAAA,EAAE,GAAG,aAAa,AAAC;QAC3D,MAAM,IAAI,GAAG,CAAA,GAAA,wCAAiC,CAAA,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC,AAAC;QAEhF,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,EAAE,GAAG,WAAW,AAAC;QACxC,MAAM,iBAAE,aAAa,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QACrD,MAAM,iBAAiB,GAAG,MAAM,CAAA,GAAA,oCAA6B,CAAA,CAC3D;sBACE,QAAQ;2BACR,aAAa;yBACb,WAAW;0BACX,YAAY;kBACZ,IAAI;SACL,EACD,SAAS,CACV,AAAC;QAEF,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;KAC3B;IAED,MAAa,OAAO,CAAC,qBAA8B,EAAE;QACnD,IAAI,CAAC,IAAI,CAAC,OAAO,EACf,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QAC7C,MAAM,sBAAE,kBAAkB,CAAA,sBAAE,kBAAkB,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAE9E,IAAI,IAAI,CAAC,YAAY,EACnB,IAAI;YACF,MAAM,CAAA,GAAA,aAAM,CAAA,CAAC,kBAAkB,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;SACvF,CAAC,OAAM;QACN,yGAAyG;SAC1G;QAGH,MAAM,GAAG,GAAG,CAAA,GAAA,yBAAkB,CAAA,CAAC;gCAC7B,kBAAkB;mCAClB,qBAAqB;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,AAAC;QAEH,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;KAC5B;IAED,MAAc,4BAA4B,CAAC,QAAiB,EAAmB;QAC7E,IAAI,CAAC,IAAI,CAAC,YAAY,EACpB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,mBAAmB,CAAC,CAAC;QAGlD,IAAI;YACF,MAAM,cAAc,GAAG,CAAA,GAAA,yCAAmB,CAAA,CAAC,QAAQ,CAAC,AAAC;YACrD,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;YAC7C,MAAM,iBAAE,aAAa,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;YACrD,MAAM,eAAE,WAAW,CAAA,gBAAE,YAAY,CAAA,WAAE,OAAO,CAAA,SAAE,KAAK,CAAA,aAAE,SAAS,CAAA,EAAE,GAC5D,MAAM,CAAA,GAAA,+BAAwB,CAAA,CAC5B;0BACE,QAAQ;+BACR,aAAa;gBACb,YAAY,EAAE,IAAI,CAAC,YAAY;0BAC/B,QAAQ;gBACR,MAAM,EAAE,QAAQ,GAAG;oBAAC,gBAAgB;iBAAC,GAAG,SAAS;aAClD,EACD,IAAI,CAAC,OAAO,CAAC,SAAS,CACvB,AAAC;YAEJ,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,EAAE;gBACtC,KAAK,EAAE,WAAW;uBAClB,KAAK;gBACL,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,SAAS;aACrD,CAAC,CAAC;YACH,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAE1B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAEjC,IAAI,OAAO,EAAE;gBACX,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBAClC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;aACxB;YAED,OAAO,WAAW,CAAC;SACpB,CAAC,OAAO,KAAK,EAAW;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;SAC/E;KACF;IAED,MAAc,cAAc,GAAG;QAC7B,MAAM,YAAE,QAAQ,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QACtC,MAAM,iBAAiB,GAAG,CAAA,GAAA,yCAAoB,CAAA,CAAC,QAAQ,CAAC,AAAC;QAEzD,OAAO,CAAA,GAAA,sBAAe,CAAA,CAAC,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;KACnE;IAED,MAAc,mBAAmB,GAAG;QAClC,MAAM,WAAE,OAAO,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAE/C,OAAO,CAAA,GAAA,yBAAkB,CAAA,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;KAC7C;IAED,MAAc,aAAa,CAAC,OAAe,EAAE;QAC3C,MAAM,SAAE,KAAK,CAAA,EAAE,GAAG,IAAI,CAAC,WAAW,AAAC;QACnC,MAAM,UAAE,MAAM,CAAA,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,AAAC;QAC9C,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,AAAC;QAExD,IAAI;YACF,MAAM,CAAA,GAAA,oBAAa,CAAA,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;SAC9D,CAAC,OAAO,KAAK,EAAW;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,CAAA,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;SACvD;KACF;IAED,AAAQ,aAAa,CAAC,gBACpB,YAAY,CAAA,WACZ,OAAO,CAAA,SACP,KAAK,CAAA,eACL,WAAW,CAAA,aACX,SAAS,CAAA,EACS,EAAE;QACpB,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,8EAA8E;QAC9E,MAAM,cAAc,GAAG,CAAA,GAAA,yCAAmB,CAAA,EAAE,AAAC;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,SAAS,AAAC;QAChD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,EAAE;YAAE,KAAK,EAAE,WAAW;mBAAE,KAAK;uBAAE,SAAS;SAAE,CAAC,CAAC;QAClF,IAAI,CAAC,kBAAkB,EAAE,CAAC;KAC3B;IAED,AAAQ,kBAAkB,GAAG;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,kBAAkB,EACtC,OAAO;QAGT,MAAM,IAAI,GAAgC,EAAE,AAAC;QAE7C,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAC5D,sDAAsD;QACtD,IAAI,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC;QAG1B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;KACnE;IAED,AAAQ,kBAAkB,GAAG;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,AAAC;QAExD,IAAI,CAAC,GAAG,EACN,OAAO;QAGT,IAAI;YACF,MAAM,IAAI,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;YACtC,CAAA,GAAA,aAAM,CAAA,CAAC,IAAI,EAAE,CAAA,GAAA,yCAAyB,CAAA,CAAC,CAAC;YACxC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;YAE5B,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CACnD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;SAE7C,CAAC,OAAM,EAAE;KACX;CACF","sources":["packages/client/src/index.ts","packages/client/src/errors.ts","packages/client/src/types/index.ts","packages/client/src/utils/index.ts","packages/client/src/utils/requester.ts"],"sourcesContent":["import {\n CodeTokenResponse,\n decodeIdToken,\n fetchOidcConfig,\n fetchTokenByAuthorizationCode,\n fetchTokenByRefreshToken,\n generateSignInUri,\n generateSignOutUri,\n IdTokenClaims,\n Prompt,\n revoke,\n verifyAndParseCodeFromCallbackUri,\n verifyIdToken,\n withReservedScopes,\n} from '@logto/js';\nimport { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\nimport { assert } from 'superstruct';\n\nimport { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport {\n AccessToken,\n LogtoAccessTokenMapSchema,\n LogtoConfig,\n LogtoSignInSessionItem,\n LogtoSignInSessionItemSchema,\n} from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode } from '@logto/js';\nexport { LogtoError, OidcError, Prompt, LogtoRequestError } from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n protected readonly logtoConfig: LogtoConfig;\n protected readonly getOidcConfig = once(this._getOidcConfig);\n protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n\n protected readonly adapter: ClientAdapter;\n\n protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n private readonly getAccessTokenPromiseMap = new Map<string, Promise<string>>();\n private _idToken: Nullable<string>;\n\n constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n this.logtoConfig = {\n ...logtoConfig,\n prompt: logtoConfig.prompt ?? Prompt.Consent,\n scopes: withReservedScopes(logtoConfig.scopes).split(' '),\n };\n this.adapter = adapter;\n this._idToken = this.adapter.storage.getItem('idToken');\n\n if (this.logtoConfig.persistAccessToken) {\n this.loadAccessTokenMap();\n }\n }\n\n public get isAuthenticated() {\n return Boolean(this.idToken);\n }\n\n protected get signInSession(): Nullable<LogtoSignInSessionItem> {\n const jsonItem = this.adapter.storage.getItem('signInSession');\n\n if (!jsonItem) {\n return null;\n }\n\n try {\n const item: unknown = JSON.parse(jsonItem);\n assert(item, LogtoSignInSessionItemSchema);\n\n return item;\n } catch (error: unknown) {\n throw new LogtoClientError('sign_in_session.invalid', error);\n }\n }\n\n protected set signInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n if (!logtoSignInSessionItem) {\n this.adapter.storage.removeItem('signInSession');\n\n return;\n }\n\n const jsonItem = JSON.stringify(logtoSignInSessionItem);\n this.adapter.storage.setItem('signInSession', jsonItem);\n }\n\n get refreshToken() {\n return this.adapter.storage.getItem('refreshToken');\n }\n\n private set refreshToken(refreshToken: Nullable<string>) {\n if (!refreshToken) {\n this.adapter.storage.removeItem('refreshToken');\n\n return;\n }\n\n this.adapter.storage.setItem('refreshToken', refreshToken);\n }\n\n get idToken() {\n return this._idToken;\n }\n\n private set idToken(idToken: Nullable<string>) {\n this._idToken = idToken;\n\n if (!idToken) {\n this.adapter.storage.removeItem('idToken');\n\n return;\n }\n\n this.adapter.storage.setItem('idToken', idToken);\n }\n\n // eslint-disable-next-line complexity\n public async getAccessToken(resource?: string): Promise<string> {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const accessTokenKey = buildAccessTokenKey(resource);\n const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n return accessToken.token;\n }\n\n // Since the access token has expired, delete it from the map.\n if (accessToken) {\n this.accessTokenMap.delete(accessTokenKey);\n }\n\n /**\n * Need to fetch a new access token using refresh token.\n * Reuse the cached promise if exists.\n */\n const cachedPromise = this.getAccessTokenPromiseMap.get(accessTokenKey);\n\n if (cachedPromise) {\n return cachedPromise;\n }\n\n /**\n * Create a new promise and cache in map to avoid race condition.\n * Since we enable \"refresh token rotation\" by default,\n * it will be problematic when calling multiple `getAccessToken()` closely.\n */\n const promise = this.getAccessTokenByRefreshToken(resource);\n this.getAccessTokenPromiseMap.set(accessTokenKey, promise);\n\n const token = await promise;\n this.getAccessTokenPromiseMap.delete(accessTokenKey);\n\n return token;\n }\n\n public getIdTokenClaims(): IdTokenClaims {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n return decodeIdToken(this.idToken);\n }\n\n public async signIn(redirectUri: string) {\n const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n const { authorizationEndpoint } = await this.getOidcConfig();\n const codeVerifier = this.adapter.generateCodeVerifier();\n const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n const state = this.adapter.generateState();\n\n const signInUri = generateSignInUri({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n });\n\n this.signInSession = { redirectUri, codeVerifier, state };\n this.refreshToken = null;\n this.idToken = null;\n\n this.adapter.navigate(signInUri);\n }\n\n public isSignInRedirected(url: string): boolean {\n const { signInSession } = this;\n\n if (!signInSession) {\n return false;\n }\n const { redirectUri } = signInSession;\n const { origin, pathname } = new URL(url);\n\n return `${origin}${pathname}` === redirectUri;\n }\n\n public async handleSignInCallback(callbackUri: string) {\n const { signInSession, logtoConfig, adapter } = this;\n const { requester } = adapter;\n\n if (!signInSession) {\n throw new LogtoClientError('sign_in_session.not_found');\n }\n\n const { redirectUri, state, codeVerifier } = signInSession;\n const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n const { appId: clientId } = logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const codeTokenResponse = await fetchTokenByAuthorizationCode(\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n },\n requester\n );\n\n await this.verifyIdToken(codeTokenResponse.idToken);\n\n this.saveCodeToken(codeTokenResponse);\n this.signInSession = null;\n }\n\n public async signOut(postLogoutRedirectUri?: string) {\n if (!this.idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const { appId: clientId } = this.logtoConfig;\n const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n\n if (this.refreshToken) {\n try {\n await revoke(revocationEndpoint, clientId, this.refreshToken, this.adapter.requester);\n } catch {\n // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n }\n }\n\n const url = generateSignOutUri({\n endSessionEndpoint,\n postLogoutRedirectUri,\n idToken: this.idToken,\n });\n\n this.accessTokenMap.clear();\n this.refreshToken = null;\n this.idToken = null;\n\n this.adapter.navigate(url);\n }\n\n private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n if (!this.refreshToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n try {\n const accessTokenKey = buildAccessTokenKey(resource);\n const { appId: clientId } = this.logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const { accessToken, refreshToken, idToken, scope, expiresIn } =\n await fetchTokenByRefreshToken(\n {\n clientId,\n tokenEndpoint,\n refreshToken: this.refreshToken,\n resource,\n scopes: resource ? ['offline_access'] : undefined, // Force remove openid scope from the request\n },\n this.adapter.requester\n );\n\n this.accessTokenMap.set(accessTokenKey, {\n token: accessToken,\n scope,\n expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n });\n this.saveAccessTokenMap();\n\n this.refreshToken = refreshToken;\n\n if (idToken) {\n await this.verifyIdToken(idToken);\n this.idToken = idToken;\n }\n\n return accessToken;\n } catch (error: unknown) {\n throw new LogtoClientError('get_access_token_by_refresh_token_failed', error);\n }\n }\n\n private async _getOidcConfig() {\n const { endpoint } = this.logtoConfig;\n const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n }\n\n private async _getJwtVerifyGetKey() {\n const { jwksUri } = await this.getOidcConfig();\n\n return createRemoteJWKSet(new URL(jwksUri));\n }\n\n private async verifyIdToken(idToken: string) {\n const { appId } = this.logtoConfig;\n const { issuer } = await this.getOidcConfig();\n const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n try {\n await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n } catch (error: unknown) {\n throw new LogtoClientError('invalid_id_token', error);\n }\n }\n\n private saveCodeToken({\n refreshToken,\n idToken,\n scope,\n accessToken,\n expiresIn,\n }: CodeTokenResponse) {\n this.refreshToken = refreshToken ?? null;\n this.idToken = idToken;\n\n // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n const accessTokenKey = buildAccessTokenKey();\n const expiresAt = Date.now() / 1000 + expiresIn;\n this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n this.saveAccessTokenMap();\n }\n\n private saveAccessTokenMap() {\n if (!this.logtoConfig.persistAccessToken) {\n return;\n }\n\n const data: Record<string, AccessToken> = {};\n\n for (const [key, accessToken] of this.accessTokenMap.entries()) {\n // eslint-disable-next-line @silverhand/fp/no-mutation\n data[key] = accessToken;\n }\n\n this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n }\n\n private loadAccessTokenMap() {\n const raw = this.adapter.storage.getItem('accessToken');\n\n if (!raw) {\n return;\n }\n\n try {\n const json: unknown = JSON.parse(raw);\n assert(json, LogtoAccessTokenMapSchema);\n this.accessTokenMap.clear();\n\n for (const [key, accessToken] of Object.entries(json)) {\n this.accessTokenMap.set(key, accessToken);\n }\n } catch {}\n }\n}\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nconst logtoClientErrorCodes = Object.freeze({\n sign_in_session: {\n invalid: 'Invalid sign-in session.',\n not_found: 'Sign-in session not found.',\n },\n not_authenticated: 'Not authenticated.',\n get_access_token_by_refresh_token_failed: 'Failed to get access token by refresh token.',\n invalid_id_token: 'Invalid id token.',\n});\n\nexport type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoClientErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoClientErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoClientError extends Error {\n code: LogtoClientErrorCode;\n data: unknown;\n\n constructor(code: LogtoClientErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n","import { Prompt } from '@logto/js';\nimport { Infer, number, record, string, type } from 'superstruct';\n\nexport type LogtoConfig = {\n endpoint: string;\n appId: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n persistAccessToken?: boolean;\n};\n\nexport const AccessTokenSchema = type({\n token: string(),\n scope: string(),\n expiresAt: number(),\n});\n\nexport type AccessToken = Infer<typeof AccessTokenSchema>;\n\nexport const LogtoSignInSessionItemSchema = type({\n redirectUri: string(),\n codeVerifier: string(),\n state: string(),\n});\n\nexport const LogtoAccessTokenMapSchema = record(string(), AccessTokenSchema);\n\nexport type LogtoSignInSessionItem = Infer<typeof LogtoSignInSessionItemSchema>;\n","import { discoveryPath } from '@logto/js';\n\nexport * from './requester';\n\nexport const buildAccessTokenKey = (resource = '', scopes: string[] = []): string =>\n `${scopes.slice().sort().join(' ')}@${resource}`;\n\nexport const getDiscoveryEndpoint = (endpoint: string): string =>\n new URL(discoveryPath, endpoint).toString();\n","import { LogtoRequestError, LogtoRequestErrorBody, Requester } from '@logto/js';\n\nexport const createRequester = (fetchFunction: typeof fetch): Requester => {\n return async <T>(...args: Parameters<typeof fetch>): Promise<T> => {\n const response = await fetchFunction(...args);\n\n if (!response.ok) {\n // Expected request error from server\n const { code, message } = await response.json<LogtoRequestErrorBody>();\n throw new LogtoRequestError(code, message);\n }\n\n return response.json<T>();\n };\n};\n"],"names":[],"version":3,"file":"module.js.map"}
|
package/package.json
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@logto/client",
|
|
3
|
+
"version": "1.0.0-beta.0",
|
|
4
|
+
"source": "./src/index.ts",
|
|
5
|
+
"main": "./lib/index.js",
|
|
6
|
+
"exports": {
|
|
7
|
+
"require": "./lib/index.js",
|
|
8
|
+
"import": "./lib/module.js"
|
|
9
|
+
},
|
|
10
|
+
"module": "./lib/module.js",
|
|
11
|
+
"types": "./lib/index.d.ts",
|
|
12
|
+
"files": [
|
|
13
|
+
"lib"
|
|
14
|
+
],
|
|
15
|
+
"license": "MIT",
|
|
16
|
+
"repository": {
|
|
17
|
+
"type": "git",
|
|
18
|
+
"url": "https://github.com/logto-io/js.git",
|
|
19
|
+
"directory": "packages/client"
|
|
20
|
+
},
|
|
21
|
+
"scripts": {
|
|
22
|
+
"dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
|
|
23
|
+
"precommit": "lint-staged",
|
|
24
|
+
"check": "tsc --noEmit",
|
|
25
|
+
"build": "rm -rf lib/ && pnpm check && parcel build",
|
|
26
|
+
"lint": "eslint --ext .ts src",
|
|
27
|
+
"test": "jest",
|
|
28
|
+
"test:coverage": "jest --silent --env=jsdom && jest --silent --coverage",
|
|
29
|
+
"prepack": "pnpm test"
|
|
30
|
+
},
|
|
31
|
+
"dependencies": {
|
|
32
|
+
"@logto/js": "^1.0.0-beta.0",
|
|
33
|
+
"@silverhand/essentials": "^1.1.6",
|
|
34
|
+
"camelcase-keys": "^7.0.1",
|
|
35
|
+
"jose": "^4.3.8",
|
|
36
|
+
"lodash.get": "^4.4.2",
|
|
37
|
+
"lodash.once": "^4.1.1",
|
|
38
|
+
"superstruct": "^0.16.0"
|
|
39
|
+
},
|
|
40
|
+
"devDependencies": {
|
|
41
|
+
"@jest/types": "^27.5.1",
|
|
42
|
+
"@parcel/core": "^2.6.2",
|
|
43
|
+
"@parcel/packager-ts": "^2.6.2",
|
|
44
|
+
"@parcel/transformer-typescript-types": "^2.6.2",
|
|
45
|
+
"@silverhand/eslint-config": "^0.17.0",
|
|
46
|
+
"@silverhand/ts-config": "^0.17.0",
|
|
47
|
+
"@types/jest": "^27.4.1",
|
|
48
|
+
"@types/lodash.get": "^4.4.6",
|
|
49
|
+
"@types/lodash.once": "^4.1.7",
|
|
50
|
+
"@types/node": "^17.0.19",
|
|
51
|
+
"eslint": "^8.9.0",
|
|
52
|
+
"jest": "^27.5.1",
|
|
53
|
+
"jest-matcher-specific-error": "^1.0.0",
|
|
54
|
+
"lint-staged": "^13.0.0",
|
|
55
|
+
"nock": "^13.1.3",
|
|
56
|
+
"parcel": "^2.6.2",
|
|
57
|
+
"prettier": "^2.3.2",
|
|
58
|
+
"text-encoder": "^0.0.4",
|
|
59
|
+
"ts-jest": "^27.0.4",
|
|
60
|
+
"type-fest": "^2.10.0",
|
|
61
|
+
"typescript": "^4.5.5"
|
|
62
|
+
},
|
|
63
|
+
"eslintConfig": {
|
|
64
|
+
"extends": "@silverhand"
|
|
65
|
+
},
|
|
66
|
+
"prettier": "@silverhand/eslint-config/.prettierrc",
|
|
67
|
+
"publishConfig": {
|
|
68
|
+
"access": "public"
|
|
69
|
+
},
|
|
70
|
+
"gitHead": "f0f78e6f0b97174de98588b35d1d12c8396206ba"
|
|
71
|
+
}
|