@schibsted/account-sdk-browser 6.0.0-alpha.1 → 6.0.0-alpha.2

package/src/{identity.js → identity.ts}

@@ -2,153 +2,203 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict';
-
-import { assert, isStr, isNonEmptyString, isObject, isUrl, isStrIn } from './validate.js';
-import { cloneDeep } from './object.js';
-import { urlMapper } from './url.js';
-import { ENDPOINTS, NAMESPACE } from './config.js';
-import EventEmitter from 'tiny-emitter';
+import { TinyEmitter } from 'tiny-emitter';
 import Cache from './cache.js';
+import { ENDPOINTS, NAMESPACE } from './config.js';
+import { registerAndDispatchInGlobal } from './global-registry.js';
+import { cloneDeep } from './object.js';
 import * as popup from './popup.js';
 import RESTClient from './RESTClient.js';
 import SDKError from './SDKError.js';
 import * as spidTalk from './spidTalk.js';
+import { urlMapper } from './url.js';
+import { assert, isNonEmptyString, isObject, isStr, isStrIn, isUrl } from './validate.js';
 import version from './version.js';
-import { registerGlobal } from './global-registry.js';
 
 /**
- * @typedef {object} LoginOptions
- * @property {string} state - An opaque value used by the client to maintain state between
- * the request and callback. It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
- * @property {string} [acrValues] - Authentication Context Class Reference Values. If
- * omitted, the user will be asked to authenticate using username+password.
- * For 2FA (Two-Factor Authentication) possible values are `sms`, `otp` (one time password),
- * `password` (will force password confirmation, even if user is already logged in), `eid`. Those values might
- * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
- * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
- * Supported value is also 'otp-email' means one time password using email.
- * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
- * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
- * includes the id token which can be useful for getting information about the user. Omitting
- * scope is allowed, while `invalid_scope` is returned when the client asks for a scope you
- * aren’t allowed to request. {@link https://tools.ietf.org/html/rfc6749#section-3.3}
- * @property {string} [redirectUri] - Redirect uri that will receive the
- * code. Must exactly match a redirectUri from your client in self-service
- * @property {boolean} [preferPopup] - Should we try to open a popup window?
- * @property {string} [loginHint] - User email or UUID hint
- * @property {string} [tag] - Pulse tag
- * @property {string} [teaser] - Teaser slug. Teaser with given slug will be displayed
- * in place of default teaser
- * @property {number|string} [maxAge] - Specifies the allowable elapsed time in seconds since
- * the last time the End-User was actively authenticated. If last authentication time is more
- * than maxAge seconds in the past, re-authentication will be required. See the OpenID Connect
- * spec section 3.1.2.1 for more information
- * @property {string} [locale] - Optional parameter to overwrite client locale setting.
- * New flows supports nb_NO, fi_FI, sv_SE, en_US
- * @property {boolean} [oneStepLogin] - Display username and password on one screen
- * @property {string} [prompt] - String that specifies whether the Authorization Server prompts the
- * End-User for re-authentication or confirm account screen. Supported values: `select_account` or `login`
- * @property {string} [xDomainId] - Identifier for cross-domain tracking in Pulse
- * @property {string} [xEnvironmentId] - Environment for cross-domain tracking in Pulse
- * @property {string} [originCampaign] - Campaign identifier for tracking in Pulse
+ * Options accepted by {@link Identity#login} and related login URL helpers.
  */
+export type LoginOptions = {
+    /**
+     * An opaque value used by the client to maintain state between the request and callback.
+     * It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
+     */
+    state: string;
+    /**
+     * Authentication Context Class Reference Values. If omitted, the user will be asked to
+     * authenticate using username+password. For 2FA (Two-Factor Authentication) possible values
+     * are `sms`, `otp` (one time password), `password` (will force password confirmation, even if
+     * user is already logged in), `eid`. Those values might be mixed as space-separated string.
+     * To make sure that user has authenticated with 2FA you need to verify AMR (Authentication
+     * Methods References) claim in ID token. Might also be used to ensure additional acr
+     * (sms, otp, eid) for already logged in users. Supported value is also 'otp-email' means one
+     * time password using email.
+     */
+    acrValues?: string;
+    /**
+     * The OAuth scopes for the tokens. This is a list of scopes, separated by space. If the list
+     * of scopes contains `openid`, the generated tokens includes the id token which can be useful
+     * for getting information about the user. Omitting scope is allowed, while `invalid_scope` is
+     * returned when the client asks for a scope you aren't allowed to request.
+     * {@link https://tools.ietf.org/html/rfc6749#section-3.3}
+     * Defaults to `openid`.
+     */
+    scope?: string;
+    /**
+     * Redirect uri that will receive the code. Must exactly match a redirectUri from your client
+     * in self-service
+     */
+    redirectUri?: string;
+    /** Should we try to open a popup window? Defaults to `false`. */
+    preferPopup?: boolean;
+    /** user email or UUID hint */
+    loginHint?: string;
+    /** Pulse tag */
+    tag?: string;
+    /** Teaser slug. Teaser with given slug will be displayed in place of default teaser */
+    teaser?: string;
+    /**
+     * Specifies the allowable elapsed time in seconds since the last time the End-User was actively
+     * authenticated. If last authentication time is more than maxAge seconds in the past,
+     * re-authentication will be required. See the OpenID Connect spec section 3.1.2.1 for more
+     * information
+     */
+    maxAge?: number | string;
+    /**
+     * Optional parameter to overwrite client locale setting.
+     * New flows supports nb_NO, fi_FI, sv_SE, en_US
+     */
+    locale?: string;
+    /** display username and password on one screen. Defaults to `false`. */
+    oneStepLogin?: boolean;
+    /**
+     * String that specifies whether the Authorization Server prompts the End-User for
+     * reauthentication or confirm account screen. Supported values: `select_account` or `login`.
+     * Defaults to `select_account`.
+     */
+    prompt?: string;
+    /** Identifier for cross-domain tracking in Pulse */
+    xDomainId?: string;
+    /** Environment for cross-domain tracking in Pulse */
+    xEnvironmentId?: string;
+    /** Campaign identifier for tracking in Pulse */
+    originCampaign?: string;
+};
+
 /**
- * @typedef {object} SimplifiedLoginWidgetLoginOptions
- * @property {string|function(): (string|Promise<string>)} state - An opaque value used by the client to maintain state between
- * the request and callback. It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
- * @property {string} [acrValues] - Authentication Context Class Reference Values. If
- * omitted, the user will be asked to authenticate using username+password.
- * For 2FA (Two-Factor Authentication) possible values are `sms`, `otp` (one time password) and
- * `password` (will force password confirmation, even if user is already logged in). Those values might
- * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
- * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
- * Supported value is also 'otp-email' means one time password using email.
- * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
- * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
- * includes the id token which can be useful for getting information about the user. Omitting
- * scope is allowed, while `invalid_scope` is returned when the client asks for a scope you
- * aren’t allowed to request. {@link https://tools.ietf.org/html/rfc6749#section-3.3}
- * @property {string} [redirectUri] - Redirect uri that will receive the
- * code. Must exactly match a redirectUri from your client in self-service
- * @property {boolean} [preferPopup] - Should we try to open a popup window?
- * @property {string} [loginHint] - User email or UUID hint
- * @property {string} [tag] - Pulse tag
- * @property {string} [teaser] - Teaser slug. Teaser with given slug will be displayed
- * in place of default teaser
- * @property {number|string} [maxAge] - Specifies the allowable elapsed time in seconds since
- * the last time the End-User was actively authenticated. If last authentication time is more
- * than maxAge seconds in the past, re-authentication will be required. See the OpenID Connect
- * spec section 3.1.2.1 for more information
- * @property {string} [locale] - Optional parameter to overwrite client locale setting.
- * New flows supports nb_NO, fi_FI, sv_SE, en_US
- * @property {boolean} [oneStepLogin] - Display username and password on one screen
- * @property {string} [prompt] - String that specifies whether the Authorization Server prompts the
- * End-User for reauthentication or confirm account screen. Supported values: `select_account` or `login`
- * @property {string} [xDomainId] - Identifier for cross-domain tracking in Pulse
- * @property {string} [xEnvironmentId] - Environment for cross-domain tracking in Pulse
- * @property {string} [originCampaign] - Campaign identifier for tracking in Pulse
+ * Identical to {@link LoginOptions} except that `state` may also be a (possibly async) function;
+ * all other fields reuse the `LoginOptions` documentation.
  */
+export type SimplifiedLoginWidgetLoginOptions = Omit<LoginOptions, 'state'> & {
+    /**
+     * An opaque value used by the client to maintain state between the request and callback.
+     * It's also recommended to prevent CSRF {@link https://tools.ietf.org/html/rfc6749#section-10.12}
+     */
+    state: string | (() => string | Promise<string>);
+};
 
 /**
- * @typedef {object} HasSessionSuccessResponse
- * @property {boolean} result - Is the user connected to the merchant? (it means that the merchant
- * id is in the list of merchants listed of this user in the database)? Example: false
- * @property {string} userStatus - Example: 'notConnected' or 'connected'. Deprecated, use
- * `Identity.isConnected()`
- * @property {string} baseDomain - Example: 'localhost'
- * @property {string} id - Example: '58eca10fdbb9f6df72c3368f'. Obsolete
- * @property {number} userId - Example: 37162
- * @property {string} uuid - Example: 'b3b23aa7-34f2-5d02-a10e-5a3455c6ab2c'
- * @property {string} sp_id - Example: 'eyJjbGllbnRfaWQ...'
- * @property {number} expiresIn - Example: 30 * 60 * 1000 (for 30 minutes)
- * @property {number} serverTime - Example: 1506285759
- * @property {string} sig - Example: 'NCdzXaz4ZRb7...' The sig parameter is a concatenation of an
- * HMAC SHA-256 signature string, a dot (.) and a base64url encoded JSON object (session).
- * {@link http://techdocs.spid.no/sdks/js/response-signature-and-validation/}
- * @property {string} displayName - (Only for connected users) Example: 'batman'
- * @property {string} givenName - (Only for connected users) Example: 'Bruce'
- * @property {string} familyName - (Only for connected users) Example: 'Wayne'
- * @property {string} gender - (Only for connected users) Example: 'male', 'female', 'undisclosed'
- * @property {string} photo - (Only for connected users) Example:
- * 'http://www.srv.com/some/picture.jpg'
- * @property {boolean} tracking - (Only for connected users)
- * @property {boolean} clientAgreementAccepted - (Only for connected users)
- * @property {boolean} defaultAgreementAccepted - (Only for connected users)
- * @property {string} pairId
- * @property {string} sdrn
+ * Successful response returned from {@link Identity#hasSession}.
  */
+export type HasSessionSuccessResponse = {
+    /**
+     * Is the user connected to the merchant? (it means that the merchant id is in the list of
+     * merchants listed of this user in the database)? Example: false
+     */
+    result: boolean;
+    /** Example: 'notConnected' or 'connected'. Deprecated, use `Identity.isConnected()` */
+    userStatus: string;
+    /** Example: 'localhost' */
+    baseDomain: string;
+    /** Example: '58eca10fdbb9f6df72c3368f'. Obsolete */
+    id: string;
+    /** Example: 37162 */
+    userId: number;
+    /** Example: 'b3b23aa7-34f2-5d02-a10e-5a3455c6ab2c' */
+    uuid: string;
+    /** Example: 'eyJjbGllbnRfaWQ...' */
+    sp_id: string;
+    /** Example: 30 * 60 * 1000 (for 30 minutes) */
+    expiresIn: number;
+    /** Example: 1506285759 */
+    serverTime: number;
+    /**
+     * Example: 'NCdzXaz4ZRb7...' The sig parameter is a concatenation of an HMAC SHA-256 signature
+     * string, a dot (.) and a base64url encoded JSON object (session).
+     * {@link http://techdocs.spid.no/sdks/js/response-signature-and-validation/}
+     */
+    sig: string;
+    /** (Only for connected users) Example: 'batman' */
+    displayName: string;
+    /** (Only for connected users) Example: 'Bruce' */
+    givenName: string;
+    /** (Only for connected users) Example: 'Wayne' */
+    familyName: string;
+    /** (Only for connected users) Example: 'male', 'female', 'undisclosed' */
+    gender: string;
+    /** (Only for connected users) Example: 'http://www.srv.com/some/picture.jpg' */
+    photo: string;
+    /** (Only for connected users) */
+    tracking: boolean;
+    /** (Only for connected users) */
+    clientAgreementAccepted: boolean;
+    /** (Only for connected users) */
+    defaultAgreementAccepted: boolean;
+    pairId: string;
+    sdrn: string;
+};
 
 /**
- * Emitted when an error happens (useful for debugging)
- * @event Identity#error
+ * Failure response returned from {@link Identity#hasSession}.
  */
+export type HasSessionFailureResponse = {
+    error: {
+        /** Typically an HTTP response code. Example: 401 */
+        code: number;
+        /** Example: "No session found!" */
+        description: string;
+        /** Example: "UserException" */
+        type: string;
+    };
+    response: {
+        /** Example: "localhost" */
+        baseDomain: string;
+        /** Time span in milliseconds. Example: 30 * 60 * 1000 (for 30 minutes) */
+        expiresIn: number;
+        result: boolean;
+        /** Server time in seconds since the Unix Epoch. Example: 1506287788 */
+        serverTime: number;
+    };
+};
 
 /**
- * @typedef {object} HasSessionFailureResponse
- * @property {object} error
- * @property {number} error.code - Typically an HTTP response code. Example: 401
- * @property {string} error.description - Example: "No session found!"
- * @property {string} error.type - Example: "UserException"
- * @property {object} response
- * @property {string} response.baseDomain - Example: "localhost"
- * @property {number} response.expiresIn - Time span in milliseconds. Example: 30 * 60 * 1000 (for 30 minutes)
- * @property {boolean} response.result
- * @property {number} response.serverTime - Server time in seconds since the Unix Epoch. Example: 1506287788
+ * Minimal user information used by the simplified login widget flow.
  */
+export type SimplifiedLoginData = {
+    /** Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login} */
+    identifier: string;
+    /** Human-readable user identifier */
+    display_text: string;
+    /** Client name */
+    client_name: string;
+};
 
 /**
- * @typedef {object} SimplifiedLoginData
- * @property {string} identifier - Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login}
- * @property {string} display_text - Human-readable user identifier
- * @property {string} client_name - Client name
+ * Configuration options for {@link Identity#showSimplifiedLoginWidget}.
  */
+export type SimplifiedLoginWidgetOptions = {
+    /** expected encoding of simplified login widget. Could be utf-8 (default), iso-8859-1 or iso-8859-15 */
+    encoding: string;
+    /**
+     * expected locale of simplified login widget. Should be provided in a short format like 'nb',
+     * 'sv'. If not set, a value from the env variable is used.
+     */
+    locale?: 'nb' | 'sv' | 'fi' | 'da' | 'en';
+};
 
 /**
- * @typedef {object} SimplifiedLoginWidgetOptions
- * @property {string} encoding - expected encoding of simplified login widget. Could be utf-8 (default), iso-8859-1 or iso-8859-15
+ * Emitted when an error happens (useful for debugging)
+ * @event Identity#error
  */
 
 const HAS_SESSION_CACHE_KEY = 'hasSession-cache';
@@ -156,7 +206,7 @@ const SESSION_CALL_BLOCKED_CACHE_KEY = 'sessionCallBlocked-cache';
 const SESSION_CALL_BLOCKED_TTL = 1000 * 60 * 5;
 
 const TAB_ID_KEY = 'tab-id-cache';
-const TAB_ID = Math.floor(Math.random() * 100000)
+const TAB_ID = Math.floor(Math.random() * 100000);
 const TAB_ID_TTL = 1000 * 60 * 60 * 24 * 30;
 
 const globalWindow = () => window;
@@ -164,17 +214,41 @@ const globalWindow = () => window;
 /**
  * Provides Identity functionalty to a web page
  */
-export class Identity extends EventEmitter {
+export class Identity extends TinyEmitter {
+    _sessionInitiatedSent: boolean;
+    window: any;
+    clientId: string;
+    sessionStorageCache: any;
+    localStorageCache: any;
+    redirectUri: string;
+    env: string;
+    log?: Function;
+    callbackBeforeRedirect: Function;
+    _sessionDomain: string;
+    _enableSessionCaching: boolean;
+    _session: any;
+    _spid!: RESTClient;
+    _oauthService!: RESTClient;
+    _bffService!: RESTClient;
+    _sessionService!: RESTClient;
+    _globalSessionService!: RESTClient;
+    _usedSessionServiceGetSessionEndpoint: any;
+    _hasSessionInProgress?: boolean | Promise<any>;
+    popup?: Window | null;
+    setVarnishCookie?: boolean;
+    varnishExpiresIn?: number;
+    varnishCookieDomain?: string;
+
     /**
-     * @param {object} options
-     * @param {string} options.clientId - Example: "1234567890abcdef12345678"
-     * @param {string} options.sessionDomain - Example: "https://id.site.com"
-     * @param {string} options.redirectUri - Example: "https://site.com"
-     * @param {string} [options.env=PRE] - Schibsted account environment: `PRE`, `PRO`, `PRO_NO`, `PRO_FI` or `PRO_DK`
-     * @param {function} [options.log] - A function that receives debug log information. If not set,
+     * @param options
+     * @param options.clientId - Example: "1234567890abcdef12345678"
+     * @param options.sessionDomain - Example: "https://id.site.com"
+     * @param options.redirectUri - Example: "https://site.com"
+     * @param options.env - Schibsted account environment: `PRE` (default), `PRO`, `PRO_NO`, `PRO_FI` or `PRO_DK`
+     * @param options.log - A function that receives debug log information. If not set,
      * no logging will be done
-     * @param {object} [options.window] - window object
-     * @param {function} [options.callbackBeforeRedirect] - callback triggered before session refresh redirect happen
+     * @param options.window - window object
+     * @param options.callbackBeforeRedirect - callback triggered before session refresh redirect happen
      * @throws {SDKError} - If any of options are invalid
      */
     constructor({
@@ -184,13 +258,24 @@ export class Identity extends EventEmitter {
         env = 'PRE',
         log,
         window = globalWindow(),
-        callbackBeforeRedirect = ()=>{}
+        callbackBeforeRedirect = () => {},
+    }: {
+        clientId: string;
+        sessionDomain: string;
+        redirectUri: string;
+        env?: string;
+        log?: Function;
+        window?: Window;
+        callbackBeforeRedirect?: Function;
     }) {
         super();
         assert(isNonEmptyString(clientId), 'clientId parameter is required');
         assert(isObject(window), 'The reference to window is missing');
         assert(!redirectUri || isUrl(redirectUri), 'redirectUri parameter is invalid');
-        assert(sessionDomain && isUrl(sessionDomain), 'sessionDomain parameter is not a valid URL');
+        assert(
+            isNonEmptyString(sessionDomain) && isUrl(sessionDomain),
+            'sessionDomain parameter is not a valid URL',
+        );
 
         spidTalk.emulate(window);
         this._sessionInitiatedSent = false;
@@ -211,7 +296,10 @@ export class Identity extends EventEmitter {
         this._session = {};
 
         this._setSessionServiceUrl(sessionDomain);
-        this._usedSessionServiceGetSessionEndpoint = this._sessionService.url.pathname && this._sessionService.url.pathname.length <= 1 ? 'v2/session' : 'session';
+        this._usedSessionServiceGetSessionEndpoint =
+            this._sessionService.url.pathname && this._sessionService.url.pathname.length <= 1
+                ? 'v2/session'
+                : 'session';
 
         this._setSpidServerUrl(env);
         this._setBffServerUrl(env);
@@ -220,16 +308,14 @@ export class Identity extends EventEmitter {
 
         this._unblockSessionCall();
 
-        registerGlobal(window, 'Identity', this);
-
+        registerAndDispatchInGlobal(window, 'schIdentity', this);
     }
 
     /**
      * Read tabId from session storage
-     * @returns {number}
      * @private
      */
-    _getTabId() {
+    _getTabId(): number | undefined {
         if (this._enableSessionCaching) {
             const tabId = this.sessionStorageCache.get(TAB_ID_KEY);
             if (!tabId) {
@@ -245,9 +331,8 @@ export class Identity extends EventEmitter {
      * Checks if getting session is blocked
      * @private
      *
-     * @returns {boolean|void}
      */
-    _isSessionCallBlocked(){
+    _isSessionCallBlocked(): boolean | void {
         return this.localStorageCache.get(SESSION_CALL_BLOCKED_CACHE_KEY);
     }
 
@@ -255,15 +340,14 @@ export class Identity extends EventEmitter {
      * Block calls to get session
      * @private
      *
-     * @returns {void}
      */
-    _blockSessionCall(){
+    _blockSessionCall(): void {
         const SESSION_CALL_BLOCKED = true;
 
         this.localStorageCache.set(
             SESSION_CALL_BLOCKED_CACHE_KEY,
             SESSION_CALL_BLOCKED,
-            SESSION_CALL_BLOCKED_TTL
+            SESSION_CALL_BLOCKED_TTL,
         );
     }
 
@@ -271,19 +355,17 @@ export class Identity extends EventEmitter {
      * Unblocks calls to get session
      * @private
      *
-     * @returns {void}
      */
-    _unblockSessionCall(){
+    _unblockSessionCall(): void {
         this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
     }
 
     /**
      * Set SPiD server URL
      * @private
-     * @param {string} url - real URL or 'PRE' style key
-     * @returns {void}
+     * @param url - real URL or 'PRE' style key
      */
-    _setSpidServerUrl(url) {
+    _setSpidServerUrl(url: string): void {
         assert(isStr(url), `url parameter is invalid: ${url}`);
         this._spid = new RESTClient({
             serverUrl: urlMapper(url, ENDPOINTS.SPiD),
@@ -295,10 +377,9 @@ export class Identity extends EventEmitter {
     /**
      * Set OAuth server URL
      * @private
-     * @param {string} url - real URL or 'PRE' style key
-     * @returns {void}
+     * @param url - real URL or 'PRE' style key
      */
-    _setOauthServerUrl(url) {
+    _setOauthServerUrl(url: string): void {
         assert(isStr(url), `url parameter is invalid: ${url}`);
         this._oauthService = new RESTClient({
             serverUrl: urlMapper(url, ENDPOINTS.SPiD),
@@ -310,10 +391,9 @@ export class Identity extends EventEmitter {
     /**
      * Set BFF server URL
      * @private
-     * @param {string} url  - real URL or 'PRE' style key
-     * @returns {void}
+     * @param url  - real URL or 'PRE' style key
      */
-    _setBffServerUrl(url) {
+    _setBffServerUrl(url: string): void {
         assert(isStr(url), `url parameter is invalid: ${url}`);
         this._bffService = new RESTClient({
             serverUrl: urlMapper(url, ENDPOINTS.BFF),
@@ -325,12 +405,11 @@ export class Identity extends EventEmitter {
     /**
      * Set site-specific session-service domain
      * @private
-     * @param {string} domain - real URL — (**not** 'PRE' style env key)
-     * @returns {void}
+     * @param domain - real URL — (**not** 'PRE' style env key)
      */
-    _setSessionServiceUrl(domain) {
+    _setSessionServiceUrl(domain: string): void {
         assert(isStr(domain), `domain parameter is invalid: ${domain}`);
-        const client_sdrn = `sdrn:${NAMESPACE[this.env]}:client:${this.clientId}`;
+        const client_sdrn = `sdrn:${NAMESPACE[this.env as keyof typeof NAMESPACE]}:client:${this.clientId}`;
         this._sessionService = new RESTClient({
             serverUrl: domain,
             log: this.log,
@@ -341,12 +420,11 @@ export class Identity extends EventEmitter {
     /**
      * Set global session-service server URL
      * @private
-     * @param {string} url - real URL or 'PRE' style key
-     * @returns {void}
+     * @param url - real URL or 'PRE' style key
      */
-    _setGlobalSessionServiceUrl(url) {
+    _setGlobalSessionServiceUrl(url: string): void {
         assert(isStr(url), `url parameter is invalid: ${url}`);
-        const client_sdrn = `sdrn:${NAMESPACE[this.env]}:client:${this.clientId}`;
+        const client_sdrn = `sdrn:${NAMESPACE[this.env as keyof typeof NAMESPACE]}:client:${this.clientId}`;
         this._globalSessionService = new RESTClient({
             serverUrl: urlMapper(url, ENDPOINTS.SESSION_SERVICE),
             log: this.log,
@@ -357,11 +435,10 @@ export class Identity extends EventEmitter {
     /**
      * Emits the relevant events based on the previous and new reply from hassession
      * @private
-     * @param {object} previous
-     * @param {object} current
-     * @returns {void}
+     * @param previous
+     * @param current
      */
-    _emitSessionEvent(previous, current) {
+    _emitSessionEvent(previous: any, current: any): void {
         /**
          * Emitted when the user is logged in (This happens as a result of calling
          * {@link Identity#hasSession}, so it is also emitted if the user was previously logged in)
@@ -423,9 +500,8 @@ export class Identity extends EventEmitter {
     /**
      * Close this.popup if it exists and is open
      * @private
-     * @returns {void}
      */
-    _closePopup() {
+    _closePopup(): void {
         if (this.popup) {
             if (!this.popup.closed) {
                 this.popup.close();
@@ -437,21 +513,19 @@ export class Identity extends EventEmitter {
     /**
      * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
      * that you are on a "real domain" for this to work — so, **not** `localhost`
-     * @param {object} [options]
-     * @param {number} [options.expiresIn] Override this to set number of seconds before the varnish
+     * @param options
+     * @param options.expiresIn Override this to set number of seconds before the varnish
      * cookie expires. The default is to use the same time that hasSession responses are cached for
-     * @param {string} [options.domain] Override cookie domain. E.g. «vg.no» instead of «www.vg.no»
-     * @returns {void}
+     * @param options.domain Override cookie domain. E.g. «vg.no» instead of «www.vg.no»
      */
-    enableVarnishCookie(options) {
+    enableVarnishCookie(options?: { expiresIn?: number; domain?: string }): void {
         let expiresIn = 0;
-        let domain;
+        let domain: string | undefined;
         if (Number.isInteger(options)) {
-            expiresIn = options;
-        }
-        else if (typeof options == 'object') {
-            expiresIn = options.expiresIn || expiresIn;
-            domain = options.domain || domain;
+            expiresIn = options as any;
+        } else if (typeof options == 'object') {
+            expiresIn = (options as any).expiresIn || expiresIn;
+            domain = (options as any).domain || domain;
         }
 
         assert(Number.isInteger(expiresIn), `'expiresIn' must be an integer`);
@@ -464,25 +538,26 @@ export class Identity extends EventEmitter {
     /**
      * Set the Varnish cookie if configured
      * @private
-     * @param {HasSessionSuccessResponse} sessionData
-     * @returns {void}
+     * @param sessionData
      */
-    _maybeSetVarnishCookie(sessionData) {
+    _maybeSetVarnishCookie(sessionData: HasSessionSuccessResponse): void {
         if (!this.setVarnishCookie) {
             return;
         }
         const date = new Date();
-        const validExpires = this.varnishExpiresIn
-            || typeof sessionData.expiresIn === 'number' && sessionData.expiresIn > 0;
+        const validExpires =
+            this.varnishExpiresIn ||
+            (typeof sessionData.expiresIn === 'number' && sessionData.expiresIn > 0);
         if (validExpires) {
             const expires = this.varnishExpiresIn || sessionData.expiresIn;
-            date.setTime(date.getTime() + (expires * 1000));
+            date.setTime(date.getTime() + expires * 1000);
         } else {
             date.setTime(0);
         }
 
         // If the domain is missing or of the wrong type, we'll use document.domain
-        let domain = this.varnishCookieDomain ||
+        const domain =
+            this.varnishCookieDomain ||
             (typeof sessionData.baseDomain === 'string'
                 ? sessionData.baseDomain
                 : document.domain) ||
@@ -492,7 +567,7 @@ export class Identity extends EventEmitter {
             `SP_ID=${sessionData.sp_id}`,
             `expires=${date.toUTCString()}`,
             `path=/`,
-            `domain=.${domain}`
+            `domain=.${domain}`,
         ].join('; ');
         document.cookie = cookie;
     }
@@ -500,9 +575,8 @@ export class Identity extends EventEmitter {
     /**
      * Clear the Varnish cookie if configured
      * @private
-     * @returns {void}
      */
-    _maybeClearVarnishCookie() {
+    _maybeClearVarnishCookie(): void {
         if (this.setVarnishCookie) {
             this._clearVarnishCookie();
         }
@@ -511,16 +585,14 @@ export class Identity extends EventEmitter {
     /**
      * Clear the Varnish cookie
      * @private
-     * @returns {void}
      */
-    _clearVarnishCookie() {
-        const baseDomain =  this._session && typeof this._session.baseDomain === 'string'
-            ? this._session.baseDomain
-            : document.domain;
+    _clearVarnishCookie(): void {
+        const baseDomain =
+            this._session && typeof this._session.baseDomain === 'string'
+                ? this._session.baseDomain
+                : document.domain;
 
-        let domain = this.varnishCookieDomain ||
-            baseDomain ||
-            '';
+        const domain = this.varnishCookieDomain || baseDomain || '';
 
         document.cookie = `SP_ID=nothing; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; domain=.${domain}`;
     }
@@ -528,9 +600,8 @@ export class Identity extends EventEmitter {
     /**
      * Log used settings and version
      * @throws {SDKError} - If log method is not provided
-     * @return {void}
      */
-    logSettings() {
+    logSettings(): void {
         if (!this.log && !window.console) {
             throw new SDKError('You have to provide log method in constructor');
         }
@@ -542,15 +613,15 @@ export class Identity extends EventEmitter {
             redirectUri: this.redirectUri,
             env: this.env,
             sessionDomain: this._sessionDomain,
-            sdkVersion: version
-        }
+            sdkVersion: version,
+        };
 
         log(`Schibsted account SDK for browsers settings: \n${JSON.stringify(settings, null, 2)}`);
     }
 
     /**
      * @summary Queries the hassession endpoint and returns information about the status of the user
-     * @description When we send a request to this endpoint, cookies sent along with the request
+     * @remarks When we send a request to this endpoint, cookies sent along with the request
      * determines the status of the user.
      * @throws {SDKError} - If the call to the hasSession service fails in any way (this will happen
      * if, say, the user is not logged in)
@@ -562,19 +633,20 @@ export class Identity extends EventEmitter {
      * @fires Identity#sessionInit
      * @fires Identity#statusChange
      * @fires Identity#error
-     * @return {Promise<HasSessionSuccessResponse|HasSessionFailureResponse>}
      */
-    hasSession() {
-        const isSessionCallBlocked = this._isSessionCallBlocked()
+    hasSession(): Promise<HasSessionSuccessResponse | HasSessionFailureResponse> {
+        const isSessionCallBlocked = this._isSessionCallBlocked();
         if (isSessionCallBlocked) {
             return this._session;
         }
 
         if (this._hasSessionInProgress) {
-            return this._hasSessionInProgress;
+            return this._hasSessionInProgress as Promise<
+                HasSessionSuccessResponse | HasSessionFailureResponse
+            >;
         }
 
-        const _postProcess = (sessionData) => {
+        const _postProcess = (sessionData: any) => {
             if (sessionData.error) {
                 throw new SDKError('HasSession failed', sessionData.error);
             }
@@ -584,40 +656,47 @@ export class Identity extends EventEmitter {
             return sessionData;
         };
 
-        const _checkRedirectionNeed = (sessionData={})=>{
+        const _checkRedirectionNeed = (sessionData: any = {}) => {
             const sessionDataKeys = Object.keys(sessionData);
 
-            return sessionDataKeys.length === 1 &&
-                sessionDataKeys[0] === 'redirectURL';
-        }
+            return sessionDataKeys.length === 1 && sessionDataKeys[0] === 'redirectURL';
+        };
 
         const _getSession = async () => {
             if (this._enableSessionCaching) {
                 // Try to resolve from cache (it has a TTL)
-                let cachedSession = this.sessionStorageCache.get(HAS_SESSION_CACHE_KEY);
+                const cachedSession = this.sessionStorageCache.get(HAS_SESSION_CACHE_KEY);
                 if (cachedSession) {
                     return _postProcess(cachedSession);
                 }
             }
             let sessionData = null;
             try {
-                sessionData = await this._sessionService.get(this._usedSessionServiceGetSessionEndpoint, {tabId: this._getTabId()});
-            } catch (err) {
+                sessionData = await this._sessionService.get(
+                    this._usedSessionServiceGetSessionEndpoint,
+                    { tabId: this._getTabId() },
+                );
+            } catch (err: any) {
                 if (err && err.code === 400 && this._enableSessionCaching) {
                     const expiresIn = 1000 * (err.expiresIn || 300);
                     this.sessionStorageCache.set(HAS_SESSION_CACHE_KEY, { error: err }, expiresIn);
+                } else if (err && err.code >= 500 && err.code < 600 && this._enableSessionCaching) {
+                    // Temporary fix: 30 seconds cache to limit number of calls when service is unavailable
+                    this.sessionStorageCache.set(HAS_SESSION_CACHE_KEY, { error: err }, 30 * 1000);
                 }
                 throw err;
             }
 
-            if (sessionData){
+            if (sessionData) {
                 // for expiring session and safari browser do full page redirect to gain new session
-                if(_checkRedirectionNeed(sessionData)){
+                if (_checkRedirectionNeed(sessionData)) {
                     this._blockSessionCall();
 
                     await this.callbackBeforeRedirect();
 
-                    return this._sessionService.makeUrl(sessionData.redirectURL, {tabId: this._getTabId()});
+                    return this._sessionService.makeUrl(sessionData.redirectURL, {
+                        tabId: this._getTabId(),
+                    });
                 }
 
                 if (this._enableSessionCaching) {
@@ -628,35 +707,35 @@ export class Identity extends EventEmitter {
 
             return _postProcess(sessionData);
         };
-        this._hasSessionInProgress = _getSession()
-            .then(
-                sessionData => {
-                    this._hasSessionInProgress = false;
-
-                    if (isUrl(sessionData)) {
-                        return this.window.location.href = sessionData;
-                    }
+        this._hasSessionInProgress = _getSession().then(
+            (sessionData) => {
+                this._hasSessionInProgress = false;
 
+                if (isUrl(sessionData)) {
+                    this.window.location.href = sessionData;
                     return sessionData;
-                },
-                err => {
-                    this.emit('error', err);
-                    this._hasSessionInProgress = false;
-                    throw new SDKError('HasSession failed', err);
                 }
-            );
 
-        return this._hasSessionInProgress;
+                return sessionData;
+            },
+            (err) => {
+                this.emit('error', err);
+                this._hasSessionInProgress = false;
+                throw new SDKError('HasSession failed', err);
+            },
+        );
+
+        return this._hasSessionInProgress as Promise<
+            HasSessionSuccessResponse | HasSessionFailureResponse
+        >;
     }
 
     /**
-     * @async
      * @summary Allows the client app to check if the user is logged in to Schibsted account
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
-     * @return {Promise<boolean>}
      */
-    async isLoggedIn() {
+    async isLoggedIn(): Promise<boolean> {
         try {
             const data = await this.hasSession();
             return 'result' in data;
@@ -667,25 +746,22 @@ export class Identity extends EventEmitter {
 
     /**
      * Removes the cached user session.
-     * @returns {void}
      */
-    clearCachedUserSession() {
+    clearCachedUserSession(): void {
         this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
     }
 
     /**
-     * @async
      * @summary Allows the caller to check if the current user is connected to the client_id in
      * Schibsted account. Being connected means that the user has agreed for their account to be
      * used by your web app and have accepted the required terms
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @summary Check if the user is connected to the client_id
-     * @return {Promise<boolean>}
      */
-    async isConnected() {
+    async isConnected(): Promise<boolean> {
         try {
-            const data = await this.hasSession();
+            const data = (await this.hasSession()) as any;
             // if data is not an object, the promise will fail.
             // if the result is present, it's boolean. But if it's not, it should be assumed false.
             return !!data.result;
@@ -695,16 +771,14 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * @async
      * @summary Returns information about the user
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
      * @throws {SDKError} If we couldn't get the user
-     * @return {Promise<HasSessionSuccessResponse>}
      */
-    async getUser() {
-        const user = await this.hasSession();
+    async getUser(): Promise<HasSessionSuccessResponse> {
+        const user = (await this.hasSession()) as any;
         if (!user.result) {
             throw new SDKError('The user is not connected to this merchant');
         }
@@ -712,7 +786,6 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * @async
      * @summary
      * In Schibsted account, there are multiple ways of identifying a user; the `userId`,
      * `uuid` and `externalId` used for identifying a user-merchant pair (see {@link Identity#getExternalId}).
@@ -721,13 +794,13 @@ export class Identity extends EventEmitter {
      * duplicates. The `userId` was introduced early, so many sites still need to use them for
      * legacy reasons. The `uuid` is universally unique, and so — if we could disregard a lot of
      * Schibsted components depending on the numeric `userId` — it would be a good identifier to use
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `userId` field (not to be confused with the `uuid`)
+     * @return The `userId` field (not to be confused with the `uuid`)
      */
-    async getUserId() {
-        const user = await this.hasSession();
+    async getUserId(): Promise<string> {
+        const user = (await this.hasSession()) as any;
         if (user.userId && user.result) {
             return user.userId;
         }
@@ -735,7 +808,6 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * @async
      * @function
      * @summary
      * Retrieves the external identifier (`externalId`) for the authenticated user.
@@ -748,58 +820,55 @@ export class Identity extends EventEmitter {
      * meaning the same user's ID will differ between merchants.
      * Additionally, this identifier is bound to the external party provided as argument.
      *
-     * @param {string} externalParty
-     * @param {string|null} optionalSuffix
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @param externalParty
+     * @param optionalSuffix
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the `pairId` is missing in user session.
      * @throws {SDKError} If the `externalParty` is not defined
-     * @return {Promise<string>} The merchant- and 3rd-party-specific `externalId`
+     * @return The merchant- and 3rd-party-specific `externalId`
      */
-    async getExternalId(externalParty, optionalSuffix = "") {
-        const { pairId } = await this.hasSession();
+    async getExternalId(externalParty: string, optionalSuffix: string = ''): Promise<string> {
+        const { pairId } = (await this.hasSession()) as any;
 
-        if (!pairId)
-            throw new SDKError('pairId missing in user session!');
+        if (!pairId) throw new SDKError('pairId missing in user session!');
 
-        if(!externalParty || externalParty.length === 0) {
+        if (!externalParty || externalParty.length === 0) {
             throw new SDKError('externalParty cannot be empty');
         }
-        const _toHexDigest = (hashBuffer) =>{
+        const _toHexDigest = (hashBuffer: any) => {
             // convert buffer to byte array
             const hashArray = Array.from(new Uint8Array(hashBuffer));
             // convert bytes to hex string
-            return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
-        }
+            return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
+        };
 
-        const _getSha256Digest = (data) => {
+        const _getSha256Digest = (data: any) => {
             return crypto.subtle.digest('SHA-256', data);
-        }
+        };
 
-        const _hashMessage = async (message) => {
+        const _hashMessage = async (message: any) => {
             const msgUint8 = new TextEncoder().encode(message);
-            return _getSha256Digest(msgUint8).then( (it) => _toHexDigest(it));
-        }
+            return _getSha256Digest(msgUint8).then((it: any) => _toHexDigest(it));
+        };
 
-        const _constructMessage = (pairId, externalParty, optionalSuffix) => {
+        const _constructMessage = (pairId: any, externalParty: any, optionalSuffix: any) => {
             return optionalSuffix
                 ? `${pairId}:${externalParty}:${optionalSuffix}`
                 : `${pairId}:${externalParty}`;
-        }
+        };
 
-        return _hashMessage(_constructMessage(pairId, externalParty, optionalSuffix))
+        return _hashMessage(_constructMessage(pairId, externalParty, optionalSuffix));
     }
 
     /**
-     * @async
      * @summary Enables brands to programmatically get the current the SDRN based on the user's session.
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the SDRN is missing in user session object.
-     * @returns {Promise<string>}
      */
-    async getUserSDRN() {
-        const { sdrn } = await this.hasSession();
+    async getUserSDRN(): Promise<string> {
+        const { sdrn } = (await this.hasSession()) as any;
         if (sdrn) {
             return sdrn;
         }
@@ -807,20 +876,19 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * @async
      * @summary In Schibsted account, there are two ways of identifying a user; the `userId` and the
      * `uuid`. There are reasons for them both existing. The `userId` is a numeric identifier, but
      * since Schibsted account is deployed separately in Norway and Sweden, there are a lot of
      * duplicates. The `userId` was introduced early, so many sites still need to use them for
      * legacy reasons. The `uuid` is universally unique, and so — if we could disregard a lot of
      * Schibsted components depending on the numeric `userId` — it would be a good identifier to use
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `uuid` field (not to be confused with the `userId`)
+     * @return The `uuid` field (not to be confused with the `userId`)
      */
-    async getUserUuid() {
-        const user = await this.hasSession();
+    async getUserUuid(): Promise<string> {
+        const user = (await this.hasSession()) as any;
         if (user.uuid && user.result) {
             return user.uuid;
         }
@@ -828,16 +896,14 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * @async
      * @summary Get basic information about any user currently logged-in to their Schibsted account
      * in this browser. Can be used to provide context in a continue-as prompt.
-     * @description This function relies on the global Schibsted account user session cookie, which
+     * @remarks This function relies on the global Schibsted account user session cookie, which
      * is a third-party cookie and hence might be blocked by the browser (for example due to ITP in
      * Safari). So there's no guarantee any data is returned, even though a user is logged-in in
      * the current browser.
-     * @return {Promise<SimplifiedLoginData|null>}
      */
-    async getUserContextData() {
+    async getUserContextData(): Promise<SimplifiedLoginData | null> {
         try {
             return await this._globalSessionService.get('user-context');
         } catch (_) {
@@ -852,23 +918,23 @@ export class Identity extends EventEmitter {
      * @summary Perform a login, either using a full-page redirect or a popup
      * @see https://tools.ietf.org/html/rfc6749#section-4.1.1
      *
-     * @param {LoginOptions} options
-     * @param {string} options.state
-     * @param {string} [options.acrValues]
-     * @param {string} [options.scope=openid]
-     * @param {string} [options.redirectUri]
-     * @param {boolean} [options.preferPopup=false]
-     * @param {string} [options.loginHint]
-     * @param {string} [options.tag]
-     * @param {string} [options.teaser]
-     * @param {number|string} [options.maxAge]
-     * @param {string} [options.locale]
-     * @param {boolean} [options.oneStepLogin=false]
-     * @param {string} [options.prompt=select_account]
-     * @param {string} [options.xDomainId]
-     * @param {string} [options.xEnvironmentId]
-     * @param {string} [options.originCampaign]
-     * @return {Window|null} - Reference to popup window if created (or `null` otherwise)
+     * @param options
+     * @param options.state
+     * @param options.acrValues
+     * @param options.scope
+     * @param options.redirectUri
+     * @param options.preferPopup
+     * @param options.loginHint
+     * @param options.tag
+     * @param options.teaser
+     * @param options.maxAge
+     * @param options.locale
+     * @param options.oneStepLogin
+     * @param options.prompt
+     * @param options.xDomainId
+     * @param options.xEnvironmentId
+     * @param options.originCampaign
+     * @return - Reference to popup window if created (or `null` otherwise)
      */
     login({
         state,
@@ -885,8 +951,8 @@ export class Identity extends EventEmitter {
         prompt = 'select_account',
         xDomainId = '',
         xEnvironmentId = '',
-        originCampaign = ''
-    }) {
+        originCampaign = '',
+    }: LoginOptions): Window | null {
         this._closePopup();
         this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
         const url = this.loginUrl({
@@ -903,12 +969,14 @@ export class Identity extends EventEmitter {
             prompt,
             xDomainId,
             xEnvironmentId,
-            originCampaign
+            originCampaign,
         });
 
         if (preferPopup) {
-            this.popup =
-                popup.open(this.window, url, 'Schibsted account', { width: 360, height: 570 });
+            this.popup = popup.open(this.window, url, 'Schibsted account', {
+                width: 360,
+                height: 570,
+            });
             if (this.popup) {
                 return this.popup;
             }
@@ -918,15 +986,14 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * @async
      * @summary Retrieve the sp_id (Varnish ID)
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * @remarks This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
-     * @return {Promise<string|null>} - The sp_id string or null (if the server didn't return it)
+     * @return - The sp_id string or null (if the server didn't return it)
      */
-    async getSpId() {
+    async getSpId(): Promise<string | null> {
         try {
-            const user = await this.hasSession();
+            const user = (await this.hasSession()) as any;
             return user.sp_id || null;
         } catch (_) {
             return null;
@@ -935,11 +1002,10 @@ export class Identity extends EventEmitter {
 
     /**
      * @summary Logs the user out from the Identity platform
-     * @param {string} redirectUri - Where to redirect the browser after logging out of Schibsted
+     * @param redirectUri - Where to redirect the browser after logging out of Schibsted
      * account
-     * @return {void}
      */
-    logout(redirectUri = this.redirectUri) {
+    logout(redirectUri: string = this.redirectUri): void {
         this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
         this._maybeClearVarnishCookie();
         this.emit('logout');
@@ -948,39 +1014,42 @@ export class Identity extends EventEmitter {
 
     /**
      * Generates the link to the new login page that'll be used in the popup or redirect flow
-     * @param {LoginOptions} options
-     * @param {string} options.state
-     * @param {string} [options.acrValues]
-     * @param {string} [options.scope=openid]
-     * @param {string} [options.redirectUri]
-     * @param {string} [options.loginHint]
-     * @param {string} [options.tag]
-     * @param {string} [options.teaser]
-     * @param {number|string} [options.maxAge]
-     * @param {string} [options.locale]
-     * @param {boolean} [options.oneStepLogin=false]
-     * @param {string} [options.prompt=select_account]
-     * @param {string} [options.xDomainId]
-     * @param {string} [options.xEnvironmentId]
-     * @param {string} [options.originCampaign]
-     * @return {string} - The url
+     * @param options
+     * @param options.state
+     * @param options.acrValues
+     * @param options.scope
+     * @param options.redirectUri
+     * @param options.loginHint
+     * @param options.tag
+     * @param options.teaser
+     * @param options.maxAge
+     * @param options.locale
+     * @param options.oneStepLogin
+     * @param options.prompt
+     * @param options.xDomainId
+     * @param options.xEnvironmentId
+     * @param options.originCampaign
+     * @return - The url
      */
-    loginUrl({
-        state,
-        acrValues = '',
-        scope = 'openid',
-        redirectUri = this.redirectUri,
-        loginHint = '',
-        tag = '',
-        teaser = '',
-        maxAge = '',
-        locale = '',
-        oneStepLogin = false,
-        prompt = 'select_account',
-        xDomainId = '',
-        xEnvironmentId = '',
-        originCampaign = ''
-    }) {
+    loginUrl(
+        {
+            state,
+            acrValues = '',
+            scope = 'openid',
+            redirectUri = this.redirectUri,
+            loginHint = '',
+            tag = '',
+            teaser = '',
+            maxAge = '',
+            locale = '',
+            oneStepLogin = false,
+            prompt = 'select_account',
+            xDomainId = '',
+            xEnvironmentId = '',
+            originCampaign = '',
+        }: LoginOptions,
+        ..._args: any[]
+    ): string {
         if (typeof arguments[0] !== 'object') {
             // backward compatibility
             state = arguments[0];
@@ -992,13 +1061,26 @@ export class Identity extends EventEmitter {
             teaser = arguments[6] || teaser;
             maxAge = isNaN(arguments[7]) ? maxAge : arguments[7];
         }
-        const isValidAcrValue = (acrValue) => isStrIn(acrValue, ['password', 'otp', 'sms', 'eid-dk', 'eid-no', 'eid-se', 'eid-fi', 'eid'], true);
-        assert(!acrValues || isStrIn(acrValues, ['', 'otp-email'], true) || acrValues.split(' ').every(isValidAcrValue),
-            `The acrValues parameter is not acceptable: ${acrValues}`);
-        assert(isUrl(redirectUri),
-            `loginUrl(): redirectUri must be a valid url but is ${redirectUri}`);
-        assert(isNonEmptyString(state),
-            `the state parameter should be a non empty string but it is ${state}`);
+        const isValidAcrValue = (acrValue: any) =>
+            isStrIn(
+                acrValue,
+                ['password', 'otp', 'sms', 'eid-dk', 'eid-no', 'eid-se', 'eid-fi', 'eid'],
+                true,
+            );
+        assert(
+            !acrValues ||
+                isStrIn(acrValues, ['', 'otp-email'], true) ||
+                acrValues.split(' ').every(isValidAcrValue),
+            `The acrValues parameter is not acceptable: ${acrValues}`,
+        );
+        assert(
+            isUrl(redirectUri as string),
+            `loginUrl(): redirectUri must be a valid url but is ${redirectUri}`,
+        );
+        assert(
+            isNonEmptyString(state),
+            `the state parameter should be a non empty string but it is ${state}`,
+        );
 
         return this._oauthService.makeUrl('oauth/authorize', {
             response_type: 'code',
@@ -1015,16 +1097,16 @@ export class Identity extends EventEmitter {
             prompt: acrValues ? '' : prompt,
             x_domain_id: xDomainId,
             x_env_id: xEnvironmentId,
-            utm_campaign: originCampaign
+            utm_campaign: originCampaign,
         });
     }
 
     /**
      * The url for logging the user out
-     * @param {string} [redirectUri=this.redirectUri]
-     * @return {string} url
+     * @param redirectUri
+     * @return url
      */
-    logoutUrl(redirectUri = this.redirectUri) {
+    logoutUrl(redirectUri: string = this.redirectUri): string {
         assert(isUrl(redirectUri), `logoutUrl(): redirectUri is invalid`);
         const params = { redirect_uri: redirectUri };
         return this._sessionService.makeUrl('logout', params);
@@ -1032,25 +1114,23 @@ export class Identity extends EventEmitter {
 
     /**
      * The account summary page url
-     * @param {string} [redirectUri=this.redirectUri]
-     * @return {string}
+     * @param redirectUri
      */
-    accountUrl(redirectUri = this.redirectUri) {
+    accountUrl(redirectUri: string = this.redirectUri): string {
         return this._spid.makeUrl('profile-pages', {
             response_type: 'code',
-            redirect_uri: redirectUri
+            redirect_uri: redirectUri,
         });
     }
 
     /**
      * The phone editing page url
-     * @param {string} [redirectUri=this.redirectUri]
-     * @return {string}
+     * @param redirectUri
      */
-    phonesUrl(redirectUri = this.redirectUri) {
+    phonesUrl(redirectUri: string = this.redirectUri): string {
         return this._spid.makeUrl('profile-pages/about-you/phone', {
             response_type: 'code',
-            redirect_uri: redirectUri
+            redirect_uri: redirectUri,
         });
     }
 
@@ -1059,95 +1139,117 @@ export class Identity extends EventEmitter {
      * widget will be display is up to you. Preferred way would be to show it once per user,
      * and store that info in localStorage. Widget will be display only if user is logged in to SSO.
      *
-     * @async
-     * @param {SimplifiedLoginWidgetLoginOptions} loginParams - the same as `options` param for login function. Login will be called on user
+     * @param loginParams - the same as `options` param for login function. Login will be called on user
      * continue action. `state` might be string or async function.
-     * @param {SimplifiedLoginWidgetOptions} [options] - additional configuration of Simplified Login Widget
+     * @param options - additional configuration of Simplified Login Widget
      * @fires Identity#simplifiedLoginOpened
      * @fires Identity#simplifiedLoginCancelled
-     * @return {Promise<boolean|SDKError>} - will resolve to true if widget will be display. Otherwise, will throw SDKError
+     * @return - will resolve to true if widget will be display. Otherwise, will throw SDKError
      */
-    async showSimplifiedLoginWidget(loginParams, options) {
+    async showSimplifiedLoginWidget(
+        loginParams: SimplifiedLoginWidgetLoginOptions,
+        options?: SimplifiedLoginWidgetOptions,
+    ): Promise<boolean | SDKError> {
         // getUserContextData doesn't throw exception
         const userData = await this.getUserContextData();
 
-        const queryParams = { client_id: this.clientId };
+        const queryParams: Record<string, string> = { client_id: this.clientId };
         if (options && options.encoding) {
             queryParams.encoding = options.encoding;
         }
         const widgetUrl = this._bffService.makeUrl('simplified-login-widget', queryParams, false);
 
-        const prepareLoginParams = async (loginPrams) => {
+        const prepareLoginParams = async (loginPrams: any) => {
             if (typeof loginPrams.state === 'function') {
                 loginPrams.state = await loginPrams.state();
             }
 
             return loginPrams;
-        }
-
-        return new Promise(
-            (resolve, reject) => {
-                if (!userData || !userData.display_text || !userData.identifier) {
-                    return reject(new SDKError('Missing user data'));
-                }
-
-                const initialParams = {
-                    displayText: userData.display_text,
-                    env: this.env,
-                    clientName: userData.client_name,
-                    clientId: this.clientId,
-                    providerId: userData.provider_id,
-                    windowWidth: () => window.innerWidth,
-                    windowOnResize: (f) => {
-                        window.onresize = f;
-                    },
-                };
-
-                if (options && options.locale) {
-                    initialParams.locale = options.locale;
-                }
-
-                const loginHandler = async () => {
-                    this.login(Object.assign(await prepareLoginParams(loginParams), {loginHint: userData.identifier}));
-                };
+        };
 
-                const loginNotYouHandler = async () => {
-                    this.login(Object.assign(await prepareLoginParams(loginParams), {loginHint: userData.identifier, prompt: 'login'}));
-                };
+        return new Promise((resolve, reject) => {
+            if (!userData || !userData.display_text || !userData.identifier) {
+                return reject(new SDKError('Missing user data'));
+            }
 
-                const initHandler = () => {
-                    /**
-                     * Emitted when the simplified login widget is displayed on the screen
-                     * @event Identity#simplifiedLoginOpened
-                     */
-                    this.emit('simplifiedLoginOpened');
-                }
+            const initialParams: Record<string, any> = {
+                displayText: userData.display_text,
+                env: this.env,
+                clientName: userData.client_name,
+                clientId: this.clientId,
+                providerId: (userData as any).provider_id,
+                windowWidth: () => window.innerWidth,
+                windowOnResize: (f: () => void) => {
+                    window.onresize = f;
+                },
+            };
 
-                const cancelLoginHandler = () => {
-                    /**
-                     * Emitted when the user closes the simplified login widget
-                     * @event Identity#simplifiedLoginCancelled
-                     */
-                    this.emit('simplifiedLoginCancelled');
-                }
+            if (options && options.locale) {
+                initialParams.locale = options.locale;
+            }
 
-                if (window.openSimplifiedLoginWidget) {
-                    window.openSimplifiedLoginWidget(initialParams, loginHandler, loginNotYouHandler, initHandler, cancelLoginHandler);
-                    return resolve(true);
-                }
+            const loginHandler = async () => {
+                this.login(
+                    Object.assign(await prepareLoginParams(loginParams), {
+                        loginHint: userData.identifier,
+                    }) as LoginOptions,
+                );
+            };
+
+            const loginNotYouHandler = async () => {
+                this.login(
+                    Object.assign(await prepareLoginParams(loginParams), {
+                        loginHint: userData.identifier,
+                        prompt: 'login',
+                    }) as LoginOptions,
+                );
+            };
+
+            const initHandler = () => {
+                /**
+                 * Emitted when the simplified login widget is displayed on the screen
+                 * @event Identity#simplifiedLoginOpened
+                 */
+                this.emit('simplifiedLoginOpened');
+            };
+
+            const cancelLoginHandler = () => {
+                /**
+                 * Emitted when the user closes the simplified login widget
+                 * @event Identity#simplifiedLoginCancelled
+                 */
+                this.emit('simplifiedLoginCancelled');
+            };
+
+            if ((window as any).openSimplifiedLoginWidget) {
+                (window as any).openSimplifiedLoginWidget(
+                    initialParams,
+                    loginHandler,
+                    loginNotYouHandler,
+                    initHandler,
+                    cancelLoginHandler,
+                );
+                return resolve(true);
+            }
 
-                const simplifiedLoginWidget = document.createElement("script");
-                simplifiedLoginWidget.type = "text/javascript";
-                simplifiedLoginWidget.src = widgetUrl;
-                simplifiedLoginWidget.onload = () => {
-                    window.openSimplifiedLoginWidget(initialParams, loginHandler, loginNotYouHandler, initHandler, cancelLoginHandler);
-                    resolve(true);
-                };
-                simplifiedLoginWidget.onerror = () => {
-                    reject(new SDKError('Error when loading simplified login widget content'));
-                };
-                document.getElementsByTagName('body')[0].appendChild(simplifiedLoginWidget);
-            });
+            const simplifiedLoginWidget = document.createElement('script');
+            simplifiedLoginWidget.type = 'text/javascript';
+            simplifiedLoginWidget.src = widgetUrl;
+            simplifiedLoginWidget.onload = () => {
+                (window as any).openSimplifiedLoginWidget(
+                    initialParams,
+                    loginHandler,
+                    loginNotYouHandler,
+                    initHandler,
+                    cancelLoginHandler,
+                );
+                resolve(true);
+            };
+            simplifiedLoginWidget.onerror = () => {
+                reject(new SDKError('Error when loading simplified login widget content'));
+            };
+            document.getElementsByTagName('body')[0].appendChild(simplifiedLoginWidget);
+        });
     }
 }