@logto/client 2.3.3 → 3.0.0-alpha.0

package/lib/index.cjs

@@ -2,19 +2,15 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
+var defaults = require('./adapter/defaults.cjs');
+var client = require('./client.cjs');
 var js = require('@logto/js');
-var jose = require('jose');
-var index$1 = require('./adapter/index.cjs');
 var errors = require('./errors.cjs');
-var remoteJwkSet = require('./remote-jwk-set.cjs');
-var index = require('./types/index.cjs');
-var index$2 = require('./utils/index.cjs');
-var memoize = require('./utils/memoize.cjs');
-var once = require('./utils/once.cjs');
+require('@silverhand/essentials');
 var types = require('./adapter/types.cjs');
 var requester = require('./utils/requester.cjs');
+var index = require('./types/index.cjs');
 
-/* eslint-disable max-lines */
 /**
  * The Logto base client class that provides the essential methods for
  * interacting with the Logto server.
@@ -22,379 +18,13 @@ var requester = require('./utils/requester.cjs');
  * It also provides an adapter object that allows the customizations of the
  * client behavior for different environments.
  */
-class LogtoClient {
-    constructor(logtoConfig, adapter) {
-        /**
-         * Get the OIDC configuration from the discovery endpoint. This method will
-         * only fetch the configuration once and cache the result.
-         */
-        this.getOidcConfig = once.once(this.#getOidcConfig);
-        /**
-         * Get the access token from the storage with refresh strategy.
-         *
-         * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
-         * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
-         *
-         * If you want to get the access token claims, use {@link getAccessTokenClaims} instead.
-         *
-         * @param resource The resource that the access token is granted for. If not
-         * specified, the access token will be used for OpenID Connect or the default
-         * resource, as specified in the Logto Console.
-         * @returns The access token string.
-         * @throws LogtoClientError if the user is not authenticated.
-         */
-        this.getAccessToken = memoize.memoize(this.#getAccessToken);
-        /**
-         * Get the access token for the specified organization from the storage with refresh strategy.
-         *
-         * Scope {@link UserScope.Organizations} is required in the config to use organization-related
-         * methods.
-         *
-         * @param organizationId The ID of the organization that the access token is granted for.
-         * @returns The access token string.
-         * @throws LogtoClientError if the user is not authenticated.
-         * @remarks
-         * It uses the same refresh strategy as {@link getAccessToken}.
-         */
-        this.getOrganizationToken = memoize.memoize(this.#getOrganizationToken);
-        /**
-         * Handle the sign-in callback by parsing the authorization code from the
-         * callback URI and exchanging it for the tokens.
-         *
-         * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
-         * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
-         * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
-         * @throws LogtoClientError if the sign-in session is not found.
-         */
-        this.handleSignInCallback = memoize.memoize(this.#handleSignInCallback);
-        this.getJwtVerifyGetKey = once.once(this.#getJwtVerifyGetKey);
-        this.accessTokenMap = new Map();
-        this.logtoConfig = index.normalizeLogtoConfig(logtoConfig);
-        this.adapter = new index$1.ClientAdapterInstance(adapter);
-        void this.loadAccessTokenMap();
-    }
-    /**
-     * Check if the user is authenticated by checking if the ID token exists.
-     */
-    async isAuthenticated() {
-        return Boolean(await this.getIdToken());
-    }
-    /**
-     * Get the Refresh Token from the storage.
-     */
-    async getRefreshToken() {
-        return this.adapter.storage.getItem('refreshToken');
-    }
-    /**
-     * Get the ID Token from the storage. If you want to get the ID Token claims,
-     * use {@link getIdTokenClaims} instead.
-     */
-    async getIdToken() {
-        return this.adapter.storage.getItem('idToken');
-    }
-    /**
-     * Get the ID Token claims.
-     */
-    async getIdTokenClaims() {
-        const idToken = await this.getIdToken();
-        if (!idToken) {
-            throw new errors.LogtoClientError('not_authenticated');
-        }
-        return js.decodeIdToken(idToken);
-    }
-    /**
-     * Get the access token claims for the specified resource.
-     *
-     * @param resource The resource that the access token is granted for. If not
-     * specified, the access token will be used for OpenID Connect or the default
-     * resource, as specified in the Logto Console.
-     */
-    async getAccessTokenClaims(resource) {
-        const accessToken = await this.getAccessToken(resource);
-        return js.decodeAccessToken(accessToken);
-    }
-    /**
-     * Get the organization token claims for the specified organization.
-     *
-     * @param organizationId The ID of the organization that the access token is granted for.
-     */
-    async getOrganizationTokenClaims(organizationId) {
-        const accessToken = await this.getOrganizationToken(organizationId);
-        return js.decodeAccessToken(accessToken);
-    }
-    /**
-     * Get the user information from the Userinfo Endpoint.
-     *
-     * Note the Userinfo Endpoint will return more claims than the ID Token. See
-     * {@link https://docs.logto.io/docs/recipes/integrate-logto/vanilla-js/#fetch-user-information | Fetch user information}
-     * for more information.
-     *
-     * @returns The user information.
-     * @throws LogtoClientError if the user is not authenticated.
-     */
-    async fetchUserInfo() {
-        const { userinfoEndpoint } = await this.getOidcConfig();
-        const accessToken = await this.getAccessToken();
-        if (!accessToken) {
-            throw new errors.LogtoClientError('fetch_user_info_failed');
-        }
-        return js.fetchUserInfo(userinfoEndpoint, accessToken, this.adapter.requester);
-    }
-    /**
-     * Start the sign-in flow with the specified redirect URI. The URI must be
-     * registered in the Logto Console.
-     *
-     * The user will be redirected to that URI after the sign-in flow is completed,
-     * and the client will be able to get the authorization code from the URI.
-     * To fetch the tokens from the authorization code, use {@link handleSignInCallback}
-     * after the user is redirected in the callback URI.
-     *
-     * @param redirectUri The redirect URI that the user will be redirected to after the sign-in flow is completed.
-     * @param interactionMode The interaction mode to be used for the authorization request. Note it's not
-     * a part of the OIDC standard, but a Logto-specific extension. Defaults to `signIn`.
-     *
-     * @see {@link https://docs.logto.io/docs/recipes/integrate-logto/vanilla-js/#sign-in | Sign in} for more information.
-     * @see {@link InteractionMode}
-     */
-    async signIn(redirectUri, interactionMode) {
-        const { appId: clientId, prompt, resources, scopes } = this.logtoConfig;
-        const { authorizationEndpoint } = await this.getOidcConfig();
-        const codeVerifier = this.adapter.generateCodeVerifier();
-        const codeChallenge = await this.adapter.generateCodeChallenge(codeVerifier);
-        const state = this.adapter.generateState();
-        const signInUri = js.generateSignInUri({
-            authorizationEndpoint,
-            clientId,
-            redirectUri,
-            codeChallenge,
-            state,
-            scopes,
-            resources,
-            prompt,
-            interactionMode,
-        });
-        await Promise.all([
-            this.setSignInSession({ redirectUri, codeVerifier, state }),
-            this.setRefreshToken(null),
-            this.setIdToken(null),
-        ]);
-        await this.adapter.navigate(signInUri);
-    }
-    /**
-     * Check if the user is redirected from the sign-in page by checking if the
-     * current URL matches the redirect URI in the sign-in session.
-     *
-     * If there's no sign-in session, it will return `false`.
-     *
-     * @param url The current URL.
-     */
-    async isSignInRedirected(url) {
-        const signInSession = await this.getSignInSession();
-        if (!signInSession) {
-            return false;
-        }
-        const { redirectUri } = signInSession;
-        const { origin, pathname } = new URL(url);
-        return `${origin}${pathname}` === redirectUri;
-    }
-    /**
-     * Start the sign-out flow with the specified redirect URI. The URI must be
-     * registered in the Logto Console.
-     *
-     * It will also revoke all the tokens and clean up the storage.
-     *
-     * The user will be redirected that URI after the sign-out flow is completed.
-     * If the `postLogoutRedirectUri` is not specified, the user will be redirected
-     * to a default page.
-     */
-    async signOut(postLogoutRedirectUri) {
-        const { appId: clientId } = this.logtoConfig;
-        const { endSessionEndpoint, revocationEndpoint } = await this.getOidcConfig();
-        const refreshToken = await this.getRefreshToken();
-        if (refreshToken) {
-            try {
-                await js.revoke(revocationEndpoint, clientId, refreshToken, this.adapter.requester);
-            }
-            catch {
-                // Do nothing at this point, as we don't want to break the sign-out flow even if the revocation is failed
-            }
-        }
-        const url = js.generateSignOutUri({
-            endSessionEndpoint,
-            postLogoutRedirectUri,
-            clientId,
-        });
-        this.accessTokenMap.clear();
-        await Promise.all([
-            this.setRefreshToken(null),
-            this.setIdToken(null),
-            this.adapter.storage.removeItem('accessToken'),
-        ]);
-        await this.adapter.navigate(url);
-    }
-    async getSignInSession() {
-        const jsonItem = await this.adapter.storage.getItem('signInSession');
-        if (!jsonItem) {
-            return null;
-        }
-        const item = JSON.parse(jsonItem);
-        if (!index.isLogtoSignInSessionItem(item)) {
-            throw new errors.LogtoClientError('sign_in_session.invalid');
-        }
-        return item;
-    }
-    async setSignInSession(value) {
-        return this.adapter.setStorageItem(types.PersistKey.SignInSession, value && JSON.stringify(value));
-    }
-    async setIdToken(value) {
-        return this.adapter.setStorageItem(types.PersistKey.IdToken, value);
-    }
-    async setRefreshToken(value) {
-        return this.adapter.setStorageItem(types.PersistKey.RefreshToken, value);
-    }
-    async getAccessTokenByRefreshToken(resource, organizationId) {
-        const currentRefreshToken = await this.getRefreshToken();
-        if (!currentRefreshToken) {
-            throw new errors.LogtoClientError('not_authenticated');
-        }
-        const accessTokenKey = index$2.buildAccessTokenKey(resource, organizationId);
-        const { appId: clientId } = this.logtoConfig;
-        const { tokenEndpoint } = await this.getOidcConfig();
-        const requestedAt = Math.round(Date.now() / 1000);
-        const { accessToken, refreshToken, idToken, scope, expiresIn } = await js.fetchTokenByRefreshToken({
-            clientId,
-            tokenEndpoint,
-            refreshToken: currentRefreshToken,
-            resource,
-            organizationId,
-        }, this.adapter.requester);
-        this.accessTokenMap.set(accessTokenKey, {
-            token: accessToken,
-            scope,
-            /** The `expiresAt` variable provides an approximate estimation of the actual `exp` property
-             * in the token claims. It is utilized by the client to determine if the cached access token
-             * has expired and when a new access token should be requested.
-             */
-            expiresAt: requestedAt + expiresIn,
-        });
-        await this.saveAccessTokenMap();
-        if (refreshToken) {
-            await this.setRefreshToken(refreshToken);
-        }
-        if (idToken) {
-            await this.verifyIdToken(idToken);
-            await this.setIdToken(idToken);
-        }
-        return accessToken;
-    }
-    async verifyIdToken(idToken) {
-        const { appId } = this.logtoConfig;
-        const { issuer } = await this.getOidcConfig();
-        const jwtVerifyGetKey = await this.getJwtVerifyGetKey();
-        await js.verifyIdToken(idToken, appId, issuer, jwtVerifyGetKey);
-    }
-    async saveAccessTokenMap() {
-        const data = {};
-        for (const [key, accessToken] of this.accessTokenMap.entries()) {
-            // eslint-disable-next-line @silverhand/fp/no-mutation
-            data[key] = accessToken;
-        }
-        await this.adapter.storage.setItem('accessToken', JSON.stringify(data));
-    }
-    async loadAccessTokenMap() {
-        const raw = await this.adapter.storage.getItem('accessToken');
-        if (!raw) {
-            return;
-        }
-        try {
-            const json = JSON.parse(raw);
-            if (!index.isLogtoAccessTokenMap(json)) {
-                return;
-            }
-            this.accessTokenMap.clear();
-            for (const [key, accessToken] of Object.entries(json)) {
-                this.accessTokenMap.set(key, accessToken);
-            }
-        }
-        catch (error) {
-            console.warn(error);
-        }
-    }
-    async #getOidcConfig() {
-        return this.adapter.getWithCache(types.CacheKey.OpenidConfig, async () => {
-            return js.fetchOidcConfig(index$2.getDiscoveryEndpoint(this.logtoConfig.endpoint), this.adapter.requester);
-        });
-    }
-    async #getJwtVerifyGetKey() {
-        const { jwksUri } = await this.getOidcConfig();
-        if (!this.adapter.unstable_cache) {
-            return jose.createRemoteJWKSet(new URL(jwksUri));
-        }
-        const cachedJwkSet = new remoteJwkSet.CachedRemoteJwkSet(new URL(jwksUri), this.adapter);
-        return async (...args) => cachedJwkSet.getKey(...args);
-    }
-    async #getAccessToken(resource, organizationId) {
-        if (!(await this.isAuthenticated())) {
-            throw new errors.LogtoClientError('not_authenticated');
-        }
-        const accessTokenKey = index$2.buildAccessTokenKey(resource, organizationId);
-        const accessToken = this.accessTokenMap.get(accessTokenKey);
-        if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
-            return accessToken.token;
-        }
-        // Since the access token has expired, delete it from the map.
-        if (accessToken) {
-            this.accessTokenMap.delete(accessTokenKey);
-        }
-        /**
-         * Need to fetch a new access token using refresh token.
-         */
-        return this.getAccessTokenByRefreshToken(resource, organizationId);
-    }
-    async #getOrganizationToken(organizationId) {
-        if (!this.logtoConfig.scopes?.includes(js.UserScope.Organizations)) {
-            throw new errors.LogtoClientError('missing_scope_organizations');
-        }
-        return this.getAccessToken(undefined, organizationId);
-    }
-    async #handleSignInCallback(callbackUri) {
-        const { requester } = this.adapter;
-        const signInSession = await this.getSignInSession();
-        if (!signInSession) {
-            throw new errors.LogtoClientError('sign_in_session.not_found');
-        }
-        const { redirectUri, state, codeVerifier } = signInSession;
-        const code = js.verifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state);
-        // NOTE: Will add scope to accessTokenKey when needed. (Linear issue LOG-1589)
-        const accessTokenKey = index$2.buildAccessTokenKey();
-        const { appId: clientId } = this.logtoConfig;
-        const { tokenEndpoint } = await this.getOidcConfig();
-        const requestedAt = Math.round(Date.now() / 1000);
-        const { idToken, refreshToken, accessToken, scope, expiresIn } = await js.fetchTokenByAuthorizationCode({
-            clientId,
-            tokenEndpoint,
-            redirectUri,
-            codeVerifier,
-            code,
-        }, requester);
-        await this.verifyIdToken(idToken);
-        await this.setRefreshToken(refreshToken ?? null);
-        await this.setIdToken(idToken);
-        this.accessTokenMap.set(accessTokenKey, {
-            token: accessToken,
-            scope,
-            /** The `expiresAt` variable provides an approximate estimation of the actual `exp` property
-             * in the token claims. It is utilized by the client to determine if the cached access token
-             * has expired and when a new access token should be requested.
-             */
-            expiresAt: requestedAt + expiresIn,
-        });
-        await this.saveAccessTokenMap();
-        await this.setSignInSession(null);
+class LogtoClient extends client.StandardLogtoClient {
+    constructor(logtoConfig, adapter, buildJwtVerifier) {
+        super(logtoConfig, adapter, buildJwtVerifier ?? ((client) => new defaults.DefaultJwtVerifier(client)));
     }
 }
-/* eslint-enable max-lines */
 
+exports.StandardLogtoClient = client.StandardLogtoClient;
 Object.defineProperty(exports, "LogtoError", {
     enumerable: true,
     get: function () { return js.LogtoError; }
@@ -436,9 +66,6 @@ Object.defineProperty(exports, "organizationUrnPrefix", {
     get: function () { return js.organizationUrnPrefix; }
 });
 exports.LogtoClientError = errors.LogtoClientError;
-exports.isLogtoAccessTokenMap = index.isLogtoAccessTokenMap;
-exports.isLogtoSignInSessionItem = index.isLogtoSignInSessionItem;
-exports.normalizeLogtoConfig = index.normalizeLogtoConfig;
 Object.defineProperty(exports, "CacheKey", {
     enumerable: true,
     get: function () { return types.CacheKey; }
@@ -448,4 +75,7 @@ Object.defineProperty(exports, "PersistKey", {
     get: function () { return types.PersistKey; }
 });
 exports.createRequester = requester.createRequester;
+exports.isLogtoAccessTokenMap = index.isLogtoAccessTokenMap;
+exports.isLogtoSignInSessionItem = index.isLogtoSignInSessionItem;
+exports.normalizeLogtoConfig = index.normalizeLogtoConfig;
 exports.default = LogtoClient;

package/lib/index.d.ts

@@ -1,15 +1,7 @@
-import { type IdTokenClaims, type UserInfoResponse, type InteractionMode, type AccessTokenClaims, type OidcConfigResponse } from '@logto/js';
-import { type Nullable } from '@silverhand/essentials';
-import { type JWTVerifyGetKey } from 'jose';
-import { ClientAdapterInstance, type ClientAdapter } from './adapter/index.js';
-import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types/index.js';
-export type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';
-export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, ReservedResource, UserScope, organizationUrnPrefix, buildOrganizationUrn, getOrganizationIdFromUrn, } from '@logto/js';
-export * from './errors.js';
-export type { Storage, StorageKey, ClientAdapter } from './adapter/index.js';
-export { PersistKey, CacheKey } from './adapter/index.js';
-export { createRequester } from './utils/index.js';
-export * from './types/index.js';
+import { type ClientAdapter, type JwtVerifier } from './adapter/index.js';
+import { StandardLogtoClient } from './client.js';
+import type { LogtoConfig } from './types/index.js';
+export * from './shim.js';
 /**
  * The Logto base client class that provides the essential methods for
  * interacting with the Logto server.
@@ -17,141 +9,6 @@ export * from './types/index.js';
  * It also provides an adapter object that allows the customizations of the
  * client behavior for different environments.
  */
-export default class LogtoClient {
-    #private;
-    readonly logtoConfig: LogtoConfig;
-    /**
-     * Get the OIDC configuration from the discovery endpoint. This method will
-     * only fetch the configuration once and cache the result.
-     */
-    readonly getOidcConfig: () => Promise<OidcConfigResponse>;
-    /**
-     * Get the access token from the storage with refresh strategy.
-     *
-     * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
-     * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
-     *
-     * If you want to get the access token claims, use {@link getAccessTokenClaims} instead.
-     *
-     * @param resource The resource that the access token is granted for. If not
-     * specified, the access token will be used for OpenID Connect or the default
-     * resource, as specified in the Logto Console.
-     * @returns The access token string.
-     * @throws LogtoClientError if the user is not authenticated.
-     */
-    readonly getAccessToken: (this: unknown, resource?: string | undefined, organizationId?: string | undefined) => Promise<string>;
-    /**
-     * Get the access token for the specified organization from the storage with refresh strategy.
-     *
-     * Scope {@link UserScope.Organizations} is required in the config to use organization-related
-     * methods.
-     *
-     * @param organizationId The ID of the organization that the access token is granted for.
-     * @returns The access token string.
-     * @throws LogtoClientError if the user is not authenticated.
-     * @remarks
-     * It uses the same refresh strategy as {@link getAccessToken}.
-     */
-    readonly getOrganizationToken: (this: unknown, organizationId: string) => Promise<string>;
-    /**
-     * Handle the sign-in callback by parsing the authorization code from the
-     * callback URI and exchanging it for the tokens.
-     *
-     * @param callbackUri The callback URI, including the search params, that the user is redirected to after the sign-in flow is completed.
-     * The origin and pathname of this URI must match the origin and pathname of the redirect URI specified in {@link signIn}.
-     * In many cases you'll probably end up passing `window.location.href` as the argument to this function.
-     * @throws LogtoClientError if the sign-in session is not found.
-     */
-    readonly handleSignInCallback: (this: unknown, callbackUri: string) => Promise<void>;
-    protected readonly getJwtVerifyGetKey: (...args: unknown[]) => Promise<JWTVerifyGetKey>;
-    protected readonly adapter: ClientAdapterInstance;
-    protected readonly accessTokenMap: Map<string, AccessToken>;
-    constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter);
-    /**
-     * Check if the user is authenticated by checking if the ID token exists.
-     */
-    isAuthenticated(): Promise<boolean>;
-    /**
-     * Get the Refresh Token from the storage.
-     */
-    getRefreshToken(): Promise<Nullable<string>>;
-    /**
-     * Get the ID Token from the storage. If you want to get the ID Token claims,
-     * use {@link getIdTokenClaims} instead.
-     */
-    getIdToken(): Promise<Nullable<string>>;
-    /**
-     * Get the ID Token claims.
-     */
-    getIdTokenClaims(): Promise<IdTokenClaims>;
-    /**
-     * Get the access token claims for the specified resource.
-     *
-     * @param resource The resource that the access token is granted for. If not
-     * specified, the access token will be used for OpenID Connect or the default
-     * resource, as specified in the Logto Console.
-     */
-    getAccessTokenClaims(resource?: string): Promise<AccessTokenClaims>;
-    /**
-     * Get the organization token claims for the specified organization.
-     *
-     * @param organizationId The ID of the organization that the access token is granted for.
-     */
-    getOrganizationTokenClaims(organizationId: string): Promise<AccessTokenClaims>;
-    /**
-     * Get the user information from the Userinfo Endpoint.
-     *
-     * Note the Userinfo Endpoint will return more claims than the ID Token. See
-     * {@link https://docs.logto.io/docs/recipes/integrate-logto/vanilla-js/#fetch-user-information | Fetch user information}
-     * for more information.
-     *
-     * @returns The user information.
-     * @throws LogtoClientError if the user is not authenticated.
-     */
-    fetchUserInfo(): Promise<UserInfoResponse>;
-    /**
-     * Start the sign-in flow with the specified redirect URI. The URI must be
-     * registered in the Logto Console.
-     *
-     * The user will be redirected to that URI after the sign-in flow is completed,
-     * and the client will be able to get the authorization code from the URI.
-     * To fetch the tokens from the authorization code, use {@link handleSignInCallback}
-     * after the user is redirected in the callback URI.
-     *
-     * @param redirectUri The redirect URI that the user will be redirected to after the sign-in flow is completed.
-     * @param interactionMode The interaction mode to be used for the authorization request. Note it's not
-     * a part of the OIDC standard, but a Logto-specific extension. Defaults to `signIn`.
-     *
-     * @see {@link https://docs.logto.io/docs/recipes/integrate-logto/vanilla-js/#sign-in | Sign in} for more information.
-     * @see {@link InteractionMode}
-     */
-    signIn(redirectUri: string, interactionMode?: InteractionMode): Promise<void>;
-    /**
-     * Check if the user is redirected from the sign-in page by checking if the
-     * current URL matches the redirect URI in the sign-in session.
-     *
-     * If there's no sign-in session, it will return `false`.
-     *
-     * @param url The current URL.
-     */
-    isSignInRedirected(url: string): Promise<boolean>;
-    /**
-     * Start the sign-out flow with the specified redirect URI. The URI must be
-     * registered in the Logto Console.
-     *
-     * It will also revoke all the tokens and clean up the storage.
-     *
-     * The user will be redirected that URI after the sign-out flow is completed.
-     * If the `postLogoutRedirectUri` is not specified, the user will be redirected
-     * to a default page.
-     */
-    signOut(postLogoutRedirectUri?: string): Promise<void>;
-    protected getSignInSession(): Promise<Nullable<LogtoSignInSessionItem>>;
-    protected setSignInSession(value: Nullable<LogtoSignInSessionItem>): Promise<void>;
-    private setIdToken;
-    private setRefreshToken;
-    private getAccessTokenByRefreshToken;
-    private verifyIdToken;
-    private saveAccessTokenMap;
-    private loadAccessTokenMap;
+export default class LogtoClient extends StandardLogtoClient {
+    constructor(logtoConfig: LogtoConfig, adapter: ClientAdapter, buildJwtVerifier?: (client: StandardLogtoClient) => JwtVerifier);
 }