@medplum/core 0.3.0 → 0.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@medplum/core",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "Medplum TS/JS Library",
   "author": "Medplum <hello@medplum.com>",
   "license": "Apache-2.0",
@@ -12,14 +12,20 @@
   },
   "scripts": {
     "clean": "rimraf dist",
-    "build": "npm run clean && tsc",
+    "build": "npm run clean && tsc && npm run rollup",
+    "rollup": "rollup --config rollup.config.js",
     "test": "jest"
   },
   "devDependencies": {
-    "@medplum/fhirtypes": "0.3.0"
+    "@medplum/fhirtypes": "0.5.0"
   },
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "main": "dist/cjs/index.js",
+  "module": "dist/esm/index.js",
+  "exports": {
+    "require": "./dist/cjs/index.js",
+    "import": "./dist/esm/index.js"
+  },
+  "types": "dist/types/index.d.ts",
   "sideEffects": false,
   "keywords": [
     "medplum",

package/dist/cache.js

@@ -1,39 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.LRUCache = void 0;
-/**
- * LRU cache (least recently used)
- * Source: https://stackoverflow.com/a/46432113
- */
-class LRUCache {
-    constructor(max = 10) {
-        this.max = max;
-        this.cache = new Map();
-    }
-    clear() {
-        this.cache.clear();
-    }
-    get(key) {
-        const item = this.cache.get(key);
-        if (item) {
-            this.cache.delete(key);
-            this.cache.set(key, item);
-        }
-        return item;
-    }
-    set(key, val) {
-        if (this.cache.has(key)) {
-            this.cache.delete(key);
-        }
-        else if (this.cache.size >= this.max) {
-            this.cache.delete(this.first());
-        }
-        this.cache.set(key, val);
-    }
-    first() {
-        // This works because the Map class maintains ordered keys.
-        return this.cache.keys().next().value;
-    }
-}
-exports.LRUCache = LRUCache;
-//# sourceMappingURL=cache.js.map

package/dist/cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cache.js","sourceRoot":"","sources":["../src/cache.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,MAAa,QAAQ;IAInB,YAAY,GAAG,GAAG,EAAE;QAClB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,KAAK,GAAG,IAAI,GAAG,EAAE,CAAC;IACzB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,GAAG,CAAC,GAAW;QACb,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,IAAI,EAAE;YACR,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;SAC3B;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,GAAM;QACrB,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACvB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SACxB;aAAM,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE;YACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;SACjC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEO,KAAK;QACX,2DAA2D;QAC3D,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;IACxC,CAAC;CACF;AAnCD,4BAmCC","sourcesContent":["/**\n * LRU cache (least recently used)\n * Source: https://stackoverflow.com/a/46432113\n */\nexport class LRUCache<T> {\n  private readonly max: number;\n  private readonly cache: Map<string, T>;\n\n  constructor(max = 10) {\n    this.max = max;\n    this.cache = new Map();\n  }\n\n  clear() {\n    this.cache.clear();\n  }\n\n  get(key: string): T | undefined {\n    const item = this.cache.get(key);\n    if (item) {\n      this.cache.delete(key);\n      this.cache.set(key, item);\n    }\n    return item;\n  }\n\n  set(key: string, val: T) {\n    if (this.cache.has(key)) {\n      this.cache.delete(key);\n    } else if (this.cache.size >= this.max) {\n      this.cache.delete(this.first());\n    }\n    this.cache.set(key, val);\n  }\n\n  private first() {\n    // This works because the Map class maintains ordered keys.\n    return this.cache.keys().next().value;\n  }\n}\n"]}

package/dist/client.js

@@ -1,572 +0,0 @@
-"use strict";
-// PKCE auth ased on:
-// https://aws.amazon.com/blogs/security/how-to-add-authentication-single-page-web-application-with-amazon-cognito-oauth2-implementation/
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MedplumClient = void 0;
-const cache_1 = require("./cache");
-const crypto_1 = require("./crypto");
-const eventtarget_1 = require("./eventtarget");
-const jwt_1 = require("./jwt");
-const outcomes_1 = require("./outcomes");
-const search_1 = require("./search");
-const storage_1 = require("./storage");
-const types_1 = require("./types");
-const utils_1 = require("./utils");
-const DEFAULT_BASE_URL = 'https://api.medplum.com/';
-const DEFAULT_SCOPE = 'launch/patient openid fhirUser offline_access user/*.*';
-const DEFAULT_RESOURCE_CACHE_SIZE = 1000;
-const JSON_CONTENT_TYPE = 'application/json';
-const FHIR_CONTENT_TYPE = 'application/fhir+json';
-const PATCH_CONTENT_TYPE = 'application/json-patch+json';
-class MedplumClient extends eventtarget_1.EventTarget {
-    constructor(options) {
-        var _a, _b, _c;
-        super();
-        if (options.baseUrl) {
-            if (!options.baseUrl.startsWith('http')) {
-                throw new Error('Base URL must start with http or https');
-            }
-            if (!options.baseUrl.endsWith('/')) {
-                throw new Error('Base URL must end with a trailing slash');
-            }
-        }
-        this.fetch = options.fetch || window.fetch.bind(window);
-        this.storage = new storage_1.ClientStorage();
-        this.schema = new Map();
-        this.resourceCache = new cache_1.LRUCache((_a = options.resourceCacheSize) !== null && _a !== void 0 ? _a : DEFAULT_RESOURCE_CACHE_SIZE);
-        this.baseUrl = options.baseUrl || DEFAULT_BASE_URL;
-        this.clientId = options.clientId || '';
-        this.authorizeUrl = options.authorizeUrl || this.baseUrl + 'oauth2/authorize';
-        this.tokenUrl = options.tokenUrl || this.baseUrl + 'oauth2/token';
-        this.logoutUrl = options.logoutUrl || this.baseUrl + 'oauth2/logout';
-        this.onUnauthenticated = options.onUnauthenticated;
-        this.activeLogin = this.storage.getObject('activeLogin');
-        if (!((_c = (_b = this.activeLogin) === null || _b === void 0 ? void 0 : _b.profile) === null || _c === void 0 ? void 0 : _c.reference)) {
-            this.clear();
-        }
-        this.loading = false;
-        this.refreshProfile().catch(console.log);
-    }
-    /**
-     * Clears all auth state including local storage and session storage.
-     */
-    clear() {
-        this.storage.clear();
-        this.schema.clear();
-        this.resourceCache.clear();
-        this.activeLogin = undefined;
-        this.profile = undefined;
-        this.dispatchEvent({ type: 'change' });
-    }
-    get(url) {
-        return this.request('GET', url);
-    }
-    post(url, body, contentType) {
-        return this.request('POST', url, contentType, body);
-    }
-    put(url, body, contentType) {
-        return this.request('PUT', url, contentType, body);
-    }
-    delete(url) {
-        return this.request('DELETE', url);
-    }
-    /**
-     * Tries to register a new user.
-     * @param request The registration request.
-     * @returns Promise to the authentication response.
-     */
-    register(request) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const response = yield this.post('auth/register', request);
-            yield this.setActiveLogin(response);
-        });
-    }
-    /**
-     * Initiates a user login flow.
-     * @param email The email address of the user.
-     * @param password The password of the user.
-     * @param remember Optional flag to remember the user.
-     * @returns Promise to the authentication response.
-     */
-    startLogin(email, password, remember) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield this.startPkce();
-            return this.post('auth/login', {
-                clientId: this.clientId,
-                scope: DEFAULT_SCOPE,
-                codeChallengeMethod: 'S256',
-                codeChallenge: this.storage.getString('codeChallenge'),
-                email,
-                password,
-                remember: !!remember,
-            });
-        });
-    }
-    /**
-     * Tries to sign in with Google authentication.
-     * The response parameter is the result of a Google authentication.
-     * See: https://developers.google.com/identity/gsi/web/guides/handle-credential-responses-js-functions
-     * @param googleResponse The Google credential response.
-     * @returns Promise to the authentication response.
-     */
-    startGoogleLogin(googleResponse) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield this.startPkce();
-            return this.post('auth/google', googleResponse);
-        });
-    }
-    /**
-     * Signs out locally.
-     * Does not invalidate tokens with the server.
-     */
-    signOut() {
-        this.clear();
-        return Promise.resolve();
-    }
-    /**
-     * Tries to sign in the user.
-     * Returns true if the user is signed in.
-     * This may result in navigating away to the sign in page.
-     */
-    signInWithRedirect() {
-        const urlParams = new URLSearchParams(window.location.search);
-        const code = urlParams.get('code');
-        if (!code) {
-            this.requestAuthorization();
-            return undefined;
-        }
-        else {
-            return this.processCode(code);
-        }
-    }
-    /**
-     * Tries to sign out the user.
-     * See: https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html
-     */
-    signOutWithRedirect() {
-        window.location.assign(this.logoutUrl);
-    }
-    fhirUrl(...path) {
-        const builder = [this.baseUrl, 'fhir/R4'];
-        path.forEach((p) => builder.push('/', encodeURIComponent(p)));
-        return builder.join('');
-    }
-    search(search) {
-        if (typeof search === 'string') {
-            return this.get('fhir/R4/' + search);
-        }
-        else {
-            return this.get(this.fhirUrl(search.resourceType) + (0, search_1.formatSearchQuery)(search));
-        }
-    }
-    /**
-     * Searches a ValueSet resource using the "expand" operation.
-     * See: https://www.hl7.org/fhir/operation-valueset-expand.html
-     * @param system The ValueSet system url.
-     * @param filter The search string.
-     * @returns Promise to expanded ValueSet.
-     */
-    searchValueSet(system, filter) {
-        return this.get(this.fhirUrl('ValueSet', '$expand') +
-            `?url=${encodeURIComponent(system)}` +
-            `&filter=${encodeURIComponent(filter)}`);
-    }
-    read(resourceType, id) {
-        const cacheKey = resourceType + '/' + id;
-        const promise = this.get(this.fhirUrl(resourceType, id)).then((resource) => {
-            this.resourceCache.set(cacheKey, resource);
-            return resource;
-        });
-        this.resourceCache.set(cacheKey, promise);
-        return promise;
-    }
-    readCached(resourceType, id) {
-        const cached = this.resourceCache.get(resourceType + '/' + id);
-        return cached ? Promise.resolve(cached) : this.read(resourceType, id);
-    }
-    readReference(reference) {
-        const refString = reference === null || reference === void 0 ? void 0 : reference.reference;
-        if (!refString) {
-            return Promise.reject('Missing reference');
-        }
-        const [resourceType, id] = refString.split('/');
-        return this.read(resourceType, id);
-    }
-    readCachedReference(reference) {
-        const refString = reference === null || reference === void 0 ? void 0 : reference.reference;
-        if (!refString) {
-            return Promise.reject('Missing reference');
-        }
-        const [resourceType, id] = refString.split('/');
-        return this.readCached(resourceType, id);
-    }
-    getTypeDefinition(resourceType) {
-        if (!resourceType) {
-            return Promise.reject('Missing resourceType');
-        }
-        const cached = this.schema.get(resourceType);
-        if (cached) {
-            return Promise.resolve(cached);
-        }
-        let typeDef;
-        return this.search('StructureDefinition?name:exact=' + encodeURIComponent(resourceType))
-            .then((result) => {
-            var _a;
-            if (!((_a = result.entry) === null || _a === void 0 ? void 0 : _a.length)) {
-                throw new Error('StructureDefinition not found');
-            }
-            const resource = result.entry[0].resource;
-            if (!resource) {
-                throw new Error('StructureDefinition not found');
-            }
-            typeDef = (0, types_1.indexStructureDefinition)(resource);
-        })
-            .then(() => this.search({
-            resourceType: 'SearchParameter',
-            count: 100,
-            filters: [
-                {
-                    code: 'base',
-                    operator: search_1.Operator.EQUALS,
-                    value: resourceType,
-                },
-            ],
-        }))
-            .then((result) => {
-            const entries = result.entry;
-            if (entries) {
-                typeDef.types[resourceType].searchParams = entries
-                    .map((e) => e.resource)
-                    .sort((a, b) => { var _a, _b; return (_b = (_a = a.name) === null || _a === void 0 ? void 0 : _a.localeCompare(b.name)) !== null && _b !== void 0 ? _b : 0; });
-            }
-            this.schema.set(resourceType, typeDef);
-            return typeDef;
-        });
-    }
-    readHistory(resourceType, id) {
-        return this.get(this.fhirUrl(resourceType, id, '_history'));
-    }
-    readPatientEverything(id) {
-        return this.get(this.fhirUrl('Patient', id, '$everything'));
-    }
-    create(resource) {
-        if (!resource.resourceType) {
-            throw new Error('Missing resourceType');
-        }
-        return this.post(this.fhirUrl(resource.resourceType), resource);
-    }
-    createBinary(data, contentType) {
-        return this.post(this.fhirUrl('Binary'), data, contentType);
-    }
-    update(resource) {
-        if (!resource.resourceType) {
-            throw new Error('Missing resourceType');
-        }
-        if (!resource.id) {
-            throw new Error('Missing id');
-        }
-        return this.put(this.fhirUrl(resource.resourceType, resource.id), resource);
-    }
-    patch(resourceType, id, operations) {
-        return this.request('PATCH', this.fhirUrl(resourceType, id), PATCH_CONTENT_TYPE, operations);
-    }
-    deleteResource(resourceType, id) {
-        return this.delete(this.fhirUrl(resourceType, id));
-    }
-    graphql(gql) {
-        return this.post(this.fhirUrl('$graphql'), gql, JSON_CONTENT_TYPE);
-    }
-    subscribe(criteria, handler) {
-        return this.create({
-            resourceType: 'Subscription',
-            status: 'active',
-            criteria: criteria,
-            channel: {
-                type: 'sse',
-            },
-        }).then((sub) => {
-            const eventSource = new EventSource(this.baseUrl + 'sse?subscription=' + encodeURIComponent(sub.id), {
-                withCredentials: true,
-            });
-            eventSource.onmessage = (e) => {
-                handler(JSON.parse(e.data));
-            };
-            return eventSource;
-        });
-    }
-    getActiveLogin() {
-        return this.activeLogin;
-    }
-    setActiveLogin(login) {
-        return __awaiter(this, void 0, void 0, function* () {
-            this.activeLogin = login;
-            this.storage.setObject('activeLogin', login);
-            this.addLogin(login);
-            this.resourceCache.clear();
-            this.refreshPromise = undefined;
-            yield this.refreshProfile();
-        });
-    }
-    getLogins() {
-        var _a;
-        return (_a = this.storage.getObject('logins')) !== null && _a !== void 0 ? _a : [];
-    }
-    addLogin(newLogin) {
-        const logins = this.getLogins().filter((login) => { var _a, _b; return ((_a = login.profile) === null || _a === void 0 ? void 0 : _a.reference) !== ((_b = newLogin.profile) === null || _b === void 0 ? void 0 : _b.reference); });
-        logins.push(newLogin);
-        this.storage.setObject('logins', logins);
-    }
-    refreshProfile() {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            const reference = (_a = this.getActiveLogin()) === null || _a === void 0 ? void 0 : _a.profile;
-            if (reference === null || reference === void 0 ? void 0 : reference.reference) {
-                this.loading = true;
-                this.profile = yield this.readCachedReference(reference);
-                this.loading = false;
-                this.dispatchEvent({ type: 'change' });
-            }
-            return this.profile;
-        });
-    }
-    getProfile() {
-        return this.profile;
-    }
-    isLoading() {
-        return this.loading;
-    }
-    /**
-     * Makes an HTTP request.
-     * @param {string} method
-     * @param {string} url
-     * @param {string=} contentType
-     * @param {Object=} body
-     */
-    request(method, url, contentType, body) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            if (this.refreshPromise) {
-                yield this.refreshPromise;
-            }
-            if (!url.startsWith('http')) {
-                url = this.baseUrl + url;
-            }
-            const headers = {
-                'Content-Type': contentType || FHIR_CONTENT_TYPE,
-            };
-            const accessToken = (_a = this.getActiveLogin()) === null || _a === void 0 ? void 0 : _a.accessToken;
-            if (accessToken) {
-                headers['Authorization'] = 'Bearer ' + accessToken;
-            }
-            const options = {
-                method: method,
-                cache: 'no-cache',
-                credentials: 'include',
-                headers,
-            };
-            if (body) {
-                if (typeof body === 'string' || (typeof File !== 'undefined' && body instanceof File)) {
-                    options.body = body;
-                }
-                else {
-                    options.body = (0, utils_1.stringify)(body);
-                }
-            }
-            const response = yield this.fetch(url, options);
-            if (response.status === 401) {
-                // Refresh and try again
-                return this.handleUnauthenticated(method, url, contentType, body);
-            }
-            if (response.status === 204 || response.status === 304) {
-                // No content or change
-                return undefined;
-            }
-            const obj = yield response.json();
-            if (obj.resourceType === 'OperationOutcome' && !(0, outcomes_1.isOk)(obj)) {
-                return Promise.reject(new outcomes_1.OperationOutcomeError(obj));
-            }
-            return obj;
-        });
-    }
-    /**
-     * Handles an unauthenticated response from the server.
-     * First, tries to refresh the access token and retry the request.
-     * Otherwise, calls unauthenticated callbacks and rejects.
-     * @param method The HTTP method of the original request.
-     * @param url The URL of the original request.
-     * @param contentType The content type of the original request.
-     * @param body The body of the original request.
-     */
-    handleUnauthenticated(method, url, contentType, body) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.refresh()
-                .then(() => this.request(method, url, contentType, body))
-                .catch((error) => {
-                this.clear();
-                if (this.onUnauthenticated) {
-                    this.onUnauthenticated();
-                }
-                return Promise.reject(error);
-            });
-        });
-    }
-    /**
-     * Starts a new PKCE flow.
-     * These PKCE values are stateful, and must survive redirects and page refreshes.
-     */
-    startPkce() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const pkceState = (0, crypto_1.getRandomString)();
-            this.storage.setString('pkceState', pkceState);
-            const codeVerifier = (0, crypto_1.getRandomString)();
-            this.storage.setString('codeVerifier', codeVerifier);
-            const arrayHash = yield (0, crypto_1.encryptSHA256)(codeVerifier);
-            const codeChallenge = (0, utils_1.arrayBufferToBase64)(arrayHash).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-            this.storage.setString('codeChallenge', codeChallenge);
-        });
-    }
-    /**
-     * Redirects the user to the login screen for authorization.
-     * Clears all auth state including local storage and session storage.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint
-     */
-    requestAuthorization() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.authorizeUrl) {
-                throw new Error('Missing authorize URL');
-            }
-            this.startPkce();
-            window.location.assign(this.authorizeUrl +
-                '?response_type=code' +
-                '&state=' +
-                encodeURIComponent(this.storage.getString('pkceState')) +
-                '&client_id=' +
-                encodeURIComponent(this.clientId) +
-                '&redirect_uri=' +
-                encodeURIComponent(getBaseUrl()) +
-                '&scope=' +
-                encodeURIComponent(DEFAULT_SCOPE) +
-                '&code_challenge_method=S256' +
-                '&code_challenge=' +
-                encodeURIComponent(this.storage.getString('codeChallenge')));
-        });
-    }
-    /**
-     * Processes an OAuth authorization code.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenRequest
-     * @param code The authorization code received by URL parameter.
-     */
-    processCode(code) {
-        const pkceState = this.storage.getString('pkceState');
-        if (!pkceState) {
-            this.clear();
-            throw new Error('Invalid PCKE state');
-        }
-        const codeVerifier = this.storage.getString('codeVerifier');
-        if (!codeVerifier) {
-            this.clear();
-            throw new Error('Invalid PCKE code verifier');
-        }
-        return this.fetchTokens('grant_type=authorization_code' +
-            (this.clientId ? '&client_id=' + encodeURIComponent(this.clientId) : '') +
-            '&code_verifier=' +
-            encodeURIComponent(codeVerifier) +
-            '&redirect_uri=' +
-            encodeURIComponent(getBaseUrl()) +
-            '&code=' +
-            encodeURIComponent(code));
-    }
-    /**
-     * Tries to refresh the auth tokens.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens
-     */
-    refresh() {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            if (this.refreshPromise) {
-                return this.refreshPromise;
-            }
-            const refreshToken = (_a = this.getActiveLogin()) === null || _a === void 0 ? void 0 : _a.refreshToken;
-            if (!refreshToken) {
-                this.clear();
-                return Promise.reject('Invalid refresh token');
-            }
-            this.refreshPromise = this.fetchTokens('grant_type=refresh_token' +
-                '&client_id=' +
-                encodeURIComponent(this.clientId) +
-                '&refresh_token=' +
-                encodeURIComponent(refreshToken));
-            yield this.refreshPromise;
-        });
-    }
-    /**
-     * Makes a POST request to the tokens endpoint.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
-     * @param formBody Token parameters in URL encoded format.
-     */
-    fetchTokens(formBody) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.tokenUrl) {
-                return Promise.reject('Missing token URL');
-            }
-            return this.fetch(this.tokenUrl, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-                body: formBody,
-            })
-                .then((response) => {
-                if (!response.ok) {
-                    return Promise.reject('Failed to fetch tokens');
-                }
-                return response.json();
-            })
-                .then((tokens) => this.verifyTokens(tokens))
-                .then(() => this.profile);
-        });
-    }
-    /**
-     * Verifies the tokens received from the auth server.
-     * Validates the JWT against the JWKS.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
-     * @param tokens
-     */
-    verifyTokens(tokens) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const token = tokens.access_token;
-            // Verify token has not expired
-            const tokenPayload = (0, jwt_1.parseJWTPayload)(token);
-            if (Date.now() >= tokenPayload.exp * 1000) {
-                this.clear();
-                return Promise.reject('Token expired');
-            }
-            // Verify app_client_id
-            if (this.clientId && tokenPayload.client_id !== this.clientId) {
-                this.clear();
-                return Promise.reject('Token was not issued for this audience');
-            }
-            yield this.setActiveLogin({
-                accessToken: token,
-                refreshToken: tokens.refresh_token,
-                project: tokens.project,
-                profile: tokens.profile,
-            });
-        });
-    }
-}
-exports.MedplumClient = MedplumClient;
-/**
- * Returns the base URL for the current page.
- */
-function getBaseUrl() {
-    return window.location.protocol + '//' + window.location.host + '/';
-}
-//# sourceMappingURL=client.js.map