@logto/js 4.0.0-alpha.1 → 4.0.0

package/lib/consts/index.cjs

@@ -39,6 +39,7 @@ exports.QueryKey = void 0;
 /** The prompt parameter to be used for the authorization request. */
 exports.Prompt = void 0;
 (function (Prompt) {
+    Prompt["None"] = "none";
     /**
      * The Authorization Server MUST prompt the End-User for consent
      * before returning information to the Client.

package/lib/consts/index.d.ts

@@ -34,6 +34,7 @@ export declare enum QueryKey {
 }
 /** The prompt parameter to be used for the authorization request. */
 export declare enum Prompt {
+    None = "none",
     /**
      * The Authorization Server MUST prompt the End-User for consent
      * before returning information to the Client.

package/lib/consts/index.js

@@ -37,6 +37,7 @@ var QueryKey;
 /** The prompt parameter to be used for the authorization request. */
 var Prompt;
 (function (Prompt) {
+    Prompt["None"] = "none";
     /**
      * The Authorization Server MUST prompt the End-User for consent
      * before returning information to the Client.

package/lib/core/sign-in.cjs

@@ -5,6 +5,12 @@ var scopes = require('../utils/scopes.cjs');
 
 const codeChallengeMethod = 'S256';
 const responseType = 'code';
+const buildPrompt = (prompt) => {
+    if (Array.isArray(prompt)) {
+        return prompt.join(' ');
+    }
+    return prompt ?? index.Prompt.Consent;
+};
 const generateSignInUri = ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes: scopes$1, resources, prompt, interactionMode, }) => {
     const urlSearchParameters = new URLSearchParams({
         [index.QueryKey.ClientId]: clientId,
@@ -13,7 +19,7 @@ const generateSignInUri = ({ authorizationEndpoint, clientId, redirectUri, codeC
         [index.QueryKey.CodeChallengeMethod]: codeChallengeMethod,
         [index.QueryKey.State]: state,
         [index.QueryKey.ResponseType]: responseType,
-        [index.QueryKey.Prompt]: prompt ?? index.Prompt.Consent,
+        [index.QueryKey.Prompt]: buildPrompt(prompt),
         [index.QueryKey.Scope]: scopes.withDefaultScopes(scopes$1),
     });
     for (const resource of resources ?? []) {

package/lib/core/sign-in.d.ts

@@ -8,7 +8,7 @@ export type SignInUriParameters = {
     state: string;
     scopes?: string[];
     resources?: string[];
-    prompt?: Prompt;
+    prompt?: Prompt | Prompt[];
     interactionMode?: InteractionMode;
 };
 export declare const generateSignInUri: ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, interactionMode, }: SignInUriParameters) => string;

package/lib/core/sign-in.js

@@ -3,6 +3,12 @@ import { withDefaultScopes } from '../utils/scopes.js';
 
 const codeChallengeMethod = 'S256';
 const responseType = 'code';
+const buildPrompt = (prompt) => {
+    if (Array.isArray(prompt)) {
+        return prompt.join(' ');
+    }
+    return prompt ?? Prompt.Consent;
+};
 const generateSignInUri = ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes, resources, prompt, interactionMode, }) => {
     const urlSearchParameters = new URLSearchParams({
         [QueryKey.ClientId]: clientId,
@@ -11,7 +17,7 @@ const generateSignInUri = ({ authorizationEndpoint, clientId, redirectUri, codeC
         [QueryKey.CodeChallengeMethod]: codeChallengeMethod,
         [QueryKey.State]: state,
         [QueryKey.ResponseType]: responseType,
-        [QueryKey.Prompt]: prompt ?? Prompt.Consent,
+        [QueryKey.Prompt]: buildPrompt(prompt),
         [QueryKey.Scope]: withDefaultScopes(scopes),
     });
     for (const resource of resources ?? []) {

package/lib/core/user-info.d.ts

@@ -1,18 +1,10 @@
-import type { Nullable } from '@silverhand/essentials';
+import { type IdTokenClaims } from '../index.js';
 import type { Requester } from '../types/index.js';
 type Identity = {
     userId: string;
     details?: Record<string, unknown>;
 };
-export type UserInfoResponse = {
-    sub: string;
-    name?: Nullable<string>;
-    username?: Nullable<string>;
-    picture?: Nullable<string>;
-    email?: Nullable<string>;
-    email_verified?: boolean;
-    phone_number?: Nullable<string>;
-    phone_number_verified?: boolean;
+export type UserInfoResponse = IdTokenClaims & {
     custom_data?: unknown;
     identities?: Record<string, Identity>;
 };

package/lib/index.cjs

@@ -12,6 +12,7 @@ var idToken = require('./utils/id-token.cjs');
 var accessToken = require('./utils/access-token.cjs');
 var scopes = require('./utils/scopes.cjs');
 var arbitraryObject = require('./utils/arbitrary-object.cjs');
+var angular = require('./utils/angular.cjs');
 var index = require('./consts/index.cjs');
 var openid = require('./consts/openid.cjs');
 
@@ -35,6 +36,7 @@ exports.decodeIdToken = idToken.decodeIdToken;
 exports.decodeAccessToken = accessToken.decodeAccessToken;
 exports.withDefaultScopes = scopes.withDefaultScopes;
 exports.isArbitraryObject = arbitraryObject.isArbitraryObject;
+exports.buildAngularAuthConfig = angular.buildAngularAuthConfig;
 exports.ContentType = index.ContentType;
 Object.defineProperty(exports, "Prompt", {
 	enumerable: true,

package/lib/index.js

@@ -10,5 +10,6 @@ export { decodeIdToken } from './utils/id-token.js';
 export { decodeAccessToken } from './utils/access-token.js';
 export { withDefaultScopes } from './utils/scopes.js';
 export { isArbitraryObject } from './utils/arbitrary-object.js';
+export { buildAngularAuthConfig } from './utils/angular.js';
 export { ContentType, Prompt, QueryKey, TokenGrantType } from './consts/index.js';
 export { ReservedResource, ReservedScope, UserScope, buildOrganizationUrn, getOrganizationIdFromUrn, idTokenClaims, organizationUrnPrefix, userClaims, userinfoClaims } from './consts/openid.js';

package/lib/utils/angular.cjs

@@ -0,0 +1,58 @@
+'use strict';
+
+var index = require('../consts/index.cjs');
+var scopes = require('./scopes.cjs');
+
+/**
+ * A helper function to build the OpenID Connect configuration for `angular-auth-oidc-client`
+ * using a Logto-friendly way.
+ *
+ * @example
+ * ```ts
+ * // A minimal example
+ * import { buildAngularAuthConfig } from '@logto/js';
+ * import { provideAuth } from 'angular-auth-oidc-client';
+ *
+ * provideAuth({
+ *   config: buildAngularAuthConfig({
+ *     endpoint: '<your-logto-endpoint>',
+ *     appId: '<your-app-id>',
+ *     redirectUri: '<your-app-redirect-uri>',
+ *   }),
+ * });
+ * ```
+ *
+ * @param logtoConfig The Logto configuration object for Angular apps.
+ * @returns The OpenID Connect configuration for `angular-auth-oidc-client`.
+ * @see {@link https://angular-auth-oidc-client.com/ | angular-auth-oidc-client} to learn more
+ * about how to use the library.
+ */
+const buildAngularAuthConfig = (logtoConfig) => {
+    const { endpoint, appId: clientId, scopes: scopes$1, resource, redirectUri: redirectUrl, postLogoutRedirectUri, prompt = index.Prompt.Consent, } = logtoConfig;
+    const scope = scopes.withDefaultScopes(scopes$1);
+    const customParameters = resource ? { resource } : undefined;
+    return {
+        authority: new URL('/oidc', endpoint).href,
+        redirectUrl,
+        postLogoutRedirectUri,
+        clientId,
+        scope,
+        responseType: 'code',
+        autoUserInfo: !resource,
+        renewUserInfoAfterTokenRenew: !resource,
+        silentRenew: true,
+        useRefreshToken: true,
+        customParamsAuthRequest: {
+            prompt: Array.isArray(prompt) ? prompt.join(' ') : prompt,
+            ...customParameters,
+        },
+        customParamsCodeRequest: {
+            ...customParameters,
+        },
+        customParamsRefreshTokenRequest: {
+            ...customParameters,
+        },
+    };
+};
+
+exports.buildAngularAuthConfig = buildAngularAuthConfig;

package/lib/utils/angular.d.ts

@@ -0,0 +1,70 @@
+import { type OpenIdConfiguration } from 'angular-auth-oidc-client';
+import { Prompt } from '../consts/index.js';
+/** The Logto configuration object for Angular apps. */
+export type LogtoAngularConfig = {
+    /**
+     * The endpoint for the Logto server, you can get it from the integration guide
+     * or the team settings page of the Logto Console.
+     *
+     * @example https://foo.logto.app
+     */
+    endpoint: string;
+    /**
+     * The client ID of your application, you can get it from the integration guide
+     * or the application details page of the Logto Console.
+     */
+    appId: string;
+    /**
+     * The scopes (permissions) that your application needs to access.
+     * Scopes that will be added by default: `openid`, `offline_access` and `profile`.
+     */
+    scopes?: string[];
+    /**
+     * The API resource that your application needs to access.
+     *
+     * @see {@link https://docs.logto.io/docs/recipes/rbac/ | RBAC} to learn more about how to use
+     * role-based access control (RBAC) to protect API resources.
+     */
+    resource?: string;
+    /**
+     * @param redirectUri The redirect URI that the user will be redirected to after the sign-in flow
+     * is completed.
+     */
+    redirectUri: string;
+    /**
+     * @param postLogoutRedirectUri The URI that the user will be redirected to after the sign-out
+     * flow is completed.
+     */
+    postLogoutRedirectUri?: string;
+    /**
+     * The prompt parameter to be used for the authorization request.
+     *
+     * @default Prompt.Consent
+     */
+    prompt?: Prompt | Prompt[];
+};
+/**
+ * A helper function to build the OpenID Connect configuration for `angular-auth-oidc-client`
+ * using a Logto-friendly way.
+ *
+ * @example
+ * ```ts
+ * // A minimal example
+ * import { buildAngularAuthConfig } from '@logto/js';
+ * import { provideAuth } from 'angular-auth-oidc-client';
+ *
+ * provideAuth({
+ *   config: buildAngularAuthConfig({
+ *     endpoint: '<your-logto-endpoint>',
+ *     appId: '<your-app-id>',
+ *     redirectUri: '<your-app-redirect-uri>',
+ *   }),
+ * });
+ * ```
+ *
+ * @param logtoConfig The Logto configuration object for Angular apps.
+ * @returns The OpenID Connect configuration for `angular-auth-oidc-client`.
+ * @see {@link https://angular-auth-oidc-client.com/ | angular-auth-oidc-client} to learn more
+ * about how to use the library.
+ */
+export declare const buildAngularAuthConfig: (logtoConfig: LogtoAngularConfig) => OpenIdConfiguration;

package/lib/utils/angular.js

@@ -0,0 +1,56 @@
+import { Prompt } from '../consts/index.js';
+import { withDefaultScopes } from './scopes.js';
+
+/**
+ * A helper function to build the OpenID Connect configuration for `angular-auth-oidc-client`
+ * using a Logto-friendly way.
+ *
+ * @example
+ * ```ts
+ * // A minimal example
+ * import { buildAngularAuthConfig } from '@logto/js';
+ * import { provideAuth } from 'angular-auth-oidc-client';
+ *
+ * provideAuth({
+ *   config: buildAngularAuthConfig({
+ *     endpoint: '<your-logto-endpoint>',
+ *     appId: '<your-app-id>',
+ *     redirectUri: '<your-app-redirect-uri>',
+ *   }),
+ * });
+ * ```
+ *
+ * @param logtoConfig The Logto configuration object for Angular apps.
+ * @returns The OpenID Connect configuration for `angular-auth-oidc-client`.
+ * @see {@link https://angular-auth-oidc-client.com/ | angular-auth-oidc-client} to learn more
+ * about how to use the library.
+ */
+const buildAngularAuthConfig = (logtoConfig) => {
+    const { endpoint, appId: clientId, scopes, resource, redirectUri: redirectUrl, postLogoutRedirectUri, prompt = Prompt.Consent, } = logtoConfig;
+    const scope = withDefaultScopes(scopes);
+    const customParameters = resource ? { resource } : undefined;
+    return {
+        authority: new URL('/oidc', endpoint).href,
+        redirectUrl,
+        postLogoutRedirectUri,
+        clientId,
+        scope,
+        responseType: 'code',
+        autoUserInfo: !resource,
+        renewUserInfoAfterTokenRenew: !resource,
+        silentRenew: true,
+        useRefreshToken: true,
+        customParamsAuthRequest: {
+            prompt: Array.isArray(prompt) ? prompt.join(' ') : prompt,
+            ...customParameters,
+        },
+        customParamsCodeRequest: {
+            ...customParameters,
+        },
+        customParamsRefreshTokenRequest: {
+            ...customParameters,
+        },
+    };
+};
+
+export { buildAngularAuthConfig };

package/lib/utils/index.d.ts

@@ -4,3 +4,4 @@ export * from './id-token.js';
 export * from './access-token.js';
 export * from './scopes.js';
 export * from './arbitrary-object.js';
+export * from './angular.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/js",
-  "version": "4.0.0-alpha.1",
+  "version": "4.0.0",
   "type": "module",
   "main": "./lib/index.cjs",
   "module": "./lib/index.js",
@@ -24,24 +24,26 @@
     "camelcase-keys": "^7.0.1"
   },
   "devDependencies": {
+    "@peculiar/webcrypto": "^1.4.5",
     "@silverhand/eslint-config": "^5.0.0",
     "@silverhand/ts-config": "^5.0.0",
     "@swc/core": "^1.3.50",
     "@swc/jest": "^0.2.24",
     "@types/jest": "^29.5.1",
-    "@types/node": "^20.0.0",
+    "@types/node": "^20.11.19",
+    "angular-auth-oidc-client": "^17.0.0",
     "eslint": "^8.44.0",
     "jest": "^29.5.0",
     "jest-environment-jsdom": "^29.5.0",
     "jest-matcher-specific-error": "^1.0.0",
-    "jose": "^5.0.0",
+    "jose": "^5.2.2",
     "lint-staged": "^15.0.0",
     "nock": "^13.3.0",
     "prettier": "^3.0.0",
     "rollup": "^4.0.0",
     "text-encoder": "^0.0.4",
     "type-fest": "^4.0.0",
-    "typescript": "^5.0.0"
+    "typescript": "^5.3.3"
   },
   "eslintConfig": {
     "extends": "@silverhand"