@logto/client 2.3.0 → 2.3.2

package/lib/index.cjs

@@ -24,7 +24,11 @@ var requester = require('./utils/requester.cjs');
  */
 class LogtoClient {
     constructor(logtoConfig, adapter) {
-        this.getOidcConfig = memoize.memoize(this.#getOidcConfig);
+        /**
+         * Get the OIDC configuration from the discovery endpoint. This method will
+         * only fetch the configuration once and cache the result.
+         */
+        this.getOidcConfig = once.once(this.#getOidcConfig);
         /**
          * Get the access token from the storage with refresh strategy.
          *
@@ -53,6 +57,16 @@ class LogtoClient {
          * It uses the same refresh strategy as {@link getAccessToken}.
          */
         this.getOrganizationToken = memoize.memoize(this.#getOrganizationToken);
+        /**
+         * Handle the sign-in callback by parsing the authorization code from the
+         * callback URI and exchanging it for the tokens.
+         *
+         * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
+         * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
+         * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
+         * @throws LogtoClientError if the sign-in session is not found.
+         */
+        this.handleSignInCallback = memoize.memoize(this.#handleSignInCallback);
         this.getJwtVerifyGetKey = once.once(this.#getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
         this.logtoConfig = index.normalizeLogtoConfig(logtoConfig);
@@ -183,50 +197,6 @@ class LogtoClient {
         const { origin, pathname } = new URL(url);
         return `${origin}${pathname}` === redirectUri;
     }
-    /**
-     * Handle the sign-in callback by parsing the authorization code from the
-     * callback URI and exchanging it for the tokens.
-     *
-     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
-     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
-     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
-     * @throws LogtoClientError if the sign-in session is not found.
-     */
-    async handleSignInCallback(callbackUri) {
-        const { requester } = this.adapter;
-        const signInSession = await this.getSignInSession();
-        if (!signInSession) {
-            throw new errors.LogtoClientError('sign_in_session.not_found');
-        }
-        const { redirectUri, state, codeVerifier } = signInSession;
-        const code = js.verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
-        // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
-        const accessTokenKey = index$2.buildAccessTokenKey();
-        const { appId: clientId } = this.logtoConfig;
-        const { tokenEndpoint } = await this.getOidcConfig();
-        const requestedAt = Math.round(Date.now() / 1000);
-        const { idToken, refreshToken, accessToken, scope, expiresIn } = await js.fetchTokenByAuthorizationCode({
-            clientId,
-            tokenEndpoint,
-            redirectUri,
-            codeVerifier,
-            code,
-        }, requester);
-        await this.verifyIdToken(idToken);
-        await this.setRefreshToken(refreshToken ?? null);
-        await this.setIdToken(idToken);
-        this.accessTokenMap.set(accessTokenKey, {
-            token: accessToken,
-            scope,
-            /** The `expiresAt` variable provides an approximate estimation of the actual `exp` property
-             * in the token claims. It is utilized by the client to determine if the cached access token
-             * has expired and when a new access token should be requested.
-             */
-            expiresAt: requestedAt + expiresIn,
-        });
-        await this.saveAccessTokenMap();
-        await this.setSignInSession(null);
-    }
     /**
      * Start the sign-out flow with the specified redirect URI. The URI must be
      * registered in the Logto Console.
@@ -385,7 +355,42 @@ class LogtoClient {
         if (!this.logtoConfig.scopes?.includes(js.UserScope.Organizations)) {
             throw new errors.LogtoClientError('missing_scope_organizations');
         }
-        return this.#getAccessToken(undefined, organizationId);
+        return this.getAccessToken(undefined, organizationId);
+    }
+    async #handleSignInCallback(callbackUri) {
+        const { requester } = this.adapter;
+        const signInSession = await this.getSignInSession();
+        if (!signInSession) {
+            throw new errors.LogtoClientError('sign_in_session.not_found');
+        }
+        const { redirectUri, state, codeVerifier } = signInSession;
+        const code = js.verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
+        // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
+        const accessTokenKey = index$2.buildAccessTokenKey();
+        const { appId: clientId } = this.logtoConfig;
+        const { tokenEndpoint } = await this.getOidcConfig();
+        const requestedAt = Math.round(Date.now() / 1000);
+        const { idToken, refreshToken, accessToken, scope, expiresIn } = await js.fetchTokenByAuthorizationCode({
+            clientId,
+            tokenEndpoint,
+            redirectUri,
+            codeVerifier,
+            code,
+        }, requester);
+        await this.verifyIdToken(idToken);
+        await this.setRefreshToken(refreshToken ?? null);
+        await this.setIdToken(idToken);
+        this.accessTokenMap.set(accessTokenKey, {
+            token: accessToken,
+            scope,
+            /** The `expiresAt` variable provides an approximate estimation of the actual `exp` property
+             * in the token claims. It is utilized by the client to determine if the cached access token
+             * has expired and when a new access token should be requested.
+             */
+            expiresAt: requestedAt + expiresIn,
+        });
+        await this.saveAccessTokenMap();
+        await this.setSignInSession(null);
     }
 }
 /* eslint-enable max-lines */

package/lib/index.d.ts

@@ -1,4 +1,4 @@
-import { type IdTokenClaims, type UserInfoResponse, type InteractionMode, type AccessTokenClaims } from '@logto/js';
+import { type IdTokenClaims, type UserInfoResponse, type InteractionMode, type AccessTokenClaims, type OidcConfigResponse } from '@logto/js';
 import { type Nullable } from '@silverhand/essentials';
 import { type JWTVerifyGetKey } from 'jose';
 import { ClientAdapterInstance, type ClientAdapter } from './adapter/index.js';
@@ -20,15 +20,11 @@ export * from './types/index.js';
 export default class LogtoClient {
     #private;
     readonly logtoConfig: LogtoConfig;
-    readonly getOidcConfig: (this: unknown) => Promise<import("@silverhand/essentials").KeysToCamelCase<{
-        authorization_endpoint: string;
-        token_endpoint: string;
-        userinfo_endpoint: string;
-        end_session_endpoint: string;
-        revocation_endpoint: string;
-        jwks_uri: string;
-        issuer: string;
-    }>>;
+    /**
+     * Get the OIDC configuration from the discovery endpoint. This method will
+     * only fetch the configuration once and cache the result.
+     */
+    readonly getOidcConfig: () => Promise<OidcConfigResponse>;
     /**
      * Get the access token from the storage with refresh strategy.
      *
@@ -57,6 +53,16 @@ export default class LogtoClient {
      * It uses the same refresh strategy as {@link getAccessToken}.
      */
     readonly getOrganizationToken: (this: unknown, organizationId: string) => Promise<string>;
+    /**
+     * Handle the sign-in callback by parsing the authorization code from the
+     * callback URI and exchanging it for the tokens.
+     *
+     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
+     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
+     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
+     * @throws LogtoClientError if the sign-in session is not found.
+     */
+    readonly handleSignInCallback: (this: unknown, callbackUri: string) => Promise<void>;
     protected readonly getJwtVerifyGetKey: (...args: unknown[]) => Promise<JWTVerifyGetKey>;
     protected readonly adapter: ClientAdapterInstance;
     protected readonly accessTokenMap: Map<string, AccessToken>;
@@ -129,16 +135,6 @@ export default class LogtoClient {
      * @param url The current URL.
      */
     isSignInRedirected(url: string): Promise<boolean>;
-    /**
-     * Handle the sign-in callback by parsing the authorization code from the
-     * callback URI and exchanging it for the tokens.
-     *
-     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
-     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
-     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
-     * @throws LogtoClientError if the sign-in session is not found.
-     */
-    handleSignInCallback(callbackUri: string): Promise<void>;
     /**
      * Start the sign-out flow with the specified redirect URI. The URI must be
      * registered in the Logto Console.

package/lib/index.js

@@ -1,4 +1,4 @@
-import { decodeIdToken, decodeAccessToken, fetchUserInfo, generateSignInUri, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode, revoke, generateSignOutUri, fetchTokenByRefreshToken, verifyIdToken, fetchOidcConfig, UserScope } from '@logto/js';
+import { decodeIdToken, decodeAccessToken, fetchUserInfo, generateSignInUri, revoke, generateSignOutUri, fetchTokenByRefreshToken, verifyIdToken, fetchOidcConfig, UserScope, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode } from '@logto/js';
 export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedResource, ReservedScope, UserScope, buildOrganizationUrn, getOrganizationIdFromUrn, organizationUrnPrefix } from '@logto/js';
 import { createRemoteJWKSet } from 'jose';
 import { ClientAdapterInstance } from './adapter/index.js';
@@ -21,7 +21,11 @@ export { createRequester } from './utils/requester.js';
  */
 class LogtoClient {
     constructor(logtoConfig, adapter) {
-        this.getOidcConfig = memoize(this.#getOidcConfig);
+        /**
+         * Get the OIDC configuration from the discovery endpoint. This method will
+         * only fetch the configuration once and cache the result.
+         */
+        this.getOidcConfig = once(this.#getOidcConfig);
         /**
          * Get the access token from the storage with refresh strategy.
          *
@@ -50,6 +54,16 @@ class LogtoClient {
          * It uses the same refresh strategy as {@link getAccessToken}.
          */
         this.getOrganizationToken = memoize(this.#getOrganizationToken);
+        /**
+         * Handle the sign-in callback by parsing the authorization code from the
+         * callback URI and exchanging it for the tokens.
+         *
+         * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
+         * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
+         * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
+         * @throws LogtoClientError if the sign-in session is not found.
+         */
+        this.handleSignInCallback = memoize(this.#handleSignInCallback);
         this.getJwtVerifyGetKey = once(this.#getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
         this.logtoConfig = normalizeLogtoConfig(logtoConfig);
@@ -180,50 +194,6 @@ class LogtoClient {
         const { origin, pathname } = new URL(url);
         return `${origin}${pathname}` === redirectUri;
     }
-    /**
-     * Handle the sign-in callback by parsing the authorization code from the
-     * callback URI and exchanging it for the tokens.
-     *
-     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
-     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
-     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
-     * @throws LogtoClientError if the sign-in session is not found.
-     */
-    async handleSignInCallback(callbackUri) {
-        const { requester } = this.adapter;
-        const signInSession = await this.getSignInSession();
-        if (!signInSession) {
-            throw new LogtoClientError('sign_in_session.not_found');
-        }
-        const { redirectUri, state, codeVerifier } = signInSession;
-        const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
-        // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
-        const accessTokenKey = buildAccessTokenKey();
-        const { appId: clientId } = this.logtoConfig;
-        const { tokenEndpoint } = await this.getOidcConfig();
-        const requestedAt = Math.round(Date.now() / 1000);
-        const { idToken, refreshToken, accessToken, scope, expiresIn } = await fetchTokenByAuthorizationCode({
-            clientId,
-            tokenEndpoint,
-            redirectUri,
-            codeVerifier,
-            code,
-        }, requester);
-        await this.verifyIdToken(idToken);
-        await this.setRefreshToken(refreshToken ?? null);
-        await this.setIdToken(idToken);
-        this.accessTokenMap.set(accessTokenKey, {
-            token: accessToken,
-            scope,
-            /** The `expiresAt` variable provides an approximate estimation of the actual `exp` property
-             * in the token claims. It is utilized by the client to determine if the cached access token
-             * has expired and when a new access token should be requested.
-             */
-            expiresAt: requestedAt + expiresIn,
-        });
-        await this.saveAccessTokenMap();
-        await this.setSignInSession(null);
-    }
     /**
      * Start the sign-out flow with the specified redirect URI. The URI must be
      * registered in the Logto Console.
@@ -382,7 +352,42 @@ class LogtoClient {
         if (!this.logtoConfig.scopes?.includes(UserScope.Organizations)) {
             throw new LogtoClientError('missing_scope_organizations');
         }
-        return this.#getAccessToken(undefined, organizationId);
+        return this.getAccessToken(undefined, organizationId);
+    }
+    async #handleSignInCallback(callbackUri) {
+        const { requester } = this.adapter;
+        const signInSession = await this.getSignInSession();
+        if (!signInSession) {
+            throw new LogtoClientError('sign_in_session.not_found');
+        }
+        const { redirectUri, state, codeVerifier } = signInSession;
+        const code = verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
+        // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
+        const accessTokenKey = buildAccessTokenKey();
+        const { appId: clientId } = this.logtoConfig;
+        const { tokenEndpoint } = await this.getOidcConfig();
+        const requestedAt = Math.round(Date.now() / 1000);
+        const { idToken, refreshToken, accessToken, scope, expiresIn } = await fetchTokenByAuthorizationCode({
+            clientId,
+            tokenEndpoint,
+            redirectUri,
+            codeVerifier,
+            code,
+        }, requester);
+        await this.verifyIdToken(idToken);
+        await this.setRefreshToken(refreshToken ?? null);
+        await this.setIdToken(idToken);
+        this.accessTokenMap.set(accessTokenKey, {
+            token: accessToken,
+            scope,
+            /** The `expiresAt` variable provides an approximate estimation of the actual `exp` property
+             * in the token claims. It is utilized by the client to determine if the cached access token
+             * has expired and when a new access token should be requested.
+             */
+            expiresAt: requestedAt + expiresIn,
+        });
+        await this.saveAccessTokenMap();
+        await this.setSignInSession(null);
     }
 }
 /* eslint-enable max-lines */

package/lib/mock.d.ts

@@ -1,5 +1,5 @@
 /// <reference types="jest" />
-import { Prompt } from '@logto/js';
+import { type OidcConfigResponse, Prompt } from '@logto/js';
 import { type Nullable } from '@silverhand/essentials';
 import type { Storage } from './adapter/index.js';
 import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './index.js';
@@ -71,18 +71,10 @@ export declare const createClient: (prompt?: Prompt, storage?: MockedStorage, wi
  * Make protected fields accessible for test
  */
 export declare class LogtoClientWithAccessors extends LogtoClient {
-    runGetOidcConfig(): Promise<import("@silverhand/essentials").KeysToCamelCase<{
-        authorization_endpoint: string;
-        token_endpoint: string;
-        userinfo_endpoint: string;
-        end_session_endpoint: string;
-        revocation_endpoint: string;
-        jwks_uri: string;
-        issuer: string;
-    }>>;
+    runGetOidcConfig(): Promise<OidcConfigResponse>;
     runGetJwtVerifyGetKey(): Promise<import("jose").JWTVerifyGetKey>;
     getLogtoConfig(): Nullable<LogtoConfig>;
-    getSignInSessionItem(): Promise<Nullable<LogtoSignInSessionItem>>;
+    getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>>;
     setSignInSessionItem(item: Nullable<LogtoSignInSessionItem>): Promise<void>;
     getAccessTokenMap(): Map<string, AccessToken>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/client",
-  "version": "2.3.0",
+  "version": "2.3.2",
   "type": "module",
   "main": "./lib/index.cjs",
   "module": "./lib/index.js",
@@ -27,8 +27,8 @@
     "jose": "^5.0.0"
   },
   "devDependencies": {
-    "@silverhand/eslint-config": "^4.0.1",
-    "@silverhand/ts-config": "^4.0.0",
+    "@silverhand/eslint-config": "^5.0.0",
+    "@silverhand/ts-config": "^5.0.0",
     "@swc/core": "^1.3.50",
     "@swc/jest": "^0.2.24",
     "@types/jest": "^29.5.0",