@logto/js 1.0.0-beta.9 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.d.ts +46 -9
- package/lib/index.d.ts.map +1 -1
- package/lib/index.js +48 -18
- package/lib/index.js.map +1 -1
- package/lib/module.d.mts +221 -0
- package/lib/{module.js → module.mjs} +50 -20
- package/lib/module.mjs.map +1 -0
- package/package.json +12 -13
- package/lib/module.js.map +0 -1
package/lib/index.d.ts
CHANGED
|
@@ -34,6 +34,45 @@ export enum Prompt {
|
|
|
34
34
|
Consent = "consent",
|
|
35
35
|
Login = "login"
|
|
36
36
|
}
|
|
37
|
+
export enum ReservedScope {
|
|
38
|
+
OpenId = "openid",
|
|
39
|
+
OfflineAccess = "offline_access"
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Scopes for ID Token and Userinfo Endpoint.
|
|
43
|
+
*/
|
|
44
|
+
export enum UserScope {
|
|
45
|
+
/**
|
|
46
|
+
* Scope for basic user info.
|
|
47
|
+
*
|
|
48
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
49
|
+
*/
|
|
50
|
+
Profile = "profile",
|
|
51
|
+
/**
|
|
52
|
+
* Scope for user email address.
|
|
53
|
+
*
|
|
54
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
55
|
+
*/
|
|
56
|
+
Email = "email",
|
|
57
|
+
/**
|
|
58
|
+
* Scope for user phone number.
|
|
59
|
+
*
|
|
60
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
61
|
+
*/
|
|
62
|
+
Phone = "phone",
|
|
63
|
+
/**
|
|
64
|
+
* Scope for user's custom data.
|
|
65
|
+
*
|
|
66
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
67
|
+
*/
|
|
68
|
+
CustomData = "custom_data",
|
|
69
|
+
/**
|
|
70
|
+
* Scope for user's social identity details.
|
|
71
|
+
*
|
|
72
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
73
|
+
*/
|
|
74
|
+
Identities = "identities"
|
|
75
|
+
}
|
|
37
76
|
export type LogtoRequestErrorBody = {
|
|
38
77
|
code: string;
|
|
39
78
|
message: string;
|
|
@@ -136,7 +175,6 @@ export type IdTokenClaims = {
|
|
|
136
175
|
email_verified?: boolean;
|
|
137
176
|
phone_number?: Nullable<string>;
|
|
138
177
|
phone_number_verified?: boolean;
|
|
139
|
-
role_names?: Nullable<string[]>;
|
|
140
178
|
};
|
|
141
179
|
export const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>;
|
|
142
180
|
export const decodeIdToken: (token: string) => IdTokenClaims;
|
|
@@ -158,23 +196,22 @@ export type SignInUriParameters = {
|
|
|
158
196
|
export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, }: SignInUriParameters) => string;
|
|
159
197
|
type SignOutUriParameters = {
|
|
160
198
|
endSessionEndpoint: string;
|
|
161
|
-
|
|
199
|
+
clientId: string;
|
|
162
200
|
postLogoutRedirectUri?: string;
|
|
163
201
|
};
|
|
164
|
-
export const generateSignOutUri: ({ endSessionEndpoint,
|
|
202
|
+
export const generateSignOutUri: ({ endSessionEndpoint, clientId, postLogoutRedirectUri, }: SignOutUriParameters) => string;
|
|
165
203
|
type Identity = {
|
|
166
204
|
userId: string;
|
|
167
205
|
details?: Record<string, unknown>;
|
|
168
206
|
};
|
|
169
207
|
export type UserInfoResponse = {
|
|
170
208
|
sub: string;
|
|
171
|
-
name?: string
|
|
172
|
-
username?: string
|
|
173
|
-
picture?: string
|
|
174
|
-
|
|
175
|
-
email?: string;
|
|
209
|
+
name?: Nullable<string>;
|
|
210
|
+
username?: Nullable<string>;
|
|
211
|
+
picture?: Nullable<string>;
|
|
212
|
+
email?: Nullable<string>;
|
|
176
213
|
email_verified?: boolean;
|
|
177
|
-
phone_number?: string
|
|
214
|
+
phone_number?: Nullable<string>;
|
|
178
215
|
phone_number_verified?: boolean;
|
|
179
216
|
custom_data?: unknown;
|
|
180
217
|
identities?: Record<string, Identity>;
|
package/lib/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"mappings":";;AAAA,OAAO,MAAM;;;;CAEZ,CAAC;AAEF;IACE,iBAAiB,uBAAuB;IACxC,YAAY,kBAAkB;CAC/B;AAED;IACE,QAAQ,cAAc;IACtB,IAAI,SAAS;IACb,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,gBAAgB,sBAAsB;IACtC,SAAS,eAAe;IACxB,OAAO,aAAa;IACpB,WAAW,kBAAkB;IAC7B,qBAAqB,6BAA6B;IAClD,iBAAiB;IACjB,WAAW,iBAAiB;IAC5B,YAAY,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;CAChB;AAED;IACE,OAAO,YAAY;IACnB,KAAK,UAAU;CAChB;
|
|
1
|
+
{"mappings":";;AAAA,OAAO,MAAM;;;;CAEZ,CAAC;AAEF;IACE,iBAAiB,uBAAuB;IACxC,YAAY,kBAAkB;CAC/B;AAED;IACE,QAAQ,cAAc;IACtB,IAAI,SAAS;IACb,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,gBAAgB,sBAAsB;IACtC,SAAS,eAAe;IACxB,OAAO,aAAa;IACpB,WAAW,kBAAkB;IAC7B,qBAAqB,6BAA6B;IAClD,iBAAiB;IACjB,WAAW,iBAAiB;IAC5B,YAAY,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;CAChB;AAED;IACE,OAAO,YAAY;IACnB,KAAK,UAAU;CAChB;AAGD;IACE,MAAM,WAAW;IACjB,aAAa,mBAAmB;CACjC;AAED;;GAEG;AACH;IACE;;;;OAIG;IACH,OAAO,YAAY;IACnB;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,UAAU,gBAAgB;IAC1B;;;;OAIG;IACH,UAAU,eAAe;CAC1B;AC5ED,oCAAoC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAwB,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,CAAC,OAAO,KAAK,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;ACC7E,sDAAsD;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,iDAAiD;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,kCAAkC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,gCAAgC,gBAAgB,0BAA0B,CAAC,CAAC;AAE5E,0CAA0C;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wCAAwC,gBAAgB,kCAAkC,CAAC,CAAC;AAE5F,OAAO,MAAM,yGAQR,uCAAuC,aAC/B,SAAS,KACnB,QAAQ,iBAAiB,CAmB3B,CAAC;AAEF,OAAO,MAAM,wFACkD,kCAAkC,aACpF,SAAS,KACnB,QAAQ,yBAAyB,CAwBnC,CAAC;AChGF,mCAAmC;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,OAAO,MAAM,wDAAwD,CAAC;AAEtE,iCAAiC,gBAAgB,2BAA2B,CAAC,CAAC;AAE9E,OAAO,MAAM,4BACD,MAAM,aACL,SAAS,KACnB,QAAQ,kBAAkB,CAC0C,CAAC;ACpBxE,OAAO,MAAM,6BACS,MAAM,YAChB,MAAM,SACT,MAAM,aACF,SAAS,KACnB,QAAQ,IAAI,CAQX,CAAC;AChBL,OAAO,MAAM,0BAA2B,OAAO,oCACJ,CAAC;ACI5C,QAAA,MAAM;;;;;;;;;;;;;;EAcJ,CAAC;AAEH,6BAA6B,kBAAkB,sBAAsB,CAAC,CAAC;AAavE,uBAAwB,SAAQ,KAAK;IACnC,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,OAAO;CAKjD;AAED,OAAO,MAAM,4BAA6B,OAAO;UAAmB,MAAM;aAAW,MAAM;CAM1F,CAAC;AAEF,8BAA+B,SAAQ,KAAK;IAC1C,IAAI,EAAE,MAAM,CAAC;gBAED,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI1C;AAED;IACqB,KAAK,EAAE,MAAM;IAAS,gBAAgB,CAAC;gBAAvC,KAAK,EAAE,MAAM,EAAS,gBAAgB,CAAC,oBAAQ;CACnE;AC3DD,OAAO,MAAM,0BAA2B,MAAM,oBAI7C,CAAC;AAEF,OAAO,MAAM,iDACE,MAAM,eACN,MAAM,SACZ,MAAM,WAkCd,CAAC;ACtCF,4BAA4B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC,CAAC;AA6CF,OAAO,MAAM,yBACF,MAAM,YACL,MAAM,UACR,MAAM,QACR,eAAe,kBAOtB,CAAC;AAEF,OAAO,MAAM,uBAAwB,MAAM,KAAG,aAY7C,CAAC;AC5FF;;;GAGG;AACH,OAAO,MAAM,qCAAsC,MAAM,EAAE,KAAG,MAK7D,CAAC;AELF,kCAAkC;IAChC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,OAAO,MAAM,wHASV,mBAAmB,WAiBrB,CAAC;ACzCF,4BAA4B;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,MAAM,+EAIV,oBAAoB,WAQtB,CAAC;AChBF,gBAAgB;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC,CAAC;AAEF,+BAA+B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF,OAAO,MAAM,kCACO,MAAM,eACX,MAAM,aACR,SAAS,KACnB,QAAQ,gBAAgB,CAGvB,CAAC","sources":["packages/js/src/src/consts/index.ts","packages/js/src/src/types/index.ts","packages/js/src/src/core/fetch-token.ts","packages/js/src/src/core/oidc-config.ts","packages/js/src/src/core/revoke.ts","packages/js/src/src/utils/arbitrary-object.ts","packages/js/src/src/utils/errors.ts","packages/js/src/src/utils/callback-uri.ts","packages/js/src/src/utils/id-token.ts","packages/js/src/src/utils/scopes.ts","packages/js/src/src/utils/index.ts","packages/js/src/src/core/sign-in.ts","packages/js/src/src/core/sign-out.ts","packages/js/src/src/core/user-info.ts","packages/js/src/src/core/index.ts","packages/js/src/src/index.ts","packages/js/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,"/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n"],"names":[],"version":3,"file":"index.d.ts.map"}
|
package/lib/index.js
CHANGED
|
@@ -2,7 +2,6 @@ var $eVySA$camelcasekeys = require("camelcase-keys");
|
|
|
2
2
|
var $eVySA$silverhandessentials = require("@silverhand/essentials");
|
|
3
3
|
var $eVySA$lodashget = require("lodash.get");
|
|
4
4
|
var $eVySA$jose = require("jose");
|
|
5
|
-
var $eVySA$logtocorekit = require("@logto/core-kit");
|
|
6
5
|
|
|
7
6
|
function $parcel$exportWildcard(dest, source) {
|
|
8
7
|
Object.keys(source).forEach(function(key) {
|
|
@@ -26,7 +25,7 @@ function $parcel$interopDefault(a) {
|
|
|
26
25
|
function $parcel$export(e, n, v, s) {
|
|
27
26
|
Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
|
|
28
27
|
}
|
|
29
|
-
var $a722dce254028e46$exports = {};
|
|
28
|
+
/* istanbul ignore file */ var $a722dce254028e46$exports = {};
|
|
30
29
|
var $e6b305c1e572373d$exports = {};
|
|
31
30
|
|
|
32
31
|
$parcel$export($e6b305c1e572373d$exports, "fetchTokenByAuthorizationCode", () => $e6b305c1e572373d$export$684f740cd70532d4);
|
|
@@ -38,6 +37,8 @@ $parcel$export($5c367c11270b61f6$exports, "ContentType", () => $5c367c11270b61f6
|
|
|
38
37
|
$parcel$export($5c367c11270b61f6$exports, "TokenGrantType", () => $5c367c11270b61f6$export$3f2aafdd1ccae76c);
|
|
39
38
|
$parcel$export($5c367c11270b61f6$exports, "QueryKey", () => $5c367c11270b61f6$export$65f63a8bc3cba53d);
|
|
40
39
|
$parcel$export($5c367c11270b61f6$exports, "Prompt", () => $5c367c11270b61f6$export$83716a4aa1642908);
|
|
40
|
+
$parcel$export($5c367c11270b61f6$exports, "ReservedScope", () => $5c367c11270b61f6$export$1d2e82cebfd4b08);
|
|
41
|
+
$parcel$export($5c367c11270b61f6$exports, "UserScope", () => $5c367c11270b61f6$export$4b02c5b431f6eb78);
|
|
41
42
|
const $5c367c11270b61f6$export$e2e108cbe2e4f865 = {
|
|
42
43
|
formUrlEncoded: {
|
|
43
44
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
@@ -75,6 +76,39 @@ let $5c367c11270b61f6$export$83716a4aa1642908;
|
|
|
75
76
|
Prompt["Consent"] = "consent";
|
|
76
77
|
Prompt["Login"] = "login";
|
|
77
78
|
})($5c367c11270b61f6$export$83716a4aa1642908 || ($5c367c11270b61f6$export$83716a4aa1642908 = {}));
|
|
79
|
+
let $5c367c11270b61f6$export$1d2e82cebfd4b08;
|
|
80
|
+
(function(ReservedScope) {
|
|
81
|
+
ReservedScope["OpenId"] = "openid";
|
|
82
|
+
ReservedScope["OfflineAccess"] = "offline_access";
|
|
83
|
+
})($5c367c11270b61f6$export$1d2e82cebfd4b08 || ($5c367c11270b61f6$export$1d2e82cebfd4b08 = {}));
|
|
84
|
+
let $5c367c11270b61f6$export$4b02c5b431f6eb78;
|
|
85
|
+
(function(UserScope) {
|
|
86
|
+
UserScope[/**
|
|
87
|
+
* Scope for basic user info.
|
|
88
|
+
*
|
|
89
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
90
|
+
*/ "Profile"] = "profile";
|
|
91
|
+
UserScope[/**
|
|
92
|
+
* Scope for user email address.
|
|
93
|
+
*
|
|
94
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
95
|
+
*/ "Email"] = "email";
|
|
96
|
+
UserScope[/**
|
|
97
|
+
* Scope for user phone number.
|
|
98
|
+
*
|
|
99
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
100
|
+
*/ "Phone"] = "phone";
|
|
101
|
+
UserScope[/**
|
|
102
|
+
* Scope for user's custom data.
|
|
103
|
+
*
|
|
104
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
105
|
+
*/ "CustomData"] = "custom_data";
|
|
106
|
+
UserScope[/**
|
|
107
|
+
* Scope for user's social identity details.
|
|
108
|
+
*
|
|
109
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
110
|
+
*/ "Identities"] = "identities";
|
|
111
|
+
})($5c367c11270b61f6$export$4b02c5b431f6eb78 || ($5c367c11270b61f6$export$4b02c5b431f6eb78 = {}));
|
|
78
112
|
|
|
79
113
|
|
|
80
114
|
const $e6b305c1e572373d$export$684f740cd70532d4 = async ({ clientId: clientId , tokenEndpoint: tokenEndpoint , redirectUri: redirectUri , codeVerifier: codeVerifier , code: code , resource: resource }, requester)=>{
|
|
@@ -241,13 +275,13 @@ const $c2fd0c04c48199e2$var$issuedAtTimeTolerance = 60;
|
|
|
241
275
|
]){
|
|
242
276
|
if (typeof data[key] !== "string") throw new TypeError(`At path: IdToken.${key}: expected a string`);
|
|
243
277
|
}
|
|
244
|
-
for (const
|
|
278
|
+
for (const key of [
|
|
245
279
|
"exp",
|
|
246
280
|
"iat"
|
|
247
281
|
]){
|
|
248
|
-
if (typeof data[
|
|
282
|
+
if (typeof data[key] !== "number") throw new TypeError(`At path: IdToken.${key}: expected a number`);
|
|
249
283
|
}
|
|
250
|
-
for (const
|
|
284
|
+
for (const key of [
|
|
251
285
|
"at_hash",
|
|
252
286
|
"name",
|
|
253
287
|
"username",
|
|
@@ -255,19 +289,15 @@ const $c2fd0c04c48199e2$var$issuedAtTimeTolerance = 60;
|
|
|
255
289
|
"email",
|
|
256
290
|
"phone_number"
|
|
257
291
|
]){
|
|
258
|
-
if (data[
|
|
259
|
-
if (typeof data[
|
|
292
|
+
if (data[key] === undefined) continue;
|
|
293
|
+
if (typeof data[key] !== "string" && data[key] !== null) throw new TypeError(`At path: IdToken.${key}: expected null or a string`);
|
|
260
294
|
}
|
|
261
|
-
for (const
|
|
295
|
+
for (const key of [
|
|
262
296
|
"email_verified",
|
|
263
297
|
"phone_number_verified"
|
|
264
298
|
]){
|
|
265
|
-
if (data[
|
|
266
|
-
if (typeof data[
|
|
267
|
-
}
|
|
268
|
-
if (data.role_names !== undefined && data.role_names !== null && !Array.isArray(data.role_names)) throw new TypeError("At path: IdToken.role_names: expected null or an array of strings");
|
|
269
|
-
if (data.role_names) for (const [index, value] of data.role_names.entries()){
|
|
270
|
-
if (typeof value !== "string") throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);
|
|
299
|
+
if (data[key] === undefined) continue;
|
|
300
|
+
if (typeof data[key] !== "boolean") throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
|
|
271
301
|
}
|
|
272
302
|
}
|
|
273
303
|
const $c2fd0c04c48199e2$export$b5b3317c8aecbcd5 = async (idToken, clientId, issuer, jwks)=>{
|
|
@@ -292,10 +322,10 @@ var $b85bdeea0b1e81a5$exports = {};
|
|
|
292
322
|
$parcel$export($b85bdeea0b1e81a5$exports, "withDefaultScopes", () => $b85bdeea0b1e81a5$export$3cf0748e30b766d7);
|
|
293
323
|
|
|
294
324
|
const $b85bdeea0b1e81a5$export$3cf0748e30b766d7 = (originalScopes)=>{
|
|
295
|
-
const reservedScopes = Object.values((0, $
|
|
325
|
+
const reservedScopes = Object.values((0, $5c367c11270b61f6$export$1d2e82cebfd4b08));
|
|
296
326
|
const uniqueScopes = new Set([
|
|
297
327
|
...reservedScopes,
|
|
298
|
-
(0, $
|
|
328
|
+
(0, $5c367c11270b61f6$export$4b02c5b431f6eb78).Profile,
|
|
299
329
|
...originalScopes ?? []
|
|
300
330
|
]);
|
|
301
331
|
return Array.from(uniqueScopes).join(" ");
|
|
@@ -332,9 +362,9 @@ var $1dac903ccb175f85$exports = {};
|
|
|
332
362
|
|
|
333
363
|
$parcel$export($1dac903ccb175f85$exports, "generateSignOutUri", () => $1dac903ccb175f85$export$b3c9a2bd2330de28);
|
|
334
364
|
|
|
335
|
-
const $1dac903ccb175f85$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint ,
|
|
365
|
+
const $1dac903ccb175f85$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , clientId: clientId , postLogoutRedirectUri: postLogoutRedirectUri })=>{
|
|
336
366
|
const urlSearchParameters = new URLSearchParams({
|
|
337
|
-
[(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).
|
|
367
|
+
[(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId
|
|
338
368
|
});
|
|
339
369
|
if (postLogoutRedirectUri) urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).PostLogoutRedirectUri, postLogoutRedirectUri);
|
|
340
370
|
return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;ACAO,MAAM,yCAAW,GAAG;IACzB,cAAc,EAAE;QAAE,cAAc,EAAE,mCAAmC;KAAE;CACxE,AAAC;IAEK,yCAGN;UAHW,cAAc;IAAd,cAAc,CACxB,mBAAiB,IAAG,oBAAoB;IAD9B,cAAc,CAExB,cAAY,IAAG,eAAe;GAFpB,yCAAc,KAAd,yCAAc;IAKnB,yCAoBN;UApBW,QAAQ;IAAR,QAAQ,CAClB,UAAQ,IAAG,WAAW;IADZ,QAAQ,CAElB,MAAI,IAAG,MAAM;IAFH,QAAQ,CAGlB,eAAa,IAAG,gBAAgB;IAHtB,QAAQ,CAIlB,qBAAmB,IAAG,uBAAuB;IAJnC,QAAQ,CAKlB,cAAY,IAAG,eAAe;IALpB,QAAQ,CAMlB,OAAK,IAAG,OAAO;IANL,QAAQ,CAOlB,kBAAgB,IAAG,mBAAmB;IAP5B,QAAQ,CAQlB,WAAS,IAAG,YAAY;IARd,QAAQ,CASlB,SAAO,IAAG,UAAU;IATV,QAAQ,CAUlB,aAAW,IAAG,eAAe;IAVnB,QAAQ,CAWlB,uBAAqB,IAAG,0BAA0B;IAXxC,QAAQ,CAYlB,QAAM,IAAG,QAAQ;IAZP,QAAQ,CAalB,aAAW,IAAG,cAAc;IAblB,QAAQ,CAclB,cAAY,IAAG,eAAe;IAdpB,QAAQ,CAelB,UAAQ,IAAG,UAAU;IAfX,QAAQ,CAgBlB,cAAY,IAAG,eAAe;IAhBpB,QAAQ,CAiBlB,OAAK,IAAG,OAAO;IAjBL,QAAQ,CAkBlB,OAAK,IAAG,OAAO;IAlBL,QAAQ,CAmBlB,OAAK,IAAG,OAAO;GAnBL,yCAAQ,KAAR,yCAAQ;IAsBb,yCAGN;UAHW,MAAM;IAAN,MAAM,CAChB,SAAO,IAAG,SAAS;IADT,MAAM,CAEhB,OAAK,IAAG,OAAO;GAFL,yCAAM,KAAN,yCAAM;;;ADYX,MAAM,yCAA6B,GAAG,OAC3C,YACE,QAAQ,CAAA,iBACR,aAAa,CAAA,eACb,WAAW,CAAA,gBACX,YAAY,CAAA,QACZ,IAAI,CAAA,YACJ,QAAQ,CAAA,EACgC,EAC1C,SAAoB,GACW;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,AAAC;IACzC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IACrD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,SAAS,EAAE,CAAA,GAAA,yCAAc,CAAA,CAAC,iBAAiB,CAAC,CAAC;IAExE,IAAI,QAAQ,EACV,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAGjD,MAAM,0BAA0B,GAAG,MAAM,SAAS,CAA6B,aAAa,EAAE;QAC5F,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,UAAU;KACjB,CAAC,AAAC;IAEH,OAAO,CAAA,GAAA,8CAAa,CAAA,CAAC,0BAA0B,CAAC,CAAC;CAClD,AAAC;AAEK,MAAM,yCAAwB,GAAG,OACtC,YAAE,QAAQ,CAAA,iBAAE,aAAa,CAAA,gBAAE,YAAY,CAAA,YAAE,QAAQ,CAAA,UAAE,MAAM,CAAA,EAAsC,EAC/F,SAAoB,GACmB;IACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,AAAC;IACzC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,SAAS,EAAE,CAAA,GAAA,yCAAc,CAAA,CAAC,YAAY,CAAC,CAAC;IAEnE,IAAI,QAAQ,EACV,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAGjD,IAAI,MAAM,EAAE,MAAM,EAChB,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAGtD,MAAM,kCAAkC,GAAG,MAAM,SAAS,CACxD,aAAa,EACb;QACE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,UAAU;KACjB,CACF,AAAC;IAEF,OAAO,CAAA,GAAA,8CAAa,CAAA,CAAC,kCAAkC,CAAC,CAAC;CAC1D,AAAC;;ADrGF;;;;;AGAA;AAeO,MAAM,yCAAa,GAAG,wCAAwC,AAAC;AAI/D,MAAM,yCAAe,GAAG,OAC7B,QAAgB,EAChB,SAAoB,GAEpB,CAAA,GAAA,8CAAa,CAAA,CAAC,MAAM,SAAS,CAA8B,QAAQ,CAAC,CAAC,AAAC;;;;;;ACvBxE;AAGO,MAAM,yCAAM,GAAG,OACpB,kBAA0B,EAC1B,QAAgB,EAChB,KAAa,EACb,SAAoB,GAEpB,SAAS,CAAO,kBAAkB,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,CAAC,EAAE,QAAQ;YAC7B,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,KAAK;SACxB,CAAC;KACH,CAAC,AAAC;;;;;;AChBL;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,yCAAiB,GAAG,CAAC,IAAa,GAC7C,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,AAAC;;;ADI5C,MAAM,qCAAe,GAAG,MAAM,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE;QACR,WAAW,EAAE,wCAAwC;QACrD,aAAa,EAAE,kBAAkB;KAClC;IACD,yBAAyB,EAAE;QACzB,uBAAuB,EAAE,+CAA+C;QACxE,WAAW,EAAE,iCAAiC;QAC9C,aAAa,EAAE,mCAAmC;QAClD,gBAAgB,EAAE,sCAAsC;QACxD,YAAY,EAAE,kCAAkC;KACjD;IACD,yBAAyB,EAAE,gEAAgE;IAC3F,yBAAyB,EAAE,4CAA4C;CACxE,CAAC,AAAC;AAIH,MAAM,2CAAqB,GAAG,CAAC,SAAyB,GAAa;IACnE,mEAAmE;IACnE,MAAM,OAAO,GAAG,CAAA,GAAA,0CAAG,CAAA,CAAC,qCAAe,EAAE,SAAS,CAAC,AAAC;IAEhD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAC7B,OAAO,OAAO,CAAC;IAGjB,OAAO,SAAS,CAAC;CAClB,AAAC;AAEK,MAAM,yCAAU,SAAS,KAAK;IAInC,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,2CAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;AAEM,MAAM,yCAAmB,GAAG,CAAC,IAAa,GAAgD;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,CAAA,CAAC,IAAI,CAAC,EAC1B,OAAO,KAAK,CAAC;IAGf,OAAO,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC;CAC1E,AAAC;AAEK,MAAM,yCAAiB,SAAS,KAAK;IAG1C,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;AAEM,MAAM,yCAAS;IACpB,YAAmB,KAAa,EAAS,gBAAyB,CAAE;aAAjD,KAAa,GAAb,KAAa;aAAS,gBAAyB,GAAzB,gBAAyB;KAAI;CACvE;;;AD3DM,MAAM,yCAAkB,GAAG,CAAC,GAAW,GAAK;IACjD,MAAM,GAAG,WAAW,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;IAE5C,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;CACzC,AAAC;AAGK,MAAM,yCAAiC,GAAG,CAC/C,WAAmB,EACnB,WAAmB,EACnB,KAAa,GACV;IACH,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,EACtC,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,mDAAmD,CAAC,CAAC;IAE5E,MAAM,aAAa,GAAG,yCAAkB,CAAC,WAAW,CAAC,AAAC;IAEtD,MAAM,KAAK,GAAG,CAAA,GAAA,uCAAW,CAAA,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,CAAC,AAAC;IAC7D,MAAM,gBAAgB,GAAG,CAAA,GAAA,uCAAW,CAAA,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,gBAAgB,CAAC,CAAC,AAAC;IAEnF,IAAI,KAAK,EACP,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAClB,uCAAuC,EACvC,IAAI,CAAA,GAAA,yCAAS,CAAA,CAAC,KAAK,EAAE,gBAAgB,CAAC,CACvC,CAAC;IAGJ,MAAM,oBAAoB,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,AAAC;IAE/D,IAAI,CAAC,oBAAoB,EACvB,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,yCAAyC,CAAC,CAAC;IAGlE,IAAI,oBAAoB,KAAK,KAAK,EAChC,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,4CAA4C,CAAC,CAAC;IAGrE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,IAAI,CAAC,AAAC;IAE9C,IAAI,CAAC,IAAI,EACP,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,wCAAwC,CAAC,CAAC;IAGjE,OAAO,IAAI,CAAC;CACb,AAAC;;ADjDF;;;;;;AIAA;;;;AAMA,MAAM,2CAAqB,GAAG,EAAE,AAAC;AAmBjC,+BAA+B,CAC/B;;GAEG,CACH,SAAS,yCAAmB,CAAC,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAiB,CAAA,CAAC,IAAI,CAAC,EAC1B,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;IAG7D,KAAK,MAAM,GAAG,IAAI;QAAC,KAAK;QAAE,KAAK;QAAE,KAAK;KAAC,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,QAAQ,EAC/B,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;KAErE;IAED,KAAK,MAAM,IAAG,IAAI;QAAC,KAAK;QAAE,KAAK;KAAC,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAG,CAAC,KAAK,QAAQ,EAC/B,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,IAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;KAErE;IAED,KAAK,MAAM,IAAG,IAAI;QAAC,SAAS;QAAE,MAAM;QAAE,UAAU;QAAE,SAAS;QAAE,OAAO;QAAE,cAAc;KAAC,CAAE;QACrF,IAAI,IAAI,CAAC,IAAG,CAAC,KAAK,SAAS,EACzB,SAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAG,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAG,CAAC,KAAK,IAAI,EACrD,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,IAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;KAE7E;IAED,KAAK,MAAM,IAAG,IAAI;QAAC,gBAAgB;QAAE,uBAAuB;KAAC,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAG,CAAC,KAAK,SAAS,EACzB,SAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAG,CAAC,KAAK,SAAS,EAChC,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,IAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;KAEtE;IAED,IACE,IAAI,CAAC,UAAU,KAAK,SAAS,IAC7B,IAAI,CAAC,UAAU,KAAK,IAAI,IACxB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAE/B,MAAM,IAAI,SAAS,CAAC,mEAAmE,CAAC,CAAC;IAG3F,IAAI,IAAI,CAAC,UAAU,EACjB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAE;QACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAC3B,MAAM,IAAI,SAAS,CAAC,CAAC,4BAA4B,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;KAEnF;CAEJ;AAGM,MAAM,yCAAa,GAAG,OAC3B,OAAe,EACf,QAAgB,EAChB,MAAc,EACd,IAAqB,GAClB;IACH,MAAM,MAAM,GAAG,MAAM,CAAA,GAAA,qBAAS,CAAA,CAAC,OAAO,EAAE,IAAI,EAAE;QAAE,QAAQ,EAAE,QAAQ;gBAAE,MAAM;KAAE,CAAC,AAAC;IAE9E,IAAI,IAAI,CAAC,GAAG,CAAC,AAAC,CAAA,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA,GAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,2CAAqB,EACjF,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,sBAAsB,CAAC,CAAC;CAEhD,AAAC;AAEK,MAAM,yCAAa,GAAG,CAAC,KAAa,GAAoB;IAC7D,MAAM,EAAE,CAAC,EAAE,cAAc,CAAA,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;IAE/C,IAAI,CAAC,cAAc,EACjB,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,wBAAwB,CAAC,CAAC;IAGjD,MAAM,IAAI,GAAG,CAAA,GAAA,yCAAa,CAAA,CAAC,MAAM,CAAC,cAAc,CAAC,AAAC;IAClD,MAAM,aAAa,GAAY,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,AAAC;IAChD,yCAAmB,CAAC,aAAa,CAAC,CAAC;IAEnC,OAAO,aAAa,CAAC;CACtB,AAAC;;;;;;AC7GF;AAMO,MAAM,yCAAiB,GAAG,CAAC,cAAyB,GAAa;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAA,GAAA,iCAAa,CAAA,CAAC,AAAC;IACpD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;WAAI,cAAc;QAAE,CAAA,GAAA,6BAAS,CAAA,CAAC,OAAO;WAAM,cAAc,IAAI,EAAE;KAAE,CAAC,AAAC;IAEhG,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;CAC3C,AAAC;;;;;;;;;;;ANRF,MAAM,yCAAmB,GAAG,MAAM,AAAC;AACnC,MAAM,kCAAY,GAAG,MAAM,AAAC;AAarB,MAAM,yCAAiB,GAAG,CAAC,yBAChC,qBAAqB,CAAA,YACrB,QAAQ,CAAA,eACR,WAAW,CAAA,iBACX,aAAa,CAAA,SACb,KAAK,CAAA,UACL,MAAM,CAAA,aACN,SAAS,CAAA,UACT,MAAM,CAAA,EACc,GAAK;IACzB,MAAM,mBAAmB,GAAG,IAAI,eAAe,CAAC;QAC9C,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,CAAC,EAAE,QAAQ;QAC7B,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,CAAC,EAAE,WAAW;QACnC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,aAAa,CAAC,EAAE,aAAa;QACvC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,mBAAmB,CAAC,EAAE,yCAAmB;QACnD,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,KAAK;QACvB,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,CAAC,EAAE,kCAAY;QACrC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAA,GAAA,yCAAM,CAAA,CAAC,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,CAAA,CAAC,MAAM,CAAC;KAC5C,CAAC,AAAC;IAEH,KAAK,MAAM,QAAQ,IAAI,SAAS,IAAI,EAAE,CACpC,mBAAmB,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAG1D,OAAO,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAE,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;CACrE,AAAC;;;;;;AO3CF;AAQO,MAAM,yCAAkB,GAAG,CAAC,sBACjC,kBAAkB,CAAA,WAClB,OAAO,CAAA,yBACP,qBAAqB,CAAA,EACA,GAAK;IAC1B,MAAM,mBAAmB,GAAG,IAAI,eAAe,CAAC;QAAE,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,CAAC,EAAE,OAAO;KAAE,CAAC,AAAC;IAErF,IAAI,qBAAqB,EACvB,mBAAmB,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,qBAAqB,EAAE,qBAAqB,CAAC,CAAC;IAGpF,OAAO,CAAC,EAAE,kBAAkB,CAAC,CAAC,EAAE,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;CAClE,AAAC;;;;;;ACCK,MAAM,yCAAa,GAAG,OAC3B,gBAAwB,EACxB,WAAmB,EACnB,SAAoB,GAEpB,SAAS,CAAmB,gBAAgB,EAAE;QAC5C,OAAO,EAAE;YAAE,aAAa,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;SAAE;KACpD,CAAC,AAAC;;;;;;;;;;Ad3BL;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\n// eslint-disable-next-line complexity\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import { Nullable, urlSafeBase64 } from '@silverhand/essentials';\nimport { jwtVerify, JWTVerifyGetKey } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n role_names?: Nullable<string[]>;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n\n if (\n data.role_names !== undefined &&\n data.role_names !== null &&\n !Array.isArray(data.role_names)\n ) {\n throw new TypeError('At path: IdToken.role_names: expected null or an array of strings');\n }\n\n if (data.role_names) {\n for (const [index, value] of data.role_names.entries()) {\n if (typeof value !== 'string') {\n throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);\n }\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '@logto/core-kit';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n idToken: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n idToken,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.IdTokenHint]: idToken });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: string;\n username?: string;\n picture?: string;\n role_names?: string[];\n email?: string;\n email_verified?: boolean;\n phone_number?: string;\n phone_number_verified?: boolean;\n custom_data?: unknown;\n identities?: Record<string, Identity>;\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"index.js.map"}
|
|
1
|
+
{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;GAnBE,8CAAA;IAsBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADFL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,8CAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,0CAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAEO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADhDA;;;;;;AIAA;;;;AAQA,MAAM,8CAAwB;AAkB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;AACF;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,qBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,yCAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC9FA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANRA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAad,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,EACc,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AO3CA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,YAClB,SAAQ,yBACR,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;IAAS;IAEhF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACEO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad7BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport type { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n OpenId = 'openid',\n OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n /**\n * Scope for basic user info.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Profile = 'profile',\n /**\n * Scope for user email address.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Email = 'email',\n /**\n * Scope for user phone number.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Phone = 'phone',\n /**\n * Scope for user's custom data.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n CustomData = 'custom_data',\n /**\n * Scope for user's social identity details.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Identities = 'identities',\n}\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport type { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport type { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import type { Nullable } from '@silverhand/essentials';\nimport { urlSafeBase64 } from '@silverhand/essentials';\nimport type { JWTVerifyGetKey } from 'jose';\nimport { jwtVerify } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n clientId: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n clientId,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.ClientId]: clientId });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import type { Nullable } from '@silverhand/essentials';\n\nimport type { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n custom_data?: unknown; // Not null in DB.\n identities?: Record<string, Identity>; // Not null in DB.\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"index.js.map"}
|
package/lib/module.d.mts
ADDED
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
import { KeysToCamelCase, NormalizeKeyPaths, Nullable } from "@silverhand/essentials";
|
|
2
|
+
import { JWTVerifyGetKey } from "jose";
|
|
3
|
+
export const ContentType: {
|
|
4
|
+
formUrlEncoded: {
|
|
5
|
+
'Content-Type': string;
|
|
6
|
+
};
|
|
7
|
+
};
|
|
8
|
+
export enum TokenGrantType {
|
|
9
|
+
AuthorizationCode = "authorization_code",
|
|
10
|
+
RefreshToken = "refresh_token"
|
|
11
|
+
}
|
|
12
|
+
export enum QueryKey {
|
|
13
|
+
ClientId = "client_id",
|
|
14
|
+
Code = "code",
|
|
15
|
+
CodeChallenge = "code_challenge",
|
|
16
|
+
CodeChallengeMethod = "code_challenge_method",
|
|
17
|
+
CodeVerifier = "code_verifier",
|
|
18
|
+
Error = "error",
|
|
19
|
+
ErrorDescription = "error_description",
|
|
20
|
+
GrantType = "grant_type",
|
|
21
|
+
IdToken = "id_token",
|
|
22
|
+
IdTokenHint = "id_token_hint",
|
|
23
|
+
PostLogoutRedirectUri = "post_logout_redirect_uri",
|
|
24
|
+
Prompt = "prompt",
|
|
25
|
+
RedirectUri = "redirect_uri",
|
|
26
|
+
RefreshToken = "refresh_token",
|
|
27
|
+
Resource = "resource",
|
|
28
|
+
ResponseType = "response_type",
|
|
29
|
+
Scope = "scope",
|
|
30
|
+
State = "state",
|
|
31
|
+
Token = "token"
|
|
32
|
+
}
|
|
33
|
+
export enum Prompt {
|
|
34
|
+
Consent = "consent",
|
|
35
|
+
Login = "login"
|
|
36
|
+
}
|
|
37
|
+
export enum ReservedScope {
|
|
38
|
+
OpenId = "openid",
|
|
39
|
+
OfflineAccess = "offline_access"
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Scopes for ID Token and Userinfo Endpoint.
|
|
43
|
+
*/
|
|
44
|
+
export enum UserScope {
|
|
45
|
+
/**
|
|
46
|
+
* Scope for basic user info.
|
|
47
|
+
*
|
|
48
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
49
|
+
*/
|
|
50
|
+
Profile = "profile",
|
|
51
|
+
/**
|
|
52
|
+
* Scope for user email address.
|
|
53
|
+
*
|
|
54
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
55
|
+
*/
|
|
56
|
+
Email = "email",
|
|
57
|
+
/**
|
|
58
|
+
* Scope for user phone number.
|
|
59
|
+
*
|
|
60
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
61
|
+
*/
|
|
62
|
+
Phone = "phone",
|
|
63
|
+
/**
|
|
64
|
+
* Scope for user's custom data.
|
|
65
|
+
*
|
|
66
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
67
|
+
*/
|
|
68
|
+
CustomData = "custom_data",
|
|
69
|
+
/**
|
|
70
|
+
* Scope for user's social identity details.
|
|
71
|
+
*
|
|
72
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
73
|
+
*/
|
|
74
|
+
Identities = "identities"
|
|
75
|
+
}
|
|
76
|
+
export type LogtoRequestErrorBody = {
|
|
77
|
+
code: string;
|
|
78
|
+
message: string;
|
|
79
|
+
};
|
|
80
|
+
export type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;
|
|
81
|
+
export type FetchTokenByAuthorizationCodeParameters = {
|
|
82
|
+
clientId: string;
|
|
83
|
+
tokenEndpoint: string;
|
|
84
|
+
redirectUri: string;
|
|
85
|
+
codeVerifier: string;
|
|
86
|
+
code: string;
|
|
87
|
+
resource?: string;
|
|
88
|
+
};
|
|
89
|
+
export type FetchTokenByRefreshTokenParameters = {
|
|
90
|
+
clientId: string;
|
|
91
|
+
tokenEndpoint: string;
|
|
92
|
+
refreshToken: string;
|
|
93
|
+
resource?: string;
|
|
94
|
+
scopes?: string[];
|
|
95
|
+
};
|
|
96
|
+
type SnakeCaseCodeTokenResponse = {
|
|
97
|
+
access_token: string;
|
|
98
|
+
refresh_token?: string;
|
|
99
|
+
id_token: string;
|
|
100
|
+
scope: string;
|
|
101
|
+
expires_in: number;
|
|
102
|
+
};
|
|
103
|
+
export type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;
|
|
104
|
+
type SnakeCaseRefreshTokenTokenResponse = {
|
|
105
|
+
access_token: string;
|
|
106
|
+
refresh_token: string;
|
|
107
|
+
id_token?: string;
|
|
108
|
+
scope: string;
|
|
109
|
+
expires_in: number;
|
|
110
|
+
};
|
|
111
|
+
export type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;
|
|
112
|
+
export const fetchTokenByAuthorizationCode: ({ clientId, tokenEndpoint, redirectUri, codeVerifier, code, resource, }: FetchTokenByAuthorizationCodeParameters, requester: Requester) => Promise<CodeTokenResponse>;
|
|
113
|
+
export const fetchTokenByRefreshToken: ({ clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters, requester: Requester) => Promise<RefreshTokenTokenResponse>;
|
|
114
|
+
type OidcConfigSnakeCaseResponse = {
|
|
115
|
+
authorization_endpoint: string;
|
|
116
|
+
token_endpoint: string;
|
|
117
|
+
userinfo_endpoint: string;
|
|
118
|
+
end_session_endpoint: string;
|
|
119
|
+
revocation_endpoint: string;
|
|
120
|
+
jwks_uri: string;
|
|
121
|
+
issuer: string;
|
|
122
|
+
};
|
|
123
|
+
export const discoveryPath = "/oidc/.well-known/openid-configuration";
|
|
124
|
+
export type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;
|
|
125
|
+
export const fetchOidcConfig: (endpoint: string, requester: Requester) => Promise<OidcConfigResponse>;
|
|
126
|
+
export const revoke: (revocationEndpoint: string, clientId: string, token: string, requester: Requester) => Promise<void>;
|
|
127
|
+
export const isArbitraryObject: (data: unknown) => data is Record<string, unknown>;
|
|
128
|
+
declare const logtoErrorCodes: Readonly<{
|
|
129
|
+
id_token: {
|
|
130
|
+
invalid_iat: string;
|
|
131
|
+
invalid_token: string;
|
|
132
|
+
};
|
|
133
|
+
callback_uri_verification: {
|
|
134
|
+
redirect_uri_mismatched: string;
|
|
135
|
+
error_found: string;
|
|
136
|
+
missing_state: string;
|
|
137
|
+
state_mismatched: string;
|
|
138
|
+
missing_code: string;
|
|
139
|
+
};
|
|
140
|
+
crypto_subtle_unavailable: "Crypto.subtle is unavailable in insecure contexts (non-HTTPS).";
|
|
141
|
+
unexpected_response_error: "Unexpected response error from the server.";
|
|
142
|
+
}>;
|
|
143
|
+
export type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;
|
|
144
|
+
export class LogtoError extends Error {
|
|
145
|
+
code: LogtoErrorCode;
|
|
146
|
+
data: unknown;
|
|
147
|
+
constructor(code: LogtoErrorCode, data?: unknown);
|
|
148
|
+
}
|
|
149
|
+
export const isLogtoRequestError: (data: unknown) => data is {
|
|
150
|
+
code: string;
|
|
151
|
+
message: string;
|
|
152
|
+
};
|
|
153
|
+
export class LogtoRequestError extends Error {
|
|
154
|
+
code: string;
|
|
155
|
+
constructor(code: string, message: string);
|
|
156
|
+
}
|
|
157
|
+
export class OidcError {
|
|
158
|
+
error: string;
|
|
159
|
+
errorDescription?: string | undefined;
|
|
160
|
+
constructor(error: string, errorDescription?: string | undefined);
|
|
161
|
+
}
|
|
162
|
+
export const parseUriParameters: (uri: string) => URLSearchParams;
|
|
163
|
+
export const verifyAndParseCodeFromCallbackUri: (callbackUri: string, redirectUri: string, state: string) => string;
|
|
164
|
+
export type IdTokenClaims = {
|
|
165
|
+
iss: string;
|
|
166
|
+
sub: string;
|
|
167
|
+
aud: string;
|
|
168
|
+
exp: number;
|
|
169
|
+
iat: number;
|
|
170
|
+
at_hash?: Nullable<string>;
|
|
171
|
+
name?: Nullable<string>;
|
|
172
|
+
username?: Nullable<string>;
|
|
173
|
+
picture?: Nullable<string>;
|
|
174
|
+
email?: Nullable<string>;
|
|
175
|
+
email_verified?: boolean;
|
|
176
|
+
phone_number?: Nullable<string>;
|
|
177
|
+
phone_number_verified?: boolean;
|
|
178
|
+
};
|
|
179
|
+
export const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>;
|
|
180
|
+
export const decodeIdToken: (token: string) => IdTokenClaims;
|
|
181
|
+
/**
|
|
182
|
+
* @param originalScopes
|
|
183
|
+
* @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)
|
|
184
|
+
*/
|
|
185
|
+
export const withDefaultScopes: (originalScopes?: string[]) => string;
|
|
186
|
+
export type SignInUriParameters = {
|
|
187
|
+
authorizationEndpoint: string;
|
|
188
|
+
clientId: string;
|
|
189
|
+
redirectUri: string;
|
|
190
|
+
codeChallenge: string;
|
|
191
|
+
state: string;
|
|
192
|
+
scopes?: string[];
|
|
193
|
+
resources?: string[];
|
|
194
|
+
prompt?: Prompt;
|
|
195
|
+
};
|
|
196
|
+
export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, }: SignInUriParameters) => string;
|
|
197
|
+
type SignOutUriParameters = {
|
|
198
|
+
endSessionEndpoint: string;
|
|
199
|
+
clientId: string;
|
|
200
|
+
postLogoutRedirectUri?: string;
|
|
201
|
+
};
|
|
202
|
+
export const generateSignOutUri: ({ endSessionEndpoint, clientId, postLogoutRedirectUri, }: SignOutUriParameters) => string;
|
|
203
|
+
type Identity = {
|
|
204
|
+
userId: string;
|
|
205
|
+
details?: Record<string, unknown>;
|
|
206
|
+
};
|
|
207
|
+
export type UserInfoResponse = {
|
|
208
|
+
sub: string;
|
|
209
|
+
name?: Nullable<string>;
|
|
210
|
+
username?: Nullable<string>;
|
|
211
|
+
picture?: Nullable<string>;
|
|
212
|
+
email?: Nullable<string>;
|
|
213
|
+
email_verified?: boolean;
|
|
214
|
+
phone_number?: Nullable<string>;
|
|
215
|
+
phone_number_verified?: boolean;
|
|
216
|
+
custom_data?: unknown;
|
|
217
|
+
identities?: Record<string, Identity>;
|
|
218
|
+
};
|
|
219
|
+
export const fetchUserInfo: (userInfoEndpoint: string, accessToken: string, requester: Requester) => Promise<UserInfoResponse>;
|
|
220
|
+
|
|
221
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -2,7 +2,6 @@ import $lyZgO$camelcasekeys from "camelcase-keys";
|
|
|
2
2
|
import {conditional as $lyZgO$conditional, urlSafeBase64 as $lyZgO$urlSafeBase64} from "@silverhand/essentials";
|
|
3
3
|
import $lyZgO$lodashget from "lodash.get";
|
|
4
4
|
import {jwtVerify as $lyZgO$jwtVerify} from "jose";
|
|
5
|
-
import {ReservedScope as $lyZgO$ReservedScope, UserScope as $lyZgO$UserScope} from "@logto/core-kit";
|
|
6
5
|
|
|
7
6
|
function $parcel$exportWildcard(dest, source) {
|
|
8
7
|
Object.keys(source).forEach(function(key) {
|
|
@@ -23,7 +22,7 @@ function $parcel$exportWildcard(dest, source) {
|
|
|
23
22
|
function $parcel$export(e, n, v, s) {
|
|
24
23
|
Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
|
|
25
24
|
}
|
|
26
|
-
var $1eda3e9ea5865065$exports = {};
|
|
25
|
+
/* istanbul ignore file */ var $1eda3e9ea5865065$exports = {};
|
|
27
26
|
var $ce6f2a62716522ae$exports = {};
|
|
28
27
|
|
|
29
28
|
$parcel$export($ce6f2a62716522ae$exports, "fetchTokenByAuthorizationCode", () => $ce6f2a62716522ae$export$684f740cd70532d4);
|
|
@@ -35,6 +34,8 @@ $parcel$export($5422b71ae76f21f1$exports, "ContentType", () => $5422b71ae76f21f1
|
|
|
35
34
|
$parcel$export($5422b71ae76f21f1$exports, "TokenGrantType", () => $5422b71ae76f21f1$export$3f2aafdd1ccae76c);
|
|
36
35
|
$parcel$export($5422b71ae76f21f1$exports, "QueryKey", () => $5422b71ae76f21f1$export$65f63a8bc3cba53d);
|
|
37
36
|
$parcel$export($5422b71ae76f21f1$exports, "Prompt", () => $5422b71ae76f21f1$export$83716a4aa1642908);
|
|
37
|
+
$parcel$export($5422b71ae76f21f1$exports, "ReservedScope", () => $5422b71ae76f21f1$export$1d2e82cebfd4b08);
|
|
38
|
+
$parcel$export($5422b71ae76f21f1$exports, "UserScope", () => $5422b71ae76f21f1$export$4b02c5b431f6eb78);
|
|
38
39
|
const $5422b71ae76f21f1$export$e2e108cbe2e4f865 = {
|
|
39
40
|
formUrlEncoded: {
|
|
40
41
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
@@ -72,6 +73,39 @@ let $5422b71ae76f21f1$export$83716a4aa1642908;
|
|
|
72
73
|
Prompt["Consent"] = "consent";
|
|
73
74
|
Prompt["Login"] = "login";
|
|
74
75
|
})($5422b71ae76f21f1$export$83716a4aa1642908 || ($5422b71ae76f21f1$export$83716a4aa1642908 = {}));
|
|
76
|
+
let $5422b71ae76f21f1$export$1d2e82cebfd4b08;
|
|
77
|
+
(function(ReservedScope) {
|
|
78
|
+
ReservedScope["OpenId"] = "openid";
|
|
79
|
+
ReservedScope["OfflineAccess"] = "offline_access";
|
|
80
|
+
})($5422b71ae76f21f1$export$1d2e82cebfd4b08 || ($5422b71ae76f21f1$export$1d2e82cebfd4b08 = {}));
|
|
81
|
+
let $5422b71ae76f21f1$export$4b02c5b431f6eb78;
|
|
82
|
+
(function(UserScope) {
|
|
83
|
+
UserScope[/**
|
|
84
|
+
* Scope for basic user info.
|
|
85
|
+
*
|
|
86
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
87
|
+
*/ "Profile"] = "profile";
|
|
88
|
+
UserScope[/**
|
|
89
|
+
* Scope for user email address.
|
|
90
|
+
*
|
|
91
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
92
|
+
*/ "Email"] = "email";
|
|
93
|
+
UserScope[/**
|
|
94
|
+
* Scope for user phone number.
|
|
95
|
+
*
|
|
96
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
97
|
+
*/ "Phone"] = "phone";
|
|
98
|
+
UserScope[/**
|
|
99
|
+
* Scope for user's custom data.
|
|
100
|
+
*
|
|
101
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
102
|
+
*/ "CustomData"] = "custom_data";
|
|
103
|
+
UserScope[/**
|
|
104
|
+
* Scope for user's social identity details.
|
|
105
|
+
*
|
|
106
|
+
* See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
|
|
107
|
+
*/ "Identities"] = "identities";
|
|
108
|
+
})($5422b71ae76f21f1$export$4b02c5b431f6eb78 || ($5422b71ae76f21f1$export$4b02c5b431f6eb78 = {}));
|
|
75
109
|
|
|
76
110
|
|
|
77
111
|
const $ce6f2a62716522ae$export$684f740cd70532d4 = async ({ clientId: clientId , tokenEndpoint: tokenEndpoint , redirectUri: redirectUri , codeVerifier: codeVerifier , code: code , resource: resource }, requester)=>{
|
|
@@ -238,13 +272,13 @@ const $dfd50234d3585f12$var$issuedAtTimeTolerance = 60;
|
|
|
238
272
|
]){
|
|
239
273
|
if (typeof data[key] !== "string") throw new TypeError(`At path: IdToken.${key}: expected a string`);
|
|
240
274
|
}
|
|
241
|
-
for (const
|
|
275
|
+
for (const key of [
|
|
242
276
|
"exp",
|
|
243
277
|
"iat"
|
|
244
278
|
]){
|
|
245
|
-
if (typeof data[
|
|
279
|
+
if (typeof data[key] !== "number") throw new TypeError(`At path: IdToken.${key}: expected a number`);
|
|
246
280
|
}
|
|
247
|
-
for (const
|
|
281
|
+
for (const key of [
|
|
248
282
|
"at_hash",
|
|
249
283
|
"name",
|
|
250
284
|
"username",
|
|
@@ -252,19 +286,15 @@ const $dfd50234d3585f12$var$issuedAtTimeTolerance = 60;
|
|
|
252
286
|
"email",
|
|
253
287
|
"phone_number"
|
|
254
288
|
]){
|
|
255
|
-
if (data[
|
|
256
|
-
if (typeof data[
|
|
289
|
+
if (data[key] === undefined) continue;
|
|
290
|
+
if (typeof data[key] !== "string" && data[key] !== null) throw new TypeError(`At path: IdToken.${key}: expected null or a string`);
|
|
257
291
|
}
|
|
258
|
-
for (const
|
|
292
|
+
for (const key of [
|
|
259
293
|
"email_verified",
|
|
260
294
|
"phone_number_verified"
|
|
261
295
|
]){
|
|
262
|
-
if (data[
|
|
263
|
-
if (typeof data[
|
|
264
|
-
}
|
|
265
|
-
if (data.role_names !== undefined && data.role_names !== null && !Array.isArray(data.role_names)) throw new TypeError("At path: IdToken.role_names: expected null or an array of strings");
|
|
266
|
-
if (data.role_names) for (const [index, value] of data.role_names.entries()){
|
|
267
|
-
if (typeof value !== "string") throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);
|
|
296
|
+
if (data[key] === undefined) continue;
|
|
297
|
+
if (typeof data[key] !== "boolean") throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
|
|
268
298
|
}
|
|
269
299
|
}
|
|
270
300
|
const $dfd50234d3585f12$export$b5b3317c8aecbcd5 = async (idToken, clientId, issuer, jwks)=>{
|
|
@@ -289,10 +319,10 @@ var $570e2e6b31a027ff$exports = {};
|
|
|
289
319
|
$parcel$export($570e2e6b31a027ff$exports, "withDefaultScopes", () => $570e2e6b31a027ff$export$3cf0748e30b766d7);
|
|
290
320
|
|
|
291
321
|
const $570e2e6b31a027ff$export$3cf0748e30b766d7 = (originalScopes)=>{
|
|
292
|
-
const reservedScopes = Object.values((0, $
|
|
322
|
+
const reservedScopes = Object.values((0, $5422b71ae76f21f1$export$1d2e82cebfd4b08));
|
|
293
323
|
const uniqueScopes = new Set([
|
|
294
324
|
...reservedScopes,
|
|
295
|
-
(0, $
|
|
325
|
+
(0, $5422b71ae76f21f1$export$4b02c5b431f6eb78).Profile,
|
|
296
326
|
...originalScopes ?? []
|
|
297
327
|
]);
|
|
298
328
|
return Array.from(uniqueScopes).join(" ");
|
|
@@ -329,9 +359,9 @@ var $fcccd93c698efc4f$exports = {};
|
|
|
329
359
|
|
|
330
360
|
$parcel$export($fcccd93c698efc4f$exports, "generateSignOutUri", () => $fcccd93c698efc4f$export$b3c9a2bd2330de28);
|
|
331
361
|
|
|
332
|
-
const $fcccd93c698efc4f$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint ,
|
|
362
|
+
const $fcccd93c698efc4f$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , clientId: clientId , postLogoutRedirectUri: postLogoutRedirectUri })=>{
|
|
333
363
|
const urlSearchParameters = new URLSearchParams({
|
|
334
|
-
[(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).
|
|
364
|
+
[(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).ClientId]: clientId
|
|
335
365
|
});
|
|
336
366
|
if (postLogoutRedirectUri) urlSearchParameters.append((0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).PostLogoutRedirectUri, postLogoutRedirectUri);
|
|
337
367
|
return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
|
|
@@ -363,5 +393,5 @@ var $be59ab5b66bc1c36$exports = {};
|
|
|
363
393
|
|
|
364
394
|
|
|
365
395
|
|
|
366
|
-
export {$ce6f2a62716522ae$export$684f740cd70532d4 as fetchTokenByAuthorizationCode, $ce6f2a62716522ae$export$9909137b467efb8b as fetchTokenByRefreshToken, $eefdbfea5ec3abd9$export$815bda5ead26b243 as discoveryPath, $eefdbfea5ec3abd9$export$98242d8e822ad11f as fetchOidcConfig, $7397ba7739ada584$export$573f8dbbf6fbef75 as revoke, $bfba480b8ff41607$export$b01a187f12b774c6 as generateSignInUri, $fcccd93c698efc4f$export$b3c9a2bd2330de28 as generateSignOutUri, $4fde57d99d3b8df5$export$eee09f98e5b044aa as fetchUserInfo, $2cac19d9fad63bff$export$4851e69315d5b72c as parseUriParameters, $2cac19d9fad63bff$export$dc3fae3c99763885 as verifyAndParseCodeFromCallbackUri, $ab66c74b65acc6a3$export$ba60d77e6748b659 as LogtoError, $ab66c74b65acc6a3$export$27f79c8238476d38 as isLogtoRequestError, $ab66c74b65acc6a3$export$e6e15b8ba42b9b70 as LogtoRequestError, $ab66c74b65acc6a3$export$d4832bcf9ce430e0 as OidcError, $dfd50234d3585f12$export$b5b3317c8aecbcd5 as verifyIdToken, $dfd50234d3585f12$export$aac2d5b7f5cd16d5 as decodeIdToken, $570e2e6b31a027ff$export$3cf0748e30b766d7 as withDefaultScopes, $428623a300dc9baf$export$aa016a295c6092c8 as isArbitraryObject, $5422b71ae76f21f1$export$e2e108cbe2e4f865 as ContentType, $5422b71ae76f21f1$export$3f2aafdd1ccae76c as TokenGrantType, $5422b71ae76f21f1$export$65f63a8bc3cba53d as QueryKey, $5422b71ae76f21f1$export$83716a4aa1642908 as Prompt};
|
|
367
|
-
//# sourceMappingURL=module.
|
|
396
|
+
export {$ce6f2a62716522ae$export$684f740cd70532d4 as fetchTokenByAuthorizationCode, $ce6f2a62716522ae$export$9909137b467efb8b as fetchTokenByRefreshToken, $eefdbfea5ec3abd9$export$815bda5ead26b243 as discoveryPath, $eefdbfea5ec3abd9$export$98242d8e822ad11f as fetchOidcConfig, $7397ba7739ada584$export$573f8dbbf6fbef75 as revoke, $bfba480b8ff41607$export$b01a187f12b774c6 as generateSignInUri, $fcccd93c698efc4f$export$b3c9a2bd2330de28 as generateSignOutUri, $4fde57d99d3b8df5$export$eee09f98e5b044aa as fetchUserInfo, $2cac19d9fad63bff$export$4851e69315d5b72c as parseUriParameters, $2cac19d9fad63bff$export$dc3fae3c99763885 as verifyAndParseCodeFromCallbackUri, $ab66c74b65acc6a3$export$ba60d77e6748b659 as LogtoError, $ab66c74b65acc6a3$export$27f79c8238476d38 as isLogtoRequestError, $ab66c74b65acc6a3$export$e6e15b8ba42b9b70 as LogtoRequestError, $ab66c74b65acc6a3$export$d4832bcf9ce430e0 as OidcError, $dfd50234d3585f12$export$b5b3317c8aecbcd5 as verifyIdToken, $dfd50234d3585f12$export$aac2d5b7f5cd16d5 as decodeIdToken, $570e2e6b31a027ff$export$3cf0748e30b766d7 as withDefaultScopes, $428623a300dc9baf$export$aa016a295c6092c8 as isArbitraryObject, $5422b71ae76f21f1$export$e2e108cbe2e4f865 as ContentType, $5422b71ae76f21f1$export$3f2aafdd1ccae76c as TokenGrantType, $5422b71ae76f21f1$export$65f63a8bc3cba53d as QueryKey, $5422b71ae76f21f1$export$83716a4aa1642908 as Prompt, $5422b71ae76f21f1$export$1d2e82cebfd4b08 as ReservedScope, $5422b71ae76f21f1$export$4b02c5b431f6eb78 as UserScope};
|
|
397
|
+
//# sourceMappingURL=module.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;GAnBE,8CAAA;IAsBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADFL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,oBAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,oBAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,oBAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,gBAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAEO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,kBAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,kBAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADhDA;;;;;;AIAA;;;;AAQA,MAAM,8CAAwB;AAkB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;AACF;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,gBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,oBAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC9FA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANRA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAad,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,EACc,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AO3CA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,YAClB,SAAQ,yBACR,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;IAAS;IAEhF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACEO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad7BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport type { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n OpenId = 'openid',\n OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n /**\n * Scope for basic user info.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Profile = 'profile',\n /**\n * Scope for user email address.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Email = 'email',\n /**\n * Scope for user phone number.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Phone = 'phone',\n /**\n * Scope for user's custom data.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n CustomData = 'custom_data',\n /**\n * Scope for user's social identity details.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Identities = 'identities',\n}\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport type { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport type { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import type { Nullable } from '@silverhand/essentials';\nimport { urlSafeBase64 } from '@silverhand/essentials';\nimport type { JWTVerifyGetKey } from 'jose';\nimport { jwtVerify } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n clientId: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n clientId,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.ClientId]: clientId });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import type { Nullable } from '@silverhand/essentials';\n\nimport type { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n custom_data?: unknown; // Not null in DB.\n identities?: Record<string, Identity>; // Not null in DB.\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"module.mjs.map"}
|
package/package.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@logto/js",
|
|
3
|
-
"version": "1.0.0
|
|
3
|
+
"version": "1.0.0",
|
|
4
4
|
"source": "./src/index.ts",
|
|
5
5
|
"main": "./lib/index.js",
|
|
6
6
|
"exports": {
|
|
7
7
|
"require": "./lib/index.js",
|
|
8
|
-
"import": "./lib/module.
|
|
8
|
+
"import": "./lib/module.mjs"
|
|
9
9
|
},
|
|
10
|
-
"module": "./lib/module.
|
|
10
|
+
"module": "./lib/module.mjs",
|
|
11
11
|
"types": "./lib/index.d.ts",
|
|
12
12
|
"files": [
|
|
13
13
|
"lib"
|
|
@@ -22,14 +22,13 @@
|
|
|
22
22
|
"dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
|
|
23
23
|
"precommit": "lint-staged",
|
|
24
24
|
"check": "tsc --noEmit",
|
|
25
|
-
"build": "rm -rf lib/ && pnpm check && parcel build",
|
|
25
|
+
"build": "rm -rf lib/ && pnpm check && parcel build && cp lib/index.d.ts lib/module.d.mts",
|
|
26
26
|
"lint": "eslint --ext .ts src",
|
|
27
27
|
"test": "jest",
|
|
28
28
|
"test:coverage": "jest --silent --env=jsdom && jest --silent --coverage",
|
|
29
29
|
"prepack": "pnpm test"
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
|
-
"@logto/core-kit": "1.0.0-beta.16",
|
|
33
32
|
"@silverhand/essentials": "^1.2.1",
|
|
34
33
|
"camelcase-keys": "^7.0.1",
|
|
35
34
|
"jose": "^4.3.8",
|
|
@@ -37,25 +36,25 @@
|
|
|
37
36
|
},
|
|
38
37
|
"devDependencies": {
|
|
39
38
|
"@jest/types": "^27.5.1",
|
|
40
|
-
"@parcel/core": "^2.
|
|
41
|
-
"@parcel/packager-ts": "^2.
|
|
42
|
-
"@parcel/transformer-typescript-types": "^2.
|
|
43
|
-
"@silverhand/eslint-config": "^
|
|
39
|
+
"@parcel/core": "^2.8.3",
|
|
40
|
+
"@parcel/packager-ts": "^2.8.3",
|
|
41
|
+
"@parcel/transformer-typescript-types": "^2.8.3",
|
|
42
|
+
"@silverhand/eslint-config": "^2.0.0",
|
|
44
43
|
"@silverhand/ts-config": "^1.0.0",
|
|
45
44
|
"@types/jest": "^27.4.1",
|
|
46
45
|
"@types/lodash.get": "^4.4.6",
|
|
47
|
-
"@types/node": "^
|
|
46
|
+
"@types/node": "^18.0.0",
|
|
48
47
|
"eslint": "^8.23.0",
|
|
49
48
|
"jest": "^27.5.1",
|
|
50
49
|
"jest-matcher-specific-error": "^1.0.0",
|
|
51
50
|
"lint-staged": "^13.0.0",
|
|
52
51
|
"nock": "^13.1.3",
|
|
53
|
-
"parcel": "^2.
|
|
52
|
+
"parcel": "^2.8.3",
|
|
54
53
|
"prettier": "^2.7.1",
|
|
55
54
|
"text-encoder": "^0.0.4",
|
|
56
55
|
"ts-jest": "^27.0.4",
|
|
57
56
|
"type-fest": "^3.0.0",
|
|
58
|
-
"typescript": "4.
|
|
57
|
+
"typescript": "4.9.5"
|
|
59
58
|
},
|
|
60
59
|
"eslintConfig": {
|
|
61
60
|
"extends": "@silverhand"
|
|
@@ -64,5 +63,5 @@
|
|
|
64
63
|
"publishConfig": {
|
|
65
64
|
"access": "public"
|
|
66
65
|
},
|
|
67
|
-
"gitHead": "
|
|
66
|
+
"gitHead": "fff27b23a74d5bd3a46fc83fbbc2901b6e054c72"
|
|
68
67
|
}
|
package/lib/module.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;ACAO,MAAM,yCAAW,GAAG;IACzB,cAAc,EAAE;QAAE,cAAc,EAAE,mCAAmC;KAAE;CACxE,AAAC;IAEK,yCAGN;UAHW,cAAc;IAAd,cAAc,CACxB,mBAAiB,IAAG,oBAAoB;IAD9B,cAAc,CAExB,cAAY,IAAG,eAAe;GAFpB,yCAAc,KAAd,yCAAc;IAKnB,yCAoBN;UApBW,QAAQ;IAAR,QAAQ,CAClB,UAAQ,IAAG,WAAW;IADZ,QAAQ,CAElB,MAAI,IAAG,MAAM;IAFH,QAAQ,CAGlB,eAAa,IAAG,gBAAgB;IAHtB,QAAQ,CAIlB,qBAAmB,IAAG,uBAAuB;IAJnC,QAAQ,CAKlB,cAAY,IAAG,eAAe;IALpB,QAAQ,CAMlB,OAAK,IAAG,OAAO;IANL,QAAQ,CAOlB,kBAAgB,IAAG,mBAAmB;IAP5B,QAAQ,CAQlB,WAAS,IAAG,YAAY;IARd,QAAQ,CASlB,SAAO,IAAG,UAAU;IATV,QAAQ,CAUlB,aAAW,IAAG,eAAe;IAVnB,QAAQ,CAWlB,uBAAqB,IAAG,0BAA0B;IAXxC,QAAQ,CAYlB,QAAM,IAAG,QAAQ;IAZP,QAAQ,CAalB,aAAW,IAAG,cAAc;IAblB,QAAQ,CAclB,cAAY,IAAG,eAAe;IAdpB,QAAQ,CAelB,UAAQ,IAAG,UAAU;IAfX,QAAQ,CAgBlB,cAAY,IAAG,eAAe;IAhBpB,QAAQ,CAiBlB,OAAK,IAAG,OAAO;IAjBL,QAAQ,CAkBlB,OAAK,IAAG,OAAO;IAlBL,QAAQ,CAmBlB,OAAK,IAAG,OAAO;GAnBL,yCAAQ,KAAR,yCAAQ;IAsBb,yCAGN;UAHW,MAAM;IAAN,MAAM,CAChB,SAAO,IAAG,SAAS;IADT,MAAM,CAEhB,OAAK,IAAG,OAAO;GAFL,yCAAM,KAAN,yCAAM;;;ADYX,MAAM,yCAA6B,GAAG,OAC3C,YACE,QAAQ,CAAA,iBACR,aAAa,CAAA,eACb,WAAW,CAAA,gBACX,YAAY,CAAA,QACZ,IAAI,CAAA,YACJ,QAAQ,CAAA,EACgC,EAC1C,SAAoB,GACW;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,AAAC;IACzC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IACrD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,SAAS,EAAE,CAAA,GAAA,yCAAc,CAAA,CAAC,iBAAiB,CAAC,CAAC;IAExE,IAAI,QAAQ,EACV,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAGjD,MAAM,0BAA0B,GAAG,MAAM,SAAS,CAA6B,aAAa,EAAE;QAC5F,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,UAAU;KACjB,CAAC,AAAC;IAEH,OAAO,CAAA,GAAA,oBAAa,CAAA,CAAC,0BAA0B,CAAC,CAAC;CAClD,AAAC;AAEK,MAAM,yCAAwB,GAAG,OACtC,YAAE,QAAQ,CAAA,iBAAE,aAAa,CAAA,gBAAE,YAAY,CAAA,YAAE,QAAQ,CAAA,UAAE,MAAM,CAAA,EAAsC,EAC/F,SAAoB,GACmB;IACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,AAAC;IACzC,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/C,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACvD,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,SAAS,EAAE,CAAA,GAAA,yCAAc,CAAA,CAAC,YAAY,CAAC,CAAC;IAEnE,IAAI,QAAQ,EACV,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAGjD,IAAI,MAAM,EAAE,MAAM,EAChB,UAAU,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAGtD,MAAM,kCAAkC,GAAG,MAAM,SAAS,CACxD,aAAa,EACb;QACE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,UAAU;KACjB,CACF,AAAC;IAEF,OAAO,CAAA,GAAA,oBAAa,CAAA,CAAC,kCAAkC,CAAC,CAAC;CAC1D,AAAC;;ADrGF;;;;;AGAA;AAeO,MAAM,yCAAa,GAAG,wCAAwC,AAAC;AAI/D,MAAM,yCAAe,GAAG,OAC7B,QAAgB,EAChB,SAAoB,GAEpB,CAAA,GAAA,oBAAa,CAAA,CAAC,MAAM,SAAS,CAA8B,QAAQ,CAAC,CAAC,AAAC;;;;;;ACvBxE;AAGO,MAAM,yCAAM,GAAG,OACpB,kBAA0B,EAC1B,QAAgB,EAChB,KAAa,EACb,SAAoB,GAEpB,SAAS,CAAO,kBAAkB,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,CAAA,GAAA,yCAAW,CAAA,CAAC,cAAc;QACnC,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,CAAC,EAAE,QAAQ;YAC7B,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,KAAK;SACxB,CAAC;KACH,CAAC,AAAC;;;;;;AChBL;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,yCAAiB,GAAG,CAAC,IAAa,GAC7C,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,AAAC;;;ADI5C,MAAM,qCAAe,GAAG,MAAM,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE;QACR,WAAW,EAAE,wCAAwC;QACrD,aAAa,EAAE,kBAAkB;KAClC;IACD,yBAAyB,EAAE;QACzB,uBAAuB,EAAE,+CAA+C;QACxE,WAAW,EAAE,iCAAiC;QAC9C,aAAa,EAAE,mCAAmC;QAClD,gBAAgB,EAAE,sCAAsC;QACxD,YAAY,EAAE,kCAAkC;KACjD;IACD,yBAAyB,EAAE,gEAAgE;IAC3F,yBAAyB,EAAE,4CAA4C;CACxE,CAAC,AAAC;AAIH,MAAM,2CAAqB,GAAG,CAAC,SAAyB,GAAa;IACnE,mEAAmE;IACnE,MAAM,OAAO,GAAG,CAAA,GAAA,gBAAG,CAAA,CAAC,qCAAe,EAAE,SAAS,CAAC,AAAC;IAEhD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAC7B,OAAO,OAAO,CAAC;IAGjB,OAAO,SAAS,CAAC;CAClB,AAAC;AAEK,MAAM,yCAAU,SAAS,KAAK;IAInC,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,2CAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;AAEM,MAAM,yCAAmB,GAAG,CAAC,IAAa,GAAgD;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,CAAA,CAAC,IAAI,CAAC,EAC1B,OAAO,KAAK,CAAC;IAGf,OAAO,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC;CAC1E,AAAC;AAEK,MAAM,yCAAiB,SAAS,KAAK;IAG1C,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;KAClB;CACF;AAEM,MAAM,yCAAS;IACpB,YAAmB,KAAa,EAAS,gBAAyB,CAAE;aAAjD,KAAa,GAAb,KAAa;aAAS,gBAAyB,GAAzB,gBAAyB;KAAI;CACvE;;;AD3DM,MAAM,yCAAkB,GAAG,CAAC,GAAW,GAAK;IACjD,MAAM,GAAG,WAAW,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;IAE5C,OAAO,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;CACzC,AAAC;AAGK,MAAM,yCAAiC,GAAG,CAC/C,WAAmB,EACnB,WAAmB,EACnB,KAAa,GACV;IACH,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,EACtC,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,mDAAmD,CAAC,CAAC;IAE5E,MAAM,aAAa,GAAG,yCAAkB,CAAC,WAAW,CAAC,AAAC;IAEtD,MAAM,KAAK,GAAG,CAAA,GAAA,kBAAW,CAAA,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,CAAC,AAAC;IAC7D,MAAM,gBAAgB,GAAG,CAAA,GAAA,kBAAW,CAAA,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,gBAAgB,CAAC,CAAC,AAAC;IAEnF,IAAI,KAAK,EACP,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAClB,uCAAuC,EACvC,IAAI,CAAA,GAAA,yCAAS,CAAA,CAAC,KAAK,EAAE,gBAAgB,CAAC,CACvC,CAAC;IAGJ,MAAM,oBAAoB,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,AAAC;IAE/D,IAAI,CAAC,oBAAoB,EACvB,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,yCAAyC,CAAC,CAAC;IAGlE,IAAI,oBAAoB,KAAK,KAAK,EAChC,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,4CAA4C,CAAC,CAAC;IAGrE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,IAAI,CAAC,AAAC;IAE9C,IAAI,CAAC,IAAI,EACP,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,wCAAwC,CAAC,CAAC;IAGjE,OAAO,IAAI,CAAC;CACb,AAAC;;ADjDF;;;;;;AIAA;;;;AAMA,MAAM,2CAAqB,GAAG,EAAE,AAAC;AAmBjC,+BAA+B,CAC/B;;GAEG,CACH,SAAS,yCAAmB,CAAC,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAiB,CAAA,CAAC,IAAI,CAAC,EAC1B,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAC;IAG7D,KAAK,MAAM,GAAG,IAAI;QAAC,KAAK;QAAE,KAAK;QAAE,KAAK;KAAC,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,QAAQ,EAC/B,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;KAErE;IAED,KAAK,MAAM,IAAG,IAAI;QAAC,KAAK;QAAE,KAAK;KAAC,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAG,CAAC,KAAK,QAAQ,EAC/B,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,IAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;KAErE;IAED,KAAK,MAAM,IAAG,IAAI;QAAC,SAAS;QAAE,MAAM;QAAE,UAAU;QAAE,SAAS;QAAE,OAAO;QAAE,cAAc;KAAC,CAAE;QACrF,IAAI,IAAI,CAAC,IAAG,CAAC,KAAK,SAAS,EACzB,SAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAG,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAG,CAAC,KAAK,IAAI,EACrD,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,IAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;KAE7E;IAED,KAAK,MAAM,IAAG,IAAI;QAAC,gBAAgB;QAAE,uBAAuB;KAAC,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAG,CAAC,KAAK,SAAS,EACzB,SAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAG,CAAC,KAAK,SAAS,EAChC,MAAM,IAAI,SAAS,CAAC,CAAC,iBAAiB,EAAE,IAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;KAEtE;IAED,IACE,IAAI,CAAC,UAAU,KAAK,SAAS,IAC7B,IAAI,CAAC,UAAU,KAAK,IAAI,IACxB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAE/B,MAAM,IAAI,SAAS,CAAC,mEAAmE,CAAC,CAAC;IAG3F,IAAI,IAAI,CAAC,UAAU,EACjB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAE;QACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAC3B,MAAM,IAAI,SAAS,CAAC,CAAC,4BAA4B,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;KAEnF;CAEJ;AAGM,MAAM,yCAAa,GAAG,OAC3B,OAAe,EACf,QAAgB,EAChB,MAAc,EACd,IAAqB,GAClB;IACH,MAAM,MAAM,GAAG,MAAM,CAAA,GAAA,gBAAS,CAAA,CAAC,OAAO,EAAE,IAAI,EAAE;QAAE,QAAQ,EAAE,QAAQ;gBAAE,MAAM;KAAE,CAAC,AAAC;IAE9E,IAAI,IAAI,CAAC,GAAG,CAAC,AAAC,CAAA,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA,GAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,2CAAqB,EACjF,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,sBAAsB,CAAC,CAAC;CAEhD,AAAC;AAEK,MAAM,yCAAa,GAAG,CAAC,KAAa,GAAoB;IAC7D,MAAM,EAAE,CAAC,EAAE,cAAc,CAAA,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,AAAC;IAE/C,IAAI,CAAC,cAAc,EACjB,MAAM,IAAI,CAAA,GAAA,yCAAU,CAAA,CAAC,wBAAwB,CAAC,CAAC;IAGjD,MAAM,IAAI,GAAG,CAAA,GAAA,oBAAa,CAAA,CAAC,MAAM,CAAC,cAAc,CAAC,AAAC;IAClD,MAAM,aAAa,GAAY,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,AAAC;IAChD,yCAAmB,CAAC,aAAa,CAAC,CAAC;IAEnC,OAAO,aAAa,CAAC;CACtB,AAAC;;;;;;AC7GF;AAMO,MAAM,yCAAiB,GAAG,CAAC,cAAyB,GAAa;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAA,GAAA,oBAAa,CAAA,CAAC,AAAC;IACpD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;WAAI,cAAc;QAAE,CAAA,GAAA,gBAAS,CAAA,CAAC,OAAO;WAAM,cAAc,IAAI,EAAE;KAAE,CAAC,AAAC;IAEhG,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;CAC3C,AAAC;;;;;;;;;;;ANRF,MAAM,yCAAmB,GAAG,MAAM,AAAC;AACnC,MAAM,kCAAY,GAAG,MAAM,AAAC;AAarB,MAAM,yCAAiB,GAAG,CAAC,yBAChC,qBAAqB,CAAA,YACrB,QAAQ,CAAA,eACR,WAAW,CAAA,iBACX,aAAa,CAAA,SACb,KAAK,CAAA,UACL,MAAM,CAAA,aACN,SAAS,CAAA,UACT,MAAM,CAAA,EACc,GAAK;IACzB,MAAM,mBAAmB,GAAG,IAAI,eAAe,CAAC;QAC9C,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,CAAC,EAAE,QAAQ;QAC7B,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,CAAC,EAAE,WAAW;QACnC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,aAAa,CAAC,EAAE,aAAa;QACvC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,mBAAmB,CAAC,EAAE,yCAAmB;QACnD,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,KAAK;QACvB,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,YAAY,CAAC,EAAE,kCAAY;QACrC,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAA,GAAA,yCAAM,CAAA,CAAC,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,CAAA,CAAC,MAAM,CAAC;KAC5C,CAAC,AAAC;IAEH,KAAK,MAAM,QAAQ,IAAI,SAAS,IAAI,EAAE,CACpC,mBAAmB,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAG1D,OAAO,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAE,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;CACrE,AAAC;;;;;;AO3CF;AAQO,MAAM,yCAAkB,GAAG,CAAC,sBACjC,kBAAkB,CAAA,WAClB,OAAO,CAAA,yBACP,qBAAqB,CAAA,EACA,GAAK;IAC1B,MAAM,mBAAmB,GAAG,IAAI,eAAe,CAAC;QAAE,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,WAAW,CAAC,EAAE,OAAO;KAAE,CAAC,AAAC;IAErF,IAAI,qBAAqB,EACvB,mBAAmB,CAAC,MAAM,CAAC,CAAA,GAAA,yCAAQ,CAAA,CAAC,qBAAqB,EAAE,qBAAqB,CAAC,CAAC;IAGpF,OAAO,CAAC,EAAE,kBAAkB,CAAC,CAAC,EAAE,mBAAmB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;CAClE,AAAC;;;;;;ACCK,MAAM,yCAAa,GAAG,OAC3B,gBAAwB,EACxB,WAAmB,EACnB,SAAoB,GAEpB,SAAS,CAAmB,gBAAgB,EAAE;QAC5C,OAAO,EAAE;YAAE,aAAa,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;SAAE;KACpD,CAAC,AAAC;;;;;;;;;;Ad3BL;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\n// eslint-disable-next-line complexity\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import { Nullable, urlSafeBase64 } from '@silverhand/essentials';\nimport { jwtVerify, JWTVerifyGetKey } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n role_names?: Nullable<string[]>;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n\n if (\n data.role_names !== undefined &&\n data.role_names !== null &&\n !Array.isArray(data.role_names)\n ) {\n throw new TypeError('At path: IdToken.role_names: expected null or an array of strings');\n }\n\n if (data.role_names) {\n for (const [index, value] of data.role_names.entries()) {\n if (typeof value !== 'string') {\n throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);\n }\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '@logto/core-kit';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n idToken: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n idToken,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.IdTokenHint]: idToken });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: string;\n username?: string;\n picture?: string;\n role_names?: string[];\n email?: string;\n email_verified?: boolean;\n phone_number?: string;\n phone_number_verified?: boolean;\n custom_data?: unknown;\n identities?: Record<string, Identity>;\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"module.js.map"}
|