npm - @logto/js - Versions diffs - 0.2.0 → 1.0.0-alpha.1 - Mend

@logto/js 0.2.0 → 1.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/lib/index.d.ts +187 -3
package/lib/index.d.ts.map +1 -0
package/lib/index.js +361 -16
package/lib/index.js.map +1 -0
package/lib/module.js +356 -0
package/lib/module.js.map +1 -0
package/package.json +15 -5
package/lib/consts/index.d.ts +0 -34
package/lib/consts/index.js +0 -38
package/lib/core/fetch-token.d.ts +0 -36
package/lib/core/fetch-token.js +0 -45
package/lib/core/index.d.ts +0 -5
package/lib/core/index.js +0 -17
package/lib/core/oidc-config.d.ts +0 -14
package/lib/core/oidc-config.js +0 -10
package/lib/core/revoke.d.ts +0 -2
package/lib/core/revoke.js +0 -13
package/lib/core/sign-in.d.ts +0 -12
package/lib/core/sign-in.js +0 -24
package/lib/core/sign-out.d.ts +0 -7
package/lib/core/sign-out.js +0 -12
package/lib/utils/callback-uri.d.ts +0 -2
package/lib/utils/callback-uri.js +0 -36
package/lib/utils/errors.d.ts +0 -33
package/lib/utils/errors.js +0 -54
package/lib/utils/generators.d.ts +0 -18
package/lib/utils/generators.js +0 -34
package/lib/utils/id-token.d.ts +0 -32
package/lib/utils/id-token.js +0 -60
package/lib/utils/index.d.ts +0 -6
package/lib/utils/index.js +0 -18
package/lib/utils/requester.d.ts +0 -2
package/lib/utils/requester.js +0 -20
package/lib/utils/scopes.d.ts +0 -5
package/lib/utils/scopes.js +0 -12

package/lib/index.d.ts CHANGED Viewed

@@ -1,3 +1,187 @@
-export * from './core';
-export * from './utils';
-export * from './consts';
+import { NormalizeKeyPaths, KeysToCamelCase } from "@silverhand/essentials";
+import { JWTVerifyGetKey } from "jose";
+import * as s from "superstruct";
+export const ContentType: {
+    formUrlEncoded: {
+        'Content-Type': string;
+    };
+};
+export enum TokenGrantType {
+    AuthorizationCode = "authorization_code",
+    RefreshToken = "refresh_token"
+}
+export enum QueryKey {
+    ClientId = "client_id",
+    Code = "code",
+    CodeChallenge = "code_challenge",
+    CodeChallengeMethod = "code_challenge_method",
+    CodeVerifier = "code_verifier",
+    Error = "error",
+    ErrorDescription = "error_description",
+    GrantType = "grant_type",
+    IdToken = "id_token",
+    IdTokenHint = "id_token_hint",
+    PostLogoutRedirectUri = "post_logout_redirect_uri",
+    Prompt = "prompt",
+    RedirectUri = "redirect_uri",
+    RefreshToken = "refresh_token",
+    Resource = "resource",
+    ResponseType = "response_type",
+    Scope = "scope",
+    State = "state",
+    Token = "token"
+}
+export enum Prompt {
+    Consent = "consent",
+    Login = "login"
+}
+declare const logtoErrorCodes: Readonly<{
+    id_token: {
+        invalid_iat: string;
+        invalid_token: string;
+    };
+    callback_uri_verification: {
+        redirect_uri_mismatched: string;
+        error_found: string;
+        missing_state: string;
+        state_mismatched: string;
+        missing_code: string;
+    };
+    requester: {
+        not_provide_fetch: string;
+    };
+}>;
+export type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;
+export class LogtoError extends Error {
+    code: LogtoErrorCode;
+    data: unknown;
+    constructor(code: LogtoErrorCode, data?: unknown);
+}
+export class LogtoRequestError extends Error {
+    code: string;
+    constructor(code: string, message: string);
+}
+export class OidcError {
+    error: string;
+    errorDescription?: string;
+    constructor(error: string, errorDescription?: string);
+}
+export const parseUriParameters: (uri: string) => URLSearchParams;
+export const verifyAndParseCodeFromCallbackUri: (callbackUri: string, redirectUri: string, state: string) => string;
+/**
+ * Generates random string for state and encodes them in url safe base64
+ */
+export const generateState: () => string;
+/**
+ * Generates code verifier
+ *
+ * @link [Client Creates a Code Verifier](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
+ */
+export const generateCodeVerifier: () => string;
+/**
+ * Calculates the S256 PKCE code challenge for an arbitrary code verifier and encodes it in url safe base64
+ *
+ * @param {String} codeVerifier Code verifier to calculate the S256 code challenge for
+ * @link [Client Creates the Code Challenge](https://datatracker.ietf.org/doc/html/rfc7636#section-4.2)
+ */
+export const generateCodeChallenge: (codeVerifier: string) => Promise<string>;
+/**
+ * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
+ */
+declare const IdTokenClaimsSchema: s.Struct<{
+    iss: string;
+    sub: string;
+    aud: string;
+    exp: number;
+    iat: number;
+    at_hash?: string | null | undefined;
+    name?: string | null | undefined;
+    username?: string | null | undefined;
+    avatar?: string | null | undefined;
+    role_names?: string[] | null | undefined;
+}, {
+    iss: s.Struct<string, null>;
+    sub: s.Struct<string, null>;
+    aud: s.Struct<string, null>;
+    exp: s.Struct<number, null>;
+    iat: s.Struct<number, null>;
+    at_hash: s.Struct<string | null | undefined, null>;
+    name: s.Struct<string | null | undefined, null>;
+    username: s.Struct<string | null | undefined, null>;
+    avatar: s.Struct<string | null | undefined, null>;
+    role_names: s.Struct<string[] | null | undefined, s.Struct<string, null>>;
+}>;
+export type IdTokenClaims = s.Infer<typeof IdTokenClaimsSchema>;
+export const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>;
+export const decodeIdToken: (token: string) => IdTokenClaims;
+export const createRequester: (fetchFunction?: typeof fetch | undefined) => <T>(input: RequestInfo, init?: RequestInit | undefined) => Promise<T>;
+export type Requester = ReturnType<typeof createRequester>;
+/**
+ * @param originalScopes
+ * @return scopes should contain all reserved scopes ( Logto requires `openid` and `offline_access` )
+ */
+export const withReservedScopes: (originalScopes?: string[] | undefined) => string;
+export type FetchTokenByAuthorizationCodeParameters = {
+    clientId: string;
+    tokenEndpoint: string;
+    redirectUri: string;
+    codeVerifier: string;
+    code: string;
+    resource?: string;
+};
+export type FetchTokenByRefreshTokenParameters = {
+    clientId: string;
+    tokenEndpoint: string;
+    refreshToken: string;
+    resource?: string;
+    scopes?: string[];
+};
+type SnakeCaseCodeTokenResponse = {
+    access_token: string;
+    refresh_token?: string;
+    id_token: string;
+    scope: string;
+    expires_in: number;
+};
+export type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;
+type SnakeCaseRefreshTokenTokenResponse = {
+    access_token: string;
+    refresh_token: string;
+    id_token?: string;
+    scope: string;
+    expires_in: number;
+};
+export type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;
+export const fetchTokenByAuthorizationCode: ({ clientId, tokenEndpoint, redirectUri, codeVerifier, code, resource, }: FetchTokenByAuthorizationCodeParameters, requester: Requester) => Promise<CodeTokenResponse>;
+export const fetchTokenByRefreshToken: ({ clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters, requester: Requester) => Promise<RefreshTokenTokenResponse>;
+type OidcConfigSnakeCaseResponse = {
+    authorization_endpoint: string;
+    token_endpoint: string;
+    end_session_endpoint: string;
+    revocation_endpoint: string;
+    jwks_uri: string;
+    issuer: string;
+};
+export const discoveryPath = "/oidc/.well-known/openid-configuration";
+export type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;
+export const fetchOidcConfig: (endpoint: string, requester: Requester) => Promise<OidcConfigResponse>;
+export const revoke: (revocationEndpoint: string, clientId: string, token: string, requester: Requester) => Promise<void>;
+export type SignInUriParameters = {
+    authorizationEndpoint: string;
+    clientId: string;
+    redirectUri: string;
+    codeChallenge: string;
+    state: string;
+    scopes?: string[];
+    resources?: string[];
+    prompt?: Prompt;
+};
+export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, }: SignInUriParameters) => string;
+type SignOutUriParameters = {
+    endSessionEndpoint: string;
+    idToken: string;
+    postLogoutRedirectUri?: string;
+};
+export const generateSignOutUri: ({ endSessionEndpoint, idToken, postLogoutRedirectUri, }: SignOutUriParameters) => string;
+//# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"mappings":";;;AAAA,OAAO,MAAM;;;;CAEZ,CAAC;AAEF;IACE,iBAAiB,uBAAuB;IACxC,YAAY,kBAAkB;CAC/B;AAED;IACE,QAAQ,cAAc;IACtB,IAAI,SAAS;IACb,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,gBAAgB,sBAAsB;IACtC,SAAS,eAAe;IACxB,OAAO,aAAa;IACpB,WAAW,kBAAkB;IAC7B,qBAAqB,6BAA6B;IAClD,iBAAiB;IACjB,WAAW,iBAAiB;IAC5B,YAAY,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;CAChB;AAED;IACE,OAAO,YAAY;IACnB,KAAK,UAAU;CAChB;AC/BD,QAAA,MAAM;;;;;;;;;;;;;;;EAeJ,CAAC;AAEH,6BAA6B,kBAAkB,sBAAsB,CAAC,CAAC;AAcvE,uBAAwB,SAAQ,KAAK;IACnC,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,OAAO;CAKjD;AAED,8BAA+B,SAAQ,KAAK;IAC1C,IAAI,EAAE,MAAM,CAAC;gBAED,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI1C;AAED;IACE,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAC;gBAEd,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM;CAIrD;ACzDD,OAAO,MAAM,0BAA2B,MAAM,oBAI7C,CAAC;AAGF,OAAO,MAAM,iDACE,MAAM,eACN,MAAM,SACZ,MAAM,WAkCd,CAAC;ACvCF;;GAEG;AACH,OAAO,MAAM,2BAA4C,CAAC;AAE1D;;;;GAIG;AACH,OAAO,MAAM,kCAAmD,CAAC;AAEjE;;;;;GAKG;AACH,OAAO,MAAM,sCAA6C,MAAM,KAAG,QAAQ,MAAM,CAMhF,CAAC;AC1BF;;GAEG;AACH,QAAA,MAAM;;;;;;;;;;;;;;;;;;;;;;EAWJ,CAAC;AAEH,4BAA4B,EAAE,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAEhE,OAAO,MAAM,yBACF,MAAM,YACL,MAAM,UACR,MAAM,QACR,eAAe,kBAOtB,CAAC;AAEF,OAAO,MAAM,uBAAwB,MAAM,KAAG,aAY7C,CAAC;AC1CF,OAAO,MAAM,oIAgBZ,CAAC;AAEF,wBAAwB,UAAU,CAAC,sBAAsB,CAAC,CAAC;AC3B3D;;;GAGG;AACH,OAAO,MAAM,+DAAkD,MAI9D,CAAC;AEFF,sDAAsD;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,iDAAiD;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,kCAAkC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,gCAAgC,gBAAgB,0BAA0B,CAAC,CAAC;AAE5E,0CAA0C;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wCAAwC,gBAAgB,kCAAkC,CAAC,CAAC;AAE5F,OAAO,MAAM,yGAQR,uCAAuC,aAC/B,SAAS,KACnB,QAAQ,iBAAiB,CAmB3B,CAAC;AAEF,OAAO,MAAM,wFACkD,kCAAkC,aACpF,SAAS,KACnB,QAAQ,yBAAyB,CAwBnC,CAAC;AChGF,mCAAmC;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,OAAO,MAAM,wDAAwD,CAAC;AAEtE,iCAAiC,gBAAgB,2BAA2B,CAAC,CAAC;AAE9E,OAAO,MAAM,4BACD,MAAM,aACL,SAAS,KACnB,QAAQ,kBAAkB,CAC0C,CAAC;ACnBxE,OAAO,MAAM,6BACS,MAAM,YAChB,MAAM,SACT,MAAM,aACF,SAAS,KACnB,QAAQ,IAAI,CAQX,CAAC;ACVL,kCAAkC;IAChC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,OAAO,MAAM,wHASV,mBAAmB,WAiBrB,CAAC;ACzCF,4BAA4B;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,MAAM,8EAIV,oBAAoB,WAQtB,CAAC","sources":["packages/js/src/src/consts/index.ts","packages/js/src/src/utils/errors.ts","packages/js/src/src/utils/callback-uri.ts","packages/js/src/src/utils/generators.ts","packages/js/src/src/utils/id-token.ts","packages/js/src/src/utils/requester.ts","packages/js/src/src/utils/scopes.ts","packages/js/src/src/utils/index.ts","packages/js/src/src/core/fetch-token.ts","packages/js/src/src/core/oidc-config.ts","packages/js/src/src/core/revoke.ts","packages/js/src/src/core/sign-in.ts","packages/js/src/src/core/sign-out.ts","packages/js/src/src/core/index.ts","packages/js/src/src/index.ts","packages/js/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,"/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\n"],"names":[],"version":3,"file":"index.d.ts.map"}

package/lib/index.js CHANGED Viewed

@@ -1,16 +1,361 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-/* istanbul ignore file */
-__exportStar(require("./core"), exports);
-__exportStar(require("./utils"), exports);
-__exportStar(require("./consts"), exports);
+var $eVySA$camelcasekeys = require("camelcase-keys");
+var $eVySA$silverhandessentials = require("@silverhand/essentials");
+var $eVySA$lodashget = require("lodash.get");
+var $eVySA$jsbase64 = require("js-base64");
+var $eVySA$jose = require("jose");
+var $eVySA$superstruct = require("superstruct");
+function $parcel$exportWildcard(dest, source) {
+  Object.keys(source).forEach(function(key) {
+    if (key === 'default' || key === '__esModule' || dest.hasOwnProperty(key)) {
+      return;
+    }
+    Object.defineProperty(dest, key, {
+      enumerable: true,
+      get: function get() {
+        return source[key];
+      }
+    });
+  });
+  return dest;
+}
+function $parcel$interopDefault(a) {
+  return a && a.__esModule ? a.default : a;
+}
+function $parcel$export(e, n, v, s) {
+  Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
+}
+var $a722dce254028e46$exports = {};
+var $e6b305c1e572373d$exports = {};
+$parcel$export($e6b305c1e572373d$exports, "fetchTokenByAuthorizationCode", () => $e6b305c1e572373d$export$684f740cd70532d4);
+$parcel$export($e6b305c1e572373d$exports, "fetchTokenByRefreshToken", () => $e6b305c1e572373d$export$9909137b467efb8b);
+var $5c367c11270b61f6$exports = {};
+$parcel$export($5c367c11270b61f6$exports, "ContentType", () => $5c367c11270b61f6$export$e2e108cbe2e4f865);
+$parcel$export($5c367c11270b61f6$exports, "TokenGrantType", () => $5c367c11270b61f6$export$3f2aafdd1ccae76c);
+$parcel$export($5c367c11270b61f6$exports, "QueryKey", () => $5c367c11270b61f6$export$65f63a8bc3cba53d);
+$parcel$export($5c367c11270b61f6$exports, "Prompt", () => $5c367c11270b61f6$export$83716a4aa1642908);
+const $5c367c11270b61f6$export$e2e108cbe2e4f865 = {
+    formUrlEncoded: {
+        "Content-Type": "application/x-www-form-urlencoded"
+    }
+};
+let $5c367c11270b61f6$export$3f2aafdd1ccae76c;
+(function(TokenGrantType1) {
+    TokenGrantType1["AuthorizationCode"] = "authorization_code";
+    TokenGrantType1["RefreshToken"] = "refresh_token";
+})($5c367c11270b61f6$export$3f2aafdd1ccae76c || ($5c367c11270b61f6$export$3f2aafdd1ccae76c = {}));
+let $5c367c11270b61f6$export$65f63a8bc3cba53d;
+(function(QueryKey1) {
+    QueryKey1["ClientId"] = "client_id";
+    QueryKey1["Code"] = "code";
+    QueryKey1["CodeChallenge"] = "code_challenge";
+    QueryKey1["CodeChallengeMethod"] = "code_challenge_method";
+    QueryKey1["CodeVerifier"] = "code_verifier";
+    QueryKey1["Error"] = "error";
+    QueryKey1["ErrorDescription"] = "error_description";
+    QueryKey1["GrantType"] = "grant_type";
+    QueryKey1["IdToken"] = "id_token";
+    QueryKey1["IdTokenHint"] = "id_token_hint";
+    QueryKey1["PostLogoutRedirectUri"] = "post_logout_redirect_uri";
+    QueryKey1["Prompt"] = "prompt";
+    QueryKey1["RedirectUri"] = "redirect_uri";
+    QueryKey1["RefreshToken"] = "refresh_token";
+    QueryKey1["Resource"] = "resource";
+    QueryKey1["ResponseType"] = "response_type";
+    QueryKey1["Scope"] = "scope";
+    QueryKey1["State"] = "state";
+    QueryKey1["Token"] = "token";
+})($5c367c11270b61f6$export$65f63a8bc3cba53d || ($5c367c11270b61f6$export$65f63a8bc3cba53d = {}));
+let $5c367c11270b61f6$export$83716a4aa1642908;
+(function(Prompt1) {
+    Prompt1["Consent"] = "consent";
+    Prompt1["Login"] = "login";
+})($5c367c11270b61f6$export$83716a4aa1642908 || ($5c367c11270b61f6$export$83716a4aa1642908 = {}));
+const $e6b305c1e572373d$export$684f740cd70532d4 = async ({ clientId: clientId , tokenEndpoint: tokenEndpoint , redirectUri: redirectUri , codeVerifier: codeVerifier , code: code , resource: resource  }, requester)=>{
+    const parameters = new URLSearchParams();
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId, clientId);
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Code, code);
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).CodeVerifier, codeVerifier);
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RedirectUri, redirectUri);
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).GrantType, (0, $5c367c11270b61f6$export$3f2aafdd1ccae76c).AuthorizationCode);
+    if (resource) parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
+    const snakeCaseCodeTokenResponse = await requester(tokenEndpoint, {
+        method: "POST",
+        headers: (0, $5c367c11270b61f6$export$e2e108cbe2e4f865).formUrlEncoded,
+        body: parameters
+    });
+    return (0, ($parcel$interopDefault($eVySA$camelcasekeys)))(snakeCaseCodeTokenResponse);
+};
+const $e6b305c1e572373d$export$9909137b467efb8b = async ({ clientId: clientId , tokenEndpoint: tokenEndpoint , refreshToken: refreshToken , resource: resource , scopes: scopes  }, requester)=>{
+    const parameters = new URLSearchParams();
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId, clientId);
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RefreshToken, refreshToken);
+    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).GrantType, (0, $5c367c11270b61f6$export$3f2aafdd1ccae76c).RefreshToken);
+    if (resource) parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
+    if (scopes?.length) parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Scope, scopes.join(" "));
+    const snakeCaseRefreshTokenTokenResponse = await requester(tokenEndpoint, {
+        method: "POST",
+        headers: (0, $5c367c11270b61f6$export$e2e108cbe2e4f865).formUrlEncoded,
+        body: parameters
+    });
+    return (0, ($parcel$interopDefault($eVySA$camelcasekeys)))(snakeCaseRefreshTokenTokenResponse);
+};
+var $945b1d0ce7f8f44a$exports = {};
+$parcel$export($945b1d0ce7f8f44a$exports, "discoveryPath", () => $945b1d0ce7f8f44a$export$815bda5ead26b243);
+$parcel$export($945b1d0ce7f8f44a$exports, "fetchOidcConfig", () => $945b1d0ce7f8f44a$export$98242d8e822ad11f);
+const $945b1d0ce7f8f44a$export$815bda5ead26b243 = "/oidc/.well-known/openid-configuration";
+const $945b1d0ce7f8f44a$export$98242d8e822ad11f = async (endpoint, requester)=>(0, ($parcel$interopDefault($eVySA$camelcasekeys)))(await requester(endpoint));
+var $de840481123b2c25$exports = {};
+$parcel$export($de840481123b2c25$exports, "revoke", () => $de840481123b2c25$export$573f8dbbf6fbef75);
+const $de840481123b2c25$export$573f8dbbf6fbef75 = async (revocationEndpoint, clientId, token, requester)=>requester(revocationEndpoint, {
+        method: "POST",
+        headers: (0, $5c367c11270b61f6$export$e2e108cbe2e4f865).formUrlEncoded,
+        body: new URLSearchParams({
+            [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId,
+            [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Token]: token
+        })
+    });
+var $1e17092ca3413c94$exports = {};
+$parcel$export($1e17092ca3413c94$exports, "generateSignInUri", () => $1e17092ca3413c94$export$b01a187f12b774c6);
+var $10615ba3cc8a78f8$exports = {};
+var $d3a7a037fd1d9433$exports = {};
+$parcel$export($d3a7a037fd1d9433$exports, "parseUriParameters", () => $d3a7a037fd1d9433$export$4851e69315d5b72c);
+$parcel$export($d3a7a037fd1d9433$exports, "verifyAndParseCodeFromCallbackUri", () => $d3a7a037fd1d9433$export$dc3fae3c99763885);
+var $47fe17290a91cd19$exports = {};
+$parcel$export($47fe17290a91cd19$exports, "LogtoError", () => $47fe17290a91cd19$export$ba60d77e6748b659);
+$parcel$export($47fe17290a91cd19$exports, "LogtoRequestError", () => $47fe17290a91cd19$export$e6e15b8ba42b9b70);
+$parcel$export($47fe17290a91cd19$exports, "OidcError", () => $47fe17290a91cd19$export$d4832bcf9ce430e0);
+const $47fe17290a91cd19$var$logtoErrorCodes = Object.freeze({
+    id_token: {
+        invalid_iat: "Invalid issued at time",
+        invalid_token: "Invalid token"
+    },
+    callback_uri_verification: {
+        redirect_uri_mismatched: "Redirect URI mismatched",
+        error_found: "Error found",
+        missing_state: "Missing state",
+        state_mismatched: "State mismatched",
+        missing_code: "Missing code"
+    },
+    requester: {
+        not_provide_fetch: "Should provide a fetch function under Node.js"
+    }
+});
+const $47fe17290a91cd19$var$getMessageByErrorCode = (errorCode)=>{
+    // TODO: linear issue LOG-1419
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const message = (0, ($parcel$interopDefault($eVySA$lodashget)))($47fe17290a91cd19$var$logtoErrorCodes, errorCode);
+    if (typeof message === "string") return message;
+    return errorCode;
+};
+class $47fe17290a91cd19$export$ba60d77e6748b659 extends Error {
+    constructor(code, data){
+        super($47fe17290a91cd19$var$getMessageByErrorCode(code));
+        this.code = code;
+        this.data = data;
+    }
+}
+class $47fe17290a91cd19$export$e6e15b8ba42b9b70 extends Error {
+    constructor(code, message){
+        super(message);
+        this.code = code;
+    }
+}
+class $47fe17290a91cd19$export$d4832bcf9ce430e0 {
+    constructor(error, errorDescription){
+        this.error = error;
+        this.errorDescription = errorDescription;
+    }
+}
+const $d3a7a037fd1d9433$export$4851e69315d5b72c = (uri)=>{
+    const [, queryString = ""] = uri.split("?");
+    return new URLSearchParams(queryString);
+};
+const $d3a7a037fd1d9433$export$dc3fae3c99763885 = (callbackUri, redirectUri, state)=>{
+    if (!callbackUri.startsWith(redirectUri)) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.redirect_uri_mismatched");
+    const uriParameters = $d3a7a037fd1d9433$export$4851e69315d5b72c(callbackUri);
+    const error = (0, $eVySA$silverhandessentials.conditional)(uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Error));
+    const errorDescription = (0, $eVySA$silverhandessentials.conditional)(uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ErrorDescription));
+    if (error) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.error_found", new (0, $47fe17290a91cd19$export$d4832bcf9ce430e0)(error, errorDescription));
+    const stateFromCallbackUri = uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).State);
+    if (!stateFromCallbackUri) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.missing_state");
+    if (stateFromCallbackUri !== state) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.state_mismatched");
+    const code = uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Code);
+    if (!code) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.missing_code");
+    return code;
+};
+var $06fff6f93a1f66aa$exports = {};
+$parcel$export($06fff6f93a1f66aa$exports, "generateState", () => $06fff6f93a1f66aa$export$9ccd2716e53a229b);
+$parcel$export($06fff6f93a1f66aa$exports, "generateCodeVerifier", () => $06fff6f93a1f66aa$export$cf1891f923f5943a);
+$parcel$export($06fff6f93a1f66aa$exports, "generateCodeChallenge", () => $06fff6f93a1f66aa$export$414b01b1f867308a);
+/**
+ * @param length The length of the raw random data.
+ */ const $06fff6f93a1f66aa$var$generateRandomString = (length = 64)=>(0, $eVySA$jsbase64.fromUint8Array)(crypto.getRandomValues(new Uint8Array(length)), true);
+const $06fff6f93a1f66aa$export$9ccd2716e53a229b = ()=>$06fff6f93a1f66aa$var$generateRandomString();
+const $06fff6f93a1f66aa$export$cf1891f923f5943a = ()=>$06fff6f93a1f66aa$var$generateRandomString();
+const $06fff6f93a1f66aa$export$414b01b1f867308a = async (codeVerifier)=>{
+    const encodedCodeVerifier = new TextEncoder().encode(codeVerifier);
+    // TODO: crypto related to linear issue LOG-1517
+    const codeChallenge = new Uint8Array(await crypto.subtle.digest("SHA-256", encodedCodeVerifier));
+    return (0, $eVySA$jsbase64.fromUint8Array)(codeChallenge, true);
+};
+var $c2fd0c04c48199e2$exports = {};
+$parcel$export($c2fd0c04c48199e2$exports, "verifyIdToken", () => $c2fd0c04c48199e2$export$b5b3317c8aecbcd5);
+$parcel$export($c2fd0c04c48199e2$exports, "decodeIdToken", () => $c2fd0c04c48199e2$export$aac2d5b7f5cd16d5);
+const $c2fd0c04c48199e2$var$issuedAtTimeTolerance = 60;
+/**
+ * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
+ */ const $c2fd0c04c48199e2$var$IdTokenClaimsSchema = $eVySA$superstruct.type({
+    iss: $eVySA$superstruct.string(),
+    sub: $eVySA$superstruct.string(),
+    aud: $eVySA$superstruct.string(),
+    exp: $eVySA$superstruct.number(),
+    iat: $eVySA$superstruct.number(),
+    at_hash: $eVySA$superstruct.nullable($eVySA$superstruct.optional($eVySA$superstruct.string())),
+    name: $eVySA$superstruct.nullable($eVySA$superstruct.optional($eVySA$superstruct.string())),
+    username: $eVySA$superstruct.nullable($eVySA$superstruct.optional($eVySA$superstruct.string())),
+    avatar: $eVySA$superstruct.nullable($eVySA$superstruct.optional($eVySA$superstruct.string())),
+    role_names: $eVySA$superstruct.nullable($eVySA$superstruct.optional($eVySA$superstruct.array($eVySA$superstruct.string())))
+});
+const $c2fd0c04c48199e2$export$b5b3317c8aecbcd5 = async (idToken, clientId, issuer, jwks)=>{
+    const result = await (0, $eVySA$jose.jwtVerify)(idToken, jwks, {
+        audience: clientId,
+        issuer: issuer
+    });
+    if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > $c2fd0c04c48199e2$var$issuedAtTimeTolerance) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("id_token.invalid_iat");
+};
+const $c2fd0c04c48199e2$export$aac2d5b7f5cd16d5 = (token)=>{
+    const { 1: encodedPayload  } = token.split(".");
+    if (!encodedPayload) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("id_token.invalid_token");
+    const json = (0, $eVySA$silverhandessentials.UrlSafeBase64).decode(encodedPayload);
+    const idTokenClaims = JSON.parse(json);
+    $eVySA$superstruct.assert(idTokenClaims, $c2fd0c04c48199e2$var$IdTokenClaimsSchema);
+    return idTokenClaims;
+};
+var $4eeb0328a47154bc$exports = {};
+$parcel$export($4eeb0328a47154bc$exports, "createRequester", () => $4eeb0328a47154bc$export$8d54726fdbf08e0a);
+const $4eeb0328a47154bc$export$8d54726fdbf08e0a = (fetchFunction)=>{
+    if (!fetchFunction && (0, $eVySA$silverhandessentials.isNode)()) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("requester.not_provide_fetch");
+    return async (...args)=>{
+        const response = await (fetchFunction ?? fetch)(...args);
+        if (!response.ok) {
+            // Expected request error from server
+            const { code: code , message: message  } = await response.json();
+            throw new (0, $47fe17290a91cd19$export$e6e15b8ba42b9b70)(code, message);
+        }
+        return response.json();
+    };
+};
+var $b85bdeea0b1e81a5$exports = {};
+$parcel$export($b85bdeea0b1e81a5$exports, "withReservedScopes", () => $b85bdeea0b1e81a5$export$887ed125f549a57);
+const $b85bdeea0b1e81a5$export$887ed125f549a57 = (originalScopes)=>{
+    const uniqueScopes = new Set([
+        "openid",
+        "offline_access",
+        "profile",
+        ...originalScopes ?? []
+    ]);
+    return Array.from(uniqueScopes).join(" ");
+};
+$parcel$exportWildcard($10615ba3cc8a78f8$exports, $d3a7a037fd1d9433$exports);
+$parcel$exportWildcard($10615ba3cc8a78f8$exports, $47fe17290a91cd19$exports);
+$parcel$exportWildcard($10615ba3cc8a78f8$exports, $06fff6f93a1f66aa$exports);
+$parcel$exportWildcard($10615ba3cc8a78f8$exports, $c2fd0c04c48199e2$exports);
+$parcel$exportWildcard($10615ba3cc8a78f8$exports, $4eeb0328a47154bc$exports);
+$parcel$exportWildcard($10615ba3cc8a78f8$exports, $b85bdeea0b1e81a5$exports);
+const $1e17092ca3413c94$var$codeChallengeMethod = "S256";
+const $1e17092ca3413c94$var$responseType = "code";
+const $1e17092ca3413c94$export$b01a187f12b774c6 = ({ authorizationEndpoint: authorizationEndpoint , clientId: clientId , redirectUri: redirectUri , codeChallenge: codeChallenge , state: state , scopes: scopes , resources: resources , prompt: prompt  })=>{
+    const urlSearchParameters = new URLSearchParams({
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RedirectUri]: redirectUri,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).CodeChallenge]: codeChallenge,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).CodeChallengeMethod]: $1e17092ca3413c94$var$codeChallengeMethod,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).State]: state,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ResponseType]: $1e17092ca3413c94$var$responseType,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Prompt]: prompt ?? (0, $5c367c11270b61f6$export$83716a4aa1642908).Consent,
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Scope]: (0, $b85bdeea0b1e81a5$export$887ed125f549a57)(scopes)
+    });
+    for (const resource of resources ?? [])urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
+    return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;
+};
+var $1dac903ccb175f85$exports = {};
+$parcel$export($1dac903ccb175f85$exports, "generateSignOutUri", () => $1dac903ccb175f85$export$b3c9a2bd2330de28);
+const $1dac903ccb175f85$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , idToken: idToken , postLogoutRedirectUri: postLogoutRedirectUri  })=>{
+    const urlSearchParameters = new URLSearchParams({
+        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).IdTokenHint]: idToken
+    });
+    if (postLogoutRedirectUri) urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).PostLogoutRedirectUri, postLogoutRedirectUri);
+    return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
+};
+$parcel$exportWildcard($a722dce254028e46$exports, $e6b305c1e572373d$exports);
+$parcel$exportWildcard($a722dce254028e46$exports, $945b1d0ce7f8f44a$exports);
+$parcel$exportWildcard($a722dce254028e46$exports, $de840481123b2c25$exports);
+$parcel$exportWildcard($a722dce254028e46$exports, $1e17092ca3413c94$exports);
+$parcel$exportWildcard($a722dce254028e46$exports, $1dac903ccb175f85$exports);
+$parcel$exportWildcard(module.exports, $a722dce254028e46$exports);
+$parcel$exportWildcard(module.exports, $10615ba3cc8a78f8$exports);
+$parcel$exportWildcard(module.exports, $5c367c11270b61f6$exports);
+//# sourceMappingURL=index.js.map

package/lib/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;ACAO,MAAM,yCAAW,GAAG;IACzB,cAAc,EAAE;QAAE,cAAc,EAAE,mCAAmC;KAAE;CACxE,AAAC;IAEK,yCAGN;UAHW,eAAc;IAAd,eAAc,CACxB,mBAAiB,IAAG,oBAAoB;IAD9B,eAAc,CAExB,cAAY,IAAG,eAAe;GAFpB,yCAAc,KAAd,yCAAc;IAKnB,yCAoBN;UApBW,SAAQ;IAAR,SAAQ,CAClB,UAAQ,IAAG,WAAW;IADZ,SAAQ,CAElB,MAAI,IAAG,MAAM;IAFH,SAAQ,CAGlB,eAAa,IAAG,gBAAgB;IAHtB,SAAQ,CAIlB,qBAAmB,IAAG,uBAAuB;IAJnC,SAAQ,CAKlB,cAAY,IAAG,eAAe;IALpB,SAAQ,CAMlB,OAAK,IAAG,OAAO;IANL,SAAQ,CAOlB,kBAAgB,IAAG,mBAAmB;IAP5B,SAAQ,CAQlB,WAAS,IAAG,YAAY;IARd,SAAQ,CASlB,SAAO,IAAG,UAAU;IATV,SAAQ,CAUlB,aAAW,IAAG,eAAe;IAVnB,SAAQ,CAWlB,uBAAqB,IAAG,0BAA0B;IAXxC,SAAQ,CAYlB,QAAM,IAAG,QAAQ;IAZP,SAAQ,CAalB,aAAW,IAAG,cAAc;IAblB,SAAQ,CAclB,cAAY,IAAG,eAAe;IAdpB,SAAQ,CAelB,UAAQ,IAAG,UAAU;IAfX,SAAQ,CAgBlB,cAAY,IAAG,eAAe;IAhBpB,SAAQ,CAiBlB,OAAK,IAAG,OAAO;IAjBL,SAAQ,CAkBlB,OAAK,IAAG,OAAO;IAlBL,SAAQ,CAmBlB,OAAK,IAAG,OAAO;GAnBL,yCAAQ,KAAR,yCAAQ;IAsBb,yCAGN;UAHW,OAAM;IAAN,OAAM,CAChB,SAAO,IAAG,SAAS;IADT,OAAM,CAEhB,OAAK,IAAG,OAAO;GAFL,yCAAM,KAAN,yCAAM;;;ADYX,MAAM,yCAA6B,GAAG,OAC3C,YACE,QAAQ,CAAA,iBACR,aAAa,CAAA,eACb,WAAW,CAAA,gBACX,YAAY,CAAA,QACZ,IAAI,CAAA,YACJ,QAAQ,CAAA,EACgC,EAC1C,SAAoB,GACW;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,AAAC;IACzC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IACrD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,SAAS,EAAE,CAAA,GAAA,yCAAc,CAAA,CAAC,iBAAiB,CAAC,CAAC;IAExE,IAAI,QAAQ,EACV,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAGjD,MAAM,0BAA0B,GAAG,MAAM,SAAS,CAA6B,aAAa,EAAE;QAC5F,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,UAAU;KACjB,CAAC,AAAC;IAEH,OAAO,CAAA,GAAA,8CAAa,CAAA,CAAC,0BAA0B,CAAC,CAAC;CAClD,AAAC;AAEK,MAAM,yCAAwB,GAAG,OACtC,YAAE,QAAQ,CAAA,iBAAE,aAAa,CAAA,gBAAE,YAAY,CAAA,YAAE,QAAQ,CAAA,UAAE,MAAM,CAAA,EAAsC,EAC/F,SAAoB,GACmB;IACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,AAAC;IACzC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,SAAS,EAAE,CAAA,GAAA,yCAAc,CAAA,CAAC,YAAY,CAAC,CAAC;IAEnE,IAAI,QAAQ,EACV,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAGjD,IAAI,MAAM,EAAE,MAAM,EAChB,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAGtD,MAAM,kCAAkC,GAAG,MAAM,SAAS,CACxD,aAAa,EACb;QACE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,UAAU;KACjB,CACF,AAAC;IAEF,OAAO,CAAA,GAAA,8CAAa,CAAA,CAAC,kCAAkC,CAAC,CAAC;CAC1D,AAAC;;ADrGF;;;;;AGAA;AAcO,MAAM,yCAAa,GAAG,wCAAwC,AAAC;AAI/D,MAAM,yCAAe,GAAG,OAC7B,QAAgB,EAChB,SAAoB,GAEpB,CAAA,GAAA,8CAAa,CAAA,CAAC,MAAM,SAAS,CAA8B,QAAQ,CAAC,CAAC,AAAC;;;;;;ACtBxE;AAGO,MAAM,yCAAM,GAAG,OACpB,kBAA0B,EAC1B,QAAgB,EAChB,KAAa,EACb,SAAoB,GAEpB,SAAS,CAAO,kBAAkB,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,CAAC,EAAE,QAAQ;YAC7B,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,KAAK;SACxB,CAAC;KACH,CAAC,AAAC;;;;;;AChBL;;;;;;AEAA;;;;;;;ACAA;AAGA,MAAM,qCAAe,GAAG,MAAM,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE;QACR,WAAW,EAAE,wBAAwB;QACrC,aAAa,EAAE,eAAe;KAC/B;IACD,yBAAyB,EAAE;QACzB,uBAAuB,EAAE,yBAAyB;QAClD,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,eAAe;QAC9B,gBAAgB,EAAE,kBAAkB;QACpC,YAAY,EAAE,cAAc;KAC7B;IACD,SAAS,EAAE;QACT,iBAAiB,EAAE,+CAA+C;KACnE;CACF,CAAC,AAAC;AAIH,MAAM,2CAAqB,GAAG,CAAC,SAAyB,GAAa;IACnE,8BAA8B;IAC9B,mEAAmE;IACnE,MAAM,OAAO,GAAG,CAAA,GAAA,0CAAG,CAAA,CAAC,qCAAe,EAAE,SAAS,CAAC,AAAC;IAEhD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAC7B,OAAO,OAAO,CAAC;IAGjB,OAAO,SAAS,CAAC;CAClB,AAAC;AAEK,MAAM,yCAAU,SAAS,KAAK;IAInC,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,2CAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;AAEM,MAAM,yCAAiB,SAAS,KAAK;IAG1C,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;AAEM,MAAM,yCAAS;IAIpB,YAAY,KAAa,EAAE,gBAAyB,CAAE;QACpD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;KAC1C;CACF;;;ADzDM,MAAM,yCAAkB,GAAG,CAAC,GAAW,GAAK;IACjD,MAAM,GAAG,WAAW,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;IAE5C,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;CACzC,AAAC;AAGK,MAAM,yCAAiC,GAAG,CAC/C,WAAmB,EACnB,WAAmB,EACnB,KAAa,GACV;IACH,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,EACtC,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,mDAAmD,CAAC,CAAC;IAE5E,MAAM,aAAa,GAAG,yCAAkB,CAAC,WAAW,CAAC,AAAC;IAEtD,MAAM,KAAK,GAAG,CAAA,GAAA,uCAAW,CAAA,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,CAAC,AAAC;IAC7D,MAAM,gBAAgB,GAAG,CAAA,GAAA,uCAAW,CAAA,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,gBAAgB,CAAC,CAAC,AAAC;IAEnF,IAAI,KAAK,EACP,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAClB,uCAAuC,EACvC,IAAI,CAAA,GAAA,yCAAS,CAAA,CAAC,KAAK,EAAE,gBAAgB,CAAC,CACvC,CAAC;IAGJ,MAAM,oBAAoB,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,AAAC;IAE/D,IAAI,CAAC,oBAAoB,EACvB,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,yCAAyC,CAAC,CAAC;IAGlE,IAAI,oBAAoB,KAAK,KAAK,EAChC,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,4CAA4C,CAAC,CAAC;IAGrE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,IAAI,CAAC,AAAC;IAE9C,IAAI,CAAC,IAAI,EACP,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,wCAAwC,CAAC,CAAC;IAGjE,OAAO,IAAI,CAAC;CACb,AAAC;;ADjDF;;;;;;;AGEA;AAEA;;GAEG,CACH,MAAM,0CAAoB,GAAG,CAAC,MAAM,GAAG,EAAE,GACvC,CAAA,GAAA,8BAAc,CAAA,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,AAAC;AAKhE,MAAM,yCAAa,GAAG,IAAM,0CAAoB,EAAE,AAAC;AAOnD,MAAM,yCAAoB,GAAG,IAAM,0CAAoB,EAAE,AAAC;AAQ1D,MAAM,yCAAqB,GAAG,OAAO,YAAoB,GAAsB;IACpF,MAAM,mBAAmB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,AAAC;IACnE,gDAAgD;IAChD,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC,AAAC;IAEjG,OAAO,CAAA,GAAA,8BAAc,CAAA,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;CAC5C,AAAC;;;;;;;AClCF;;;;AAMA,MAAM,2CAAqB,GAAG,EAAE,AAAC;AAEjC;;GAEG,CACH,MAAM,yCAAmB,GAAG,uBAAM,CAAC;IACjC,GAAG,EAAE,yBAAQ,EAAE;IACf,GAAG,EAAE,yBAAQ,EAAE;IACf,GAAG,EAAE,yBAAQ,EAAE;IACf,GAAG,EAAE,yBAAQ,EAAE;IACf,GAAG,EAAE,yBAAQ,EAAE;IACf,OAAO,EAAE,2BAAU,CAAC,2BAAU,CAAC,yBAAQ,EAAE,CAAC,CAAC;IAC3C,IAAI,EAAE,2BAAU,CAAC,2BAAU,CAAC,yBAAQ,EAAE,CAAC,CAAC;IACxC,QAAQ,EAAE,2BAAU,CAAC,2BAAU,CAAC,yBAAQ,EAAE,CAAC,CAAC;IAC5C,MAAM,EAAE,2BAAU,CAAC,2BAAU,CAAC,yBAAQ,EAAE,CAAC,CAAC;IAC1C,UAAU,EAAE,2BAAU,CAAC,2BAAU,CAAC,wBAAO,CAAC,yBAAQ,EAAE,CAAC,CAAC,CAAC;CACxD,CAAC,AAAC;AAII,MAAM,yCAAa,GAAG,OAC3B,OAAe,EACf,QAAgB,EAChB,MAAc,EACd,IAAqB,GAClB;IACH,MAAM,MAAM,GAAG,MAAM,CAAA,GAAA,qBAAS,CAAA,CAAC,OAAO,EAAE,IAAI,EAAE;QAAE,QAAQ,EAAE,QAAQ;gBAAE,MAAM;KAAE,CAAC,AAAC;IAE9E,IAAI,IAAI,CAAC,GAAG,CAAC,AAAC,CAAA,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA,GAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,2CAAqB,EACjF,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,sBAAsB,CAAC,CAAC;CAEhD,AAAC;AAEK,MAAM,yCAAa,GAAG,CAAC,KAAa,GAAoB;IAC7D,MAAM,EAAE,CAAC,EAAE,cAAc,CAAA,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;IAE/C,IAAI,CAAC,cAAc,EACjB,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,wBAAwB,CAAC,CAAC;IAGjD,MAAM,IAAI,GAAG,CAAA,GAAA,yCAAa,CAAA,CAAC,MAAM,CAAC,cAAc,CAAC,AAAC;IAClD,MAAM,aAAa,GAAY,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,AAAC;IAChD,yBAAQ,CAAC,aAAa,EAAE,yCAAmB,CAAC,CAAC;IAE7C,OAAO,aAAa,CAAC;CACtB,AAAC;;;;;;ACnDF;;AASO,MAAM,yCAAe,GAAG,CAAC,aAA4B,GAAK;IAC/D,IAAI,CAAC,aAAa,IAAI,CAAA,GAAA,kCAAM,CAAA,EAAE,EAC5B,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,6BAA6B,CAAC,CAAC;IAGtD,OAAO,OAAU,GAAG,IAAI,AAA0B,GAAiB;QACjE,MAAM,QAAQ,GAAG,MAAM,AAAC,CAAA,aAAa,IAAI,KAAK,CAAA,IAAK,IAAI,CAAC,AAAC;QAEzD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YAChB,qCAAqC;YACrC,MAAM,QAAE,IAAI,CAAA,WAAE,OAAO,CAAA,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,AAAC;YACvE,MAAM,IAAI,CAAA,GAAA,yCAAiB,CAAA,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;SAC5C;QAED,OAAO,QAAQ,CAAC,IAAI,EAAK,CAAC;KAC3B,CAAC;CACH,AAAC;;;;;;ACrBK,MAAM,wCAAkB,GAAG,CAAC,cAAyB,GAAa;IACvE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAAC,QAAQ;QAAE,gBAAgB;QAAE,SAAS;WAAM,cAAc,IAAI,EAAE;KAAE,CAAC,AAAC;IAEjG,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;CAC3C,AAAC;;;;;;;;;;;APLF,MAAM,yCAAmB,GAAG,MAAM,AAAC;AACnC,MAAM,kCAAY,GAAG,MAAM,AAAC;AAarB,MAAM,yCAAiB,GAAG,CAAC,yBAChC,qBAAqB,CAAA,YACrB,QAAQ,CAAA,eACR,WAAW,CAAA,iBACX,aAAa,CAAA,SACb,KAAK,CAAA,UACL,MAAM,CAAA,aACN,SAAS,CAAA,UACT,MAAM,CAAA,EACc,GAAK;IACzB,MAAM,mBAAmB,GAAG,IAAI,eAAe,CAAC;QAC9C,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,CAAC,EAAE,QAAQ;QAC7B,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,CAAC,EAAE,WAAW;QACnC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,aAAa,CAAC,EAAE,aAAa;QACvC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,mBAAmB,CAAC,EAAE,yCAAmB;QACnD,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,KAAK;QACvB,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,CAAC,EAAE,kCAAY;QACrC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAA,GAAA,yCAAM,CAAA,CAAC,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,CAAA,GAAA,wCAAkB,CAAA,CAAC,MAAM,CAAC;KAC7C,CAAC,AAAC;IAEH,KAAK,MAAM,QAAQ,IAAI,SAAS,IAAI,EAAE,CACpC,mBAAmB,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAG1D,OAAO,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAE,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;CACrE,AAAC;;;;;;AQ3CF;AAQO,MAAM,yCAAkB,GAAG,CAAC,sBACjC,kBAAkB,CAAA,WAClB,OAAO,CAAA,yBACP,qBAAqB,CAAA,EACA,GAAK;IAC1B,MAAM,mBAAmB,GAAG,IAAI,eAAe,CAAC;QAAE,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,CAAC,EAAE,OAAO;KAAE,CAAC,AAAC;IAErF,IAAI,qBAAqB,EACvB,mBAAmB,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,qBAAqB,EAAE,qBAAqB,CAAC,CAAC;IAGpF,OAAO,CAAC,EAAE,kBAAkB,CAAC,CAAC,EAAE,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;CAClE,AAAC;;;;;;;;;AdnBF","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/generators.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/requester.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport { Requester } from '../utils';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { Requester } from '../utils';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport { Requester } from '../utils';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withReservedScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withReservedScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './generators';\nexport * from './id-token';\nexport * from './requester';\nexport * from './scopes';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\n// eslint-disable-next-line complexity\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time',\n invalid_token: 'Invalid token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'Redirect URI mismatched',\n error_found: 'Error found',\n missing_state: 'Missing state',\n state_mismatched: 'State mismatched',\n missing_code: 'Missing code',\n },\n requester: {\n not_provide_fetch: 'Should provide a fetch function under Node.js',\n },\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // TODO: linear issue LOG-1419\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n error: string;\n errorDescription?: string;\n\n constructor(error: string, errorDescription?: string) {\n this.error = error;\n this.errorDescription = errorDescription;\n }\n}\n","/** @link [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636) */\n\nimport { fromUint8Array } from 'js-base64';\n\n/**\n * @param length The length of the raw random data.\n */\nconst generateRandomString = (length = 64) =>\n fromUint8Array(crypto.getRandomValues(new Uint8Array(length)), true);\n\n/**\n * Generates random string for state and encodes them in url safe base64\n */\nexport const generateState = () => generateRandomString();\n\n/**\n * Generates code verifier\n *\n * @link [Client Creates a Code Verifier](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)\n */\nexport const generateCodeVerifier = () => generateRandomString();\n\n/**\n * Calculates the S256 PKCE code challenge for an arbitrary code verifier and encodes it in url safe base64\n *\n * @param {String} codeVerifier Code verifier to calculate the S256 code challenge for\n * @link [Client Creates the Code Challenge](https://datatracker.ietf.org/doc/html/rfc7636#section-4.2)\n */\nexport const generateCodeChallenge = async (codeVerifier: string): Promise<string> => {\n const encodedCodeVerifier = new TextEncoder().encode(codeVerifier);\n // TODO: crypto related to linear issue LOG-1517\n const codeChallenge = new Uint8Array(await crypto.subtle.digest('SHA-256', encodedCodeVerifier));\n\n return fromUint8Array(codeChallenge, true);\n};\n","import { UrlSafeBase64 } from '@silverhand/essentials';\nimport { jwtVerify, JWTVerifyGetKey } from 'jose';\nimport * as s from 'superstruct';\n\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nconst IdTokenClaimsSchema = s.type({\n iss: s.string(),\n sub: s.string(),\n aud: s.string(),\n exp: s.number(),\n iat: s.number(),\n at_hash: s.nullable(s.optional(s.string())),\n name: s.nullable(s.optional(s.string())),\n username: s.nullable(s.optional(s.string())),\n avatar: s.nullable(s.optional(s.string())),\n role_names: s.nullable(s.optional(s.array(s.string()))),\n});\n\nexport type IdTokenClaims = s.Infer<typeof IdTokenClaimsSchema>;\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = UrlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n s.assert(idTokenClaims, IdTokenClaimsSchema);\n\n return idTokenClaims;\n};\n","import { isNode } from '@silverhand/essentials';\n\nimport { LogtoError, LogtoRequestError } from './errors';\n\ntype LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport const createRequester = (fetchFunction?: typeof fetch) => {\n if (!fetchFunction && isNode()) {\n throw new LogtoError('requester.not_provide_fetch');\n }\n\n return async <T>(...args: Parameters<typeof fetch>): Promise<T> => {\n const response = await (fetchFunction ?? fetch)(...args);\n\n if (!response.ok) {\n // Expected request error from server\n const { code, message } = await response.json<LogtoRequestErrorBody>();\n throw new LogtoRequestError(code, message);\n }\n\n return response.json<T>();\n };\n};\n\nexport type Requester = ReturnType<typeof createRequester>;\n","/**\n * @param originalScopes\n * @return scopes should contain all reserved scopes ( Logto requires `openid` and `offline_access` )\n */\nexport const withReservedScopes = (originalScopes?: string[]): string => {\n const uniqueScopes = new Set(['openid', 'offline_access', 'profile', ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n idToken: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n idToken,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.IdTokenHint]: idToken });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n"],"names":[],"version":3,"file":"index.js.map"}