@logto/client 1.1.2 → 2.1.0

package/lib/errors.cjs

@@ -0,0 +1,17 @@
+'use strict';
+
+const logtoClientErrorCodes = Object.freeze({
+    'sign_in_session.invalid': 'Invalid sign-in session.',
+    'sign_in_session.not_found': 'Sign-in session not found.',
+    not_authenticated: 'Not authenticated.',
+    fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',
+});
+class LogtoClientError extends Error {
+    constructor(code, data) {
+        super(logtoClientErrorCodes[code]);
+        this.code = code;
+        this.data = data;
+    }
+}
+
+exports.LogtoClientError = LogtoClientError;

package/lib/errors.d.ts

@@ -1,13 +1,10 @@
-import type { NormalizeKeyPaths } from '@silverhand/essentials';
 declare const logtoClientErrorCodes: Readonly<{
-    sign_in_session: {
-        invalid: string;
-        not_found: string;
-    };
+    'sign_in_session.invalid': "Invalid sign-in session.";
+    'sign_in_session.not_found': "Sign-in session not found.";
     not_authenticated: "Not authenticated.";
     fetch_user_info_failed: "Unable to fetch user info. The access token may be invalid.";
 }>;
-export type LogtoClientErrorCode = NormalizeKeyPaths<typeof logtoClientErrorCodes>;
+export type LogtoClientErrorCode = keyof typeof logtoClientErrorCodes;
 export declare class LogtoClientError extends Error {
     code: LogtoClientErrorCode;
     data: unknown;

package/lib/errors.js

@@ -1,33 +1,15 @@
-'use strict';
-
-var get = require('lodash.get');
-
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-
-var get__default = /*#__PURE__*/_interopDefault(get);
-
 const logtoClientErrorCodes = Object.freeze({
-    sign_in_session: {
-        invalid: 'Invalid sign-in session.',
-        not_found: 'Sign-in session not found.',
-    },
+    'sign_in_session.invalid': 'Invalid sign-in session.',
+    'sign_in_session.not_found': 'Sign-in session not found.',
     not_authenticated: 'Not authenticated.',
     fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',
 });
-const getMessageByErrorCode = (errorCode) => {
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-    const message = get__default.default(logtoClientErrorCodes, errorCode);
-    if (typeof message === 'string') {
-        return message;
-    }
-    return errorCode;
-};
 class LogtoClientError extends Error {
     constructor(code, data) {
-        super(getMessageByErrorCode(code));
+        super(logtoClientErrorCodes[code]);
         this.code = code;
         this.data = data;
     }
 }
 
-exports.LogtoClientError = LogtoClientError;
+export { LogtoClientError };

package/lib/{index.mjs → index.cjs}

@@ -1,21 +1,24 @@
-import { Prompt, withDefaultScopes, decodeIdToken, fetchUserInfo, generateSignInUri, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode, revoke, generateSignOutUri, fetchTokenByRefreshToken, fetchOidcConfig, verifyIdToken } from '@logto/js';
-export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, UserScope } from '@logto/js';
-import { createRemoteJWKSet } from 'jose';
-import once from 'lodash.once';
-import { LogtoClientError } from './errors.mjs';
-import { isLogtoSignInSessionItem, isLogtoAccessTokenMap } from './types/index.mjs';
-import { buildAccessTokenKey, getDiscoveryEndpoint } from './utils/index.mjs';
-export { createRequester } from './utils/requester.mjs';
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var js = require('@logto/js');
+var jose = require('jose');
+var errors = require('./errors.cjs');
+var index = require('./types/index.cjs');
+var index$1 = require('./utils/index.cjs');
+var once = require('./utils/once.cjs');
+var requester = require('./utils/requester.cjs');
 
 class LogtoClient {
     constructor(logtoConfig, adapter) {
-        this.getOidcConfig = once(this._getOidcConfig);
-        this.getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);
+        this.getOidcConfig = once.once(this._getOidcConfig);
+        this.getJwtVerifyGetKey = once.once(this._getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
         this.logtoConfig = {
             ...logtoConfig,
-            prompt: logtoConfig.prompt ?? Prompt.Consent,
-            scopes: withDefaultScopes(logtoConfig.scopes).split(' '),
+            prompt: logtoConfig.prompt ?? js.Prompt.Consent,
+            scopes: js.withDefaultScopes(logtoConfig.scopes).split(' '),
         };
         this.adapter = adapter;
         void this.loadAccessTokenMap();
@@ -31,9 +34,9 @@ class LogtoClient {
     }
     async getAccessToken(resource) {
         if (!(await this.getIdToken())) {
-            throw new LogtoClientError('not_authenticated');
+            throw new errors.LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = buildAccessTokenKey(resource);
+        const accessTokenKey = index$1.buildAccessTokenKey(resource);
         const accessToken = this.accessTokenMap.get(accessTokenKey);
         if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
             return accessToken.token;
@@ -50,17 +53,21 @@ class LogtoClient {
     async getIdTokenClaims() {
         const idToken = await this.getIdToken();
         if (!idToken) {
-            throw new LogtoClientError('not_authenticated');
+            throw new errors.LogtoClientError('not_authenticated');
         }
-        return decodeIdToken(idToken);
+        return js.decodeIdToken(idToken);
+    }
+    async getAccessTokenClaims(resource) {
+        const accessToken = await this.getAccessToken(resource);
+        return js.decodeAccessToken(accessToken);
     }
     async fetchUserInfo() {
         const { userinfoEndpoint } = await this.getOidcConfig();
         const accessToken = await this.getAccessToken();
         if (!accessToken) {
-            throw new LogtoClientError('fetch_user_info_failed');
+            throw new errors.LogtoClientError('fetch_user_info_failed');
         }
-        return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
+        return js.fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
     }
     async signIn(redirectUri, interactionMode) {
         const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;
@@ -68,7 +75,7 @@ class LogtoClient {
         const codeVerifier = this.adapter.generateCodeVerifier();
         const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
         const state = this.adapter.generateState();
-        const signInUri = generateSignInUri({
+        const signInUri = js.generateSignInUri({
             authorizationEndpoint,
             clientId,
             redirectUri,
@@ -98,13 +105,13 @@ class LogtoClient {
         const { requester } = adapter;
         const signInSession = await this.getSignInSession();
         if (!signInSession) {
-            throw new LogtoClientError('sign_in_session.not_found');
+            throw new errors.LogtoClientError('sign_in_session.not_found');
         }
         const { redirectUri, state, codeVerifier } = signInSession;
-        const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
+        const code = js.verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
         const { appId: clientId } = logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
-        const codeTokenResponse = await fetchTokenByAuthorizationCode({
+        const codeTokenResponse = await js.fetchTokenByAuthorizationCode({
             clientId,
             tokenEndpoint,
             redirectUri,
@@ -121,13 +128,13 @@ class LogtoClient {
         const refreshToken = await this.getRefreshToken();
         if (refreshToken) {
             try {
-                await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
+                await js.revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
             }
             catch {
                 // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
             }
         }
-        const url = generateSignOutUri({
+        const url = js.generateSignOutUri({
             endSessionEndpoint,
             postLogoutRedirectUri,
             clientId,
@@ -144,8 +151,8 @@ class LogtoClient {
             return null;
         }
         const item = JSON.parse(jsonItem);
-        if (!isLogtoSignInSessionItem(item)) {
-            throw new LogtoClientError('sign_in_session.invalid');
+        if (!index.isLogtoSignInSessionItem(item)) {
+            throw new errors.LogtoClientError('sign_in_session.invalid');
         }
         return item;
     }
@@ -174,12 +181,12 @@ class LogtoClient {
     async getAccessTokenByRefreshToken(resource) {
         const currentRefreshToken = await this.getRefreshToken();
         if (!currentRefreshToken) {
-            throw new LogtoClientError('not_authenticated');
+            throw new errors.LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = buildAccessTokenKey(resource);
+        const accessTokenKey = index$1.buildAccessTokenKey(resource);
         const { appId: clientId } = this.logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
-        const { accessToken, refreshToken, idToken, scope, expiresIn } = await fetchTokenByRefreshToken({
+        const { accessToken, refreshToken, idToken, scope, expiresIn } = await js.fetchTokenByRefreshToken({
             clientId,
             tokenEndpoint,
             refreshToken: currentRefreshToken,
@@ -200,24 +207,24 @@ class LogtoClient {
     }
     async _getOidcConfig() {
         const { endpoint } = this.logtoConfig;
-        const discoveryEndpoint = getDiscoveryEndpoint(endpoint);
-        return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);
+        const discoveryEndpoint = index$1.getDiscoveryEndpoint(endpoint);
+        return js.fetchOidcConfig(discoveryEndpoint, this.adapter.requester);
     }
     async _getJwtVerifyGetKey() {
         const { jwksUri } = await this.getOidcConfig();
-        return createRemoteJWKSet(new URL(jwksUri));
+        return jose.createRemoteJWKSet(new URL(jwksUri));
     }
     async verifyIdToken(idToken) {
         const { appId } = this.logtoConfig;
         const { issuer } = await this.getOidcConfig();
         const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
-        await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
+        await js.verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
     }
     async saveCodeToken({ refreshToken, idToken, scope, accessToken, expiresIn, }) {
         await this.setRefreshToken(refreshToken ?? null);
         await this.setIdToken(idToken);
         // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
-        const accessTokenKey = buildAccessTokenKey();
+        const accessTokenKey = index$1.buildAccessTokenKey();
         const expiresAt = Date.now() / 1000 + expiresIn;
         this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });
         await this.saveAccessTokenMap();
@@ -237,7 +244,7 @@ class LogtoClient {
         }
         try {
             const json = JSON.parse(raw);
-            if (!isLogtoAccessTokenMap(json)) {
+            if (!index.isLogtoAccessTokenMap(json)) {
                 return;
             }
             this.accessTokenMap.clear();
@@ -251,4 +258,32 @@ class LogtoClient {
     }
 }
 
-export { LogtoClientError, LogtoClient as default, isLogtoAccessTokenMap, isLogtoSignInSessionItem };
+Object.defineProperty(exports, 'LogtoError', {
+    enumerable: true,
+    get: function () { return js.LogtoError; }
+});
+Object.defineProperty(exports, 'LogtoRequestError', {
+    enumerable: true,
+    get: function () { return js.LogtoRequestError; }
+});
+Object.defineProperty(exports, 'OidcError', {
+    enumerable: true,
+    get: function () { return js.OidcError; }
+});
+Object.defineProperty(exports, 'Prompt', {
+    enumerable: true,
+    get: function () { return js.Prompt; }
+});
+Object.defineProperty(exports, 'ReservedScope', {
+    enumerable: true,
+    get: function () { return js.ReservedScope; }
+});
+Object.defineProperty(exports, 'UserScope', {
+    enumerable: true,
+    get: function () { return js.UserScope; }
+});
+exports.LogtoClientError = errors.LogtoClientError;
+exports.isLogtoAccessTokenMap = index.isLogtoAccessTokenMap;
+exports.isLogtoSignInSessionItem = index.isLogtoSignInSessionItem;
+exports.createRequester = requester.createRequester;
+exports.default = LogtoClient;

package/lib/index.d.ts

@@ -1,25 +1,17 @@
-import type { IdTokenClaims, UserInfoResponse, InteractionMode } from '@logto/js';
+import { type IdTokenClaims, type UserInfoResponse, type InteractionMode, type AccessTokenClaims } from '@logto/js';
 import type { Nullable } from '@silverhand/essentials';
-import type { ClientAdapter } from './adapter';
-import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types';
+import type { ClientAdapter } from './adapter.js';
+import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types/index.js';
 export type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';
 export { LogtoError, OidcError, Prompt, LogtoRequestError, ReservedScope, UserScope, } from '@logto/js';
-export * from './errors';
-export type { Storage, StorageKey, ClientAdapter } from './adapter';
-export { createRequester } from './utils';
-export * from './types';
+export * from './errors.js';
+export type { Storage, StorageKey, ClientAdapter } from './adapter.js';
+export { createRequester } from './utils/index.js';
+export * from './types/index.js';
 export default class LogtoClient {
     protected readonly logtoConfig: LogtoConfig;
-    protected readonly getOidcConfig: () => Promise<import("@silverhand/essentials").KeysToCamelCase<{
-        authorization_endpoint: string;
-        token_endpoint: string;
-        userinfo_endpoint: string;
-        end_session_endpoint: string;
-        revocation_endpoint: string;
-        jwks_uri: string;
-        issuer: string;
-    }>>;
-    protected readonly getJwtVerifyGetKey: () => Promise<(protectedHeader?: import("jose").JWSHeaderParameters | undefined, token?: import("jose").FlattenedJWSInput | undefined) => Promise<import("jose").KeyLike>>;
+    protected readonly getOidcConfig: typeof this._getOidcConfig;
+    protected readonly getJwtVerifyGetKey: (...args: unknown[]) => Promise<(protectedHeader?: import("jose").JWSHeaderParameters | undefined, token?: import("jose").FlattenedJWSInput | undefined) => Promise<import("jose").KeyLike>>;
     protected readonly adapter: ClientAdapter;
     protected readonly accessTokenMap: Map<string, AccessToken>;
     constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter);
@@ -28,6 +20,7 @@ export default class LogtoClient {
     getIdToken(): Promise<Nullable<string>>;
     getAccessToken(resource?: string): Promise<string>;
     getIdTokenClaims(): Promise<IdTokenClaims>;
+    getAccessTokenClaims(resource?: string): Promise<AccessTokenClaims>;
     fetchUserInfo(): Promise<UserInfoResponse>;
     signIn(redirectUri: string, interactionMode?: InteractionMode): Promise<void>;
     isSignInRedirected(url: string): Promise<boolean>;

package/lib/index.js

@@ -1,28 +1,21 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-var js = require('@logto/js');
-var jose = require('jose');
-var once = require('lodash.once');
-var errors = require('./errors.js');
-var index = require('./types/index.js');
-var index$1 = require('./utils/index.js');
-var requester = require('./utils/requester.js');
-
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-
-var once__default = /*#__PURE__*/_interopDefault(once);
+import { Prompt, withDefaultScopes, decodeIdToken, decodeAccessToken, fetchUserInfo, generateSignInUri, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode, revoke, generateSignOutUri, fetchTokenByRefreshToken, fetchOidcConfig, verifyIdToken } from '@logto/js';
+export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, UserScope } from '@logto/js';
+import { createRemoteJWKSet } from 'jose';
+import { LogtoClientError } from './errors.js';
+import { isLogtoSignInSessionItem, isLogtoAccessTokenMap } from './types/index.js';
+import { buildAccessTokenKey, getDiscoveryEndpoint } from './utils/index.js';
+import { once } from './utils/once.js';
+export { createRequester } from './utils/requester.js';
 
 class LogtoClient {
     constructor(logtoConfig, adapter) {
-        this.getOidcConfig = once__default.default(this._getOidcConfig);
-        this.getJwtVerifyGetKey = once__default.default(this._getJwtVerifyGetKey);
+        this.getOidcConfig = once(this._getOidcConfig);
+        this.getJwtVerifyGetKey = once(this._getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
         this.logtoConfig = {
             ...logtoConfig,
-            prompt: logtoConfig.prompt ?? js.Prompt.Consent,
-            scopes: js.withDefaultScopes(logtoConfig.scopes).split(' '),
+            prompt: logtoConfig.prompt ?? Prompt.Consent,
+            scopes: withDefaultScopes(logtoConfig.scopes).split(' '),
         };
         this.adapter = adapter;
         void this.loadAccessTokenMap();
@@ -38,9 +31,9 @@ class LogtoClient {
     }
     async getAccessToken(resource) {
         if (!(await this.getIdToken())) {
-            throw new errors.LogtoClientError('not_authenticated');
+            throw new LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = index$1.buildAccessTokenKey(resource);
+        const accessTokenKey = buildAccessTokenKey(resource);
         const accessToken = this.accessTokenMap.get(accessTokenKey);
         if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
             return accessToken.token;
@@ -57,17 +50,21 @@ class LogtoClient {
     async getIdTokenClaims() {
         const idToken = await this.getIdToken();
         if (!idToken) {
-            throw new errors.LogtoClientError('not_authenticated');
+            throw new LogtoClientError('not_authenticated');
         }
-        return js.decodeIdToken(idToken);
+        return decodeIdToken(idToken);
+    }
+    async getAccessTokenClaims(resource) {
+        const accessToken = await this.getAccessToken(resource);
+        return decodeAccessToken(accessToken);
     }
     async fetchUserInfo() {
         const { userinfoEndpoint } = await this.getOidcConfig();
         const accessToken = await this.getAccessToken();
         if (!accessToken) {
-            throw new errors.LogtoClientError('fetch_user_info_failed');
+            throw new LogtoClientError('fetch_user_info_failed');
         }
-        return js.fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
+        return fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
     }
     async signIn(redirectUri, interactionMode) {
         const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;
@@ -75,7 +72,7 @@ class LogtoClient {
         const codeVerifier = this.adapter.generateCodeVerifier();
         const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
         const state = this.adapter.generateState();
-        const signInUri = js.generateSignInUri({
+        const signInUri = generateSignInUri({
             authorizationEndpoint,
             clientId,
             redirectUri,
@@ -105,13 +102,13 @@ class LogtoClient {
         const { requester } = adapter;
         const signInSession = await this.getSignInSession();
         if (!signInSession) {
-            throw new errors.LogtoClientError('sign_in_session.not_found');
+            throw new LogtoClientError('sign_in_session.not_found');
         }
         const { redirectUri, state, codeVerifier } = signInSession;
-        const code = js.verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
+        const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
         const { appId: clientId } = logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
-        const codeTokenResponse = await js.fetchTokenByAuthorizationCode({
+        const codeTokenResponse = await fetchTokenByAuthorizationCode({
             clientId,
             tokenEndpoint,
             redirectUri,
@@ -128,13 +125,13 @@ class LogtoClient {
         const refreshToken = await this.getRefreshToken();
         if (refreshToken) {
             try {
-                await js.revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
+                await revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
             }
             catch {
                 // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
             }
         }
-        const url = js.generateSignOutUri({
+        const url = generateSignOutUri({
             endSessionEndpoint,
             postLogoutRedirectUri,
             clientId,
@@ -151,8 +148,8 @@ class LogtoClient {
             return null;
         }
         const item = JSON.parse(jsonItem);
-        if (!index.isLogtoSignInSessionItem(item)) {
-            throw new errors.LogtoClientError('sign_in_session.invalid');
+        if (!isLogtoSignInSessionItem(item)) {
+            throw new LogtoClientError('sign_in_session.invalid');
         }
         return item;
     }
@@ -181,12 +178,12 @@ class LogtoClient {
     async getAccessTokenByRefreshToken(resource) {
         const currentRefreshToken = await this.getRefreshToken();
         if (!currentRefreshToken) {
-            throw new errors.LogtoClientError('not_authenticated');
+            throw new LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = index$1.buildAccessTokenKey(resource);
+        const accessTokenKey = buildAccessTokenKey(resource);
         const { appId: clientId } = this.logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
-        const { accessToken, refreshToken, idToken, scope, expiresIn } = await js.fetchTokenByRefreshToken({
+        const { accessToken, refreshToken, idToken, scope, expiresIn } = await fetchTokenByRefreshToken({
             clientId,
             tokenEndpoint,
             refreshToken: currentRefreshToken,
@@ -207,24 +204,24 @@ class LogtoClient {
     }
     async _getOidcConfig() {
         const { endpoint } = this.logtoConfig;
-        const discoveryEndpoint = index$1.getDiscoveryEndpoint(endpoint);
-        return js.fetchOidcConfig(discoveryEndpoint, this.adapter.requester);
+        const discoveryEndpoint = getDiscoveryEndpoint(endpoint);
+        return fetchOidcConfig(discoveryEndpoint, this.adapter.requester);
     }
     async _getJwtVerifyGetKey() {
         const { jwksUri } = await this.getOidcConfig();
-        return jose.createRemoteJWKSet(new URL(jwksUri));
+        return createRemoteJWKSet(new URL(jwksUri));
     }
     async verifyIdToken(idToken) {
         const { appId } = this.logtoConfig;
         const { issuer } = await this.getOidcConfig();
         const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
-        await js.verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
+        await verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
     }
     async saveCodeToken({ refreshToken, idToken, scope, accessToken, expiresIn, }) {
         await this.setRefreshToken(refreshToken ?? null);
         await this.setIdToken(idToken);
         // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
-        const accessTokenKey = index$1.buildAccessTokenKey();
+        const accessTokenKey = buildAccessTokenKey();
         const expiresAt = Date.now() / 1000 + expiresIn;
         this.accessTokenMap.set(accessTokenKey, { token: accessToken, scope, expiresAt });
         await this.saveAccessTokenMap();
@@ -244,7 +241,7 @@ class LogtoClient {
         }
         try {
             const json = JSON.parse(raw);
-            if (!index.isLogtoAccessTokenMap(json)) {
+            if (!isLogtoAccessTokenMap(json)) {
                 return;
             }
             this.accessTokenMap.clear();
@@ -258,32 +255,4 @@ class LogtoClient {
     }
 }
 
-Object.defineProperty(exports, 'LogtoError', {
-    enumerable: true,
-    get: function () { return js.LogtoError; }
-});
-Object.defineProperty(exports, 'LogtoRequestError', {
-    enumerable: true,
-    get: function () { return js.LogtoRequestError; }
-});
-Object.defineProperty(exports, 'OidcError', {
-    enumerable: true,
-    get: function () { return js.OidcError; }
-});
-Object.defineProperty(exports, 'Prompt', {
-    enumerable: true,
-    get: function () { return js.Prompt; }
-});
-Object.defineProperty(exports, 'ReservedScope', {
-    enumerable: true,
-    get: function () { return js.ReservedScope; }
-});
-Object.defineProperty(exports, 'UserScope', {
-    enumerable: true,
-    get: function () { return js.UserScope; }
-});
-exports.LogtoClientError = errors.LogtoClientError;
-exports.isLogtoAccessTokenMap = index.isLogtoAccessTokenMap;
-exports.isLogtoSignInSessionItem = index.isLogtoSignInSessionItem;
-exports.createRequester = requester.createRequester;
-exports.default = LogtoClient;
+export { LogtoClientError, LogtoClient as default, isLogtoAccessTokenMap, isLogtoSignInSessionItem };

package/lib/mock.d.ts

@@ -1,9 +1,9 @@
 /// <reference types="jest" />
 import { Prompt } from '@logto/js';
 import type { Nullable } from '@silverhand/essentials';
-import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from '.';
-import LogtoClient from '.';
-import type { Storage } from './adapter';
+import type { Storage } from './adapter.js';
+import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './index.js';
+import LogtoClient from './index.js';
 export declare const appId = "app_id_value";
 export declare const endpoint = "https://logto.dev";
 export declare class MockedStorage implements Storage {

package/lib/types/{index.mjs → index.cjs}

@@ -1,17 +1,19 @@
-import { isArbitraryObject } from '@logto/js';
+'use strict';
+
+var js = require('@logto/js');
 
 const isLogtoSignInSessionItem = (data) => {
-    if (!isArbitraryObject(data)) {
+    if (!js.isArbitraryObject(data)) {
         return false;
     }
     return ['redirectUri', 'codeVerifier', 'state'].every((key) => typeof data[key] === 'string');
 };
 const isLogtoAccessTokenMap = (data) => {
-    if (!isArbitraryObject(data)) {
+    if (!js.isArbitraryObject(data)) {
         return false;
     }
     return Object.values(data).every((value) => {
-        if (!isArbitraryObject(value)) {
+        if (!js.isArbitraryObject(value)) {
             return false;
         }
         return (typeof value.token === 'string' &&
@@ -20,4 +22,5 @@ const isLogtoAccessTokenMap = (data) => {
     });
 };
 
-export { isLogtoAccessTokenMap, isLogtoSignInSessionItem };
+exports.isLogtoAccessTokenMap = isLogtoAccessTokenMap;
+exports.isLogtoSignInSessionItem = isLogtoSignInSessionItem;

package/lib/types/index.js

@@ -1,19 +1,17 @@
-'use strict';
-
-var js = require('@logto/js');
+import { isArbitraryObject } from '@logto/js';
 
 const isLogtoSignInSessionItem = (data) => {
-    if (!js.isArbitraryObject(data)) {
+    if (!isArbitraryObject(data)) {
         return false;
     }
     return ['redirectUri', 'codeVerifier', 'state'].every((key) => typeof data[key] === 'string');
 };
 const isLogtoAccessTokenMap = (data) => {
-    if (!js.isArbitraryObject(data)) {
+    if (!isArbitraryObject(data)) {
         return false;
     }
     return Object.values(data).every((value) => {
-        if (!js.isArbitraryObject(value)) {
+        if (!isArbitraryObject(value)) {
             return false;
         }
         return (typeof value.token === 'string' &&
@@ -22,5 +20,4 @@ const isLogtoAccessTokenMap = (data) => {
     });
 };
 
-exports.isLogtoAccessTokenMap = isLogtoAccessTokenMap;
-exports.isLogtoSignInSessionItem = isLogtoSignInSessionItem;
+export { isLogtoAccessTokenMap, isLogtoSignInSessionItem };

package/lib/utils/index.cjs

@@ -0,0 +1,9 @@
+'use strict';
+
+var js = require('@logto/js');
+
+const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
+const getDiscoveryEndpoint = (endpoint) => new URL(js.discoveryPath, endpoint).toString();
+
+exports.buildAccessTokenKey = buildAccessTokenKey;
+exports.getDiscoveryEndpoint = getDiscoveryEndpoint;

package/lib/utils/index.d.ts

@@ -1,3 +1,3 @@
-export * from './requester';
+export * from './requester.js';
 export declare const buildAccessTokenKey: (resource?: string, scopes?: string[]) => string;
 export declare const getDiscoveryEndpoint: (endpoint: string) => string;

package/lib/utils/index.js

@@ -1,9 +1,6 @@
-'use strict';
-
-var js = require('@logto/js');
+import { discoveryPath } from '@logto/js';
 
 const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
-const getDiscoveryEndpoint = (endpoint) => new URL(js.discoveryPath, endpoint).toString();
+const getDiscoveryEndpoint = (endpoint) => new URL(discoveryPath, endpoint).toString();
 
-exports.buildAccessTokenKey = buildAccessTokenKey;
-exports.getDiscoveryEndpoint = getDiscoveryEndpoint;
+export { buildAccessTokenKey, getDiscoveryEndpoint };

package/lib/utils/once.cjs

@@ -0,0 +1,20 @@
+'use strict';
+
+// TODO @sijie move to essentials
+/* eslint-disable @silverhand/fp/no-let */
+/* eslint-disable @silverhand/fp/no-mutation */
+function once(function_) {
+    let called = false;
+    let result;
+    return function (...args) {
+        if (!called) {
+            called = true;
+            result = function_.apply(this, args);
+        }
+        return result;
+    };
+}
+/* eslint-enable @silverhand/fp/no-mutation */
+/* eslint-enable @silverhand/fp/no-let */
+
+exports.once = once;

package/lib/utils/once.d.ts

@@ -0,0 +1,3 @@
+type Procedure<T> = (...args: unknown[]) => T;
+export declare function once<T>(function_: Procedure<T>): Procedure<T>;
+export {};

package/lib/utils/once.js

@@ -0,0 +1,18 @@
+// TODO @sijie move to essentials
+/* eslint-disable @silverhand/fp/no-let */
+/* eslint-disable @silverhand/fp/no-mutation */
+function once(function_) {
+    let called = false;
+    let result;
+    return function (...args) {
+        if (!called) {
+            called = true;
+            result = function_.apply(this, args);
+        }
+        return result;
+    };
+}
+/* eslint-enable @silverhand/fp/no-mutation */
+/* eslint-enable @silverhand/fp/no-let */
+
+export { once };

package/lib/utils/{requester.mjs → requester.cjs}

@@ -1,19 +1,21 @@
-import { isLogtoRequestError, LogtoError, LogtoRequestError } from '@logto/js';
+'use strict';
+
+var js = require('@logto/js');
 
 const createRequester = (fetchFunction) => {
     return async (...args) => {
         const response = await fetchFunction(...args);
         if (!response.ok) {
             const responseJson = await response.json();
-            if (!isLogtoRequestError(responseJson)) {
-                throw new LogtoError('unexpected_response_error', responseJson);
+            if (!js.isLogtoRequestError(responseJson)) {
+                throw new js.LogtoError('unexpected_response_error', responseJson);
             }
             // Expected request error from server
             const { code, message } = responseJson;
-            throw new LogtoRequestError(code, message);
+            throw new js.LogtoRequestError(code, message);
         }
         return response.json();
     };
 };
 
-export { createRequester };
+exports.createRequester = createRequester;

package/lib/utils/requester.js

@@ -1,21 +1,19 @@
-'use strict';
-
-var js = require('@logto/js');
+import { isLogtoRequestError, LogtoError, LogtoRequestError } from '@logto/js';
 
 const createRequester = (fetchFunction) => {
     return async (...args) => {
         const response = await fetchFunction(...args);
         if (!response.ok) {
             const responseJson = await response.json();
-            if (!js.isLogtoRequestError(responseJson)) {
-                throw new js.LogtoError('unexpected_response_error', responseJson);
+            if (!isLogtoRequestError(responseJson)) {
+                throw new LogtoError('unexpected_response_error', responseJson);
             }
             // Expected request error from server
             const { code, message } = responseJson;
-            throw new js.LogtoRequestError(code, message);
+            throw new LogtoRequestError(code, message);
         }
         return response.json();
     };
 };
 
-exports.createRequester = createRequester;
+export { createRequester };

package/package.json

@@ -1,14 +1,16 @@
 {
   "name": "@logto/client",
-  "version": "1.1.2",
-  "source": "./src/index.ts",
-  "main": "./lib/index.js",
+  "version": "2.1.0",
+  "type": "module",
+  "main": "./lib/index.cjs",
+  "module": "./lib/index.js",
+  "types": "./lib/index.d.ts",
   "exports": {
-    "require": "./lib/index.js",
-    "import": "./lib/index.mjs"
+    "types": "./lib/index.d.ts",
+    "require": "./lib/index.cjs",
+    "import": "./lib/index.js",
+    "default": "./lib/index.js"
   },
-  "module": "./lib/index.mjs",
-  "types": "./lib/index.d.ts",
   "files": [
     "lib"
   ],
@@ -18,33 +20,18 @@
     "url": "https://github.com/logto-io/js.git",
     "directory": "packages/client"
   },
-  "scripts": {
-    "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
-    "precommit": "lint-staged",
-    "check": "tsc --noEmit",
-    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
-    "lint": "eslint --ext .ts src",
-    "test": "jest",
-    "test:coverage": "jest --silent --env=jsdom && jest --silent --coverage",
-    "prepack": "pnpm test"
-  },
   "dependencies": {
-    "@logto/js": "^1.1.2",
-    "@silverhand/essentials": "^2.6.1",
+    "@logto/js": "^2.1.0",
+    "@silverhand/essentials": "^2.6.2",
     "camelcase-keys": "^7.0.1",
-    "jose": "^4.13.2",
-    "lodash.get": "^4.4.2",
-    "lodash.once": "^4.1.1"
+    "jose": "^4.13.2"
   },
   "devDependencies": {
-    "@jest/types": "^29.5.0",
-    "@silverhand/eslint-config": "^2.0.0",
-    "@silverhand/ts-config": "^1.0.0",
+    "@silverhand/eslint-config": "^3.0.1",
+    "@silverhand/ts-config": "^3.0.0",
     "@swc/core": "^1.3.50",
     "@swc/jest": "^0.2.24",
     "@types/jest": "^29.5.0",
-    "@types/lodash.get": "^4.4.6",
-    "@types/lodash.once": "^4.1.7",
     "@types/node": "^18.0.0",
     "eslint": "^8.38.0",
     "jest": "^29.5.0",
@@ -63,5 +50,13 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "9e9a8b0887ef67baa7c3c564590bb06e7801d03e"
-}
+  "scripts": {
+    "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
+    "precommit": "lint-staged",
+    "check": "tsc --noEmit",
+    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
+    "lint": "eslint --ext .ts src",
+    "test": "jest",
+    "test:coverage": "jest --silent --env=jsdom && jest --silent --coverage"
+  }
+}

package/lib/errors.mjs

@@ -1,27 +0,0 @@
-import get from 'lodash.get';
-
-const logtoClientErrorCodes = Object.freeze({
-    sign_in_session: {
-        invalid: 'Invalid sign-in session.',
-        not_found: 'Sign-in session not found.',
-    },
-    not_authenticated: 'Not authenticated.',
-    fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',
-});
-const getMessageByErrorCode = (errorCode) => {
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-    const message = get(logtoClientErrorCodes, errorCode);
-    if (typeof message === 'string') {
-        return message;
-    }
-    return errorCode;
-};
-class LogtoClientError extends Error {
-    constructor(code, data) {
-        super(getMessageByErrorCode(code));
-        this.code = code;
-        this.data = data;
-    }
-}
-
-export { LogtoClientError };

package/lib/utils/index.mjs

@@ -1,6 +0,0 @@
-import { discoveryPath } from '@logto/js';
-
-const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
-const getDiscoveryEndpoint = (endpoint) => new URL(discoveryPath, endpoint).toString();
-
-export { buildAccessTokenKey, getDiscoveryEndpoint };