@nsshunt/stsoauth2plugin 0.0.3

package/src/stsoauth2worker.ts

@@ -0,0 +1,542 @@
+import Debug from "debug";
+const debug = Debug(`proc:${process.pid}:stsoauth2worker.ts`);
+
+import 'colors'
+
+import axios from "axios";
+
+import { JSONObject, OAuth2ParameterType } from '@nsshunt/stsutils';
+
+import CryptoUtils from './Utils/CryptoUtils'
+import QueryParams from './Utils/QueryParams'
+
+import jwt_decode from "jwt-decode"
+
+import { IStsStorage, ClientStorageType, ClientStorageFactory } from './stsStorage'
+
+import { StatusCodes } from 'http-status-codes'
+
+import { AuthorizeOptionsResponseType, AuthorizeOptionsResponseMode, IAuthorizationCodeFlowParameters, IRefreshFlowParameters,
+	IAuthorizeOptions, ITokenResponse, IAuthorizeResponse, IAuthorizeErrorResponse, ITokenErrorResponse, OAuthGrantTypes, AuthenticateEvent,
+	IOauth2ListenerMessage, IOauth2ListenerCommand, IOauth2ListenerMessageResponse } from './stsoauth2types'
+
+const CreateRandomString = (size = 43) => {
+	const randomValues = Array.from(self.crypto.getRandomValues(new Uint8Array(size)))
+	const b64 = window.btoa(String.fromCharCode(...randomValues));
+	return b64;
+	//return randomValues.toString('base64');
+}
+
+// STS Client SDK for SPAs
+class STSOAuth2Worker {
+	//#storageManager = null;
+	#clientSessionStore: IStsStorage<ITokenResponse> = null; // In memory tokens while the client is logged in
+	#cUtils = new CryptoUtils();
+	#qParams = new QueryParams();
+	#STORAGE_AUTHORIZE_OPTIONS_KEY = 'authorize_options.stsmda.com.au';
+	#STORAGE_SESSION_KEY = 'session.stsmda.com.au';
+	#aic = null;
+	#errorCallback = null; //@@ will be replaced with a message back
+	//#store = null;
+	#handleAuthenticateEvent: AuthenticateEvent = null;
+	#oauthWorkerPort: MessagePort = null;
+	#currentMessageId = 0;
+	
+	constructor(workerPort: MessagePort) {
+		//this.#store = app.config.globalProperties.$store;
+
+		// In memory storage for OAuth2 tokens for our valid session
+		this.#clientSessionStore = new ClientStorageFactory<ITokenResponse>({clientStorageType: ClientStorageType.MEMORY_STORAGE}).GetStorage();
+
+		//@@ needs to be sent the instrument manager controller port
+		//@@this.#aic = app.config.globalProperties.$sts.aic.PrimaryPublishInstrumentController;
+
+		//this.#handleAuthenticateEvent = handleAuthenticateEvent;
+		this.#handleAuthenticateEvent = (id_token: string) => {
+			const message: IOauth2ListenerMessage = {
+				messageId: -1, // un-solicited message
+				command: IOauth2ListenerCommand.AUTHENTICATE_EVENT
+			}
+			this.#ProcessCommand(message, id_token);
+		}
+
+		this.#errorCallback = (error: any) => {
+			const message: IOauth2ListenerMessage = {
+				messageId: -1, // un-solicited message
+				command: IOauth2ListenerCommand.ERROR
+			}
+			this.#ProcessCommand(message, error);
+		}
+
+		this.#oauthWorkerPort = workerPort;
+		this.SetupListener();
+	}
+
+	// Attempt to restore a previous session using the STSBroker
+	/*
+    { parameterType: OAuth2ParameterType.CLIENT_ID, errorType: authErrorType.CLIENT_ID_MISMATCH },
+    { parameterType: OAuth2ParameterType.SCOPE, errorType: authErrorType.SCOPE_MISMATCH }
+    { parameterType: OAuth2ParameterType.REDIRECT_URI, errorType: authErrorType.REDIRECT_URI_MISMATCH },
+    { parameterType: OAuth2ParameterType.AUDIENCE, errorType: authErrorType.SCOPE_MISMATCH }
+
+    Successful Response
+    {
+        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
+        "token_type": "Bearer",
+        "expires_in": 3599,
+        "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
+        "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
+        "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
+    }
+
+    Error Response
+    {
+        "error": "invalid_scope",
+        "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
+        "error_codes": [
+            70011
+        ],
+        "timestamp": "2016-01-09 02:02:12Z",
+    }
+
+    
+    */
+
+
+	SetupListener = () => {
+		this.#oauthWorkerPort.onmessage = async (data: MessageEvent) => {
+			const auth2ListenerMessage: IOauth2ListenerMessage = data.data as IOauth2ListenerMessage;
+			switch (auth2ListenerMessage.command) {
+			case IOauth2ListenerCommand.RESTORE_SESSION :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#RestoreSession());
+				break;
+			case IOauth2ListenerCommand.AUTHORIZE :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#Authorize());
+				break;
+			case IOauth2ListenerCommand.HANDLE_REDIRECT :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#HandleRedirect(auth2ListenerMessage.payload));
+				break;
+			case IOauth2ListenerCommand.LOGOUT :
+				this.#ProcessCommand(auth2ListenerMessage, await this.#Logout());
+				break;
+			default :
+				throw new Error(`Command: [${auth2ListenerMessage.command}'] not found.`);
+			}
+		}
+	}
+
+	#ProcessCommand = async (auth2ListenerMessage: IOauth2ListenerMessage, response: any) => {
+		const messageResponse: IOauth2ListenerMessageResponse = {
+			messageId: auth2ListenerMessage.messageId,
+			command: auth2ListenerMessage.command,
+			payload: response
+		}
+		this.#oauthWorkerPort.postMessage(messageResponse);
+	}
+
+	#RestoreSession = async (): Promise<boolean> => {
+		//@@ attempt to get from client storage first
+
+		let restoredSessionData: ITokenResponse = null;
+		restoredSessionData = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
+		if (restoredSessionData !== null) {
+			console.log('Session restored from client storage.');
+			if (this.#aic) {
+				this.#aic.UpdateInstrument('m', { LogMessage: 'Session restored from client storage.' });
+			}
+		} else {
+			const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/session`;
+			console.log('RestoreSession');
+			console.log(url);
+			if (this.#aic) {
+				this.#aic.UpdateInstrument('m', { LogMessage: 'RestoreSession' });
+				this.#aic.UpdateInstrument('m', { LogMessage: url });
+			}
+			try {
+				const retVal = await axios({
+					method: "post",
+					url: url,
+					data: {
+						[OAuth2ParameterType.CLIENT_ID]: process.env.CLIENT_ID,
+						[OAuth2ParameterType.SCOPE]: process.env.SCOPE,
+						[OAuth2ParameterType.REDIRECT_URI]: process.env.REDIRECT_URI,
+						[OAuth2ParameterType.AUDIENCE]: process.env.AUDIENCE
+					},
+					withCredentials: true, // Ensure cookies are passed to the service
+					timeout: parseInt(process.env.TIMEOUT),
+				});
+				if (retVal.data.status === StatusCodes.OK) {
+					restoredSessionData = retVal.data.detail;
+					this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, restoredSessionData);
+					console.log('Session restored from server side cookie.');
+					//this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
+				} else {
+					//@@ handle error better
+					//this.#store.commit('stsOAuth2SDK/SessionData', null);
+					console.log('Could not restore previous session:-');
+					console.log(JSON.stringify(retVal.data));
+				}
+			} catch (error) {
+				//@@ handle error better
+				//this.#store.commit('stsOAuth2SDK/SessionData', null);
+				console.log('Could not restore previous session (error state):-');
+				console.log(error);
+				console.log(JSON.stringify(error));
+			}
+		}
+		
+		//@@ must only use in-memory for this ...
+		//this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
+		if (restoredSessionData !== null) {
+			this.#handleAuthenticateEvent(restoredSessionData.id_token);
+			console.log('Refreshing tokens ...');
+			return this.#RefreshToken();
+		} else {
+			this.#handleAuthenticateEvent(null);
+			return false;
+		}
+	}
+
+	#Authorize = async (): Promise<JSONObject> => {
+		console.log('Authorize ...');
+
+		/* MS Example
+        --------------
+        https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
+        client_id=6731de76-14a6-49ae-97bc-6eba6914391e
+        &response_type=code
+        &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
+        &response_mode=query
+        &scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read%20api%3A%2F%2F
+        &state=12345
+        &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
+        &code_challenge_method=S256
+
+        Successful Response
+
+        GET http://localhost?
+        code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
+        &state=12345
+
+        Error Response
+        GET http://localhost?
+        error=access_denied
+        &error_description=the+user+canceled+the+authentication
+
+        << Hybrid Flow >>
+
+        https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
+        client_id=6731de76-14a6-49ae-97bc-6eba6914391e
+        &response_type=code%20id_token
+        &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
+        &response_mode=fragment
+        &scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
+        &state=12345
+        &nonce=abcde
+        &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
+        &code_challenge_method=S256
+
+        Successful Response
+
+        GET https://login.microsoftonline.com/common/oauth2/nativeclient#
+        code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
+        &id_token=eYj...
+        &state=12345
+
+        Notes:
+        The nonce is included as a claim inside the returned id_token
+        Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+        */
+
+		const client_id = process.env.CLIENT_ID;
+		const nonce = this.#cUtils.CreateRandomString();
+		const response_type = [ AuthorizeOptionsResponseType.CODE ]
+		const redirect_uri = process.env.REDIRECT_URI;
+		const response_mode = AuthorizeOptionsResponseMode.QUERY
+		const scope = process.env.SCOPE;
+		const state = this.#cUtils.CreateRandomString();
+		const code_verifier = this.#cUtils.CreateRandomString();
+		const code_challenge = await this.#cUtils.DigestMessage(code_verifier);
+		const code_challenge_method = 'S256';
+		//let audience = process.env.AUDIENCE;
+
+		const authorizeOptions: IAuthorizeOptions = {
+			client_id,
+			nonce,
+			response_type,
+			redirect_uri,
+			response_mode,
+			scope,
+			state,
+			code_challenge,
+			code_challenge_method
+		}
+
+		const url = `${process.env.AUTH_ENDPOINT}:${process.env.AUTH_PORT}${process.env.AUTH_APIROOT}?${this.#qParams.CreateQueryParams(authorizeOptions)}`;
+
+		console.log(url);
+
+		// Now add the code_verifier to the transaction data
+		authorizeOptions.code_verifier = code_verifier; //@@ Is this is the only thing required across the transaction ?
+
+		console.log(`Authorize:authorizeOptions: [${JSON.stringify(authorizeOptions)}]`);
+
+		return {
+			url,
+			authorizeOptions
+		}
+		//window.location.assign(url);
+		//@@ this may need to be a message back to the plugin to re-direct
+		//window.location.replace(url);
+	}
+
+	#HandleRedirect = async (payload: any): Promise<boolean> => {
+		const queryVars: IAuthorizeResponse | IAuthorizeErrorResponse = payload.queryVars;
+		const authorizeOptions: IAuthorizeOptions = payload.authorizeOptions
+
+		console.log('HandleRedirect');
+		// We have been re-direct back here from the /authorize end-point
+		console.log(`HandleRedirect:Query Vars: [${JSON.stringify(queryVars)}]`);
+
+		if (queryVars[OAuth2ParameterType.CODE]) {
+			const response: IAuthorizeResponse = queryVars as IAuthorizeResponse;
+
+			console.log(`authorizeOptions from transaction state: [${JSON.stringify(authorizeOptions)}]`);
+	
+			const redirectState = response.state;
+			const authorizeOptionsState = authorizeOptions.state;
+	
+			if (authorizeOptionsState.localeCompare(redirectState) === 0) {
+				console.log('redirected state (from queryVars) matched previously saved transaction authorizeOptions state'.green);
+
+				return await this.#GetToken(authorizeOptions, response);
+			} else {
+				console.log('redirected state (from queryVars) did NOT match previously saved transaction authorizeOptions state'.red);
+				this.#errorCallback({message: 'State un-matched'});
+				return false;
+			}
+		} else if (queryVars[OAuth2ParameterType.ERROR]) {
+			const response: IAuthorizeErrorResponse = queryVars as IAuthorizeErrorResponse;
+			//@@ pass error back to parent thread (to the plugin) as a message
+			const error = response.error;
+			const errorDescription = response.error_description;
+			this.#errorCallback({message: 'State un-matched'});
+			return false;
+		} else {
+			// Invalid redirect query params
+			const error = 'Invalid redirect query params'; //@@ fix
+			const errorDescription = 'Invalid redirect query params description'; //@@ fix
+			this.#errorCallback({message: 'State un-matched'});
+			return false;
+		}
+	}
+
+	/*
+    client_id=6731de76-14a6-49ae-97bc-6eba6914391e
+    &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
+    &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
+    &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
+    &grant_type=authorization_code
+    &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong 
+    &client_secret=JqQX2PNo9bpM0uEihUPzyrh    // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
+
+    Successful Response
+    {
+        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
+        "token_type": "Bearer",
+        "expires_in": 3599,
+        "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
+        "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
+        "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
+    }
+    */
+
+	// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
+	#GetTokenFromBroker = async (authorizationCodeFlowParameters: IAuthorizationCodeFlowParameters | IRefreshFlowParameters): Promise<boolean> => {
+		console.log("#GetTokenFromBroker");
+
+		this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
+
+		const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/token`;
+		console.log(`#GetTokenFromBroker:url = [${url}]`);
+		console.log(authorizationCodeFlowParameters);
+
+		try {
+			const retVal = await axios({
+				method: "post",
+				url: url,
+				data: authorizationCodeFlowParameters,
+				withCredentials: true, // Ensure cookies are passed to the service
+				timeout: parseInt(process.env.TIMEOUT),
+			});
+			console.log(`retVal: ${JSON.stringify(retVal)}`);
+
+			if (retVal.status === StatusCodes.OK) {
+				console.log('Storing tokens...');
+				const tokenResponse: ITokenResponse = retVal.data as ITokenResponse;
+				//this.#store.commit('stsOAuth2SDK/SessionData', tokenResponse);
+				this.#handleAuthenticateEvent(tokenResponse.id_token);
+				this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, tokenResponse);
+				return true;
+			} else if (retVal.status === StatusCodes.UNAUTHORIZED) {
+				console.log('NOT Storing tokens...');
+				console.log(retVal.status);
+
+				//this.#store.commit('stsOAuth2SDK/SessionData', null);
+				this.#handleAuthenticateEvent(null);
+
+				const response: ITokenErrorResponse = retVal.data as ITokenErrorResponse;
+
+				//@@ store response in state
+				//@@ go to error page ??
+				return false;
+
+			} else {
+				// General error
+				console.log('NOT Storing tokens...');
+				console.log(retVal.status);
+
+				//this.#store.commit('stsOAuth2SDK/SessionData', null);
+				this.#handleAuthenticateEvent(null);
+
+				console.log('Could not obtain access_token from token end-point:-');
+				console.log(JSON.stringify(retVal.data));
+				//@@ store error in state to show in error page
+				return false;
+			}
+		} catch (error) {
+			//this.#store.commit('stsOAuth2SDK/SessionData', null);
+			this.#handleAuthenticateEvent(null);
+			//console.log('Could not restore previous session (error state):-');
+			console.log(error);
+			console.log(JSON.stringify(error));
+
+			//@@ store error in state to show in error page
+
+			return false;
+		}
+	}
+
+	// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
+	#GetToken = async (authorizeOptions: IAuthorizeOptions, authorizeResponse: IAuthorizeResponse): Promise<boolean> => {
+		console.log("#GetToken");
+		console.log(authorizeResponse);
+
+		this.#clientSessionStore.set(this.#STORAGE_SESSION_KEY, null);
+
+		const authorizationCodeFlowParameters: IAuthorizationCodeFlowParameters = {
+			client_id: process.env.CLIENT_ID,
+			scope: process.env.SCOPE,
+			code: authorizeResponse.code,
+			redirect_uri: process.env.REDIRECT_URI,
+			grant_type: OAuthGrantTypes.AUTHORIZATION_CODE,
+			code_verifier: authorizeOptions.code_verifier
+		}
+
+		return this.#GetTokenFromBroker(authorizationCodeFlowParameters);
+	}
+	
+	/*
+	// Line breaks for legibility only
+
+POST /{tenant}/oauth2/v2.0/token HTTP/1.1
+Host: https://login.microsoftonline.com
+Content-Type: application/x-www-form-urlencoded
+
+client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
+&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
+&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
+&grant_type=refresh_token
+&client_secret=sampleCredentia1s    // NOTE: Only required for web apps. This secret needs to be URL-Encoded
+
+Error Response
+{
+	"error": "invalid_scope",
+	"error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
+	"error_codes": [
+	  70011
+	],
+	"timestamp": "2016-01-09 02:02:12Z",
+	"trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
+	"correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
+  }
+*/
+
+	#RefreshToken = async (): Promise<boolean> => {
+		// Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
+		console.log("RefreshToken");
+
+		//let currentSessionData = this.#store.getters['stsOAuth2SDK/SessionData'];
+		const currentSessionData: ITokenResponse = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
+		if (currentSessionData) {
+			const refreshFlowParameters: IRefreshFlowParameters = {
+				client_id: process.env.CLIENT_ID,
+				scope: process.env.SCOPE,
+				refresh_token: currentSessionData.refresh_token,
+				grant_type: OAuthGrantTypes.REFRESH_TOKEN
+			}
+
+			return this.#GetTokenFromBroker(refreshFlowParameters);
+		} else {
+			// show error
+			//@@ no valid session exists for refresh
+			return false;
+		}
+	}
+
+	// call broker to logout
+	// broker to logout of server
+	// delete cookie
+	// clear session storage
+	// clear all state from $store
+	#Logout = async (): Promise<boolean> => {
+		console.log('Logout');
+		const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/logout`;
+		console.log(url);
+
+		const currentSessionData: ITokenResponse = this.#clientSessionStore.get(this.#STORAGE_SESSION_KEY);
+		const refresh_token = currentSessionData.refresh_token;
+		console.log(refresh_token);
+
+		const decodedRefreshToken: JSONObject = jwt_decode<JSONObject>(refresh_token);
+		console.log(decodedRefreshToken);
+		const sessionId = decodedRefreshToken.sts_session;
+		console.log(sessionId);
+
+		this.#clientSessionStore.remove(this.#STORAGE_SESSION_KEY);
+		//this.#store.commit('stsOAuth2SDK/SessionData', null);
+		this.#handleAuthenticateEvent(null);
+
+		try {
+			const retVal = await axios({
+				method: "post",
+				url: url,
+				data: {
+					sessionId
+				},
+				withCredentials: true, // Ensure cookies are passed to the service
+				timeout: parseInt(process.env.TIMEOUT),
+			});
+			if (retVal.data.status === StatusCodes.OK) {
+				return true;
+			} else {
+				console.log('Error during logout (server side)');
+				console.log(JSON.stringify(retVal.data));
+				return false;
+			}
+		} catch (error) {
+			console.log('Error during logout (server side)');
+			console.log(error);
+			console.log(JSON.stringify(error));
+			return false;
+		}
+	}
+}
+
+let oAuth2Worker: STSOAuth2Worker = null;
+
+onmessage = async function(data: MessageEvent)
+{
+	const workerPort = data.data as MessagePort;
+	oAuth2Worker = new STSOAuth2Worker(workerPort);
+}

package/tsconfig.json

@@ -0,0 +1,31 @@
+{
+  "extends": "@tsconfig/node18/tsconfig.json",
+  "include": ["src/**/*" ],
+  "exclude": ["node_modules", "**/node_modules/**/*", "**/*.spec.ts"],
+  "compilerOptions": {
+    "module": "esnext",
+    "target": "es2021",
+    "moduleResolution": "node",
+    "sourceMap": true,
+    "outDir": "dist",
+    "allowJs": true,
+    "declaration": true,
+    "declarationDir": "./types",
+    "declarationMap": true,
+
+    "noImplicitAny": false,
+    "strictNullChecks": false,
+
+    "lib": [
+      // Should target at least ES2016 in Vue 3
+      // Support for newer versions of language built-ins are
+      // left for the users to include, because that would require:
+      //   - either the project doesn't need to support older versions of browsers;
+      //   - or the project has properly included the necessary polyfills.
+      "ES2016",
+      "DOM",
+      "DOM.Iterable"
+      // No `ScriptHost` because Vue 3 dropped support for IE
+    ],
+  }
+}

package/types/Utils/CryptoUtils.d.ts

@@ -0,0 +1,7 @@
+export declare class CryptoUtils {
+    DigestMessage: (message: any) => Promise<string>;
+    CreateRandomString: (size?: number) => string;
+    CreateRandomStringEx: () => string;
+}
+export default CryptoUtils;
+//# sourceMappingURL=CryptoUtils.d.ts.map

package/types/Utils/CryptoUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CryptoUtils.d.ts","sourceRoot":"","sources":["../../src/Utils/CryptoUtils.ts"],"names":[],"mappings":"AAAA,qBAAa,WAAW;IACvB,aAAa,oCASZ;IAED,kBAAkB,4BAOjB;IAED,oBAAoB,eAOnB;CACD;AAED,eAAe,WAAW,CAAA"}

package/types/Utils/QueryParams.d.ts

@@ -0,0 +1,8 @@
+declare class QueryParams {
+    DecodeQueryParams: (params: any) => {};
+    CreateQueryParams: (params: any) => string;
+    _GetQueryParams: (param: any) => {};
+    GetQueryParams: () => {};
+}
+export default QueryParams;
+//# sourceMappingURL=QueryParams.d.ts.map

package/types/Utils/QueryParams.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"QueryParams.d.ts","sourceRoot":"","sources":["../../src/Utils/QueryParams.ts"],"names":[],"mappings":"AAEA,cAAM,WAAW;IAChB,iBAAiB,sBAQhB;IAED,iBAAiB,0BAWhB;IAED,eAAe,qBAcd;IAED,cAAc,WAEb;CACD;AAED,eAAe,WAAW,CAAC"}

package/types/index.d.ts

@@ -0,0 +1,3 @@
+export * from './stsoauth2types';
+export * from './stsoauth2manager';
+//# sourceMappingURL=index.d.ts.map

package/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAA;AAChC,cAAc,oBAAoB,CAAA"}

package/types/index.test.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=index.test.d.ts.map

package/types/index.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../src/index.test.ts"],"names":[],"mappings":""}

package/types/stsStorage.d.ts

@@ -0,0 +1,22 @@
+import { JSONObject } from "@nsshunt/stsutils";
+export interface IStsStorage<T> {
+    get(key: string): T;
+    set(key: string, value: T, options?: JSONObject): void;
+    remove(key: string): void;
+}
+export declare enum ClientStorageType {
+    LOCAL_STORAGE = "LocalStorage",
+    SESSION_STORAGE = "SessionStorage",
+    COOKIE_STORAGE = "CookieStorage",
+    MEMORY_STORAGE = "MemoryStorage"
+}
+export declare class ClientStorageOptions {
+    clientStorageType: ClientStorageType;
+    storageOptions?: JSONObject;
+}
+export declare class ClientStorageFactory<T> {
+    #private;
+    constructor(options: ClientStorageOptions);
+    GetStorage(): IStsStorage<T>;
+}
+//# sourceMappingURL=stsStorage.d.ts.map

package/types/stsStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stsStorage.d.ts","sourceRoot":"","sources":["../src/stsStorage.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,WAAW,WAAW,CAAC,CAAC;IAC7B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,CAAC,CAAA;IACnB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,IAAI,CAAA;IACtD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;CACzB;AAED,oBAAY,iBAAiB;IAC5B,aAAa,iBAAiB;IAC9B,eAAe,mBAAmB;IAClC,cAAc,kBAAkB;IAChC,cAAc,kBAAkB;CAChC;AA2GD,qBAAa,oBAAoB;IAChC,iBAAiB,EAAE,iBAAiB,CAAoC;IACxE,cAAc,CAAC,EAAE,UAAU,CAAA;CAC3B;AAED,qBAAa,oBAAoB,CAAC,CAAC;;gBAItB,OAAO,EAAE,oBAAoB;IAoBzC,UAAU,IAAI,WAAW,CAAC,CAAC,CAAC;CAI5B"}

package/types/stsoauth2manager.d.ts

@@ -0,0 +1,5 @@
+declare const STSOAuth2ManagerPlugin: {
+    install: (app: any, router: any) => void;
+};
+export default STSOAuth2ManagerPlugin;
+//# sourceMappingURL=stsoauth2manager.d.ts.map

package/types/stsoauth2manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stsoauth2manager.d.ts","sourceRoot":"","sources":["../src/stsoauth2manager.ts"],"names":[],"mappings":"AAsVA,QAAA,MAAM,sBAAsB;;CAK3B,CAAA;AAED,eAAe,sBAAsB,CAAC"}