@logto/client 1.1.0 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/lib/adapter.d.ts +17 -0
  2. package/lib/errors.d.ts +16 -0
  3. package/lib/errors.js +33 -0
  4. package/lib/errors.mjs +27 -0
  5. package/lib/index.d.ts +27 -58
  6. package/lib/index.js +185 -247
  7. package/lib/index.mjs +254 -0
  8. package/lib/index.test.d.ts +1 -0
  9. package/lib/mock.d.ts +68 -0
  10. package/lib/types/index.d.ts +21 -0
  11. package/lib/types/index.js +26 -0
  12. package/lib/types/index.mjs +23 -0
  13. package/lib/utils/index.d.ts +3 -0
  14. package/lib/utils/index.js +9 -0
  15. package/lib/utils/index.mjs +6 -0
  16. package/lib/utils/index.test.d.ts +1 -0
  17. package/lib/utils/requester.d.ts +2 -0
  18. package/lib/utils/requester.js +21 -0
  19. package/lib/utils/requester.mjs +19 -0
  20. package/lib/utils/requester.test.d.ts +1 -0
  21. package/package.json +17 -20
  22. package/lib/index.d.ts.map +0 -1
  23. package/lib/index.js.map +0 -1
  24. package/lib/module.d.mts +0 -78
  25. package/lib/module.mjs +0 -317
  26. package/lib/module.mjs.map +0 -1
package/lib/index.mjs ADDED
@@ -0,0 +1,254 @@
1
+ import { Prompt, withDefaultScopes, decodeIdToken, fetchUserInfo, generateSignInUri, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode, revoke, generateSignOutUri, fetchTokenByRefreshToken, fetchOidcConfig, verifyIdToken } from '@logto/js';
2
+ export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, UserScope } from '@logto/js';
3
+ import { createRemoteJWKSet } from 'jose';
4
+ import once from 'lodash.once';
5
+ import { LogtoClientError } from './errors.mjs';
6
+ import { isLogtoSignInSessionItem, isLogtoAccessTokenMap } from './types/index.mjs';
7
+ import { buildAccessTokenKey, getDiscoveryEndpoint } from './utils/index.mjs';
8
+ export { createRequester } from './utils/requester.mjs';
9
+
10
+ class LogtoClient {
11
+ constructor(logtoConfig, adapter) {
12
+ this.getOidcConfig = once(this._getOidcConfig);
13
+ this.getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);
14
+ this.accessTokenMap = new Map();
15
+ this.logtoConfig = {
16
+ ...logtoConfig,
17
+ prompt: logtoConfig.prompt ?? Prompt.Consent,
18
+ scopes: withDefaultScopes(logtoConfig.scopes).split(' '),
19
+ };
20
+ this.adapter = adapter;
21
+ void this.loadAccessTokenMap();
22
+ }
23
+ async isAuthenticated() {
24
+ return Boolean(await this.getIdToken());
25
+ }
26
+ async getRefreshToken() {
27
+ return this.adapter.storage.getItem('refreshToken');
28
+ }
29
+ async getIdToken() {
30
+ return this.adapter.storage.getItem('idToken');
31
+ }
32
+ async getAccessToken(resource) {
33
+ if (!(await this.getIdToken())) {
34
+ throw new LogtoClientError('not_authenticated');
35
+ }
36
+ const accessTokenKey = buildAccessTokenKey(resource);
37
+ const accessToken = this.accessTokenMap.get(accessTokenKey);
38
+ if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
39
+ return accessToken.token;
40
+ }
41
+ // Since the access token has expired, delete it from the map.
42
+ if (accessToken) {
43
+ this.accessTokenMap.delete(accessTokenKey);
44
+ }
45
+ /**
46
+ * Need to fetch a new access token using refresh token.
47
+ */
48
+ return this.getAccessTokenByRefreshToken(resource);
49
+ }
50
+ async getIdTokenClaims() {
51
+ const idToken = await this.getIdToken();
52
+ if (!idToken) {
53
+ throw new LogtoClientError('not_authenticated');
54
+ }
55
+ return decodeIdToken(idToken);
56
+ }
57
+ async fetchUserInfo() {
58
+ const { userinfoEndpoint } = await this.getOidcConfig();
59
+ const accessToken = await this.getAccessToken();
60
+ if (!accessToken) {
61
+ throw new LogtoClientError('fetch_user_info_failed');
62
+ }
63
+ return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
64
+ }
65
+ async signIn(redirectUri, interactionMode) {
66
+ const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;
67
+ const { authorizationEndpoint } = await this.getOidcConfig();
68
+ const codeVerifier = this.adapter.generateCodeVerifier();
69
+ const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
70
+ const state = this.adapter.generateState();
71
+ const signInUri = generateSignInUri({
72
+ authorizationEndpoint,
73
+ clientId,
74
+ redirectUri,
75
+ codeChallenge,
76
+ state,
77
+ scopes,
78
+ resources,
79
+ prompt,
80
+ interactionMode,
81
+ });
82
+ await this.setSignInSession({ redirectUri, codeVerifier, state });
83
+ await this.setRefreshToken(null);
84
+ await this.setIdToken(null);
85
+ this.adapter.navigate(signInUri);
86
+ }
87
+ async isSignInRedirected(url) {
88
+ const signInSession = await this.getSignInSession();
89
+ if (!signInSession) {
90
+ return false;
91
+ }
92
+ const { redirectUri } = signInSession;
93
+ const { origin, pathname } = new URL(url);
94
+ return `${origin}${pathname}` === redirectUri;
95
+ }
96
+ async handleSignInCallback(callbackUri) {
97
+ const { logtoConfig, adapter } = this;
98
+ const { requester } = adapter;
99
+ const signInSession = await this.getSignInSession();
100
+ if (!signInSession) {
101
+ throw new LogtoClientError('sign_in_session.not_found');
102
+ }
103
+ const { redirectUri, state, codeVerifier } = signInSession;
104
+ const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
105
+ const { appId: clientId } = logtoConfig;
106
+ const { tokenEndpoint } = await this.getOidcConfig();
107
+ const codeTokenResponse = await fetchTokenByAuthorizationCode({
108
+ clientId,
109
+ tokenEndpoint,
110
+ redirectUri,
111
+ codeVerifier,
112
+ code,
113
+ }, requester);
114
+ await this.verifyIdToken(codeTokenResponse.idToken);
115
+ await this.saveCodeToken(codeTokenResponse);
116
+ await this.setSignInSession(null);
117
+ }
118
+ async signOut(postLogoutRedirectUri) {
119
+ const { appId: clientId } = this.logtoConfig;
120
+ const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();
121
+ const refreshToken = await this.getRefreshToken();
122
+ if (refreshToken) {
123
+ try {
124
+ await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
125
+ }
126
+ catch {
127
+ // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
128
+ }
129
+ }
130
+ const url = generateSignOutUri({
131
+ endSessionEndpoint,
132
+ postLogoutRedirectUri,
133
+ clientId,
134
+ });
135
+ this.accessTokenMap.clear();
136
+ await this.setRefreshToken(null);
137
+ await this.setIdToken(null);
138
+ await this.adapter.storage.removeItem('accessToken');
139
+ this.adapter.navigate(url);
140
+ }
141
+ async getSignInSession() {
142
+ const jsonItem = await this.adapter.storage.getItem('signInSession');
143
+ if (!jsonItem) {
144
+ return null;
145
+ }
146
+ const item = JSON.parse(jsonItem);
147
+ if (!isLogtoSignInSessionItem(item)) {
148
+ throw new LogtoClientError('sign_in_session.invalid');
149
+ }
150
+ return item;
151
+ }
152
+ async setSignInSession(logtoSignInSessionItem) {
153
+ if (!logtoSignInSessionItem) {
154
+ await this.adapter.storage.removeItem('signInSession');
155
+ return;
156
+ }
157
+ const jsonItem = JSON.stringify(logtoSignInSessionItem);
158
+ await this.adapter.storage.setItem('signInSession', jsonItem);
159
+ }
160
+ async setIdToken(idToken) {
161
+ if (!idToken) {
162
+ await this.adapter.storage.removeItem('idToken');
163
+ return;
164
+ }
165
+ await this.adapter.storage.setItem('idToken', idToken);
166
+ }
167
+ async setRefreshToken(refreshToken) {
168
+ if (!refreshToken) {
169
+ await this.adapter.storage.removeItem('refreshToken');
170
+ return;
171
+ }
172
+ await this.adapter.storage.setItem('refreshToken', refreshToken);
173
+ }
174
+ async getAccessTokenByRefreshToken(resource) {
175
+ const currentRefreshToken = await this.getRefreshToken();
176
+ if (!currentRefreshToken) {
177
+ throw new LogtoClientError('not_authenticated');
178
+ }
179
+ const accessTokenKey = buildAccessTokenKey(resource);
180
+ const { appId: clientId } = this.logtoConfig;
181
+ const { tokenEndpoint } = await this.getOidcConfig();
182
+ const { accessToken, refreshToken, idToken, scope, expiresIn } = await fetchTokenByRefreshToken({
183
+ clientId,
184
+ tokenEndpoint,
185
+ refreshToken: currentRefreshToken,
186
+ resource,
187
+ }, this.adapter.requester);
188
+ this.accessTokenMap.set(accessTokenKey, {
189
+ token: accessToken,
190
+ scope,
191
+ expiresAt: Math.round(Date.now() / 1000) + expiresIn,
192
+ });
193
+ await this.saveAccessTokenMap();
194
+ await this.setRefreshToken(refreshToken);
195
+ if (idToken) {
196
+ await this.verifyIdToken(idToken);
197
+ await this.setIdToken(idToken);
198
+ }
199
+ return accessToken;
200
+ }
201
+ async _getOidcConfig() {
202
+ const { endpoint } = this.logtoConfig;
203
+ const discoveryEndpoint = getDiscoveryEndpoint(endpoint);
204
+ return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);
205
+ }
206
+ async _getJwtVerifyGetKey() {
207
+ const { jwksUri } = await this.getOidcConfig();
208
+ return createRemoteJWKSet(new URL(jwksUri));
209
+ }
210
+ async verifyIdToken(idToken) {
211
+ const { appId } = this.logtoConfig;
212
+ const { issuer } = await this.getOidcConfig();
213
+ const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
214
+ await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
215
+ }
216
+ async saveCodeToken({ refreshToken, idToken, scope, accessToken, expiresIn, }) {
217
+ await this.setRefreshToken(refreshToken ?? null);
218
+ await this.setIdToken(idToken);
219
+ // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
220
+ const accessTokenKey = buildAccessTokenKey();
221
+ const expiresAt = Date.now() / 1000 + expiresIn;
222
+ this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });
223
+ await this.saveAccessTokenMap();
224
+ }
225
+ async saveAccessTokenMap() {
226
+ const data = {};
227
+ for (const [key, accessToken] of this.accessTokenMap.entries()) {
228
+ // eslint-disable-next-line @silverhand/fp/no-mutation
229
+ data[key] = accessToken;
230
+ }
231
+ await this.adapter.storage.setItem('accessToken', JSON.stringify(data));
232
+ }
233
+ async loadAccessTokenMap() {
234
+ const raw = await this.adapter.storage.getItem('accessToken');
235
+ if (!raw) {
236
+ return;
237
+ }
238
+ try {
239
+ const json = JSON.parse(raw);
240
+ if (!isLogtoAccessTokenMap(json)) {
241
+ return;
242
+ }
243
+ this.accessTokenMap.clear();
244
+ for (const [key, accessToken] of Object.entries(json)) {
245
+ this.accessTokenMap.set(key, accessToken);
246
+ }
247
+ }
248
+ catch (error) {
249
+ console.warn(error);
250
+ }
251
+ }
252
+ }
253
+
254
+ export { LogtoClientError, LogtoClient as default, isLogtoAccessTokenMap, isLogtoSignInSessionItem };
package/lib/index.test.d.ts ADDED
@@ -0,0 +1 @@
1
+ export {};
package/lib/mock.d.ts ADDED
@@ -0,0 +1,68 @@
1
+ /// <reference types="jest" />
2
+ import { Prompt } from '@logto/js';
3
+ import type { Nullable } from '@silverhand/essentials';
4
+ import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from '.';
5
+ import LogtoClient from '.';
6
+ import type { Storage } from './adapter';
7
+ export declare const appId = "app_id_value";
8
+ export declare const endpoint = "https://logto.dev";
9
+ export declare class MockedStorage implements Storage {
10
+ private storage;
11
+ constructor(values?: Record<string, string>);
12
+ getItem(key: string): Promise<string | null>;
13
+ setItem(key: string, value: string): Promise<void>;
14
+ removeItem(key: string): Promise<void>;
15
+ reset(values: Record<string, string>): void;
16
+ }
17
+ export declare const authorizationEndpoint: string;
18
+ export declare const userinfoEndpoint: string;
19
+ export declare const tokenEndpoint: string;
20
+ export declare const endSessionEndpoint: string;
21
+ export declare const revocationEndpoint: string;
22
+ export declare const jwksUri: string;
23
+ export declare const issuer = "http://localhost:443/oidc";
24
+ export declare const redirectUri = "http://localhost:3000/callback";
25
+ export declare const postSignOutRedirectUri = "http://localhost:3000";
26
+ export declare const mockCodeChallenge = "code_challenge_value";
27
+ export declare const mockedCodeVerifier = "code_verifier_value";
28
+ export declare const mockedState = "state_value";
29
+ export declare const mockedSignInUri: string;
30
+ export declare const mockedSignInUriWithLoginPrompt: string;
31
+ export declare const mockedSignUpUri: string;
32
+ export declare const accessToken = "access_token_value";
33
+ export declare const refreshToken = "new_refresh_token_value";
34
+ export declare const idToken = "id_token_value";
35
+ export declare const currentUnixTimeStamp: number;
36
+ export declare const fetchOidcConfig: jest.Mock<Promise<{
37
+ authorizationEndpoint: string;
38
+ tokenEndpoint: string;
39
+ userinfoEndpoint: string;
40
+ endSessionEndpoint: string;
41
+ revocationEndpoint: string;
42
+ jwksUri: string;
43
+ issuer: string;
44
+ }>, [], any>;
45
+ export declare const requester: jest.Mock<any, any, any>;
46
+ export declare const failingRequester: jest.Mock<any, any, any>;
47
+ export declare const navigate: jest.Mock<any, any, any>;
48
+ export declare const generateCodeChallenge: jest.Mock<Promise<string>, [], any>;
49
+ export declare const generateCodeVerifier: jest.Mock<string, [], any>;
50
+ export declare const generateState: jest.Mock<string, [], any>;
51
+ export declare const createAdapters: () => {
52
+ requester: jest.Mock<any, any, any>;
53
+ storage: MockedStorage;
54
+ navigate: jest.Mock<any, any, any>;
55
+ generateCodeChallenge: jest.Mock<Promise<string>, [], any>;
56
+ generateCodeVerifier: jest.Mock<string, [], any>;
57
+ generateState: jest.Mock<string, [], any>;
58
+ };
59
+ export declare const createClient: (prompt?: Prompt, storage?: MockedStorage) => LogtoClient;
60
+ /**
61
+ * Make LogtoClient.signInSession accessible for test
62
+ */
63
+ export declare class LogtoClientSignInSessionAccessor extends LogtoClient {
64
+ getLogtoConfig(): Nullable<LogtoConfig>;
65
+ getSignInSessionItem(): Promise<Nullable<LogtoSignInSessionItem>>;
66
+ setSignInSessionItem(item: Nullable<LogtoSignInSessionItem>): Promise<void>;
67
+ getAccessTokenMap(): Map<string, AccessToken>;
68
+ }
package/lib/types/index.d.ts ADDED
@@ -0,0 +1,21 @@
1
+ import type { Prompt } from '@logto/js';
2
+ export type LogtoConfig = {
3
+ endpoint: string;
4
+ appId: string;
5
+ appSecret?: string;
6
+ scopes?: string[];
7
+ resources?: string[];
8
+ prompt?: Prompt;
9
+ };
10
+ export type AccessToken = {
11
+ token: string;
12
+ scope: string;
13
+ expiresAt: number;
14
+ };
15
+ export declare const isLogtoSignInSessionItem: (data: unknown) => data is LogtoSignInSessionItem;
16
+ export declare const isLogtoAccessTokenMap: (data: unknown) => data is Record<string, AccessToken>;
17
+ export type LogtoSignInSessionItem = {
18
+ redirectUri: string;
19
+ codeVerifier: string;
20
+ state: string;
21
+ };
package/lib/types/index.js ADDED
@@ -0,0 +1,26 @@
1
+ 'use strict';
2
+
3
+ var js = require('@logto/js');
4
+
5
+ const isLogtoSignInSessionItem = (data) => {
6
+ if (!js.isArbitraryObject(data)) {
7
+ return false;
8
+ }
9
+ return ['redirectUri', 'codeVerifier', 'state'].every((key) => typeof data[key] === 'string');
10
+ };
11
+ const isLogtoAccessTokenMap = (data) => {
12
+ if (!js.isArbitraryObject(data)) {
13
+ return false;
14
+ }
15
+ return Object.values(data).every((value) => {
16
+ if (!js.isArbitraryObject(value)) {
17
+ return false;
18
+ }
19
+ return (typeof value.token === 'string' &&
20
+ typeof value.scope === 'string' &&
21
+ typeof value.expiresAt === 'number');
22
+ });
23
+ };
24
+
25
+ exports.isLogtoAccessTokenMap = isLogtoAccessTokenMap;
26
+ exports.isLogtoSignInSessionItem = isLogtoSignInSessionItem;
package/lib/types/index.mjs ADDED
@@ -0,0 +1,23 @@
1
+ import { isArbitraryObject } from '@logto/js';
2
+
3
+ const isLogtoSignInSessionItem = (data) => {
4
+ if (!isArbitraryObject(data)) {
5
+ return false;
6
+ }
7
+ return ['redirectUri', 'codeVerifier', 'state'].every((key) => typeof data[key] === 'string');
8
+ };
9
+ const isLogtoAccessTokenMap = (data) => {
10
+ if (!isArbitraryObject(data)) {
11
+ return false;
12
+ }
13
+ return Object.values(data).every((value) => {
14
+ if (!isArbitraryObject(value)) {
15
+ return false;
16
+ }
17
+ return (typeof value.token === 'string' &&
18
+ typeof value.scope === 'string' &&
19
+ typeof value.expiresAt === 'number');
20
+ });
21
+ };
22
+
23
+ export { isLogtoAccessTokenMap, isLogtoSignInSessionItem };
package/lib/utils/index.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export * from './requester';
2
+ export declare const buildAccessTokenKey: (resource?: string, scopes?: string[]) => string;
3
+ export declare const getDiscoveryEndpoint: (endpoint: string) => string;
package/lib/utils/index.js ADDED
@@ -0,0 +1,9 @@
1
+ 'use strict';
2
+
3
+ var js = require('@logto/js');
4
+
5
+ const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
6
+ const getDiscoveryEndpoint = (endpoint) => new URL(js.discoveryPath, endpoint).toString();
7
+
8
+ exports.buildAccessTokenKey = buildAccessTokenKey;
9
+ exports.getDiscoveryEndpoint = getDiscoveryEndpoint;
package/lib/utils/index.mjs ADDED
@@ -0,0 +1,6 @@
1
+ import { discoveryPath } from '@logto/js';
2
+
3
+ const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
4
+ const getDiscoveryEndpoint = (endpoint) => new URL(discoveryPath, endpoint).toString();
5
+
6
+ export { buildAccessTokenKey, getDiscoveryEndpoint };
package/lib/utils/index.test.d.ts ADDED
@@ -0,0 +1 @@
1
+ export {};
package/lib/utils/requester.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { Requester } from '@logto/js';
2
+ export declare const createRequester: (fetchFunction: typeof fetch) => Requester;
package/lib/utils/requester.js ADDED
@@ -0,0 +1,21 @@
1
+ 'use strict';
2
+
3
+ var js = require('@logto/js');
4
+
5
+ const createRequester = (fetchFunction) => {
6
+ return async (...args) => {
7
+ const response = await fetchFunction(...args);
8
+ if (!response.ok) {
9
+ const responseJson = await response.json();
10
+ if (!js.isLogtoRequestError(responseJson)) {
11
+ throw new js.LogtoError('unexpected_response_error', responseJson);
12
+ }
13
+ // Expected request error from server
14
+ const { code, message } = responseJson;
15
+ throw new js.LogtoRequestError(code, message);
16
+ }
17
+ return response.json();
18
+ };
19
+ };
20
+
21
+ exports.createRequester = createRequester;
package/lib/utils/requester.mjs ADDED
@@ -0,0 +1,19 @@
1
+ import { isLogtoRequestError, LogtoError, LogtoRequestError } from '@logto/js';
2
+
3
+ const createRequester = (fetchFunction) => {
4
+ return async (...args) => {
5
+ const response = await fetchFunction(...args);
6
+ if (!response.ok) {
7
+ const responseJson = await response.json();
8
+ if (!isLogtoRequestError(responseJson)) {
9
+ throw new LogtoError('unexpected_response_error', responseJson);
10
+ }
11
+ // Expected request error from server
12
+ const { code, message } = responseJson;
13
+ throw new LogtoRequestError(code, message);
14
+ }
15
+ return response.json();
16
+ };
17
+ };
18
+
19
+ export { createRequester };
package/lib/utils/requester.test.d.ts ADDED
@@ -0,0 +1 @@
1
+ export {};
package/package.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "@logto/client",
3
- "version": "1.1.0",
3
+ "version": "1.1.2",
4
4
  "source": "./src/index.ts",
5
5
  "main": "./lib/index.js",
6
6
  "exports": {
7
7
  "require": "./lib/index.js",
8
- "import": "./lib/module.mjs"
8
+ "import": "./lib/index.mjs"
9
9
  },
10
- "module": "./lib/module.mjs",
10
+ "module": "./lib/index.mjs",
11
11
  "types": "./lib/index.d.ts",
12
12
  "files": [
13
13
  "lib"
@@ -22,42 +22,39 @@
22
22
  "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
23
23
  "precommit": "lint-staged",
24
24
  "check": "tsc --noEmit",
25
- "build": "rm -rf lib/ && pnpm check && parcel build && cp lib/index.d.ts lib/module.d.mts",
25
+ "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
26
26
  "lint": "eslint --ext .ts src",
27
27
  "test": "jest",
28
28
  "test:coverage": "jest --silent --env=jsdom && jest --silent --coverage",
29
29
  "prepack": "pnpm test"
30
30
  },
31
31
  "dependencies": {
32
- "@logto/js": "^1.1.0",
33
- "@silverhand/essentials": "^1.2.1",
32
+ "@logto/js": "^1.1.2",
33
+ "@silverhand/essentials": "^2.6.1",
34
34
  "camelcase-keys": "^7.0.1",
35
- "jose": "^4.3.8",
35
+ "jose": "^4.13.2",
36
36
  "lodash.get": "^4.4.2",
37
37
  "lodash.once": "^4.1.1"
38
38
  },
39
39
  "devDependencies": {
40
- "@jest/types": "^27.5.1",
41
- "@parcel/core": "^2.8.3",
42
- "@parcel/packager-ts": "^2.8.3",
43
- "@parcel/transformer-typescript-types": "^2.8.3",
40
+ "@jest/types": "^29.5.0",
44
41
  "@silverhand/eslint-config": "^2.0.0",
45
42
  "@silverhand/ts-config": "^1.0.0",
46
- "@types/jest": "^27.4.1",
43
+ "@swc/core": "^1.3.50",
44
+ "@swc/jest": "^0.2.24",
45
+ "@types/jest": "^29.5.0",
47
46
  "@types/lodash.get": "^4.4.6",
48
47
  "@types/lodash.once": "^4.1.7",
49
48
  "@types/node": "^18.0.0",
50
- "eslint": "^8.23.0",
51
- "jest": "^27.5.1",
49
+ "eslint": "^8.38.0",
50
+ "jest": "^29.5.0",
52
51
  "jest-matcher-specific-error": "^1.0.0",
53
52
  "lint-staged": "^13.0.0",
54
- "nock": "^13.1.3",
55
- "parcel": "^2.8.3",
56
- "prettier": "^2.7.1",
53
+ "nock": "^13.3.0",
54
+ "prettier": "^2.8.7",
57
55
  "text-encoder": "^0.0.4",
58
- "ts-jest": "^27.0.4",
59
56
  "type-fest": "^3.0.0",
60
- "typescript": "4.9.5"
57
+ "typescript": "^5.0.0"
61
58
  },
62
59
  "eslintConfig": {
63
60
  "extends": "@silverhand"
@@ -66,5 +63,5 @@
66
63
  "publishConfig": {
67
64
  "access": "public"
68
65
  },
69
- "gitHead": "f24174a6f840b8db968ad3886878d1b6e92b1b9d"
66
+ "gitHead": "9e9a8b0887ef67baa7c3c564590bb06e7801d03e"
70
67
  }
package/lib/index.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"mappings":";;AAGA,yBAAyB,SAAS,GAAG,cAAc,GAAG,aAAa,GAAG,eAAe,CAAC;AAEtF,sBAAsB;IACpB,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5C,CAAC;AAEF,gBAAuB,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;AAE7C,4BAA4B;IAC1B,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,MAAM,CAAC;IACnC,qBAAqB,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CAClE,CAAC;ACjBF,QAAA,MAAM;;;;;;;;;EASJ,CAAC;AAEH,mCAAmC,kBAAkB,4BAA4B,CAAC,CAAC;AAanF,6BAA8B,SAAQ,KAAK;IACzC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,oBAAoB,EAAE,IAAI,CAAC,EAAE,OAAO;CAKvD;ACjCD,0BAA0B;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,0BAA0B;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,OAAO,MAAM,iCAAkC,OAAO,mCAMrD,CAAC;AAEF,OAAO,MAAM,8BAA+B,OAAO,wCAgBlD,CAAC;AAEF,qCAAqC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AC7CF,OAAO,MAAM,iCAAkC,YAAY,KAAG,SAkB7D,CAAC;AESF,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAClG,OAAO,EACL,UAAU,EACV,SAAS,EACT,MAAM,EACN,iBAAiB,EACjB,aAAa,EACb,SAAS,GACV,MAAM,WAAW,CAAC;AAMnB;IACE,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAC5C,SAAS,CAAC,QAAQ,CAAC,aAAa,mHAA6B;IAC7D,SAAS,CAAC,QAAQ,CAAC,kBAAkB,sIAAkC;IACvE,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAC1C,SAAS,CAAC,QAAQ,CAAC,cAAc,2BAAkC;gBAEvD,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa;IAWtD,eAAe;IAIf,eAAe;IAIf,UAAU;IAIV,cAAc,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBlD,gBAAgB,IAAI,OAAO,CAAC,aAAa,CAAC;IAU1C,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAW1C,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,eAAe;IA0B7D,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYjD,oBAAoB,CAAC,WAAW,EAAE,MAAM;IA8BxC,OAAO,CAAC,qBAAqB,CAAC,EAAE,MAAM;cAiC5B,gBAAgB,IAAI,OAAO,CAAC,SAAS,sBAAsB,CAAC,CAAC;cAgB7D,gBAAgB,CAAC,sBAAsB,EAAE,SAAS,sBAAsB,CAAC;CAmJ1F","sources":["packages/client/src/src/adapter.ts","packages/client/src/src/errors.ts","packages/client/src/src/types/index.ts","packages/client/src/src/utils/requester.ts","packages/client/src/src/utils/index.ts","packages/client/src/src/index.ts","packages/client/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,"import type {\n CodeTokenResponse,\n IdTokenClaims,\n UserInfoResponse,\n InteractionMode,\n} from '@logto/js';\nimport {\n decodeIdToken,\n fetchOidcConfig,\n fetchTokenByAuthorizationCode,\n fetchTokenByRefreshToken,\n fetchUserInfo,\n generateSignInUri,\n generateSignOutUri,\n Prompt,\n revoke,\n verifyAndParseCodeFromCallbackUri,\n verifyIdToken,\n withDefaultScopes,\n} from '@logto/js';\nimport type { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\n\nimport type { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types';\nimport { isLogtoAccessTokenMap, isLogtoSignInSessionItem } from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';\nexport {\n LogtoError,\n OidcError,\n Prompt,\n LogtoRequestError,\n ReservedScope,\n UserScope,\n} from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n protected readonly logtoConfig: LogtoConfig;\n protected readonly getOidcConfig = once(this._getOidcConfig);\n protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n protected readonly adapter: ClientAdapter;\n protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n this.logtoConfig = {\n ...logtoConfig,\n prompt: logtoConfig.prompt ?? Prompt.Consent,\n scopes: withDefaultScopes(logtoConfig.scopes).split(' '),\n };\n this.adapter = adapter;\n\n void this.loadAccessTokenMap();\n }\n\n async isAuthenticated() {\n return Boolean(await this.getIdToken());\n }\n\n async getRefreshToken() {\n return this.adapter.storage.getItem('refreshToken');\n }\n\n async getIdToken() {\n return this.adapter.storage.getItem('idToken');\n }\n\n async getAccessToken(resource?: string): Promise<string> {\n if (!(await this.getIdToken())) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const accessTokenKey = buildAccessTokenKey(resource);\n const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n return accessToken.token;\n }\n\n // Since the access token has expired, delete it from the map.\n if (accessToken) {\n this.accessTokenMap.delete(accessTokenKey);\n }\n\n /**\n * Need to fetch a new access token using refresh token.\n */\n return this.getAccessTokenByRefreshToken(resource);\n }\n\n async getIdTokenClaims(): Promise<IdTokenClaims> {\n const idToken = await this.getIdToken();\n\n if (!idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n return decodeIdToken(idToken);\n }\n\n async fetchUserInfo(): Promise<UserInfoResponse> {\n const { userinfoEndpoint } = await this.getOidcConfig();\n const accessToken = await this.getAccessToken();\n\n if (!accessToken) {\n throw new LogtoClientError('fetch_user_info_failed');\n }\n\n return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);\n }\n\n async signIn(redirectUri: string, interactionMode?: InteractionMode) {\n const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n const { authorizationEndpoint } = await this.getOidcConfig();\n const codeVerifier = this.adapter.generateCodeVerifier();\n const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n const state = this.adapter.generateState();\n\n const signInUri = generateSignInUri({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n interactionMode,\n });\n\n await this.setSignInSession({ redirectUri, codeVerifier, state });\n await this.setRefreshToken(null);\n await this.setIdToken(null);\n\n this.adapter.navigate(signInUri);\n }\n\n async isSignInRedirected(url: string): Promise<boolean> {\n const signInSession = await this.getSignInSession();\n\n if (!signInSession) {\n return false;\n }\n const { redirectUri } = signInSession;\n const { origin, pathname } = new URL(url);\n\n return `${origin}${pathname}` === redirectUri;\n }\n\n async handleSignInCallback(callbackUri: string) {\n const { logtoConfig, adapter } = this;\n const { requester } = adapter;\n const signInSession = await this.getSignInSession();\n\n if (!signInSession) {\n throw new LogtoClientError('sign_in_session.not_found');\n }\n\n const { redirectUri, state, codeVerifier } = signInSession;\n const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n const { appId: clientId } = logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const codeTokenResponse = await fetchTokenByAuthorizationCode(\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n },\n requester\n );\n\n await this.verifyIdToken(codeTokenResponse.idToken);\n await this.saveCodeToken(codeTokenResponse);\n await this.setSignInSession(null);\n }\n\n async signOut(postLogoutRedirectUri?: string) {\n const idToken = await this.getIdToken();\n\n if (!idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const { appId: clientId } = this.logtoConfig;\n const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n const refreshToken = await this.getRefreshToken();\n\n if (refreshToken) {\n try {\n await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);\n } catch {\n // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n }\n }\n\n const url = generateSignOutUri({\n endSessionEndpoint,\n postLogoutRedirectUri,\n clientId,\n });\n\n this.accessTokenMap.clear();\n await this.setRefreshToken(null);\n await this.setIdToken(null);\n await this.adapter.storage.removeItem('accessToken');\n\n this.adapter.navigate(url);\n }\n\n protected async getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>> {\n const jsonItem = await this.adapter.storage.getItem('signInSession');\n\n if (!jsonItem) {\n return null;\n }\n\n const item: unknown = JSON.parse(jsonItem);\n\n if (!isLogtoSignInSessionItem(item)) {\n throw new LogtoClientError('sign_in_session.invalid');\n }\n\n return item;\n }\n\n protected async setSignInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n if (!logtoSignInSessionItem) {\n await this.adapter.storage.removeItem('signInSession');\n\n return;\n }\n\n const jsonItem = JSON.stringify(logtoSignInSessionItem);\n await this.adapter.storage.setItem('signInSession', jsonItem);\n }\n\n private async setIdToken(idToken: Nullable<string>) {\n if (!idToken) {\n await this.adapter.storage.removeItem('idToken');\n\n return;\n }\n\n await this.adapter.storage.setItem('idToken', idToken);\n }\n\n private async setRefreshToken(refreshToken: Nullable<string>) {\n if (!refreshToken) {\n await this.adapter.storage.removeItem('refreshToken');\n\n return;\n }\n\n await this.adapter.storage.setItem('refreshToken', refreshToken);\n }\n\n private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n const currentRefreshToken = await this.getRefreshToken();\n\n if (!currentRefreshToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n try {\n const accessTokenKey = buildAccessTokenKey(resource);\n const { appId: clientId } = this.logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const { accessToken, refreshToken, idToken, scope, expiresIn } =\n await fetchTokenByRefreshToken(\n {\n clientId,\n tokenEndpoint,\n refreshToken: currentRefreshToken,\n resource,\n },\n this.adapter.requester\n );\n\n this.accessTokenMap.set(accessTokenKey, {\n token: accessToken,\n scope,\n expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n });\n\n await this.saveAccessTokenMap();\n await this.setRefreshToken(refreshToken);\n\n if (idToken) {\n await this.verifyIdToken(idToken);\n await this.setIdToken(idToken);\n }\n\n return accessToken;\n } catch (error: unknown) {\n throw new LogtoClientError('get_access_token_by_refresh_token_failed', error);\n }\n }\n\n private async _getOidcConfig() {\n const { endpoint } = this.logtoConfig;\n const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n }\n\n private async _getJwtVerifyGetKey() {\n const { jwksUri } = await this.getOidcConfig();\n\n return createRemoteJWKSet(new URL(jwksUri));\n }\n\n private async verifyIdToken(idToken: string) {\n const { appId } = this.logtoConfig;\n const { issuer } = await this.getOidcConfig();\n const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n try {\n await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n } catch (error: unknown) {\n throw new LogtoClientError('invalid_id_token', error);\n }\n }\n\n private async saveCodeToken({\n refreshToken,\n idToken,\n scope,\n accessToken,\n expiresIn,\n }: CodeTokenResponse) {\n await this.setRefreshToken(refreshToken ?? null);\n await this.setIdToken(idToken);\n\n // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n const accessTokenKey = buildAccessTokenKey();\n const expiresAt = Date.now() / 1000 + expiresIn;\n this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n await this.saveAccessTokenMap();\n }\n\n private async saveAccessTokenMap() {\n const data: Record<string, AccessToken> = {};\n\n for (const [key, accessToken] of this.accessTokenMap.entries()) {\n // eslint-disable-next-line @silverhand/fp/no-mutation\n data[key] = accessToken;\n }\n\n await this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n }\n\n private async loadAccessTokenMap() {\n const raw = await this.adapter.storage.getItem('accessToken');\n\n if (!raw) {\n return;\n }\n\n try {\n const json: unknown = JSON.parse(raw);\n\n if (!isLogtoAccessTokenMap(json)) {\n return;\n }\n this.accessTokenMap.clear();\n\n for (const [key, accessToken] of Object.entries(json)) {\n this.accessTokenMap.set(key, accessToken);\n }\n } catch {}\n }\n // FIXME: @charles @sijie\n}\n"],"names":[],"version":3,"file":"index.d.ts.map"}
package/lib/index.js.map DELETED
@@ -1 +0,0 @@
1
- {"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;ACAA;AAGA,MAAM,8CAAwB,OAAO,MAAM,CAAC;IAC1C,iBAAiB;QACf,SAAS;QACT,WAAW;IACb;IACA,mBAAmB;IACnB,0CAA0C;IAC1C,wBAAwB;IACxB,kBAAkB;AACpB;AAIA,MAAM,8CAAwB,CAAC,YAA4C;IACzE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,0CAAE,EAAE,6CAAuB;IAE3C,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAyB;IAIpC,YAAY,IAA0B,EAAE,IAAc,CAAE;QACtD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;;;;;;;ACpCA;AAkBO,MAAM,4CAA2B,CAAC,OAAkD;IACzF,IAAI,CAAC,CAAA,GAAA,gCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO;QAAC;QAAe;QAAgB;KAAQ,CAAC,KAAK,CAAC,CAAC,MAAQ,OAAO,IAAI,CAAC,IAAI,KAAK;AACtF;AAEO,MAAM,4CAAwB,CAAC,OAAuD;IAC3F,IAAI,CAAC,CAAA,GAAA,gCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,QAAU;QAC1C,IAAI,CAAC,CAAA,GAAA,gCAAiB,AAAD,EAAE,QACrB,OAAO,KAAK;QAGd,OACE,OAAO,MAAM,KAAK,KAAK,YACvB,OAAO,MAAM,KAAK,KAAK,YACvB,OAAO,MAAM,SAAS,KAAK;IAE/B;AACF;;;AC1CA;ACAA;AAGO,MAAM,4CAAkB,CAAC,gBAA2C;IACzE,OAAO,OAAU,GAAG,OAA+C;QACjE,MAAM,WAAW,MAAM,iBAAiB;QAExC,IAAI,CAAC,SAAS,EAAE,EAAE;YAChB,MAAM,eAAe,MAAM,SAAS,IAAI;YAExC,IAAI,CAAC,CAAA,GAAA,kCAAkB,EAAE,eACvB,MAAM,IAAI,CAAA,GAAA,yBAAS,EAAE,6BAA6B,cAAc;YAGlE,qCAAqC;YACrC,MAAM,QAAE,KAAI,WAAE,QAAO,EAAE,GAAG;YAC1B,MAAM,IAAI,CAAA,GAAA,gCAAiB,AAAD,EAAE,MAAM,SAAS;QAC7C,CAAC;QAED,OAAO,SAAS,IAAI;IACtB;AACF;;;ADjBO,MAAM,4CAAsB,CAAC,WAAW,EAAE,EAAE,SAAmB,EAAE,GACtE,CAAC,EAAE,OAAO,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;AAE3C,MAAM,4CAAuB,CAAC,WACnC,IAAI,IAAI,CAAA,GAAA,4BAAa,AAAD,GAAG,UAAU,QAAQ;;;;;;;AHoC5B;IAEM,gBAAgB,CAAA,GAAA,2CAAG,EAAE,IAAI,CAAC,cAAc,EAAE;IAC1C,qBAAqB,CAAA,GAAA,2CAAG,EAAE,IAAI,CAAC,mBAAmB,EAAE;IAEpD,iBAAiB,IAAI,MAA2B;IAEnE,YAAY,WAAwB,EAAE,OAAsB,CAAE;QAC5D,IAAI,CAAC,WAAW,GAAG;YACjB,GAAG,WAAW;YACd,QAAQ,YAAY,MAAM,IAAI,CAAA,GAAA,qBAAK,EAAE,OAAO;YAC5C,QAAQ,CAAA,GAAA,gCAAgB,EAAE,YAAY,MAAM,EAAE,KAAK,CAAC;QACtD;QACA,IAAI,CAAC,OAAO,GAAG;QAEV,IAAI,CAAC,kBAAkB;IAC9B;IAEA,MAAM,kBAAkB;QACtB,OAAO,QAAQ,MAAM,IAAI,CAAC,UAAU;IACtC;IAEA,MAAM,kBAAkB;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;IACtC;IAEA,MAAM,aAAa;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;IACtC;IAEA,MAAM,eAAe,QAAiB,EAAmB;QACvD,IAAI,CAAE,MAAM,IAAI,CAAC,UAAU,IACzB,MAAM,IAAI,CAAA,GAAA,yCAAgB,AAAD,EAAE,qBAAqB;QAGlD,MAAM,iBAAiB,CAAA,GAAA,yCAAkB,EAAE;QAC3C,MAAM,cAAc,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC;QAE5C,IAAI,eAAe,YAAY,SAAS,GAAG,KAAK,GAAG,KAAK,MACtD,OAAO,YAAY,KAAK;QAG1B,8DAA8D;QAC9D,IAAI,aACF,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;QAG7B;;KAEC,GACD,OAAO,IAAI,CAAC,4BAA4B,CAAC;IAC3C;IAEA,MAAM,mBAA2C;QAC/C,MAAM,UAAU,MAAM,IAAI,CAAC,UAAU;QAErC,IAAI,CAAC,SACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,qBAAqB;QAGlD,OAAO,CAAA,GAAA,4BAAY,EAAE;IACvB;IAEA,MAAM,gBAA2C;QAC/C,MAAM,oBAAE,iBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QACrD,MAAM,cAAc,MAAM,IAAI,CAAC,cAAc;QAE7C,IAAI,CAAC,aACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,0BAA0B;QAGvD,OAAO,CAAA,GAAA,4BAAY,EAAE,kBAAkB,aAAa,IAAI,CAAC,OAAO,CAAC,SAAS;IAC5E;IAEA,MAAM,OAAO,WAAmB,EAAE,eAAiC,EAAE;QACnE,MAAM,EAAE,OAAO,SAAQ,UAAE,OAAM,aAAE,UAAS,UAAE,OAAM,EAAE,GAAG,IAAI,CAAC,WAAW;QACvE,MAAM,yBAAE,sBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAC1D,MAAM,eAAe,IAAI,CAAC,OAAO,CAAC,oBAAoB;QACtD,MAAM,gBAAgB,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC;QAC/D,MAAM,QAAQ,IAAI,CAAC,OAAO,CAAC,aAAa;QAExC,MAAM,YAAY,CAAA,GAAA,gCAAgB,EAAE;mCAClC;sBACA;yBACA;2BACA;mBACA;oBACA;uBACA;oBACA;6BACA;QACF;QAEA,MAAM,IAAI,CAAC,gBAAgB,CAAC;yBAAE;0BAAa;mBAAc;QAAM;QAC/D,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI;QAC/B,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI;QAE1B,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IACxB;IAEA,MAAM,mBAAmB,GAAW,EAAoB;QACtD,MAAM,gBAAgB,MAAM,IAAI,CAAC,gBAAgB;QAEjD,IAAI,CAAC,eACH,OAAO,KAAK;QAEd,MAAM,eAAE,YAAW,EAAE,GAAG;QACxB,MAAM,UAAE,OAAM,YAAE,SAAQ,EAAE,GAAG,IAAI,IAAI;QAErC,OAAO,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,KAAK;IACpC;IAEA,MAAM,qBAAqB,WAAmB,EAAE;QAC9C,MAAM,eAAE,YAAW,WAAE,QAAO,EAAE,GAAG,IAAI;QACrC,MAAM,aAAE,UAAS,EAAE,GAAG;QACtB,MAAM,gBAAgB,MAAM,IAAI,CAAC,gBAAgB;QAEjD,IAAI,CAAC,eACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,6BAA6B;QAG1D,MAAM,eAAE,YAAW,SAAE,MAAK,gBAAE,aAAY,EAAE,GAAG;QAC7C,MAAM,OAAO,CAAA,GAAA,gDAAiC,AAAD,EAAE,aAAa,aAAa;QAEzE,MAAM,EAAE,OAAO,SAAQ,EAAE,GAAG;QAC5B,MAAM,iBAAE,cAAa,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAClD,MAAM,oBAAoB,MAAM,CAAA,GAAA,4CAA4B,EAC1D;sBACE;2BACA;yBACA;0BACA;kBACA;QACF,GACA;QAGF,MAAM,IAAI,CAAC,aAAa,CAAC,kBAAkB,OAAO;QAClD,MAAM,IAAI,CAAC,aAAa,CAAC;QACzB,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI;IAClC;IAEA,MAAM,QAAQ,qBAA8B,EAAE;QAC5C,MAAM,UAAU,MAAM,IAAI,CAAC,UAAU;QAErC,IAAI,CAAC,SACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,qBAAqB;QAGlD,MAAM,EAAE,OAAO,SAAQ,EAAE,GAAG,IAAI,CAAC,WAAW;QAC5C,MAAM,sBAAE,mBAAkB,sBAAE,mBAAkB,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAC3E,MAAM,eAAe,MAAM,IAAI,CAAC,eAAe;QAE/C,IAAI,cACF,IAAI;YACF,MAAM,CAAA,GAAA,qBAAK,EAAE,oBAAoB,UAAU,cAAc,IAAI,CAAC,OAAO,CAAC,SAAS;QACjF,EAAE,OAAM;QACN,yGAAyG;QAC3G;QAGF,MAAM,MAAM,CAAA,GAAA,iCAAiB,EAAE;gCAC7B;mCACA;sBACA;QACF;QAEA,IAAI,CAAC,cAAc,CAAC,KAAK;QACzB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI;QAC/B,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI;QAC1B,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;QAEtC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IACxB;IAEA,MAAgB,mBAA8D;QAC5E,MAAM,WAAW,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;QAEpD,IAAI,CAAC,UACH,OAAO,IAAI;QAGb,MAAM,OAAgB,KAAK,KAAK,CAAC;QAEjC,IAAI,CAAC,CAAA,GAAA,yCAAuB,EAAE,OAC5B,MAAM,IAAI,CAAA,GAAA,yCAAgB,AAAD,EAAE,2BAA2B;QAGxD,OAAO;IACT;IAEA,MAAgB,iBAAiB,sBAAwD,EAAE;QACzF,IAAI,CAAC,wBAAwB;YAC3B,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;YAEtC;QACF,CAAC;QAED,MAAM,WAAW,KAAK,SAAS,CAAC;QAChC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB;IACtD;IAEA,MAAc,WAAW,OAAyB,EAAE;QAClD,IAAI,CAAC,SAAS;YACZ,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;YAEtC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW;IAChD;IAEA,MAAc,gBAAgB,YAA8B,EAAE;QAC5D,IAAI,CAAC,cAAc;YACjB,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;YAEtC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB;IACrD;IAEA,MAAc,6BAA6B,QAAiB,EAAmB;QAC7E,MAAM,sBAAsB,MAAM,IAAI,CAAC,eAAe;QAEtD,IAAI,CAAC,qBACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,qBAAqB;QAGlD,IAAI;YACF,MAAM,iBAAiB,CAAA,GAAA,yCAAkB,EAAE;YAC3C,MAAM,EAAE,OAAO,SAAQ,EAAE,GAAG,IAAI,CAAC,WAAW;YAC5C,MAAM,iBAAE,cAAa,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;YAClD,MAAM,eAAE,YAAW,gBAAE,aAAY,WAAE,QAAO,SAAE,MAAK,aAAE,UAAS,EAAE,GAC5D,MAAM,CAAA,GAAA,uCAAuB,EAC3B;0BACE;+BACA;gBACA,cAAc;0BACd;YACF,GACA,IAAI,CAAC,OAAO,CAAC,SAAS;YAG1B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB;gBACtC,OAAO;uBACP;gBACA,WAAW,KAAK,KAAK,CAAC,KAAK,GAAG,KAAK,QAAQ;YAC7C;YAEA,MAAM,IAAI,CAAC,kBAAkB;YAC7B,MAAM,IAAI,CAAC,eAAe,CAAC;YAE3B,IAAI,SAAS;gBACX,MAAM,IAAI,CAAC,aAAa,CAAC;gBACzB,MAAM,IAAI,CAAC,UAAU,CAAC;YACxB,CAAC;YAED,OAAO;QACT,EAAE,OAAO,OAAgB;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,AAAD,EAAE,4CAA4C,OAAO;QAChF;IACF;IAEA,MAAc,iBAAiB;QAC7B,MAAM,YAAE,SAAQ,EAAE,GAAG,IAAI,CAAC,WAAW;QACrC,MAAM,oBAAoB,CAAA,GAAA,yCAAmB,EAAE;QAE/C,OAAO,CAAA,GAAA,8BAAc,EAAE,mBAAmB,IAAI,CAAC,OAAO,CAAC,SAAS;IAClE;IAEA,MAAc,sBAAsB;QAClC,MAAM,WAAE,QAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAE5C,OAAO,CAAA,GAAA,8BAAkB,AAAD,EAAE,IAAI,IAAI;IACpC;IAEA,MAAc,cAAc,OAAe,EAAE;QAC3C,MAAM,SAAE,MAAK,EAAE,GAAG,IAAI,CAAC,WAAW;QAClC,MAAM,UAAE,OAAM,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAC3C,MAAM,kBAAkB,MAAM,IAAI,CAAC,kBAAkB;QAErD,IAAI;YACF,MAAM,CAAA,GAAA,4BAAY,EAAE,SAAS,OAAO,QAAQ;QAC9C,EAAE,OAAO,OAAgB;YACvB,MAAM,IAAI,CAAA,GAAA,yCAAgB,AAAD,EAAE,oBAAoB,OAAO;QACxD;IACF;IAEA,MAAc,cAAc,gBAC1B,aAAY,WACZ,QAAO,SACP,MAAK,eACL,YAAW,aACX,UAAS,EACS,EAAE;QACpB,MAAM,IAAI,CAAC,eAAe,CAAC,gBAAgB,IAAI;QAC/C,MAAM,IAAI,CAAC,UAAU,CAAC;QAEtB,8EAA8E;QAC9E,MAAM,iBAAiB,CAAA,GAAA,yCAAmB,AAAD;QACzC,MAAM,YAAY,KAAK,GAAG,KAAK,OAAO;QACtC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB;YAAE,OAAO;mBAAa;uBAAO;QAAU;QAC/E,MAAM,IAAI,CAAC,kBAAkB;IAC/B;IAEA,MAAc,qBAAqB;QACjC,MAAM,OAAoC,CAAC;QAE3C,KAAK,MAAM,CAAC,KAAK,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,GAC1D,sDAAsD;QACtD,IAAI,CAAC,IAAI,GAAG;QAGd,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,KAAK,SAAS,CAAC;IACnE;IAEA,MAAc,qBAAqB;QACjC,MAAM,MAAM,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;QAE/C,IAAI,CAAC,KACH;QAGF,IAAI;YACF,MAAM,OAAgB,KAAK,KAAK,CAAC;YAEjC,IAAI,CAAC,CAAA,GAAA,yCAAoB,EAAE,OACzB;YAEF,IAAI,CAAC,cAAc,CAAC,KAAK;YAEzB,KAAK,MAAM,CAAC,KAAK,YAAY,IAAI,OAAO,OAAO,CAAC,MAC9C,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK;QAEjC,EAAE,OAAM,CAAC;IACX;AAEF","sources":["packages/client/src/index.ts","packages/client/src/errors.ts","packages/client/src/types/index.ts","packages/client/src/utils/index.ts","packages/client/src/utils/requester.ts"],"sourcesContent":["import type {\n CodeTokenResponse,\n IdTokenClaims,\n UserInfoResponse,\n InteractionMode,\n} from '@logto/js';\nimport {\n decodeIdToken,\n fetchOidcConfig,\n fetchTokenByAuthorizationCode,\n fetchTokenByRefreshToken,\n fetchUserInfo,\n generateSignInUri,\n generateSignOutUri,\n Prompt,\n revoke,\n verifyAndParseCodeFromCallbackUri,\n verifyIdToken,\n withDefaultScopes,\n} from '@logto/js';\nimport type { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\n\nimport type { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types';\nimport { isLogtoAccessTokenMap, isLogtoSignInSessionItem } from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';\nexport {\n LogtoError,\n OidcError,\n Prompt,\n LogtoRequestError,\n ReservedScope,\n UserScope,\n} from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n protected readonly logtoConfig: LogtoConfig;\n protected readonly getOidcConfig = once(this._getOidcConfig);\n protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n protected readonly adapter: ClientAdapter;\n protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n this.logtoConfig = {\n ...logtoConfig,\n prompt: logtoConfig.prompt ?? Prompt.Consent,\n scopes: withDefaultScopes(logtoConfig.scopes).split(' '),\n };\n this.adapter = adapter;\n\n void this.loadAccessTokenMap();\n }\n\n async isAuthenticated() {\n return Boolean(await this.getIdToken());\n }\n\n async getRefreshToken() {\n return this.adapter.storage.getItem('refreshToken');\n }\n\n async getIdToken() {\n return this.adapter.storage.getItem('idToken');\n }\n\n async getAccessToken(resource?: string): Promise<string> {\n if (!(await this.getIdToken())) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const accessTokenKey = buildAccessTokenKey(resource);\n const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n return accessToken.token;\n }\n\n // Since the access token has expired, delete it from the map.\n if (accessToken) {\n this.accessTokenMap.delete(accessTokenKey);\n }\n\n /**\n * Need to fetch a new access token using refresh token.\n */\n return this.getAccessTokenByRefreshToken(resource);\n }\n\n async getIdTokenClaims(): Promise<IdTokenClaims> {\n const idToken = await this.getIdToken();\n\n if (!idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n return decodeIdToken(idToken);\n }\n\n async fetchUserInfo(): Promise<UserInfoResponse> {\n const { userinfoEndpoint } = await this.getOidcConfig();\n const accessToken = await this.getAccessToken();\n\n if (!accessToken) {\n throw new LogtoClientError('fetch_user_info_failed');\n }\n\n return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);\n }\n\n async signIn(redirectUri: string, interactionMode?: InteractionMode) {\n const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n const { authorizationEndpoint } = await this.getOidcConfig();\n const codeVerifier = this.adapter.generateCodeVerifier();\n const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n const state = this.adapter.generateState();\n\n const signInUri = generateSignInUri({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n interactionMode,\n });\n\n await this.setSignInSession({ redirectUri, codeVerifier, state });\n await this.setRefreshToken(null);\n await this.setIdToken(null);\n\n this.adapter.navigate(signInUri);\n }\n\n async isSignInRedirected(url: string): Promise<boolean> {\n const signInSession = await this.getSignInSession();\n\n if (!signInSession) {\n return false;\n }\n const { redirectUri } = signInSession;\n const { origin, pathname } = new URL(url);\n\n return `${origin}${pathname}` === redirectUri;\n }\n\n async handleSignInCallback(callbackUri: string) {\n const { logtoConfig, adapter } = this;\n const { requester } = adapter;\n const signInSession = await this.getSignInSession();\n\n if (!signInSession) {\n throw new LogtoClientError('sign_in_session.not_found');\n }\n\n const { redirectUri, state, codeVerifier } = signInSession;\n const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n const { appId: clientId } = logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const codeTokenResponse = await fetchTokenByAuthorizationCode(\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n },\n requester\n );\n\n await this.verifyIdToken(codeTokenResponse.idToken);\n await this.saveCodeToken(codeTokenResponse);\n await this.setSignInSession(null);\n }\n\n async signOut(postLogoutRedirectUri?: string) {\n const idToken = await this.getIdToken();\n\n if (!idToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n const { appId: clientId } = this.logtoConfig;\n const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n const refreshToken = await this.getRefreshToken();\n\n if (refreshToken) {\n try {\n await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);\n } catch {\n // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n }\n }\n\n const url = generateSignOutUri({\n endSessionEndpoint,\n postLogoutRedirectUri,\n clientId,\n });\n\n this.accessTokenMap.clear();\n await this.setRefreshToken(null);\n await this.setIdToken(null);\n await this.adapter.storage.removeItem('accessToken');\n\n this.adapter.navigate(url);\n }\n\n protected async getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>> {\n const jsonItem = await this.adapter.storage.getItem('signInSession');\n\n if (!jsonItem) {\n return null;\n }\n\n const item: unknown = JSON.parse(jsonItem);\n\n if (!isLogtoSignInSessionItem(item)) {\n throw new LogtoClientError('sign_in_session.invalid');\n }\n\n return item;\n }\n\n protected async setSignInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n if (!logtoSignInSessionItem) {\n await this.adapter.storage.removeItem('signInSession');\n\n return;\n }\n\n const jsonItem = JSON.stringify(logtoSignInSessionItem);\n await this.adapter.storage.setItem('signInSession', jsonItem);\n }\n\n private async setIdToken(idToken: Nullable<string>) {\n if (!idToken) {\n await this.adapter.storage.removeItem('idToken');\n\n return;\n }\n\n await this.adapter.storage.setItem('idToken', idToken);\n }\n\n private async setRefreshToken(refreshToken: Nullable<string>) {\n if (!refreshToken) {\n await this.adapter.storage.removeItem('refreshToken');\n\n return;\n }\n\n await this.adapter.storage.setItem('refreshToken', refreshToken);\n }\n\n private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n const currentRefreshToken = await this.getRefreshToken();\n\n if (!currentRefreshToken) {\n throw new LogtoClientError('not_authenticated');\n }\n\n try {\n const accessTokenKey = buildAccessTokenKey(resource);\n const { appId: clientId } = this.logtoConfig;\n const { tokenEndpoint } = await this.getOidcConfig();\n const { accessToken, refreshToken, idToken, scope, expiresIn } =\n await fetchTokenByRefreshToken(\n {\n clientId,\n tokenEndpoint,\n refreshToken: currentRefreshToken,\n resource,\n },\n this.adapter.requester\n );\n\n this.accessTokenMap.set(accessTokenKey, {\n token: accessToken,\n scope,\n expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n });\n\n await this.saveAccessTokenMap();\n await this.setRefreshToken(refreshToken);\n\n if (idToken) {\n await this.verifyIdToken(idToken);\n await this.setIdToken(idToken);\n }\n\n return accessToken;\n } catch (error: unknown) {\n throw new LogtoClientError('get_access_token_by_refresh_token_failed', error);\n }\n }\n\n private async _getOidcConfig() {\n const { endpoint } = this.logtoConfig;\n const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n }\n\n private async _getJwtVerifyGetKey() {\n const { jwksUri } = await this.getOidcConfig();\n\n return createRemoteJWKSet(new URL(jwksUri));\n }\n\n private async verifyIdToken(idToken: string) {\n const { appId } = this.logtoConfig;\n const { issuer } = await this.getOidcConfig();\n const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n try {\n await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n } catch (error: unknown) {\n throw new LogtoClientError('invalid_id_token', error);\n }\n }\n\n private async saveCodeToken({\n refreshToken,\n idToken,\n scope,\n accessToken,\n expiresIn,\n }: CodeTokenResponse) {\n await this.setRefreshToken(refreshToken ?? null);\n await this.setIdToken(idToken);\n\n // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n const accessTokenKey = buildAccessTokenKey();\n const expiresAt = Date.now() / 1000 + expiresIn;\n this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n await this.saveAccessTokenMap();\n }\n\n private async saveAccessTokenMap() {\n const data: Record<string, AccessToken> = {};\n\n for (const [key, accessToken] of this.accessTokenMap.entries()) {\n // eslint-disable-next-line @silverhand/fp/no-mutation\n data[key] = accessToken;\n }\n\n await this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n }\n\n private async loadAccessTokenMap() {\n const raw = await this.adapter.storage.getItem('accessToken');\n\n if (!raw) {\n return;\n }\n\n try {\n const json: unknown = JSON.parse(raw);\n\n if (!isLogtoAccessTokenMap(json)) {\n return;\n }\n this.accessTokenMap.clear();\n\n for (const [key, accessToken] of Object.entries(json)) {\n this.accessTokenMap.set(key, accessToken);\n }\n } catch {}\n }\n // FIXME: @charles @sijie\n}\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nconst logtoClientErrorCodes = Object.freeze({\n sign_in_session: {\n invalid: 'Invalid sign-in session.',\n not_found: 'Sign-in session not found.',\n },\n not_authenticated: 'Not authenticated.',\n get_access_token_by_refresh_token_failed: 'Failed to get access token by refresh token.',\n fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',\n invalid_id_token: 'Invalid id token.',\n});\n\nexport type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoClientErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoClientErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoClientError extends Error {\n code: LogtoClientErrorCode;\n data: unknown;\n\n constructor(code: LogtoClientErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n","import type { Prompt } from '@logto/js';\nimport { isArbitraryObject } from '@logto/js';\n\nexport type LogtoConfig = {\n endpoint: string;\n appId: string;\n appSecret?: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport type AccessToken = {\n token: string;\n scope: string;\n expiresAt: number;\n};\n\nexport const isLogtoSignInSessionItem = (data: unknown): data is LogtoSignInSessionItem => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return ['redirectUri', 'codeVerifier', 'state'].every((key) => typeof data[key] === 'string');\n};\n\nexport const isLogtoAccessTokenMap = (data: unknown): data is Record<string, AccessToken> => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return Object.values(data).every((value) => {\n if (!isArbitraryObject(value)) {\n return false;\n }\n\n return (\n typeof value.token === 'string' &&\n typeof value.scope === 'string' &&\n typeof value.expiresAt === 'number'\n );\n });\n};\n\nexport type LogtoSignInSessionItem = {\n redirectUri: string;\n codeVerifier: string;\n state: string;\n};\n","import { discoveryPath } from '@logto/js';\n\nexport * from './requester';\n\nexport const buildAccessTokenKey = (resource = '', scopes: string[] = []): string =>\n `${scopes.slice().sort().join(' ')}@${resource}`;\n\nexport const getDiscoveryEndpoint = (endpoint: string): string =>\n new URL(discoveryPath, endpoint).toString();\n","import type { Requester } from '@logto/js';\nimport { LogtoError, LogtoRequestError, isLogtoRequestError } from '@logto/js';\n\nexport const createRequester = (fetchFunction: typeof fetch): Requester => {\n return async <T>(...args: Parameters<typeof fetch>): Promise<T> => {\n const response = await fetchFunction(...args);\n\n if (!response.ok) {\n const responseJson = await response.json();\n\n if (!isLogtoRequestError(responseJson)) {\n throw new LogtoError('unexpected_response_error', responseJson);\n }\n\n // Expected request error from server\n const { code, message } = responseJson;\n throw new LogtoRequestError(code, message);\n }\n\n return response.json();\n };\n};\n"],"names":[],"version":3,"file":"index.js.map"}