@logto/js 1.0.0 → 1.1.2

package/lib/utils/errors.js

@@ -0,0 +1,62 @@
+'use strict';
+
+var get = require('lodash.get');
+var arbitraryObject = require('./arbitrary-object.js');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var get__default = /*#__PURE__*/_interopDefault(get);
+
+const logtoErrorCodes = Object.freeze({
+    id_token: {
+        invalid_iat: 'Invalid issued at time in the ID token',
+        invalid_token: 'Invalid ID token',
+    },
+    callback_uri_verification: {
+        redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',
+        error_found: 'Error found in the callback URI',
+        missing_state: 'Missing state in the callback URI',
+        state_mismatched: 'State mismatched in the callback URI',
+        missing_code: 'Missing code in the callback URI',
+    },
+    crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',
+    unexpected_response_error: 'Unexpected response error from the server.',
+});
+const getMessageByErrorCode = (errorCode) => {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const message = get__default.default(logtoErrorCodes, errorCode);
+    if (typeof message === 'string') {
+        return message;
+    }
+    return errorCode;
+};
+class LogtoError extends Error {
+    constructor(code, data) {
+        super(getMessageByErrorCode(code));
+        this.code = code;
+        this.data = data;
+    }
+}
+const isLogtoRequestError = (data) => {
+    if (!arbitraryObject.isArbitraryObject(data)) {
+        return false;
+    }
+    return typeof data.code === 'string' && typeof data.message === 'string';
+};
+class LogtoRequestError extends Error {
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+    }
+}
+class OidcError {
+    constructor(error, errorDescription) {
+        this.error = error;
+        this.errorDescription = errorDescription;
+    }
+}
+
+exports.LogtoError = LogtoError;
+exports.LogtoRequestError = LogtoRequestError;
+exports.OidcError = OidcError;
+exports.isLogtoRequestError = isLogtoRequestError;

package/lib/utils/errors.mjs

@@ -0,0 +1,53 @@
+import get from 'lodash.get';
+import { isArbitraryObject } from './arbitrary-object.mjs';
+
+const logtoErrorCodes = Object.freeze({
+    id_token: {
+        invalid_iat: 'Invalid issued at time in the ID token',
+        invalid_token: 'Invalid ID token',
+    },
+    callback_uri_verification: {
+        redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',
+        error_found: 'Error found in the callback URI',
+        missing_state: 'Missing state in the callback URI',
+        state_mismatched: 'State mismatched in the callback URI',
+        missing_code: 'Missing code in the callback URI',
+    },
+    crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',
+    unexpected_response_error: 'Unexpected response error from the server.',
+});
+const getMessageByErrorCode = (errorCode) => {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const message = get(logtoErrorCodes, errorCode);
+    if (typeof message === 'string') {
+        return message;
+    }
+    return errorCode;
+};
+class LogtoError extends Error {
+    constructor(code, data) {
+        super(getMessageByErrorCode(code));
+        this.code = code;
+        this.data = data;
+    }
+}
+const isLogtoRequestError = (data) => {
+    if (!isArbitraryObject(data)) {
+        return false;
+    }
+    return typeof data.code === 'string' && typeof data.message === 'string';
+};
+class LogtoRequestError extends Error {
+    constructor(code, message) {
+        super(message);
+        this.code = code;
+    }
+}
+class OidcError {
+    constructor(error, errorDescription) {
+        this.error = error;
+        this.errorDescription = errorDescription;
+    }
+}
+
+export { LogtoError, LogtoRequestError, OidcError, isLogtoRequestError };

package/lib/utils/errors.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/utils/id-token.d.ts

@@ -0,0 +1,19 @@
+import type { Nullable } from '@silverhand/essentials';
+import type { JWTVerifyGetKey } from 'jose';
+export type IdTokenClaims = {
+    iss: string;
+    sub: string;
+    aud: string;
+    exp: number;
+    iat: number;
+    at_hash?: Nullable<string>;
+    name?: Nullable<string>;
+    username?: Nullable<string>;
+    picture?: Nullable<string>;
+    email?: Nullable<string>;
+    email_verified?: boolean;
+    phone_number?: Nullable<string>;
+    phone_number_verified?: boolean;
+};
+export declare const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>;
+export declare const decodeIdToken: (token: string) => IdTokenClaims;

package/lib/utils/id-token.js

@@ -0,0 +1,63 @@
+'use strict';
+
+var essentials = require('@silverhand/essentials');
+var jose = require('jose');
+var arbitraryObject = require('./arbitrary-object.js');
+var errors = require('./errors.js');
+
+const issuedAtTimeTolerance = 60;
+/* eslint-disable complexity */
+/**
+ * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
+ */
+function assertIdTokenClaims(data) {
+    if (!arbitraryObject.isArbitraryObject(data)) {
+        throw new TypeError('IdToken is expected to be an object');
+    }
+    for (const key of ['iss', 'sub', 'aud']) {
+        if (typeof data[key] !== 'string') {
+            throw new TypeError(`At path: IdToken.${key}: expected a string`);
+        }
+    }
+    for (const key of ['exp', 'iat']) {
+        if (typeof data[key] !== 'number') {
+            throw new TypeError(`At path: IdToken.${key}: expected a number`);
+        }
+    }
+    for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {
+        if (data[key] === undefined) {
+            continue;
+        }
+        if (typeof data[key] !== 'string' && data[key] !== null) {
+            throw new TypeError(`At path: IdToken.${key}: expected null or a string`);
+        }
+    }
+    for (const key of ['email_verified', 'phone_number_verified']) {
+        if (data[key] === undefined) {
+            continue;
+        }
+        if (typeof data[key] !== 'boolean') {
+            throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
+        }
+    }
+}
+/* eslint-enable complexity */
+const verifyIdToken = async (idToken, clientId, issuer, jwks) => {
+    const result = await jose.jwtVerify(idToken, jwks, { audience: clientId, issuer });
+    if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {
+        throw new errors.LogtoError('id_token.invalid_iat');
+    }
+};
+const decodeIdToken = (token) => {
+    const { 1: encodedPayload } = token.split('.');
+    if (!encodedPayload) {
+        throw new errors.LogtoError('id_token.invalid_token');
+    }
+    const json = essentials.urlSafeBase64.decode(encodedPayload);
+    const idTokenClaims = JSON.parse(json);
+    assertIdTokenClaims(idTokenClaims);
+    return idTokenClaims;
+};
+
+exports.decodeIdToken = decodeIdToken;
+exports.verifyIdToken = verifyIdToken;

package/lib/utils/id-token.mjs

@@ -0,0 +1,60 @@
+import { urlSafeBase64 } from '@silverhand/essentials';
+import { jwtVerify } from 'jose';
+import { isArbitraryObject } from './arbitrary-object.mjs';
+import { LogtoError } from './errors.mjs';
+
+const issuedAtTimeTolerance = 60;
+/* eslint-disable complexity */
+/**
+ * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
+ */
+function assertIdTokenClaims(data) {
+    if (!isArbitraryObject(data)) {
+        throw new TypeError('IdToken is expected to be an object');
+    }
+    for (const key of ['iss', 'sub', 'aud']) {
+        if (typeof data[key] !== 'string') {
+            throw new TypeError(`At path: IdToken.${key}: expected a string`);
+        }
+    }
+    for (const key of ['exp', 'iat']) {
+        if (typeof data[key] !== 'number') {
+            throw new TypeError(`At path: IdToken.${key}: expected a number`);
+        }
+    }
+    for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {
+        if (data[key] === undefined) {
+            continue;
+        }
+        if (typeof data[key] !== 'string' && data[key] !== null) {
+            throw new TypeError(`At path: IdToken.${key}: expected null or a string`);
+        }
+    }
+    for (const key of ['email_verified', 'phone_number_verified']) {
+        if (data[key] === undefined) {
+            continue;
+        }
+        if (typeof data[key] !== 'boolean') {
+            throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
+        }
+    }
+}
+/* eslint-enable complexity */
+const verifyIdToken = async (idToken, clientId, issuer, jwks) => {
+    const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });
+    if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {
+        throw new LogtoError('id_token.invalid_iat');
+    }
+};
+const decodeIdToken = (token) => {
+    const { 1: encodedPayload } = token.split('.');
+    if (!encodedPayload) {
+        throw new LogtoError('id_token.invalid_token');
+    }
+    const json = urlSafeBase64.decode(encodedPayload);
+    const idTokenClaims = JSON.parse(json);
+    assertIdTokenClaims(idTokenClaims);
+    return idTokenClaims;
+};
+
+export { decodeIdToken, verifyIdToken };

package/lib/utils/id-token.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/utils/index.d.ts

@@ -0,0 +1,5 @@
+export * from './callback-uri';
+export * from './errors';
+export * from './id-token';
+export * from './scopes';
+export * from './arbitrary-object';

package/lib/utils/scopes.d.ts

@@ -0,0 +1,5 @@
+/**
+ * @param originalScopes
+ * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)
+ */
+export declare const withDefaultScopes: (originalScopes?: string[]) => string;

package/lib/utils/scopes.js

@@ -0,0 +1,15 @@
+'use strict';
+
+var index = require('../consts/index.js');
+
+/**
+ * @param originalScopes
+ * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)
+ */
+const withDefaultScopes = (originalScopes) => {
+    const reservedScopes = Object.values(index.ReservedScope);
+    const uniqueScopes = new Set([...reservedScopes, index.UserScope.Profile, ...(originalScopes ?? [])]);
+    return Array.from(uniqueScopes).join(' ');
+};
+
+exports.withDefaultScopes = withDefaultScopes;

package/lib/utils/scopes.mjs

@@ -0,0 +1,13 @@
+import { ReservedScope, UserScope } from '../consts/index.mjs';
+
+/**
+ * @param originalScopes
+ * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)
+ */
+const withDefaultScopes = (originalScopes) => {
+    const reservedScopes = Object.values(ReservedScope);
+    const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);
+    return Array.from(uniqueScopes).join(' ');
+};
+
+export { withDefaultScopes };

package/lib/utils/scopes.test.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@logto/js",
-  "version": "1.0.0",
+  "version": "1.1.2",
   "source": "./src/index.ts",
   "main": "./lib/index.js",
   "exports": {
     "require": "./lib/index.js",
-    "import": "./lib/module.mjs"
+    "import": "./lib/index.mjs"
   },
-  "module": "./lib/module.mjs",
+  "module": "./lib/index.mjs",
   "types": "./lib/index.d.ts",
   "files": [
     "lib"
@@ -22,39 +22,38 @@
     "dev:tsc": "tsc -p tsconfig.build.json -w --preserveWatchOutput",
     "precommit": "lint-staged",
     "check": "tsc --noEmit",
-    "build": "rm -rf lib/ && pnpm check && parcel build && cp lib/index.d.ts lib/module.d.mts",
+    "build": "rm -rf lib/ && tsc -p tsconfig.build.json --noEmit && rollup -c",
     "lint": "eslint --ext .ts src",
     "test": "jest",
-    "test:coverage": "jest --silent --env=jsdom && jest --silent --coverage",
+    "test:coverage": "jest --silent --env=jsdom && jest --silent",
     "prepack": "pnpm test"
   },
   "dependencies": {
-    "@silverhand/essentials": "^1.2.1",
+    "@silverhand/essentials": "^2.6.1",
     "camelcase-keys": "^7.0.1",
-    "jose": "^4.3.8",
+    "jose": "^4.13.2",
     "lodash.get": "^4.4.2"
   },
   "devDependencies": {
-    "@jest/types": "^27.5.1",
-    "@parcel/core": "^2.8.3",
-    "@parcel/packager-ts": "^2.8.3",
-    "@parcel/transformer-typescript-types": "^2.8.3",
+    "@jest/types": "^29.5.0",
     "@silverhand/eslint-config": "^2.0.0",
     "@silverhand/ts-config": "^1.0.0",
-    "@types/jest": "^27.4.1",
+    "@swc/core": "^1.3.50",
+    "@swc/jest": "^0.2.24",
+    "@types/jest": "^29.5.0",
     "@types/lodash.get": "^4.4.6",
     "@types/node": "^18.0.0",
-    "eslint": "^8.23.0",
-    "jest": "^27.5.1",
+    "eslint": "^8.38.0",
+    "jest": "^29.5.0",
+    "jest-environment-jsdom": "^29.5.0",
     "jest-matcher-specific-error": "^1.0.0",
     "lint-staged": "^13.0.0",
-    "nock": "^13.1.3",
-    "parcel": "^2.8.3",
-    "prettier": "^2.7.1",
+    "nock": "^13.3.0",
+    "prettier": "^2.8.7",
+    "rollup": "^3.20.2",
     "text-encoder": "^0.0.4",
-    "ts-jest": "^27.0.4",
     "type-fest": "^3.0.0",
-    "typescript": "4.9.5"
+    "typescript": "^5.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand"
@@ -63,5 +62,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "fff27b23a74d5bd3a46fc83fbbc2901b6e054c72"
+  "gitHead": "9e9a8b0887ef67baa7c3c564590bb06e7801d03e"
 }

package/lib/index.d.ts.map

@@ -1 +0,0 @@
-{"mappings":";;AAAA,OAAO,MAAM;;;;CAEZ,CAAC;AAEF;IACE,iBAAiB,uBAAuB;IACxC,YAAY,kBAAkB;CAC/B;AAED;IACE,QAAQ,cAAc;IACtB,IAAI,SAAS;IACb,aAAa,mBAAmB;IAChC,mBAAmB,0BAA0B;IAC7C,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,gBAAgB,sBAAsB;IACtC,SAAS,eAAe;IACxB,OAAO,aAAa;IACpB,WAAW,kBAAkB;IAC7B,qBAAqB,6BAA6B;IAClD,iBAAiB;IACjB,WAAW,iBAAiB;IAC5B,YAAY,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,YAAY,kBAAkB;IAC9B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,KAAK,UAAU;CAChB;AAED;IACE,OAAO,YAAY;IACnB,KAAK,UAAU;CAChB;AAGD;IACE,MAAM,WAAW;IACjB,aAAa,mBAAmB;CACjC;AAED;;GAEG;AACH;IACE;;;;OAIG;IACH,OAAO,YAAY;IACnB;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,KAAK,UAAU;IACf;;;;OAIG;IACH,UAAU,gBAAgB;IAC1B;;;;OAIG;IACH,UAAU,eAAe;CAC1B;AC5ED,oCAAoC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAwB,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,CAAC,OAAO,KAAK,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;ACC7E,sDAAsD;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,iDAAiD;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,kCAAkC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,gCAAgC,gBAAgB,0BAA0B,CAAC,CAAC;AAE5E,0CAA0C;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wCAAwC,gBAAgB,kCAAkC,CAAC,CAAC;AAE5F,OAAO,MAAM,yGAQR,uCAAuC,aAC/B,SAAS,KACnB,QAAQ,iBAAiB,CAmB3B,CAAC;AAEF,OAAO,MAAM,wFACkD,kCAAkC,aACpF,SAAS,KACnB,QAAQ,yBAAyB,CAwBnC,CAAC;AChGF,mCAAmC;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,OAAO,MAAM,wDAAwD,CAAC;AAEtE,iCAAiC,gBAAgB,2BAA2B,CAAC,CAAC;AAE9E,OAAO,MAAM,4BACD,MAAM,aACL,SAAS,KACnB,QAAQ,kBAAkB,CAC0C,CAAC;ACpBxE,OAAO,MAAM,6BACS,MAAM,YAChB,MAAM,SACT,MAAM,aACF,SAAS,KACnB,QAAQ,IAAI,CAQX,CAAC;AChBL,OAAO,MAAM,0BAA2B,OAAO,oCACJ,CAAC;ACI5C,QAAA,MAAM;;;;;;;;;;;;;;EAcJ,CAAC;AAEH,6BAA6B,kBAAkB,sBAAsB,CAAC,CAAC;AAavE,uBAAwB,SAAQ,KAAK;IACnC,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;gBAEF,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,OAAO;CAKjD;AAED,OAAO,MAAM,4BAA6B,OAAO;UAAmB,MAAM;aAAW,MAAM;CAM1F,CAAC;AAEF,8BAA+B,SAAQ,KAAK;IAC1C,IAAI,EAAE,MAAM,CAAC;gBAED,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI1C;AAED;IACqB,KAAK,EAAE,MAAM;IAAS,gBAAgB,CAAC;gBAAvC,KAAK,EAAE,MAAM,EAAS,gBAAgB,CAAC,oBAAQ;CACnE;AC3DD,OAAO,MAAM,0BAA2B,MAAM,oBAI7C,CAAC;AAEF,OAAO,MAAM,iDACE,MAAM,eACN,MAAM,SACZ,MAAM,WAkCd,CAAC;ACtCF,4BAA4B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC,CAAC;AA6CF,OAAO,MAAM,yBACF,MAAM,YACL,MAAM,UACR,MAAM,QACR,eAAe,kBAOtB,CAAC;AAEF,OAAO,MAAM,uBAAwB,MAAM,KAAG,aAY7C,CAAC;AC5FF;;;GAGG;AACH,OAAO,MAAM,qCAAsC,MAAM,EAAE,KAAG,MAK7D,CAAC;AELF,kCAAkC;IAChC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,OAAO,MAAM,wHASV,mBAAmB,WAiBrB,CAAC;ACzCF,4BAA4B;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,OAAO,MAAM,+EAIV,oBAAoB,WAQtB,CAAC;AChBF,gBAAgB;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC,CAAC;AAEF,+BAA+B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACxB,QAAQ,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC5B,OAAO,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAC3B,KAAK,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,SAAS,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF,OAAO,MAAM,kCACO,MAAM,eACX,MAAM,aACR,SAAS,KACnB,QAAQ,gBAAgB,CAGvB,CAAC","sources":["packages/js/src/src/consts/index.ts","packages/js/src/src/types/index.ts","packages/js/src/src/core/fetch-token.ts","packages/js/src/src/core/oidc-config.ts","packages/js/src/src/core/revoke.ts","packages/js/src/src/utils/arbitrary-object.ts","packages/js/src/src/utils/errors.ts","packages/js/src/src/utils/callback-uri.ts","packages/js/src/src/utils/id-token.ts","packages/js/src/src/utils/scopes.ts","packages/js/src/src/utils/index.ts","packages/js/src/src/core/sign-in.ts","packages/js/src/src/core/sign-out.ts","packages/js/src/src/core/user-info.ts","packages/js/src/src/core/index.ts","packages/js/src/src/index.ts","packages/js/src/index.ts"],"sourcesContent":[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,"/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n"],"names":[],"version":3,"file":"index.d.ts.map"}

package/lib/index.js.map

@@ -1 +0,0 @@
-{"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEAA;;;;;;;;;ACAO,MAAM,4CAAc;IACzB,gBAAgB;QAAE,gBAAgB;IAAoC;AACxE;IAEO;UAAK,cAAc;IAAd,eACV,uBAAoB;IADV,eAEV,kBAAe;GAFL,8CAAA;IAKL;UAAK,QAAQ;IAAR,SACV,cAAW;IADD,SAEV,UAAO;IAFG,SAGV,mBAAgB;IAHN,SAIV,yBAAsB;IAJZ,SAKV,kBAAe;IALL,SAMV,WAAQ;IANE,SAOV,sBAAmB;IAPT,SAQV,eAAY;IARF,SASV,aAAU;IATA,SAUV,iBAAc;IAVJ,SAWV,2BAAwB;IAXd,SAYV,YAAS;IAZC,SAaV,iBAAc;IAbJ,SAcV,kBAAe;IAdL,SAeV,cAAW;IAfD,SAgBV,kBAAe;IAhBL,SAiBV,WAAQ;IAjBE,SAkBV,WAAQ;IAlBE,SAmBV,WAAQ;GAnBE,8CAAA;IAsBL;UAAK,MAAM;IAAN,OACV,aAAU;IADA,OAEV,WAAQ;GAFE,8CAAA;IAML;UAAK,aAAa;IAAb,cACV,YAAS;IADC,cAEV,mBAAgB;GAFN,6CAAA;IAQL;UAAK,SAAS;IAAT,UACV;;;;GAIC,GACD,aAAU;IANA,UAOV;;;;GAIC,GACD,WAAQ;IAZE,UAaV;;;;GAIC,GACD,WAAQ;IAlBE,UAmBV;;;;GAIC,GACD,gBAAa;IAxBH,UAyBV;;;;GAIC,GACD,gBAAa;GA9BH,8CAAA;;;ADFL,MAAM,4CAAgC,OAC3C,YACE,SAAQ,iBACR,cAAa,eACb,YAAW,gBACX,aAAY,QACZ,KAAI,YACJ,SAAQ,EACgC,EAC1C,YAC+B;IAC/B,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI,EAAE;IACjC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,EAAE;IACxC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,iBAAiB;IAEtE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,MAAM,6BAA6B,MAAM,UAAsC,eAAe;QAC5F,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAEA,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;AAEO,MAAM,4CAA2B,OACtC,YAAE,SAAQ,iBAAE,cAAa,gBAAE,aAAY,YAAE,SAAQ,UAAE,OAAM,EAAsC,EAC/F,YACuC;IACvC,MAAM,aAAa,IAAI;IACvB,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IACrC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,EAAE;IACzC,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,SAAS,EAAE,CAAA,GAAA,yCAAc,AAAD,EAAE,YAAY;IAEjE,IAAI,UACF,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,QAAQ,EAAE;IAGvC,IAAI,QAAQ,QACV,WAAW,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,EAAE,OAAO,IAAI,CAAC;IAGhD,MAAM,qCAAqC,MAAM,UAC/C,eACA;QACE,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM;IACR;IAGF,OAAO,CAAA,GAAA,8CAAY,EAAE;AACvB;;ADrGA;;;;;AGAA;AAeO,MAAM,4CAAgB;AAItB,MAAM,4CAAkB,OAC7B,UACA,YAEA,CAAA,GAAA,8CAAa,AAAD,EAAE,MAAM,UAAuC;;;;;;ACvB7D;AAGO,MAAM,4CAAS,OACpB,oBACA,UACA,OACA,YAEA,UAAgB,oBAAoB;QAClC,QAAQ;QACR,SAAS,CAAA,GAAA,yCAAW,AAAD,EAAE,cAAc;QACnC,MAAM,IAAI,gBAAgB;YACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;YACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QACpB;IACF;;;;;;AChBF;;;;;;AEAA;;;;;;;;ACAA;;;;ACAO,MAAM,4CAAoB,CAAC,OAChC,OAAO,SAAS,YAAY,SAAS,IAAI;;;ADI3C,MAAM,wCAAkB,OAAO,MAAM,CAAC;IACpC,UAAU;QACR,aAAa;QACb,eAAe;IACjB;IACA,2BAA2B;QACzB,yBAAyB;QACzB,aAAa;QACb,eAAe;QACf,kBAAkB;QAClB,cAAc;IAChB;IACA,2BAA2B;IAC3B,2BAA2B;AAC7B;AAIA,MAAM,8CAAwB,CAAC,YAAsC;IACnE,mEAAmE;IACnE,MAAM,UAAU,CAAA,GAAA,0CAAE,EAAE,uCAAiB;IAErC,IAAI,OAAO,YAAY,UACrB,OAAO;IAGT,OAAO;AACT;AAEO,MAAM,kDAAmB;IAI9B,YAAY,IAAoB,EAAE,IAAc,CAAE;QAChD,KAAK,CAAC,4CAAsB;QAC5B,IAAI,CAAC,IAAI,GAAG;QACZ,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM,4CAAsB,CAAC,OAA6D;IAC/F,IAAI,CAAC,CAAA,GAAA,yCAAiB,AAAD,EAAE,OACrB,OAAO,KAAK;IAGd,OAAO,OAAO,KAAK,IAAI,KAAK,YAAY,OAAO,KAAK,OAAO,KAAK;AAClE;AAEO,MAAM,kDAA0B;IAGrC,YAAY,IAAY,EAAE,OAAe,CAAE;QACzC,KAAK,CAAC;QACN,IAAI,CAAC,IAAI,GAAG;IACd;AACF;AAEO,MAAM;IACX,YAAmB,OAAsB,iBAA2B;qBAAjD;gCAAsB;IAA4B;AACvE;;;AD3DO,MAAM,4CAAqB,CAAC,MAAgB;IACjD,MAAM,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,KAAK,CAAC;IAEvC,OAAO,IAAI,gBAAgB;AAC7B;AAEO,MAAM,4CAAoC,CAC/C,aACA,aACA,QACG;IACH,IAAI,CAAC,YAAY,UAAU,CAAC,cAC1B,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EAAE,qDAAqD;IAE5E,MAAM,gBAAgB,0CAAmB;IAEzC,MAAM,QAAQ,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,KAAK;IAC1D,MAAM,mBAAmB,CAAA,GAAA,uCAAU,EAAE,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,gBAAgB;IAEhF,IAAI,OACF,MAAM,IAAI,CAAA,GAAA,yCAAU,AAAD,EACjB,yCACA,IAAI,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO,mBACrB;IAGJ,MAAM,uBAAuB,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK;IAE7D,IAAI,CAAC,sBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,2CAA2C;IAGlE,IAAI,yBAAyB,OAC3B,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,8CAA8C;IAGrE,MAAM,OAAO,cAAc,GAAG,CAAC,CAAA,GAAA,yCAAO,EAAE,IAAI;IAE5C,IAAI,CAAC,MACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0CAA0C;IAGjE,OAAO;AACT;;ADhDA;;;;;;AIAA;;;;AAQA,MAAM,8CAAwB;AAkB9B,6BAA6B,GAC7B;;CAEC,GACD,SAAS,0CAAoB,IAAa,EAAiC;IACzE,IAAI,CAAC,CAAA,GAAA,yCAAgB,EAAE,OACrB,MAAM,IAAI,UAAU,uCAAuC;IAG7D,KAAK,MAAM,OAAO;QAAC;QAAO;QAAO;KAAM,CAAE;QACvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAO;KAAM,CAAE;QAChC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,UACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,mBAAmB,CAAC,EAAE;IAEtE;IAEA,KAAK,MAAM,OAAO;QAAC;QAAW;QAAQ;QAAY;QAAW;QAAS;KAAe,CAAE;QACrF,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,EACrD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,2BAA2B,CAAC,EAAE;IAE9E;IAEA,KAAK,MAAM,OAAO;QAAC;QAAkB;KAAwB,CAAE;QAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,WAChB,QAAS;QAGX,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,WACvB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,IAAI,oBAAoB,CAAC,EAAE;IAEvE;AACF;AAGO,MAAM,4CAAgB,OAC3B,SACA,UACA,QACA,OACG;IACH,MAAM,SAAS,MAAM,CAAA,GAAA,qBAAQ,EAAE,SAAS,MAAM;QAAE,UAAU;gBAAU;IAAO;IAE3E,IAAI,KAAK,GAAG,CAAC,AAAC,CAAA,OAAO,OAAO,CAAC,GAAG,IAAI,CAAA,IAAK,KAAK,GAAG,KAAK,QAAQ,6CAC5D,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,wBAAwB;AAEjD;AAEO,MAAM,4CAAgB,CAAC,QAAiC;IAC7D,MAAM,EAAE,GAAG,eAAc,EAAE,GAAG,MAAM,KAAK,CAAC;IAE1C,IAAI,CAAC,gBACH,MAAM,IAAI,CAAA,GAAA,yCAAS,EAAE,0BAA0B;IAGjD,MAAM,OAAO,CAAA,GAAA,yCAAa,AAAD,EAAE,MAAM,CAAC;IAClC,MAAM,gBAAyB,KAAK,KAAK,CAAC;IAC1C,0CAAoB;IAEpB,OAAO;AACT;;;;;;AC9FA;AAMO,MAAM,4CAAoB,CAAC,iBAAsC;IACtE,MAAM,iBAAiB,OAAO,MAAM,CAAC,CAAA,GAAA,wCAAa,AAAD;IACjD,MAAM,eAAe,IAAI,IAAI;WAAI;QAAgB,CAAA,GAAA,yCAAS,AAAD,EAAE,OAAO;WAAM,kBAAkB,EAAE;KAAE;IAE9F,OAAO,MAAM,IAAI,CAAC,cAAc,IAAI,CAAC;AACvC;;;;;;;;;;;ANRA,MAAM,4CAAsB;AAC5B,MAAM,qCAAe;AAad,MAAM,4CAAoB,CAAC,yBAChC,sBAAqB,YACrB,SAAQ,eACR,YAAW,iBACX,cAAa,SACb,MAAK,UACL,OAAM,aACN,UAAS,UACT,OAAM,EACc,GAAK;IACzB,MAAM,sBAAsB,IAAI,gBAAgB;QAC9C,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;QACrB,CAAC,CAAA,GAAA,yCAAO,EAAE,WAAW,CAAC,EAAE;QACxB,CAAC,CAAA,GAAA,yCAAO,EAAE,aAAa,CAAC,EAAE;QAC1B,CAAC,CAAA,GAAA,yCAAO,EAAE,mBAAmB,CAAC,EAAE;QAChC,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE;QAClB,CAAC,CAAA,GAAA,yCAAO,EAAE,YAAY,CAAC,EAAE;QACzB,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,MAAM,CAAC,EAAE,UAAU,CAAA,GAAA,yCAAM,AAAD,EAAE,OAAO;QAC3C,CAAC,CAAA,GAAA,yCAAO,EAAE,KAAK,CAAC,EAAE,CAAA,GAAA,yCAAiB,AAAD,EAAE;IACtC;IAEA,KAAK,MAAM,YAAY,aAAa,EAAE,CACpC,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,EAAE;IAGhD,OAAO,CAAC,EAAE,sBAAsB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AACrE;;;;;;AO3CA;AAQO,MAAM,4CAAqB,CAAC,sBACjC,mBAAkB,YAClB,SAAQ,yBACR,sBAAqB,EACA,GAAK;IAC1B,MAAM,sBAAsB,IAAI,gBAAgB;QAAE,CAAC,CAAA,GAAA,yCAAO,EAAE,QAAQ,CAAC,EAAE;IAAS;IAEhF,IAAI,uBACF,oBAAoB,MAAM,CAAC,CAAA,GAAA,yCAAQ,AAAD,EAAE,qBAAqB,EAAE;IAG7D,OAAO,CAAC,EAAE,mBAAmB,CAAC,EAAE,oBAAoB,QAAQ,GAAG,CAAC;AAClE;;;;;;ACEO,MAAM,4CAAgB,OAC3B,kBACA,aACA,YAEA,UAA4B,kBAAkB;QAC5C,SAAS;YAAE,eAAe,CAAC,OAAO,EAAE,YAAY,CAAC;QAAC;IACpD;;;;;;;;;;Ad7BF,wBAAwB,GACxB;;;;;","sources":["packages/js/src/index.ts","packages/js/src/core/index.ts","packages/js/src/core/fetch-token.ts","packages/js/src/consts/index.ts","packages/js/src/core/oidc-config.ts","packages/js/src/core/revoke.ts","packages/js/src/core/sign-in.ts","packages/js/src/utils/index.ts","packages/js/src/utils/callback-uri.ts","packages/js/src/utils/errors.ts","packages/js/src/utils/arbitrary-object.ts","packages/js/src/utils/id-token.ts","packages/js/src/utils/scopes.ts","packages/js/src/core/sign-out.ts","packages/js/src/core/user-info.ts","packages/js/src/types/index.ts"],"sourcesContent":["/* istanbul ignore file */\nexport * from './core';\nexport * from './utils';\nexport * from './consts';\nexport * from './types';\n","export * from './fetch-token';\nexport * from './oidc-config';\nexport * from './revoke';\nexport * from './sign-in';\nexport * from './sign-out';\nexport * from './user-info';\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport { ContentType, QueryKey, TokenGrantType } from '../consts';\nimport type { Requester } from '../types';\n\nexport type FetchTokenByAuthorizationCodeParameters = {\n  clientId: string;\n  tokenEndpoint: string;\n  redirectUri: string;\n  codeVerifier: string;\n  code: string;\n  resource?: string;\n};\n\nexport type FetchTokenByRefreshTokenParameters = {\n  clientId: string;\n  tokenEndpoint: string;\n  refreshToken: string;\n  resource?: string;\n  scopes?: string[];\n};\n\ntype SnakeCaseCodeTokenResponse = {\n  access_token: string;\n  refresh_token?: string;\n  id_token: string;\n  scope: string;\n  expires_in: number;\n};\n\nexport type CodeTokenResponse = KeysToCamelCase<SnakeCaseCodeTokenResponse>;\n\ntype SnakeCaseRefreshTokenTokenResponse = {\n  access_token: string;\n  refresh_token: string;\n  id_token?: string;\n  scope: string;\n  expires_in: number;\n};\n\nexport type RefreshTokenTokenResponse = KeysToCamelCase<SnakeCaseRefreshTokenTokenResponse>;\n\nexport const fetchTokenByAuthorizationCode = async (\n  {\n    clientId,\n    tokenEndpoint,\n    redirectUri,\n    codeVerifier,\n    code,\n    resource,\n  }: FetchTokenByAuthorizationCodeParameters,\n  requester: Requester\n): Promise<CodeTokenResponse> => {\n  const parameters = new URLSearchParams();\n  parameters.append(QueryKey.ClientId, clientId);\n  parameters.append(QueryKey.Code, code);\n  parameters.append(QueryKey.CodeVerifier, codeVerifier);\n  parameters.append(QueryKey.RedirectUri, redirectUri);\n  parameters.append(QueryKey.GrantType, TokenGrantType.AuthorizationCode);\n\n  if (resource) {\n    parameters.append(QueryKey.Resource, resource);\n  }\n\n  const snakeCaseCodeTokenResponse = await requester<SnakeCaseCodeTokenResponse>(tokenEndpoint, {\n    method: 'POST',\n    headers: ContentType.formUrlEncoded,\n    body: parameters,\n  });\n\n  return camelcaseKeys(snakeCaseCodeTokenResponse);\n};\n\nexport const fetchTokenByRefreshToken = async (\n  { clientId, tokenEndpoint, refreshToken, resource, scopes }: FetchTokenByRefreshTokenParameters,\n  requester: Requester\n): Promise<RefreshTokenTokenResponse> => {\n  const parameters = new URLSearchParams();\n  parameters.append(QueryKey.ClientId, clientId);\n  parameters.append(QueryKey.RefreshToken, refreshToken);\n  parameters.append(QueryKey.GrantType, TokenGrantType.RefreshToken);\n\n  if (resource) {\n    parameters.append(QueryKey.Resource, resource);\n  }\n\n  if (scopes?.length) {\n    parameters.append(QueryKey.Scope, scopes.join(' '));\n  }\n\n  const snakeCaseRefreshTokenTokenResponse = await requester<SnakeCaseRefreshTokenTokenResponse>(\n    tokenEndpoint,\n    {\n      method: 'POST',\n      headers: ContentType.formUrlEncoded,\n      body: parameters,\n    }\n  );\n\n  return camelcaseKeys(snakeCaseRefreshTokenTokenResponse);\n};\n","export const ContentType = {\n  formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },\n};\n\nexport enum TokenGrantType {\n  AuthorizationCode = 'authorization_code',\n  RefreshToken = 'refresh_token',\n}\n\nexport enum QueryKey {\n  ClientId = 'client_id',\n  Code = 'code',\n  CodeChallenge = 'code_challenge',\n  CodeChallengeMethod = 'code_challenge_method',\n  CodeVerifier = 'code_verifier',\n  Error = 'error',\n  ErrorDescription = 'error_description',\n  GrantType = 'grant_type',\n  IdToken = 'id_token',\n  IdTokenHint = 'id_token_hint',\n  PostLogoutRedirectUri = 'post_logout_redirect_uri',\n  Prompt = 'prompt',\n  RedirectUri = 'redirect_uri',\n  RefreshToken = 'refresh_token',\n  Resource = 'resource',\n  ResponseType = 'response_type',\n  Scope = 'scope',\n  State = 'state',\n  Token = 'token',\n}\n\nexport enum Prompt {\n  Consent = 'consent',\n  Login = 'login',\n}\n\n// TODO: @sijie @charles find a proper way to sync scopes constants with core\nexport enum ReservedScope {\n  OpenId = 'openid',\n  OfflineAccess = 'offline_access',\n}\n\n/**\n * Scopes for ID Token and Userinfo Endpoint.\n */\nexport enum UserScope {\n  /**\n   * Scope for basic user info.\n   *\n   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n   */\n  Profile = 'profile',\n  /**\n   * Scope for user email address.\n   *\n   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n   */\n  Email = 'email',\n  /**\n   * Scope for user phone number.\n   *\n   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n   */\n  Phone = 'phone',\n  /**\n   * Scope for user's custom data.\n   *\n   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n   */\n  CustomData = 'custom_data',\n  /**\n   * Scope for user's social identity details.\n   *\n   * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.\n   */\n  Identities = 'identities',\n}\n","import type { KeysToCamelCase } from '@silverhand/essentials';\nimport camelcaseKeys from 'camelcase-keys';\n\nimport type { Requester } from '../types';\n\ntype OidcConfigSnakeCaseResponse = {\n  authorization_endpoint: string;\n  token_endpoint: string;\n  userinfo_endpoint: string;\n  end_session_endpoint: string;\n  revocation_endpoint: string;\n  jwks_uri: string;\n  issuer: string;\n};\n\nexport const discoveryPath = '/oidc/.well-known/openid-configuration';\n\nexport type OidcConfigResponse = KeysToCamelCase<OidcConfigSnakeCaseResponse>;\n\nexport const fetchOidcConfig = async (\n  endpoint: string,\n  requester: Requester\n): Promise<OidcConfigResponse> =>\n  camelcaseKeys(await requester<OidcConfigSnakeCaseResponse>(endpoint));\n","import { ContentType, QueryKey } from '../consts';\nimport type { Requester } from '../types';\n\nexport const revoke = async (\n  revocationEndpoint: string,\n  clientId: string,\n  token: string,\n  requester: Requester\n): Promise<void> =>\n  requester<void>(revocationEndpoint, {\n    method: 'POST',\n    headers: ContentType.formUrlEncoded,\n    body: new URLSearchParams({\n      [QueryKey.ClientId]: clientId,\n      [QueryKey.Token]: token,\n    }),\n  });\n","import { Prompt, QueryKey } from '../consts';\nimport { withDefaultScopes } from '../utils';\n\nconst codeChallengeMethod = 'S256';\nconst responseType = 'code';\n\nexport type SignInUriParameters = {\n  authorizationEndpoint: string;\n  clientId: string;\n  redirectUri: string;\n  codeChallenge: string;\n  state: string;\n  scopes?: string[];\n  resources?: string[];\n  prompt?: Prompt;\n};\n\nexport const generateSignInUri = ({\n  authorizationEndpoint,\n  clientId,\n  redirectUri,\n  codeChallenge,\n  state,\n  scopes,\n  resources,\n  prompt,\n}: SignInUriParameters) => {\n  const urlSearchParameters = new URLSearchParams({\n    [QueryKey.ClientId]: clientId,\n    [QueryKey.RedirectUri]: redirectUri,\n    [QueryKey.CodeChallenge]: codeChallenge,\n    [QueryKey.CodeChallengeMethod]: codeChallengeMethod,\n    [QueryKey.State]: state,\n    [QueryKey.ResponseType]: responseType,\n    [QueryKey.Prompt]: prompt ?? Prompt.Consent,\n    [QueryKey.Scope]: withDefaultScopes(scopes),\n  });\n\n  for (const resource of resources ?? []) {\n    urlSearchParameters.append(QueryKey.Resource, resource);\n  }\n\n  return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;\n};\n","export * from './callback-uri';\nexport * from './errors';\nexport * from './id-token';\nexport * from './scopes';\nexport * from './arbitrary-object';\n","import { conditional } from '@silverhand/essentials';\n\nimport { QueryKey } from '../consts';\nimport { LogtoError, OidcError } from './errors';\n\nexport const parseUriParameters = (uri: string) => {\n  const [, queryString = ''] = uri.split('?');\n\n  return new URLSearchParams(queryString);\n};\n\nexport const verifyAndParseCodeFromCallbackUri = (\n  callbackUri: string,\n  redirectUri: string,\n  state: string\n) => {\n  if (!callbackUri.startsWith(redirectUri)) {\n    throw new LogtoError('callback_uri_verification.redirect_uri_mismatched');\n  }\n  const uriParameters = parseUriParameters(callbackUri);\n\n  const error = conditional(uriParameters.get(QueryKey.Error));\n  const errorDescription = conditional(uriParameters.get(QueryKey.ErrorDescription));\n\n  if (error) {\n    throw new LogtoError(\n      'callback_uri_verification.error_found',\n      new OidcError(error, errorDescription)\n    );\n  }\n\n  const stateFromCallbackUri = uriParameters.get(QueryKey.State);\n\n  if (!stateFromCallbackUri) {\n    throw new LogtoError('callback_uri_verification.missing_state');\n  }\n\n  if (stateFromCallbackUri !== state) {\n    throw new LogtoError('callback_uri_verification.state_mismatched');\n  }\n\n  const code = uriParameters.get(QueryKey.Code);\n\n  if (!code) {\n    throw new LogtoError('callback_uri_verification.missing_code');\n  }\n\n  return code;\n};\n","import type { NormalizeKeyPaths } from '@silverhand/essentials';\nimport get from 'lodash.get';\n\nimport { isArbitraryObject } from './arbitrary-object';\n\nconst logtoErrorCodes = Object.freeze({\n  id_token: {\n    invalid_iat: 'Invalid issued at time in the ID token',\n    invalid_token: 'Invalid ID token',\n  },\n  callback_uri_verification: {\n    redirect_uri_mismatched: 'The callback URI mismatches the redirect URI.',\n    error_found: 'Error found in the callback URI',\n    missing_state: 'Missing state in the callback URI',\n    state_mismatched: 'State mismatched in the callback URI',\n    missing_code: 'Missing code in the callback URI',\n  },\n  crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',\n  unexpected_response_error: 'Unexpected response error from the server.',\n});\n\nexport type LogtoErrorCode = NormalizeKeyPaths<typeof logtoErrorCodes>;\n\nconst getMessageByErrorCode = (errorCode: LogtoErrorCode): string => {\n  // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment\n  const message = get(logtoErrorCodes, errorCode);\n\n  if (typeof message === 'string') {\n    return message;\n  }\n\n  return errorCode;\n};\n\nexport class LogtoError extends Error {\n  code: LogtoErrorCode;\n  data: unknown;\n\n  constructor(code: LogtoErrorCode, data?: unknown) {\n    super(getMessageByErrorCode(code));\n    this.code = code;\n    this.data = data;\n  }\n}\n\nexport const isLogtoRequestError = (data: unknown): data is { code: string; message: string } => {\n  if (!isArbitraryObject(data)) {\n    return false;\n  }\n\n  return typeof data.code === 'string' && typeof data.message === 'string';\n};\n\nexport class LogtoRequestError extends Error {\n  code: string;\n\n  constructor(code: string, message: string) {\n    super(message);\n    this.code = code;\n  }\n}\n\nexport class OidcError {\n  constructor(public error: string, public errorDescription?: string) {}\n}\n","export const isArbitraryObject = (data: unknown): data is Record<string, unknown> =>\n  typeof data === 'object' && data !== null;\n","import type { Nullable } from '@silverhand/essentials';\nimport { urlSafeBase64 } from '@silverhand/essentials';\nimport type { JWTVerifyGetKey } from 'jose';\nimport { jwtVerify } from 'jose';\n\nimport { isArbitraryObject } from './arbitrary-object';\nimport { LogtoError } from './errors';\n\nconst issuedAtTimeTolerance = 60;\n\nexport type IdTokenClaims = {\n  iss: string;\n  sub: string;\n  aud: string;\n  exp: number;\n  iat: number;\n  at_hash?: Nullable<string>;\n  name?: Nullable<string>;\n  username?: Nullable<string>;\n  picture?: Nullable<string>;\n  email?: Nullable<string>;\n  email_verified?: boolean;\n  phone_number?: Nullable<string>;\n  phone_number_verified?: boolean;\n};\n\n/* eslint-disable complexity */\n/**\n * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)\n */\nfunction assertIdTokenClaims(data: unknown): asserts data is IdTokenClaims {\n  if (!isArbitraryObject(data)) {\n    throw new TypeError('IdToken is expected to be an object');\n  }\n\n  for (const key of ['iss', 'sub', 'aud']) {\n    if (typeof data[key] !== 'string') {\n      throw new TypeError(`At path: IdToken.${key}: expected a string`);\n    }\n  }\n\n  for (const key of ['exp', 'iat']) {\n    if (typeof data[key] !== 'number') {\n      throw new TypeError(`At path: IdToken.${key}: expected a number`);\n    }\n  }\n\n  for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {\n    if (data[key] === undefined) {\n      continue;\n    }\n\n    if (typeof data[key] !== 'string' && data[key] !== null) {\n      throw new TypeError(`At path: IdToken.${key}: expected null or a string`);\n    }\n  }\n\n  for (const key of ['email_verified', 'phone_number_verified']) {\n    if (data[key] === undefined) {\n      continue;\n    }\n\n    if (typeof data[key] !== 'boolean') {\n      throw new TypeError(`At path: IdToken.${key}: expected a boolean`);\n    }\n  }\n}\n/* eslint-enable complexity */\n\nexport const verifyIdToken = async (\n  idToken: string,\n  clientId: string,\n  issuer: string,\n  jwks: JWTVerifyGetKey\n) => {\n  const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer });\n\n  if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) {\n    throw new LogtoError('id_token.invalid_iat');\n  }\n};\n\nexport const decodeIdToken = (token: string): IdTokenClaims => {\n  const { 1: encodedPayload } = token.split('.');\n\n  if (!encodedPayload) {\n    throw new LogtoError('id_token.invalid_token');\n  }\n\n  const json = urlSafeBase64.decode(encodedPayload);\n  const idTokenClaims: unknown = JSON.parse(json);\n  assertIdTokenClaims(idTokenClaims);\n\n  return idTokenClaims;\n};\n","import { ReservedScope, UserScope } from '../consts';\n\n/**\n * @param originalScopes\n * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)\n */\nexport const withDefaultScopes = (originalScopes?: string[]): string => {\n  const reservedScopes = Object.values(ReservedScope);\n  const uniqueScopes = new Set([...reservedScopes, UserScope.Profile, ...(originalScopes ?? [])]);\n\n  return Array.from(uniqueScopes).join(' ');\n};\n","import { QueryKey } from '../consts';\n\ntype SignOutUriParameters = {\n  endSessionEndpoint: string;\n  clientId: string;\n  postLogoutRedirectUri?: string;\n};\n\nexport const generateSignOutUri = ({\n  endSessionEndpoint,\n  clientId,\n  postLogoutRedirectUri,\n}: SignOutUriParameters) => {\n  const urlSearchParameters = new URLSearchParams({ [QueryKey.ClientId]: clientId });\n\n  if (postLogoutRedirectUri) {\n    urlSearchParameters.append(QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);\n  }\n\n  return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;\n};\n","import type { Nullable } from '@silverhand/essentials';\n\nimport type { Requester } from '../types';\n\ntype Identity = {\n  userId: string;\n  details?: Record<string, unknown>;\n};\n\nexport type UserInfoResponse = {\n  sub: string;\n  name?: Nullable<string>;\n  username?: Nullable<string>;\n  picture?: Nullable<string>;\n  email?: Nullable<string>;\n  email_verified?: boolean;\n  phone_number?: Nullable<string>;\n  phone_number_verified?: boolean;\n  custom_data?: unknown; // Not null in DB.\n  identities?: Record<string, Identity>; // Not null in DB.\n};\n\nexport const fetchUserInfo = async (\n  userInfoEndpoint: string,\n  accessToken: string,\n  requester: Requester\n): Promise<UserInfoResponse> =>\n  requester<UserInfoResponse>(userInfoEndpoint, {\n    headers: { Authorization: `Bearer ${accessToken}` },\n  });\n","export type LogtoRequestErrorBody = {\n  code: string;\n  message: string;\n};\n\nexport type Requester = <T>(...args: Parameters<typeof fetch>) => Promise<T>;\n"],"names":[],"version":3,"file":"index.js.map"}