@logto/client 1.1.1 → 2.0.0

package/lib/utils/once.cjs

@@ -0,0 +1,20 @@
+'use strict';
+
+// TODO @sijie move to essentials
+/* eslint-disable @silverhand/fp/no-let */
+/* eslint-disable @silverhand/fp/no-mutation */
+function once(function_) {
+    let called = false;
+    let result;
+    return function (...args) {
+        if (!called) {
+            called = true;
+            result = function_.apply(this, args);
+        }
+        return result;
+    };
+}
+/* eslint-enable @silverhand/fp/no-mutation */
+/* eslint-enable @silverhand/fp/no-let */
+
+exports.once = once;

package/lib/utils/once.d.ts

@@ -0,0 +1,3 @@
+type Procedure<T> = (...args: unknown[]) => T;
+export declare function once<T>(function_: Procedure<T>): Procedure<T>;
+export {};

package/lib/utils/once.js

@@ -0,0 +1,18 @@
+// TODO @sijie move to essentials
+/* eslint-disable @silverhand/fp/no-let */
+/* eslint-disable @silverhand/fp/no-mutation */
+function once(function_) {
+    let called = false;
+    let result;
+    return function (...args) {
+        if (!called) {
+            called = true;
+            result = function_.apply(this, args);
+        }
+        return result;
+    };
+}
+/* eslint-enable @silverhand/fp/no-mutation */
+/* eslint-enable @silverhand/fp/no-let */
+
+export { once };

package/lib/utils/requester.cjs

@@ -0,0 +1,21 @@
+'use strict';
+
+var js = require('@logto/js');
+
+const createRequester = (fetchFunction) => {
+    return async (...args) => {
+        const response = await fetchFunction(...args);
+        if (!response.ok) {
+            const responseJson = await response.json();
+            if (!js.isLogtoRequestError(responseJson)) {
+                throw new js.LogtoError('unexpected_response_error', responseJson);
+            }
+            // Expected request error from server
+            const { code, message } = responseJson;
+            throw new js.LogtoRequestError(code, message);
+        }
+        return response.json();
+    };
+};
+
+exports.createRequester = createRequester;

package/lib/utils/requester.d.ts

@@ -0,0 +1,2 @@
+import type { Requester } from '@logto/js';
+export declare const createRequester: (fetchFunction: typeof fetch) => Requester;

package/lib/utils/requester.js

@@ -0,0 +1,19 @@
+import { isLogtoRequestError, LogtoError, LogtoRequestError } from '@logto/js';
+
+const createRequester = (fetchFunction) => {
+    return async (...args) => {
+        const response = await fetchFunction(...args);
+        if (!response.ok) {
+            const responseJson = await response.json();
+            if (!isLogtoRequestError(responseJson)) {
+                throw new LogtoError('unexpected_response_error', responseJson);
+            }
+            // Expected request error from server
+            const { code, message } = responseJson;
+            throw new LogtoRequestError(code, message);
+        }
+        return response.json();
+    };
+};
+
+export { createRequester };

package/lib/utils/requester.test.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,14 +1,16 @@
 {
   "name": "@logto/client",
-  "version": "1.1.1",
-  "source": "./src/index.ts",
-  "main": "./lib/index.js",
+  "version": "2.0.0",
+  "type": "module",
+  "main": "./lib/index.cjs",
+  "module": "./lib/index.js",
+  "types": "./lib/index.d.ts",
   "exports": {
-    "require": "./lib/index.js",
-    "import": "./lib/module.mjs"
+    "types": "./lib/index.d.ts",
+    "require": "./lib/index.cjs",
+    "import": "./lib/index.js",
+    "default": "./lib/index.js"
   },
-  "module": "./lib/module.mjs",
-  "types": "./lib/index.d.ts",
   "files": [
     "lib"
   ],
@@ -18,46 +20,28 @@
     "url": "https://github.com/logto-io/js.git",
     "directory": "packages/client"
   },
-  "scripts": {
-    "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
-    "precommit": "lint-staged",
-    "check": "tsc --noEmit",
-    "build": "rm -rf lib/ && pnpm check && parcel build && cp lib/index.d.ts lib/module.d.mts",
-    "lint": "eslint --ext .ts src",
-    "test": "jest",
-    "test:coverage": "jest --silent --env=jsdom && jest --silent --coverage",
-    "prepack": "pnpm test"
-  },
   "dependencies": {
-    "@logto/js": "^1.1.0",
-    "@silverhand/essentials": "^1.2.1",
+    "@logto/js": "^2.0.0",
+    "@silverhand/essentials": "^2.6.2",
     "camelcase-keys": "^7.0.1",
-    "jose": "^4.3.8",
-    "lodash.get": "^4.4.2",
-    "lodash.once": "^4.1.1"
+    "jose": "^4.13.2"
   },
   "devDependencies": {
-    "@jest/types": "^27.5.1",
-    "@parcel/core": "^2.8.3",
-    "@parcel/packager-ts": "^2.8.3",
-    "@parcel/transformer-typescript-types": "^2.8.3",
-    "@silverhand/eslint-config": "^2.0.0",
-    "@silverhand/ts-config": "^1.0.0",
-    "@types/jest": "^27.4.1",
-    "@types/lodash.get": "^4.4.6",
-    "@types/lodash.once": "^4.1.7",
+    "@silverhand/eslint-config": "^3.0.1",
+    "@silverhand/ts-config": "^3.0.0",
+    "@swc/core": "^1.3.50",
+    "@swc/jest": "^0.2.24",
+    "@types/jest": "^29.5.0",
     "@types/node": "^18.0.0",
-    "eslint": "^8.23.0",
-    "jest": "^27.5.1",
+    "eslint": "^8.38.0",
+    "jest": "^29.5.0",
     "jest-matcher-specific-error": "^1.0.0",
     "lint-staged": "^13.0.0",
-    "nock": "^13.1.3",
-    "parcel": "^2.8.3",
-    "prettier": "^2.7.1",
+    "nock": "^13.3.0",
+    "prettier": "^2.8.7",
     "text-encoder": "^0.0.4",
-    "ts-jest": "^27.0.4",
     "type-fest": "^3.0.0",
-    "typescript": "4.9.5"
+    "typescript": "^5.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"
@@ -66,5 +50,13 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "f74d96813d0bcc07a5134d43318f1e167a6f47ff"
-}
+  "scripts": {
+    "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
+    "precommit": "lint-staged",
+    "check": "tsc --noEmit",
+    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
+    "lint": "eslint --ext .ts src",
+    "test": "jest",
+    "test:coverage": "jest --silent --env=jsdom && jest --silent --coverage"
+  }
+}

package/lib/index.d.ts.map

@@ -1 +0,0 @@
-{"mappings":";;AAGA,yBAAyB,SAAS,GAAG,cAAc,GAAG,aAAa,GAAG,eAAe,CAAC;AAEtF,sBAAsB;IACpB,OAAO,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5C,CAAC;AAEF,gBAAuB,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;AAE7C,4BAA4B;IAC1B,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,MAAM,CAAC;IACnC,qBAAqB,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CAClE,CAAC;ACjBF,QAAA,MAAM;;;;;;;EAOJ,CAAC;AAEH,mCAAmC,kBAAkB,4BAA4B,CAAC,CAAC;AAanF,6BAA8B,SAAQ,KAAK;IACzC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,oBAAoB,EAAE,IAAI,CAAC,EAAE,OAAO;CAKvD;AC/BD,0BAA0B;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,0BAA0B;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,OAAO,MAAM,iCAAkC,OAAO,mCAMrD,CAAC;AAEF,OAAO,MAAM,8BAA+B,OAAO,wCAgBlD,CAAC;AAEF,qCAAqC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AC7CF,OAAO,MAAM,iCAAkC,YAAY,KAAG,SAkB7D,CAAC;AESF,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAClG,OAAO,EACL,UAAU,EACV,SAAS,EACT,MAAM,EACN,iBAAiB,EACjB,aAAa,EACb,SAAS,GACV,MAAM,WAAW,CAAC;AAMnB;IACE,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAC5C,SAAS,CAAC,QAAQ,CAAC,aAAa,mHAA6B;IAC7D,SAAS,CAAC,QAAQ,CAAC,kBAAkB,sIAAkC;IACvE,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAC1C,SAAS,CAAC,QAAQ,CAAC,cAAc,2BAAkC;gBAEvD,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa;IAWtD,eAAe;IAIf,eAAe;IAIf,UAAU;IAIV,cAAc,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBlD,gBAAgB,IAAI,OAAO,CAAC,aAAa,CAAC;IAU1C,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAW1C,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,eAAe;IA0B7D,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYjD,oBAAoB,CAAC,WAAW,EAAE,MAAM;IA8BxC,OAAO,CAAC,qBAAqB,CAAC,EAAE,MAAM;cAiC5B,gBAAgB,IAAI,OAAO,CAAC,SAAS,sBAAsB,CAAC,CAAC;cAgB7D,gBAAgB,CAAC,sBAAsB,EAAE,SAAS,sBAAsB,CAAC;CA2I1F","sources":["packages/client/src/src/adapter.ts","packages/client/src/src/errors.ts","packages/client/src/src/types/index.ts","packages/client/src/src/utils/requester.ts","packages/client/src/src/utils/index.ts","packages/client/src/src/index.ts","packages/client/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,"import type {\n  CodeTokenResponse,\n  IdTokenClaims,\n  UserInfoResponse,\n  InteractionMode,\n} from '@logto/js';\nimport {\n  decodeIdToken,\n  fetchOidcConfig,\n  fetchTokenByAuthorizationCode,\n  fetchTokenByRefreshToken,\n  fetchUserInfo,\n  generateSignInUri,\n  generateSignOutUri,\n  Prompt,\n  revoke,\n  verifyAndParseCodeFromCallbackUri,\n  verifyIdToken,\n  withDefaultScopes,\n} from '@logto/js';\nimport type { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\n\nimport type { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types';\nimport { isLogtoAccessTokenMap, isLogtoSignInSessionItem } from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';\nexport {\n  LogtoError,\n  OidcError,\n  Prompt,\n  LogtoRequestError,\n  ReservedScope,\n  UserScope,\n} from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n  protected readonly logtoConfig: LogtoConfig;\n  protected readonly getOidcConfig = once(this._getOidcConfig);\n  protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n  protected readonly adapter: ClientAdapter;\n  protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n  constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n    this.logtoConfig = {\n      ...logtoConfig,\n      prompt: logtoConfig.prompt ?? Prompt.Consent,\n      scopes: withDefaultScopes(logtoConfig.scopes).split(' '),\n    };\n    this.adapter = adapter;\n\n    void this.loadAccessTokenMap();\n  }\n\n  async isAuthenticated() {\n    return Boolean(await this.getIdToken());\n  }\n\n  async getRefreshToken() {\n    return this.adapter.storage.getItem('refreshToken');\n  }\n\n  async getIdToken() {\n    return this.adapter.storage.getItem('idToken');\n  }\n\n  async getAccessToken(resource?: string): Promise<string> {\n    if (!(await this.getIdToken())) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    const accessTokenKey = buildAccessTokenKey(resource);\n    const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n    if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n      return accessToken.token;\n    }\n\n    // Since the access token has expired, delete it from the map.\n    if (accessToken) {\n      this.accessTokenMap.delete(accessTokenKey);\n    }\n\n    /**\n     * Need to fetch a new access token using refresh token.\n     */\n    return this.getAccessTokenByRefreshToken(resource);\n  }\n\n  async getIdTokenClaims(): Promise<IdTokenClaims> {\n    const idToken = await this.getIdToken();\n\n    if (!idToken) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    return decodeIdToken(idToken);\n  }\n\n  async fetchUserInfo(): Promise<UserInfoResponse> {\n    const { userinfoEndpoint } = await this.getOidcConfig();\n    const accessToken = await this.getAccessToken();\n\n    if (!accessToken) {\n      throw new LogtoClientError('fetch_user_info_failed');\n    }\n\n    return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);\n  }\n\n  async signIn(redirectUri: string, interactionMode?: InteractionMode) {\n    const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n    const { authorizationEndpoint } = await this.getOidcConfig();\n    const codeVerifier = this.adapter.generateCodeVerifier();\n    const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n    const state = this.adapter.generateState();\n\n    const signInUri = generateSignInUri({\n      authorizationEndpoint,\n      clientId,\n      redirectUri,\n      codeChallenge,\n      state,\n      scopes,\n      resources,\n      prompt,\n      interactionMode,\n    });\n\n    await this.setSignInSession({ redirectUri, codeVerifier, state });\n    await this.setRefreshToken(null);\n    await this.setIdToken(null);\n\n    this.adapter.navigate(signInUri);\n  }\n\n  async isSignInRedirected(url: string): Promise<boolean> {\n    const signInSession = await this.getSignInSession();\n\n    if (!signInSession) {\n      return false;\n    }\n    const { redirectUri } = signInSession;\n    const { origin, pathname } = new URL(url);\n\n    return `${origin}${pathname}` === redirectUri;\n  }\n\n  async handleSignInCallback(callbackUri: string) {\n    const { logtoConfig, adapter } = this;\n    const { requester } = adapter;\n    const signInSession = await this.getSignInSession();\n\n    if (!signInSession) {\n      throw new LogtoClientError('sign_in_session.not_found');\n    }\n\n    const { redirectUri, state, codeVerifier } = signInSession;\n    const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n    const { appId: clientId } = logtoConfig;\n    const { tokenEndpoint } = await this.getOidcConfig();\n    const codeTokenResponse = await fetchTokenByAuthorizationCode(\n      {\n        clientId,\n        tokenEndpoint,\n        redirectUri,\n        codeVerifier,\n        code,\n      },\n      requester\n    );\n\n    await this.verifyIdToken(codeTokenResponse.idToken);\n    await this.saveCodeToken(codeTokenResponse);\n    await this.setSignInSession(null);\n  }\n\n  async signOut(postLogoutRedirectUri?: string) {\n    const idToken = await this.getIdToken();\n\n    if (!idToken) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    const { appId: clientId } = this.logtoConfig;\n    const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n    const refreshToken = await this.getRefreshToken();\n\n    if (refreshToken) {\n      try {\n        await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);\n      } catch {\n        // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n      }\n    }\n\n    const url = generateSignOutUri({\n      endSessionEndpoint,\n      postLogoutRedirectUri,\n      clientId,\n    });\n\n    this.accessTokenMap.clear();\n    await this.setRefreshToken(null);\n    await this.setIdToken(null);\n    await this.adapter.storage.removeItem('accessToken');\n\n    this.adapter.navigate(url);\n  }\n\n  protected async getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>> {\n    const jsonItem = await this.adapter.storage.getItem('signInSession');\n\n    if (!jsonItem) {\n      return null;\n    }\n\n    const item: unknown = JSON.parse(jsonItem);\n\n    if (!isLogtoSignInSessionItem(item)) {\n      throw new LogtoClientError('sign_in_session.invalid');\n    }\n\n    return item;\n  }\n\n  protected async setSignInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n    if (!logtoSignInSessionItem) {\n      await this.adapter.storage.removeItem('signInSession');\n\n      return;\n    }\n\n    const jsonItem = JSON.stringify(logtoSignInSessionItem);\n    await this.adapter.storage.setItem('signInSession', jsonItem);\n  }\n\n  private async setIdToken(idToken: Nullable<string>) {\n    if (!idToken) {\n      await this.adapter.storage.removeItem('idToken');\n\n      return;\n    }\n\n    await this.adapter.storage.setItem('idToken', idToken);\n  }\n\n  private async setRefreshToken(refreshToken: Nullable<string>) {\n    if (!refreshToken) {\n      await this.adapter.storage.removeItem('refreshToken');\n\n      return;\n    }\n\n    await this.adapter.storage.setItem('refreshToken', refreshToken);\n  }\n\n  private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n    const currentRefreshToken = await this.getRefreshToken();\n\n    if (!currentRefreshToken) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    const accessTokenKey = buildAccessTokenKey(resource);\n    const { appId: clientId } = this.logtoConfig;\n    const { tokenEndpoint } = await this.getOidcConfig();\n    const { accessToken, refreshToken, idToken, scope, expiresIn } = await fetchTokenByRefreshToken(\n      {\n        clientId,\n        tokenEndpoint,\n        refreshToken: currentRefreshToken,\n        resource,\n      },\n      this.adapter.requester\n    );\n\n    this.accessTokenMap.set(accessTokenKey, {\n      token: accessToken,\n      scope,\n      expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n    });\n\n    await this.saveAccessTokenMap();\n    await this.setRefreshToken(refreshToken);\n\n    if (idToken) {\n      await this.verifyIdToken(idToken);\n      await this.setIdToken(idToken);\n    }\n\n    return accessToken;\n  }\n\n  private async _getOidcConfig() {\n    const { endpoint } = this.logtoConfig;\n    const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n    return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n  }\n\n  private async _getJwtVerifyGetKey() {\n    const { jwksUri } = await this.getOidcConfig();\n\n    return createRemoteJWKSet(new URL(jwksUri));\n  }\n\n  private async verifyIdToken(idToken: string) {\n    const { appId } = this.logtoConfig;\n    const { issuer } = await this.getOidcConfig();\n    const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n    await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n  }\n\n  private async saveCodeToken({\n    refreshToken,\n    idToken,\n    scope,\n    accessToken,\n    expiresIn,\n  }: CodeTokenResponse) {\n    await this.setRefreshToken(refreshToken ?? null);\n    await this.setIdToken(idToken);\n\n    // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n    const accessTokenKey = buildAccessTokenKey();\n    const expiresAt = Date.now() / 1000 + expiresIn;\n    this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n    await this.saveAccessTokenMap();\n  }\n\n  private async saveAccessTokenMap() {\n    const data: Record<string, AccessToken> = {};\n\n    for (const [key, accessToken] of this.accessTokenMap.entries()) {\n      // eslint-disable-next-line @silverhand/fp/no-mutation\n      data[key] = accessToken;\n    }\n\n    await this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n  }\n\n  private async loadAccessTokenMap() {\n    const raw = await this.adapter.storage.getItem('accessToken');\n\n    if (!raw) {\n      return;\n    }\n\n    try {\n      const json: unknown = JSON.parse(raw);\n\n      if (!isLogtoAccessTokenMap(json)) {\n        return;\n      }\n      this.accessTokenMap.clear();\n\n      for (const [key, accessToken] of Object.entries(json)) {\n        this.accessTokenMap.set(key, accessToken);\n      }\n    } catch (error: unknown) {\n      console.warn(error);\n    }\n  }\n}\n"],"names":[],"version":3,"file":"index.d.ts.map"}

package/lib/index.js.map

@@ -1 +0,0 @@
-{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;ACAA;AAGA,MAAM,8CAAwB,OAAO,MAAM,CAAC;IAC1C,iBAAiB;QACf,SAAS;QACT,WAAW;IACb;IACA,mBAAmB;IACnB,wBAAwB;AAC1B;AAIA,MAAM,8CAAwB,CAAC,YAA4C;IACzE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,0CAAE,EAAE,6CAAuB;IAE3C,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAyB;IAIpC,YAAY,IAA0B,EAAE,IAAc,CAAE;QACtD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;;;;;;;AClCA;AAkBO,MAAM,4CAA2B,CAAC,OAAkD;IACzF,IAAI,CAAC,CAAA,GAAA,gCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO;QAAC;QAAe;QAAgB;KAAQ,CAAC,KAAK,CAAC,CAAC,MAAQ,OAAO,IAAI,CAAC,IAAI,KAAK;AACtF;AAEO,MAAM,4CAAwB,CAAC,OAAuD;IAC3F,IAAI,CAAC,CAAA,GAAA,gCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,QAAU;QAC1C,IAAI,CAAC,CAAA,GAAA,gCAAiB,AAAD,EAAE,QACrB,OAAO,KAAK;QAGd,OACE,OAAO,MAAM,KAAK,KAAK,YACvB,OAAO,MAAM,KAAK,KAAK,YACvB,OAAO,MAAM,SAAS,KAAK;IAE/B;AACF;;;AC1CA;ACAA;AAGO,MAAM,4CAAkB,CAAC,gBAA2C;IACzE,OAAO,OAAU,GAAG,OAA+C;QACjE,MAAM,WAAW,MAAM,iBAAiB;QAExC,IAAI,CAAC,SAAS,EAAE,EAAE;YAChB,MAAM,eAAe,MAAM,SAAS,IAAI;YAExC,IAAI,CAAC,CAAA,GAAA,kCAAkB,EAAE,eACvB,MAAM,IAAI,CAAA,GAAA,yBAAS,EAAE,6BAA6B,cAAc;YAGlE,qCAAqC;YACrC,MAAM,QAAE,KAAI,WAAE,QAAO,EAAE,GAAG;YAC1B,MAAM,IAAI,CAAA,GAAA,gCAAiB,AAAD,EAAE,MAAM,SAAS;QAC7C,CAAC;QAED,OAAO,SAAS,IAAI;IACtB;AACF;;;ADjBO,MAAM,4CAAsB,CAAC,WAAW,EAAE,EAAE,SAAmB,EAAE,GACtE,CAAC,EAAE,OAAO,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;AAE3C,MAAM,4CAAuB,CAAC,WACnC,IAAI,IAAI,CAAA,GAAA,4BAAa,AAAD,GAAG,UAAU,QAAQ;;;;;;;AHoC5B;IAEM,gBAAgB,CAAA,GAAA,2CAAG,EAAE,IAAI,CAAC,cAAc,EAAE;IAC1C,qBAAqB,CAAA,GAAA,2CAAG,EAAE,IAAI,CAAC,mBAAmB,EAAE;IAEpD,iBAAiB,IAAI,MAA2B;IAEnE,YAAY,WAAwB,EAAE,OAAsB,CAAE;QAC5D,IAAI,CAAC,WAAW,GAAG;YACjB,GAAG,WAAW;YACd,QAAQ,YAAY,MAAM,IAAI,CAAA,GAAA,qBAAK,EAAE,OAAO;YAC5C,QAAQ,CAAA,GAAA,gCAAgB,EAAE,YAAY,MAAM,EAAE,KAAK,CAAC;QACtD;QACA,IAAI,CAAC,OAAO,GAAG;QAEV,IAAI,CAAC,kBAAkB;IAC9B;IAEA,MAAM,kBAAkB;QACtB,OAAO,QAAQ,MAAM,IAAI,CAAC,UAAU;IACtC;IAEA,MAAM,kBAAkB;QACtB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;IACtC;IAEA,MAAM,aAAa;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;IACtC;IAEA,MAAM,eAAe,QAAiB,EAAmB;QACvD,IAAI,CAAE,MAAM,IAAI,CAAC,UAAU,IACzB,MAAM,IAAI,CAAA,GAAA,yCAAgB,AAAD,EAAE,qBAAqB;QAGlD,MAAM,iBAAiB,CAAA,GAAA,yCAAkB,EAAE;QAC3C,MAAM,cAAc,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC;QAE5C,IAAI,eAAe,YAAY,SAAS,GAAG,KAAK,GAAG,KAAK,MACtD,OAAO,YAAY,KAAK;QAG1B,8DAA8D;QAC9D,IAAI,aACF,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;QAG7B;;KAEC,GACD,OAAO,IAAI,CAAC,4BAA4B,CAAC;IAC3C;IAEA,MAAM,mBAA2C;QAC/C,MAAM,UAAU,MAAM,IAAI,CAAC,UAAU;QAErC,IAAI,CAAC,SACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,qBAAqB;QAGlD,OAAO,CAAA,GAAA,4BAAY,EAAE;IACvB;IAEA,MAAM,gBAA2C;QAC/C,MAAM,oBAAE,iBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QACrD,MAAM,cAAc,MAAM,IAAI,CAAC,cAAc;QAE7C,IAAI,CAAC,aACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,0BAA0B;QAGvD,OAAO,CAAA,GAAA,4BAAY,EAAE,kBAAkB,aAAa,IAAI,CAAC,OAAO,CAAC,SAAS;IAC5E;IAEA,MAAM,OAAO,WAAmB,EAAE,eAAiC,EAAE;QACnE,MAAM,EAAE,OAAO,SAAQ,UAAE,OAAM,aAAE,UAAS,UAAE,OAAM,EAAE,GAAG,IAAI,CAAC,WAAW;QACvE,MAAM,yBAAE,sBAAqB,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAC1D,MAAM,eAAe,IAAI,CAAC,OAAO,CAAC,oBAAoB;QACtD,MAAM,gBAAgB,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC;QAC/D,MAAM,QAAQ,IAAI,CAAC,OAAO,CAAC,aAAa;QAExC,MAAM,YAAY,CAAA,GAAA,gCAAgB,EAAE;mCAClC;sBACA;yBACA;2BACA;mBACA;oBACA;uBACA;oBACA;6BACA;QACF;QAEA,MAAM,IAAI,CAAC,gBAAgB,CAAC;yBAAE;0BAAa;mBAAc;QAAM;QAC/D,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI;QAC/B,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI;QAE1B,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IACxB;IAEA,MAAM,mBAAmB,GAAW,EAAoB;QACtD,MAAM,gBAAgB,MAAM,IAAI,CAAC,gBAAgB;QAEjD,IAAI,CAAC,eACH,OAAO,KAAK;QAEd,MAAM,eAAE,YAAW,EAAE,GAAG;QACxB,MAAM,UAAE,OAAM,YAAE,SAAQ,EAAE,GAAG,IAAI,IAAI;QAErC,OAAO,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,KAAK;IACpC;IAEA,MAAM,qBAAqB,WAAmB,EAAE;QAC9C,MAAM,eAAE,YAAW,WAAE,QAAO,EAAE,GAAG,IAAI;QACrC,MAAM,aAAE,UAAS,EAAE,GAAG;QACtB,MAAM,gBAAgB,MAAM,IAAI,CAAC,gBAAgB;QAEjD,IAAI,CAAC,eACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,6BAA6B;QAG1D,MAAM,eAAE,YAAW,SAAE,MAAK,gBAAE,aAAY,EAAE,GAAG;QAC7C,MAAM,OAAO,CAAA,GAAA,gDAAiC,AAAD,EAAE,aAAa,aAAa;QAEzE,MAAM,EAAE,OAAO,SAAQ,EAAE,GAAG;QAC5B,MAAM,iBAAE,cAAa,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAClD,MAAM,oBAAoB,MAAM,CAAA,GAAA,4CAA4B,EAC1D;sBACE;2BACA;yBACA;0BACA;kBACA;QACF,GACA;QAGF,MAAM,IAAI,CAAC,aAAa,CAAC,kBAAkB,OAAO;QAClD,MAAM,IAAI,CAAC,aAAa,CAAC;QACzB,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI;IAClC;IAEA,MAAM,QAAQ,qBAA8B,EAAE;QAC5C,MAAM,UAAU,MAAM,IAAI,CAAC,UAAU;QAErC,IAAI,CAAC,SACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,qBAAqB;QAGlD,MAAM,EAAE,OAAO,SAAQ,EAAE,GAAG,IAAI,CAAC,WAAW;QAC5C,MAAM,sBAAE,mBAAkB,sBAAE,mBAAkB,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAC3E,MAAM,eAAe,MAAM,IAAI,CAAC,eAAe;QAE/C,IAAI,cACF,IAAI;YACF,MAAM,CAAA,GAAA,qBAAK,EAAE,oBAAoB,UAAU,cAAc,IAAI,CAAC,OAAO,CAAC,SAAS;QACjF,EAAE,OAAM;QACN,yGAAyG;QAC3G;QAGF,MAAM,MAAM,CAAA,GAAA,iCAAiB,EAAE;gCAC7B;mCACA;sBACA;QACF;QAEA,IAAI,CAAC,cAAc,CAAC,KAAK;QACzB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI;QAC/B,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI;QAC1B,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;QAEtC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;IACxB;IAEA,MAAgB,mBAA8D;QAC5E,MAAM,WAAW,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;QAEpD,IAAI,CAAC,UACH,OAAO,IAAI;QAGb,MAAM,OAAgB,KAAK,KAAK,CAAC;QAEjC,IAAI,CAAC,CAAA,GAAA,yCAAuB,EAAE,OAC5B,MAAM,IAAI,CAAA,GAAA,yCAAgB,AAAD,EAAE,2BAA2B;QAGxD,OAAO;IACT;IAEA,MAAgB,iBAAiB,sBAAwD,EAAE;QACzF,IAAI,CAAC,wBAAwB;YAC3B,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;YAEtC;QACF,CAAC;QAED,MAAM,WAAW,KAAK,SAAS,CAAC;QAChC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB;IACtD;IAEA,MAAc,WAAW,OAAyB,EAAE;QAClD,IAAI,CAAC,SAAS;YACZ,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;YAEtC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW;IAChD;IAEA,MAAc,gBAAgB,YAA8B,EAAE;QAC5D,IAAI,CAAC,cAAc;YACjB,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;YAEtC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB;IACrD;IAEA,MAAc,6BAA6B,QAAiB,EAAmB;QAC7E,MAAM,sBAAsB,MAAM,IAAI,CAAC,eAAe;QAEtD,IAAI,CAAC,qBACH,MAAM,IAAI,CAAA,GAAA,yCAAe,EAAE,qBAAqB;QAGlD,MAAM,iBAAiB,CAAA,GAAA,yCAAkB,EAAE;QAC3C,MAAM,EAAE,OAAO,SAAQ,EAAE,GAAG,IAAI,CAAC,WAAW;QAC5C,MAAM,iBAAE,cAAa,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAClD,MAAM,eAAE,YAAW,gBAAE,aAAY,WAAE,QAAO,SAAE,MAAK,aAAE,UAAS,EAAE,GAAG,MAAM,CAAA,GAAA,uCAAuB,EAC5F;sBACE;2BACA;YACA,cAAc;sBACd;QACF,GACA,IAAI,CAAC,OAAO,CAAC,SAAS;QAGxB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB;YACtC,OAAO;mBACP;YACA,WAAW,KAAK,KAAK,CAAC,KAAK,GAAG,KAAK,QAAQ;QAC7C;QAEA,MAAM,IAAI,CAAC,kBAAkB;QAC7B,MAAM,IAAI,CAAC,eAAe,CAAC;QAE3B,IAAI,SAAS;YACX,MAAM,IAAI,CAAC,aAAa,CAAC;YACzB,MAAM,IAAI,CAAC,UAAU,CAAC;QACxB,CAAC;QAED,OAAO;IACT;IAEA,MAAc,iBAAiB;QAC7B,MAAM,YAAE,SAAQ,EAAE,GAAG,IAAI,CAAC,WAAW;QACrC,MAAM,oBAAoB,CAAA,GAAA,yCAAmB,EAAE;QAE/C,OAAO,CAAA,GAAA,8BAAc,EAAE,mBAAmB,IAAI,CAAC,OAAO,CAAC,SAAS;IAClE;IAEA,MAAc,sBAAsB;QAClC,MAAM,WAAE,QAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAE5C,OAAO,CAAA,GAAA,8BAAkB,AAAD,EAAE,IAAI,IAAI;IACpC;IAEA,MAAc,cAAc,OAAe,EAAE;QAC3C,MAAM,SAAE,MAAK,EAAE,GAAG,IAAI,CAAC,WAAW;QAClC,MAAM,UAAE,OAAM,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;QAC3C,MAAM,kBAAkB,MAAM,IAAI,CAAC,kBAAkB;QAErD,MAAM,CAAA,GAAA,4BAAY,EAAE,SAAS,OAAO,QAAQ;IAC9C;IAEA,MAAc,cAAc,gBAC1B,aAAY,WACZ,QAAO,SACP,MAAK,eACL,YAAW,aACX,UAAS,EACS,EAAE;QACpB,MAAM,IAAI,CAAC,eAAe,CAAC,gBAAgB,IAAI;QAC/C,MAAM,IAAI,CAAC,UAAU,CAAC;QAEtB,8EAA8E;QAC9E,MAAM,iBAAiB,CAAA,GAAA,yCAAmB,AAAD;QACzC,MAAM,YAAY,KAAK,GAAG,KAAK,OAAO;QACtC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB;YAAE,OAAO;mBAAa;uBAAO;QAAU;QAC/E,MAAM,IAAI,CAAC,kBAAkB;IAC/B;IAEA,MAAc,qBAAqB;QACjC,MAAM,OAAoC,CAAC;QAE3C,KAAK,MAAM,CAAC,KAAK,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,GAC1D,sDAAsD;QACtD,IAAI,CAAC,IAAI,GAAG;QAGd,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,KAAK,SAAS,CAAC;IACnE;IAEA,MAAc,qBAAqB;QACjC,MAAM,MAAM,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;QAE/C,IAAI,CAAC,KACH;QAGF,IAAI;YACF,MAAM,OAAgB,KAAK,KAAK,CAAC;YAEjC,IAAI,CAAC,CAAA,GAAA,yCAAoB,EAAE,OACzB;YAEF,IAAI,CAAC,cAAc,CAAC,KAAK;YAEzB,KAAK,MAAM,CAAC,KAAK,YAAY,IAAI,OAAO,OAAO,CAAC,MAC9C,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK;QAEjC,EAAE,OAAO,OAAgB;YACvB,QAAQ,IAAI,CAAC;QACf;IACF;AACF","sources":["packages/client/src/index.ts","packages/client/src/errors.ts","packages/client/src/types/index.ts","packages/client/src/utils/index.ts","packages/client/src/utils/requester.ts"],"sourcesContent":["import type {\n  CodeTokenResponse,\n  IdTokenClaims,\n  UserInfoResponse,\n  InteractionMode,\n} from '@logto/js';\nimport {\n  decodeIdToken,\n  fetchOidcConfig,\n  fetchTokenByAuthorizationCode,\n  fetchTokenByRefreshToken,\n  fetchUserInfo,\n  generateSignInUri,\n  generateSignOutUri,\n  Prompt,\n  revoke,\n  verifyAndParseCodeFromCallbackUri,\n  verifyIdToken,\n  withDefaultScopes,\n} from '@logto/js';\nimport type { Nullable } from '@silverhand/essentials';\nimport { createRemoteJWKSet } from 'jose';\nimport once from 'lodash.once';\n\nimport type { ClientAdapter } from './adapter';\nimport { LogtoClientError } from './errors';\nimport type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types';\nimport { isLogtoAccessTokenMap, isLogtoSignInSessionItem } from './types';\nimport { buildAccessTokenKey, getDiscoveryEndpoint } from './utils';\n\nexport type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';\nexport {\n  LogtoError,\n  OidcError,\n  Prompt,\n  LogtoRequestError,\n  ReservedScope,\n  UserScope,\n} from '@logto/js';\nexport * from './errors';\nexport type { Storage, StorageKey, ClientAdapter } from './adapter';\nexport { createRequester } from './utils';\nexport * from './types';\n\nexport default class LogtoClient {\n  protected readonly logtoConfig: LogtoConfig;\n  protected readonly getOidcConfig = once(this._getOidcConfig);\n  protected readonly getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);\n  protected readonly adapter: ClientAdapter;\n  protected readonly accessTokenMap = new Map<string, AccessToken>();\n\n  constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter) {\n    this.logtoConfig = {\n      ...logtoConfig,\n      prompt: logtoConfig.prompt ?? Prompt.Consent,\n      scopes: withDefaultScopes(logtoConfig.scopes).split(' '),\n    };\n    this.adapter = adapter;\n\n    void this.loadAccessTokenMap();\n  }\n\n  async isAuthenticated() {\n    return Boolean(await this.getIdToken());\n  }\n\n  async getRefreshToken() {\n    return this.adapter.storage.getItem('refreshToken');\n  }\n\n  async getIdToken() {\n    return this.adapter.storage.getItem('idToken');\n  }\n\n  async getAccessToken(resource?: string): Promise<string> {\n    if (!(await this.getIdToken())) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    const accessTokenKey = buildAccessTokenKey(resource);\n    const accessToken = this.accessTokenMap.get(accessTokenKey);\n\n    if (accessToken && accessToken.expiresAt > Date.now() / 1000) {\n      return accessToken.token;\n    }\n\n    // Since the access token has expired, delete it from the map.\n    if (accessToken) {\n      this.accessTokenMap.delete(accessTokenKey);\n    }\n\n    /**\n     * Need to fetch a new access token using refresh token.\n     */\n    return this.getAccessTokenByRefreshToken(resource);\n  }\n\n  async getIdTokenClaims(): Promise<IdTokenClaims> {\n    const idToken = await this.getIdToken();\n\n    if (!idToken) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    return decodeIdToken(idToken);\n  }\n\n  async fetchUserInfo(): Promise<UserInfoResponse> {\n    const { userinfoEndpoint } = await this.getOidcConfig();\n    const accessToken = await this.getAccessToken();\n\n    if (!accessToken) {\n      throw new LogtoClientError('fetch_user_info_failed');\n    }\n\n    return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);\n  }\n\n  async signIn(redirectUri: string, interactionMode?: InteractionMode) {\n    const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;\n    const { authorizationEndpoint } = await this.getOidcConfig();\n    const codeVerifier = this.adapter.generateCodeVerifier();\n    const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);\n    const state = this.adapter.generateState();\n\n    const signInUri = generateSignInUri({\n      authorizationEndpoint,\n      clientId,\n      redirectUri,\n      codeChallenge,\n      state,\n      scopes,\n      resources,\n      prompt,\n      interactionMode,\n    });\n\n    await this.setSignInSession({ redirectUri, codeVerifier, state });\n    await this.setRefreshToken(null);\n    await this.setIdToken(null);\n\n    this.adapter.navigate(signInUri);\n  }\n\n  async isSignInRedirected(url: string): Promise<boolean> {\n    const signInSession = await this.getSignInSession();\n\n    if (!signInSession) {\n      return false;\n    }\n    const { redirectUri } = signInSession;\n    const { origin, pathname } = new URL(url);\n\n    return `${origin}${pathname}` === redirectUri;\n  }\n\n  async handleSignInCallback(callbackUri: string) {\n    const { logtoConfig, adapter } = this;\n    const { requester } = adapter;\n    const signInSession = await this.getSignInSession();\n\n    if (!signInSession) {\n      throw new LogtoClientError('sign_in_session.not_found');\n    }\n\n    const { redirectUri, state, codeVerifier } = signInSession;\n    const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);\n\n    const { appId: clientId } = logtoConfig;\n    const { tokenEndpoint } = await this.getOidcConfig();\n    const codeTokenResponse = await fetchTokenByAuthorizationCode(\n      {\n        clientId,\n        tokenEndpoint,\n        redirectUri,\n        codeVerifier,\n        code,\n      },\n      requester\n    );\n\n    await this.verifyIdToken(codeTokenResponse.idToken);\n    await this.saveCodeToken(codeTokenResponse);\n    await this.setSignInSession(null);\n  }\n\n  async signOut(postLogoutRedirectUri?: string) {\n    const idToken = await this.getIdToken();\n\n    if (!idToken) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    const { appId: clientId } = this.logtoConfig;\n    const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();\n    const refreshToken = await this.getRefreshToken();\n\n    if (refreshToken) {\n      try {\n        await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);\n      } catch {\n        // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed\n      }\n    }\n\n    const url = generateSignOutUri({\n      endSessionEndpoint,\n      postLogoutRedirectUri,\n      clientId,\n    });\n\n    this.accessTokenMap.clear();\n    await this.setRefreshToken(null);\n    await this.setIdToken(null);\n    await this.adapter.storage.removeItem('accessToken');\n\n    this.adapter.navigate(url);\n  }\n\n  protected async getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>> {\n    const jsonItem = await this.adapter.storage.getItem('signInSession');\n\n    if (!jsonItem) {\n      return null;\n    }\n\n    const item: unknown = JSON.parse(jsonItem);\n\n    if (!isLogtoSignInSessionItem(item)) {\n      throw new LogtoClientError('sign_in_session.invalid');\n    }\n\n    return item;\n  }\n\n  protected async setSignInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>) {\n    if (!logtoSignInSessionItem) {\n      await this.adapter.storage.removeItem('signInSession');\n\n      return;\n    }\n\n    const jsonItem = JSON.stringify(logtoSignInSessionItem);\n    await this.adapter.storage.setItem('signInSession', jsonItem);\n  }\n\n  private async setIdToken(idToken: Nullable<string>) {\n    if (!idToken) {\n      await this.adapter.storage.removeItem('idToken');\n\n      return;\n    }\n\n    await this.adapter.storage.setItem('idToken', idToken);\n  }\n\n  private async setRefreshToken(refreshToken: Nullable<string>) {\n    if (!refreshToken) {\n      await this.adapter.storage.removeItem('refreshToken');\n\n      return;\n    }\n\n    await this.adapter.storage.setItem('refreshToken', refreshToken);\n  }\n\n  private async getAccessTokenByRefreshToken(resource?: string): Promise<string> {\n    const currentRefreshToken = await this.getRefreshToken();\n\n    if (!currentRefreshToken) {\n      throw new LogtoClientError('not_authenticated');\n    }\n\n    const accessTokenKey = buildAccessTokenKey(resource);\n    const { appId: clientId } = this.logtoConfig;\n    const { tokenEndpoint } = await this.getOidcConfig();\n    const { accessToken, refreshToken, idToken, scope, expiresIn } = await fetchTokenByRefreshToken(\n      {\n        clientId,\n        tokenEndpoint,\n        refreshToken: currentRefreshToken,\n        resource,\n      },\n      this.adapter.requester\n    );\n\n    this.accessTokenMap.set(accessTokenKey, {\n      token: accessToken,\n      scope,\n      expiresAt: Math.round(Date.now() / 1000) + expiresIn,\n    });\n\n    await this.saveAccessTokenMap();\n    await this.setRefreshToken(refreshToken);\n\n    if (idToken) {\n      await this.verifyIdToken(idToken);\n      await this.setIdToken(idToken);\n    }\n\n    return accessToken;\n  }\n\n  private async _getOidcConfig() {\n    const { endpoint } = this.logtoConfig;\n    const discoveryEndpoint = getDiscoveryEndpoint(endpoint);\n\n    return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);\n  }\n\n  private async _getJwtVerifyGetKey() {\n    const { jwksUri } = await this.getOidcConfig();\n\n    return createRemoteJWKSet(new URL(jwksUri));\n  }\n\n  private async verifyIdToken(idToken: string) {\n    const { appId } = this.logtoConfig;\n    const { issuer } = await this.getOidcConfig();\n    const jwtVerifyGetKey = await this.getJwtVerifyGetKey();\n\n    await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);\n  }\n\n  private async saveCodeToken({\n    refreshToken,\n    idToken,\n    scope,\n    accessToken,\n    expiresIn,\n  }: CodeTokenResponse) {\n    await this.setRefreshToken(refreshToken ?? null);\n    await this.setIdToken(idToken);\n\n    // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)\n    const accessTokenKey = buildAccessTokenKey();\n    const expiresAt = Date.now() / 1000 + expiresIn;\n    this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });\n    await this.saveAccessTokenMap();\n  }\n\n  private async saveAccessTokenMap() {\n    const data: Record<string, AccessToken> = {};\n\n    for (const [key, accessToken] of this.accessTokenMap.entries()) {\n      // eslint-disable-next-line @silverhand/fp/no-mutation\n      data[key] = accessToken;\n    }\n\n    await this.adapter.storage.setItem('accessToken', JSON.stringify(data));\n  }\n\n  private async loadAccessTokenMap() {\n    const raw = await this.adapter.storage.getItem('accessToken');\n\n    if (!raw) {\n      return;\n    }\n\n    try {\n      const json: unknown = JSON.parse(raw);\n\n      if (!isLogtoAccessTokenMap(json)) {\n        return;\n      }\n      this.accessTokenMap.clear();\n\n      for (const [key, accessToken] of Object.entries(json)) {\n        this.accessTokenMap.set(key, accessToken);\n      }\n    } catch (error: unknown) {\n      console.warn(error);\n    }\n  }\n}\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nconst logtoClientErrorCodes = Object.freeze({\n  sign_in_session: {\n    invalid: 'Invalid sign-in session.',\n    not_found: 'Sign-in session not found.',\n  },\n  not_authenticated: 'Not authenticated.',\n  fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',\n});\n\nexport type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoClientErrorCode): string => {\n  // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n  const message = get(logtoClientErrorCodes, errorCode);\n\n  if (typeof message === 'string') {\n    return message;\n  }\n\n  return errorCode;\n};\n\nexport class LogtoClientError extends Error {\n  code: LogtoClientErrorCode;\n  data: unknown;\n\n  constructor(code: LogtoClientErrorCode, data?: unknown) {\n    super(getMessageByErrorCode(code));\n    this.code = code;\n    this.data = data;\n  }\n}\n","import type { Prompt } from '@logto/js';\nimport { isArbitraryObject } from '@logto/js';\n\nexport type LogtoConfig = {\n  endpoint: string;\n  appId: string;\n  appSecret?: string;\n  scopes?: string[];\n  resources?: string[];\n  prompt?: Prompt;\n};\n\nexport type AccessToken = {\n  token: string;\n  scope: string;\n  expiresAt: number;\n};\n\nexport const isLogtoSignInSessionItem = (data: unknown): data is LogtoSignInSessionItem => {\n  if (!isArbitraryObject(data)) {\n    return false;\n  }\n\n  return ['redirectUri', 'codeVerifier', 'state'].every((key) => typeof data[key] === 'string');\n};\n\nexport const isLogtoAccessTokenMap = (data: unknown): data is Record<string, AccessToken> => {\n  if (!isArbitraryObject(data)) {\n    return false;\n  }\n\n  return Object.values(data).every((value) => {\n    if (!isArbitraryObject(value)) {\n      return false;\n    }\n\n    return (\n      typeof value.token === 'string' &&\n      typeof value.scope === 'string' &&\n      typeof value.expiresAt === 'number'\n    );\n  });\n};\n\nexport type LogtoSignInSessionItem = {\n  redirectUri: string;\n  codeVerifier: string;\n  state: string;\n};\n","import { discoveryPath } from '@logto/js';\n\nexport * from './requester';\n\nexport const buildAccessTokenKey = (resource = '', scopes: string[] = []): string =>\n  `${scopes.slice().sort().join(' ')}@${resource}`;\n\nexport const getDiscoveryEndpoint = (endpoint: string): string =>\n  new URL(discoveryPath, endpoint).toString();\n","import type { Requester } from '@logto/js';\nimport { LogtoError, LogtoRequestError, isLogtoRequestError } from '@logto/js';\n\nexport const createRequester = (fetchFunction: typeof fetch): Requester => {\n  return async <T>(...args: Parameters<typeof fetch>): Promise<T> => {\n    const response = await fetchFunction(...args);\n\n    if (!response.ok) {\n      const responseJson = await response.json();\n\n      if (!isLogtoRequestError(responseJson)) {\n        throw new LogtoError('unexpected_response_error', responseJson);\n      }\n\n      // Expected request error from server\n      const { code, message } = responseJson;\n      throw new LogtoRequestError(code, message);\n    }\n\n    return response.json();\n  };\n};\n"],"names":[],"version":3,"file":"index.js.map"}

package/lib/module.d.mts

@@ -1,76 +0,0 @@
-import { Requester, Prompt, IdTokenClaims, UserInfoResponse, InteractionMode } from "@logto/js";
-import { Nullable, NormalizeKeyPaths } from "@silverhand/essentials";
-export type StorageKey = 'idToken' | 'refreshToken' | 'accessToken' | 'signInSession';
-export type Storage = {
-    getItem(key: StorageKey): Promise<Nullable<string>>;
-    setItem(key: StorageKey, value: string): Promise<void>;
-    removeItem(key: StorageKey): Promise<void>;
-};
-type Navigate = (url: string) => void;
-export type ClientAdapter = {
-    requester: Requester;
-    storage: Storage;
-    navigate: Navigate;
-    generateState: () => string;
-    generateCodeVerifier: () => string;
-    generateCodeChallenge: (codeVerifier: string) => Promise<string>;
-};
-declare const logtoClientErrorCodes: Readonly<{
-    sign_in_session: {
-        invalid: string;
-        not_found: string;
-    };
-    not_authenticated: "Not authenticated.";
-    fetch_user_info_failed: "Unable to fetch user info. The access token may be invalid.";
-}>;
-export type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;
-export class LogtoClientError extends Error {
-    code: LogtoClientErrorCode;
-    data: unknown;
-    constructor(code: LogtoClientErrorCode, data?: unknown);
-}
-export type LogtoConfig = {
-    endpoint: string;
-    appId: string;
-    appSecret?: string;
-    scopes?: string[];
-    resources?: string[];
-    prompt?: Prompt;
-};
-export type AccessToken = {
-    token: string;
-    scope: string;
-    expiresAt: number;
-};
-export const isLogtoSignInSessionItem: (data: unknown) => data is LogtoSignInSessionItem;
-export const isLogtoAccessTokenMap: (data: unknown) => data is Record<string, AccessToken>;
-export type LogtoSignInSessionItem = {
-    redirectUri: string;
-    codeVerifier: string;
-    state: string;
-};
-export const createRequester: (fetchFunction: typeof fetch) => Requester;
-export type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';
-export { LogtoError, OidcError, Prompt, LogtoRequestError, ReservedScope, UserScope, } from '@logto/js';
-export default class LogtoClient {
-    protected readonly logtoConfig: LogtoConfig;
-    protected readonly getOidcConfig: () => Promise<import("@silverhand/essentials").KeysToCamelCase<import("@logto/js").OidcConfigSnakeCaseResponse>>;
-    protected readonly getJwtVerifyGetKey: () => Promise<import("jose/dist/types/types").GetKeyFunction<import("jose").JWSHeaderParameters, import("jose").FlattenedJWSInput>>;
-    protected readonly adapter: ClientAdapter;
-    protected readonly accessTokenMap: Map<string, AccessToken>;
-    constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter);
-    isAuthenticated(): Promise<boolean>;
-    getRefreshToken(): Promise<Nullable<string>>;
-    getIdToken(): Promise<Nullable<string>>;
-    getAccessToken(resource?: string): Promise<string>;
-    getIdTokenClaims(): Promise<IdTokenClaims>;
-    fetchUserInfo(): Promise<UserInfoResponse>;
-    signIn(redirectUri: string, interactionMode?: InteractionMode): Promise<void>;
-    isSignInRedirected(url: string): Promise<boolean>;
-    handleSignInCallback(callbackUri: string): Promise<void>;
-    signOut(postLogoutRedirectUri?: string): Promise<void>;
-    protected getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>>;
-    protected setSignInSession(logtoSignInSessionItem: Nullable<LogtoSignInSessionItem>): Promise<void>;
-}
-
-//# sourceMappingURL=index.d.ts.map