oidc-auth-client 0.0.0

package/dist/src/auth/Settings.js

@@ -0,0 +1,210 @@
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+import { Log } from '../utils/Log.js';
+import { ClockService } from '../services/Timer.js';
+import { WebStorageStateStore } from '../storage/Storage.js';
+import { ResponseValidator } from '../protocol/ResponseValidator.js';
+import { MetadataService } from '../services/Http.js';
+import { RedirectNavigator, PopupNavigator, IFrameNavigator } from '../navigation/Navigator.js';
+import { Global } from '../utils/Global.js';
+import { SigninRequest } from '../protocol/Requests.js';
+const OidcMetadataUrlPath = '.well-known/openid-configuration';
+const DefaultResponseType = 'id_token';
+const DefaultScope = 'openid';
+const DefaultClientAuthentication = 'client_secret_post';
+const DefaultStaleStateAge = 60 * 15; // seconds
+const DefaultClockSkewInSeconds = 60 * 5;
+const DefaultAccessTokenExpiringNotificationTime = 60;
+const DefaultCheckSessionInterval = 2000;
+export class OidcClientSettings {
+    constructor({ 
+    // metadata related
+    authority, metadataUrl, metadata, signingKeys, metadataSeed, 
+    // client related
+    client_id, client_secret, response_type = DefaultResponseType, scope = DefaultScope, redirect_uri, post_logout_redirect_uri, client_authentication = DefaultClientAuthentication, 
+    // optional protocol
+    prompt, display, max_age, ui_locales, acr_values, resource, response_mode, 
+    // behavior flags
+    filterProtocolClaims = true, loadUserInfo = true, staleStateAge = DefaultStaleStateAge, clockSkew = DefaultClockSkewInSeconds, clockService = new ClockService(), userInfoJwtIssuer = 'OP', mergeClaims = false, 
+    // other behavior
+    stateStore = new WebStorageStateStore(), ResponseValidatorCtor = ResponseValidator, MetadataServiceCtor = MetadataService, 
+    // extra query params
+    extraQueryParams = {}, extraTokenParams = {}, } = {}) {
+        this._authority = authority;
+        this._metadataUrl = metadataUrl;
+        this._metadata = metadata;
+        this._metadataSeed = metadataSeed;
+        this._signingKeys = signingKeys;
+        this._client_id = client_id;
+        this._client_secret = client_secret;
+        this._response_type = response_type;
+        this._scope = scope;
+        this._redirect_uri = redirect_uri;
+        this._post_logout_redirect_uri = post_logout_redirect_uri;
+        this._client_authentication = client_authentication;
+        this._prompt = prompt;
+        this._display = display;
+        this._max_age = max_age;
+        this._ui_locales = ui_locales;
+        this._acr_values = acr_values;
+        this._resource = resource;
+        this._response_mode = response_mode;
+        this._filterProtocolClaims = !!filterProtocolClaims;
+        this._loadUserInfo = !!loadUserInfo;
+        this._staleStateAge = staleStateAge;
+        this._clockSkew = clockSkew;
+        this._clockService = clockService;
+        this._userInfoJwtIssuer = userInfoJwtIssuer;
+        this._mergeClaims = !!mergeClaims;
+        this._stateStore = stateStore;
+        this._validator = new ResponseValidatorCtor(this);
+        this._metadataService = new MetadataServiceCtor(this);
+        this._extraQueryParams = typeof extraQueryParams === 'object' ? extraQueryParams : {};
+        this._extraTokenParams = typeof extraTokenParams === 'object' ? extraTokenParams : {};
+    }
+    // client config
+    get client_id() { return this._client_id; }
+    set client_id(value) {
+        if (!this._client_id) {
+            this._client_id = value;
+        }
+        else {
+            Log.error('OidcClientSettings.set_client_id: client_id has already been assigned.');
+            throw new Error('client_id has already been assigned.');
+        }
+    }
+    get client_secret() { return this._client_secret; }
+    get response_type() { return this._response_type; }
+    get scope() { return this._scope; }
+    get redirect_uri() { return this._redirect_uri; }
+    get post_logout_redirect_uri() { return this._post_logout_redirect_uri; }
+    get client_authentication() { return this._client_authentication; }
+    // optional protocol params
+    get prompt() { return this._prompt; }
+    get display() { return this._display; }
+    get max_age() { return this._max_age; }
+    get ui_locales() { return this._ui_locales; }
+    get acr_values() { return this._acr_values; }
+    get resource() { return this._resource; }
+    get response_mode() { return this._response_mode; }
+    // metadata
+    get authority() { return this._authority; }
+    set authority(value) {
+        if (!this._authority) {
+            this._authority = value;
+        }
+        else {
+            Log.error('OidcClientSettings.set_authority: authority has already been assigned.');
+            throw new Error('authority has already been assigned.');
+        }
+    }
+    get metadataUrl() {
+        if (!this._metadataUrl) {
+            this._metadataUrl = this.authority;
+            if (this._metadataUrl && this._metadataUrl.indexOf(OidcMetadataUrlPath) < 0) {
+                if (this._metadataUrl[this._metadataUrl.length - 1] !== '/') {
+                    this._metadataUrl += '/';
+                }
+                this._metadataUrl += OidcMetadataUrlPath;
+            }
+        }
+        return this._metadataUrl;
+    }
+    // settable/cachable metadata values
+    get metadata() { return this._metadata; }
+    set metadata(value) { this._metadata = value; }
+    get metadataSeed() { return this._metadataSeed; }
+    set metadataSeed(value) { this._metadataSeed = value; }
+    get signingKeys() { return this._signingKeys; }
+    set signingKeys(value) { this._signingKeys = value; }
+    // behavior flags
+    get filterProtocolClaims() { return this._filterProtocolClaims; }
+    get loadUserInfo() { return this._loadUserInfo; }
+    get staleStateAge() { return this._staleStateAge; }
+    get clockSkew() { return this._clockSkew; }
+    get userInfoJwtIssuer() { return this._userInfoJwtIssuer; }
+    get mergeClaims() { return this._mergeClaims; }
+    get stateStore() { return this._stateStore; }
+    get validator() { return this._validator; }
+    get metadataService() { return this._metadataService; }
+    // extra query params
+    get extraQueryParams() { return this._extraQueryParams; }
+    set extraQueryParams(value) {
+        if (typeof value === 'object') {
+            this._extraQueryParams = value;
+        }
+        else {
+            this._extraQueryParams = {};
+        }
+    }
+    // extra token params
+    get extraTokenParams() { return this._extraTokenParams; }
+    set extraTokenParams(value) {
+        if (typeof value === 'object') {
+            this._extraTokenParams = value;
+        }
+        else {
+            this._extraTokenParams = {};
+        }
+    }
+    // get the time
+    getEpochTime() {
+        return this._clockService.getEpochTime();
+    }
+}
+export class UserManagerSettings extends OidcClientSettings {
+    constructor(settings = {}) {
+        super(settings);
+        this._popup_redirect_uri = settings.popup_redirect_uri;
+        this._popup_post_logout_redirect_uri = settings.popup_post_logout_redirect_uri;
+        this._popupWindowFeatures = settings.popupWindowFeatures;
+        this._popupWindowTarget = settings.popupWindowTarget;
+        this._silent_redirect_uri = settings.silent_redirect_uri;
+        this._silentRequestTimeout = settings.silentRequestTimeout;
+        this._automaticSilentRenew = settings.automaticSilentRenew || false;
+        this._validateSubOnSilentRenew = settings.validateSubOnSilentRenew || false;
+        this._includeIdTokenInSilentRenew = settings.includeIdTokenInSilentRenew !== false;
+        this._accessTokenExpiringNotificationTime =
+            settings.accessTokenExpiringNotificationTime || DefaultAccessTokenExpiringNotificationTime;
+        this._monitorSession = settings.monitorSession !== false;
+        this._monitorAnonymousSession = settings.monitorAnonymousSession || false;
+        this._checkSessionInterval = settings.checkSessionInterval || DefaultCheckSessionInterval;
+        this._stopCheckSessionOnError = settings.stopCheckSessionOnError !== false;
+        if (settings.query_status_response_type) {
+            this._query_status_response_type = settings.query_status_response_type;
+        }
+        else if (settings.response_type) {
+            this._query_status_response_type = SigninRequest.isOidc(settings.response_type)
+                ? 'id_token'
+                : 'code';
+        }
+        else {
+            this._query_status_response_type = 'id_token';
+        }
+        this._revokeAccessTokenOnSignout = settings.revokeAccessTokenOnSignout || false;
+        this._redirectNavigator = settings.redirectNavigator || new RedirectNavigator();
+        this._popupNavigator = settings.popupNavigator || new PopupNavigator();
+        this._iframeNavigator = settings.iframeNavigator || new IFrameNavigator();
+        this._userStore = settings.userStore || new WebStorageStateStore({ store: Global.sessionStorage });
+    }
+    get popup_redirect_uri() { return this._popup_redirect_uri; }
+    get popup_post_logout_redirect_uri() { return this._popup_post_logout_redirect_uri; }
+    get popupWindowFeatures() { return this._popupWindowFeatures; }
+    get popupWindowTarget() { return this._popupWindowTarget; }
+    get silent_redirect_uri() { return this._silent_redirect_uri; }
+    get silentRequestTimeout() { return this._silentRequestTimeout; }
+    get automaticSilentRenew() { return this._automaticSilentRenew; }
+    get validateSubOnSilentRenew() { return this._validateSubOnSilentRenew; }
+    get includeIdTokenInSilentRenew() { return this._includeIdTokenInSilentRenew; }
+    get accessTokenExpiringNotificationTime() { return this._accessTokenExpiringNotificationTime; }
+    get monitorSession() { return this._monitorSession; }
+    get monitorAnonymousSession() { return this._monitorAnonymousSession; }
+    get checkSessionInterval() { return this._checkSessionInterval; }
+    get stopCheckSessionOnError() { return this._stopCheckSessionOnError; }
+    get query_status_response_type() { return this._query_status_response_type; }
+    get revokeAccessTokenOnSignout() { return this._revokeAccessTokenOnSignout; }
+    get redirectNavigator() { return this._redirectNavigator; }
+    get popupNavigator() { return this._popupNavigator; }
+    get iframeNavigator() { return this._iframeNavigator; }
+    get userStore() { return this._userStore; }
+}
+//# sourceMappingURL=Settings.js.map

package/dist/src/auth/Settings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Settings.js","sourceRoot":"","sources":["../../../src/auth/Settings.ts"],"names":[],"mappings":"AAAA,2GAA2G;AAE3G,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAChG,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAKxD,MAAM,mBAAmB,GAAG,kCAAkC,CAAC;AAE/D,MAAM,mBAAmB,GAAG,UAAU,CAAC;AACvC,MAAM,YAAY,GAAG,QAAQ,CAAC;AAC9B,MAAM,2BAA2B,GAAG,oBAAoB,CAAC;AACzD,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,CAAC,CAAC;AACzC,MAAM,0CAA0C,GAAG,EAAE,CAAC;AACtD,MAAM,2BAA2B,GAAG,IAAI,CAAC;AA8CzC,MAAM,OAAO,kBAAkB;IAsC7B,YAAY;IACV,mBAAmB;IACnB,SAAS,EACT,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY;IACZ,iBAAiB;IACjB,SAAS,EACT,aAAa,EACb,aAAa,GAAG,mBAAmB,EACnC,KAAK,GAAG,YAAY,EACpB,YAAY,EACZ,wBAAwB,EACxB,qBAAqB,GAAG,2BAA2B;IACnD,oBAAoB;IACpB,MAAM,EACN,OAAO,EACP,OAAO,EACP,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa;IACb,iBAAiB;IACjB,oBAAoB,GAAG,IAAI,EAC3B,YAAY,GAAG,IAAI,EACnB,aAAa,GAAG,oBAAoB,EACpC,SAAS,GAAG,yBAAyB,EACrC,YAAY,GAAG,IAAI,YAAY,EAAE,EACjC,iBAAiB,GAAG,IAAI,EACxB,WAAW,GAAG,KAAK;IACnB,iBAAiB;IACjB,UAAU,GAAG,IAAI,oBAAoB,EAAE,EACvC,qBAAqB,GAAG,iBAAiB,EACzC,mBAAmB,GAAG,eAAe;IACrC,qBAAqB;IACrB,gBAAgB,GAAG,EAAE,EACrB,gBAAgB,GAAG,EAAE,MACK,EAAE;QAC5B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAEhC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;QACpC,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,yBAAyB,GAAG,wBAAwB,CAAC;QAC1D,IAAI,CAAC,sBAAsB,GAAG,qBAAqB,CAAC;QAEpD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;QAEpC,IAAI,CAAC,qBAAqB,GAAG,CAAC,CAAC,oBAAoB,CAAC;QACpD,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC,YAAY,CAAC;QACpC,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;QACpC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,WAAW,CAAC;QAElC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,UAAU,GAAG,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,gBAAgB,GAAG,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAEtD,IAAI,CAAC,iBAAiB,GAAG,OAAO,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,IAAI,CAAC,iBAAiB,GAAG,OAAO,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;IACxF,CAAC;IAED,gBAAgB;IAChB,IAAI,SAAS,KAAyB,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/D,IAAI,SAAS,CAAC,KAAyB;QACrC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;YACpF,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,IAAI,aAAa,KAAyB,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;IACvE,IAAI,aAAa,KAAa,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3D,IAAI,KAAK,KAAa,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3C,IAAI,YAAY,KAAyB,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACrE,IAAI,wBAAwB,KAAyB,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;IAC7F,IAAI,qBAAqB,KAAa,OAAO,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;IAE3E,2BAA2B;IAC3B,IAAI,MAAM,KAAyB,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,IAAI,OAAO,KAAyB,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3D,IAAI,OAAO,KAAyB,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3D,IAAI,UAAU,KAAyB,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IACjE,IAAI,UAAU,KAAyB,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IACjE,IAAI,QAAQ,KAAyB,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAC7D,IAAI,aAAa,KAAgC,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;IAE9E,WAAW;IACX,IAAI,SAAS,KAAyB,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/D,IAAI,SAAS,CAAC,KAAyB;QACrC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;YACpF,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,IAAI,WAAW;QACb,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;YAEnC,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5E,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBAC5D,IAAI,CAAC,YAAY,IAAI,GAAG,CAAC;gBAC3B,CAAC;gBACD,IAAI,CAAC,YAAY,IAAI,mBAAmB,CAAC;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,oCAAoC;IACpC,IAAI,QAAQ,KAA+B,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,CAAC,KAA+B,IAAI,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC;IACzE,IAAI,YAAY,KAAwC,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACpF,IAAI,YAAY,CAAC,KAAwC,IAAI,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC;IAE1F,IAAI,WAAW,KAA2B,OAAO,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IACrE,IAAI,WAAW,CAAC,KAA2B,IAAI,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC;IAE3E,iBAAiB;IACjB,IAAI,oBAAoB,KAAc,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAC1E,IAAI,YAAY,KAAc,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IAC1D,IAAI,aAAa,KAAa,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3D,IAAI,SAAS,KAAa,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACnD,IAAI,iBAAiB,KAAa,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACnE,IAAI,WAAW,KAAc,OAAO,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAExD,IAAI,UAAU,KAAiB,OAAO,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IACzD,IAAI,SAAS,KAAwB,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9D,IAAI,eAAe,KAAsB,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAExE,qBAAqB;IACrB,IAAI,gBAAgB,KAA6B,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACjF,IAAI,gBAAgB,CAAC,KAA6B;QAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IAAI,gBAAgB,KAA8B,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAClF,IAAI,gBAAgB,CAAC,KAA8B;QACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,eAAe;IACf,YAAY;QACV,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;IAC3C,CAAC;CACF;AA6BD,MAAM,OAAO,mBAAoB,SAAQ,kBAAkB;IAyBzD,YAAY,WAAoC,EAAE;QAChD,KAAK,CAAC,QAAQ,CAAC,CAAC;QAEhB,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,kBAAkB,CAAC;QACvD,IAAI,CAAC,+BAA+B,GAAG,QAAQ,CAAC,8BAA8B,CAAC;QAC/E,IAAI,CAAC,oBAAoB,GAAG,QAAQ,CAAC,mBAAmB,CAAC;QACzD,IAAI,CAAC,kBAAkB,GAAG,QAAQ,CAAC,iBAAiB,CAAC;QAErD,IAAI,CAAC,oBAAoB,GAAG,QAAQ,CAAC,mBAAmB,CAAC;QACzD,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,oBAAoB,CAAC;QAC3D,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,oBAAoB,IAAI,KAAK,CAAC;QACpE,IAAI,CAAC,yBAAyB,GAAG,QAAQ,CAAC,wBAAwB,IAAI,KAAK,CAAC;QAC5E,IAAI,CAAC,4BAA4B,GAAG,QAAQ,CAAC,2BAA2B,KAAK,KAAK,CAAC;QACnF,IAAI,CAAC,oCAAoC;YACvC,QAAQ,CAAC,mCAAmC,IAAI,0CAA0C,CAAC;QAE7F,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,cAAc,KAAK,KAAK,CAAC;QACzD,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,uBAAuB,IAAI,KAAK,CAAC;QAC1E,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,oBAAoB,IAAI,2BAA2B,CAAC;QAC1F,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,uBAAuB,KAAK,KAAK,CAAC;QAE3E,IAAI,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YACxC,IAAI,CAAC,2BAA2B,GAAG,QAAQ,CAAC,0BAA0B,CAAC;QACzE,CAAC;aAAM,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC,2BAA2B,GAAG,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC7E,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,MAAM,CAAC;QACb,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,2BAA2B,GAAG,UAAU,CAAC;QAChD,CAAC;QACD,IAAI,CAAC,2BAA2B,GAAG,QAAQ,CAAC,0BAA0B,IAAI,KAAK,CAAC;QAEhF,IAAI,CAAC,kBAAkB,GAAG,QAAQ,CAAC,iBAAiB,IAAI,IAAI,iBAAiB,EAAE,CAAC;QAChF,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,cAAc,IAAI,IAAI,cAAc,EAAE,CAAC;QACvE,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC,eAAe,IAAI,IAAI,eAAe,EAAE,CAAC;QAE1E,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC,SAAS,IAAI,IAAI,oBAAoB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,IAAI,kBAAkB,KAAyB,OAAO,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;IACjF,IAAI,8BAA8B,KAAyB,OAAO,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;IACzG,IAAI,mBAAmB,KAAyB,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACnF,IAAI,iBAAiB,KAAyB,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAE/E,IAAI,mBAAmB,KAAyB,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACnF,IAAI,oBAAoB,KAAyB,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACrF,IAAI,oBAAoB,KAAc,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAC1E,IAAI,wBAAwB,KAAc,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;IAClF,IAAI,2BAA2B,KAAc,OAAO,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACxF,IAAI,mCAAmC,KAAa,OAAO,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;IAEvG,IAAI,cAAc,KAAc,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IAC9D,IAAI,uBAAuB,KAAc,OAAO,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAChF,IAAI,oBAAoB,KAAa,OAAO,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACzE,IAAI,uBAAuB,KAAc,OAAO,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAChF,IAAI,0BAA0B,KAAa,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACrF,IAAI,0BAA0B,KAAc,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAEtF,IAAI,iBAAiB,KAAwB,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC9E,IAAI,cAAc,KAAqB,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACrE,IAAI,eAAe,KAAsB,OAAO,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAExE,IAAI,SAAS,KAAiB,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;CACxD"}

package/dist/src/crypto/Crypto.d.ts

@@ -0,0 +1,14 @@
+import type { JwkKey, JwtPayload, ParsedJwt } from '../types/crypto.js';
+export type { JwtPayload, ParsedJwt } from '../types/crypto.js';
+export declare function generateRandom(): string;
+export declare class JoseUtil {
+    static parseJwt(jwt: string): ParsedJwt | undefined;
+    static validateJwt(jwt: string, key: JwkKey, issuer: string, audience: string, clockSkew?: number, _now?: number, timeInsensitive?: boolean): Promise<JwtPayload>;
+    static validateJwtAttributes(jwt: string, issuer: string, audience: string, clockSkew?: number, _now?: number, timeInsensitive?: boolean): Promise<JwtPayload>;
+    static hashString(value: string, alg: string): Promise<string>;
+    static hexToBase64Url(hex: string): string;
+    static calculatePKCECodeChallenge(codeVerifier: string): Promise<string>;
+}
+export type JoseUtilType = typeof JoseUtil;
+export default JoseUtil;
+//# sourceMappingURL=Crypto.d.ts.map

package/dist/src/crypto/Crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Crypto.d.ts","sourceRoot":"","sources":["../../../src/crypto/Crypto.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACxE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAMhE,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAMD,qBAAa,QAAQ;IACnB,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;WAetC,WAAW,CACtB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,SAAS,GAAE,MAAU,EACrB,IAAI,CAAC,EAAE,MAAM,EACb,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,UAAU,CAAC;WAkBT,qBAAqB,CAChC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,SAAS,GAAE,MAAU,EACrB,IAAI,CAAC,EAAE,MAAM,EACb,eAAe,CAAC,EAAE,OAAO,GACxB,OAAO,CAAC,UAAU,CAAC;WAkCT,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWpE,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM;WAM7B,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAM/E;AAGD,MAAM,MAAM,YAAY,GAAG,OAAO,QAAQ,CAAC;AAC3C,eAAe,QAAQ,CAAC"}

package/dist/src/crypto/Crypto.js

@@ -0,0 +1,107 @@
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+import { Log } from '../utils/Log.js';
+import { importJWK, jwtVerify, decodeJwt, decodeProtectedHeader, base64url, } from 'jose';
+//=============================================================================
+// Random generation
+//=============================================================================
+export function generateRandom() {
+    return crypto.randomUUID().replace(/-/g, '');
+}
+//=============================================================================
+// JoseUtil — JWT parsing, verification, and PKCE via the `jose` library
+//=============================================================================
+export class JoseUtil {
+    static parseJwt(jwt) {
+        Log.debug('JoseUtil.parseJwt');
+        try {
+            const header = decodeProtectedHeader(jwt);
+            const payload = decodeJwt(jwt);
+            return {
+                header: { alg: header.alg, kid: header.kid, ...header },
+                payload: payload,
+            };
+        }
+        catch (e) {
+            Log.error(e);
+            return undefined;
+        }
+    }
+    static async validateJwt(jwt, key, issuer, audience, clockSkew = 0, _now, timeInsensitive) {
+        Log.debug('JoseUtil.validateJwt');
+        try {
+            const alg = decodeProtectedHeader(jwt).alg ?? 'RS256';
+            const cryptoKey = await importJWK(key, alg);
+            const { payload } = await jwtVerify(jwt, cryptoKey, {
+                issuer,
+                audience,
+                clockTolerance: clockSkew,
+                ...(timeInsensitive ? { currentDate: new Date(0) } : {}),
+            });
+            return payload;
+        }
+        catch (e) {
+            Log.error(e?.message || String(e));
+            return Promise.reject(new Error('JWT validation failed: ' + e?.message));
+        }
+    }
+    static async validateJwtAttributes(jwt, issuer, audience, clockSkew = 0, _now, timeInsensitive) {
+        // Validates claims only (no signature check). Used when the signature has
+        // already been verified separately (e.g. refresh token flow).
+        Log.debug('JoseUtil.validateJwtAttributes');
+        const parsed = JoseUtil.parseJwt(jwt);
+        if (!parsed)
+            return Promise.reject(new Error('Failed to parse JWT'));
+        const payload = parsed.payload;
+        if (!payload.iss)
+            return Promise.reject(new Error('issuer was not provided'));
+        if (payload.iss !== issuer)
+            return Promise.reject(new Error('Invalid issuer in token: ' + payload.iss));
+        if (!payload.aud)
+            return Promise.reject(new Error('aud was not provided'));
+        const validAudience = payload.aud === audience ||
+            (Array.isArray(payload.aud) && payload.aud.includes(audience));
+        if (!validAudience)
+            return Promise.reject(new Error('Invalid audience in token: ' + String(payload.aud)));
+        if (payload.azp && payload.azp !== audience)
+            return Promise.reject(new Error('Invalid azp in token: ' + String(payload.azp)));
+        if (!timeInsensitive) {
+            const now = Math.floor(Date.now() / 1000);
+            const lower = now + clockSkew;
+            const upper = now - clockSkew;
+            if (!payload.iat)
+                return Promise.reject(new Error('iat was not provided'));
+            if (lower < payload.iat)
+                return Promise.reject(new Error('iat is in the future: ' + payload.iat));
+            if (payload.nbf && lower < payload.nbf)
+                return Promise.reject(new Error('nbf is in the future: ' + payload.nbf));
+            if (!payload.exp)
+                return Promise.reject(new Error('exp was not provided'));
+            if (payload.exp < upper)
+                return Promise.reject(new Error('exp is in the past: ' + payload.exp));
+        }
+        return payload;
+    }
+    static async hashString(value, alg) {
+        // Returns hex-encoded hash. Used for at_hash validation in ResponseValidator.
+        const encoder = new TextEncoder();
+        const data = encoder.encode(value);
+        const hashAlg = alg.replace('SHA', 'SHA-');
+        const hashBuffer = await crypto.subtle.digest(hashAlg, data);
+        return Array.from(new Uint8Array(hashBuffer))
+            .map(b => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    static hexToBase64Url(hex) {
+        // Converts a hex-encoded string to base64url. Used for at_hash comparison.
+        const bytes = new Uint8Array(hex.match(/.{2}/g).map(b => parseInt(b, 16)));
+        return base64url.encode(bytes);
+    }
+    static async calculatePKCECodeChallenge(codeVerifier) {
+        // SHA-256 hash of the code verifier, base64url-encoded (S256 method).
+        const data = new TextEncoder().encode(codeVerifier);
+        const digest = await crypto.subtle.digest('SHA-256', data);
+        return base64url.encode(new Uint8Array(digest));
+    }
+}
+export default JoseUtil;
+//# sourceMappingURL=Crypto.js.map

package/dist/src/crypto/Crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Crypto.js","sourceRoot":"","sources":["../../../src/crypto/Crypto.ts"],"names":[],"mappings":"AAAA,2GAA2G;AAE3G,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AACtC,OAAO,EACL,SAAS,EACT,SAAS,EACT,SAAS,EACT,qBAAqB,EACrB,SAAS,GACV,MAAM,MAAM,CAAC;AAId,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,UAAU,cAAc;IAC5B,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,+EAA+E;AAC/E,wEAAwE;AACxE,+EAA+E;AAE/E,MAAM,OAAO,QAAQ;IACnB,MAAM,CAAC,QAAQ,CAAC,GAAW;QACzB,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE;gBACvD,OAAO,EAAE,OAAqB;aAC/B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACb,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,GAAW,EACX,GAAW,EACX,MAAc,EACd,QAAgB,EAChB,YAAoB,CAAC,EACrB,IAAa,EACb,eAAyB;QAEzB,GAAG,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC;YACtD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE;gBAClD,MAAM;gBACN,QAAQ;gBACR,cAAc,EAAE,SAAS;gBACzB,GAAG,CAAE,eAAe,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAE;aAC3D,CAAC,CAAC;YACH,OAAO,OAAqB,CAAC;QAC/B,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,GAAG,CAAC,KAAK,CAAE,CAAW,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,GAAI,CAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAChC,GAAW,EACX,MAAc,EACd,QAAgB,EAChB,YAAoB,CAAC,EACrB,IAAa,EACb,eAAyB;QAEzB,0EAA0E;QAC1E,8DAA8D;QAC9D,GAAG,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM;YAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;QACrE,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAE/B,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAC9E,IAAI,OAAO,CAAC,GAAG,KAAK,MAAM;YAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACxG,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAE3E,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,KAAK,QAAQ;YAC5C,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa;YAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAE1G,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ;YACzC,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAEnF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,GAAG,SAAS,CAAC;YAC9B,MAAM,KAAK,GAAG,GAAG,GAAG,SAAS,CAAC;YAE9B,IAAI,CAAC,OAAO,CAAC,GAAG;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC;YAC3E,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YAClG,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACjH,IAAI,CAAC,OAAO,CAAC,GAAG;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,GAAG,GAAG,KAAK;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QAClG,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,GAAW;QAChD,8EAA8E;QAC9E,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAwB,CAAC;QAClE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC7D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,GAAW;QAC/B,2EAA2E;QAC3E,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,YAAoB;QAC1D,sEAAsE;QACtE,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC3D,OAAO,SAAS,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClD,CAAC;CACF;AAID,eAAe,QAAQ,CAAC"}

package/dist/src/models/User.d.ts

@@ -0,0 +1,31 @@
+import type { UserProfile } from '../types/user.js';
+export interface UserData {
+    id_token?: string;
+    session_state?: string | null;
+    access_token?: string;
+    refresh_token?: string;
+    token_type?: string;
+    scope?: string;
+    profile?: UserProfile;
+    expires_at?: number;
+    state?: unknown;
+}
+export declare class User {
+    id_token: string;
+    session_state: string | null;
+    access_token: string;
+    refresh_token: string;
+    token_type: string;
+    scope: string;
+    profile: UserProfile;
+    expires_at: number | undefined;
+    state: unknown;
+    constructor({ id_token, session_state, access_token, refresh_token, token_type, scope, profile, expires_at, state, }: UserData);
+    get expires_in(): number | undefined;
+    set expires_in(value: number | string | undefined);
+    get expired(): boolean | undefined;
+    get scopes(): string[];
+    toStorageString(): string;
+    static fromStorageString(storageString: string): User;
+}
+//# sourceMappingURL=User.d.ts.map

package/dist/src/models/User.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"User.d.ts","sourceRoot":"","sources":["../../../src/models/User.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,IAAI;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,WAAW,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,KAAK,EAAE,OAAO,CAAC;gBAEH,EACV,QAAa,EACb,aAAoB,EACpB,YAAiB,EACjB,aAAkB,EAClB,UAAe,EACf,KAAU,EACV,OAAqB,EACrB,UAAU,EACV,KAAK,GACN,EAAE,QAAQ;IAYX,IAAI,UAAU,IAAI,MAAM,GAAG,SAAS,CAMnC;IACD,IAAI,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,EAMhD;IAED,IAAI,OAAO,IAAI,OAAO,GAAG,SAAS,CAMjC;IAED,IAAI,MAAM,IAAI,MAAM,EAAE,CAErB;IAED,eAAe,IAAI,MAAM;IAczB,MAAM,CAAC,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI;CAItD"}

package/dist/src/models/User.js

@@ -0,0 +1,57 @@
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+import { Log } from '../utils/Log.js';
+export class User {
+    constructor({ id_token = '', session_state = null, access_token = '', refresh_token = '', token_type = '', scope = '', profile = { sub: '' }, expires_at, state, }) {
+        this.id_token = id_token;
+        this.session_state = session_state;
+        this.access_token = access_token;
+        this.refresh_token = refresh_token;
+        this.token_type = token_type;
+        this.scope = scope;
+        this.profile = profile;
+        this.expires_at = expires_at;
+        this.state = state;
+    }
+    get expires_in() {
+        if (this.expires_at) {
+            const now = Math.floor(Date.now() / 1000);
+            return this.expires_at - now;
+        }
+        return undefined;
+    }
+    set expires_in(value) {
+        const expires_in = parseInt(String(value));
+        if (typeof expires_in === 'number' && expires_in > 0) {
+            const now = Math.floor(Date.now() / 1000);
+            this.expires_at = now + expires_in;
+        }
+    }
+    get expired() {
+        const expires_in = this.expires_in;
+        if (expires_in !== undefined) {
+            return expires_in <= 0;
+        }
+        return undefined;
+    }
+    get scopes() {
+        return (this.scope || '').split(' ');
+    }
+    toStorageString() {
+        Log.debug('User.toStorageString');
+        return JSON.stringify({
+            id_token: this.id_token,
+            session_state: this.session_state,
+            access_token: this.access_token,
+            refresh_token: this.refresh_token,
+            token_type: this.token_type,
+            scope: this.scope,
+            profile: this.profile,
+            expires_at: this.expires_at,
+        });
+    }
+    static fromStorageString(storageString) {
+        Log.debug('User.fromStorageString');
+        return new User(JSON.parse(storageString));
+    }
+}
+//# sourceMappingURL=User.js.map

package/dist/src/models/User.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"User.js","sourceRoot":"","sources":["../../../src/models/User.ts"],"names":[],"mappings":"AAAA,2GAA2G;AAE3G,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAetC,MAAM,OAAO,IAAI;IAWf,YAAY,EACV,QAAQ,GAAG,EAAE,EACb,aAAa,GAAG,IAAI,EACpB,YAAY,GAAG,EAAE,EACjB,aAAa,GAAG,EAAE,EAClB,UAAU,GAAG,EAAE,EACf,KAAK,GAAG,EAAE,EACV,OAAO,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,EACrB,UAAU,EACV,KAAK,GACI;QACT,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,IAAI,UAAU;QACZ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;QAC/B,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,KAAkC;QAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3C,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,CAAC,UAAU,GAAG,GAAG,GAAG,UAAU,CAAC;QACrC,CAAC;IACH,CAAC;IAED,IAAI,OAAO;QACT,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QACnC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,UAAU,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,eAAe;QACb,GAAG,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,iBAAiB,CAAC,aAAqB;QAC5C,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACpC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;IAC7C,CAAC;CACF"}

package/dist/src/navigation/Navigator.d.ts

@@ -0,0 +1,106 @@
+import type { NavigateParams, NavigatorResponse, NavigatorHandle } from '../types/navigator.js';
+export type { NavigateParams } from '../types/navigator.js';
+export declare class RedirectNavigator {
+    prepare(): Promise<RedirectNavigator>;
+    navigate(params: NavigateParams & {
+        url: string;
+    }): Promise<NavigatorResponse>;
+    get url(): string;
+}
+export declare class PopupWindow implements NavigatorHandle {
+    private _promise;
+    private _resolve;
+    private _reject;
+    private _popup;
+    private _checkForPopupClosedTimer;
+    private _id;
+    constructor(params: NavigateParams);
+    get promise(): Promise<NavigatorResponse>;
+    navigate(params: NavigateParams & {
+        url: string;
+    }): Promise<NavigatorResponse>;
+    private _success;
+    private _error;
+    close(): void;
+    private _cleanup;
+    private _checkForPopupClosed;
+    private _callback;
+    static notifyOpener(url: string | undefined, keepOpen: boolean | undefined, delimiter: string): void;
+}
+export declare class PopupNavigator {
+    prepare(params: NavigateParams): Promise<PopupWindow>;
+    callback(url: string | undefined, keepOpen: boolean | undefined, delimiter: string): Promise<void>;
+}
+export declare class IFrameWindow implements NavigatorHandle {
+    private _promise;
+    private _resolve;
+    private _reject;
+    private _boundMessageEvent;
+    private _frame;
+    private _timer;
+    constructor(_params?: NavigateParams);
+    navigate(params: NavigateParams & {
+        url: string;
+    }): Promise<NavigatorResponse>;
+    get promise(): Promise<NavigatorResponse>;
+    private _success;
+    private _error;
+    close(): void;
+    private _cleanup;
+    private _timeout;
+    private _message;
+    private get _origin();
+    static notifyParent(url?: string): void;
+}
+export declare class IFrameNavigator {
+    prepare(params: NavigateParams): Promise<IFrameWindow>;
+    callback(url?: string): Promise<void>;
+}
+export declare class CheckSessionIFrame {
+    private _callback;
+    private _client_id;
+    private _url;
+    private _interval;
+    private _stopOnError;
+    private _frame_origin;
+    private _frame;
+    private _boundMessageEvent;
+    private _timer;
+    private _session_state;
+    constructor(callback: () => void, client_id: string, url: string, interval?: number, stopOnError?: boolean);
+    load(): Promise<void>;
+    private _message;
+    start(session_state: string): void;
+    stop(): void;
+}
+export declare class CordovaPopupWindow implements NavigatorHandle {
+    private _promise;
+    private _resolve;
+    private _reject;
+    private _popup;
+    private _exitCallbackEvent;
+    private _loadStartCallbackEvent;
+    features: string;
+    target: string;
+    redirect_uri: string | undefined;
+    constructor(params: NavigateParams);
+    private _isInAppBrowserInstalled;
+    navigate(params: NavigateParams & {
+        url: string;
+    }): Promise<NavigatorResponse>;
+    get promise(): Promise<NavigatorResponse>;
+    private _loadStartCallback;
+    private _exitCallback;
+    private _success;
+    private _error;
+    private _errorAndReturn;
+    close(): void;
+    private _cleanup;
+}
+export declare class CordovaPopupNavigator {
+    prepare(params: NavigateParams): Promise<CordovaPopupWindow>;
+}
+export declare class CordovaIFrameNavigator {
+    prepare(params: NavigateParams): Promise<CordovaPopupWindow>;
+}
+//# sourceMappingURL=Navigator.d.ts.map

package/dist/src/navigation/Navigator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Navigator.d.ts","sourceRoot":"","sources":["../../../src/navigation/Navigator.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGhG,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAM5D,qBAAa,iBAAiB;IAC5B,OAAO,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAIrC,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAW9E,IAAI,GAAG,IAAI,MAAM,CAEhB;CACF;AAcD,qBAAa,WAAY,YAAW,eAAe;IACjD,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,OAAO,CAA8B;IAC7C,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,yBAAyB,CAA+C;IAChF,OAAO,CAAC,GAAG,CAAqB;gBAEpB,MAAM,EAAE,cAAc;IAmBlC,IAAI,OAAO,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAExC;IAED,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAoB9E,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,MAAM;IAMd,KAAK,IAAI,IAAI;IAIb,OAAO,CAAC,QAAQ;IAgBhB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,SAAS;IAYjB,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,EAAE,OAAO,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;CAuBrG;AAMD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,WAAW,CAAC;IAKrD,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,QAAQ,EAAE,OAAO,GAAG,SAAS,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAUnG;AAQD,qBAAa,YAAa,YAAW,eAAe;IAClD,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,OAAO,CAA8B;IAC7C,OAAO,CAAC,kBAAkB,CAAqC;IAC/D,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,MAAM,CAA8C;gBAEhD,OAAO,CAAC,EAAE,cAAc;IAoBpC,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAS9E,IAAI,OAAO,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAExC;IAED,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,MAAM;IAMd,KAAK,IAAI,IAAI;IAIb,OAAO,CAAC,QAAQ;IAchB,OAAO,CAAC,QAAQ;IAKhB,OAAO,CAAC,QAAQ;IAoBhB,OAAO,KAAK,OAAO,GAElB;IAED,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI;CAQxC;AAMD,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC;IAKtD,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAUtC;AAQD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,YAAY,CAAU;IAC9B,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,kBAAkB,CAA0C;IACpE,OAAO,CAAC,MAAM,CAA+C;IAC7D,OAAO,CAAC,cAAc,CAAuB;gBAEjC,QAAQ,EAAE,MAAM,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,WAAW,GAAE,OAAc;IAsBhH,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAYrB,OAAO,CAAC,QAAQ;IAoBhB,KAAK,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI;IAuBlC,IAAI,IAAI,IAAI;CASb;AA0BD,qBAAa,kBAAmB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,OAAO,CAA8B;IAC7C,OAAO,CAAC,MAAM,CAAuC;IACrD,OAAO,CAAC,kBAAkB,CAA6C;IACvE,OAAO,CAAC,uBAAuB,CAA6C;IAC5E,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,GAAG,SAAS,CAAC;gBAErB,MAAM,EAAE,cAAc;IAalC,OAAO,CAAC,wBAAwB;IAQhC,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA2B9E,IAAI,OAAO,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAExC;IAED,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,MAAM;IAMd,OAAO,CAAC,eAAe;IAKvB,KAAK,IAAI,IAAI;IAIb,OAAO,CAAC,QAAQ;CASjB;AAMD,qBAAa,qBAAqB;IAChC,OAAO,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAI7D;AAMD,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAK7D"}