@logto/js 1.0.0-rc.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/lib/index.d.ts +12 -11
  2. package/lib/index.d.ts.map +1 -1
  3. package/lib/index.js +7 -7
  4. package/lib/index.js.map +1 -1
  5. package/lib/module.d.mts +12 -11
  6. package/lib/module.mjs +7 -7
  7. package/lib/module.mjs.map +1 -1
  8. package/package.json +5 -5
package/lib/index.d.ts CHANGED
@@ -28,7 +28,8 @@ export enum QueryKey {
28
28
  ResponseType = "response_type",
29
29
  Scope = "scope",
30
30
  State = "state",
31
- Token = "token"
31
+ Token = "token",
32
+ InteractionMode = "interaction_mode"
32
33
  }
33
34
  export enum Prompt {
34
35
  Consent = "consent",
@@ -78,6 +79,7 @@ export type LogtoRequestErrorBody = {
78
79
  message: string;
79
80
  };
80
81
  export type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;
82
+ export type InteractionMode = 'signIn' | 'signUp';
81
83
  export type FetchTokenByAuthorizationCodeParameters = {
82
84
  clientId: string;
83
85
  tokenEndpoint: string;
@@ -175,7 +177,6 @@ export type IdTokenClaims = {
175
177
  email_verified?: boolean;
176
178
  phone_number?: Nullable<string>;
177
179
  phone_number_verified?: boolean;
178
- role_names?: Nullable<string[]>;
179
180
  };
180
181
  export const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>;
181
182
  export const decodeIdToken: (token: string) => IdTokenClaims;
@@ -193,27 +194,27 @@ export type SignInUriParameters = {
193
194
  scopes?: string[];
194
195
  resources?: string[];
195
196
  prompt?: Prompt;
197
+ interactionMode?: InteractionMode;
196
198
  };
197
- export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, }: SignInUriParameters) => string;
199
+ export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, interactionMode, }: SignInUriParameters) => string;
198
200
  type SignOutUriParameters = {
199
201
  endSessionEndpoint: string;
200
- idToken: string;
202
+ clientId: string;
201
203
  postLogoutRedirectUri?: string;
202
204
  };
203
- export const generateSignOutUri: ({ endSessionEndpoint, idToken, postLogoutRedirectUri, }: SignOutUriParameters) => string;
205
+ export const generateSignOutUri: ({ endSessionEndpoint, clientId, postLogoutRedirectUri, }: SignOutUriParameters) => string;
204
206
  type Identity = {
205
207
  userId: string;
206
208
  details?: Record<string, unknown>;
207
209
  };
208
210
  export type UserInfoResponse = {
209
211
  sub: string;
210
- name?: string;
211
- username?: string;
212
- picture?: string;
213
- role_names?: string[];
214
- email?: string;
212
+ name?: Nullable<string>;
213
+ username?: Nullable<string>;
214
+ picture?: Nullable<string>;
215
+ email?: Nullable<string>;
215
216
  email_verified?: boolean;
216
- phone_number?: string;
217
+ phone_number?: Nullable<string>;
217
218
  phone_number_verified?: boolean;
218
219
  custom_data?: unknown;
219
220
  identities?: Record<string, Identity>;
package/lib/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"mappings":";;AAAA,OAAO,MAAM;;;;CAEZ,CAAC;AAEF;IACE,iBAAiB,uBAAuB;IACxC,YAAY,kBAAkB;CAC/B;AAED;IACE,QAAQ,cAAc;IACtB,IAAI,SAAS;IACb,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,gBAAgB,sBAAsB;IACtC,SAAS,eAAe;IACxB,OAAO,aAAa;IACpB,WAAW,kBAAkB;IAC7B,qBAAqB,6BAA6B;IAClD,iBAAiB;IACjB,WAAW,iBAAiB;IAC5B,YAAY,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;CAChB;AAED;IACE,OAAO,YAAY;IACnB,KAAK,UAAU;CAChB;AAGD;IACE,MAAM,WAAW;IACjB,aAAa,mBAAmB;CACjC;AAED;;GAEG;AACH;IACE;;;;OAIG;IACH,OAAO,YAAY;IACnB;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,UAAU,gBAAgB;IAC1B;;;;OAIG;IACH,UAAU,eAAe;CAC1B;AC5ED,oCAAoC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAwB,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,CAAC,OAAO,KAAK,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;ACC7E,sDAAsD;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,iDAAiD;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,kCAAkC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,gCAAgC,gBAAgB,0BAA0B,CAAC,CAAC;AAE5E,0CAA0C;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wCAAwC,gBAAgB,kCAAkC,CAAC,CAAC;AAE5F,OAAO,MAAM,yGAQR,uCAAuC,aAC/B,SAAS,KACnB,QAAQ,iBAAiB,CAmB3B,CAAC;AAEF,OAAO,MAAM,wFACkD,kCAAkC,aACpF,SAAS,KACnB,QAAQ,yBAAyB,CAwBnC,CAAC;AChGF,mCAAmC;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,OAAO,MAAM,wDAAwD,CAAC;AAEtE,iCAAiC,gBAAgB,2BAA2B,CAAC,CAAC;AAE9E,OAAO,MAAM,4BACD,MAAM,aACL,SAAS,KACnB,QAAQ,kBAAkB,CAC0C,CAAC;ACpBxE,OAAO,MAAM,6BACS,MAAM,YAChB,MAAM,SACT,MAAM,aACF,SAAS,KACnB,QAAQ,IAAI,CAQX,CAAC;AChBL,OAAO,MAAM,0BAA2B,OAAO,oCACJ,CAAC;ACI5C,QAAA,MAAM;;;;;;;;;;;;;;EAcJ,CAAC;AAEH,6BAA6B,kBAAkB,sBAAsB,CAAC,CAAC;AAavE,uBAAwB,SAAQ,KAAK;IACnC,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,OAAO;CAKjD;AAED,OAAO,MAAM,4BAA6B,OAAO;UAAmB,MAAM;aAAW,MAAM;CAM1F,CAAC;AAEF,8BAA+B,SAAQ,KAAK;IAC1C,IAAI,EAAE,MAAM,CAAC;gBAED,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI1C;AAED;IACqB,KAAK,EAAE,MAAM;IAAS,gBAAgB,CAAC;gBAAvC,KAAK,EAAE,MAAM,EAAS,gBAAgB,CAAC,oBAAQ;CACnE;AC3DD,OAAO,MAAM,0BAA2B,MAAM,oBAI7C,CAAC;AAGF,OAAO,MAAM,iDACE,MAAM,eACN,MAAM,SACZ,MAAM,WAkCd,CAAC;ACzCF,4BAA4B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC;CACjC,CAAC;AA6DF,OAAO,MAAM,yBACF,MAAM,YACL,MAAM,UACR,MAAM,QACR,eAAe,kBAOtB,CAAC;AAEF,OAAO,MAAM,uBAAwB,MAAM,KAAG,aAY7C,CAAC;AC3GF;;;GAGG;AACH,OAAO,MAAM,qCAAsC,MAAM,EAAE,KAAG,MAK7D,CAAC;AELF,kCAAkC;IAChC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,OAAO,MAAM,wHASV,mBAAmB,WAiBrB,CAAC;ACzCF,4BAA4B;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,MAAM,8EAIV,oBAAoB,WAQtB,CAAC;AClBF,gBAAgB;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC,CAAC;AAEF,+BAA+B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF,OAAO,MAAM,kCACO,MAAM,eACX,MAAM,aACR,SAAS,KACnB,QAAQ,gBAAgB,CAGvB,CAAC","sources":["packages/js/src/src/consts/index.ts","packages/js/src/src/types/index.ts","packages/js/src/src/core/fetch-token.ts","packages/js/src/src/core/oidc-config.ts","packages/js/src/src/core/revoke.ts","packages/js/src/src/utils/arbitrary-object.ts","packages/js/src/src/utils/errors.ts","packages/js/src/src/utils/callback-uri.ts","packages/js/src/src/utils/id-token.ts","packages/js/src/src/utils/scopes.ts","packages/js/src/src/utils/index.ts","packages/js/src/src/core/sign-in.ts","packages/js/src/src/core/sign-out.ts","packages/js/src/src/core/user-info.ts","packages/js/src/src/core/index.ts","packages/js/src/src/index.ts","packages/js/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,"/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n"],"names":[],"version":3,"file":"index.d.ts.map"}
1
+ {"mappings":";;AAAA,OAAO,MAAM;;;;CAEZ,CAAC;AAEF;IACE,iBAAiB,uBAAuB;IACxC,YAAY,kBAAkB;CAC/B;AAED;IACE,QAAQ,cAAc;IACtB,IAAI,SAAS;IACb,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,gBAAgB,sBAAsB;IACtC,SAAS,eAAe;IACxB,OAAO,aAAa;IACpB,WAAW,kBAAkB;IAC7B,qBAAqB,6BAA6B;IAClD,iBAAiB;IACjB,WAAW,iBAAiB;IAC5B,YAAY,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;IAEf,eAAe,qBAAqB;CACrC;AAED;IACE,OAAO,YAAY;IACnB,KAAK,UAAU;CAChB;AAGD;IACE,MAAM,WAAW;IACjB,aAAa,mBAAmB;CACjC;AAED;;GAEG;AACH;IACE;;;;OAIG;IACH,OAAO,YAAY;IACnB;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,UAAU,gBAAgB;IAC1B;;;;OAIG;IACH,UAAU,eAAe;CAC1B;AC9ED,oCAAoC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAwB,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,CAAC,OAAO,KAAK,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;AAG7E,8BAA8B,QAAQ,GAAG,QAAQ,CAAC;ACFlD,sDAAsD;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,iDAAiD;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,kCAAkC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,gCAAgC,gBAAgB,0BAA0B,CAAC,CAAC;AAE5E,0CAA0C;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wCAAwC,gBAAgB,kCAAkC,CAAC,CAAC;AAE5F,OAAO,MAAM,yGAQR,uCAAuC,aAC/B,SAAS,KACnB,QAAQ,iBAAiB,CAmB3B,CAAC;AAEF,OAAO,MAAM,wFACkD,kCAAkC,aACpF,SAAS,KACnB,QAAQ,yBAAyB,CAwBnC,CAAC;AChGF,mCAAmC;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,OAAO,MAAM,wDAAwD,CAAC;AAEtE,iCAAiC,gBAAgB,2BAA2B,CAAC,CAAC;AAE9E,OAAO,MAAM,4BACD,MAAM,aACL,SAAS,KACnB,QAAQ,kBAAkB,CAC0C,CAAC;ACpBxE,OAAO,MAAM,6BACS,MAAM,YAChB,MAAM,SACT,MAAM,aACF,SAAS,KACnB,QAAQ,IAAI,CAQX,CAAC;AChBL,OAAO,MAAM,0BAA2B,OAAO,oCACJ,CAAC;ACI5C,QAAA,MAAM;;;;;;;;;;;;;;EAcJ,CAAC;AAEH,6BAA6B,kBAAkB,sBAAsB,CAAC,CAAC;AAavE,uBAAwB,SAAQ,KAAK;IACnC,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,OAAO;CAKjD;AAED,OAAO,MAAM,4BAA6B,OAAO;UAAmB,MAAM;aAAW,MAAM;CAM1F,CAAC;AAEF,8BAA+B,SAAQ,KAAK;IAC1C,IAAI,EAAE,MAAM,CAAC;gBAED,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI1C;AAED;IACqB,KAAK,EAAE,MAAM;IAAS,gBAAgB,CAAC;gBAAvC,KAAK,EAAE,MAAM,EAAS,gBAAgB,CAAC,oBAAQ;CACnE;AC3DD,OAAO,MAAM,0BAA2B,MAAM,oBAI7C,CAAC;AAEF,OAAO,MAAM,iDACE,MAAM,eACN,MAAM,SACZ,MAAM,WAkCd,CAAC;ACtCF,4BAA4B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC,CAAC;AA6CF,OAAO,MAAM,yBACF,MAAM,YACL,MAAM,UACR,MAAM,QACR,eAAe,kBAOtB,CAAC;AAEF,OAAO,MAAM,uBAAwB,MAAM,KAAG,aAY7C,CAAC;AC5FF;;;GAGG;AACH,OAAO,MAAM,qCAAsC,MAAM,EAAE,KAAG,MAK7D,CAAC;AEJF,kCAAkC;IAChC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC,CAAC;AAEF,OAAO,MAAM,yIAUV,mBAAmB,WAsBrB,CAAC;ACjDF,4BAA4B;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,MAAM,+EAIV,oBAAoB,WAQtB,CAAC;AChBF,gBAAgB;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC,CAAC;AAEF,+BAA+B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF,OAAO,MAAM,kCACO,MAAM,eACX,MAAM,aACR,SAAS,KACnB,QAAQ,gBAAgB,CAGvB,CAAC","sources":["packages/js/src/src/consts/index.ts","packages/js/src/src/types/index.ts","packages/js/src/src/core/fetch-token.ts","packages/js/src/src/core/oidc-config.ts","packages/js/src/src/core/revoke.ts","packages/js/src/src/utils/arbitrary-object.ts","packages/js/src/src/utils/errors.ts","packages/js/src/src/utils/callback-uri.ts","packages/js/src/src/utils/id-token.ts","packages/js/src/src/utils/scopes.ts","packages/js/src/src/utils/index.ts","packages/js/src/src/core/sign-in.ts","packages/js/src/src/core/sign-out.ts","packages/js/src/src/core/user-info.ts","packages/js/src/src/core/index.ts","packages/js/src/src/index.ts","packages/js/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,"/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n"],"names":[],"version":3,"file":"index.d.ts.map"}
package/lib/index.js CHANGED
@@ -70,6 +70,8 @@ let $5c367c11270b61f6$export$65f63a8bc3cba53d;
70
70
  QueryKey["Scope"] = "scope";
71
71
  QueryKey["State"] = "state";
72
72
  QueryKey["Token"] = "token";
73
+ QueryKey[// Need to align with the OIDC extraParams settings in core
74
+ "InteractionMode"] = "interaction_mode";
73
75
  })($5c367c11270b61f6$export$65f63a8bc3cba53d || ($5c367c11270b61f6$export$65f63a8bc3cba53d = {}));
74
76
  let $5c367c11270b61f6$export$83716a4aa1642908;
75
77
  (function(Prompt) {
@@ -299,10 +301,6 @@ const $c2fd0c04c48199e2$var$issuedAtTimeTolerance = 60;
299
301
  if (data[key] === undefined) continue;
300
302
  if (typeof data[key] !== "boolean") throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
301
303
  }
302
- if (data.role_names !== undefined && data.role_names !== null && !Array.isArray(data.role_names)) throw new TypeError("At path: IdToken.role_names: expected null or an array of strings");
303
- if (data.role_names) for (const [index, value] of data.role_names.entries()){
304
- if (typeof value !== "string") throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);
305
- }
306
304
  }
307
305
  const $c2fd0c04c48199e2$export$b5b3317c8aecbcd5 = async (idToken, clientId, issuer, jwks)=>{
308
306
  const result = await (0, $eVySA$jose.jwtVerify)(idToken, jwks, {
@@ -346,7 +344,7 @@ $parcel$exportWildcard($10615ba3cc8a78f8$exports, $30090a6cd317e7f3$exports);
346
344
 
347
345
  const $1e17092ca3413c94$var$codeChallengeMethod = "S256";
348
346
  const $1e17092ca3413c94$var$responseType = "code";
349
- const $1e17092ca3413c94$export$b01a187f12b774c6 = ({ authorizationEndpoint: authorizationEndpoint , clientId: clientId , redirectUri: redirectUri , codeChallenge: codeChallenge , state: state , scopes: scopes , resources: resources , prompt: prompt })=>{
347
+ const $1e17092ca3413c94$export$b01a187f12b774c6 = ({ authorizationEndpoint: authorizationEndpoint , clientId: clientId , redirectUri: redirectUri , codeChallenge: codeChallenge , state: state , scopes: scopes , resources: resources , prompt: prompt , interactionMode: interactionMode })=>{
350
348
  const urlSearchParameters = new URLSearchParams({
351
349
  [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId,
352
350
  [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RedirectUri]: redirectUri,
@@ -358,6 +356,8 @@ const $1e17092ca3413c94$export$b01a187f12b774c6 = ({ authorizationEndpoint: auth
358
356
  [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Scope]: (0, $b85bdeea0b1e81a5$export$3cf0748e30b766d7)(scopes)
359
357
  });
360
358
  for (const resource of resources ?? [])urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
359
+ // Set interactionMode to signUp for a create account user experience
360
+ if (interactionMode) urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).InteractionMode, interactionMode);
361
361
  return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;
362
362
  };
363
363
 
@@ -366,9 +366,9 @@ var $1dac903ccb175f85$exports = {};
366
366
 
367
367
  $parcel$export($1dac903ccb175f85$exports, "generateSignOutUri", () => $1dac903ccb175f85$export$b3c9a2bd2330de28);
368
368
 
369
- const $1dac903ccb175f85$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , idToken: idToken , postLogoutRedirectUri: postLogoutRedirectUri })=>{
369
+ const $1dac903ccb175f85$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , clientId: clientId , postLogoutRedirectUri: postLogoutRedirectUri })=>{
370
370
  const urlSearchParameters = new URLSearchParams({
371
- [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).IdTokenHint]: idToken
371
+ [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId
372
372
  });
373
373
  if (postLogoutRedirectUri) urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).PostLogoutRedirectUri, postLogoutRedirectUri);
374
374
  return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
package/lib/index.js.map CHANGED
@@ -1 +1 @@
1
- {"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;GAnBE,8CAAA;IAsBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADFL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,8CAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,0CAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAGO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADjDA;;;;;;AIAA;;;;AAMA,MAAM,8CAAwB;AAmB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;IAEA,IACE,KAAK,UAAU,KAAK,aACpB,KAAK,UAAU,KAAK,IAAI,IACxB,CAAC,MAAM,OAAO,CAAC,KAAK,UAAU,GAE9B,MAAM,IAAI,UAAU,qEAAqE;IAG3F,IAAI,KAAK,UAAU,EACjB,KAAK,MAAM,CAAC,OAAO,MAAM,IAAI,KAAK,UAAU,CAAC,OAAO,GAAI;QACtD,IAAI,OAAO,UAAU,UACnB,MAAM,IAAI,UAAU,CAAC,4BAA4B,EAAE,MAAM,oBAAoB,CAAC,EAAE;IAEpF;AAEJ;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,qBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,yCAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC7GA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANRA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAad,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,EACc,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AO3CA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,WAClB,QAAO,yBACP,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;IAAQ;IAElF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACCO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad5BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n OpenId = 'openid',\n OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n /**\n * Scope for basic user info.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Profile = 'profile',\n /**\n * Scope for user email address.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Email = 'email',\n /**\n * Scope for user phone number.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Phone = 'phone',\n /**\n * Scope for user's custom data.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n CustomData = 'custom_data',\n /**\n * Scope for user's social identity details.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Identities = 'identities',\n}\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\n// eslint-disable-next-line complexity\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import { Nullable, urlSafeBase64 } from '@silverhand/essentials';\nimport { jwtVerify, JWTVerifyGetKey } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n role_names?: Nullable<string[]>;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n\n if (\n data.role_names !== undefined &&\n data.role_names !== null &&\n !Array.isArray(data.role_names)\n ) {\n throw new TypeError('At path: IdToken.role_names: expected null or an array of strings');\n }\n\n if (data.role_names) {\n for (const [index, value] of data.role_names.entries()) {\n if (typeof value !== 'string') {\n throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);\n }\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n idToken: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n idToken,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.IdTokenHint]: idToken });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: string;\n username?: string;\n picture?: string;\n role_names?: string[];\n email?: string;\n email_verified?: boolean;\n phone_number?: string;\n phone_number_verified?: boolean;\n custom_data?: unknown;\n identities?: Record<string, Identity>;\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"index.js.map"}
1
+ {"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;IAnBE,SAoBV,2DAA2D;IAC3D,qBAAkB;GArBR,8CAAA;IAwBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADJL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,8CAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,0CAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAEO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADhDA;;;;;;AIAA;;;;AAQA,MAAM,8CAAwB;AAkB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;AACF;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,qBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,yCAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC9FA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANPA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAcd,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,mBACN,gBAAe,EACK,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,qEAAqE;IACrE,IAAI,iBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,eAAe,EAAE;IAGvD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AOnDA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,YAClB,SAAQ,yBACR,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;IAAS;IAEhF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACEO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad7BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport type { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n // Need to align with the OIDC extraParams settings in core\n InteractionMode = 'interaction_mode',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n OpenId = 'openid',\n OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n /**\n * Scope for basic user info.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Profile = 'profile',\n /**\n * Scope for user email address.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Email = 'email',\n /**\n * Scope for user phone number.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Phone = 'phone',\n /**\n * Scope for user's custom data.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n CustomData = 'custom_data',\n /**\n * Scope for user's social identity details.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Identities = 'identities',\n}\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport type { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport type { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport type { InteractionMode } from '../types';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n interactionMode?: InteractionMode;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n interactionMode,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n // Set interactionMode to signUp for a create account user experience\n if (interactionMode) {\n urlSearchParameters.append(QueryKey.InteractionMode, interactionMode);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import type { Nullable } from '@silverhand/essentials';\nimport { urlSafeBase64 } from '@silverhand/essentials';\nimport type { JWTVerifyGetKey } from 'jose';\nimport { jwtVerify } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n clientId: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n clientId,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.ClientId]: clientId });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import type { Nullable } from '@silverhand/essentials';\n\nimport type { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n custom_data?: unknown; // Not null in DB.\n identities?: Record<string, Identity>; // Not null in DB.\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n\n// Need to align with the OIDC extraParams settings in core\nexport type InteractionMode = 'signIn' | 'signUp';\n"],"names":[],"version":3,"file":"index.js.map"}
package/lib/module.d.mts CHANGED
@@ -28,7 +28,8 @@ export enum QueryKey {
28
28
  ResponseType = "response_type",
29
29
  Scope = "scope",
30
30
  State = "state",
31
- Token = "token"
31
+ Token = "token",
32
+ InteractionMode = "interaction_mode"
32
33
  }
33
34
  export enum Prompt {
34
35
  Consent = "consent",
@@ -78,6 +79,7 @@ export type LogtoRequestErrorBody = {
78
79
  message: string;
79
80
  };
80
81
  export type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;
82
+ export type InteractionMode = 'signIn' | 'signUp';
81
83
  export type FetchTokenByAuthorizationCodeParameters = {
82
84
  clientId: string;
83
85
  tokenEndpoint: string;
@@ -175,7 +177,6 @@ export type IdTokenClaims = {
175
177
  email_verified?: boolean;
176
178
  phone_number?: Nullable<string>;
177
179
  phone_number_verified?: boolean;
178
- role_names?: Nullable<string[]>;
179
180
  };
180
181
  export const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>;
181
182
  export const decodeIdToken: (token: string) => IdTokenClaims;
@@ -193,27 +194,27 @@ export type SignInUriParameters = {
193
194
  scopes?: string[];
194
195
  resources?: string[];
195
196
  prompt?: Prompt;
197
+ interactionMode?: InteractionMode;
196
198
  };
197
- export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, }: SignInUriParameters) => string;
199
+ export const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, interactionMode, }: SignInUriParameters) => string;
198
200
  type SignOutUriParameters = {
199
201
  endSessionEndpoint: string;
200
- idToken: string;
202
+ clientId: string;
201
203
  postLogoutRedirectUri?: string;
202
204
  };
203
- export const generateSignOutUri: ({ endSessionEndpoint, idToken, postLogoutRedirectUri, }: SignOutUriParameters) => string;
205
+ export const generateSignOutUri: ({ endSessionEndpoint, clientId, postLogoutRedirectUri, }: SignOutUriParameters) => string;
204
206
  type Identity = {
205
207
  userId: string;
206
208
  details?: Record<string, unknown>;
207
209
  };
208
210
  export type UserInfoResponse = {
209
211
  sub: string;
210
- name?: string;
211
- username?: string;
212
- picture?: string;
213
- role_names?: string[];
214
- email?: string;
212
+ name?: Nullable<string>;
213
+ username?: Nullable<string>;
214
+ picture?: Nullable<string>;
215
+ email?: Nullable<string>;
215
216
  email_verified?: boolean;
216
- phone_number?: string;
217
+ phone_number?: Nullable<string>;
217
218
  phone_number_verified?: boolean;
218
219
  custom_data?: unknown;
219
220
  identities?: Record<string, Identity>;
package/lib/module.mjs CHANGED
@@ -67,6 +67,8 @@ let $5422b71ae76f21f1$export$65f63a8bc3cba53d;
67
67
  QueryKey["Scope"] = "scope";
68
68
  QueryKey["State"] = "state";
69
69
  QueryKey["Token"] = "token";
70
+ QueryKey[// Need to align with the OIDC extraParams settings in core
71
+ "InteractionMode"] = "interaction_mode";
70
72
  })($5422b71ae76f21f1$export$65f63a8bc3cba53d || ($5422b71ae76f21f1$export$65f63a8bc3cba53d = {}));
71
73
  let $5422b71ae76f21f1$export$83716a4aa1642908;
72
74
  (function(Prompt) {
@@ -296,10 +298,6 @@ const $dfd50234d3585f12$var$issuedAtTimeTolerance = 60;
296
298
  if (data[key] === undefined) continue;
297
299
  if (typeof data[key] !== "boolean") throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
298
300
  }
299
- if (data.role_names !== undefined && data.role_names !== null && !Array.isArray(data.role_names)) throw new TypeError("At path: IdToken.role_names: expected null or an array of strings");
300
- if (data.role_names) for (const [index, value] of data.role_names.entries()){
301
- if (typeof value !== "string") throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);
302
- }
303
301
  }
304
302
  const $dfd50234d3585f12$export$b5b3317c8aecbcd5 = async (idToken, clientId, issuer, jwks)=>{
305
303
  const result = await (0, $lyZgO$jwtVerify)(idToken, jwks, {
@@ -343,7 +341,7 @@ $parcel$exportWildcard($40555044b252dc61$exports, $428623a300dc9baf$exports);
343
341
 
344
342
  const $bfba480b8ff41607$var$codeChallengeMethod = "S256";
345
343
  const $bfba480b8ff41607$var$responseType = "code";
346
- const $bfba480b8ff41607$export$b01a187f12b774c6 = ({ authorizationEndpoint: authorizationEndpoint , clientId: clientId , redirectUri: redirectUri , codeChallenge: codeChallenge , state: state , scopes: scopes , resources: resources , prompt: prompt })=>{
344
+ const $bfba480b8ff41607$export$b01a187f12b774c6 = ({ authorizationEndpoint: authorizationEndpoint , clientId: clientId , redirectUri: redirectUri , codeChallenge: codeChallenge , state: state , scopes: scopes , resources: resources , prompt: prompt , interactionMode: interactionMode })=>{
347
345
  const urlSearchParameters = new URLSearchParams({
348
346
  [(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).ClientId]: clientId,
349
347
  [(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).RedirectUri]: redirectUri,
@@ -355,6 +353,8 @@ const $bfba480b8ff41607$export$b01a187f12b774c6 = ({ authorizationEndpoint: auth
355
353
  [(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).Scope]: (0, $570e2e6b31a027ff$export$3cf0748e30b766d7)(scopes)
356
354
  });
357
355
  for (const resource of resources ?? [])urlSearchParameters.append((0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).Resource, resource);
356
+ // Set interactionMode to signUp for a create account user experience
357
+ if (interactionMode) urlSearchParameters.append((0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).InteractionMode, interactionMode);
358
358
  return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;
359
359
  };
360
360
 
@@ -363,9 +363,9 @@ var $fcccd93c698efc4f$exports = {};
363
363
 
364
364
  $parcel$export($fcccd93c698efc4f$exports, "generateSignOutUri", () => $fcccd93c698efc4f$export$b3c9a2bd2330de28);
365
365
 
366
- const $fcccd93c698efc4f$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , idToken: idToken , postLogoutRedirectUri: postLogoutRedirectUri })=>{
366
+ const $fcccd93c698efc4f$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , clientId: clientId , postLogoutRedirectUri: postLogoutRedirectUri })=>{
367
367
  const urlSearchParameters = new URLSearchParams({
368
- [(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).IdTokenHint]: idToken
368
+ [(0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).ClientId]: clientId
369
369
  });
370
370
  if (postLogoutRedirectUri) urlSearchParameters.append((0, $5422b71ae76f21f1$export$65f63a8bc3cba53d).PostLogoutRedirectUri, postLogoutRedirectUri);
371
371
  return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
package/lib/module.mjs.map CHANGED
@@ -1 +1 @@
1
- {"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;GAnBE,8CAAA;IAsBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADFL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,oBAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,oBAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,oBAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,gBAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAGO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,kBAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,kBAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADjDA;;;;;;AIAA;;;;AAMA,MAAM,8CAAwB;AAmB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;IAEA,IACE,KAAK,UAAU,KAAK,aACpB,KAAK,UAAU,KAAK,IAAI,IACxB,CAAC,MAAM,OAAO,CAAC,KAAK,UAAU,GAE9B,MAAM,IAAI,UAAU,qEAAqE;IAG3F,IAAI,KAAK,UAAU,EACjB,KAAK,MAAM,CAAC,OAAO,MAAM,IAAI,KAAK,UAAU,CAAC,OAAO,GAAI;QACtD,IAAI,OAAO,UAAU,UACnB,MAAM,IAAI,UAAU,CAAC,4BAA4B,EAAE,MAAM,oBAAoB,CAAC,EAAE;IAEpF;AAEJ;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,gBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,oBAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC7GA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANRA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAad,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,EACc,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AO3CA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,WAClB,QAAO,yBACP,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;IAAQ;IAElF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACCO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad5BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n OpenId = 'openid',\n OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n /**\n * Scope for basic user info.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Profile = 'profile',\n /**\n * Scope for user email address.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Email = 'email',\n /**\n * Scope for user phone number.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Phone = 'phone',\n /**\n * Scope for user's custom data.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n CustomData = 'custom_data',\n /**\n * Scope for user's social identity details.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Identities = 'identities',\n}\n","import { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\n// eslint-disable-next-line complexity\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import { Nullable, urlSafeBase64 } from '@silverhand/essentials';\nimport { jwtVerify, JWTVerifyGetKey } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n role_names?: Nullable<string[]>;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n\n if (\n data.role_names !== undefined &&\n data.role_names !== null &&\n !Array.isArray(data.role_names)\n ) {\n throw new TypeError('At path: IdToken.role_names: expected null or an array of strings');\n }\n\n if (data.role_names) {\n for (const [index, value] of data.role_names.entries()) {\n if (typeof value !== 'string') {\n throw new TypeError(`At path: IdToken.role_names[${index}]: expected a string`);\n }\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n idToken: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n idToken,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.IdTokenHint]: idToken });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: string;\n username?: string;\n picture?: string;\n role_names?: string[];\n email?: string;\n email_verified?: boolean;\n phone_number?: string;\n phone_number_verified?: boolean;\n custom_data?: unknown;\n identities?: Record<string, Identity>;\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"module.mjs.map"}
1
+ {"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;IAnBE,SAoBV,2DAA2D;IAC3D,qBAAkB;GArBR,8CAAA;IAwBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADJL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,oBAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,oBAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,oBAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,gBAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAEO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,kBAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,kBAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADhDA;;;;;;AIAA;;;;AAQA,MAAM,8CAAwB;AAkB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;AACF;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,gBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,oBAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC9FA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANPA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAcd,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,mBACN,gBAAe,EACK,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,qEAAqE;IACrE,IAAI,iBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,eAAe,EAAE;IAGvD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AOnDA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,YAClB,SAAQ,yBACR,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;IAAS;IAEhF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACEO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad7BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport type { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n clientId: string;\n tokenEndpoint: string;\n redirectUri: string;\n codeVerifier: string;\n code: string;\n resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n clientId: string;\n tokenEndpoint: string;\n refreshToken: string;\n resource?: string;\n scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n access_token: string;\n refresh_token?: string;\n id_token: string;\n scope: string;\n expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n access_token: string;\n refresh_token: string;\n id_token?: string;\n scope: string;\n expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n {\n clientId,\n tokenEndpoint,\n redirectUri,\n codeVerifier,\n code,\n resource,\n }: FetchTokenByAuthorizationCodeParameters,\n requester: Requester\n): Promise<CodeTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.Code, code);\n parameters.append(QueryKey.CodeVerifier, codeVerifier);\n parameters.append(QueryKey.RedirectUri, redirectUri);\n parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n });\n\n return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n const parameters = new URLSearchParams();\n parameters.append(QueryKey.ClientId, clientId);\n parameters.append(QueryKey.RefreshToken, refreshToken);\n parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n if (resource) {\n parameters.append(QueryKey.Resource, resource);\n }\n\n if (scopes?.length) {\n parameters.append(QueryKey.Scope, scopes.join(' '));\n }\n\n const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n tokenEndpoint,\n {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: parameters,\n }\n );\n\n return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n AuthorizationCode = 'authorization_code',\n RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n ClientId = 'client_id',\n Code = 'code',\n CodeChallenge = 'code_challenge',\n CodeChallengeMethod = 'code_challenge_method',\n CodeVerifier = 'code_verifier',\n Error = 'error',\n ErrorDescription = 'error_description',\n GrantType = 'grant_type',\n IdToken = 'id_token',\n IdTokenHint = 'id_token_hint',\n PostLogoutRedirectUri = 'post_logout_redirect_uri',\n Prompt = 'prompt',\n RedirectUri = 'redirect_uri',\n RefreshToken = 'refresh_token',\n Resource = 'resource',\n ResponseType = 'response_type',\n Scope = 'scope',\n State = 'state',\n Token = 'token',\n // Need to align with the OIDC extraParams settings in core\n InteractionMode = 'interaction_mode',\n}\n\nexport enum Prompt {\n Consent = 'consent',\n Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n OpenId = 'openid',\n OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n /**\n * Scope for basic user info.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Profile = 'profile',\n /**\n * Scope for user email address.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Email = 'email',\n /**\n * Scope for user phone number.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Phone = 'phone',\n /**\n * Scope for user's custom data.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n CustomData = 'custom_data',\n /**\n * Scope for user's social identity details.\n *\n * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n */\n Identities = 'identities',\n}\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport type { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n end_session_endpoint: string;\n revocation_endpoint: string;\n jwks_uri: string;\n issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n endpoint: string,\n requester: Requester\n): Promise<OidcConfigResponse> =>\n camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport type { Requester } from '../types';\n\nexport const revoke = async (\n revocationEndpoint: string,\n clientId: string,\n token: string,\n requester: Requester\n): Promise<void> =>\n requester<void>(revocationEndpoint, {\n method: 'POST',\n headers: ContentType.formUrlEncoded,\n body: new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.Token]: token,\n }),\n });\n","import { Prompt, QueryKey } from '../consts';\nimport type { InteractionMode } from '../types';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n authorizationEndpoint: string;\n clientId: string;\n redirectUri: string;\n codeChallenge: string;\n state: string;\n scopes?: string[];\n resources?: string[];\n prompt?: Prompt;\n interactionMode?: InteractionMode;\n};\n\nexport const generateSignInUri = ({\n authorizationEndpoint,\n clientId,\n redirectUri,\n codeChallenge,\n state,\n scopes,\n resources,\n prompt,\n interactionMode,\n}: SignInUriParameters) => {\n const urlSearchParameters = new URLSearchParams({\n [QueryKey.ClientId]: clientId,\n [QueryKey.RedirectUri]: redirectUri,\n [QueryKey.CodeChallenge]: codeChallenge,\n [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n [QueryKey.State]: state,\n [QueryKey.ResponseType]: responseType,\n [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n [QueryKey.Scope]: withDefaultScopes(scopes),\n });\n\n for (const resource of resources ?? []) {\n urlSearchParameters.append(QueryKey.Resource, resource);\n }\n\n // Set interactionMode to signUp for a create account user experience\n if (interactionMode) {\n urlSearchParameters.append(QueryKey.InteractionMode, interactionMode);\n }\n\n return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n const [, queryString = ''] = uri.split('?');\n\n return new URLSearchParams(queryString);\n};\n\nexport const verifyAndParseCodeFromCallbackUri = (\n callbackUri: string,\n redirectUri: string,\n state: string\n) => {\n if (!callbackUri.startsWith(redirectUri)) {\n throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n }\n const uriParameters = parseUriParameters(callbackUri);\n\n const error = conditional(uriParameters.get(QueryKey.Error));\n const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n if (error) {\n throw new LogtoError(\n 'callback_uri_verification.error_found',\n new OidcError(error, errorDescription)\n );\n }\n\n const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n if (!stateFromCallbackUri) {\n throw new LogtoError('callback_uri_verification.missing_state');\n }\n\n if (stateFromCallbackUri !== state) {\n throw new LogtoError('callback_uri_verification.state_mismatched');\n }\n\n const code = uriParameters.get(QueryKey.Code);\n\n if (!code) {\n throw new LogtoError('callback_uri_verification.missing_code');\n }\n\n return code;\n};\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n id_token: {\n invalid_iat: 'Invalid issued at time in the ID token',\n invalid_token: 'Invalid ID token',\n },\n callback_uri_verification: {\n redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n error_found: 'Error found in the callback URI',\n missing_state: 'Missing state in the callback URI',\n state_mismatched: 'State mismatched in the callback URI',\n missing_code: 'Missing code in the callback URI',\n },\n crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n const message = get(logtoErrorCodes, errorCode);\n\n if (typeof message === 'string') {\n return message;\n }\n\n return errorCode;\n};\n\nexport class LogtoError extends Error {\n code: LogtoErrorCode;\n data: unknown;\n\n constructor(code: LogtoErrorCode, data?: unknown) {\n super(getMessageByErrorCode(code));\n this.code = code;\n this.data = data;\n }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n if (!isArbitraryObject(data)) {\n return false;\n }\n\n return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n code: string;\n\n constructor(code: string, message: string) {\n super(message);\n this.code = code;\n }\n}\n\nexport class OidcError {\n constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n typeof data === 'object' && data !== null;\n","import type { Nullable } from '@silverhand/essentials';\nimport { urlSafeBase64 } from '@silverhand/essentials';\nimport type { JWTVerifyGetKey } from 'jose';\nimport { jwtVerify } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n at_hash?: Nullable<string>;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n if (!isArbitraryObject(data)) {\n throw new TypeError('IdToken is expected to be an object');\n }\n\n for (const key of ['iss', 'sub', 'aud']) {\n if (typeof data[key] !== 'string') {\n throw new TypeError(`At path: IdToken.${key}: expected a string`);\n }\n }\n\n for (const key of ['exp', 'iat']) {\n if (typeof data[key] !== 'number') {\n throw new TypeError(`At path: IdToken.${key}: expected a number`);\n }\n }\n\n for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'string' && data[key] !== null) {\n throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n }\n }\n\n for (const key of ['email_verified', 'phone_number_verified']) {\n if (data[key] === undefined) {\n continue;\n }\n\n if (typeof data[key] !== 'boolean') {\n throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n }\n }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n idToken: string,\n clientId: string,\n issuer: string,\n jwks: JWTVerifyGetKey\n) => {\n const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n throw new LogtoError('id_token.invalid_iat');\n }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n const { 1: encodedPayload } = token.split('.');\n\n if (!encodedPayload) {\n throw new LogtoError('id_token.invalid_token');\n }\n\n const json = urlSafeBase64.decode(encodedPayload);\n const idTokenClaims: unknown = JSON.parse(json);\n assertIdTokenClaims(idTokenClaims);\n\n return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n const reservedScopes = Object.values(ReservedScope);\n const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n endSessionEndpoint: string;\n clientId: string;\n postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n endSessionEndpoint,\n clientId,\n postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n const urlSearchParameters = new URLSearchParams({ [QueryKey.ClientId]: clientId });\n\n if (postLogoutRedirectUri) {\n urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n }\n\n return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import type { Nullable } from '@silverhand/essentials';\n\nimport type { Requester } from '../types';\n\ntype Identity = {\n userId: string;\n details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n sub: string;\n name?: Nullable<string>;\n username?: Nullable<string>;\n picture?: Nullable<string>;\n email?: Nullable<string>;\n email_verified?: boolean;\n phone_number?: Nullable<string>;\n phone_number_verified?: boolean;\n custom_data?: unknown; // Not null in DB.\n identities?: Record<string, Identity>; // Not null in DB.\n};\n\nexport const fetchUserInfo = async (\n userInfoEndpoint: string,\n accessToken: string,\n requester: Requester\n): Promise<UserInfoResponse> =>\n requester<UserInfoResponse>(userInfoEndpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n","export type LogtoRequestErrorBody = {\n code: string;\n message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n\n// Need to align with the OIDC extraParams settings in core\nexport type InteractionMode = 'signIn' | 'signUp';\n"],"names":[],"version":3,"file":"module.mjs.map"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/js",
3
- "version": "1.0.0-rc.0",
3
+ "version": "1.1.0",
4
4
  "source": "./src/index.ts",
5
5
  "main": "./lib/index.js",
6
6
  "exports": {
@@ -39,11 +39,11 @@
39
39
  "@parcel/core": "^2.8.3",
40
40
  "@parcel/packager-ts": "^2.8.3",
41
41
  "@parcel/transformer-typescript-types": "^2.8.3",
42
- "@silverhand/eslint-config": "^1.0.0",
42
+ "@silverhand/eslint-config": "^2.0.0",
43
43
  "@silverhand/ts-config": "^1.0.0",
44
44
  "@types/jest": "^27.4.1",
45
45
  "@types/lodash.get": "^4.4.6",
46
- "@types/node": "^17.0.19",
46
+ "@types/node": "^18.0.0",
47
47
  "eslint": "^8.23.0",
48
48
  "jest": "^27.5.1",
49
49
  "jest-matcher-specific-error": "^1.0.0",
@@ -54,7 +54,7 @@
54
54
  "text-encoder": "^0.0.4",
55
55
  "ts-jest": "^27.0.4",
56
56
  "type-fest": "^3.0.0",
57
- "typescript": "4.7.4"
57
+ "typescript": "4.9.5"
58
58
  },
59
59
  "eslintConfig": {
60
60
  "extends": "@silverhand"
@@ -63,5 +63,5 @@
63
63
  "publishConfig": {
64
64
  "access": "public"
65
65
  },
66
- "gitHead": "98960287d1016efa9e68b6c4d4407885d6ec9dc6"
66
+ "gitHead": "f24174a6f840b8db968ad3886878d1b6e92b1b9d"
67
67
  }