@salesforce/core 4.0.0-v3.0 → 4.0.1

package/lib/util/sfdc.js

@@ -6,137 +6,85 @@
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sfdc = void 0;
-const url_1 = require("url");
+exports.matchesAccessToken = exports.findUpperCaseKeys = exports.validatePathDoesNotContainInvalidChars = exports.validateSalesforceId = exports.isInternalUrl = exports.validateEmail = exports.validateApiVersion = exports.trimTo15 = void 0;
 const kit_1 = require("@salesforce/kit");
 const ts_types_1 = require("@salesforce/ts-types");
-exports.sfdc = {
-    /**
-     * Returns `true` if a provided URL contains a Salesforce owned domain.
-     *
-     * @param urlString The URL to inspect.
-     */
-    isSalesforceDomain: (urlString) => {
-        let url;
-        try {
-            url = new url_1.URL(urlString);
-        }
-        catch (e) {
-            return false;
-        }
-        // Source https://help.salesforce.com/articleView?id=000003652&type=1
-        const allowlistOfSalesforceDomainPatterns = [
-            '.cloudforce.com',
-            '.content.force.com',
-            '.force.com',
-            '.salesforce.com',
-            '.salesforceliveagent.com',
-            '.secure.force.com',
-        ];
-        const allowlistOfSalesforceHosts = ['developer.salesforce.com', 'trailhead.salesforce.com'];
-        return allowlistOfSalesforceDomainPatterns.some((pattern) => {
-            return url.hostname.endsWith(pattern) || allowlistOfSalesforceHosts.includes(url.hostname);
-        });
-    },
-    /**
-     * Converts an 18 character Salesforce ID to 15 characters.
-     *
-     * @param id The id to convert.
-     */
-    trimTo15: (id) => {
-        if (id && id.length && id.length > 15) {
-            id = id.substring(0, 15);
+const sfdcUrl_1 = require("./sfdcUrl");
+function trimTo15(id) {
+    if (!id) {
+        return undefined;
+    }
+    if (id.length && id.length > 15) {
+        id = id.substring(0, 15);
+    }
+    return id;
+}
+exports.trimTo15 = trimTo15;
+/**
+ * Tests whether an API version matches the format `i.0`.
+ *
+ * @param value The API version as a string.
+ */
+const validateApiVersion = (value) => value == null || /^[1-9]\d\.0$/.test(value);
+exports.validateApiVersion = validateApiVersion;
+/**
+ * Tests whether an email matches the format `me@my.org`
+ *
+ * @param value The email as a string.
+ */
+const validateEmail = (value) => /^[^.][^@]*@[^.]+(\.[^.\s]+)+$/.test(value);
+exports.validateEmail = validateEmail;
+/**
+ * Tests whether a given url is an internal Salesforce domain
+ *
+ * @param url
+ */
+const isInternalUrl = (url) => new sfdcUrl_1.SfdcUrl(url).isInternalUrl();
+exports.isInternalUrl = isInternalUrl;
+/**
+ * Tests whether a Salesforce ID is in the correct format, a 15- or 18-character length string with only letters and numbers
+ *
+ * @param value The ID as a string.
+ */
+const validateSalesforceId = (value) => /[a-zA-Z0-9]{18}|[a-zA-Z0-9]{15}/.test(value) && (value.length === 15 || value.length === 18);
+exports.validateSalesforceId = validateSalesforceId;
+/**
+ * Tests whether a path is in the correct format; the value doesn't include the characters "[", "]", "?", "<", ">", "?", "|"
+ *
+ * @param value The path as a string.
+ */
+const validatePathDoesNotContainInvalidChars = (value) => 
+// eslint-disable-next-line no-useless-escape
+!/[\["\?<>\|\]]+/.test(value);
+exports.validatePathDoesNotContainInvalidChars = validatePathDoesNotContainInvalidChars;
+/**
+ * Returns the first key within the object that has an upper case first letter.
+ *
+ * @param data The object in which to check key casing.
+ * @param sectionBlocklist properties in the object to exclude from the search. e.g. a blocklist of `["a"]` and data of `{ "a": { "B" : "b"}}` would ignore `B` because it is in the object value under `a`.
+ */
+const findUpperCaseKeys = (data, sectionBlocklist = []) => {
+    let key;
+    (0, kit_1.findKey)(data, (val, k) => {
+        if (/^[A-Z]/.test(k)) {
+            key = k;
         }
-        return id;
-    },
-    /**
-     * Tests whether an API version matches the format `i.0`.
-     *
-     * @param value The API version as a string.
-     */
-    validateApiVersion: (value) => {
-        return value == null || /^[1-9]\d\.0$/.test(value);
-    },
-    /**
-     * Tests whether an email matches the format `me@my.org`
-     *
-     * @param value The email as a string.
-     */
-    validateEmail: (value) => {
-        return /^[^.][^@]*@[^.]+(\.[^.\s]+)+$/.test(value);
-    },
-    /**
-     * Tests whether a Salesforce ID is in the correct format, a 15- or 18-character length string with only letters and numbers
-     *
-     * @param value The ID as a string.
-     */
-    validateSalesforceId: (value) => {
-        return /[a-zA-Z0-9]{18}|[a-zA-Z0-9]{15}/.test(value) && (value.length === 15 || value.length === 18);
-    },
-    /**
-     * Tests whether a path is in the correct format; the value doesn't include the characters "[", "]", "?", "<", ">", "?", "|"
-     *
-     * @param value The path as a string.
-     */
-    validatePathDoesNotContainInvalidChars: (value) => {
-        // eslint-disable-next-line no-useless-escape
-        return !/[\["\?<>\|\]]+/.test(value);
-    },
-    /**
-     * Returns the first key within the object that has an upper case first letter.
-     *
-     * @param data The object in which to check key casing.
-     * @param sectionBlocklist properties in the object to exclude from the search. e.g. a blocklist of `["a"]` and data of `{ "a": { "B" : "b"}}` would ignore `B` because it is in the object value under `a`.
-     */
-    findUpperCaseKeys: (data, sectionBlocklist = []) => {
-        let key;
-        kit_1.findKey(data, (val, k) => {
-            if (k.substr(0, 1) === k.substr(0, 1).toUpperCase()) {
-                key = k;
-            }
-            else if (ts_types_1.isJsonMap(val)) {
-                if (sectionBlocklist.includes(k)) {
-                    return key;
-                }
-                key = exports.sfdc.findUpperCaseKeys(ts_types_1.asJsonMap(val));
+        else if ((0, ts_types_1.isJsonMap)(val)) {
+            if (sectionBlocklist.includes(k)) {
+                return key;
             }
-            return key;
-        });
+            key = (0, exports.findUpperCaseKeys)((0, ts_types_1.asJsonMap)(val));
+        }
         return key;
-    },
-    /**
-     * Tests whether a given string is an access token
-     *
-     * @param value
-     */
-    matchesAccessToken: (value) => {
-        return /^(00D\w{12,15})![.\w]*$/.test(value);
-    },
-    /**
-     * Tests whether a given url is an internal Salesforce domain
-     *
-     * @param url
-     */
-    isInternalUrl: (url) => {
-        const INTERNAL_URL_PARTS = [
-            '.vpod.',
-            'stm.salesforce.com',
-            'stm.force.com',
-            '.blitz.salesforce.com',
-            '.stm.salesforce.ms',
-            '.pc-rnd.force.com',
-            '.pc-rnd.salesforce.com',
-        ];
-        return (url.startsWith('https://gs1.') || exports.sfdc.isLocalUrl(url) || INTERNAL_URL_PARTS.some((part) => url.includes(part)));
-    },
-    /**
-     * Tests whether a given internal url runs on a local machine
-     *
-     * @param url
-     */
-    isLocalUrl: (url) => {
-        const LOCAL_PARTS = ['localhost.sfdcdev.', '.internal.'];
-        return LOCAL_PARTS.some((part) => url.includes(part));
-    },
+    });
+    return key;
 };
+exports.findUpperCaseKeys = findUpperCaseKeys;
+/**
+ * Tests whether a given string is an access token
+ *
+ * @param value
+ */
+const matchesAccessToken = (value) => /^(00D\w{12,15})![.\w]*$/.test(value);
+exports.matchesAccessToken = matchesAccessToken;
 //# sourceMappingURL=sfdc.js.map

package/lib/util/sfdcUrl.d.ts

@@ -0,0 +1,64 @@
+/// <reference types="node" />
+import { URL } from 'url';
+export declare function getLoginAudienceCombos(audienceUrl: string, loginUrl: string): Array<[string, string]>;
+export declare class SfdcUrl extends URL {
+    /**
+     * Salesforce URLs
+     */
+    static readonly SANDBOX = "https://test.salesforce.com";
+    static readonly PRODUCTION = "https://login.salesforce.com";
+    private static readonly cache;
+    private logger;
+    constructor(input: string | URL, base?: string | URL);
+    static isValidUrl(input: string | URL): boolean;
+    /**
+     * Returns the appropriate jwt audience url for this url
+     * Use SFDX_AUDIENCE_URL env var to override the audience url
+     *
+     * @param createdOrgInstance The Salesforce instance the org was created on. e.g. `cs42`
+     * @return {Promise<string>} The audience url
+     */
+    getJwtAudienceUrl(createdOrgInstance?: string): Promise<string>;
+    /**
+     * Tests whether this url contains a Salesforce owned domain
+     *
+     * @return {boolean} true if this is a salesforce domain
+     */
+    isSalesforceDomain(): boolean;
+    /**
+     * Tests whether this url is an internal Salesforce domain
+     *
+     * @returns {boolean} true if this is an internal domain
+     */
+    isInternalUrl(): boolean;
+    /**
+     * Tests whether this url runs on a local machine
+     *
+     * @returns {boolean} true if this is a local machine
+     */
+    isLocalUrl(): boolean;
+    toLightningDomain(): string;
+    /**
+     * Tests whether this url has the lightning domain extension
+     * This method that performs the dns lookup of the host. If the lookup fails the internal polling (1 second), client will try again until timeout
+     * If SFDX_DOMAIN_RETRY environment variable is set (number) it overrides the default timeout duration (240 seconds)
+     *
+     * @returns {Promise<true | never>} The resolved ip address or never
+     * @throws {@link SfError} If can't resolve DNS.
+     */
+    checkLightningDomain(): Promise<true | never>;
+    /**
+     * Method that performs the dns lookup of the host. If the lookup fails the internal polling (1 second), client will try again until timeout
+     * If SFDX_DOMAIN_RETRY environment variable is set (number) it overrides the default timeout duration (240 seconds)
+     *
+     * @returns the resolved ip address.
+     * @throws {@link SfError} If can't resolve DNS.
+     */
+    lookup(): Promise<string>;
+    /**
+     * Test whether this url represents a lightning domain
+     *
+     * @returns {boolean} true if this domain is a lightning domain
+     */
+    isLightningDomain(): boolean;
+}

package/lib/util/sfdcUrl.js

@@ -0,0 +1,197 @@
+"use strict";
+/*
+ * Copyright (c) 2021, salesforce.com, inc.
+ * All rights reserved.
+ * Licensed under the BSD 3-Clause license.
+ * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SfdcUrl = exports.getLoginAudienceCombos = void 0;
+const url_1 = require("url");
+const kit_1 = require("@salesforce/kit");
+const ts_types_1 = require("@salesforce/ts-types");
+const myDomainResolver_1 = require("../status/myDomainResolver");
+const logger_1 = require("../logger");
+const lifecycleEvents_1 = require("../lifecycleEvents");
+function getLoginAudienceCombos(audienceUrl, loginUrl) {
+    const filtered = [
+        [loginUrl, loginUrl],
+        [SfdcUrl.SANDBOX, SfdcUrl.SANDBOX],
+        [SfdcUrl.PRODUCTION, SfdcUrl.PRODUCTION],
+        [audienceUrl, audienceUrl],
+        [audienceUrl, SfdcUrl.PRODUCTION],
+        [audienceUrl, SfdcUrl.SANDBOX],
+        [loginUrl, audienceUrl],
+        [loginUrl, SfdcUrl.PRODUCTION],
+        [loginUrl, SfdcUrl.SANDBOX],
+        [SfdcUrl.PRODUCTION, audienceUrl],
+        [SfdcUrl.SANDBOX, audienceUrl],
+    ].filter(([login, audience]) => !((login === SfdcUrl.PRODUCTION && audience === SfdcUrl.SANDBOX) ||
+        (login === SfdcUrl.SANDBOX && audience === SfdcUrl.PRODUCTION)));
+    const reduced = filtered.reduce((acc, [login, audience]) => {
+        const l = new url_1.URL(login);
+        const a = new url_1.URL(audience);
+        acc.set(`${l.origin}:${a.origin}`, [login, audience]);
+        return acc;
+    }, new Map());
+    return [...reduced.values()];
+}
+exports.getLoginAudienceCombos = getLoginAudienceCombos;
+class SfdcUrl extends url_1.URL {
+    constructor(input, base) {
+        super(input.toString(), base);
+        if (this.protocol !== 'https:' && !SfdcUrl.cache.has(this.origin)) {
+            SfdcUrl.cache.add(this.origin);
+            void lifecycleEvents_1.Lifecycle.getInstance().emitWarning(`Using insecure protocol: ${this.protocol} on url: ${this.origin}`);
+        }
+    }
+    static isValidUrl(input) {
+        try {
+            new url_1.URL(input.toString());
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Returns the appropriate jwt audience url for this url
+     * Use SFDX_AUDIENCE_URL env var to override the audience url
+     *
+     * @param createdOrgInstance The Salesforce instance the org was created on. e.g. `cs42`
+     * @return {Promise<string>} The audience url
+     */
+    async getJwtAudienceUrl(createdOrgInstance) {
+        this.logger = await logger_1.Logger.child('SfdcUrl');
+        // environment variable is used as an override
+        const envVarVal = new kit_1.Env().getString('SFDX_AUDIENCE_URL', '');
+        if (envVarVal) {
+            this.logger.debug(`Audience URL overridden by env var SFDX_AUDIENCE_URL=${envVarVal}`);
+            return envVarVal;
+        }
+        if ((createdOrgInstance && /^gs1/gi.test(createdOrgInstance)) || /(gs1.my.salesforce.com)/gi.test(this.origin)) {
+            return 'https://gs1.salesforce.com';
+        }
+        return SfdcUrl.PRODUCTION;
+    }
+    /**
+     * Tests whether this url contains a Salesforce owned domain
+     *
+     * @return {boolean} true if this is a salesforce domain
+     */
+    isSalesforceDomain() {
+        // Source https://help.salesforce.com/articleView?id=000003652&type=1
+        const allowlistOfSalesforceDomainPatterns = [
+            '.cloudforce.com',
+            '.content.force.com',
+            '.force.com',
+            '.salesforce.com',
+            '.salesforceliveagent.com',
+            '.secure.force.com',
+            'crmforce.mil',
+        ];
+        const allowlistOfSalesforceHosts = ['developer.salesforce.com', 'trailhead.salesforce.com'];
+        return allowlistOfSalesforceDomainPatterns.some((pattern) => this.hostname.endsWith(pattern) || allowlistOfSalesforceHosts.includes(this.hostname));
+    }
+    /**
+     * Tests whether this url is an internal Salesforce domain
+     *
+     * @returns {boolean} true if this is an internal domain
+     */
+    isInternalUrl() {
+        const INTERNAL_URL_PARTS = [
+            '.vpod.',
+            'stm.salesforce.com',
+            'stm.force.com',
+            '.blitz.salesforce.com',
+            '.stm.salesforce.ms',
+            '.pc-rnd.force.com',
+            '.pc-rnd.salesforce.com',
+        ];
+        return (this.origin.startsWith('https://gs1.') ||
+            this.isLocalUrl() ||
+            INTERNAL_URL_PARTS.some((part) => this.origin.includes(part)));
+    }
+    /**
+     * Tests whether this url runs on a local machine
+     *
+     * @returns {boolean} true if this is a local machine
+     */
+    isLocalUrl() {
+        const LOCAL_PARTS = ['localhost.sfdcdev.', '.internal.'];
+        return LOCAL_PARTS.some((part) => this.origin.includes(part));
+    }
+    toLightningDomain() {
+        if (this.origin.endsWith('.my.salesforce.mil')) {
+            return this.origin.replace('.my.salesforce.mil', '.lightning.crmforce.mil');
+        }
+        // enhanced domains
+        // ex: sandbox.my.salesforce.com, scratch.my.salesforce.com, etc
+        if (this.origin.endsWith('.my.salesforce.com')) {
+            return this.origin.replace('.my.salesforce.com', '.lightning.force.com');
+        }
+        // alternative domains
+        if (this.origin.endsWith('.my-salesforce.com')) {
+            return this.origin.replace('.my-salesforce.com', '.my-lightning.com');
+        }
+        // all non-mil domains
+        return `https://${(0, ts_types_1.ensureArray)(/https?:\/\/([^.]*)/.exec(this.origin))
+            .slice(1, 2)
+            .pop()}.lightning.force.com`;
+    }
+    /**
+     * Tests whether this url has the lightning domain extension
+     * This method that performs the dns lookup of the host. If the lookup fails the internal polling (1 second), client will try again until timeout
+     * If SFDX_DOMAIN_RETRY environment variable is set (number) it overrides the default timeout duration (240 seconds)
+     *
+     * @returns {Promise<true | never>} The resolved ip address or never
+     * @throws {@link SfError} If can't resolve DNS.
+     */
+    async checkLightningDomain() {
+        const quantity = (0, ts_types_1.ensureNumber)(new kit_1.Env().getNumber('SFDX_DOMAIN_RETRY', 240));
+        const timeout = new kit_1.Duration(quantity, kit_1.Duration.Unit.SECONDS);
+        if (this.isInternalUrl() || timeout.seconds === 0) {
+            return true;
+        }
+        const resolver = await myDomainResolver_1.MyDomainResolver.create({
+            url: new url_1.URL(this.toLightningDomain()),
+            timeout,
+            frequency: new kit_1.Duration(1, kit_1.Duration.Unit.SECONDS),
+        });
+        await resolver.resolve();
+        return true;
+    }
+    /**
+     * Method that performs the dns lookup of the host. If the lookup fails the internal polling (1 second), client will try again until timeout
+     * If SFDX_DOMAIN_RETRY environment variable is set (number) it overrides the default timeout duration (240 seconds)
+     *
+     * @returns the resolved ip address.
+     * @throws {@link SfError} If can't resolve DNS.
+     */
+    async lookup() {
+        const quantity = (0, ts_types_1.ensureNumber)(new kit_1.Env().getNumber('SFDX_DOMAIN_RETRY', 240));
+        const timeout = new kit_1.Duration(quantity, kit_1.Duration.Unit.SECONDS);
+        const resolver = await myDomainResolver_1.MyDomainResolver.create({
+            url: new url_1.URL(this.origin),
+            timeout,
+            frequency: new kit_1.Duration(1, kit_1.Duration.Unit.SECONDS),
+        });
+        return resolver.resolve();
+    }
+    /**
+     * Test whether this url represents a lightning domain
+     *
+     * @returns {boolean} true if this domain is a lightning domain
+     */
+    isLightningDomain() {
+        return this.origin.includes('.lightning.force.com') || this.origin.includes('.lightning.crmforce.mil');
+    }
+}
+exports.SfdcUrl = SfdcUrl;
+/**
+ * Salesforce URLs
+ */
+SfdcUrl.SANDBOX = 'https://test.salesforce.com';
+SfdcUrl.PRODUCTION = 'https://login.salesforce.com';
+SfdcUrl.cache = new Set();
+//# sourceMappingURL=sfdcUrl.js.map

package/lib/util/structuredWriter.d.ts

@@ -0,0 +1,9 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import { Readable } from 'stream';
+export interface StructuredWriter {
+    addToStore(contents: string | Readable | Buffer, path: string): Promise<void>;
+    finalize(): Promise<void>;
+    getDestinationPath(): string | undefined;
+    get buffer(): Buffer;
+}

package/lib/util/structuredWriter.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=structuredWriter.js.map

package/lib/util/zipWriter.d.ts

@@ -0,0 +1,16 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import { Readable, Writable } from 'stream';
+import { StructuredWriter } from './structuredWriter';
+export declare class ZipWriter extends Writable implements StructuredWriter {
+    private readonly rootDestination?;
+    private zip;
+    private buffers;
+    constructor(rootDestination?: string | undefined);
+    get buffer(): Buffer;
+    addToStore(contents: string | Readable | Buffer, path: string): Promise<void>;
+    finalize(): Promise<void>;
+    getDestinationPath(): string | undefined;
+    private getOutputStream;
+    private getInputBuffer;
+}

package/lib/util/zipWriter.js

@@ -0,0 +1,68 @@
+"use strict";
+/*
+ * Copyright (c) 2021, salesforce.com, inc.
+ * All rights reserved.
+ * Licensed under the BSD 3-Clause license.
+ * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ZipWriter = void 0;
+const fs_1 = require("fs");
+const stream_1 = require("stream");
+const util_1 = require("util");
+const archiver_1 = require("archiver");
+const pipeline = (0, util_1.promisify)(stream_1.pipeline);
+class ZipWriter extends stream_1.Writable {
+    constructor(rootDestination) {
+        super({ objectMode: true });
+        this.rootDestination = rootDestination;
+        // compression-/speed+ (0)<---(3)---------->(9) compression+/speed-
+        // 3 appears to be a decent balance of compression and speed. It felt like
+        // higher values = diminishing returns on compression and made conversion slower
+        this.zip = (0, archiver_1.create)('zip', { zlib: { level: 3 } });
+        this.buffers = [];
+        void pipeline(this.zip, this.getOutputStream());
+    }
+    get buffer() {
+        return Buffer.concat(this.buffers);
+    }
+    async addToStore(contents, path) {
+        this.zip.append(contents, { name: path });
+        return Promise.resolve();
+    }
+    async finalize() {
+        await this.zip.finalize();
+        await this.getInputBuffer();
+    }
+    getDestinationPath() {
+        return this.rootDestination;
+    }
+    getOutputStream() {
+        if (this.rootDestination) {
+            return (0, fs_1.createWriteStream)(this.rootDestination);
+        }
+        else {
+            const bufferWritable = new stream_1.Writable();
+            // eslint-disable-next-line no-underscore-dangle
+            bufferWritable._write = (chunk, encoding, cb) => {
+                this.buffers.push(chunk);
+                cb();
+            };
+            return bufferWritable;
+        }
+    }
+    async getInputBuffer() {
+        if (this.rootDestination) {
+            const inputStream = (0, fs_1.createReadStream)(this.rootDestination);
+            return new Promise((resolve, reject) => {
+                inputStream.on('data', (chunk) => {
+                    this.buffers.push(chunk);
+                });
+                inputStream.once('end', () => resolve());
+                inputStream.once('error', (error) => reject(error));
+            });
+        }
+    }
+}
+exports.ZipWriter = ZipWriter;
+//# sourceMappingURL=zipWriter.js.map

package/lib/webOAuthServer.d.ts

@@ -1,8 +1,8 @@
 /// <reference types="node" />
 import * as http from 'http';
+import { JwtOAuth2Config } from 'jsforce';
 import { AsyncCreatable } from '@salesforce/kit';
-import { OAuth2Options } from 'jsforce';
-import { AuthInfo } from './org/authInfo';
+import { AuthInfo } from './org';
 /**
  * Handles the creation of a web server for web based login flows.
  *
@@ -26,6 +26,7 @@ export declare class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Option
     private webServer;
     private oauth2;
     private oauthConfig;
+    private oauthError;
     constructor(options: WebOAuthServer.Options);
     /**
      * Returns the configured oauthLocalPort or the WebOAuthServer.DEFAULT_PORT
@@ -80,12 +81,14 @@ export declare class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Option
 }
 export declare namespace WebOAuthServer {
     interface Options {
-        oauthConfig: OAuth2Options;
+        oauthConfig: JwtOAuth2Config;
     }
     type Request = http.IncomingMessage & {
         query: {
             code: string;
             state: string;
+            error?: string;
+            error_description?: string;
         };
     };
 }
@@ -99,6 +102,7 @@ export declare class WebServer extends AsyncCreatable<WebServer.Options> {
     host: string;
     private logger;
     private sockets;
+    private redirectStatus;
     constructor(options: WebServer.Options);
     /**
      * Starts the http server after checking that the port is open
@@ -111,7 +115,7 @@ export declare class WebServer extends AsyncCreatable<WebServer.Options> {
     /**
      * sends a response error.
      *
-     * @param statusCode he statusCode for the response.
+     * @param status the statusCode for the response.
      * @param message the message for the http body.
      * @param response the response to write the error to.
      */
@@ -119,7 +123,7 @@ export declare class WebServer extends AsyncCreatable<WebServer.Options> {
     /**
      * sends a response redirect.
      *
-     * @param statusCode the statusCode for the response.
+     * @param status the statusCode for the response.
      * @param url the url to redirect to.
      * @param response the response to write the redirect to.
      */
@@ -127,11 +131,20 @@ export declare class WebServer extends AsyncCreatable<WebServer.Options> {
     /**
      * sends a response to the browser reporting an error.
      *
-     * @param error the error
-     * @param response the response to write the redirect to.
+     * @param error the oauth error
+     * @param response the HTTP response.
      */
     reportError(error: Error, response: http.ServerResponse): void;
+    /**
+     * sends a response to the browser reporting the success.
+     *
+     * @param response the HTTP response.
+     */
+    reportSuccess(response: http.ServerResponse): void;
+    handleSuccess(response: http.ServerResponse): Promise<void>;
+    handleError(response: http.ServerResponse): Promise<void>;
     protected init(): Promise<void>;
+    private handleRedirect;
     /**
      * Make sure we can't open a socket on the localhost/host port. It's important because we don't want to send
      * auth tokens to a random strange port listener. We want to make sure we can startup our server first.