@logto/js 4.2.0 → 5.0.3

package/lib/core/sign-in.d.ts

@@ -27,7 +27,7 @@ export type SignInUriParameters = {
      */
     firstScreen?: FirstScreen;
     /**
-     * Specifies identifiers used in the identifier sign-in or identifier register page.
+     * Specifies identifiers used in the identifier sign-in, identifier register, and reset password pages.
      *
      * Available values: `email`, `phone`, `username`.
      *

package/lib/types/index.d.ts

@@ -22,7 +22,5 @@ export type InteractionMode = 'signIn' | 'signUp';
  * standard, but a Logto-specific extension.
  *
  * Note: `signIn` is deprecated, use `sign_in` instead
- *
- * @experimental Don't use this type as it's under development.
  */
 export type FirstScreen = 'signIn' | 'sign_in' | 'register' | 'reset_password' | 'identifier:sign_in' | 'identifier:register' | 'single_sign_on';

package/lib/utils/angular.d.ts

@@ -1,5 +1,6 @@
 import { type OpenIdConfiguration } from 'angular-auth-oidc-client';
 import { Prompt } from '../consts/index.js';
+import { type SignInUriParameters } from '../index.js';
 /** The Logto configuration object for Angular apps. */
 export type LogtoAngularConfig = {
     /**
@@ -48,6 +49,41 @@ export type LogtoAngularConfig = {
      * @default true
      */
     includeReservedScopes?: boolean;
+    /**
+     * Login hint indicates the current user (usually an email address or a phone number).
+     *
+     * @link SignInUriParameters.loginHint
+     */
+    loginHint?: SignInUriParameters['loginHint'];
+    /**
+     * The first screen to be shown in the sign-in experience.
+     *
+     * @link SignInUriParameters.firstScreen
+     */
+    firstScreen?: SignInUriParameters['firstScreen'];
+    /**
+     * Identifiers used in the identifier sign-in, identifier register or reset password pages.
+     *
+     * Note: This parameter is applicable only when the `firstScreen` is set to either`identifierSignIn`
+     * or `identifierRegister`.
+     *
+     * @link SignInUriParameters.identifiers
+     */
+    identifiers?: SignInUriParameters['identifiers'];
+    /**
+     * Direct sign-in options.
+     *
+     * @link SignInUriParameters.directSignIn
+     */
+    directSignIn?: SignInUriParameters['directSignIn'];
+    /**
+     * Extra parameters to be appended to the sign-in URI.
+     *
+     * Note: The parameters should be supported by the authorization server.
+     *
+     * @link SignInUriParameters.extraParams
+     */
+    extraParams?: SignInUriParameters['extraParams'];
 };
 /**
  * A helper function to build the OpenID Connect configuration for `angular-auth-oidc-client`

package/lib/utils/angular.js

@@ -1,4 +1,5 @@
-import { Prompt } from '../consts/index.js';
+import { conditional } from '@silverhand/essentials';
+import { Prompt, QueryKey } from '../consts/index.js';
 import { withReservedScopes } from './scopes.js';
 
 /**
@@ -26,9 +27,16 @@ import { withReservedScopes } from './scopes.js';
  * about how to use the library.
  */
 const buildAngularAuthConfig = (logtoConfig) => {
-    const { endpoint, appId: clientId, scopes, resource, redirectUri: redirectUrl, postLogoutRedirectUri, prompt = Prompt.Consent, includeReservedScopes = true, } = logtoConfig;
+    const { endpoint, appId: clientId, scopes, resource, redirectUri: redirectUrl, postLogoutRedirectUri, prompt = Prompt.Consent, includeReservedScopes = true, loginHint, identifiers, firstScreen, directSignIn, extraParams, } = logtoConfig;
     const scope = includeReservedScopes ? withReservedScopes(scopes) : scopes?.join(' ');
-    const customParameters = resource ? { resource } : undefined;
+    const customParameters = {
+        ...conditional(resource && { [QueryKey.Resource]: resource }),
+        ...conditional(loginHint && { [QueryKey.LoginHint]: loginHint }),
+        ...conditional(firstScreen && { [QueryKey.FirstScreen]: firstScreen }),
+        ...conditional(identifiers && { [QueryKey.Identifier]: identifiers.join(' ') }),
+        ...conditional(directSignIn && { [QueryKey.DirectSignIn]: `${directSignIn.method}:${directSignIn.target}` }),
+        ...extraParams,
+    };
     return {
         authority: new URL('/oidc', endpoint).href,
         redirectUrl,

package/package.json

@@ -1,13 +1,11 @@
 {
   "name": "@logto/js",
-  "version": "4.2.0",
+  "version": "5.0.3",
   "type": "module",
-  "main": "./lib/index.cjs",
   "module": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "exports": {
     "types": "./lib/index.d.ts",
-    "require": "./lib/index.cjs",
     "import": "./lib/index.js"
   },
   "files": [
@@ -20,23 +18,23 @@
     "directory": "packages/js"
   },
   "dependencies": {
-    "@silverhand/essentials": "^2.8.7",
-    "camelcase-keys": "^7.0.1"
+    "@silverhand/essentials": "^2.9.2",
+    "camelcase-keys": "^9.1.3"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "^6.0.1",
     "@silverhand/ts-config": "^6.0.0",
-    "@types/node": "^20.11.19",
-    "@vitest/coverage-v8": "^1.6.0",
-    "angular-auth-oidc-client": "^18.0.0",
+    "@types/node": "^22.0.0",
+    "@vitest/coverage-v8": "^2.1.9",
+    "angular-auth-oidc-client": "^19.0.0",
     "eslint": "^8.57.0",
-    "happy-dom": "^14.0.0",
+    "happy-dom": "^16.0.0",
     "jose": "^5.2.2",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "rollup": "^4.0.0",
+    "rollup": "^4.22.4",
     "typescript": "^5.3.3",
-    "vitest": "^1.6.0"
+    "vitest": "^2.1.9"
   },
   "eslintConfig": {
     "extends": "@silverhand"

package/lib/consts/index.cjs

@@ -1,78 +0,0 @@
-'use strict';
-
-var openid = require('./openid.cjs');
-
-const ContentType = {
-    formUrlEncoded: { 'Content-Type': 'application/x-www-form-urlencoded' },
-};
-exports.TokenGrantType = void 0;
-(function (TokenGrantType) {
-    TokenGrantType["AuthorizationCode"] = "authorization_code";
-    TokenGrantType["RefreshToken"] = "refresh_token";
-})(exports.TokenGrantType || (exports.TokenGrantType = {}));
-exports.QueryKey = void 0;
-(function (QueryKey) {
-    QueryKey["ClientId"] = "client_id";
-    QueryKey["Code"] = "code";
-    QueryKey["CodeChallenge"] = "code_challenge";
-    QueryKey["CodeChallengeMethod"] = "code_challenge_method";
-    QueryKey["CodeVerifier"] = "code_verifier";
-    QueryKey["Error"] = "error";
-    QueryKey["ErrorDescription"] = "error_description";
-    QueryKey["GrantType"] = "grant_type";
-    QueryKey["IdToken"] = "id_token";
-    QueryKey["IdTokenHint"] = "id_token_hint";
-    QueryKey["LoginHint"] = "login_hint";
-    QueryKey["PostLogoutRedirectUri"] = "post_logout_redirect_uri";
-    QueryKey["Prompt"] = "prompt";
-    QueryKey["RedirectUri"] = "redirect_uri";
-    QueryKey["RefreshToken"] = "refresh_token";
-    QueryKey["Resource"] = "resource";
-    QueryKey["ResponseType"] = "response_type";
-    QueryKey["Scope"] = "scope";
-    QueryKey["State"] = "state";
-    QueryKey["Token"] = "token";
-    // Need to align with the OIDC extraParams settings in core
-    QueryKey["InteractionMode"] = "interaction_mode";
-    /** The query key for specifying the organization ID. */
-    QueryKey["OrganizationId"] = "organization_id";
-    QueryKey["FirstScreen"] = "first_screen";
-    QueryKey["Identifier"] = "identifier";
-    QueryKey["DirectSignIn"] = "direct_sign_in";
-})(exports.QueryKey || (exports.QueryKey = {}));
-/** The prompt parameter to be used for the authorization request. */
-exports.Prompt = void 0;
-(function (Prompt) {
-    Prompt["None"] = "none";
-    /**
-     * The Authorization Server MUST prompt the End-User for consent
-     * before returning information to the Client.
-     */
-    Prompt["Consent"] = "consent";
-    /**
-     * The Authorization Server MUST prompt the End-User for re-authentication,
-     * forcing the user to log in again. Note the there'll be no Refresh Token
-     * returned in this case.
-     */
-    Prompt["Login"] = "login";
-})(exports.Prompt || (exports.Prompt = {}));
-
-Object.defineProperty(exports, "ReservedResource", {
-    enumerable: true,
-    get: function () { return openid.ReservedResource; }
-});
-Object.defineProperty(exports, "ReservedScope", {
-    enumerable: true,
-    get: function () { return openid.ReservedScope; }
-});
-Object.defineProperty(exports, "UserScope", {
-    enumerable: true,
-    get: function () { return openid.UserScope; }
-});
-exports.buildOrganizationUrn = openid.buildOrganizationUrn;
-exports.getOrganizationIdFromUrn = openid.getOrganizationIdFromUrn;
-exports.idTokenClaims = openid.idTokenClaims;
-exports.organizationUrnPrefix = openid.organizationUrnPrefix;
-exports.userClaims = openid.userClaims;
-exports.userinfoClaims = openid.userinfoClaims;
-exports.ContentType = ContentType;

package/lib/consts/openid.cjs

@@ -1,155 +0,0 @@
-'use strict';
-
-/**
- * @overview Constants for Logto. Synchronized with `@logto/core-kit` package at hash `081094d`.
- */
-/** Scopes that reserved by Logto, which will be added to the auth request automatically. */
-exports.ReservedScope = void 0;
-(function (ReservedScope) {
-    ReservedScope["OpenId"] = "openid";
-    ReservedScope["OfflineAccess"] = "offline_access";
-})(exports.ReservedScope || (exports.ReservedScope = {}));
-/** Resources that reserved by Logto, which cannot be defined by users. */
-exports.ReservedResource = void 0;
-(function (ReservedResource) {
-    /**
-     * The resource for organization template per RFC 0001.
-     *
-     * @see {@link https://github.com/logto-io/rfcs | RFC 0001} for more details.
-     */
-    ReservedResource["Organization"] = "urn:logto:resource:organizations";
-})(exports.ReservedResource || (exports.ReservedResource = {}));
-/**
- * Scopes for ID Token and Userinfo Endpoint.
- */
-exports.UserScope = void 0;
-(function (UserScope) {
-    /**
-     * Scope for basic user info.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Profile"] = "profile";
-    /**
-     * Scope for user email address.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Email"] = "email";
-    /**
-     * Scope for user phone number.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Phone"] = "phone";
-    /**
-     * Scope for user's custom data.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["CustomData"] = "custom_data";
-    /**
-     * Scope for user's social identity details.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Identities"] = "identities";
-    /**
-     * Scope for user's roles.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Roles"] = "roles";
-    /**
-     * Scope for user's organization IDs and perform organization token grant per [RFC 0001](https://github.com/logto-io/rfcs).
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Organizations"] = "urn:logto:scope:organizations";
-    /**
-     * Scope for user's organization roles per [RFC 0001](https://github.com/logto-io/rfcs).
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["OrganizationRoles"] = "urn:logto:scope:organization_roles";
-})(exports.UserScope || (exports.UserScope = {}));
-/**
- * Mapped claims that ID Token includes.
- */
-const idTokenClaims = Object.freeze({
-    [exports.UserScope.Profile]: ['name', 'picture', 'username'],
-    [exports.UserScope.Email]: ['email', 'email_verified'],
-    [exports.UserScope.Phone]: ['phone_number', 'phone_number_verified'],
-    [exports.UserScope.Roles]: ['roles'],
-    [exports.UserScope.Organizations]: ['organizations'],
-    [exports.UserScope.OrganizationRoles]: ['organization_roles'],
-    [exports.UserScope.CustomData]: [],
-    [exports.UserScope.Identities]: [],
-});
-/**
- * Additional claims that Userinfo Endpoint returns.
- */
-const userinfoClaims = Object.freeze({
-    [exports.UserScope.Profile]: [],
-    [exports.UserScope.Email]: [],
-    [exports.UserScope.Phone]: [],
-    [exports.UserScope.Roles]: [],
-    [exports.UserScope.Organizations]: [],
-    [exports.UserScope.OrganizationRoles]: [],
-    [exports.UserScope.CustomData]: ['custom_data'],
-    [exports.UserScope.Identities]: ['identities'],
-});
-const userClaims = Object.freeze(
-// Hard to infer type directly, use `as` for a workaround.
-// eslint-disable-next-line no-restricted-syntax
-Object.fromEntries(Object.values(exports.UserScope).map((current) => [
-    current,
-    [...idTokenClaims[current], ...userinfoClaims[current]],
-])));
-/**
- * The prefix of the URN (Uniform Resource Name) for the organization in Logto.
- *
- * @example
- * ```
- * urn:logto:organization:123 // organization with ID 123
- * ```
- * @see {@link https://en.wikipedia.org/wiki/Uniform_Resource_Name | Uniform Resource Name}
- */
-const organizationUrnPrefix = 'urn:logto:organization:';
-/**
- * Build the URN (Uniform Resource Name) for the organization in Logto.
- *
- * @param organizationId The ID of the organization.
- * @returns The URN for the organization.
- * @see {@link organizationUrnPrefix} for the prefix of the URN.
- * @example
- * ```ts
- * buildOrganizationUrn('1') // returns 'urn:logto:organization:1'
- * ```
- */
-const buildOrganizationUrn = (organizationId) => `${organizationUrnPrefix}${organizationId}`;
-/**
- * Get the organization ID from the URN (Uniform Resource Name) for the organization in Logto.
- *
- * @param urn The URN for the organization. Must start with {@link organizationUrnPrefix}.
- * @returns The ID of the organization.
- * @throws {TypeError} If the URN is invalid.
- * @example
- * ```ts
- * getOrganizationIdFromUrn('1') // throws TypeError
- * getOrganizationIdFromUrn('urn:logto:organization:1') // returns '1'
- * ```
- */
-const getOrganizationIdFromUrn = (urn) => {
-    if (!urn.startsWith(organizationUrnPrefix)) {
-        throw new TypeError('Invalid organization URN.');
-    }
-    return urn.slice(organizationUrnPrefix.length);
-};
-
-exports.buildOrganizationUrn = buildOrganizationUrn;
-exports.getOrganizationIdFromUrn = getOrganizationIdFromUrn;
-exports.idTokenClaims = idTokenClaims;
-exports.organizationUrnPrefix = organizationUrnPrefix;
-exports.userClaims = userClaims;
-exports.userinfoClaims = userinfoClaims;

package/lib/core/fetch-token.cjs

@@ -1,57 +0,0 @@
-'use strict';
-
-var camelcaseKeys = require('camelcase-keys');
-var index = require('../consts/index.cjs');
-
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-
-var camelcaseKeys__default = /*#__PURE__*/_interopDefault(camelcaseKeys);
-
-const fetchTokenByAuthorizationCode = async ({ clientId, tokenEndpoint, redirectUri, codeVerifier, code, resource, }, requester) => {
-    const parameters = new URLSearchParams();
-    parameters.append(index.QueryKey.ClientId, clientId);
-    parameters.append(index.QueryKey.Code, code);
-    parameters.append(index.QueryKey.CodeVerifier, codeVerifier);
-    parameters.append(index.QueryKey.RedirectUri, redirectUri);
-    parameters.append(index.QueryKey.GrantType, index.TokenGrantType.AuthorizationCode);
-    if (resource) {
-        parameters.append(index.QueryKey.Resource, resource);
-    }
-    const snakeCaseCodeTokenResponse = await requester(tokenEndpoint, {
-        method: 'POST',
-        headers: index.ContentType.formUrlEncoded,
-        body: parameters.toString(),
-    });
-    return camelcaseKeys__default.default(snakeCaseCodeTokenResponse);
-};
-/**
- * Fetch access token by refresh token using the token endpoint and `refresh_token` grant type.
- * @param params The parameters for fetching access token.
- * @param requester The requester for sending HTTP request.
- * @returns A Promise that resolves to the access token response.
- */
-const fetchTokenByRefreshToken = async (params, requester) => {
-    const { clientId, tokenEndpoint, refreshToken, resource, organizationId, scopes } = params;
-    const parameters = new URLSearchParams();
-    parameters.append(index.QueryKey.ClientId, clientId);
-    parameters.append(index.QueryKey.RefreshToken, refreshToken);
-    parameters.append(index.QueryKey.GrantType, index.TokenGrantType.RefreshToken);
-    if (resource) {
-        parameters.append(index.QueryKey.Resource, resource);
-    }
-    if (organizationId) {
-        parameters.append(index.QueryKey.OrganizationId, organizationId);
-    }
-    if (scopes?.length) {
-        parameters.append(index.QueryKey.Scope, scopes.join(' '));
-    }
-    const snakeCaseRefreshTokenTokenResponse = await requester(tokenEndpoint, {
-        method: 'POST',
-        headers: index.ContentType.formUrlEncoded,
-        body: parameters.toString(),
-    });
-    return camelcaseKeys__default.default(snakeCaseRefreshTokenTokenResponse);
-};
-
-exports.fetchTokenByAuthorizationCode = fetchTokenByAuthorizationCode;
-exports.fetchTokenByRefreshToken = fetchTokenByRefreshToken;

package/lib/core/oidc-config.cjs

@@ -1,13 +0,0 @@
-'use strict';
-
-var camelcaseKeys = require('camelcase-keys');
-
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-
-var camelcaseKeys__default = /*#__PURE__*/_interopDefault(camelcaseKeys);
-
-const discoveryPath = '/oidc/.well-known/openid-configuration';
-const fetchOidcConfig = async (endpoint, requester) => camelcaseKeys__default.default(await requester(endpoint));
-
-exports.discoveryPath = discoveryPath;
-exports.fetchOidcConfig = fetchOidcConfig;

package/lib/core/revoke.cjs

@@ -1,14 +0,0 @@
-'use strict';
-
-var index = require('../consts/index.cjs');
-
-const revoke = async (revocationEndpoint, clientId, token, requester) => requester(revocationEndpoint, {
-    method: 'POST',
-    headers: index.ContentType.formUrlEncoded,
-    body: new URLSearchParams({
-        [index.QueryKey.ClientId]: clientId,
-        [index.QueryKey.Token]: token,
-    }).toString(),
-});
-
-exports.revoke = revoke;

package/lib/core/sign-in.cjs

@@ -1,56 +0,0 @@
-'use strict';
-
-var index = require('../consts/index.cjs');
-var scopes = require('../utils/scopes.cjs');
-
-const codeChallengeMethod = 'S256';
-const responseType = 'code';
-const buildPrompt = (prompt) => {
-    if (Array.isArray(prompt)) {
-        return prompt.join(' ');
-    }
-    return prompt ?? index.Prompt.Consent;
-};
-// eslint-disable-next-line complexity
-const generateSignInUri = ({ authorizationEndpoint, clientId, redirectUri, codeChallenge, state, scopes: scopes$1, resources, prompt, firstScreen, identifiers: identifier, interactionMode, loginHint, directSignIn, extraParams, includeReservedScopes = true, }) => {
-    const urlSearchParameters = new URLSearchParams({
-        [index.QueryKey.ClientId]: clientId,
-        [index.QueryKey.RedirectUri]: redirectUri,
-        [index.QueryKey.CodeChallenge]: codeChallenge,
-        [index.QueryKey.CodeChallengeMethod]: codeChallengeMethod,
-        [index.QueryKey.State]: state,
-        [index.QueryKey.ResponseType]: responseType,
-        [index.QueryKey.Prompt]: buildPrompt(prompt),
-    });
-    const computedScopes = includeReservedScopes ? scopes.withReservedScopes(scopes$1) : scopes$1?.join(' ');
-    if (computedScopes) {
-        urlSearchParameters.append(index.QueryKey.Scope, computedScopes);
-    }
-    if (loginHint) {
-        urlSearchParameters.append(index.QueryKey.LoginHint, loginHint);
-    }
-    if (directSignIn) {
-        urlSearchParameters.append(index.QueryKey.DirectSignIn, `${directSignIn.method}:${directSignIn.target}`);
-    }
-    for (const resource of resources ?? []) {
-        urlSearchParameters.append(index.QueryKey.Resource, resource);
-    }
-    if (firstScreen) {
-        urlSearchParameters.append(index.QueryKey.FirstScreen, firstScreen);
-    }
-    // @deprecated Remove later
-    else if (interactionMode) {
-        urlSearchParameters.append(index.QueryKey.InteractionMode, interactionMode);
-    }
-    if (identifier && identifier.length > 0) {
-        urlSearchParameters.append(index.QueryKey.Identifier, identifier.join(' '));
-    }
-    if (extraParams) {
-        for (const [key, value] of Object.entries(extraParams)) {
-            urlSearchParameters.append(key, value);
-        }
-    }
-    return `${authorizationEndpoint}?${urlSearchParameters.toString()}`;
-};
-
-exports.generateSignInUri = generateSignInUri;

package/lib/core/sign-out.cjs

@@ -1,13 +0,0 @@
-'use strict';
-
-var index = require('../consts/index.cjs');
-
-const generateSignOutUri = ({ endSessionEndpoint, clientId, postLogoutRedirectUri, }) => {
-    const urlSearchParameters = new URLSearchParams({ [index.QueryKey.ClientId]: clientId });
-    if (postLogoutRedirectUri) {
-        urlSearchParameters.append(index.QueryKey.PostLogoutRedirectUri, postLogoutRedirectUri);
-    }
-    return `${endSessionEndpoint}?${urlSearchParameters.toString()}`;
-};
-
-exports.generateSignOutUri = generateSignOutUri;

package/lib/core/user-info.cjs

@@ -1,7 +0,0 @@
-'use strict';
-
-const fetchUserInfo = async (userInfoEndpoint, accessToken, requester) => requester(userInfoEndpoint, {
-    headers: { Authorization: `Bearer ${accessToken}` },
-});
-
-exports.fetchUserInfo = fetchUserInfo;

package/lib/index.cjs

@@ -1,72 +0,0 @@
-'use strict';
-
-var fetchToken = require('./core/fetch-token.cjs');
-var oidcConfig = require('./core/oidc-config.cjs');
-var revoke = require('./core/revoke.cjs');
-var signIn = require('./core/sign-in.cjs');
-var signOut = require('./core/sign-out.cjs');
-var userInfo = require('./core/user-info.cjs');
-var callbackUri = require('./utils/callback-uri.cjs');
-var errors = require('./utils/errors.cjs');
-var idToken = require('./utils/id-token.cjs');
-var accessToken = require('./utils/access-token.cjs');
-var scopes = require('./utils/scopes.cjs');
-var arbitraryObject = require('./utils/arbitrary-object.cjs');
-var angular = require('./utils/angular.cjs');
-var index = require('./consts/index.cjs');
-var openid = require('./consts/openid.cjs');
-
-
-
-exports.fetchTokenByAuthorizationCode = fetchToken.fetchTokenByAuthorizationCode;
-exports.fetchTokenByRefreshToken = fetchToken.fetchTokenByRefreshToken;
-exports.discoveryPath = oidcConfig.discoveryPath;
-exports.fetchOidcConfig = oidcConfig.fetchOidcConfig;
-exports.revoke = revoke.revoke;
-exports.generateSignInUri = signIn.generateSignInUri;
-exports.generateSignOutUri = signOut.generateSignOutUri;
-exports.fetchUserInfo = userInfo.fetchUserInfo;
-exports.parseUriParameters = callbackUri.parseUriParameters;
-exports.verifyAndParseCodeFromCallbackUri = callbackUri.verifyAndParseCodeFromCallbackUri;
-exports.LogtoError = errors.LogtoError;
-exports.LogtoRequestError = errors.LogtoRequestError;
-exports.OidcError = errors.OidcError;
-exports.isLogtoRequestError = errors.isLogtoRequestError;
-exports.isLogtoRequestErrorJson = errors.isLogtoRequestErrorJson;
-exports.decodeIdToken = idToken.decodeIdToken;
-exports.decodeAccessToken = accessToken.decodeAccessToken;
-exports.withDefaultScopes = scopes.withDefaultScopes;
-exports.withReservedScopes = scopes.withReservedScopes;
-exports.isArbitraryObject = arbitraryObject.isArbitraryObject;
-exports.buildAngularAuthConfig = angular.buildAngularAuthConfig;
-exports.ContentType = index.ContentType;
-Object.defineProperty(exports, "Prompt", {
-	enumerable: true,
-	get: function () { return index.Prompt; }
-});
-Object.defineProperty(exports, "QueryKey", {
-	enumerable: true,
-	get: function () { return index.QueryKey; }
-});
-Object.defineProperty(exports, "TokenGrantType", {
-	enumerable: true,
-	get: function () { return index.TokenGrantType; }
-});
-Object.defineProperty(exports, "ReservedResource", {
-	enumerable: true,
-	get: function () { return openid.ReservedResource; }
-});
-Object.defineProperty(exports, "ReservedScope", {
-	enumerable: true,
-	get: function () { return openid.ReservedScope; }
-});
-Object.defineProperty(exports, "UserScope", {
-	enumerable: true,
-	get: function () { return openid.UserScope; }
-});
-exports.buildOrganizationUrn = openid.buildOrganizationUrn;
-exports.getOrganizationIdFromUrn = openid.getOrganizationIdFromUrn;
-exports.idTokenClaims = openid.idTokenClaims;
-exports.organizationUrnPrefix = openid.organizationUrnPrefix;
-exports.userClaims = openid.userClaims;
-exports.userinfoClaims = openid.userinfoClaims;

package/lib/utils/access-token.cjs

@@ -1,40 +0,0 @@
-'use strict';
-
-var essentials = require('@silverhand/essentials');
-var arbitraryObject = require('./arbitrary-object.cjs');
-
-// https://docs.logto.io/docs/recipes/protect-your-api/
-function assertAccessTokenClaims(data) {
-    if (!arbitraryObject.isArbitraryObject(data)) {
-        throw new TypeError('AccessToken is expected to be an object');
-    }
-    for (const key of ['jti', 'iss', 'sub', 'aud', 'client_id', 'scope']) {
-        if (data[key] === undefined) {
-            continue;
-        }
-        if (typeof data[key] !== 'string' && data[key] !== null) {
-            throw new TypeError(`At path: AccessToken.${key}: expected null or a string`);
-        }
-    }
-    for (const key of ['exp', 'iat']) {
-        if (data[key] === undefined) {
-            continue;
-        }
-        if (typeof data[key] !== 'number' && data[key] !== null) {
-            throw new TypeError(`At path: AccessToken.${key}: expected null or a number`);
-        }
-    }
-}
-const decodeAccessToken = (accessToken) => {
-    const { 1: encodedPayload } = accessToken.split('.');
-    if (!encodedPayload) {
-        // Non-JWT format token string
-        return {};
-    }
-    const json = essentials.urlSafeBase64.decode(encodedPayload);
-    const accessTokenClaims = JSON.parse(json);
-    assertAccessTokenClaims(accessTokenClaims);
-    return accessTokenClaims;
-};
-
-exports.decodeAccessToken = decodeAccessToken;

package/lib/utils/angular.cjs

@@ -1,58 +0,0 @@
-'use strict';
-
-var index = require('../consts/index.cjs');
-var scopes = require('./scopes.cjs');
-
-/**
- * A helper function to build the OpenID Connect configuration for `angular-auth-oidc-client`
- * using a Logto-friendly way.
- *
- * @example
- * ```ts
- * // A minimal example
- * import { buildAngularAuthConfig } from '@logto/js';
- * import { provideAuth } from 'angular-auth-oidc-client';
- *
- * provideAuth({
- *   config: buildAngularAuthConfig({
- *     endpoint: '<your-logto-endpoint>',
- *     appId: '<your-app-id>',
- *     redirectUri: '<your-app-redirect-uri>',
- *   }),
- * });
- * ```
- *
- * @param logtoConfig The Logto configuration object for Angular apps.
- * @returns The OpenID Connect configuration for `angular-auth-oidc-client`.
- * @see {@link https://angular-auth-oidc-client.com/ | angular-auth-oidc-client} to learn more
- * about how to use the library.
- */
-const buildAngularAuthConfig = (logtoConfig) => {
-    const { endpoint, appId: clientId, scopes: scopes$1, resource, redirectUri: redirectUrl, postLogoutRedirectUri, prompt = index.Prompt.Consent, includeReservedScopes = true, } = logtoConfig;
-    const scope = includeReservedScopes ? scopes.withReservedScopes(scopes$1) : scopes$1?.join(' ');
-    const customParameters = resource ? { resource } : undefined;
-    return {
-        authority: new URL('/oidc', endpoint).href,
-        redirectUrl,
-        postLogoutRedirectUri,
-        clientId,
-        scope,
-        responseType: 'code',
-        autoUserInfo: !resource,
-        renewUserInfoAfterTokenRenew: !resource,
-        silentRenew: true,
-        useRefreshToken: true,
-        customParamsAuthRequest: {
-            prompt: Array.isArray(prompt) ? prompt.join(' ') : prompt,
-            ...customParameters,
-        },
-        customParamsCodeRequest: {
-            ...customParameters,
-        },
-        customParamsRefreshTokenRequest: {
-            ...customParameters,
-        },
-    };
-};
-
-exports.buildAngularAuthConfig = buildAngularAuthConfig;

package/lib/utils/arbitrary-object.cjs

@@ -1,5 +0,0 @@
-'use strict';
-
-const isArbitraryObject = (data) => typeof data === 'object' && data !== null;
-
-exports.isArbitraryObject = isArbitraryObject;

package/lib/utils/callback-uri.cjs

@@ -1,36 +0,0 @@
-'use strict';
-
-var essentials = require('@silverhand/essentials');
-var index = require('../consts/index.cjs');
-var errors = require('./errors.cjs');
-
-const parseUriParameters = (uri) => {
-    const [, queryString = ''] = uri.split('?');
-    return new URLSearchParams(queryString);
-};
-const verifyAndParseCodeFromCallbackUri = (callbackUri, redirectUri, state) => {
-    if (!callbackUri.startsWith(redirectUri)) {
-        throw new errors.LogtoError('callback_uri_verification.redirect_uri_mismatched');
-    }
-    const uriParameters = parseUriParameters(callbackUri);
-    const error = essentials.conditional(uriParameters.get(index.QueryKey.Error));
-    const errorDescription = essentials.conditional(uriParameters.get(index.QueryKey.ErrorDescription));
-    if (error) {
-        throw new errors.LogtoError('callback_uri_verification.error_found', new errors.OidcError(error, errorDescription));
-    }
-    const stateFromCallbackUri = uriParameters.get(index.QueryKey.State);
-    if (!stateFromCallbackUri) {
-        throw new errors.LogtoError('callback_uri_verification.missing_state');
-    }
-    if (stateFromCallbackUri !== state) {
-        throw new errors.LogtoError('callback_uri_verification.state_mismatched');
-    }
-    const code = uriParameters.get(index.QueryKey.Code);
-    if (!code) {
-        throw new errors.LogtoError('callback_uri_verification.missing_code');
-    }
-    return code;
-};
-
-exports.parseUriParameters = parseUriParameters;
-exports.verifyAndParseCodeFromCallbackUri = verifyAndParseCodeFromCallbackUri;

package/lib/utils/errors.cjs

@@ -1,58 +0,0 @@
-'use strict';
-
-var arbitraryObject = require('./arbitrary-object.cjs');
-
-const logtoErrorCodes = Object.freeze({
-    'id_token.invalid_iat': 'Invalid issued at time in the ID token',
-    'id_token.invalid_token': 'Invalid ID token',
-    'callback_uri_verification.redirect_uri_mismatched': 'The callback URI mismatches the redirect URI.',
-    'callback_uri_verification.error_found': 'Error found in the callback URI',
-    'callback_uri_verification.missing_state': 'Missing state in the callback URI',
-    'callback_uri_verification.state_mismatched': 'State mismatched in the callback URI',
-    'callback_uri_verification.missing_code': 'Missing code in the callback URI',
-    crypto_subtle_unavailable: 'Crypto.subtle is unavailable in insecure contexts (non-HTTPS).',
-    unexpected_response_error: 'Unexpected response error from the server.',
-});
-class LogtoError extends Error {
-    constructor(code, data) {
-        super(logtoErrorCodes[code]);
-        this.code = code;
-        this.data = data;
-        this.name = 'LogtoError';
-    }
-}
-const isLogtoRequestError = (data) => {
-    if (!arbitraryObject.isArbitraryObject(data)) {
-        return false;
-    }
-    return data instanceof Error && data.name === 'LogtoRequestError';
-};
-const isLogtoRequestErrorJson = (data) => {
-    if (!arbitraryObject.isArbitraryObject(data)) {
-        return false;
-    }
-    return typeof data.code === 'string' && typeof data.message === 'string';
-};
-class LogtoRequestError extends Error {
-    constructor(code, message, 
-    /** The original response object from the server. */
-    cause) {
-        super(message);
-        this.code = code;
-        this.cause = cause;
-        this.name = 'LogtoRequestError';
-    }
-}
-class OidcError {
-    constructor(error, errorDescription) {
-        this.error = error;
-        this.errorDescription = errorDescription;
-        this.name = 'OidcError';
-    }
-}
-
-exports.LogtoError = LogtoError;
-exports.LogtoRequestError = LogtoRequestError;
-exports.OidcError = OidcError;
-exports.isLogtoRequestError = isLogtoRequestError;
-exports.isLogtoRequestErrorJson = isLogtoRequestErrorJson;

package/lib/utils/id-token.cjs

@@ -1,54 +0,0 @@
-'use strict';
-
-var essentials = require('@silverhand/essentials');
-var arbitraryObject = require('./arbitrary-object.cjs');
-var errors = require('./errors.cjs');
-
-/* eslint-disable complexity */
-/**
- * @link [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken)
- */
-function assertIdTokenClaims(data) {
-    if (!arbitraryObject.isArbitraryObject(data)) {
-        throw new TypeError('IdToken is expected to be an object');
-    }
-    for (const key of ['iss', 'sub', 'aud']) {
-        if (typeof data[key] !== 'string') {
-            throw new TypeError(`At path: IdToken.${key}: expected a string`);
-        }
-    }
-    for (const key of ['exp', 'iat']) {
-        if (typeof data[key] !== 'number') {
-            throw new TypeError(`At path: IdToken.${key}: expected a number`);
-        }
-    }
-    for (const key of ['at_hash', 'name', 'username', 'picture', 'email', 'phone_number']) {
-        if (data[key] === undefined) {
-            continue;
-        }
-        if (typeof data[key] !== 'string' && data[key] !== null) {
-            throw new TypeError(`At path: IdToken.${key}: expected null or a string`);
-        }
-    }
-    for (const key of ['email_verified', 'phone_number_verified']) {
-        if (data[key] === undefined) {
-            continue;
-        }
-        if (typeof data[key] !== 'boolean') {
-            throw new TypeError(`At path: IdToken.${key}: expected a boolean`);
-        }
-    }
-}
-/* eslint-enable complexity */
-const decodeIdToken = (token) => {
-    const { 1: encodedPayload } = token.split('.');
-    if (!encodedPayload) {
-        throw new errors.LogtoError('id_token.invalid_token');
-    }
-    const json = essentials.urlSafeBase64.decode(encodedPayload);
-    const idTokenClaims = JSON.parse(json);
-    assertIdTokenClaims(idTokenClaims);
-    return idTokenClaims;
-};
-
-exports.decodeIdToken = decodeIdToken;

package/lib/utils/scopes.cjs

@@ -1,23 +0,0 @@
-'use strict';
-
-require('../consts/index.cjs');
-var openid = require('../consts/openid.cjs');
-
-/**
- * @param originalScopes
- * @return scopes should contain all default scopes (`openid`, `offline_access` and `profile`)
- */
-const withReservedScopes = (originalScopes) => {
-    const reservedScopes = Object.values(openid.ReservedScope);
-    const uniqueScopes = new Set([...reservedScopes, openid.UserScope.Profile, ...(originalScopes ?? [])]);
-    return Array.from(uniqueScopes).join(' ');
-};
-/**
- * Alias of {@link withReservedScopes}.
- *
- * @deprecated Use {@link withReservedScopes} instead.
- */
-const withDefaultScopes = withReservedScopes;
-
-exports.withDefaultScopes = withDefaultScopes;
-exports.withReservedScopes = withReservedScopes;