@thunderid/javascript 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/dist/DefaultCacheStore.d.ts +31 -0
- package/dist/DefaultCacheStore.d.ts.map +1 -0
- package/dist/DefaultCrypto.d.ts +30 -0
- package/dist/DefaultCrypto.d.ts.map +1 -0
- package/dist/HttpClient.d.ts +65 -0
- package/dist/HttpClient.d.ts.map +1 -0
- package/dist/IsomorphicCrypto.d.ts +64 -0
- package/dist/IsomorphicCrypto.d.ts.map +1 -0
- package/dist/StorageManager.d.ts +66 -0
- package/dist/StorageManager.d.ts.map +1 -0
- package/dist/ThunderIDJavaScriptClient.d.ts +66 -0
- package/dist/ThunderIDJavaScriptClient.d.ts.map +1 -0
- package/dist/__legacy__/client.d.ts +485 -0
- package/dist/__legacy__/client.d.ts.map +1 -0
- package/dist/__legacy__/helpers/authentication-helper.d.ts +38 -0
- package/dist/__legacy__/helpers/authentication-helper.d.ts.map +1 -0
- package/dist/__legacy__/helpers/index.d.ts +19 -0
- package/dist/__legacy__/helpers/index.d.ts.map +1 -0
- package/dist/__legacy__/models/client-config.d.ts +106 -0
- package/dist/__legacy__/models/client-config.d.ts.map +1 -0
- package/dist/__legacy__/models/index.d.ts +19 -0
- package/dist/__legacy__/models/index.d.ts.map +1 -0
- package/dist/api/createOrganization.d.ts +130 -0
- package/dist/api/createOrganization.d.ts.map +1 -0
- package/dist/api/executeEmbeddedSignInFlow.d.ts +22 -0
- package/dist/api/executeEmbeddedSignInFlow.d.ts.map +1 -0
- package/dist/api/executeEmbeddedSignUpFlow.d.ts +45 -0
- package/dist/api/executeEmbeddedSignUpFlow.d.ts.map +1 -0
- package/dist/api/getAllOrganizations.d.ts +104 -0
- package/dist/api/getAllOrganizations.d.ts.map +1 -0
- package/dist/api/getBrandingPreference.d.ts +104 -0
- package/dist/api/getBrandingPreference.d.ts.map +1 -0
- package/dist/api/getMeOrganizations.d.ts +120 -0
- package/dist/api/getMeOrganizations.d.ts.map +1 -0
- package/dist/api/getOrganization.d.ts +110 -0
- package/dist/api/getOrganization.d.ts.map +1 -0
- package/dist/api/getSchemas.d.ts +90 -0
- package/dist/api/getSchemas.d.ts.map +1 -0
- package/dist/api/getScim2Me.d.ts +90 -0
- package/dist/api/getScim2Me.d.ts.map +1 -0
- package/dist/api/getUserInfo.d.ts +38 -0
- package/dist/api/getUserInfo.d.ts.map +1 -0
- package/dist/api/initializeEmbeddedSignInFlow.d.ts +52 -0
- package/dist/api/initializeEmbeddedSignInFlow.d.ts.map +1 -0
- package/dist/api/updateMeProfile.d.ts +83 -0
- package/dist/api/updateMeProfile.d.ts.map +1 -0
- package/dist/api/updateOrganization.d.ts +119 -0
- package/dist/api/updateOrganization.d.ts.map +1 -0
- package/dist/api/v2/executeEmbeddedRecoveryFlowV2.d.ts +57 -0
- package/dist/api/v2/executeEmbeddedRecoveryFlowV2.d.ts.map +1 -0
- package/dist/api/v2/executeEmbeddedSignInFlowV2.d.ts +22 -0
- package/dist/api/v2/executeEmbeddedSignInFlowV2.d.ts.map +1 -0
- package/dist/api/v2/executeEmbeddedSignUpFlowV2.d.ts +22 -0
- package/dist/api/v2/executeEmbeddedSignUpFlowV2.d.ts.map +1 -0
- package/dist/api/v2/executeEmbeddedUserOnboardingFlowV2.d.ts +89 -0
- package/dist/api/v2/executeEmbeddedUserOnboardingFlowV2.d.ts.map +1 -0
- package/dist/api/v2/getFlowMetaV2.d.ts +56 -0
- package/dist/api/v2/getFlowMetaV2.d.ts.map +1 -0
- package/dist/api/v2/getOrganizationUnitChildren.d.ts +43 -0
- package/dist/api/v2/getOrganizationUnitChildren.d.ts.map +1 -0
- package/dist/cjs/index.cjs +7693 -0
- package/dist/constants/ApplicationNativeAuthenticationConstants.d.ts +40 -0
- package/dist/constants/ApplicationNativeAuthenticationConstants.d.ts.map +1 -0
- package/dist/constants/OIDCDiscoveryConstants.d.ts +65 -0
- package/dist/constants/OIDCDiscoveryConstants.d.ts.map +1 -0
- package/dist/constants/OIDCRequestConstants.d.ts +43 -0
- package/dist/constants/OIDCRequestConstants.d.ts.map +1 -0
- package/dist/constants/PKCEConstants.d.ts +45 -0
- package/dist/constants/PKCEConstants.d.ts.map +1 -0
- package/dist/constants/ScopeConstants.d.ts +43 -0
- package/dist/constants/ScopeConstants.d.ts.map +1 -0
- package/dist/constants/TokenConstants.d.ts +48 -0
- package/dist/constants/TokenConstants.d.ts.map +1 -0
- package/dist/constants/TokenExchangeConstants.d.ts +44 -0
- package/dist/constants/TokenExchangeConstants.d.ts.map +1 -0
- package/dist/constants/VendorConstants.d.ts +32 -0
- package/dist/constants/VendorConstants.d.ts.map +1 -0
- package/dist/constants/v2/OIDCDiscoveryConstants.d.ts +40 -0
- package/dist/constants/v2/OIDCDiscoveryConstants.d.ts.map +1 -0
- package/dist/edge/index.js +7568 -0
- package/dist/errors/ThunderIDAPIError.d.ts +59 -0
- package/dist/errors/ThunderIDAPIError.d.ts.map +1 -0
- package/dist/errors/ThunderIDError.d.ts +50 -0
- package/dist/errors/ThunderIDError.d.ts.map +1 -0
- package/dist/errors/ThunderIDRuntimeError.d.ts +51 -0
- package/dist/errors/ThunderIDRuntimeError.d.ts.map +1 -0
- package/dist/errors/exception.d.ts +27 -0
- package/dist/errors/exception.d.ts.map +1 -0
- package/dist/i18n/constants/TranslationBundleConstants.d.ts +35 -0
- package/dist/i18n/constants/TranslationBundleConstants.d.ts.map +1 -0
- package/dist/i18n/models/i18n.d.ts +127 -0
- package/dist/i18n/models/i18n.d.ts.map +1 -0
- package/dist/i18n/translations/en-US.d.ts +21 -0
- package/dist/i18n/translations/en-US.d.ts.map +1 -0
- package/dist/i18n/translations/fr-FR.d.ts +21 -0
- package/dist/i18n/translations/fr-FR.d.ts.map +1 -0
- package/dist/i18n/translations/hi-IN.d.ts +21 -0
- package/dist/i18n/translations/hi-IN.d.ts.map +1 -0
- package/dist/i18n/translations/index.d.ts +26 -0
- package/dist/i18n/translations/index.d.ts.map +1 -0
- package/dist/i18n/translations/ja-JP.d.ts +21 -0
- package/dist/i18n/translations/ja-JP.d.ts.map +1 -0
- package/dist/i18n/translations/pt-BR.d.ts +21 -0
- package/dist/i18n/translations/pt-BR.d.ts.map +1 -0
- package/dist/i18n/translations/pt-PT.d.ts +21 -0
- package/dist/i18n/translations/pt-PT.d.ts.map +1 -0
- package/dist/i18n/translations/si-LK.d.ts +21 -0
- package/dist/i18n/translations/si-LK.d.ts.map +1 -0
- package/dist/i18n/translations/ta-IN.d.ts +21 -0
- package/dist/i18n/translations/ta-IN.d.ts.map +1 -0
- package/dist/i18n/translations/te-IN.d.ts +21 -0
- package/dist/i18n/translations/te-IN.d.ts.map +1 -0
- package/dist/i18n/utils/getDefaultI18nBundles.d.ts +28 -0
- package/dist/i18n/utils/getDefaultI18nBundles.d.ts.map +1 -0
- package/dist/i18n/utils/normalizeTranslations.d.ts +42 -0
- package/dist/i18n/utils/normalizeTranslations.d.ts.map +1 -0
- package/dist/index.d.ts +143 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +7568 -0
- package/dist/models/agent.d.ts +45 -0
- package/dist/models/agent.d.ts.map +1 -0
- package/dist/models/auth-code-response.d.ts +35 -0
- package/dist/models/auth-code-response.d.ts.map +1 -0
- package/dist/models/branding-preference.d.ts +249 -0
- package/dist/models/branding-preference.d.ts.map +1 -0
- package/dist/models/client.d.ts +213 -0
- package/dist/models/client.d.ts.map +1 -0
- package/dist/models/config.d.ts +483 -0
- package/dist/models/config.d.ts.map +1 -0
- package/dist/models/crypto.d.ts +101 -0
- package/dist/models/crypto.d.ts.map +1 -0
- package/dist/models/embedded-flow.d.ts +167 -0
- package/dist/models/embedded-flow.d.ts.map +1 -0
- package/dist/models/embedded-signin-flow.d.ts +100 -0
- package/dist/models/embedded-signin-flow.d.ts.map +1 -0
- package/dist/models/field.d.ts +32 -0
- package/dist/models/field.d.ts.map +1 -0
- package/dist/models/flow.d.ts +31 -0
- package/dist/models/flow.d.ts.map +1 -0
- package/dist/models/http.d.ts +46 -0
- package/dist/models/http.d.ts.map +1 -0
- package/dist/models/oauth-request.d.ts +24 -0
- package/dist/models/oauth-request.d.ts.map +1 -0
- package/dist/models/oauth-response.d.ts +19 -0
- package/dist/models/oauth-response.d.ts.map +1 -0
- package/dist/models/oidc-discovery.d.ts +370 -0
- package/dist/models/oidc-discovery.d.ts.map +1 -0
- package/dist/models/oidc-endpoints.d.ts +72 -0
- package/dist/models/oidc-endpoints.d.ts.map +1 -0
- package/dist/models/organization.d.ts +34 -0
- package/dist/models/organization.d.ts.map +1 -0
- package/dist/models/platforms.d.ts +38 -0
- package/dist/models/platforms.d.ts.map +1 -0
- package/dist/models/scim2-schema.d.ts +66 -0
- package/dist/models/scim2-schema.d.ts.map +1 -0
- package/dist/models/session.d.ts +32 -0
- package/dist/models/session.d.ts.map +1 -0
- package/dist/models/store.d.ts +84 -0
- package/dist/models/store.d.ts.map +1 -0
- package/dist/models/token-endpoint-auth.d.ts +30 -0
- package/dist/models/token-endpoint-auth.d.ts.map +1 -0
- package/dist/models/token.d.ts +181 -0
- package/dist/models/token.d.ts.map +1 -0
- package/dist/models/user.d.ts +34 -0
- package/dist/models/user.d.ts.map +1 -0
- package/dist/models/utility-types.d.ts +21 -0
- package/dist/models/utility-types.d.ts.map +1 -0
- package/dist/models/v2/embedded-flow-v2.d.ts +494 -0
- package/dist/models/v2/embedded-flow-v2.d.ts.map +1 -0
- package/dist/models/v2/embedded-recovery-flow-v2.d.ts +143 -0
- package/dist/models/v2/embedded-recovery-flow-v2.d.ts.map +1 -0
- package/dist/models/v2/embedded-signin-flow-v2.d.ts +340 -0
- package/dist/models/v2/embedded-signin-flow-v2.d.ts.map +1 -0
- package/dist/models/v2/embedded-signup-flow-v2.d.ts +272 -0
- package/dist/models/v2/embedded-signup-flow-v2.d.ts.map +1 -0
- package/dist/models/v2/extensions/components.d.ts +89 -0
- package/dist/models/v2/extensions/components.d.ts.map +1 -0
- package/dist/models/v2/flow-meta-v2.d.ts +299 -0
- package/dist/models/v2/flow-meta-v2.d.ts.map +1 -0
- package/dist/models/v2/organization-unit.d.ts +103 -0
- package/dist/models/v2/organization-unit.d.ts.map +1 -0
- package/dist/models/v2/translation.d.ts +35 -0
- package/dist/models/v2/translation.d.ts.map +1 -0
- package/dist/models/v2/vars.d.ts +36 -0
- package/dist/models/v2/vars.d.ts.map +1 -0
- package/dist/theme/createTheme.d.ts +23 -0
- package/dist/theme/createTheme.d.ts.map +1 -0
- package/dist/theme/types.d.ts +381 -0
- package/dist/theme/types.d.ts.map +1 -0
- package/dist/utils/arrayBufferToBase64url.d.ts +49 -0
- package/dist/utils/arrayBufferToBase64url.d.ts.map +1 -0
- package/dist/utils/base64Encode.d.ts +36 -0
- package/dist/utils/base64Encode.d.ts.map +1 -0
- package/dist/utils/base64urlToArrayBuffer.d.ts +56 -0
- package/dist/utils/base64urlToArrayBuffer.d.ts.map +1 -0
- package/dist/utils/bem.d.ts +47 -0
- package/dist/utils/bem.d.ts.map +1 -0
- package/dist/utils/deepMerge.d.ts +45 -0
- package/dist/utils/deepMerge.d.ts.map +1 -0
- package/dist/utils/deriveOrganizationHandleFromBaseUrl.d.ts +48 -0
- package/dist/utils/deriveOrganizationHandleFromBaseUrl.d.ts.map +1 -0
- package/dist/utils/extractPkceStorageKeyFromState.d.ts +33 -0
- package/dist/utils/extractPkceStorageKeyFromState.d.ts.map +1 -0
- package/dist/utils/extractTenantDomainFromIdTokenPayload.d.ts +32 -0
- package/dist/utils/extractTenantDomainFromIdTokenPayload.d.ts.map +1 -0
- package/dist/utils/extractUserClaimsFromIdToken.d.ts +47 -0
- package/dist/utils/extractUserClaimsFromIdToken.d.ts.map +1 -0
- package/dist/utils/flattenUserSchema.d.ts +65 -0
- package/dist/utils/flattenUserSchema.d.ts.map +1 -0
- package/dist/utils/formatDate.d.ts +34 -0
- package/dist/utils/formatDate.d.ts.map +1 -0
- package/dist/utils/generateFlattenedUserProfile.d.ts +54 -0
- package/dist/utils/generateFlattenedUserProfile.d.ts.map +1 -0
- package/dist/utils/generatePkceStorageKey.d.ts +35 -0
- package/dist/utils/generatePkceStorageKey.d.ts.map +1 -0
- package/dist/utils/generateStateParamForRequestCorrelation.d.ts +35 -0
- package/dist/utils/generateStateParamForRequestCorrelation.d.ts.map +1 -0
- package/dist/utils/generateUserProfile.d.ts +56 -0
- package/dist/utils/generateUserProfile.d.ts.map +1 -0
- package/dist/utils/get.d.ts +30 -0
- package/dist/utils/get.d.ts.map +1 -0
- package/dist/utils/getAuthorizeRequestUrlParams.d.ts +61 -0
- package/dist/utils/getAuthorizeRequestUrlParams.d.ts.map +1 -0
- package/dist/utils/getLatestStateParam.d.ts +41 -0
- package/dist/utils/getLatestStateParam.d.ts.map +1 -0
- package/dist/utils/getRedirectBasedSignUpUrl.d.ts +30 -0
- package/dist/utils/getRedirectBasedSignUpUrl.d.ts.map +1 -0
- package/dist/utils/identifyPlatform.d.ts +31 -0
- package/dist/utils/identifyPlatform.d.ts.map +1 -0
- package/dist/utils/isEmpty.d.ts +49 -0
- package/dist/utils/isEmpty.d.ts.map +1 -0
- package/dist/utils/isRecognizedBaseUrlPattern.d.ts +33 -0
- package/dist/utils/isRecognizedBaseUrlPattern.d.ts.map +1 -0
- package/dist/utils/logger.d.ts +143 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/parseApiErrorMessage.d.ts +29 -0
- package/dist/utils/parseApiErrorMessage.d.ts.map +1 -0
- package/dist/utils/processOpenIDScopes.d.ts +42 -0
- package/dist/utils/processOpenIDScopes.d.ts.map +1 -0
- package/dist/utils/processUsername.d.ts +74 -0
- package/dist/utils/processUsername.d.ts.map +1 -0
- package/dist/utils/removeTrailingSlash.d.ts +32 -0
- package/dist/utils/removeTrailingSlash.d.ts.map +1 -0
- package/dist/utils/resolveFieldName.d.ts +20 -0
- package/dist/utils/resolveFieldName.d.ts.map +1 -0
- package/dist/utils/resolveFieldType.d.ts +21 -0
- package/dist/utils/resolveFieldType.d.ts.map +1 -0
- package/dist/utils/set.d.ts +31 -0
- package/dist/utils/set.d.ts.map +1 -0
- package/dist/utils/transformBrandingPreferenceToTheme.d.ts +49 -0
- package/dist/utils/transformBrandingPreferenceToTheme.d.ts.map +1 -0
- package/dist/utils/v2/containsMetaFlowTemplateLiteral.d.ts +57 -0
- package/dist/utils/v2/containsMetaFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/v2/countryCodeToFlagEmoji.d.ts +26 -0
- package/dist/utils/v2/countryCodeToFlagEmoji.d.ts.map +1 -0
- package/dist/utils/v2/extractEmojiFromUri.d.ts +32 -0
- package/dist/utils/v2/extractEmojiFromUri.d.ts.map +1 -0
- package/dist/utils/v2/isEmojiUri.d.ts +34 -0
- package/dist/utils/v2/isEmojiUri.d.ts.map +1 -0
- package/dist/utils/v2/isMetaFlowTemplateLiteral.d.ts +45 -0
- package/dist/utils/v2/isMetaFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/v2/isTranslationFlowTemplateLiteral.d.ts +45 -0
- package/dist/utils/v2/isTranslationFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/v2/parseFlowTemplateLiteral.d.ts +96 -0
- package/dist/utils/v2/parseFlowTemplateLiteral.d.ts.map +1 -0
- package/dist/utils/v2/resolveFlowTemplateLiterals.d.ts +42 -0
- package/dist/utils/v2/resolveFlowTemplateLiterals.d.ts.map +1 -0
- package/dist/utils/v2/resolveLocaleDisplayName.d.ts +30 -0
- package/dist/utils/v2/resolveLocaleDisplayName.d.ts.map +1 -0
- package/dist/utils/v2/resolveLocaleEmoji.d.ts +31 -0
- package/dist/utils/v2/resolveLocaleEmoji.d.ts.map +1 -0
- package/dist/utils/v2/resolveMeta.d.ts +35 -0
- package/dist/utils/v2/resolveMeta.d.ts.map +1 -0
- package/dist/utils/withVendorCSSClassPrefix.d.ts +33 -0
- package/dist/utils/withVendorCSSClassPrefix.d.ts.map +1 -0
- package/package.json +65 -0
|
@@ -0,0 +1,483 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
|
|
3
|
+
*
|
|
4
|
+
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
5
|
+
* Version 2.0 (the "License"); you may not use this file except
|
|
6
|
+
* in compliance with the License.
|
|
7
|
+
* You may obtain a copy of the License at
|
|
8
|
+
*
|
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
*
|
|
11
|
+
* Unless required by applicable law or agreed to in writing,
|
|
12
|
+
* software distributed under the License is distributed on an
|
|
13
|
+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
14
|
+
* KIND, either express or implied. See the License for the
|
|
15
|
+
* specific language governing permissions and limitations
|
|
16
|
+
* under the License.
|
|
17
|
+
*/
|
|
18
|
+
import { Platform } from './platforms';
|
|
19
|
+
import { TokenEndpointAuthMethod } from './token-endpoint-auth';
|
|
20
|
+
import { RecursivePartial } from './utility-types';
|
|
21
|
+
import { ComponentsExtensions } from './v2/extensions/components';
|
|
22
|
+
import { I18nBundle } from '../i18n/models/i18n';
|
|
23
|
+
import { ThemeConfig, ThemeMode } from '../theme/types';
|
|
24
|
+
/**
|
|
25
|
+
* Interface representing the additional parameters to be sent in the sign-in request.
|
|
26
|
+
* This can include custom parameters that your authorization server supports.
|
|
27
|
+
* These parameters will be included in the authorization request sent to the server.
|
|
28
|
+
* If not provided, no additional parameters will be sent.
|
|
29
|
+
*
|
|
30
|
+
* @example
|
|
31
|
+
* signInOptions: { prompt: "login", fidp: "OrganizationSSO" }
|
|
32
|
+
*/
|
|
33
|
+
export type SignInOptions = Record<string, any>;
|
|
34
|
+
/**
|
|
35
|
+
* Interface representing the additional parameters to be sent in the sign-out request.
|
|
36
|
+
* This can include custom parameters that your authorization server supports.
|
|
37
|
+
* These parameters will be included in the sign-out request sent to the server.
|
|
38
|
+
* If not provided, no additional parameters will be sent.
|
|
39
|
+
*
|
|
40
|
+
* @example
|
|
41
|
+
* signOutOptions: { idTokenHint: "your-id-token-hint" }
|
|
42
|
+
*/
|
|
43
|
+
export type SignOutOptions = Record<string, unknown>;
|
|
44
|
+
/**
|
|
45
|
+
* Interface representing the additional parameters to be sent in the sign-up request.
|
|
46
|
+
* This can include custom parameters that your authorization server supports.
|
|
47
|
+
* These parameters will be included in the sign-up request sent to the server.
|
|
48
|
+
* If not provided, no additional parameters will be sent.
|
|
49
|
+
*
|
|
50
|
+
* @example
|
|
51
|
+
* signUpOptions: { appId: "your-app-id" }
|
|
52
|
+
*/
|
|
53
|
+
export type SignUpOptions = Record<string, unknown>;
|
|
54
|
+
export interface BaseConfig<T = unknown> extends WithPreferences, WithExtensions {
|
|
55
|
+
/**
|
|
56
|
+
* Optional URL where the authorization server should redirect after authentication.
|
|
57
|
+
* This must match one of the allowed redirect URIs configured in your IdP.
|
|
58
|
+
* If not provided, the framework layer will use the default redirect URL based on the application type.
|
|
59
|
+
*
|
|
60
|
+
* @example
|
|
61
|
+
* For development: "http://localhost:3000/api/auth/callback"
|
|
62
|
+
* For production: "https://your-app.com/api/auth/callback"
|
|
63
|
+
*/
|
|
64
|
+
afterSignInUrl?: string | undefined;
|
|
65
|
+
/**
|
|
66
|
+
* Optional URL where the authorization server should redirect after sign out.
|
|
67
|
+
* This must match one of the allowed post logout redirect URIs configured in your IdP
|
|
68
|
+
* and is used to redirect the user after they have signed out.
|
|
69
|
+
* If not provided, the framework layer will use the default sign out URL based on the
|
|
70
|
+
*
|
|
71
|
+
* @example
|
|
72
|
+
* For development: "http://localhost:3000/api/auth/signout"
|
|
73
|
+
* For production: "https://your-app.com/api/auth/signout"
|
|
74
|
+
*/
|
|
75
|
+
afterSignOutUrl?: string | undefined;
|
|
76
|
+
/**
|
|
77
|
+
* A list of external API base URLs that the SDK is allowed to attach access tokens to when making HTTP requests.
|
|
78
|
+
*
|
|
79
|
+
* When making authenticated HTTP requests using the SDK's HTTP client, the access token will only be attached
|
|
80
|
+
* to requests whose URLs start with one of these specified base URLs. This provides a security layer by
|
|
81
|
+
* preventing tokens from being sent to unauthorized servers.
|
|
82
|
+
*
|
|
83
|
+
* @remarks
|
|
84
|
+
* - This is only applicable when the storage type is `webWorker`.
|
|
85
|
+
* - Each URL should be a base URL without trailing slashes (e.g., "https://api.example.com").
|
|
86
|
+
* - The SDK will check if the request URL starts with any of these base URLs before attaching the token.
|
|
87
|
+
* - If a request is made to a URL that doesn't match any of these base URLs, an error will be thrown.
|
|
88
|
+
*
|
|
89
|
+
* @example
|
|
90
|
+
* allowedExternalUrls: ["https://api.example.com", "https://api.another-service.com"]
|
|
91
|
+
*/
|
|
92
|
+
allowedExternalUrls?: string[];
|
|
93
|
+
/**
|
|
94
|
+
* Optional UUID of the ThunderID application.
|
|
95
|
+
* This is used to identify the application in the ThunderID identity server for Application Branding,
|
|
96
|
+
* obtaining the access URL in the sign-up flow, etc.
|
|
97
|
+
* If not provided, the framework layer will use the default application ID based on the application.
|
|
98
|
+
*/
|
|
99
|
+
applicationId?: string | undefined;
|
|
100
|
+
/**
|
|
101
|
+
* The base URL of the ThunderID identity server.
|
|
102
|
+
* Example: "https://api.asgardeo.io/t/{org_name}"
|
|
103
|
+
*/
|
|
104
|
+
baseUrl: string | undefined;
|
|
105
|
+
/**
|
|
106
|
+
* The client ID obtained from the ThunderID application registration.
|
|
107
|
+
* This is used to identify your application during authentication.
|
|
108
|
+
*/
|
|
109
|
+
clientId?: string | undefined;
|
|
110
|
+
/**
|
|
111
|
+
* Optional client secret for the application.
|
|
112
|
+
* Only required when using confidential client flows.
|
|
113
|
+
* Not recommended for public clients like browser applications.
|
|
114
|
+
*/
|
|
115
|
+
clientSecret?: string | undefined;
|
|
116
|
+
/**
|
|
117
|
+
* OpenID Connect discovery configuration.
|
|
118
|
+
* Controls how the SDK resolves endpoint URLs from the authorization server.
|
|
119
|
+
* Each discovery mechanism is independently configurable.
|
|
120
|
+
*
|
|
121
|
+
* @example
|
|
122
|
+
* // Use a custom well-known discovery document URL
|
|
123
|
+
* discovery: { wellKnown: { endpoint: "https://custom.example.com/.well-known/openid-configuration" } }
|
|
124
|
+
*
|
|
125
|
+
* @example
|
|
126
|
+
* // Disable well-known discovery entirely
|
|
127
|
+
* discovery: { wellKnown: { enabled: false } }
|
|
128
|
+
*/
|
|
129
|
+
discovery?: {
|
|
130
|
+
/**
|
|
131
|
+
* Configuration for OpenID Connect Discovery via the well-known endpoint (RFC 8414).
|
|
132
|
+
* The SDK fetches `{baseUrl}/oauth2/token/.well-known/openid-configuration` by default.
|
|
133
|
+
*/
|
|
134
|
+
wellKnown?: {
|
|
135
|
+
/**
|
|
136
|
+
* Whether to fetch and use the well-known discovery document to resolve endpoint URLs.
|
|
137
|
+
* @default true
|
|
138
|
+
*/
|
|
139
|
+
enabled?: boolean;
|
|
140
|
+
};
|
|
141
|
+
};
|
|
142
|
+
/**
|
|
143
|
+
* Optional overrides for the OIDC protocol endpoints.
|
|
144
|
+
* By default, the SDK derives all endpoint URLs from the well-known discovery document
|
|
145
|
+
* located at `{baseUrl}/oauth2/token/.well-known/openid-configuration`.
|
|
146
|
+
* Use this when your authorization server exposes endpoints at non-standard paths,
|
|
147
|
+
* or when a custom domain differs from `baseUrl`.
|
|
148
|
+
*
|
|
149
|
+
* Individual overrides take precedence over values resolved from the discovery document.
|
|
150
|
+
*
|
|
151
|
+
* @example
|
|
152
|
+
* endpoints: {
|
|
153
|
+
* wellKnown: "https://custom-domain.example.com/.well-known/openid-configuration",
|
|
154
|
+
* authorization: "https://custom-domain.example.com/oauth2/authorize",
|
|
155
|
+
* }
|
|
156
|
+
*/
|
|
157
|
+
endpoints?: {
|
|
158
|
+
/**
|
|
159
|
+
* The authorization endpoint URL.
|
|
160
|
+
* If not provided, resolved from the well-known discovery document.
|
|
161
|
+
*/
|
|
162
|
+
authorization?: string;
|
|
163
|
+
/**
|
|
164
|
+
* The end-session (logout) endpoint URL.
|
|
165
|
+
* If not provided, resolved from the well-known discovery document.
|
|
166
|
+
*/
|
|
167
|
+
endSession?: string;
|
|
168
|
+
/**
|
|
169
|
+
* The introspection endpoint URL.
|
|
170
|
+
* If not provided, resolved from the well-known discovery document.
|
|
171
|
+
*/
|
|
172
|
+
introspection?: string;
|
|
173
|
+
/**
|
|
174
|
+
* The JSON Web Key Set (JWKS) endpoint URL used to fetch public keys for token verification.
|
|
175
|
+
* If not provided, resolved from the well-known discovery document.
|
|
176
|
+
*/
|
|
177
|
+
jwks?: string;
|
|
178
|
+
/**
|
|
179
|
+
* The token endpoint URL.
|
|
180
|
+
* If not provided, resolved from the well-known discovery document.
|
|
181
|
+
*/
|
|
182
|
+
token?: string;
|
|
183
|
+
/**
|
|
184
|
+
* The userinfo endpoint URL.
|
|
185
|
+
* If not provided, resolved from the well-known discovery document.
|
|
186
|
+
*/
|
|
187
|
+
userInfo?: string;
|
|
188
|
+
/**
|
|
189
|
+
* The OpenID Connect discovery document URL.
|
|
190
|
+
* Defaults to `{baseUrl}/oauth2/token/.well-known/openid-configuration`.
|
|
191
|
+
*/
|
|
192
|
+
wellKnown?: string;
|
|
193
|
+
};
|
|
194
|
+
/**
|
|
195
|
+
* Optional instance ID for multi-auth context support.
|
|
196
|
+
* Use this when you need multiple authentication contexts in the same application.
|
|
197
|
+
*/
|
|
198
|
+
instanceId?: number;
|
|
199
|
+
/**
|
|
200
|
+
* Configuration for chaining authentication across multiple organization contexts.
|
|
201
|
+
* Used when you need to authenticate a user in one organization using credentials
|
|
202
|
+
* from another organization context.
|
|
203
|
+
*/
|
|
204
|
+
organizationChain?: {
|
|
205
|
+
/**
|
|
206
|
+
* Instance ID of the source organization context to retrieve access token from for organization token exchange.
|
|
207
|
+
* Used in linked organization scenarios to automatically fetch the source organization's access token.
|
|
208
|
+
*/
|
|
209
|
+
sourceInstanceId?: number;
|
|
210
|
+
/**
|
|
211
|
+
* Organization ID for the target organization.
|
|
212
|
+
* When provided with sourceInstanceId, triggers automatic organization token exchange.
|
|
213
|
+
*/
|
|
214
|
+
targetOrganizationId?: string;
|
|
215
|
+
};
|
|
216
|
+
/**
|
|
217
|
+
* Optional organization handle for the Organization in ThunderID.
|
|
218
|
+
* This is used to identify the organization in the ThunderID identity server in cases like Branding, etc.
|
|
219
|
+
* If not provided, the framework layer will try to use the `baseUrl` to determine the organization handle.
|
|
220
|
+
* @remarks This is mandatory if a custom domain is configured for the ThunderID organization.
|
|
221
|
+
*/
|
|
222
|
+
organizationHandle?: string | undefined;
|
|
223
|
+
/**
|
|
224
|
+
* Optional platform where the application is running.
|
|
225
|
+
* This helps the SDK to optimize its behavior based on the platform.
|
|
226
|
+
* If not provided, the SDK will attempt to auto-detect the platform.
|
|
227
|
+
*/
|
|
228
|
+
platform?: keyof typeof Platform;
|
|
229
|
+
/**
|
|
230
|
+
* The scopes to request during authentication.
|
|
231
|
+
* Accepts either a space-separated string or an array of strings.
|
|
232
|
+
*
|
|
233
|
+
* These define what access the token should grant (e.g., openid, profile, email).
|
|
234
|
+
* If not provided, defaults to `["openid"]`.
|
|
235
|
+
*
|
|
236
|
+
* @example
|
|
237
|
+
* scopes: "openid profile email"
|
|
238
|
+
* @example
|
|
239
|
+
* scopes: ["openid", "profile", "email"]
|
|
240
|
+
*/
|
|
241
|
+
scopes?: string | string[] | undefined;
|
|
242
|
+
/**
|
|
243
|
+
* Optional additional parameters to be sent in the authorize request.
|
|
244
|
+
* @see {@link SignInOptions} for more details.
|
|
245
|
+
*/
|
|
246
|
+
signInOptions?: SignInOptions;
|
|
247
|
+
/**
|
|
248
|
+
* Optional URL to redirect the user to sign-in.
|
|
249
|
+
* By default, this will be the sign-in page of ThunderID.
|
|
250
|
+
* If you want to use a custom sign-in page, you can provide the URL here and use the `SignIn` component to render it.
|
|
251
|
+
*/
|
|
252
|
+
signInUrl?: string | undefined;
|
|
253
|
+
/**
|
|
254
|
+
* Optional additional parameters to be sent in the sign-out request.
|
|
255
|
+
* @see {@link SignOutOptions} for more details.
|
|
256
|
+
*/
|
|
257
|
+
signOutOptions?: SignOutOptions;
|
|
258
|
+
/**
|
|
259
|
+
* Optional additional parameters to be sent in the sign-up request.
|
|
260
|
+
* @see {@link SignUpOptions} for more details.
|
|
261
|
+
*/
|
|
262
|
+
signUpOptions?: SignUpOptions;
|
|
263
|
+
/**
|
|
264
|
+
* Optional URL to redirect the user to sign-up.
|
|
265
|
+
* By default, this will be the sign-up page of ThunderID.
|
|
266
|
+
* If you want to use a custom sign-up page, you can provide the URL here
|
|
267
|
+
* and use the `SignUp` component to render it.
|
|
268
|
+
*/
|
|
269
|
+
signUpUrl?: string | undefined;
|
|
270
|
+
/**
|
|
271
|
+
* Storage mechanism to use for storing tokens and session data.
|
|
272
|
+
* The values should be defined at the framework layer.
|
|
273
|
+
*/
|
|
274
|
+
storage?: T;
|
|
275
|
+
/**
|
|
276
|
+
* Flag to indicate whether the Application session should be synchronized with the IdP session.
|
|
277
|
+
* @remarks This uses the OIDC iframe base session management feature to keep the application session in sync with the IdP session.
|
|
278
|
+
* WARNING: This may not work in all browsers due to 3rd party cookie restrictions.
|
|
279
|
+
* It is recommended to use this feature only if you are aware of the implications and have tested it in your target browsers.
|
|
280
|
+
* If you are not sure, it is safer to leave this option as `false`.
|
|
281
|
+
* @example
|
|
282
|
+
* syncSession: true
|
|
283
|
+
* @see {@link https://openid.net/specs/openid-connect-session-management-1_0.html#IframeBasedSessionManagement}
|
|
284
|
+
*/
|
|
285
|
+
syncSession?: boolean;
|
|
286
|
+
/**
|
|
287
|
+
* Configuration for token lifecycle management.
|
|
288
|
+
*/
|
|
289
|
+
tokenLifecycle?: {
|
|
290
|
+
/**
|
|
291
|
+
* Configuration for refresh token behavior.
|
|
292
|
+
*/
|
|
293
|
+
refreshToken?: {
|
|
294
|
+
/**
|
|
295
|
+
* Whether to automatically refresh the access token periodically before it expires.
|
|
296
|
+
*/
|
|
297
|
+
autoRefresh?: boolean;
|
|
298
|
+
};
|
|
299
|
+
};
|
|
300
|
+
/**
|
|
301
|
+
* Configuration for the token endpoint request.
|
|
302
|
+
*/
|
|
303
|
+
tokenRequest?: {
|
|
304
|
+
/**
|
|
305
|
+
* OAuth 2.0 client authentication method used at the token endpoint.
|
|
306
|
+
* Maps to `token_endpoint_auth_method` in OIDC Discovery.
|
|
307
|
+
*
|
|
308
|
+
* - `client_secret_basic` — Credentials in the `Authorization: Basic` header.
|
|
309
|
+
* - `client_secret_post` — Credentials in the POST body.
|
|
310
|
+
* - `none` — No client authentication (public clients).
|
|
311
|
+
*
|
|
312
|
+
* When omitted the SDK applies its platform-based default:
|
|
313
|
+
* ThunderIDV2 → `client_secret_basic`; all others → `client_secret_post`.
|
|
314
|
+
*/
|
|
315
|
+
authMethod?: TokenEndpointAuthMethod;
|
|
316
|
+
};
|
|
317
|
+
/**
|
|
318
|
+
* Token validation configuration.
|
|
319
|
+
* This allows you to configure how the SDK validates tokens received from the authorization server.
|
|
320
|
+
* It includes options for ID token validation, such as whether to validate the token,
|
|
321
|
+
* whether to validate the issuer, and the allowed clock tolerance for token validation.
|
|
322
|
+
* If not provided, the SDK will use default validation settings.
|
|
323
|
+
*/
|
|
324
|
+
tokenValidation?: {
|
|
325
|
+
/**
|
|
326
|
+
* ID token validation config.
|
|
327
|
+
*/
|
|
328
|
+
idToken?: {
|
|
329
|
+
/**
|
|
330
|
+
* Allowed leeway for ID tokens (in seconds).
|
|
331
|
+
*/
|
|
332
|
+
clockTolerance?: number;
|
|
333
|
+
/**
|
|
334
|
+
* Whether to validate ID tokens.
|
|
335
|
+
*/
|
|
336
|
+
validate?: boolean;
|
|
337
|
+
/**
|
|
338
|
+
* Whether to validate the issuer of ID tokens.
|
|
339
|
+
*/
|
|
340
|
+
validateIssuer?: boolean;
|
|
341
|
+
};
|
|
342
|
+
};
|
|
343
|
+
}
|
|
344
|
+
export interface WithPreferences {
|
|
345
|
+
/**
|
|
346
|
+
* Preferences for customizing the ThunderID UI components
|
|
347
|
+
*/
|
|
348
|
+
preferences?: Preferences;
|
|
349
|
+
}
|
|
350
|
+
export interface Extensions {
|
|
351
|
+
/**
|
|
352
|
+
* Extension configuration for flow component rendering.
|
|
353
|
+
*/
|
|
354
|
+
components?: ComponentsExtensions;
|
|
355
|
+
}
|
|
356
|
+
export interface WithExtensions {
|
|
357
|
+
/**
|
|
358
|
+
* Extensions for customizing SDK behavior at defined integration points.
|
|
359
|
+
*/
|
|
360
|
+
extensions?: Extensions;
|
|
361
|
+
}
|
|
362
|
+
export type Config<T = unknown> = BaseConfig<T>;
|
|
363
|
+
export interface ThemePreferences {
|
|
364
|
+
/**
|
|
365
|
+
* The text direction for the UI.
|
|
366
|
+
* @default 'ltr'
|
|
367
|
+
*/
|
|
368
|
+
direction?: 'ltr' | 'rtl';
|
|
369
|
+
/**
|
|
370
|
+
* Inherit branding from WSO2 Identity Server or ThunderID.
|
|
371
|
+
* When set to `true`, the SDK will fetch and apply branding preferences from the server.
|
|
372
|
+
* Defaults to `false` — branding is not fetched unless explicitly enabled.
|
|
373
|
+
* @default false
|
|
374
|
+
*/
|
|
375
|
+
inheritFromBranding?: boolean;
|
|
376
|
+
/**
|
|
377
|
+
* The theme mode to use. Defaults to 'system'.
|
|
378
|
+
*/
|
|
379
|
+
mode?: ThemeMode;
|
|
380
|
+
/**
|
|
381
|
+
* Theme overrides to customize the default theme
|
|
382
|
+
*/
|
|
383
|
+
overrides?: RecursivePartial<ThemeConfig>;
|
|
384
|
+
}
|
|
385
|
+
/**
|
|
386
|
+
* The storage strategy to use for persisting the user's language selection.
|
|
387
|
+
*
|
|
388
|
+
* - `'cookie'` — persists in `document.cookie` as a domain cookie (default).
|
|
389
|
+
* Useful for cross-subdomain scenarios where the auth portal and
|
|
390
|
+
* the application share a root domain.
|
|
391
|
+
* - `'localStorage'` — persists in `window.localStorage`.
|
|
392
|
+
* - `'none'` — no persistence; the resolved language is held in React state only.
|
|
393
|
+
*/
|
|
394
|
+
export type I18nStorageStrategy = 'cookie' | 'localStorage' | 'none';
|
|
395
|
+
export interface I18nPreferences {
|
|
396
|
+
/**
|
|
397
|
+
* Custom translations to override default ones.
|
|
398
|
+
*/
|
|
399
|
+
bundles?: Record<string, I18nBundle>;
|
|
400
|
+
/**
|
|
401
|
+
* The domain to use when setting the language cookie.
|
|
402
|
+
* Only applies when `storageStrategy` is `'cookie'`.
|
|
403
|
+
* Defaults to the root domain derived from `window.location.hostname`
|
|
404
|
+
* (e.g. `'app.example.com'` → `'example.com'`).
|
|
405
|
+
* Override this for eTLD+1 domains like `.co.uk` or custom cookie scoping.
|
|
406
|
+
*/
|
|
407
|
+
cookieDomain?: string;
|
|
408
|
+
/**
|
|
409
|
+
* The fallback language to use if translations are not available in the specified language.
|
|
410
|
+
* Defaults to 'en-US'.
|
|
411
|
+
*/
|
|
412
|
+
fallbackLanguage?: string;
|
|
413
|
+
/**
|
|
414
|
+
* The language to use for translations.
|
|
415
|
+
* When set, acts as a hard override and bypasses all other detection sources
|
|
416
|
+
* (URL param, stored preference, browser language).
|
|
417
|
+
*/
|
|
418
|
+
language?: string;
|
|
419
|
+
/**
|
|
420
|
+
* The key used when reading/writing the language to the chosen storage.
|
|
421
|
+
* For `localStorage` this is the key name; for `cookie` this is the cookie name.
|
|
422
|
+
* @default 'thunderid-i18n-language'
|
|
423
|
+
*/
|
|
424
|
+
storageKey?: string;
|
|
425
|
+
/**
|
|
426
|
+
* The storage strategy to use for persisting the user's language selection.
|
|
427
|
+
* @default 'cookie'
|
|
428
|
+
*/
|
|
429
|
+
storageStrategy?: I18nStorageStrategy;
|
|
430
|
+
/**
|
|
431
|
+
* The URL query-parameter name to inspect for a language override.
|
|
432
|
+
* Set to `false` to disable URL-parameter detection entirely.
|
|
433
|
+
* When a URL param is detected its value is immediately persisted to storage.
|
|
434
|
+
* @default 'lang'
|
|
435
|
+
* @example
|
|
436
|
+
* // With urlParam: 'locale', the URL ?locale=fr-FR will select French.
|
|
437
|
+
* // With urlParam: false, URL parameters are ignored.
|
|
438
|
+
*/
|
|
439
|
+
urlParam?: string | false;
|
|
440
|
+
}
|
|
441
|
+
export interface UserPreferences {
|
|
442
|
+
/**
|
|
443
|
+
* Whether to automatically fetch the user's associated organizations after sign-in.
|
|
444
|
+
* When set to false, the SDK will not make API calls to `/api/users/v1/me/organizations`.
|
|
445
|
+
* @default true
|
|
446
|
+
* @remarks Disabling this will improve performance if you don't need organization information.
|
|
447
|
+
* You can manually call `getMyOrganizations()` when needed if this is disabled.
|
|
448
|
+
*/
|
|
449
|
+
fetchOrganizations?: boolean;
|
|
450
|
+
/**
|
|
451
|
+
* Whether to automatically fetch the user profile from SCIM2 endpoints after sign-in.
|
|
452
|
+
* When set to false, the SDK will not make API calls to `/scim2/Me` and `/scim2/Schemas`.
|
|
453
|
+
* Instead, it will extract basic user claims from the ID token.
|
|
454
|
+
* @default true
|
|
455
|
+
* @remarks Disabling this will improve performance but provide limited user profile information.
|
|
456
|
+
* Only the claims present in the ID token will be available (e.g., sub, email, name).
|
|
457
|
+
* For full user profile attributes (custom claims, enterprise attributes, etc.),
|
|
458
|
+
* keep this enabled or manually call `getUserProfile()` when needed.
|
|
459
|
+
*/
|
|
460
|
+
fetchUserProfile?: boolean;
|
|
461
|
+
}
|
|
462
|
+
export interface Preferences {
|
|
463
|
+
/**
|
|
464
|
+
* Internationalization preferences for the ThunderID UI components
|
|
465
|
+
*/
|
|
466
|
+
i18n?: I18nPreferences;
|
|
467
|
+
/**
|
|
468
|
+
* Whether to resolve the theme from the Flow Meta API (GET /flow/meta).
|
|
469
|
+
* @remarks This is only applicable when using platform `ThunderID V2` (Thunder).
|
|
470
|
+
*/
|
|
471
|
+
resolveFromMeta?: boolean;
|
|
472
|
+
/**
|
|
473
|
+
* Theme preferences for the ThunderID UI components
|
|
474
|
+
*/
|
|
475
|
+
theme?: ThemePreferences;
|
|
476
|
+
/**
|
|
477
|
+
* User profile preferences for controlling user data fetching behavior.
|
|
478
|
+
* TEMPORARY CONFIG
|
|
479
|
+
* TODO: Remove this once https://github.com/asgardeo/javascript/issues/412 is properly fixed.
|
|
480
|
+
*/
|
|
481
|
+
user?: UserPreferences;
|
|
482
|
+
}
|
|
483
|
+
//# sourceMappingURL=config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/models/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,QAAQ,EAAC,MAAM,aAAa,CAAC;AACrC,OAAO,EAAC,uBAAuB,EAAC,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAC,oBAAoB,EAAC,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAC,UAAU,EAAC,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAC,WAAW,EAAE,SAAS,EAAC,MAAM,gBAAgB,CAAC;AAEtD;;;;;;;;GAQG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAEhD;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAErD;;;;;;;;GAQG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEpD,MAAM,WAAW,UAAU,CAAC,CAAC,GAAG,OAAO,CAAE,SAAQ,eAAe,EAAE,cAAc;IAC9E;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAEpC;;;;;;;;;OASG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAErC;;;;;;;;;;;;;;;OAeG;IACH,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE/B;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAEnC;;;OAGG;IACH,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAE9B;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAElC;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,EAAE;QACV;;;WAGG;QACH,SAAS,CAAC,EAAE;YACV;;;eAGG;YACH,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,CAAC;KACH,CAAC;IAEF;;;;;;;;;;;;;;OAcG;IACH,SAAS,CAAC,EAAE;QACV;;;WAGG;QACH,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB;;;WAGG;QACH,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB;;;WAGG;QACH,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB;;;WAGG;QACH,IAAI,CAAC,EAAE,MAAM,CAAC;QACd;;;WAGG;QACH,KAAK,CAAC,EAAE,MAAM,CAAC;QACf;;;WAGG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB;;;WAGG;QACH,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IAEF;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;OAIG;IACH,iBAAiB,CAAC,EAAE;QAClB;;;WAGG;QACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B;;;WAGG;QACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;KAC/B,CAAC;IAEF;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,OAAO,QAAQ,CAAC;IAEjC;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;IAEvC;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAE/B;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAE/B;;;OAGG;IACH,OAAO,CAAC,EAAE,CAAC,CAAC;IAEZ;;;;;;;;;OASG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;OAEG;IACH,cAAc,CAAC,EAAE;QACf;;WAEG;QACH,YAAY,CAAC,EAAE;YACb;;eAEG;YACH,WAAW,CAAC,EAAE,OAAO,CAAC;SACvB,CAAC;KACH,CAAC;IAEF;;OAEG;IACH,YAAY,CAAC,EAAE;QACb;;;;;;;;;;WAUG;QACH,UAAU,CAAC,EAAE,uBAAuB,CAAC;KACtC,CAAC;IAEF;;;;;;OAMG;IACH,eAAe,CAAC,EAAE;QAChB;;WAEG;QACH,OAAO,CAAC,EAAE;YACR;;eAEG;YACH,cAAc,CAAC,EAAE,MAAM,CAAC;YACxB;;eAEG;YACH,QAAQ,CAAC,EAAE,OAAO,CAAC;YACnB;;eAEG;YACH,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC;CACnC;AAED,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED,MAAM,MAAM,MAAM,CAAC,CAAC,GAAG,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,SAAS,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC;IAC1B;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B;;OAEG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IACjB;;OAEG;IACH,SAAS,CAAC,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC;CAC3C;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,mBAAmB,GAAG,QAAQ,GAAG,cAAc,GAAG,MAAM,CAAC;AAErE,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACrC;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,eAAe,CAAC,EAAE,mBAAmB,CAAC;IACtC;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,IAAI,CAAC,EAAE,eAAe,CAAC;IACvB;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B;;OAEG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;OAIG;IACH,IAAI,CAAC,EAAE,eAAe,CAAC;CACxB"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
|
|
3
|
+
*
|
|
4
|
+
* WSO2 LLC. licenses this file to you under the Apache License,
|
|
5
|
+
* Version 2.0 (the "License"); you may not use this file except
|
|
6
|
+
* in compliance with the License.
|
|
7
|
+
* You may obtain a copy of the License at
|
|
8
|
+
*
|
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
*
|
|
11
|
+
* Unless required by applicable law or agreed to in writing,
|
|
12
|
+
* software distributed under the License is distributed on an
|
|
13
|
+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
14
|
+
* KIND, either express or implied. See the License for the
|
|
15
|
+
* specific language governing permissions and limitations
|
|
16
|
+
* under the License.
|
|
17
|
+
*/
|
|
18
|
+
/**
|
|
19
|
+
* JWK Model
|
|
20
|
+
*/
|
|
21
|
+
export interface JWKInterface {
|
|
22
|
+
alg: string;
|
|
23
|
+
e: string;
|
|
24
|
+
kid: string;
|
|
25
|
+
kty: string;
|
|
26
|
+
n: string;
|
|
27
|
+
use: string;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Cryptographic utility interface for OIDC operations.
|
|
31
|
+
* Provides methods for encoding, decoding, hashing, and JWT verification
|
|
32
|
+
* used in OAuth2/OIDC flows.
|
|
33
|
+
*
|
|
34
|
+
* @remarks
|
|
35
|
+
* This interface abstracts cryptographic operations needed for:
|
|
36
|
+
* - PKCE challenge/verifier generation
|
|
37
|
+
* - JWT token validation
|
|
38
|
+
* - Base64URL encoding/decoding
|
|
39
|
+
* - Secure random number generation
|
|
40
|
+
*
|
|
41
|
+
* @example
|
|
42
|
+
* ```typescript
|
|
43
|
+
* class MyCrypto implements Crypto<Uint8Array> {
|
|
44
|
+
* base64URLEncode(value: Uint8Array): string {
|
|
45
|
+
* // Implementation
|
|
46
|
+
* }
|
|
47
|
+
* // ... other implementations
|
|
48
|
+
* }
|
|
49
|
+
* ```
|
|
50
|
+
*/
|
|
51
|
+
export interface Crypto<T = any> {
|
|
52
|
+
/**
|
|
53
|
+
* Decode the provided data encoded in base64url format.
|
|
54
|
+
*
|
|
55
|
+
* @param value - Data to be decoded.
|
|
56
|
+
*
|
|
57
|
+
* @returns Decoded data.
|
|
58
|
+
*/
|
|
59
|
+
base64URLDecode(value: string): string;
|
|
60
|
+
/**
|
|
61
|
+
* Encode the provided data in base64url format.
|
|
62
|
+
*
|
|
63
|
+
* @param value - Data to be encoded.
|
|
64
|
+
*
|
|
65
|
+
* @returns Encoded data.
|
|
66
|
+
*/
|
|
67
|
+
base64URLEncode(value: T): string;
|
|
68
|
+
/**
|
|
69
|
+
* Generate random bytes.
|
|
70
|
+
*
|
|
71
|
+
* @param length - Length of the random bytes to be generated.
|
|
72
|
+
*
|
|
73
|
+
* @returns Random bytes.
|
|
74
|
+
*/
|
|
75
|
+
generateRandomBytes(length: number): T;
|
|
76
|
+
/**
|
|
77
|
+
* Hash the provided data using SHA-256.
|
|
78
|
+
*
|
|
79
|
+
* @param data - Data to be hashed.
|
|
80
|
+
*
|
|
81
|
+
* @returns Hashed data.
|
|
82
|
+
*/
|
|
83
|
+
hashSha256(data: string): T | Promise<T>;
|
|
84
|
+
/**
|
|
85
|
+
* Verify the provided JWT.
|
|
86
|
+
*
|
|
87
|
+
* @param idToken - ID Token to be verified.
|
|
88
|
+
* @param jwk - JWK to be used for verification.
|
|
89
|
+
* @param algorithms - Algorithms to be used for verification.
|
|
90
|
+
* @param clientId - Client ID to be used for verification.
|
|
91
|
+
* @param issuer - Issuer to be used for verification.
|
|
92
|
+
* @param subject - Subject to be used for verification.
|
|
93
|
+
* @param clockTolerance - Clock tolerance to be used for verification.
|
|
94
|
+
*
|
|
95
|
+
* @returns True if the ID Token is valid.
|
|
96
|
+
*
|
|
97
|
+
* @throws if the id_token is invalid.
|
|
98
|
+
*/
|
|
99
|
+
verifyJwt(idToken: string, jwk: JWKInterface, algorithms: string[], clientId: string, issuer: string, subject: string, clockTolerance?: number, validateJwtIssuer?: boolean): Promise<boolean>;
|
|
100
|
+
}
|
|
101
|
+
//# sourceMappingURL=crypto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/models/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,WAAW,MAAM,CAAC,CAAC,GAAG,GAAG;IAC7B;;;;;;OAMG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IAEvC;;;;;;OAMG;IACH,eAAe,CAAC,KAAK,EAAE,CAAC,GAAG,MAAM,CAAC;IAElC;;;;;;OAMG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,CAAC;IAEvC;;;;;;OAMG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAEzC;;;;;;;;;;;;;;OAcG;IACH,SAAS,CACP,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,YAAY,EACjB,UAAU,EAAE,MAAM,EAAE,EACpB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,cAAc,CAAC,EAAE,MAAM,EACvB,iBAAiB,CAAC,EAAE,OAAO,GAC1B,OAAO,CAAC,OAAO,CAAC,CAAC;CACrB"}
|