@logto/js 1.0.0 → 1.1.2

package/lib/index.js

@@ -1,403 +1,56 @@
-var $eVySA$camelcasekeys = require("camelcase-keys");
-var $eVySA$silverhandessentials = require("@silverhand/essentials");
-var $eVySA$lodashget = require("lodash.get");
-var $eVySA$jose = require("jose");
-
-function $parcel$exportWildcard(dest, source) {
-  Object.keys(source).forEach(function(key) {
-    if (key === 'default' || key === '__esModule' || dest.hasOwnProperty(key)) {
-      return;
-    }
-
-    Object.defineProperty(dest, key, {
-      enumerable: true,
-      get: function get() {
-        return source[key];
-      }
-    });
-  });
-
-  return dest;
-}
-function $parcel$interopDefault(a) {
-  return a && a.__esModule ? a.default : a;
-}
-function $parcel$export(e, n, v, s) {
-  Object.defineProperty(e, n, {get: v, set: s, enumerable: true, configurable: true});
-}
-/* istanbul ignore file */ var $a722dce254028e46$exports = {};
-var $e6b305c1e572373d$exports = {};
-
-$parcel$export($e6b305c1e572373d$exports, "fetchTokenByAuthorizationCode", () => $e6b305c1e572373d$export$684f740cd70532d4);
-$parcel$export($e6b305c1e572373d$exports, "fetchTokenByRefreshToken", () => $e6b305c1e572373d$export$9909137b467efb8b);
-
-var $5c367c11270b61f6$exports = {};
-
-$parcel$export($5c367c11270b61f6$exports, "ContentType", () => $5c367c11270b61f6$export$e2e108cbe2e4f865);
-$parcel$export($5c367c11270b61f6$exports, "TokenGrantType", () => $5c367c11270b61f6$export$3f2aafdd1ccae76c);
-$parcel$export($5c367c11270b61f6$exports, "QueryKey", () => $5c367c11270b61f6$export$65f63a8bc3cba53d);
-$parcel$export($5c367c11270b61f6$exports, "Prompt", () => $5c367c11270b61f6$export$83716a4aa1642908);
-$parcel$export($5c367c11270b61f6$exports, "ReservedScope", () => $5c367c11270b61f6$export$1d2e82cebfd4b08);
-$parcel$export($5c367c11270b61f6$exports, "UserScope", () => $5c367c11270b61f6$export$4b02c5b431f6eb78);
-const $5c367c11270b61f6$export$e2e108cbe2e4f865 = {
-    formUrlEncoded: {
-        "Content-Type": "application/x-www-form-urlencoded"
-    }
-};
-let $5c367c11270b61f6$export$3f2aafdd1ccae76c;
-(function(TokenGrantType) {
-    TokenGrantType["AuthorizationCode"] = "authorization_code";
-    TokenGrantType["RefreshToken"] = "refresh_token";
-})($5c367c11270b61f6$export$3f2aafdd1ccae76c || ($5c367c11270b61f6$export$3f2aafdd1ccae76c = {}));
-let $5c367c11270b61f6$export$65f63a8bc3cba53d;
-(function(QueryKey) {
-    QueryKey["ClientId"] = "client_id";
-    QueryKey["Code"] = "code";
-    QueryKey["CodeChallenge"] = "code_challenge";
-    QueryKey["CodeChallengeMethod"] = "code_challenge_method";
-    QueryKey["CodeVerifier"] = "code_verifier";
-    QueryKey["Error"] = "error";
-    QueryKey["ErrorDescription"] = "error_description";
-    QueryKey["GrantType"] = "grant_type";
-    QueryKey["IdToken"] = "id_token";
-    QueryKey["IdTokenHint"] = "id_token_hint";
-    QueryKey["PostLogoutRedirectUri"] = "post_logout_redirect_uri";
-    QueryKey["Prompt"] = "prompt";
-    QueryKey["RedirectUri"] = "redirect_uri";
-    QueryKey["RefreshToken"] = "refresh_token";
-    QueryKey["Resource"] = "resource";
-    QueryKey["ResponseType"] = "response_type";
-    QueryKey["Scope"] = "scope";
-    QueryKey["State"] = "state";
-    QueryKey["Token"] = "token";
-})($5c367c11270b61f6$export$65f63a8bc3cba53d || ($5c367c11270b61f6$export$65f63a8bc3cba53d = {}));
-let $5c367c11270b61f6$export$83716a4aa1642908;
-(function(Prompt) {
-    Prompt["Consent"] = "consent";
-    Prompt["Login"] = "login";
-})($5c367c11270b61f6$export$83716a4aa1642908 || ($5c367c11270b61f6$export$83716a4aa1642908 = {}));
-let $5c367c11270b61f6$export$1d2e82cebfd4b08;
-(function(ReservedScope) {
-    ReservedScope["OpenId"] = "openid";
-    ReservedScope["OfflineAccess"] = "offline_access";
-})($5c367c11270b61f6$export$1d2e82cebfd4b08 || ($5c367c11270b61f6$export$1d2e82cebfd4b08 = {}));
-let $5c367c11270b61f6$export$4b02c5b431f6eb78;
-(function(UserScope) {
-    UserScope[/**
-   * Scope for basic user info.
-   *
-   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-   */ "Profile"] = "profile";
-    UserScope[/**
-   * Scope for user email address.
-   *
-   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-   */ "Email"] = "email";
-    UserScope[/**
-   * Scope for user phone number.
-   *
-   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-   */ "Phone"] = "phone";
-    UserScope[/**
-   * Scope for user's custom data.
-   *
-   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-   */ "CustomData"] = "custom_data";
-    UserScope[/**
-   * Scope for user's social identity details.
-   *
-   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-   */ "Identities"] = "identities";
-})($5c367c11270b61f6$export$4b02c5b431f6eb78 || ($5c367c11270b61f6$export$4b02c5b431f6eb78 = {}));
-
-
-const $e6b305c1e572373d$export$684f740cd70532d4 = async ({ clientId: clientId , tokenEndpoint: tokenEndpoint , redirectUri: redirectUri , codeVerifier: codeVerifier , code: code , resource: resource  }, requester)=>{
-    const parameters = new URLSearchParams();
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId, clientId);
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Code, code);
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).CodeVerifier, codeVerifier);
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RedirectUri, redirectUri);
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).GrantType, (0, $5c367c11270b61f6$export$3f2aafdd1ccae76c).AuthorizationCode);
-    if (resource) parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
-    const snakeCaseCodeTokenResponse = await requester(tokenEndpoint, {
-        method: "POST",
-        headers: (0, $5c367c11270b61f6$export$e2e108cbe2e4f865).formUrlEncoded,
-        body: parameters
-    });
-    return (0, ($parcel$interopDefault($eVySA$camelcasekeys)))(snakeCaseCodeTokenResponse);
-};
-const $e6b305c1e572373d$export$9909137b467efb8b = async ({ clientId: clientId , tokenEndpoint: tokenEndpoint , refreshToken: refreshToken , resource: resource , scopes: scopes  }, requester)=>{
-    const parameters = new URLSearchParams();
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId, clientId);
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RefreshToken, refreshToken);
-    parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).GrantType, (0, $5c367c11270b61f6$export$3f2aafdd1ccae76c).RefreshToken);
-    if (resource) parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
-    if (scopes?.length) parameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Scope, scopes.join(" "));
-    const snakeCaseRefreshTokenTokenResponse = await requester(tokenEndpoint, {
-        method: "POST",
-        headers: (0, $5c367c11270b61f6$export$e2e108cbe2e4f865).formUrlEncoded,
-        body: parameters
-    });
-    return (0, ($parcel$interopDefault($eVySA$camelcasekeys)))(snakeCaseRefreshTokenTokenResponse);
-};
-
-
-var $945b1d0ce7f8f44a$exports = {};
-
-$parcel$export($945b1d0ce7f8f44a$exports, "discoveryPath", () => $945b1d0ce7f8f44a$export$815bda5ead26b243);
-$parcel$export($945b1d0ce7f8f44a$exports, "fetchOidcConfig", () => $945b1d0ce7f8f44a$export$98242d8e822ad11f);
-
-const $945b1d0ce7f8f44a$export$815bda5ead26b243 = "/oidc/.well-known/openid-configuration";
-const $945b1d0ce7f8f44a$export$98242d8e822ad11f = async (endpoint, requester)=>(0, ($parcel$interopDefault($eVySA$camelcasekeys)))(await requester(endpoint));
-
-
-var $de840481123b2c25$exports = {};
-
-$parcel$export($de840481123b2c25$exports, "revoke", () => $de840481123b2c25$export$573f8dbbf6fbef75);
-
-const $de840481123b2c25$export$573f8dbbf6fbef75 = async (revocationEndpoint, clientId, token, requester)=>requester(revocationEndpoint, {
-        method: "POST",
-        headers: (0, $5c367c11270b61f6$export$e2e108cbe2e4f865).formUrlEncoded,
-        body: new URLSearchParams({
-            [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId,
-            [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Token]: token
-        })
-    });
-
-
-var $1e17092ca3413c94$exports = {};
-
-$parcel$export($1e17092ca3413c94$exports, "generateSignInUri", () => $1e17092ca3413c94$export$b01a187f12b774c6);
-
-var $10615ba3cc8a78f8$exports = {};
-var $d3a7a037fd1d9433$exports = {};
-
-$parcel$export($d3a7a037fd1d9433$exports, "parseUriParameters", () => $d3a7a037fd1d9433$export$4851e69315d5b72c);
-$parcel$export($d3a7a037fd1d9433$exports, "verifyAndParseCodeFromCallbackUri", () => $d3a7a037fd1d9433$export$dc3fae3c99763885);
-
-
-var $47fe17290a91cd19$exports = {};
-
-$parcel$export($47fe17290a91cd19$exports, "LogtoError", () => $47fe17290a91cd19$export$ba60d77e6748b659);
-$parcel$export($47fe17290a91cd19$exports, "isLogtoRequestError", () => $47fe17290a91cd19$export$27f79c8238476d38);
-$parcel$export($47fe17290a91cd19$exports, "LogtoRequestError", () => $47fe17290a91cd19$export$e6e15b8ba42b9b70);
-$parcel$export($47fe17290a91cd19$exports, "OidcError", () => $47fe17290a91cd19$export$d4832bcf9ce430e0);
-
-var $30090a6cd317e7f3$exports = {};
-
-$parcel$export($30090a6cd317e7f3$exports, "isArbitraryObject", () => $30090a6cd317e7f3$export$aa016a295c6092c8);
-const $30090a6cd317e7f3$export$aa016a295c6092c8 = (data)=>typeof data === "object" && data !== null;
-
-
-const $47fe17290a91cd19$var$logtoErrorCodes = Object.freeze({
-    id_token: {
-        invalid_iat: "Invalid issued at time in the ID token",
-        invalid_token: "Invalid ID token"
-    },
-    callback_uri_verification: {
-        redirect_uri_mismatched: "The callback URI mismatches the redirect URI.",
-        error_found: "Error found in the callback URI",
-        missing_state: "Missing state in the callback URI",
-        state_mismatched: "State mismatched in the callback URI",
-        missing_code: "Missing code in the callback URI"
-    },
-    crypto_subtle_unavailable: "Crypto.subtle is unavailable in insecure contexts (non-HTTPS).",
-    unexpected_response_error: "Unexpected response error from the server."
+'use strict';
+
+var fetchToken = require('./core/fetch-token.js');
+var oidcConfig = require('./core/oidc-config.js');
+var revoke = require('./core/revoke.js');
+var signIn = require('./core/sign-in.js');
+var signOut = require('./core/sign-out.js');
+var userInfo = require('./core/user-info.js');
+var callbackUri = require('./utils/callback-uri.js');
+var errors = require('./utils/errors.js');
+var idToken = require('./utils/id-token.js');
+var scopes = require('./utils/scopes.js');
+var arbitraryObject = require('./utils/arbitrary-object.js');
+var index = require('./consts/index.js');
+
+
+
+exports.fetchTokenByAuthorizationCode = fetchToken.fetchTokenByAuthorizationCode;
+exports.fetchTokenByRefreshToken = fetchToken.fetchTokenByRefreshToken;
+exports.discoveryPath = oidcConfig.discoveryPath;
+exports.fetchOidcConfig = oidcConfig.fetchOidcConfig;
+exports.revoke = revoke.revoke;
+exports.generateSignInUri = signIn.generateSignInUri;
+exports.generateSignOutUri = signOut.generateSignOutUri;
+exports.fetchUserInfo = userInfo.fetchUserInfo;
+exports.parseUriParameters = callbackUri.parseUriParameters;
+exports.verifyAndParseCodeFromCallbackUri = callbackUri.verifyAndParseCodeFromCallbackUri;
+exports.LogtoError = errors.LogtoError;
+exports.LogtoRequestError = errors.LogtoRequestError;
+exports.OidcError = errors.OidcError;
+exports.isLogtoRequestError = errors.isLogtoRequestError;
+exports.decodeIdToken = idToken.decodeIdToken;
+exports.verifyIdToken = idToken.verifyIdToken;
+exports.withDefaultScopes = scopes.withDefaultScopes;
+exports.isArbitraryObject = arbitraryObject.isArbitraryObject;
+exports.ContentType = index.ContentType;
+Object.defineProperty(exports, 'Prompt', {
+	enumerable: true,
+	get: function () { return index.Prompt; }
+});
+Object.defineProperty(exports, 'QueryKey', {
+	enumerable: true,
+	get: function () { return index.QueryKey; }
+});
+Object.defineProperty(exports, 'ReservedScope', {
+	enumerable: true,
+	get: function () { return index.ReservedScope; }
+});
+Object.defineProperty(exports, 'TokenGrantType', {
+	enumerable: true,
+	get: function () { return index.TokenGrantType; }
+});
+Object.defineProperty(exports, 'UserScope', {
+	enumerable: true,
+	get: function () { return index.UserScope; }
 });
-const $47fe17290a91cd19$var$getMessageByErrorCode = (errorCode)=>{
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-    const message = (0, ($parcel$interopDefault($eVySA$lodashget)))($47fe17290a91cd19$var$logtoErrorCodes, errorCode);
-    if (typeof message === "string") return message;
-    return errorCode;
-};
-class $47fe17290a91cd19$export$ba60d77e6748b659 extends Error {
-    constructor(code, data){
-        super($47fe17290a91cd19$var$getMessageByErrorCode(code));
-        this.code = code;
-        this.data = data;
-    }
-}
-const $47fe17290a91cd19$export$27f79c8238476d38 = (data)=>{
-    if (!(0, $30090a6cd317e7f3$export$aa016a295c6092c8)(data)) return false;
-    return typeof data.code === "string" && typeof data.message === "string";
-};
-class $47fe17290a91cd19$export$e6e15b8ba42b9b70 extends Error {
-    constructor(code, message){
-        super(message);
-        this.code = code;
-    }
-}
-class $47fe17290a91cd19$export$d4832bcf9ce430e0 {
-    constructor(error, errorDescription){
-        this.error = error;
-        this.errorDescription = errorDescription;
-    }
-}
-
-
-const $d3a7a037fd1d9433$export$4851e69315d5b72c = (uri)=>{
-    const [, queryString = ""] = uri.split("?");
-    return new URLSearchParams(queryString);
-};
-const $d3a7a037fd1d9433$export$dc3fae3c99763885 = (callbackUri, redirectUri, state)=>{
-    if (!callbackUri.startsWith(redirectUri)) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.redirect_uri_mismatched");
-    const uriParameters = $d3a7a037fd1d9433$export$4851e69315d5b72c(callbackUri);
-    const error = (0, $eVySA$silverhandessentials.conditional)(uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Error));
-    const errorDescription = (0, $eVySA$silverhandessentials.conditional)(uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ErrorDescription));
-    if (error) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.error_found", new (0, $47fe17290a91cd19$export$d4832bcf9ce430e0)(error, errorDescription));
-    const stateFromCallbackUri = uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).State);
-    if (!stateFromCallbackUri) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.missing_state");
-    if (stateFromCallbackUri !== state) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.state_mismatched");
-    const code = uriParameters.get((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Code);
-    if (!code) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("callback_uri_verification.missing_code");
-    return code;
-};
-
-
-
-var $c2fd0c04c48199e2$exports = {};
-
-$parcel$export($c2fd0c04c48199e2$exports, "verifyIdToken", () => $c2fd0c04c48199e2$export$b5b3317c8aecbcd5);
-$parcel$export($c2fd0c04c48199e2$exports, "decodeIdToken", () => $c2fd0c04c48199e2$export$aac2d5b7f5cd16d5);
-
-
-
-
-const $c2fd0c04c48199e2$var$issuedAtTimeTolerance = 60;
-/* eslint-disable complexity */ /**
- * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
- */ function $c2fd0c04c48199e2$var$assertIdTokenClaims(data) {
-    if (!(0, $30090a6cd317e7f3$export$aa016a295c6092c8)(data)) throw new TypeError("IdToken is expected to be an object");
-    for (const key of [
-        "iss",
-        "sub",
-        "aud"
-    ]){
-        if (typeof data[key] !== "string") throw new TypeError(`At path: IdToken.${key}: expected a string`);
-    }
-    for (const key of [
-        "exp",
-        "iat"
-    ]){
-        if (typeof data[key] !== "number") throw new TypeError(`At path: IdToken.${key}: expected a number`);
-    }
-    for (const key of [
-        "at_hash",
-        "name",
-        "username",
-        "picture",
-        "email",
-        "phone_number"
-    ]){
-        if (data[key] === undefined) continue;
-        if (typeof data[key] !== "string" && data[key] !== null) throw new TypeError(`At path: IdToken.${key}: expected null or a string`);
-    }
-    for (const key of [
-        "email_verified",
-        "phone_number_verified"
-    ]){
-        if (data[key] === undefined) continue;
-        if (typeof data[key] !== "boolean") throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
-    }
-}
-const $c2fd0c04c48199e2$export$b5b3317c8aecbcd5 = async (idToken, clientId, issuer, jwks)=>{
-    const result = await (0, $eVySA$jose.jwtVerify)(idToken, jwks, {
-        audience: clientId,
-        issuer: issuer
-    });
-    if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > $c2fd0c04c48199e2$var$issuedAtTimeTolerance) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("id_token.invalid_iat");
-};
-const $c2fd0c04c48199e2$export$aac2d5b7f5cd16d5 = (token)=>{
-    const { 1: encodedPayload  } = token.split(".");
-    if (!encodedPayload) throw new (0, $47fe17290a91cd19$export$ba60d77e6748b659)("id_token.invalid_token");
-    const json = (0, $eVySA$silverhandessentials.urlSafeBase64).decode(encodedPayload);
-    const idTokenClaims = JSON.parse(json);
-    $c2fd0c04c48199e2$var$assertIdTokenClaims(idTokenClaims);
-    return idTokenClaims;
-};
-
-
-var $b85bdeea0b1e81a5$exports = {};
-
-$parcel$export($b85bdeea0b1e81a5$exports, "withDefaultScopes", () => $b85bdeea0b1e81a5$export$3cf0748e30b766d7);
-
-const $b85bdeea0b1e81a5$export$3cf0748e30b766d7 = (originalScopes)=>{
-    const reservedScopes = Object.values((0, $5c367c11270b61f6$export$1d2e82cebfd4b08));
-    const uniqueScopes = new Set([
-        ...reservedScopes,
-        (0, $5c367c11270b61f6$export$4b02c5b431f6eb78).Profile,
-        ...originalScopes ?? []
-    ]);
-    return Array.from(uniqueScopes).join(" ");
-};
-
-
-
-$parcel$exportWildcard($10615ba3cc8a78f8$exports, $d3a7a037fd1d9433$exports);
-$parcel$exportWildcard($10615ba3cc8a78f8$exports, $47fe17290a91cd19$exports);
-$parcel$exportWildcard($10615ba3cc8a78f8$exports, $c2fd0c04c48199e2$exports);
-$parcel$exportWildcard($10615ba3cc8a78f8$exports, $b85bdeea0b1e81a5$exports);
-$parcel$exportWildcard($10615ba3cc8a78f8$exports, $30090a6cd317e7f3$exports);
-
-
-const $1e17092ca3413c94$var$codeChallengeMethod = "S256";
-const $1e17092ca3413c94$var$responseType = "code";
-const $1e17092ca3413c94$export$b01a187f12b774c6 = ({ authorizationEndpoint: authorizationEndpoint , clientId: clientId , redirectUri: redirectUri , codeChallenge: codeChallenge , state: state , scopes: scopes , resources: resources , prompt: prompt  })=>{
-    const urlSearchParameters = new URLSearchParams({
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).RedirectUri]: redirectUri,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).CodeChallenge]: codeChallenge,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).CodeChallengeMethod]: $1e17092ca3413c94$var$codeChallengeMethod,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).State]: state,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ResponseType]: $1e17092ca3413c94$var$responseType,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Prompt]: prompt ?? (0, $5c367c11270b61f6$export$83716a4aa1642908).Consent,
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Scope]: (0, $b85bdeea0b1e81a5$export$3cf0748e30b766d7)(scopes)
-    });
-    for (const resource of resources ?? [])urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).Resource, resource);
-    return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;
-};
-
-
-var $1dac903ccb175f85$exports = {};
-
-$parcel$export($1dac903ccb175f85$exports, "generateSignOutUri", () => $1dac903ccb175f85$export$b3c9a2bd2330de28);
-
-const $1dac903ccb175f85$export$b3c9a2bd2330de28 = ({ endSessionEndpoint: endSessionEndpoint , clientId: clientId , postLogoutRedirectUri: postLogoutRedirectUri  })=>{
-    const urlSearchParameters = new URLSearchParams({
-        [(0, $5c367c11270b61f6$export$65f63a8bc3cba53d).ClientId]: clientId
-    });
-    if (postLogoutRedirectUri) urlSearchParameters.append((0, $5c367c11270b61f6$export$65f63a8bc3cba53d).PostLogoutRedirectUri, postLogoutRedirectUri);
-    return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
-};
-
-
-var $427c00d1e1cb4e3b$exports = {};
-
-$parcel$export($427c00d1e1cb4e3b$exports, "fetchUserInfo", () => $427c00d1e1cb4e3b$export$eee09f98e5b044aa);
-const $427c00d1e1cb4e3b$export$eee09f98e5b044aa = async (userInfoEndpoint, accessToken, requester)=>requester(userInfoEndpoint, {
-        headers: {
-            Authorization: `Bearer ${accessToken}`
-        }
-    });
-
-
-$parcel$exportWildcard($a722dce254028e46$exports, $e6b305c1e572373d$exports);
-$parcel$exportWildcard($a722dce254028e46$exports, $945b1d0ce7f8f44a$exports);
-$parcel$exportWildcard($a722dce254028e46$exports, $de840481123b2c25$exports);
-$parcel$exportWildcard($a722dce254028e46$exports, $1e17092ca3413c94$exports);
-$parcel$exportWildcard($a722dce254028e46$exports, $1dac903ccb175f85$exports);
-$parcel$exportWildcard($a722dce254028e46$exports, $427c00d1e1cb4e3b$exports);
-
-
-
-
-var $1f7598f829ce4be1$exports = {};
-
-
-$parcel$exportWildcard(module.exports, $a722dce254028e46$exports);
-$parcel$exportWildcard(module.exports, $10615ba3cc8a78f8$exports);
-$parcel$exportWildcard(module.exports, $5c367c11270b61f6$exports);
-$parcel$exportWildcard(module.exports, $1f7598f829ce4be1$exports);
-
-
-//# sourceMappingURL=index.js.map

package/lib/index.mjs

@@ -0,0 +1,12 @@
+export { fetchTokenByAuthorizationCode, fetchTokenByRefreshToken } from './core/fetch-token.mjs';
+export { discoveryPath, fetchOidcConfig } from './core/oidc-config.mjs';
+export { revoke } from './core/revoke.mjs';
+export { generateSignInUri } from './core/sign-in.mjs';
+export { generateSignOutUri } from './core/sign-out.mjs';
+export { fetchUserInfo } from './core/user-info.mjs';
+export { parseUriParameters, verifyAndParseCodeFromCallbackUri } from './utils/callback-uri.mjs';
+export { LogtoError, LogtoRequestError, OidcError, isLogtoRequestError } from './utils/errors.mjs';
+export { decodeIdToken, verifyIdToken } from './utils/id-token.mjs';
+export { withDefaultScopes } from './utils/scopes.mjs';
+export { isArbitraryObject } from './utils/arbitrary-object.mjs';
+export { ContentType, Prompt, QueryKey, ReservedScope, TokenGrantType, UserScope } from './consts/index.mjs';

package/lib/types/index.d.ts

@@ -0,0 +1,6 @@
+export type LogtoRequestErrorBody = {
+    code: string;
+    message: string;
+};
+export type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;
+export type InteractionMode = 'signIn' | 'signUp';

package/lib/utils/arbitrary-object.d.ts

@@ -0,0 +1 @@
+export declare const isArbitraryObject: (data: unknown) => data is Record<string, unknown>;

package/lib/utils/arbitrary-object.js

@@ -0,0 +1,5 @@
+'use strict';
+
+const isArbitraryObject = (data) => typeof data === 'object' && data !== null;
+
+exports.isArbitraryObject = isArbitraryObject;

package/lib/utils/arbitrary-object.mjs

@@ -0,0 +1,3 @@
+const isArbitraryObject = (data) => typeof data === 'object' && data !== null;
+
+export { isArbitraryObject };

package/lib/utils/callback-uri.d.ts

@@ -0,0 +1,2 @@
+export declare const parseUriParameters: (uri: string) => URLSearchParams;
+export declare const verifyAndParseCodeFromCallbackUri: (callbackUri: string, redirectUri: string, state: string) => string;

package/lib/utils/callback-uri.js

@@ -0,0 +1,36 @@
+'use strict';
+
+var essentials = require('@silverhand/essentials');
+var index = require('../consts/index.js');
+var errors = require('./errors.js');
+
+const parseUriParameters = (uri) => {
+    const [, queryString = ''] = uri.split('?');
+    return new URLSearchParams(queryString);
+};
+const verifyAndParseCodeFromCallbackUri = (callbackUri, redirectUri, state) => {
+    if (!callbackUri.startsWith(redirectUri)) {
+        throw new errors.LogtoError('callback_uri_verification.redirect_uri_mismatched');
+    }
+    const uriParameters = parseUriParameters(callbackUri);
+    const error = essentials.conditional(uriParameters.get(index.QueryKey.Error));
+    const errorDescription = essentials.conditional(uriParameters.get(index.QueryKey.ErrorDescription));
+    if (error) {
+        throw new errors.LogtoError('callback_uri_verification.error_found', new errors.OidcError(error, errorDescription));
+    }
+    const stateFromCallbackUri = uriParameters.get(index.QueryKey.State);
+    if (!stateFromCallbackUri) {
+        throw new errors.LogtoError('callback_uri_verification.missing_state');
+    }
+    if (stateFromCallbackUri !== state) {
+        throw new errors.LogtoError('callback_uri_verification.state_mismatched');
+    }
+    const code = uriParameters.get(index.QueryKey.Code);
+    if (!code) {
+        throw new errors.LogtoError('callback_uri_verification.missing_code');
+    }
+    return code;
+};
+
+exports.parseUriParameters = parseUriParameters;
+exports.verifyAndParseCodeFromCallbackUri = verifyAndParseCodeFromCallbackUri;

package/lib/utils/callback-uri.mjs

@@ -0,0 +1,33 @@
+import { conditional } from '@silverhand/essentials';
+import { QueryKey } from '../consts/index.mjs';
+import { LogtoError, OidcError } from './errors.mjs';
+
+const parseUriParameters = (uri) => {
+    const [, queryString = ''] = uri.split('?');
+    return new URLSearchParams(queryString);
+};
+const verifyAndParseCodeFromCallbackUri = (callbackUri, redirectUri, state) => {
+    if (!callbackUri.startsWith(redirectUri)) {
+        throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');
+    }
+    const uriParameters = parseUriParameters(callbackUri);
+    const error = conditional(uriParameters.get(QueryKey.Error));
+    const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));
+    if (error) {
+        throw new LogtoError('callback_uri_verification.error_found', new OidcError(error, errorDescription));
+    }
+    const stateFromCallbackUri = uriParameters.get(QueryKey.State);
+    if (!stateFromCallbackUri) {
+        throw new LogtoError('callback_uri_verification.missing_state');
+    }
+    if (stateFromCallbackUri !== state) {
+        throw new LogtoError('callback_uri_verification.state_mismatched');
+    }
+    const code = uriParameters.get(QueryKey.Code);
+    if (!code) {
+        throw new LogtoError('callback_uri_verification.missing_code');
+    }
+    return code;
+};
+
+export { parseUriParameters, verifyAndParseCodeFromCallbackUri };

package/lib/utils/callback-uri.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/utils/errors.d.ts

@@ -0,0 +1,36 @@
+import type { NormalizeKeyPaths } from '@silverhand/essentials';
+declare const logtoErrorCodes: Readonly<{
+    id_token: {
+        invalid_iat: string;
+        invalid_token: string;
+    };
+    callback_uri_verification: {
+        redirect_uri_mismatched: string;
+        error_found: string;
+        missing_state: string;
+        state_mismatched: string;
+        missing_code: string;
+    };
+    crypto_subtle_unavailable: "Crypto.subtle is unavailable in insecure contexts (non-HTTPS).";
+    unexpected_response_error: "Unexpected response error from the server.";
+}>;
+export type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;
+export declare class LogtoError extends Error {
+    code: LogtoErrorCode;
+    data: unknown;
+    constructor(code: LogtoErrorCode, data?: unknown);
+}
+export declare const isLogtoRequestError: (data: unknown) => data is {
+    code: string;
+    message: string;
+};
+export declare class LogtoRequestError extends Error {
+    code: string;
+    constructor(code: string, message: string);
+}
+export declare class OidcError {
+    error: string;
+    errorDescription?: string | undefined;
+    constructor(error: string, errorDescription?: string | undefined);
+}
+export {};