@stackframe/stack-shared 2.8.56 → 2.8.59

package/dist/esm/interface/client-interface.js

@@ -105,21 +105,25 @@ var StackClientInterface = class {
     if (!("publishableClientKey" in this.options)) {
       throw new Error("Admin session token is currently not supported for fetching new access token. Did you try to log in on a StackApp initiated with the admin session?");
     }
+    const tokenEndpoint = this.getApiUrl() + "/auth/oauth/token";
     const as = {
       issuer: this.options.getBaseUrl(),
       algorithm: "oauth2",
-      token_endpoint: this.getApiUrl() + "/auth/oauth/token"
+      token_endpoint: tokenEndpoint
     };
     const client = {
       client_id: this.projectId,
-      client_secret: this.options.publishableClientKey,
-      token_endpoint_auth_method: "client_secret_post"
+      client_secret: this.options.publishableClientKey
     };
+    const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey);
+    const allowInsecure = (process.env.NODE_ENV?.includes("dev") || process.env.NODE_ENV === "test") && tokenEndpoint.startsWith("http://");
     const response = await this._networkRetryException(async () => {
       const rawResponse = await oauth.refreshTokenGrantRequest(
         as,
         client,
-        refreshToken.token
+        clientAuthentication,
+        refreshToken.token,
+        allowInsecure ? { [oauth.allowInsecureRequests]: true } : void 0
       );
       const response2 = await this._processResponse(rawResponse);
       if (response2.status === "error") {
@@ -136,9 +140,18 @@ var StackClientInterface = class {
       return response2.data;
     });
     if (!response) return null;
-    const result = await oauth.processRefreshTokenResponse(as, client, response);
-    if (oauth.isOAuth2Error(result)) {
-      throw new StackAssertionError("OAuth error", { result });
+    let result;
+    try {
+      result = await oauth.processRefreshTokenResponse(as, client, response);
+    } catch (e) {
+      if (e instanceof oauth.ResponseBodyError) {
+        throw new StackAssertionError("ResponseBodyError when processing refresh token response", {
+          cause: e.cause,
+          code: e.code,
+          error: e.error
+        });
+      }
+      throw new StackAssertionError("Unexpected error when processing refresh token response", { cause: e });
     }
     if (!result.access_token) {
       throw new StackAssertionError("Access token not found in token endpoint response, this is weird!");
@@ -175,9 +188,9 @@ var StackClientInterface = class {
     }
   }
   async sendClientRequestInner(path, options, session, requestType) {
-    let tokenObj = await session.getOrFetchLikelyValidTokens(2e4);
+    let tokenObj = await session.getOrFetchLikelyValidTokens(2e4, null);
     let adminSession = "projectOwnerSession" in this.options ? this.options.projectOwnerSession : null;
-    let adminTokenObj = adminSession ? await adminSession.getOrFetchLikelyValidTokens(2e4) : null;
+    let adminTokenObj = adminSession ? await adminSession.getOrFetchLikelyValidTokens(2e4, null) : null;
     await this.options.prepareRequest?.();
     let url = this.getApiUrl() + path;
     if (url.endsWith("/")) {
@@ -750,7 +763,7 @@ var StackClientInterface = class {
     url.searchParams.set("response_type", "code");
     url.searchParams.set("type", options.type);
     url.searchParams.set("error_redirect_url", options.errorRedirectUrl);
-    const tokens = await options.session.getOrFetchLikelyValidTokens(2e4);
+    const tokens = await options.session.getOrFetchLikelyValidTokens(45e3, 6e4);
     if (tokens) {
       url.searchParams.set("token", tokens.accessToken.token);
     }
@@ -766,35 +779,56 @@ var StackClientInterface = class {
     if (!("publishableClientKey" in this.options)) {
       throw new Error("Admin session token is currently not supported for OAuth");
     }
+    const tokenEndpoint = this.getApiUrl() + "/auth/oauth/token";
     const as = {
       issuer: this.options.getBaseUrl(),
       algorithm: "oauth2",
-      token_endpoint: this.getApiUrl() + "/auth/oauth/token"
+      token_endpoint: tokenEndpoint
     };
     const client = {
       client_id: this.projectId,
-      client_secret: this.options.publishableClientKey,
-      token_endpoint_auth_method: "client_secret_post"
+      client_secret: this.options.publishableClientKey
     };
-    const params = await this._networkRetryException(
-      async () => oauth.validateAuthResponse(as, client, options.oauthParams, options.state)
-    );
-    if (oauth.isOAuth2Error(params)) {
-      throw new StackAssertionError("Error validating outer OAuth response", { params });
+    const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey);
+    const allowInsecure = (process.env.NODE_ENV?.includes("dev") || process.env.NODE_ENV === "test") && tokenEndpoint.startsWith("http://");
+    let params;
+    try {
+      params = oauth.validateAuthResponse(as, client, options.oauthParams, options.state);
+    } catch (e) {
+      if (e instanceof oauth.AuthorizationResponseError) {
+        throw new StackAssertionError("Authorization response error when validating outer OAuth response", {
+          //cause is a URLSearchParams object for this error, so we need to serialize it better
+          cause: Object.fromEntries(e.cause),
+          code: e.code,
+          error: e.error
+        });
+      }
+      throw new StackAssertionError("Unexpected error when validating outer OAuth response", { cause: e });
     }
     const response = await oauth.authorizationCodeGrantRequest(
       as,
       client,
+      clientAuthentication,
       params,
       options.redirectUri,
-      options.codeVerifier
+      options.codeVerifier,
+      allowInsecure ? { [oauth.allowInsecureRequests]: true } : void 0
     );
-    const result = await oauth.processAuthorizationCodeOAuth2Response(as, client, response);
-    if (oauth.isOAuth2Error(result)) {
-      if ("code" in result && result.code === "MULTI_FACTOR_AUTHENTICATION_REQUIRED") {
-        throw new KnownErrors.MultiFactorAuthenticationRequired(result.details.attempt_code);
+    let result;
+    try {
+      result = await oauth.processAuthorizationCodeResponse(as, client, response);
+    } catch (e) {
+      if (e instanceof oauth.ResponseBodyError) {
+        if (e.cause.code === "MULTI_FACTOR_AUTHENTICATION_REQUIRED") {
+          throw new KnownErrors.MultiFactorAuthenticationRequired(e.cause.details.attempt_code);
+        }
+        throw new StackAssertionError("Outer OAuth error during authorization code response", {
+          cause: e.cause,
+          code: e.code,
+          error: e.error
+        });
       }
-      throw new StackAssertionError("Outer OAuth error during authorization code response", { result });
+      throw new StackAssertionError("Unexpected error when processing authorization code response", { cause: e });
     }
     return {
       newUser: result.is_new_user,
@@ -804,7 +838,7 @@ var StackClientInterface = class {
     };
   }
   async signOut(session) {
-    const tokenObj = await session.getOrFetchLikelyValidTokens(2e4);
+    const tokenObj = await session.getOrFetchLikelyValidTokens(2e4, null);
     if (tokenObj) {
       const resOrError = await this.sendClientRequestAndCatchKnownError(
         "/auth/sessions/current",
@@ -1343,6 +1377,33 @@ var StackClientInterface = class {
     );
     return await response.json();
   }
+  async cancelSubscription(options, session) {
+    await this.sendClientRequest(
+      urlString`/payments/products/${options.customer_type}/${options.customer_id}/${options.product_id}`,
+      {
+        method: "DELETE"
+      },
+      session
+    );
+  }
+  async switchSubscription(options, session) {
+    await this.sendClientRequest(
+      urlString`/payments/products/${options.customer_type}/${options.customer_id}/switch`,
+      {
+        method: "POST",
+        headers: {
+          "content-type": "application/json"
+        },
+        body: JSON.stringify({
+          from_product_id: options.from_product_id,
+          to_product_id: options.to_product_id,
+          price_id: options.price_id,
+          quantity: options.quantity
+        })
+      },
+      session
+    );
+  }
   async createCheckoutUrl(customer_type, customer_id, productIdOrInline, session, returnUrl) {
     const productBody = typeof productIdOrInline === "string" ? { product_id: productIdOrInline } : { inline_product: productIdOrInline };
     const response = await this.sendClientRequest(
@@ -1359,6 +1420,44 @@ var StackClientInterface = class {
     const { url } = await response.json();
     return url;
   }
+  async getCustomerBilling(customerType, customerId, session) {
+    const response = await this.sendClientRequest(
+      urlString`/payments/billing/${customerType}/${customerId}`,
+      {},
+      session
+    );
+    return await response.json();
+  }
+  async createCustomerPaymentMethodSetupIntent(customerType, customerId, session) {
+    const response = await this.sendClientRequest(
+      urlString`/payments/payment-method/${customerType}/${customerId}/setup-intent`,
+      {
+        method: "POST",
+        headers: {
+          "content-type": "application/json"
+        },
+        body: JSON.stringify({})
+      },
+      session
+    );
+    return await response.json();
+  }
+  async setDefaultCustomerPaymentMethodFromSetupIntent(customerType, customerId, setupIntentId, session) {
+    const response = await this.sendClientRequest(
+      urlString`/payments/payment-method/${customerType}/${customerId}/set-default`,
+      {
+        method: "POST",
+        headers: {
+          "content-type": "application/json"
+        },
+        body: JSON.stringify({
+          setup_intent_id: setupIntentId
+        })
+      },
+      session
+    );
+    return await response.json();
+  }
   async transferProject(internalProjectSession, projectIdToTransfer, newTeamId) {
     if (this.options.projectId !== "internal") {
       throw new StackAssertionError("StackClientInterface.transferProject() is only available for internal projects (please specify the project ID in the constructor)");