@logto/client 2.2.2 → 2.2.4

package/README.md

@@ -5,8 +5,6 @@
 
 The Logto JavaScript Client SDK written in TypeScript. Check out our [docs](https://docs.logto.io/sdk/JavaScript/client/) for more information.
 
-We also provide [文档](https://docs.logto.io/zh-cn/sdk/JavaScript/sdk/client/) in Simplified Chinese.
-
 ## Installation
 
 ### Using npm

package/lib/index.cjs

@@ -24,6 +24,21 @@ var requester = require('./utils/requester.cjs');
 class LogtoClient {
     constructor(logtoConfig, adapter) {
         this.getOidcConfig = memoize.memoize(this.#getOidcConfig);
+        /**
+         * Get the access token from the storage.
+         *
+         * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
+         * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
+         *
+         * If you want to get the access token claims, use {@link getAccessTokenClaims} instead.
+         *
+         * @param resource The resource that the access token is granted for. If not
+         * specified, the access token will be used for OpenID Connect or the default
+         * resource, as specified in the Logto Console.
+         * @returns The access token string.
+         * @throws LogtoClientError if the user is not authenticated.
+         */
+        this.getAccessToken = memoize.memoize(this.#getAccessToken);
         this.getJwtVerifyGetKey = once.once(this.#getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
         this.logtoConfig = {
@@ -53,36 +68,6 @@ class LogtoClient {
     async getIdToken() {
         return this.adapter.storage.getItem('idToken');
     }
-    /**
-     * Get the Access Token from the storage. If the Access Token has expired, it
-     * will try to fetch a new one using the Refresh Token.
-     *
-     * If you want to get the Access Token claims, use {@link getAccessTokenClaims} instead.
-     *
-     * @param resource The resource that the Access Token is granted for. If not
-     * specified, the Access Token will be used for OpenID Connect or the default
-     * resource, as specified in the Logto Console.
-     * @returns The Access Token string.
-     * @throws LogtoClientError if the user is not authenticated.
-     */
-    async getAccessToken(resource) {
-        if (!(await this.getIdToken())) {
-            throw new errors.LogtoClientError('not_authenticated');
-        }
-        const accessTokenKey = index$2.buildAccessTokenKey(resource);
-        const accessToken = this.accessTokenMap.get(accessTokenKey);
-        if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
-            return accessToken.token;
-        }
-        // Since the access token has expired, delete it from the map.
-        if (accessToken) {
-            this.accessTokenMap.delete(accessTokenKey);
-        }
-        /**
-         * Need to fetch a new access token using refresh token.
-         */
-        return this.getAccessTokenByRefreshToken(resource);
-    }
     /**
      * Get the ID Token claims.
      */
@@ -94,10 +79,10 @@ class LogtoClient {
         return js.decodeIdToken(idToken);
     }
     /**
-     * Get the Access Token claims for the specified resource.
+     * Get the access token claims for the specified resource.
      *
-     * @param resource The resource that the Access Token is granted for. If not
-     * specified, the Access Token will be used for OpenID Connect or the default
+     * @param resource The resource that the access token is granted for. If not
+     * specified, the access token will be used for OpenID Connect or the default
      * resource, as specified in the Logto Console.
      */
     async getAccessTokenClaims(resource) {
@@ -183,8 +168,9 @@ class LogtoClient {
      * Handle the sign-in callback by parsing the authorization code from the
      * callback URI and exchanging it for the tokens.
      *
-     * @param callbackUri The callback URI that the user is redirected to after the sign-in flow is completed.
-     * This URI must match the redirect URI specified in {@link signIn}.
+     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
+     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
+     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
      * @throws LogtoClientError if the sign-in session is not found.
      */
     async handleSignInCallback(callbackUri) {
@@ -302,7 +288,9 @@ class LogtoClient {
             expiresAt: requestedAt + expiresIn,
         });
         await this.saveAccessTokenMap();
-        await this.setRefreshToken(refreshToken);
+        if (refreshToken) {
+            await this.setRefreshToken(refreshToken);
+        }
         if (idToken) {
             await this.verifyIdToken(idToken);
             await this.setIdToken(idToken);
@@ -355,6 +343,24 @@ class LogtoClient {
         const cachedJwkSet = new remoteJwkSet.CachedRemoteJwkSet(new URL(jwksUri), this.adapter);
         return async (...args) => cachedJwkSet.getKey(...args);
     }
+    async #getAccessToken(resource) {
+        if (!(await this.getIdToken())) {
+            throw new errors.LogtoClientError('not_authenticated');
+        }
+        const accessTokenKey = index$2.buildAccessTokenKey(resource);
+        const accessToken = this.accessTokenMap.get(accessTokenKey);
+        if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
+            return accessToken.token;
+        }
+        // Since the access token has expired, delete it from the map.
+        if (accessToken) {
+            this.accessTokenMap.delete(accessTokenKey);
+        }
+        /**
+         * Need to fetch a new access token using refresh token.
+         */
+        return this.getAccessTokenByRefreshToken(resource);
+    }
 }
 
 Object.defineProperty(exports, 'LogtoError', {

package/lib/index.d.ts

@@ -4,7 +4,7 @@ import { type JWTVerifyGetKey } from 'jose';
 import { ClientAdapterInstance, type ClientAdapter } from './adapter/index.js';
 import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types/index.js';
 export type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';
-export { LogtoError, OidcError, Prompt, LogtoRequestError, ReservedScope, UserScope, } from '@logto/js';
+export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, UserScope, } from '@logto/js';
 export * from './errors.js';
 export type { Storage, StorageKey, ClientAdapter } from './adapter/index.js';
 export { PersistKey, CacheKey } from './adapter/index.js';
@@ -19,8 +19,8 @@ export * from './types/index.js';
  */
 export default class LogtoClient {
     #private;
-    protected readonly logtoConfig: LogtoConfig;
-    protected readonly getOidcConfig: (this: unknown) => Promise<import("@silverhand/essentials").KeysToCamelCase<{
+    readonly logtoConfig: LogtoConfig;
+    readonly getOidcConfig: (this: unknown) => Promise<import("@silverhand/essentials").KeysToCamelCase<{
         authorization_endpoint: string;
         token_endpoint: string;
         userinfo_endpoint: string;
@@ -29,6 +29,21 @@ export default class LogtoClient {
         jwks_uri: string;
         issuer: string;
     }>>;
+    /**
+     * Get the access token from the storage.
+     *
+     * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
+     * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
+     *
+     * If you want to get the access token claims, use {@link getAccessTokenClaims} instead.
+     *
+     * @param resource The resource that the access token is granted for. If not
+     * specified, the access token will be used for OpenID Connect or the default
+     * resource, as specified in the Logto Console.
+     * @returns The access token string.
+     * @throws LogtoClientError if the user is not authenticated.
+     */
+    readonly getAccessToken: (this: unknown, resource?: string | undefined) => Promise<string>;
     protected readonly getJwtVerifyGetKey: (...args: unknown[]) => Promise<JWTVerifyGetKey>;
     protected readonly adapter: ClientAdapterInstance;
     protected readonly accessTokenMap: Map<string, AccessToken>;
@@ -46,28 +61,15 @@ export default class LogtoClient {
      * use {@link getIdTokenClaims} instead.
      */
     getIdToken(): Promise<Nullable<string>>;
-    /**
-     * Get the Access Token from the storage. If the Access Token has expired, it
-     * will try to fetch a new one using the Refresh Token.
-     *
-     * If you want to get the Access Token claims, use {@link getAccessTokenClaims} instead.
-     *
-     * @param resource The resource that the Access Token is granted for. If not
-     * specified, the Access Token will be used for OpenID Connect or the default
-     * resource, as specified in the Logto Console.
-     * @returns The Access Token string.
-     * @throws LogtoClientError if the user is not authenticated.
-     */
-    getAccessToken(resource?: string): Promise<string>;
     /**
      * Get the ID Token claims.
      */
     getIdTokenClaims(): Promise<IdTokenClaims>;
     /**
-     * Get the Access Token claims for the specified resource.
+     * Get the access token claims for the specified resource.
      *
-     * @param resource The resource that the Access Token is granted for. If not
-     * specified, the Access Token will be used for OpenID Connect or the default
+     * @param resource The resource that the access token is granted for. If not
+     * specified, the access token will be used for OpenID Connect or the default
      * resource, as specified in the Logto Console.
      */
     getAccessTokenClaims(resource?: string): Promise<AccessTokenClaims>;
@@ -112,8 +114,9 @@ export default class LogtoClient {
      * Handle the sign-in callback by parsing the authorization code from the
      * callback URI and exchanging it for the tokens.
      *
-     * @param callbackUri The callback URI that the user is redirected to after the sign-in flow is completed.
-     * This URI must match the redirect URI specified in {@link signIn}.
+     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
+     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
+     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
      * @throws LogtoClientError if the sign-in session is not found.
      */
     handleSignInCallback(callbackUri: string): Promise<void>;

package/lib/index.js

@@ -21,6 +21,21 @@ export { createRequester } from './utils/requester.js';
 class LogtoClient {
     constructor(logtoConfig, adapter) {
         this.getOidcConfig = memoize(this.#getOidcConfig);
+        /**
+         * Get the access token from the storage.
+         *
+         * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
+         * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
+         *
+         * If you want to get the access token claims, use {@link getAccessTokenClaims} instead.
+         *
+         * @param resource The resource that the access token is granted for. If not
+         * specified, the access token will be used for OpenID Connect or the default
+         * resource, as specified in the Logto Console.
+         * @returns The access token string.
+         * @throws LogtoClientError if the user is not authenticated.
+         */
+        this.getAccessToken = memoize(this.#getAccessToken);
         this.getJwtVerifyGetKey = once(this.#getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
         this.logtoConfig = {
@@ -50,36 +65,6 @@ class LogtoClient {
     async getIdToken() {
         return this.adapter.storage.getItem('idToken');
     }
-    /**
-     * Get the Access Token from the storage. If the Access Token has expired, it
-     * will try to fetch a new one using the Refresh Token.
-     *
-     * If you want to get the Access Token claims, use {@link getAccessTokenClaims} instead.
-     *
-     * @param resource The resource that the Access Token is granted for. If not
-     * specified, the Access Token will be used for OpenID Connect or the default
-     * resource, as specified in the Logto Console.
-     * @returns The Access Token string.
-     * @throws LogtoClientError if the user is not authenticated.
-     */
-    async getAccessToken(resource) {
-        if (!(await this.getIdToken())) {
-            throw new LogtoClientError('not_authenticated');
-        }
-        const accessTokenKey = buildAccessTokenKey(resource);
-        const accessToken = this.accessTokenMap.get(accessTokenKey);
-        if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
-            return accessToken.token;
-        }
-        // Since the access token has expired, delete it from the map.
-        if (accessToken) {
-            this.accessTokenMap.delete(accessTokenKey);
-        }
-        /**
-         * Need to fetch a new access token using refresh token.
-         */
-        return this.getAccessTokenByRefreshToken(resource);
-    }
     /**
      * Get the ID Token claims.
      */
@@ -91,10 +76,10 @@ class LogtoClient {
         return decodeIdToken(idToken);
     }
     /**
-     * Get the Access Token claims for the specified resource.
+     * Get the access token claims for the specified resource.
      *
-     * @param resource The resource that the Access Token is granted for. If not
-     * specified, the Access Token will be used for OpenID Connect or the default
+     * @param resource The resource that the access token is granted for. If not
+     * specified, the access token will be used for OpenID Connect or the default
      * resource, as specified in the Logto Console.
      */
     async getAccessTokenClaims(resource) {
@@ -180,8 +165,9 @@ class LogtoClient {
      * Handle the sign-in callback by parsing the authorization code from the
      * callback URI and exchanging it for the tokens.
      *
-     * @param callbackUri The callback URI that the user is redirected to after the sign-in flow is completed.
-     * This URI must match the redirect URI specified in {@link signIn}.
+     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
+     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
+     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
      * @throws LogtoClientError if the sign-in session is not found.
      */
     async handleSignInCallback(callbackUri) {
@@ -299,7 +285,9 @@ class LogtoClient {
             expiresAt: requestedAt + expiresIn,
         });
         await this.saveAccessTokenMap();
-        await this.setRefreshToken(refreshToken);
+        if (refreshToken) {
+            await this.setRefreshToken(refreshToken);
+        }
         if (idToken) {
             await this.verifyIdToken(idToken);
             await this.setIdToken(idToken);
@@ -352,6 +340,24 @@ class LogtoClient {
         const cachedJwkSet = new CachedRemoteJwkSet(new URL(jwksUri), this.adapter);
         return async (...args) => cachedJwkSet.getKey(...args);
     }
+    async #getAccessToken(resource) {
+        if (!(await this.getIdToken())) {
+            throw new LogtoClientError('not_authenticated');
+        }
+        const accessTokenKey = buildAccessTokenKey(resource);
+        const accessToken = this.accessTokenMap.get(accessTokenKey);
+        if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
+            return accessToken.token;
+        }
+        // Since the access token has expired, delete it from the map.
+        if (accessToken) {
+            this.accessTokenMap.delete(accessTokenKey);
+        }
+        /**
+         * Need to fetch a new access token using refresh token.
+         */
+        return this.getAccessTokenByRefreshToken(resource);
+    }
 }
 
 export { CacheKey, LogtoClientError, PersistKey, LogtoClient as default, isLogtoAccessTokenMap, isLogtoSignInSessionItem };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/client",
-  "version": "2.2.2",
+  "version": "2.2.4",
   "type": "module",
   "main": "./lib/index.cjs",
   "module": "./lib/index.js",
@@ -21,7 +21,7 @@
     "directory": "packages/client"
   },
   "dependencies": {
-    "@logto/js": "^2.1.2",
+    "@logto/js": "^2.1.3",
     "@silverhand/essentials": "^2.6.2",
     "camelcase-keys": "^7.0.1",
     "jose": "^4.13.2"
@@ -36,11 +36,11 @@
     "eslint": "^8.44.0",
     "jest": "^29.5.0",
     "jest-matcher-specific-error": "^1.0.0",
-    "lint-staged": "^13.0.0",
+    "lint-staged": "^15.0.0",
     "nock": "^13.3.0",
     "prettier": "^3.0.0",
     "text-encoder": "^0.0.4",
-    "type-fest": "^3.0.0",
+    "type-fest": "^4.0.0",
     "typescript": "^5.0.0"
   },
   "eslintConfig": {