@partium/js-sdk 15.17.0 → 15.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/core/integration-defaults/session/js-oauth-web-cookie-session.service.d.ts +11 -2
  2. package/core/integration-defaults/session/js-oauth-web-cookie-session.service.js +1 -1
  3. package/gen/sdk-version.d.ts +1 -1
  4. package/gen/sdk-version.js +1 -1
  5. package/package.json +1 -1
package/core/integration-defaults/session/js-oauth-web-cookie-session.service.d.ts CHANGED
@@ -119,13 +119,22 @@ export declare class JSOauthWebCookieSessionService extends OauthSessionService
119
119
  * Safely read a query parameter from the current browser URL.
120
120
  */
121
121
  private getUrlQueryParam;
122
+ private getHintFromUrlString;
123
+ /**
124
+ * Keep IdP-routing hints on the Keycloak authorize request, but remove them from redirect_uri
125
+ * so the post-login callback URL no longer needs these one-time routing query params.
126
+ */
127
+ private stripIdentityProviderHintsFromRedirectUrl;
128
+ private resolveAuthorizationHintParam;
129
+ private getKcIdpHintForAuthorizationRequest;
130
+ private getUseOrganizationIdpForAuthorizationRequest;
122
131
  /**
123
132
  * Collapse OAuth callback errors into a single message for public SDK error handling.
124
133
  */
125
134
  private getOauthErrorFromUrl;
126
135
  /**
127
- * Remove only consumed OAuth callback parameters without reloading the page,
128
- * preserving unrelated query params such as IdP routing hints.
136
+ * Remove one-time OAuth/auth-routing parameters without reloading the page,
137
+ * while preserving unrelated application query params.
129
138
  */
130
139
  private clearAuthCallbackParamsFromUrl;
131
140
  /**
package/core/integration-defaults/session/js-oauth-web-cookie-session.service.js CHANGED
@@ -1,2 +1,2 @@
1
1
  // Copyright © 2022-2026 Partium, Inc. DBA Partium
2
- "use strict";var __extends=this&&this.__extends||function(){var e=function(r,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,r){e.__proto__=r}||function(e,r){for(var t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t])},e(r,t)};return function(r,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function o(){this.constructor=r}e(r,t),r.prototype=null===t?Object.create(t):(o.prototype=t.prototype,new o)}}(),__awaiter=this&&this.__awaiter||function(e,r,t,o){return new(t||(t=Promise))((function(n,i){function s(e){try{u(o.next(e))}catch(e){i(e)}}function a(e){try{u(o.throw(e))}catch(e){i(e)}}function u(e){var r;e.done?n(e.value):(r=e.value,r instanceof t?r:new t((function(e){e(r)}))).then(s,a)}u((o=o.apply(e,r||[])).next())}))},__generator=this&&this.__generator||function(e,r){var t,o,n,i,s={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function a(a){return function(u){return function(a){if(t)throw new TypeError("Generator is already executing.");for(;i&&(i=0,a[0]&&(s=0)),s;)try{if(t=1,o&&(n=2&a[0]?o.return:a[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,a[1])).done)return n;switch(o=0,n&&(a=[2&a[0],n.value]),a[0]){case 0:case 1:n=a;break;case 4:return s.label++,{value:a[1],done:!1};case 5:s.label++,o=a[1],a=[0];continue;case 7:a=s.ops.pop(),s.trys.pop();continue;default:if(!(n=s.trys,(n=n.length>0&&n[n.length-1])||6!==a[0]&&2!==a[0])){s=0;continue}if(3===a[0]&&(!n||a[1]>n[0]&&a[1]<n[3])){s.label=a[1];break}if(6===a[0]&&s.label<n[1]){s.label=n[1],n=a;break}if(n&&s.label<n[2]){s.label=n[2],s.ops.push(a);break}n[2]&&s.ops.pop(),s.trys.pop();continue}a=r.call(e,s)}catch(e){a=[6,e],o=0}finally{t=n=0}if(5&a[0])throw a[1];return{value:a[0]?a[1]:void 0,done:!0}}([a,u])}}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.JSOauthWebCookieSessionService=exports.JSOauthWebCookieLoginConfig=exports.JSOauthWebCookieAuthenticationConfig=exports.JSOauthWebCookieStatus=void 0;var rxjs_1=require("rxjs"),operators_1=require("rxjs/operators"),auth_config_1=require("../../models/auth-config"),error_1=require("../../models/error"),user_token_1=require("../../models/user-token"),user_1=require("../../models/user"),https_client_service_interface_1=require("../../services/http/https-client/https-client.service.interface"),oauth_session_service_1=require("../../services/session/oauth-session.service"),COOKIE_REQUEST_OPTIONS={withCredentials:!0},MISSING_REFRESH_TOKEN_ERROR_MESSAGE="Refresh token not provided in cookie or request body.",PKCE_CODE_VERIFIER_STORAGE_KEY="partium.oauth.web_cookie.pkce_code_verifier",COOKIE_SESSION_STORAGE_KEY="partium.oauth.web_cookie.has_active_session",COOKIE_SESSION_STORAGE_VALUE="true",PKCE_CODE_CHALLENGE_METHOD="S256",JSOauthWebCookieStatus=function(e){function r(){return null!==e&&e.apply(this,arguments)||this}return __extends(r,e),r}(oauth_session_service_1.OauthStatus);exports.JSOauthWebCookieStatus=JSOauthWebCookieStatus;var JSOauthWebCookieAuthenticationConfig=function(e){function r(r){var t=e.call(this,r)||this;return t.partiumApiBaseUrl="https://api.partium.io",t.oauthSessionService=JSOauthWebCookieSessionService,Object.assign(t,r),t}return __extends(r,e),r}(auth_config_1.OauthAuthenticationConfig);exports.JSOauthWebCookieAuthenticationConfig=JSOauthWebCookieAuthenticationConfig;var JSOauthWebCookieLoginConfig=function(e){function r(r){var t=e.call(this)||this;return Object.assign(t,r),t}return __extends(r,e),r}(oauth_session_service_1.OauthLoginConfig);exports.JSOauthWebCookieLoginConfig=JSOauthWebCookieLoginConfig;var JSOauthWebCookieSessionService=function(e){function r(r){var t=e.call(this,r)||this;return t.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},t.status$=new rxjs_1.BehaviorSubject(t.status),t}return __extends(r,e),r.prototype.onCreate=function(){e.prototype.onCreate.call(this),this.httpsClientService=this.serviceProvider.getService(https_client_service_interface_1.HttpsClientService)},r.prototype.getStatus=function(){return this.status$.asObservable()},r.prototype.login=function(e){var r=this,t=e,o=this.authenticationConfig,n=t.apiKey||o.apiKey,i=this.getUrlQueryParam("code"),s=this.getOauthErrorFromUrl();if(n)return this.loginWithApiKey(n).pipe((0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})));if(s)return this.clearPkceCodeVerifier(),(0,rxjs_1.throwError)((function(){return r.createSdkError(null,s)}));var a=o.authorizationCode||i;if(a){var u=void 0;try{u=this.getRedirectUrl(t)}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.exchangeCodeForToken(a,u).pipe((0,operators_1.tap)((function(){return r.clearAuthCallbackParamsFromUrl()})),(0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})))}return this.refreshWithCookie().pipe((0,operators_1.map)((function(e){return r.updateTokenFromResponse(e)})),(0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})),(0,operators_1.catchError)((function(){return r.redirectToLoginPage(t)})))},r.prototype.refresh=function(){var e=this;return this.refreshWithCookie().pipe((0,operators_1.map)((function(r){return e.updateTokenFromResponse(r)})),(0,operators_1.catchError)((function(r){return e.handleRefreshError(r)})))},r.prototype.logout=function(e){return void 0!==(null==e?void 0:e.postLogoutRedirectUri)?this.logoutThroughBrowser(e.postLogoutRedirectUri):this.revokeSession()},r.prototype.logoutThroughBrowser=function(e){if("string"!=typeof e||!e.trim())return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,{postLogoutRedirectUri:e},"Missing postLogoutRedirectUri for browser logout.")}));if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,{postLogoutRedirectUri:e},"Cannot redirect to the logout page outside of a browser context.")}));var r;try{r=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}var t=new URL("".concat(r,"/auth/logout"));return t.searchParams.set("post_logout_redirect_uri",e),this.resetToken(),this.sessionEnded(),(0,rxjs_1.of)(void 0).pipe((0,operators_1.tap)((function(){return window.location.assign(t.toString())})))},r.prototype.revokeSession=function(){var e,r=this;if(!this.hasSessionToRevoke())return this.resetToken(),this.sessionEnded(),(0,rxjs_1.of)(void 0);try{e=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(e,"/auth/revoke"),{access_token:this.status.accessToken||null,refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(){r.resetToken(),r.sessionEnded()})),(0,operators_1.catchError)((function(e){return r.resetToken(),r.sessionEnded(),r.handleError(e)})))},r.prototype.exchangeCodeForToken=function(e,r){var t,o,n=this;try{t=this.getPartiumApiBaseUrl(),o=this.getPkceCodeVerifier()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(t,"/auth"),{grant_type:"authorization_code",code:e,redirect_uri:r,code_verifier:o},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(e){n.clearPkceCodeVerifier(),n.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return n.handleError(e)})))},r.prototype.loginWithApiKey=function(e){var r,t=this;try{r=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(r,"/auth"),{},void 0,{Authorization:"Bearer ".concat(e)},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(e){return t.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return t.handleError(e)})))},r.prototype.refreshWithCookie=function(){var e;try{e=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(e,"/auth/refresh"),{refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS)},r.prototype.redirectToLoginPage=function(e){if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Cannot redirect to OAuth login page outside of a browser context.")}));var r;try{r=this.getRedirectUrl(e)}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return(0,rxjs_1.from)(this.buildOauthAuthorizationUrl(r)).pipe((0,operators_1.tap)((function(e){window.location.href=e})),(0,operators_1.mergeMap)((function(){return rxjs_1.NEVER})))},r.prototype.buildOauthAuthorizationUrl=function(e){return __awaiter(this,void 0,void 0,(function(){var r,t,o,n,i,s,a,u,c;return __generator(this,(function(h){switch(h.label){case 0:if(r=this.authenticationConfig,t=r.baseUrl,o=r.realm,n=r.clientId,!t||!o||!n)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,r,"OAuth auth configuration is incomplete. Required: baseUrl, realm, clientId.");return i="".concat(t,"/auth/realms/").concat(o,"/protocol/openid-connect/auth"),s=new URLSearchParams({client_id:n,redirect_uri:e,response_type:"code",response_mode:"query",scope:"openid"}),a=this.createPkceCodeVerifier(),[4,this.createPkceCodeChallenge(a)];case 1:return u=h.sent(),this.storePkceCodeVerifier(a),s.set("code_challenge",u),s.set("code_challenge_method",PKCE_CODE_CHALLENGE_METHOD),(c=this.getUrlQueryParam("kc_idp_hint"))&&s.set("kc_idp_hint",c),[2,"".concat(i,"?").concat(s.toString())]}}))}))},r.prototype.getRedirectUrl=function(e){var r=e.redirectUrl||this.authenticationConfig.redirectUrl;if(!r)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing redirectUrl in OAuth authentication configuration.");return r},r.prototype.getPartiumApiBaseUrl=function(){var e=this.authenticationConfig.partiumApiBaseUrl;if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing partiumApiBaseUrl in OAuth authentication configuration.");return e},r.prototype.getUrlQueryParam=function(e){var r;return"undefined"!=typeof window&&(null===(r=window.location)||void 0===r?void 0:r.search)?new URLSearchParams(window.location.search).get(e):null},r.prototype.getOauthErrorFromUrl=function(){var e=this.getUrlQueryParam("error"),r=this.getUrlQueryParam("error_description");if(e||r)return[e,r].filter((function(e){return!!e})).join(" - ")},r.prototype.clearAuthCallbackParamsFromUrl=function(){if("undefined"!=typeof window){var e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("session_state"),e.searchParams.delete("iss"),e.searchParams.delete("error"),e.searchParams.delete("error_description");var r="".concat(e.pathname).concat(e.search).concat(e.hash);window.history.replaceState(window.history.state,"",r)}},r.prototype.updateTokenFromResponse=function(e){this.updateToken(e.token),e.token&&this.markActiveCookieSession()},r.prototype.updateToken=function(e){if(e){var r=(0,user_token_1.createUserToken)(e),t=this.getNumericClaim(r.exp),o=this.getNumericClaim(r.iat),n=void 0!==t?new Date(1e3*t):new Date,i=void 0!==o?new Date(1e3*o):new Date,s=user_1.User.createFromToken(r),a=this.getStringArrayClaim(r.features);this.tokenUpdated(e,n),this.setUser(s),this.status={accessToken:e,accessTokenCreateDate:i,accessTokenExpiration:n,refreshToken:void 0,authenticated:!0,user:s,featureFlags:a},this.status$.next(this.status)}else this.resetToken()},r.prototype.resetToken=function(){this.tokenUpdated(null,null),this.setUser(null),this.clearActiveCookieSession(),this.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},this.status$.next(this.status)},r.prototype.handleRefreshError=function(e){return e instanceof error_1.SdkError&&this.isExpiredOrMissingRefreshError(e)?(this.resetToken(),this.sessionEnded(),(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.REFRESH_TOKEN_EXPIRED,e.detail,"Refresh token expired or missing.")}))):this.handleError(e)},r.prototype.isExpiredOrMissingRefreshError=function(e){return e.code===error_1.SDK_ERROR_CODES.USER_UNAUTHORIZED||e.code===error_1.SDK_ERROR_CODES.UNPROCESSABLE_ENTITY&&this.getRefreshValidationMessages(e.detail).includes(MISSING_REFRESH_TOKEN_ERROR_MESSAGE)},r.prototype.getRefreshValidationMessages=function(e){var r,t,o=this,n=this.asRefreshValidationErrorDetail(e);if(!n)return[];if("string"==typeof n.message)return[n.message];var i=null===(t=null===(r=n.response)||void 0===r?void 0:r.data)||void 0===t?void 0:t.detail;return"string"==typeof i?[i]:Array.isArray(i)?i.map((function(e){return o.getRefreshValidationMessage(e)})).filter((function(e){return void 0!==e})):[]},r.prototype.handleError=function(e){var r=this;return e instanceof error_1.SdkError?(0,rxjs_1.throwError)((function(){return e})):(0,rxjs_1.throwError)((function(){return r.createSdkError(e)}))},r.prototype.createSdkError=function(e,r){return new error_1.SdkError(error_1.SDK_ERROR_CODES.OAUTH_ERROR,e,r)},r.prototype.hasSessionToRevoke=function(){return Boolean(this.status.accessToken)||this.hasActiveCookieSession()},r.prototype.createPkceCodeVerifier=function(){var e=new Uint8Array(32);return this.getBrowserCrypto().getRandomValues(e),this.base64UrlEncode(e)},r.prototype.createPkceCodeChallenge=function(e){return __awaiter(this,void 0,void 0,(function(){var r,t;return __generator(this,(function(o){switch(o.label){case 0:if("undefined"==typeof TextEncoder)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"TextEncoder is required for PKCE OAuth login.");return r=(new TextEncoder).encode(e),[4,this.getBrowserCrypto().subtle.digest("SHA-256",r)];case 1:return t=o.sent(),[2,this.base64UrlEncode(new Uint8Array(t))]}}))}))},r.prototype.getBrowserCrypto=function(){var e;if("function"!=typeof(null===(e=globalThis.crypto)||void 0===e?void 0:e.getRandomValues)||!globalThis.crypto.subtle)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Web Crypto API is required for PKCE OAuth login.");return globalThis.crypto},r.prototype.storePkceCodeVerifier=function(e){this.getBrowserSessionStorage().setItem(PKCE_CODE_VERIFIER_STORAGE_KEY,e)},r.prototype.getPkceCodeVerifier=function(){var e=this.getBrowserSessionStorage().getItem(PKCE_CODE_VERIFIER_STORAGE_KEY);if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Missing PKCE code verifier for OAuth callback.");return e},r.prototype.clearPkceCodeVerifier=function(){"undefined"!=typeof window&&window.sessionStorage.removeItem(PKCE_CODE_VERIFIER_STORAGE_KEY)},r.prototype.markActiveCookieSession=function(){this.getBrowserSessionStorage().setItem(COOKIE_SESSION_STORAGE_KEY,COOKIE_SESSION_STORAGE_VALUE)},r.prototype.hasActiveCookieSession=function(){return"undefined"!=typeof window&&window.sessionStorage.getItem(COOKIE_SESSION_STORAGE_KEY)===COOKIE_SESSION_STORAGE_VALUE},r.prototype.clearActiveCookieSession=function(){"undefined"!=typeof window&&window.sessionStorage.removeItem(COOKIE_SESSION_STORAGE_KEY)},r.prototype.getBrowserSessionStorage=function(){if("undefined"==typeof window)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Browser sessionStorage is required for the web-cookie OAuth flow.");return window.sessionStorage},r.prototype.base64UrlEncode=function(e){var r=Array.from(e,(function(e){return String.fromCharCode(e)})).join("");return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")},r.prototype.getNumericClaim=function(e){return"number"==typeof e?e:void 0},r.prototype.getStringArrayClaim=function(e){return Array.isArray(e)&&e.every((function(e){return"string"==typeof e}))?e:void 0},r.prototype.asRefreshValidationErrorDetail=function(e){return this.isObjectRecord(e)?e:void 0},r.prototype.getRefreshValidationMessage=function(e){if(this.isObjectRecord(e))return"string"==typeof e.msg?e.msg:void 0},r.prototype.isObjectRecord=function(e){return"object"==typeof e&&null!==e},r}(oauth_session_service_1.OauthSessionService);exports.JSOauthWebCookieSessionService=JSOauthWebCookieSessionService;
2
+ "use strict";var __extends=this&&this.__extends||function(){var e=function(r,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,r){e.__proto__=r}||function(e,r){for(var t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t])},e(r,t)};return function(r,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function o(){this.constructor=r}e(r,t),r.prototype=null===t?Object.create(t):(o.prototype=t.prototype,new o)}}(),__awaiter=this&&this.__awaiter||function(e,r,t,o){return new(t||(t=Promise))((function(i,n){function s(e){try{u(o.next(e))}catch(e){n(e)}}function a(e){try{u(o.throw(e))}catch(e){n(e)}}function u(e){var r;e.done?i(e.value):(r=e.value,r instanceof t?r:new t((function(e){e(r)}))).then(s,a)}u((o=o.apply(e,r||[])).next())}))},__generator=this&&this.__generator||function(e,r){var t,o,i,n,s={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return n={next:a(0),throw:a(1),return:a(2)},"function"==typeof Symbol&&(n[Symbol.iterator]=function(){return this}),n;function a(a){return function(u){return function(a){if(t)throw new TypeError("Generator is already executing.");for(;n&&(n=0,a[0]&&(s=0)),s;)try{if(t=1,o&&(i=2&a[0]?o.return:a[0]?o.throw||((i=o.return)&&i.call(o),0):o.next)&&!(i=i.call(o,a[1])).done)return i;switch(o=0,i&&(a=[2&a[0],i.value]),a[0]){case 0:case 1:i=a;break;case 4:return s.label++,{value:a[1],done:!1};case 5:s.label++,o=a[1],a=[0];continue;case 7:a=s.ops.pop(),s.trys.pop();continue;default:if(!(i=s.trys,(i=i.length>0&&i[i.length-1])||6!==a[0]&&2!==a[0])){s=0;continue}if(3===a[0]&&(!i||a[1]>i[0]&&a[1]<i[3])){s.label=a[1];break}if(6===a[0]&&s.label<i[1]){s.label=i[1],i=a;break}if(i&&s.label<i[2]){s.label=i[2],s.ops.push(a);break}i[2]&&s.ops.pop(),s.trys.pop();continue}a=r.call(e,s)}catch(e){a=[6,e],o=0}finally{t=i=0}if(5&a[0])throw a[1];return{value:a[0]?a[1]:void 0,done:!0}}([a,u])}}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.JSOauthWebCookieSessionService=exports.JSOauthWebCookieLoginConfig=exports.JSOauthWebCookieAuthenticationConfig=exports.JSOauthWebCookieStatus=void 0;var rxjs_1=require("rxjs"),operators_1=require("rxjs/operators"),auth_config_1=require("../../models/auth-config"),error_1=require("../../models/error"),user_token_1=require("../../models/user-token"),user_1=require("../../models/user"),https_client_service_interface_1=require("../../services/http/https-client/https-client.service.interface"),oauth_session_service_1=require("../../services/session/oauth-session.service"),COOKIE_REQUEST_OPTIONS={withCredentials:!0},MISSING_REFRESH_TOKEN_ERROR_MESSAGE="Refresh token not provided in cookie or request body.",PKCE_CODE_VERIFIER_STORAGE_KEY="partium.oauth.web_cookie.pkce_code_verifier",COOKIE_SESSION_STORAGE_KEY="partium.oauth.web_cookie.has_active_session",COOKIE_SESSION_STORAGE_VALUE="true",PKCE_CODE_CHALLENGE_METHOD="S256",JSOauthWebCookieStatus=function(e){function r(){return null!==e&&e.apply(this,arguments)||this}return __extends(r,e),r}(oauth_session_service_1.OauthStatus);exports.JSOauthWebCookieStatus=JSOauthWebCookieStatus;var JSOauthWebCookieAuthenticationConfig=function(e){function r(r){var t=e.call(this,r)||this;return t.partiumApiBaseUrl="https://api.partium.io",t.oauthSessionService=JSOauthWebCookieSessionService,Object.assign(t,r),t}return __extends(r,e),r}(auth_config_1.OauthAuthenticationConfig);exports.JSOauthWebCookieAuthenticationConfig=JSOauthWebCookieAuthenticationConfig;var JSOauthWebCookieLoginConfig=function(e){function r(r){var t=e.call(this)||this;return Object.assign(t,r),t}return __extends(r,e),r}(oauth_session_service_1.OauthLoginConfig);exports.JSOauthWebCookieLoginConfig=JSOauthWebCookieLoginConfig;var JSOauthWebCookieSessionService=function(e){function r(r){var t=e.call(this,r)||this;return t.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},t.status$=new rxjs_1.BehaviorSubject(t.status),t}return __extends(r,e),r.prototype.onCreate=function(){e.prototype.onCreate.call(this),this.httpsClientService=this.serviceProvider.getService(https_client_service_interface_1.HttpsClientService)},r.prototype.getStatus=function(){return this.status$.asObservable()},r.prototype.login=function(e){var r=this,t=e,o=this.authenticationConfig,i=t.apiKey||o.apiKey,n=this.getUrlQueryParam("code"),s=this.getOauthErrorFromUrl();if(i)return this.loginWithApiKey(i).pipe((0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})));if(s)return this.clearPkceCodeVerifier(),(0,rxjs_1.throwError)((function(){return r.createSdkError(null,s)}));var a=o.authorizationCode||n;if(a){var u=void 0;try{u=this.stripIdentityProviderHintsFromRedirectUrl(this.getRedirectUrl(t))}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.exchangeCodeForToken(a,u).pipe((0,operators_1.tap)((function(){return r.clearAuthCallbackParamsFromUrl()})),(0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})))}return this.refreshWithCookie().pipe((0,operators_1.map)((function(e){return r.updateTokenFromResponse(e)})),(0,operators_1.mergeMap)((function(){return r.sessionSetup(t.loginEventContext)})),(0,operators_1.catchError)((function(){return r.redirectToLoginPage(t)})))},r.prototype.refresh=function(){var e=this;return this.refreshWithCookie().pipe((0,operators_1.map)((function(r){return e.updateTokenFromResponse(r)})),(0,operators_1.catchError)((function(r){return e.handleRefreshError(r)})))},r.prototype.logout=function(e){return void 0!==(null==e?void 0:e.postLogoutRedirectUri)?this.logoutThroughBrowser(e.postLogoutRedirectUri):this.revokeSession()},r.prototype.logoutThroughBrowser=function(e){if("string"!=typeof e||!e.trim())return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,{postLogoutRedirectUri:e},"Missing postLogoutRedirectUri for browser logout.")}));if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,{postLogoutRedirectUri:e},"Cannot redirect to the logout page outside of a browser context.")}));var r;try{r=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}var t=new URL("".concat(r,"/auth/logout"));t.searchParams.set("post_logout_redirect_uri",e),this.resetToken(),this.sessionEnded();var o=t.toString();return(0,rxjs_1.of)(void 0).pipe((0,operators_1.tap)((function(){window.setTimeout((function(){window.location.assign(o)}),0)})))},r.prototype.revokeSession=function(){var e,r=this;if(!this.hasSessionToRevoke())return this.resetToken(),this.sessionEnded(),(0,rxjs_1.of)(void 0);try{e=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(e,"/auth/revoke"),{access_token:this.status.accessToken||null,refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(){r.resetToken(),r.sessionEnded()})),(0,operators_1.catchError)((function(e){return r.resetToken(),r.sessionEnded(),r.handleError(e)})))},r.prototype.exchangeCodeForToken=function(e,r){var t,o,i=this;try{t=this.getPartiumApiBaseUrl(),o=this.getPkceCodeVerifier()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(t,"/auth"),{grant_type:"authorization_code",code:e,redirect_uri:r,code_verifier:o},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(e){i.clearPkceCodeVerifier(),i.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return i.handleError(e)})))},r.prototype.loginWithApiKey=function(e){var r,t=this;try{r=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(r,"/auth"),{},void 0,{Authorization:"Bearer ".concat(e)},COOKIE_REQUEST_OPTIONS).pipe((0,operators_1.map)((function(e){return t.updateTokenFromResponse(e)})),(0,operators_1.catchError)((function(e){return t.handleError(e)})))},r.prototype.refreshWithCookie=function(){var e;try{e=this.getPartiumApiBaseUrl()}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return this.httpsClientService.post("".concat(e,"/auth/refresh"),{refresh_token:null},void 0,{"Content-Type":"application/json"},COOKIE_REQUEST_OPTIONS)},r.prototype.redirectToLoginPage=function(e){if("undefined"==typeof window)return(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Cannot redirect to OAuth login page outside of a browser context.")}));var r;try{r=this.getRedirectUrl(e)}catch(e){return(0,rxjs_1.throwError)((function(){return e}))}return(0,rxjs_1.from)(this.buildOauthAuthorizationUrl(r)).pipe((0,operators_1.tap)((function(e){window.location.href=e})),(0,operators_1.mergeMap)((function(){return rxjs_1.NEVER})))},r.prototype.buildOauthAuthorizationUrl=function(e){return __awaiter(this,void 0,void 0,(function(){var r,t,o,i,n,s,a,u,c,h,p;return __generator(this,(function(_){switch(_.label){case 0:if(r=this.authenticationConfig,t=r.baseUrl,o=r.realm,i=r.clientId,!t||!o||!i)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,r,"OAuth auth configuration is incomplete. Required: baseUrl, realm, clientId.");return n=this.stripIdentityProviderHintsFromRedirectUrl(e),s="".concat(t,"/auth/realms/").concat(o,"/protocol/openid-connect/auth"),a=new URLSearchParams({client_id:i,redirect_uri:n,response_type:"code",response_mode:"query",scope:"openid"}),u=this.createPkceCodeVerifier(),[4,this.createPkceCodeChallenge(u)];case 1:return c=_.sent(),this.storePkceCodeVerifier(u),a.set("code_challenge",c),a.set("code_challenge_method",PKCE_CODE_CHALLENGE_METHOD),(h=this.getKcIdpHintForAuthorizationRequest(e))&&a.set("kc_idp_hint",h),(p=this.getUseOrganizationIdpForAuthorizationRequest(e))&&a.set("use_organization_idp",p),[2,"".concat(s,"?").concat(a.toString())]}}))}))},r.prototype.getRedirectUrl=function(e){var r=e.redirectUrl||this.authenticationConfig.redirectUrl;if(!r)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing redirectUrl in OAuth authentication configuration.");return r},r.prototype.getPartiumApiBaseUrl=function(){var e=this.authenticationConfig.partiumApiBaseUrl;if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INVALID_AUTH_CONFIG,this.authenticationConfig,"Missing partiumApiBaseUrl in OAuth authentication configuration.");return e},r.prototype.getUrlQueryParam=function(e){var r;return"undefined"!=typeof window&&(null===(r=window.location)||void 0===r?void 0:r.search)?new URLSearchParams(window.location.search).get(e):null},r.prototype.getHintFromUrlString=function(e,r){try{return new URL(e).searchParams.get(r)}catch(e){return null}},r.prototype.stripIdentityProviderHintsFromRedirectUrl=function(e){var r=new URL(e);return r.searchParams.delete("kc_idp_hint"),r.searchParams.delete("use_organization_idp"),r.toString()},r.prototype.resolveAuthorizationHintParam=function(e,r){var t=this.getUrlQueryParam(e);return t||this.getHintFromUrlString(r,e)},r.prototype.getKcIdpHintForAuthorizationRequest=function(e){return this.resolveAuthorizationHintParam("kc_idp_hint",e)},r.prototype.getUseOrganizationIdpForAuthorizationRequest=function(e){return this.resolveAuthorizationHintParam("use_organization_idp",e)},r.prototype.getOauthErrorFromUrl=function(){var e=this.getUrlQueryParam("error"),r=this.getUrlQueryParam("error_description");if(e||r)return[e,r].filter((function(e){return!!e})).join(" - ")},r.prototype.clearAuthCallbackParamsFromUrl=function(){if("undefined"!=typeof window){var e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("session_state"),e.searchParams.delete("iss"),e.searchParams.delete("error"),e.searchParams.delete("error_description"),e.searchParams.delete("kc_idp_hint"),e.searchParams.delete("use_organization_idp"),e.searchParams.delete("apiKey"),e.searchParams.delete("apikey");var r="".concat(e.pathname).concat(e.search).concat(e.hash);window.history.replaceState(window.history.state,"",r)}},r.prototype.updateTokenFromResponse=function(e){this.updateToken(e.token),e.token&&this.markActiveCookieSession()},r.prototype.updateToken=function(e){if(e){var r=(0,user_token_1.createUserToken)(e),t=this.getNumericClaim(r.exp),o=this.getNumericClaim(r.iat),i=void 0!==t?new Date(1e3*t):new Date,n=void 0!==o?new Date(1e3*o):new Date,s=user_1.User.createFromToken(r),a=this.getStringArrayClaim(r.features);this.tokenUpdated(e,i),this.setUser(s),this.status={accessToken:e,accessTokenCreateDate:n,accessTokenExpiration:i,refreshToken:void 0,authenticated:!0,user:s,featureFlags:a},this.status$.next(this.status)}else this.resetToken()},r.prototype.resetToken=function(){this.tokenUpdated(null,null),this.setUser(null),this.clearActiveCookieSession(),this.status={accessToken:void 0,accessTokenExpiration:void 0,accessTokenCreateDate:void 0,authenticated:!1,refreshToken:void 0,user:void 0,featureFlags:void 0},this.status$.next(this.status)},r.prototype.handleRefreshError=function(e){return e instanceof error_1.SdkError&&this.isExpiredOrMissingRefreshError(e)?(this.resetToken(),this.sessionEnded(),(0,rxjs_1.throwError)((function(){return new error_1.SdkError(error_1.SDK_ERROR_CODES.REFRESH_TOKEN_EXPIRED,e.detail,"Refresh token expired or missing.")}))):this.handleError(e)},r.prototype.isExpiredOrMissingRefreshError=function(e){return e.code===error_1.SDK_ERROR_CODES.USER_UNAUTHORIZED||e.code===error_1.SDK_ERROR_CODES.UNPROCESSABLE_ENTITY&&this.getRefreshValidationMessages(e.detail).includes(MISSING_REFRESH_TOKEN_ERROR_MESSAGE)},r.prototype.getRefreshValidationMessages=function(e){var r,t,o=this,i=this.asRefreshValidationErrorDetail(e);if(!i)return[];if("string"==typeof i.message)return[i.message];var n=null===(t=null===(r=i.response)||void 0===r?void 0:r.data)||void 0===t?void 0:t.detail;return"string"==typeof n?[n]:Array.isArray(n)?n.map((function(e){return o.getRefreshValidationMessage(e)})).filter((function(e){return void 0!==e})):[]},r.prototype.handleError=function(e){var r=this;return e instanceof error_1.SdkError?(0,rxjs_1.throwError)((function(){return e})):(0,rxjs_1.throwError)((function(){return r.createSdkError(e)}))},r.prototype.createSdkError=function(e,r){return new error_1.SdkError(error_1.SDK_ERROR_CODES.OAUTH_ERROR,e,r)},r.prototype.hasSessionToRevoke=function(){return Boolean(this.status.accessToken)||this.hasActiveCookieSession()},r.prototype.createPkceCodeVerifier=function(){var e=new Uint8Array(32);return this.getBrowserCrypto().getRandomValues(e),this.base64UrlEncode(e)},r.prototype.createPkceCodeChallenge=function(e){return __awaiter(this,void 0,void 0,(function(){var r,t;return __generator(this,(function(o){switch(o.label){case 0:if("undefined"==typeof TextEncoder)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"TextEncoder is required for PKCE OAuth login.");return r=(new TextEncoder).encode(e),[4,this.getBrowserCrypto().subtle.digest("SHA-256",r)];case 1:return t=o.sent(),[2,this.base64UrlEncode(new Uint8Array(t))]}}))}))},r.prototype.getBrowserCrypto=function(){var e;if("function"!=typeof(null===(e=globalThis.crypto)||void 0===e?void 0:e.getRandomValues)||!globalThis.crypto.subtle)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Web Crypto API is required for PKCE OAuth login.");return globalThis.crypto},r.prototype.storePkceCodeVerifier=function(e){this.getBrowserSessionStorage().setItem(PKCE_CODE_VERIFIER_STORAGE_KEY,e)},r.prototype.getPkceCodeVerifier=function(){var e=this.getBrowserSessionStorage().getItem(PKCE_CODE_VERIFIER_STORAGE_KEY);if(!e)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Missing PKCE code verifier for OAuth callback.");return e},r.prototype.clearPkceCodeVerifier=function(){"undefined"!=typeof window&&window.sessionStorage.removeItem(PKCE_CODE_VERIFIER_STORAGE_KEY)},r.prototype.markActiveCookieSession=function(){this.getBrowserSessionStorage().setItem(COOKIE_SESSION_STORAGE_KEY,COOKIE_SESSION_STORAGE_VALUE)},r.prototype.hasActiveCookieSession=function(){return"undefined"!=typeof window&&window.sessionStorage.getItem(COOKIE_SESSION_STORAGE_KEY)===COOKIE_SESSION_STORAGE_VALUE},r.prototype.clearActiveCookieSession=function(){"undefined"!=typeof window&&window.sessionStorage.removeItem(COOKIE_SESSION_STORAGE_KEY)},r.prototype.getBrowserSessionStorage=function(){if("undefined"==typeof window)throw new error_1.SdkError(error_1.SDK_ERROR_CODES.INTEGRATION_ERROR,null,"Browser sessionStorage is required for the web-cookie OAuth flow.");return window.sessionStorage},r.prototype.base64UrlEncode=function(e){var r=Array.from(e,(function(e){return String.fromCharCode(e)})).join("");return btoa(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")},r.prototype.getNumericClaim=function(e){return"number"==typeof e?e:void 0},r.prototype.getStringArrayClaim=function(e){return Array.isArray(e)&&e.every((function(e){return"string"==typeof e}))?e:void 0},r.prototype.asRefreshValidationErrorDetail=function(e){return this.isObjectRecord(e)?e:void 0},r.prototype.getRefreshValidationMessage=function(e){if(this.isObjectRecord(e))return"string"==typeof e.msg?e.msg:void 0},r.prototype.isObjectRecord=function(e){return"object"==typeof e&&null!==e},r}(oauth_session_service_1.OauthSessionService);exports.JSOauthWebCookieSessionService=JSOauthWebCookieSessionService;
package/gen/sdk-version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
1
  // Copyright © 2022-2026 Partium, Inc. DBA Partium
2
- export declare const SDK_VERSION_NUMBER = "15.17.0";
2
+ export declare const SDK_VERSION_NUMBER = "15.17.1";
package/gen/sdk-version.js CHANGED
@@ -1,2 +1,2 @@
1
1
  // Copyright © 2022-2026 Partium, Inc. DBA Partium
2
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.SDK_VERSION_NUMBER=void 0,exports.SDK_VERSION_NUMBER="15.17.0";
2
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.SDK_VERSION_NUMBER=void 0,exports.SDK_VERSION_NUMBER="15.17.1";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@partium/js-sdk",
3
- "version": "15.17.0",
3
+ "version": "15.17.1",
4
4
  "author": "Partium Inc.",
5
5
  "license": "See LICENSE.txt",
6
6
  "description": "The Partium Find SDK enables integration of Partium’s parts and materials search capabilities into JavaScript-based applications.",