@logto/client 1.1.0 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/adapter.d.ts +17 -0
- package/lib/errors.d.ts +16 -0
- package/lib/errors.js +33 -0
- package/lib/errors.mjs +27 -0
- package/lib/index.d.ts +27 -58
- package/lib/index.js +185 -247
- package/lib/index.mjs +254 -0
- package/lib/index.test.d.ts +1 -0
- package/lib/mock.d.ts +68 -0
- package/lib/types/index.d.ts +21 -0
- package/lib/types/index.js +26 -0
- package/lib/types/index.mjs +23 -0
- package/lib/utils/index.d.ts +3 -0
- package/lib/utils/index.js +9 -0
- package/lib/utils/index.mjs +6 -0
- package/lib/utils/index.test.d.ts +1 -0
- package/lib/utils/requester.d.ts +2 -0
- package/lib/utils/requester.js +21 -0
- package/lib/utils/requester.mjs +19 -0
- package/lib/utils/requester.test.d.ts +1 -0
- package/package.json +17 -20
- package/lib/index.d.ts.map +0 -1
- package/lib/index.js.map +0 -1
- package/lib/module.d.mts +0 -78
- package/lib/module.mjs +0 -317
- package/lib/module.mjs.map +0 -1
package/lib/index.js
CHANGED
|
@@ -1,351 +1,289 @@
|
|
|
1
|
-
|
|
2
|
-
var $4R6L3$jose = require("jose");
|
|
3
|
-
var $4R6L3$lodashonce = require("lodash.once");
|
|
4
|
-
var $4R6L3$lodashget = require("lodash.get");
|
|
5
|
-
|
|
6
|
-
function $parcel$interopDefault(a) {
|
|
7
|
-
return a && a.__esModule ? a.default : a;
|
|
8
|
-
}
|
|
9
|
-
function $parcel$defineInteropFlag(a) {
|
|
10
|
-
Object.defineProperty(a, '__esModule', {value: true, configurable: true});
|
|
11
|
-
}
|
|
12
|
-
function $parcel$exportWildcard(dest, source) {
|
|
13
|
-
Object.keys(source).forEach(function(key) {
|
|
14
|
-
if (key === 'default' || key === '__esModule' || dest.hasOwnProperty(key)) {
|
|
15
|
-
return;
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
Object.defineProperty(dest, key, {
|
|
19
|
-
enumerable: true,
|
|
20
|
-
get: function get() {
|
|
21
|
-
return source[key];
|
|
22
|
-
}
|
|
23
|
-
});
|
|
24
|
-
});
|
|
25
|
-
|
|
26
|
-
return dest;
|
|
27
|
-
}
|
|
28
|
-
function $parcel$export(e, n, v, s) {
|
|
29
|
-
Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
$parcel$defineInteropFlag(module.exports);
|
|
33
|
-
|
|
34
|
-
$parcel$export(module.exports, "default", () => $f73788ae50447ce9$export$2e2bcd8739ae039);
|
|
35
|
-
$parcel$export(module.exports, "LogtoError", () => $f73788ae50447ce9$re_export$LogtoError);
|
|
36
|
-
$parcel$export(module.exports, "OidcError", () => $f73788ae50447ce9$re_export$OidcError);
|
|
37
|
-
$parcel$export(module.exports, "Prompt", () => $4R6L3$logtojs.Prompt);
|
|
38
|
-
$parcel$export(module.exports, "LogtoRequestError", () => $f73788ae50447ce9$re_export$LogtoRequestError);
|
|
39
|
-
$parcel$export(module.exports, "ReservedScope", () => $f73788ae50447ce9$re_export$ReservedScope);
|
|
40
|
-
$parcel$export(module.exports, "UserScope", () => $f73788ae50447ce9$re_export$UserScope);
|
|
41
|
-
$parcel$export(module.exports, "createRequester", () => $b455f57f80fbf6bf$export$8d54726fdbf08e0a);
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
var $9166104b36889c59$exports = {};
|
|
46
|
-
|
|
47
|
-
$parcel$export($9166104b36889c59$exports, "LogtoClientError", () => $9166104b36889c59$export$877962ca249b8fc8);
|
|
48
|
-
|
|
49
|
-
const $9166104b36889c59$var$logtoClientErrorCodes = Object.freeze({
|
|
50
|
-
sign_in_session: {
|
|
51
|
-
invalid: "Invalid sign-in session.",
|
|
52
|
-
not_found: "Sign-in session not found."
|
|
53
|
-
},
|
|
54
|
-
not_authenticated: "Not authenticated.",
|
|
55
|
-
get_access_token_by_refresh_token_failed: "Failed to get access token by refresh token.",
|
|
56
|
-
fetch_user_info_failed: "Unable to fetch user info. The access token may be invalid.",
|
|
57
|
-
invalid_id_token: "Invalid id token."
|
|
58
|
-
});
|
|
59
|
-
const $9166104b36889c59$var$getMessageByErrorCode = (errorCode)=>{
|
|
60
|
-
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
|
|
61
|
-
const message = (0, ($parcel$interopDefault($4R6L3$lodashget)))($9166104b36889c59$var$logtoClientErrorCodes, errorCode);
|
|
62
|
-
if (typeof message === "string") return message;
|
|
63
|
-
return errorCode;
|
|
64
|
-
};
|
|
65
|
-
class $9166104b36889c59$export$877962ca249b8fc8 extends Error {
|
|
66
|
-
constructor(code, data){
|
|
67
|
-
super($9166104b36889c59$var$getMessageByErrorCode(code));
|
|
68
|
-
this.code = code;
|
|
69
|
-
this.data = data;
|
|
70
|
-
}
|
|
71
|
-
}
|
|
1
|
+
'use strict';
|
|
72
2
|
|
|
3
|
+
Object.defineProperty(exports, '__esModule', { value: true });
|
|
73
4
|
|
|
74
|
-
var
|
|
5
|
+
var js = require('@logto/js');
|
|
6
|
+
var jose = require('jose');
|
|
7
|
+
var once = require('lodash.once');
|
|
8
|
+
var errors = require('./errors.js');
|
|
9
|
+
var index = require('./types/index.js');
|
|
10
|
+
var index$1 = require('./utils/index.js');
|
|
11
|
+
var requester = require('./utils/requester.js');
|
|
75
12
|
|
|
76
|
-
|
|
77
|
-
$parcel$export($6d3989f7f53311af$exports, "isLogtoAccessTokenMap", () => $6d3989f7f53311af$export$c12fab42a9a3e2a6);
|
|
13
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
78
14
|
|
|
79
|
-
|
|
80
|
-
if (!(0, $4R6L3$logtojs.isArbitraryObject)(data)) return false;
|
|
81
|
-
return [
|
|
82
|
-
"redirectUri",
|
|
83
|
-
"codeVerifier",
|
|
84
|
-
"state"
|
|
85
|
-
].every((key)=>typeof data[key] === "string");
|
|
86
|
-
};
|
|
87
|
-
const $6d3989f7f53311af$export$c12fab42a9a3e2a6 = (data)=>{
|
|
88
|
-
if (!(0, $4R6L3$logtojs.isArbitraryObject)(data)) return false;
|
|
89
|
-
return Object.values(data).every((value)=>{
|
|
90
|
-
if (!(0, $4R6L3$logtojs.isArbitraryObject)(value)) return false;
|
|
91
|
-
return typeof value.token === "string" && typeof value.scope === "string" && typeof value.expiresAt === "number";
|
|
92
|
-
});
|
|
93
|
-
};
|
|
15
|
+
var once__default = /*#__PURE__*/_interopDefault(once);
|
|
94
16
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
const response = await fetchFunction(...args);
|
|
101
|
-
if (!response.ok) {
|
|
102
|
-
const responseJson = await response.json();
|
|
103
|
-
if (!(0, $4R6L3$logtojs.isLogtoRequestError)(responseJson)) throw new (0, $4R6L3$logtojs.LogtoError)("unexpected_response_error", responseJson);
|
|
104
|
-
// Expected request error from server
|
|
105
|
-
const { code: code , message: message } = responseJson;
|
|
106
|
-
throw new (0, $4R6L3$logtojs.LogtoRequestError)(code, message);
|
|
107
|
-
}
|
|
108
|
-
return response.json();
|
|
109
|
-
};
|
|
110
|
-
};
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
const $e2aabdbdb3cc09f0$export$8f595bd2a47bcea6 = (resource = "", scopes = [])=>`${scopes.slice().sort().join(" ")}@${resource}`;
|
|
114
|
-
const $e2aabdbdb3cc09f0$export$5d9c34f69c80822b = (endpoint)=>new URL((0, $4R6L3$logtojs.discoveryPath), endpoint).toString();
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
class $f73788ae50447ce9$export$2e2bcd8739ae039 {
|
|
122
|
-
getOidcConfig = (0, ($parcel$interopDefault($4R6L3$lodashonce)))(this._getOidcConfig);
|
|
123
|
-
getJwtVerifyGetKey = (0, ($parcel$interopDefault($4R6L3$lodashonce)))(this._getJwtVerifyGetKey);
|
|
124
|
-
accessTokenMap = new Map();
|
|
125
|
-
constructor(logtoConfig, adapter){
|
|
17
|
+
class LogtoClient {
|
|
18
|
+
constructor(logtoConfig, adapter) {
|
|
19
|
+
this.getOidcConfig = once__default.default(this._getOidcConfig);
|
|
20
|
+
this.getJwtVerifyGetKey = once__default.default(this._getJwtVerifyGetKey);
|
|
21
|
+
this.accessTokenMap = new Map();
|
|
126
22
|
this.logtoConfig = {
|
|
127
23
|
...logtoConfig,
|
|
128
|
-
prompt: logtoConfig.prompt ??
|
|
129
|
-
scopes:
|
|
24
|
+
prompt: logtoConfig.prompt ?? js.Prompt.Consent,
|
|
25
|
+
scopes: js.withDefaultScopes(logtoConfig.scopes).split(' '),
|
|
130
26
|
};
|
|
131
27
|
this.adapter = adapter;
|
|
132
|
-
this.loadAccessTokenMap();
|
|
28
|
+
void this.loadAccessTokenMap();
|
|
133
29
|
}
|
|
134
30
|
async isAuthenticated() {
|
|
135
31
|
return Boolean(await this.getIdToken());
|
|
136
32
|
}
|
|
137
33
|
async getRefreshToken() {
|
|
138
|
-
return this.adapter.storage.getItem(
|
|
34
|
+
return this.adapter.storage.getItem('refreshToken');
|
|
139
35
|
}
|
|
140
36
|
async getIdToken() {
|
|
141
|
-
return this.adapter.storage.getItem(
|
|
37
|
+
return this.adapter.storage.getItem('idToken');
|
|
142
38
|
}
|
|
143
39
|
async getAccessToken(resource) {
|
|
144
|
-
if (!await this.getIdToken())
|
|
145
|
-
|
|
40
|
+
if (!(await this.getIdToken())) {
|
|
41
|
+
throw new errors.LogtoClientError('not_authenticated');
|
|
42
|
+
}
|
|
43
|
+
const accessTokenKey = index$1.buildAccessTokenKey(resource);
|
|
146
44
|
const accessToken = this.accessTokenMap.get(accessTokenKey);
|
|
147
|
-
if (accessToken && accessToken.expiresAt > Date.now() / 1000)
|
|
45
|
+
if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
|
|
46
|
+
return accessToken.token;
|
|
47
|
+
}
|
|
148
48
|
// Since the access token has expired, delete it from the map.
|
|
149
|
-
if (accessToken)
|
|
49
|
+
if (accessToken) {
|
|
50
|
+
this.accessTokenMap.delete(accessTokenKey);
|
|
51
|
+
}
|
|
150
52
|
/**
|
|
151
|
-
|
|
152
|
-
|
|
53
|
+
* Need to fetch a new access token using refresh token.
|
|
54
|
+
*/
|
|
55
|
+
return this.getAccessTokenByRefreshToken(resource);
|
|
153
56
|
}
|
|
154
57
|
async getIdTokenClaims() {
|
|
155
58
|
const idToken = await this.getIdToken();
|
|
156
|
-
if (!idToken)
|
|
157
|
-
|
|
59
|
+
if (!idToken) {
|
|
60
|
+
throw new errors.LogtoClientError('not_authenticated');
|
|
61
|
+
}
|
|
62
|
+
return js.decodeIdToken(idToken);
|
|
158
63
|
}
|
|
159
64
|
async fetchUserInfo() {
|
|
160
|
-
const { userinfoEndpoint
|
|
65
|
+
const { userinfoEndpoint } = await this.getOidcConfig();
|
|
161
66
|
const accessToken = await this.getAccessToken();
|
|
162
|
-
if (!accessToken)
|
|
163
|
-
|
|
67
|
+
if (!accessToken) {
|
|
68
|
+
throw new errors.LogtoClientError('fetch_user_info_failed');
|
|
69
|
+
}
|
|
70
|
+
return js.fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
|
|
164
71
|
}
|
|
165
72
|
async signIn(redirectUri, interactionMode) {
|
|
166
|
-
const { appId: clientId
|
|
167
|
-
const { authorizationEndpoint
|
|
73
|
+
const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;
|
|
74
|
+
const { authorizationEndpoint } = await this.getOidcConfig();
|
|
168
75
|
const codeVerifier = this.adapter.generateCodeVerifier();
|
|
169
76
|
const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
|
|
170
77
|
const state = this.adapter.generateState();
|
|
171
|
-
const signInUri =
|
|
172
|
-
authorizationEndpoint
|
|
173
|
-
clientId
|
|
174
|
-
redirectUri
|
|
175
|
-
codeChallenge
|
|
176
|
-
state
|
|
177
|
-
scopes
|
|
178
|
-
resources
|
|
179
|
-
prompt
|
|
180
|
-
interactionMode
|
|
181
|
-
});
|
|
182
|
-
await this.setSignInSession({
|
|
183
|
-
redirectUri: redirectUri,
|
|
184
|
-
codeVerifier: codeVerifier,
|
|
185
|
-
state: state
|
|
78
|
+
const signInUri = js.generateSignInUri({
|
|
79
|
+
authorizationEndpoint,
|
|
80
|
+
clientId,
|
|
81
|
+
redirectUri,
|
|
82
|
+
codeChallenge,
|
|
83
|
+
state,
|
|
84
|
+
scopes,
|
|
85
|
+
resources,
|
|
86
|
+
prompt,
|
|
87
|
+
interactionMode,
|
|
186
88
|
});
|
|
89
|
+
await this.setSignInSession({ redirectUri, codeVerifier, state });
|
|
187
90
|
await this.setRefreshToken(null);
|
|
188
91
|
await this.setIdToken(null);
|
|
189
92
|
this.adapter.navigate(signInUri);
|
|
190
93
|
}
|
|
191
94
|
async isSignInRedirected(url) {
|
|
192
95
|
const signInSession = await this.getSignInSession();
|
|
193
|
-
if (!signInSession)
|
|
194
|
-
|
|
195
|
-
|
|
96
|
+
if (!signInSession) {
|
|
97
|
+
return false;
|
|
98
|
+
}
|
|
99
|
+
const { redirectUri } = signInSession;
|
|
100
|
+
const { origin, pathname } = new URL(url);
|
|
196
101
|
return `${origin}${pathname}` === redirectUri;
|
|
197
102
|
}
|
|
198
103
|
async handleSignInCallback(callbackUri) {
|
|
199
|
-
const { logtoConfig
|
|
200
|
-
const { requester
|
|
104
|
+
const { logtoConfig, adapter } = this;
|
|
105
|
+
const { requester } = adapter;
|
|
201
106
|
const signInSession = await this.getSignInSession();
|
|
202
|
-
if (!signInSession)
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
const {
|
|
206
|
-
const
|
|
207
|
-
const
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
107
|
+
if (!signInSession) {
|
|
108
|
+
throw new errors.LogtoClientError('sign_in_session.not_found');
|
|
109
|
+
}
|
|
110
|
+
const { redirectUri, state, codeVerifier } = signInSession;
|
|
111
|
+
const code = js.verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
|
|
112
|
+
const { appId: clientId } = logtoConfig;
|
|
113
|
+
const { tokenEndpoint } = await this.getOidcConfig();
|
|
114
|
+
const codeTokenResponse = await js.fetchTokenByAuthorizationCode({
|
|
115
|
+
clientId,
|
|
116
|
+
tokenEndpoint,
|
|
117
|
+
redirectUri,
|
|
118
|
+
codeVerifier,
|
|
119
|
+
code,
|
|
213
120
|
}, requester);
|
|
214
121
|
await this.verifyIdToken(codeTokenResponse.idToken);
|
|
215
122
|
await this.saveCodeToken(codeTokenResponse);
|
|
216
123
|
await this.setSignInSession(null);
|
|
217
124
|
}
|
|
218
125
|
async signOut(postLogoutRedirectUri) {
|
|
219
|
-
const
|
|
220
|
-
|
|
221
|
-
const { appId: clientId } = this.logtoConfig;
|
|
222
|
-
const { endSessionEndpoint: endSessionEndpoint , revocationEndpoint: revocationEndpoint } = await this.getOidcConfig();
|
|
126
|
+
const { appId: clientId } = this.logtoConfig;
|
|
127
|
+
const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();
|
|
223
128
|
const refreshToken = await this.getRefreshToken();
|
|
224
|
-
if (refreshToken)
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
129
|
+
if (refreshToken) {
|
|
130
|
+
try {
|
|
131
|
+
await js.revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
|
|
132
|
+
}
|
|
133
|
+
catch {
|
|
134
|
+
// Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
|
|
135
|
+
}
|
|
228
136
|
}
|
|
229
|
-
const url =
|
|
230
|
-
endSessionEndpoint
|
|
231
|
-
postLogoutRedirectUri
|
|
232
|
-
clientId
|
|
137
|
+
const url = js.generateSignOutUri({
|
|
138
|
+
endSessionEndpoint,
|
|
139
|
+
postLogoutRedirectUri,
|
|
140
|
+
clientId,
|
|
233
141
|
});
|
|
234
142
|
this.accessTokenMap.clear();
|
|
235
143
|
await this.setRefreshToken(null);
|
|
236
144
|
await this.setIdToken(null);
|
|
237
|
-
await this.adapter.storage.removeItem(
|
|
145
|
+
await this.adapter.storage.removeItem('accessToken');
|
|
238
146
|
this.adapter.navigate(url);
|
|
239
147
|
}
|
|
240
148
|
async getSignInSession() {
|
|
241
|
-
const jsonItem = await this.adapter.storage.getItem(
|
|
242
|
-
if (!jsonItem)
|
|
149
|
+
const jsonItem = await this.adapter.storage.getItem('signInSession');
|
|
150
|
+
if (!jsonItem) {
|
|
151
|
+
return null;
|
|
152
|
+
}
|
|
243
153
|
const item = JSON.parse(jsonItem);
|
|
244
|
-
if (!(
|
|
154
|
+
if (!index.isLogtoSignInSessionItem(item)) {
|
|
155
|
+
throw new errors.LogtoClientError('sign_in_session.invalid');
|
|
156
|
+
}
|
|
245
157
|
return item;
|
|
246
158
|
}
|
|
247
159
|
async setSignInSession(logtoSignInSessionItem) {
|
|
248
160
|
if (!logtoSignInSessionItem) {
|
|
249
|
-
await this.adapter.storage.removeItem(
|
|
161
|
+
await this.adapter.storage.removeItem('signInSession');
|
|
250
162
|
return;
|
|
251
163
|
}
|
|
252
164
|
const jsonItem = JSON.stringify(logtoSignInSessionItem);
|
|
253
|
-
await this.adapter.storage.setItem(
|
|
165
|
+
await this.adapter.storage.setItem('signInSession', jsonItem);
|
|
254
166
|
}
|
|
255
167
|
async setIdToken(idToken) {
|
|
256
168
|
if (!idToken) {
|
|
257
|
-
await this.adapter.storage.removeItem(
|
|
169
|
+
await this.adapter.storage.removeItem('idToken');
|
|
258
170
|
return;
|
|
259
171
|
}
|
|
260
|
-
await this.adapter.storage.setItem(
|
|
172
|
+
await this.adapter.storage.setItem('idToken', idToken);
|
|
261
173
|
}
|
|
262
174
|
async setRefreshToken(refreshToken) {
|
|
263
175
|
if (!refreshToken) {
|
|
264
|
-
await this.adapter.storage.removeItem(
|
|
176
|
+
await this.adapter.storage.removeItem('refreshToken');
|
|
265
177
|
return;
|
|
266
178
|
}
|
|
267
|
-
await this.adapter.storage.setItem(
|
|
179
|
+
await this.adapter.storage.setItem('refreshToken', refreshToken);
|
|
268
180
|
}
|
|
269
181
|
async getAccessTokenByRefreshToken(resource) {
|
|
270
182
|
const currentRefreshToken = await this.getRefreshToken();
|
|
271
|
-
if (!currentRefreshToken)
|
|
272
|
-
|
|
273
|
-
const accessTokenKey = (0, $e2aabdbdb3cc09f0$export$8f595bd2a47bcea6)(resource);
|
|
274
|
-
const { appId: clientId } = this.logtoConfig;
|
|
275
|
-
const { tokenEndpoint: tokenEndpoint } = await this.getOidcConfig();
|
|
276
|
-
const { accessToken: accessToken , refreshToken: refreshToken , idToken: idToken , scope: scope , expiresIn: expiresIn } = await (0, $4R6L3$logtojs.fetchTokenByRefreshToken)({
|
|
277
|
-
clientId: clientId,
|
|
278
|
-
tokenEndpoint: tokenEndpoint,
|
|
279
|
-
refreshToken: currentRefreshToken,
|
|
280
|
-
resource: resource
|
|
281
|
-
}, this.adapter.requester);
|
|
282
|
-
this.accessTokenMap.set(accessTokenKey, {
|
|
283
|
-
token: accessToken,
|
|
284
|
-
scope: scope,
|
|
285
|
-
expiresAt: Math.round(Date.now() / 1000) + expiresIn
|
|
286
|
-
});
|
|
287
|
-
await this.saveAccessTokenMap();
|
|
288
|
-
await this.setRefreshToken(refreshToken);
|
|
289
|
-
if (idToken) {
|
|
290
|
-
await this.verifyIdToken(idToken);
|
|
291
|
-
await this.setIdToken(idToken);
|
|
292
|
-
}
|
|
293
|
-
return accessToken;
|
|
294
|
-
} catch (error) {
|
|
295
|
-
throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("get_access_token_by_refresh_token_failed", error);
|
|
183
|
+
if (!currentRefreshToken) {
|
|
184
|
+
throw new errors.LogtoClientError('not_authenticated');
|
|
296
185
|
}
|
|
186
|
+
const accessTokenKey = index$1.buildAccessTokenKey(resource);
|
|
187
|
+
const { appId: clientId } = this.logtoConfig;
|
|
188
|
+
const { tokenEndpoint } = await this.getOidcConfig();
|
|
189
|
+
const { accessToken, refreshToken, idToken, scope, expiresIn } = await js.fetchTokenByRefreshToken({
|
|
190
|
+
clientId,
|
|
191
|
+
tokenEndpoint,
|
|
192
|
+
refreshToken: currentRefreshToken,
|
|
193
|
+
resource,
|
|
194
|
+
}, this.adapter.requester);
|
|
195
|
+
this.accessTokenMap.set(accessTokenKey, {
|
|
196
|
+
token: accessToken,
|
|
197
|
+
scope,
|
|
198
|
+
expiresAt: Math.round(Date.now() / 1000) + expiresIn,
|
|
199
|
+
});
|
|
200
|
+
await this.saveAccessTokenMap();
|
|
201
|
+
await this.setRefreshToken(refreshToken);
|
|
202
|
+
if (idToken) {
|
|
203
|
+
await this.verifyIdToken(idToken);
|
|
204
|
+
await this.setIdToken(idToken);
|
|
205
|
+
}
|
|
206
|
+
return accessToken;
|
|
297
207
|
}
|
|
298
208
|
async _getOidcConfig() {
|
|
299
|
-
const { endpoint
|
|
300
|
-
const discoveryEndpoint =
|
|
301
|
-
return
|
|
209
|
+
const { endpoint } = this.logtoConfig;
|
|
210
|
+
const discoveryEndpoint = index$1.getDiscoveryEndpoint(endpoint);
|
|
211
|
+
return js.fetchOidcConfig(discoveryEndpoint, this.adapter.requester);
|
|
302
212
|
}
|
|
303
213
|
async _getJwtVerifyGetKey() {
|
|
304
|
-
const { jwksUri
|
|
305
|
-
return
|
|
214
|
+
const { jwksUri } = await this.getOidcConfig();
|
|
215
|
+
return jose.createRemoteJWKSet(new URL(jwksUri));
|
|
306
216
|
}
|
|
307
217
|
async verifyIdToken(idToken) {
|
|
308
|
-
const { appId
|
|
309
|
-
const { issuer
|
|
218
|
+
const { appId } = this.logtoConfig;
|
|
219
|
+
const { issuer } = await this.getOidcConfig();
|
|
310
220
|
const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
|
|
311
|
-
|
|
312
|
-
await (0, $4R6L3$logtojs.verifyIdToken)(idToken, appId, issuer, jwtVerifyGetKey);
|
|
313
|
-
} catch (error) {
|
|
314
|
-
throw new (0, $9166104b36889c59$export$877962ca249b8fc8)("invalid_id_token", error);
|
|
315
|
-
}
|
|
221
|
+
await js.verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
|
|
316
222
|
}
|
|
317
|
-
async saveCodeToken({ refreshToken
|
|
223
|
+
async saveCodeToken({ refreshToken, idToken, scope, accessToken, expiresIn, }) {
|
|
318
224
|
await this.setRefreshToken(refreshToken ?? null);
|
|
319
225
|
await this.setIdToken(idToken);
|
|
320
226
|
// NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
|
|
321
|
-
const accessTokenKey =
|
|
227
|
+
const accessTokenKey = index$1.buildAccessTokenKey();
|
|
322
228
|
const expiresAt = Date.now() / 1000 + expiresIn;
|
|
323
|
-
this.accessTokenMap.set(accessTokenKey, {
|
|
324
|
-
token: accessToken,
|
|
325
|
-
scope: scope,
|
|
326
|
-
expiresAt: expiresAt
|
|
327
|
-
});
|
|
229
|
+
this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });
|
|
328
230
|
await this.saveAccessTokenMap();
|
|
329
231
|
}
|
|
330
232
|
async saveAccessTokenMap() {
|
|
331
233
|
const data = {};
|
|
332
|
-
for (const [key, accessToken] of this.accessTokenMap.entries())
|
|
333
|
-
|
|
334
|
-
|
|
234
|
+
for (const [key, accessToken] of this.accessTokenMap.entries()) {
|
|
235
|
+
// eslint-disable-next-line @silverhand/fp/no-mutation
|
|
236
|
+
data[key] = accessToken;
|
|
237
|
+
}
|
|
238
|
+
await this.adapter.storage.setItem('accessToken', JSON.stringify(data));
|
|
335
239
|
}
|
|
336
240
|
async loadAccessTokenMap() {
|
|
337
|
-
const raw = await this.adapter.storage.getItem(
|
|
338
|
-
if (!raw)
|
|
241
|
+
const raw = await this.adapter.storage.getItem('accessToken');
|
|
242
|
+
if (!raw) {
|
|
243
|
+
return;
|
|
244
|
+
}
|
|
339
245
|
try {
|
|
340
246
|
const json = JSON.parse(raw);
|
|
341
|
-
if (!(
|
|
247
|
+
if (!index.isLogtoAccessTokenMap(json)) {
|
|
248
|
+
return;
|
|
249
|
+
}
|
|
342
250
|
this.accessTokenMap.clear();
|
|
343
|
-
for (const [key, accessToken] of Object.entries(json))
|
|
344
|
-
|
|
251
|
+
for (const [key, accessToken] of Object.entries(json)) {
|
|
252
|
+
this.accessTokenMap.set(key, accessToken);
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
catch (error) {
|
|
256
|
+
console.warn(error);
|
|
257
|
+
}
|
|
345
258
|
}
|
|
346
259
|
}
|
|
347
|
-
$parcel$exportWildcard(module.exports, $9166104b36889c59$exports);
|
|
348
|
-
$parcel$exportWildcard(module.exports, $6d3989f7f53311af$exports);
|
|
349
|
-
|
|
350
260
|
|
|
351
|
-
|
|
261
|
+
Object.defineProperty(exports, 'LogtoError', {
|
|
262
|
+
enumerable: true,
|
|
263
|
+
get: function () { return js.LogtoError; }
|
|
264
|
+
});
|
|
265
|
+
Object.defineProperty(exports, 'LogtoRequestError', {
|
|
266
|
+
enumerable: true,
|
|
267
|
+
get: function () { return js.LogtoRequestError; }
|
|
268
|
+
});
|
|
269
|
+
Object.defineProperty(exports, 'OidcError', {
|
|
270
|
+
enumerable: true,
|
|
271
|
+
get: function () { return js.OidcError; }
|
|
272
|
+
});
|
|
273
|
+
Object.defineProperty(exports, 'Prompt', {
|
|
274
|
+
enumerable: true,
|
|
275
|
+
get: function () { return js.Prompt; }
|
|
276
|
+
});
|
|
277
|
+
Object.defineProperty(exports, 'ReservedScope', {
|
|
278
|
+
enumerable: true,
|
|
279
|
+
get: function () { return js.ReservedScope; }
|
|
280
|
+
});
|
|
281
|
+
Object.defineProperty(exports, 'UserScope', {
|
|
282
|
+
enumerable: true,
|
|
283
|
+
get: function () { return js.UserScope; }
|
|
284
|
+
});
|
|
285
|
+
exports.LogtoClientError = errors.LogtoClientError;
|
|
286
|
+
exports.isLogtoAccessTokenMap = index.isLogtoAccessTokenMap;
|
|
287
|
+
exports.isLogtoSignInSessionItem = index.isLogtoSignInSessionItem;
|
|
288
|
+
exports.createRequester = requester.createRequester;
|
|
289
|
+
exports.default = LogtoClient;
|