oidc-spa 7.1.10 → 7.2.0-rc.2

package/esm/core/Oidc.d.ts

@@ -0,0 +1,126 @@
+import type { OidcInitializationError } from "./OidcInitializationError";
+export declare type Oidc<DecodedIdToken extends Record<string, unknown> = Oidc.Tokens.DecodedIdToken_base> = Oidc.LoggedIn<DecodedIdToken> | Oidc.NotLoggedIn;
+export declare namespace Oidc {
+    type Common = {
+        params: {
+            issuerUri: string;
+            clientId: string;
+        };
+    };
+    type NotLoggedIn = Common & {
+        isUserLoggedIn: false;
+        login: (params: {
+            doesCurrentHrefRequiresAuth: boolean;
+            /**
+             * Add extra query parameters to the url before redirecting to the login pages.
+             */
+            extraQueryParams?: Record<string, string | undefined>;
+            /**
+             * Where to redirect after successful login.
+             * Default: window.location.href (here)
+             *
+             * It does not need to include the origin, eg: "/dashboard"
+             */
+            redirectUrl?: string;
+            /**
+             * Transform the url before redirecting to the login pages.
+             * Prefer using the extraQueryParams parameter if you're only adding query parameters.
+             */
+            transformUrlBeforeRedirect?: (url: string) => string;
+        }) => Promise<never>;
+        initializationError: OidcInitializationError | undefined;
+    };
+    type LoggedIn<DecodedIdToken extends Record<string, unknown> = Record<string, unknown>> = Common & {
+        isUserLoggedIn: true;
+        renewTokens(params?: {
+            extraTokenParams?: Record<string, string | undefined>;
+        }): Promise<void>;
+        getTokens: () => Promise<Tokens<DecodedIdToken>>;
+        subscribeToTokensChange: (onTokenChange: (tokens: Tokens<DecodedIdToken>) => void) => {
+            unsubscribe: () => void;
+        };
+        getDecodedIdToken: () => DecodedIdToken;
+        logout: (params: {
+            redirectTo: "home" | "current page";
+        } | {
+            redirectTo: "specific url";
+            url: string;
+        }) => Promise<never>;
+        goToAuthServer: (params: {
+            extraQueryParams?: Record<string, string | undefined>;
+            redirectUrl?: string;
+            transformUrlBeforeRedirect?: (url: string) => string;
+        }) => Promise<never>;
+        subscribeToAutoLogoutCountdown: (tickCallback: (params: {
+            secondsLeft: number | undefined;
+        }) => void) => {
+            unsubscribeFromAutoLogoutCountdown: () => void;
+        };
+        /**
+         * If you called `goToAuthServer` or `login` with extraQueryParams, this object let you know the outcome of the
+         * of the action that was intended.
+         *
+         * For example, on a Keycloak server, if you called `goToAuthServer({ extraQueryParams: { kc_action: "UPDATE_PASSWORD" } })`
+         * you'll get back: `{ extraQueryParams: { kc_action: "UPDATE_PASSWORD" }, result: { kc_action_status: "success" } }` (or "cancelled")
+         */
+        backFromAuthServer: {
+            extraQueryParams: Record<string, string>;
+            result: Record<string, string>;
+        } | undefined;
+        /**
+         * This is true when the user has just returned from the login pages.
+         * This is also true when the user navigate to your app and was able to be silently signed in because there was still a valid session.
+         * This false however when the use just reload the page.
+         *
+         * This can be used to perform some action related to session initialization
+         * but avoiding doing it repeatedly every time the user reload the page.
+         *
+         * Note that this is referring to the browser session and not the OIDC session
+         * on the server side.
+         *
+         * If you want to perform an action only when a new OIDC session is created
+         * you can test oidc.isNewBrowserSession && oidc.backFromAuthServer !== undefined
+         */
+        isNewBrowserSession: boolean;
+    };
+    type Tokens<DecodedIdToken extends Record<string, unknown> = Tokens.DecodedIdToken_base> = Tokens.WithRefreshToken<DecodedIdToken> | Tokens.WithoutRefreshToken<DecodedIdToken>;
+    namespace Tokens {
+        type Common<DecodedIdToken> = {
+            accessToken: string;
+            accessTokenExpirationTime: number;
+            idToken: string;
+            decodedIdToken: DecodedIdToken;
+            /**
+             * decodedIdToken_original = decodeJwt(idToken);
+             * decodedIdToken = decodedIdTokenSchema.parse(decodedIdToken_original)
+             *
+             * The idea here is that if you have provided a zod schema as `decodedIdTokenSchema`
+             * it will strip out every claim that you haven't specified.
+             * You might even be applying some transformation.
+             *
+             * `decodedIdToken_original` is the actual decoded payload of the  id_token, untransformed.
+             * */
+            decodedIdToken_original: DecodedIdToken_base;
+            /** Read from id_token's JWT, iat claim value, it's a JavaScript timestamp (millisecond epoch) */
+            issuedAtTime: number;
+        };
+        type WithRefreshToken<DecodedIdToken> = Common<DecodedIdToken> & {
+            hasRefreshToken: true;
+            refreshToken: string;
+            refreshTokenExpirationTime: number | undefined;
+        };
+        type WithoutRefreshToken<DecodedIdToken> = Common<DecodedIdToken> & {
+            hasRefreshToken: false;
+            refreshToken?: never;
+            refreshTokenExpirationTime?: never;
+        };
+        type DecodedIdToken_base = {
+            iss: string;
+            sub: string;
+            aud: string | string[];
+            exp: number;
+            iat: number;
+            [claimName: string]: unknown;
+        };
+    }
+}

package/esm/core/Oidc.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=Oidc.js.map

package/esm/core/Oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Oidc.js","sourceRoot":"","sources":["../../../src/core/Oidc.ts"],"names":[],"mappings":""}

package/esm/core/OidcInitializationError.d.ts

@@ -0,0 +1,7 @@
+export declare class OidcInitializationError extends Error {
+    readonly isAuthServerLikelyDown: boolean;
+    constructor(params: {
+        messageOrCause: string | Error;
+        isAuthServerLikelyDown: boolean;
+    });
+}

package/esm/core/OidcInitializationError.js

@@ -0,0 +1,17 @@
+export class OidcInitializationError extends Error {
+    constructor(params) {
+        super((() => {
+            if (typeof params.messageOrCause === "string") {
+                return params.messageOrCause;
+            }
+            else {
+                return `Unknown initialization error: ${params.messageOrCause.message}`;
+            }
+        })(), 
+        // @ts-expect-error
+        { cause: typeof params.messageOrCause === "string" ? undefined : params.messageOrCause });
+        this.isAuthServerLikelyDown = params.isAuthServerLikelyDown;
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+//# sourceMappingURL=OidcInitializationError.js.map

package/esm/core/OidcInitializationError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OidcInitializationError.js","sourceRoot":"","sources":["../../../src/core/OidcInitializationError.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAG9C,YAAY,MAA2E;QACnF,KAAK,CACD,CAAC,GAAG,EAAE;YACF,IAAI,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;gBAC5C,OAAO,MAAM,CAAC,cAAc,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACJ,OAAO,iCAAiC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5E,CAAC;QACL,CAAC,CAAC,EAAE;QACJ,mBAAmB;QACnB,EAAE,KAAK,EAAE,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,CAC3F,CAAC;QACF,IAAI,CAAC,sBAAsB,GAAG,MAAM,CAAC,sBAAsB,CAAC;QAC5D,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtD,CAAC;CACJ"}

package/{src/core/OidcMetadata.ts → esm/core/OidcMetadata.d.ts}

@@ -1,6 +1,3 @@
-import { type OidcMetadata as OidcClientTsOidcMetadata } from "../vendor/frontend/oidc-client-ts-and-jwt-decode";
-import { assert, type Equals } from "../vendor/frontend/tsafe";
-
 /**
  * OpenID Providers have metadata describing their configuration.
  *
@@ -267,5 +264,3 @@ export type OidcMetadata = {
      */
     code_challenge_methods_supported: string[];
 };
-
-assert<Equals<OidcMetadata, OidcClientTsOidcMetadata>>;

package/esm/core/OidcMetadata.js

@@ -0,0 +1,3 @@
+import { assert } from "../vendor/frontend/tsafe";
+assert;
+//# sourceMappingURL=OidcMetadata.js.map

package/esm/core/OidcMetadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OidcMetadata.js","sourceRoot":"","sources":["../../../src/core/OidcMetadata.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAe,MAAM,0BAA0B,CAAC;AA6Q/D,MAAsD,CAAC"}

package/esm/core/StateData.d.ts

@@ -0,0 +1,42 @@
+export type StateData = StateData.IFrame | StateData.Redirect;
+export declare namespace StateData {
+    type Common = {
+        configId: string;
+    };
+    export type IFrame = Common & {
+        context: "iframe";
+    };
+    export type Redirect = Redirect.Login | Redirect.Logout;
+    export namespace Redirect {
+        type Common_Redirect = Common & {
+            context: "redirect";
+            redirectUrl: string;
+            hasBeenProcessedByCallback: boolean;
+        };
+        export type Login = Common_Redirect & {
+            action: "login";
+            redirectUrl_consentRequiredCase: string;
+            extraQueryParams: Record<string, string>;
+        };
+        export type Logout = Common_Redirect & {
+            action: "logout";
+            sessionId: string | undefined;
+        };
+        export {};
+    }
+    export {};
+}
+export declare function generateStateUrlParamValue(): string;
+export declare function getIsStatQueryParamValue(params: {
+    maybeStateUrlParamValue: string;
+}): boolean;
+export declare const STATE_STORE_KEY_PREFIX = "oidc.";
+export declare function clearStateStore(params: {
+    stateUrlParamValue: string;
+}): void;
+export declare function getStateData(params: {
+    stateUrlParamValue: string;
+}): StateData | undefined;
+export declare function markStateDataAsProcessedByCallback(params: {
+    stateUrlParamValue: string;
+}): void;

package/esm/core/StateData.js

@@ -0,0 +1,55 @@
+import { typeGuard, assert } from "../vendor/frontend/tsafe";
+import { generateUrlSafeRandom } from "../tools/generateUrlSafeRandom";
+const STATE_QUERY_PARAM_VALUE_IDENTIFIER_PREFIX = "b2lkYy1zcGEu";
+const RANDOM_STRING_LENGTH = 32 - STATE_QUERY_PARAM_VALUE_IDENTIFIER_PREFIX.length;
+export function generateStateUrlParamValue() {
+    return `${STATE_QUERY_PARAM_VALUE_IDENTIFIER_PREFIX}${generateUrlSafeRandom({
+        length: RANDOM_STRING_LENGTH
+    })}`;
+}
+export function getIsStatQueryParamValue(params) {
+    const { maybeStateUrlParamValue } = params;
+    return (maybeStateUrlParamValue.startsWith(STATE_QUERY_PARAM_VALUE_IDENTIFIER_PREFIX) &&
+        maybeStateUrlParamValue.length ===
+            STATE_QUERY_PARAM_VALUE_IDENTIFIER_PREFIX.length + RANDOM_STRING_LENGTH);
+}
+export const STATE_STORE_KEY_PREFIX = "oidc.";
+function getKey(params) {
+    const { stateUrlParamValue } = params;
+    return `${STATE_STORE_KEY_PREFIX}${stateUrlParamValue}`;
+}
+function getStateStore(params) {
+    const { stateUrlParamValue } = params;
+    const item = localStorage.getItem(getKey({ stateUrlParamValue }));
+    if (item === null) {
+        return undefined;
+    }
+    const obj = JSON.parse(item);
+    assert(typeGuard(obj, obj instanceof Object && obj.data instanceof Object && typeof obj.data.context === "string"));
+    return obj;
+}
+function setStateStore(params) {
+    const { stateUrlParamValue, obj } = params;
+    localStorage.setItem(getKey({ stateUrlParamValue }), JSON.stringify(obj));
+}
+export function clearStateStore(params) {
+    const { stateUrlParamValue } = params;
+    localStorage.removeItem(getKey({ stateUrlParamValue }));
+}
+export function getStateData(params) {
+    const { stateUrlParamValue } = params;
+    const stateStore = getStateStore({ stateUrlParamValue });
+    if (stateStore === undefined) {
+        return undefined;
+    }
+    return stateStore.data;
+}
+export function markStateDataAsProcessedByCallback(params) {
+    const { stateUrlParamValue } = params;
+    const obj = getStateStore({ stateUrlParamValue });
+    assert(obj !== undefined, "180465");
+    assert(obj.data.context === "redirect", "649531");
+    obj.data.hasBeenProcessedByCallback = true;
+    setStateStore({ stateUrlParamValue, obj });
+}
+//# sourceMappingURL=StateData.js.map

package/esm/core/StateData.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"StateData.js","sourceRoot":"","sources":["../../../src/core/StateData.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAkCvE,MAAM,yCAAyC,GAAG,cAAc,CAAC;AACjE,MAAM,oBAAoB,GAAG,EAAE,GAAG,yCAAyC,CAAC,MAAM,CAAC;AAEnF,MAAM,UAAU,0BAA0B;IACtC,OAAO,GAAG,yCAAyC,GAAG,qBAAqB,CAAC;QACxE,MAAM,EAAE,oBAAoB;KAC/B,CAAC,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,MAA2C;IAChF,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,CAAC;IAE3C,OAAO,CACH,uBAAuB,CAAC,UAAU,CAAC,yCAAyC,CAAC;QAC7E,uBAAuB,CAAC,MAAM;YAC1B,yCAAyC,CAAC,MAAM,GAAG,oBAAoB,CAC9E,CAAC;AACN,CAAC;AAED,MAAM,CAAC,MAAM,sBAAsB,GAAG,OAAO,CAAC;AAE9C,SAAS,MAAM,CAAC,MAAsC;IAClD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,SAAS,aAAa,CAAC,MAAsC;IACzD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC;IAElE,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE7B,MAAM,CACF,SAAS,CACL,GAAG,EACH,GAAG,YAAY,MAAM,IAAI,GAAG,CAAC,IAAI,YAAY,MAAM,IAAI,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,QAAQ,CAC9F,CACJ,CAAC;IAEF,OAAO,GAAG,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,MAAgE;IACnF,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;IAE3C,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,kBAAkB,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAsC;IAClE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAsC;IAC/D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,UAAU,GAAG,aAAa,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEzD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,kCAAkC,CAAC,MAAsC;IACrF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAElD,MAAM,CAAC,GAAG,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;IACpC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,UAAU,EAAE,QAAQ,CAAC,CAAC;IAElD,GAAG,CAAC,IAAI,CAAC,0BAA0B,GAAG,IAAI,CAAC;IAE3C,aAAa,CAAC,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;AAC/C,CAAC"}

package/esm/core/configId.d.ts

@@ -0,0 +1,4 @@
+export declare function getConfigId(params: {
+    issuerUri: string;
+    clientId: string;
+}): string;

package/esm/core/configId.js

@@ -0,0 +1,4 @@
+export function getConfigId(params) {
+    return `${params.issuerUri}:${params.clientId}`;
+}
+//# sourceMappingURL=configId.js.map

package/esm/core/configId.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configId.js","sourceRoot":"","sources":["../../../src/core/configId.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,WAAW,CAAC,MAA+C;IACvE,OAAO,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpD,CAAC"}

package/esm/core/createOidc.d.ts

@@ -0,0 +1,132 @@
+import type { OidcMetadata } from "./OidcMetadata";
+import type { Oidc } from "./Oidc";
+export type ParamsOfCreateOidc<DecodedIdToken extends Record<string, unknown> = Record<string, unknown>, AutoLogin extends boolean = false> = {
+    issuerUri: string;
+    clientId: string;
+    /**
+     * The scopes being requested from the OIDC/OAuth2 provider (default: `["profile"]`
+     * (the scope "openid" is added automatically as it's mandatory)
+     **/
+    scopes?: string[];
+    /**
+     * Transform the url (authorization endpoint) before redirecting to the login pages.
+     *
+     * The isSilent parameter is true when the redirect is initiated in the background iframe for silent signin.
+     * This can be used to omit ui related query parameters (like `ui_locales`).
+     */
+    transformUrlBeforeRedirect?: (params: {
+        authorizationUrl: string;
+        isSilent: boolean;
+    }) => string;
+    /**
+     * Extra query params to be added to the authorization endpoint url before redirecting or silent signing in.
+     * You can provide a function that returns those extra query params, it will be called
+     * when login() is called.
+     *
+     * Example: extraQueryParams: ()=> ({ ui_locales: "fr" })
+     *
+     * This parameter can also be passed to login() directly.
+     */
+    extraQueryParams?: Record<string, string | undefined> | ((params: {
+        isSilent: boolean;
+        url: string;
+    }) => Record<string, string | undefined>);
+    /**
+     * Extra body params to be added to the /token POST request.
+     *
+     * It will be used when for the initial request, whenever the token is getting refreshed and if you call `renewTokens()`.
+     * You can also provide this parameter directly to the `renewTokens()` method.
+     *
+     * It can be either a string to string record or a function that returns a string to string record.
+     *
+     * Example: extraTokenParams: ()=> ({ selectedCustomer: "xxx" })
+     *          extraTokenParams: { selectedCustomer: "xxx" }
+     */
+    extraTokenParams?: Record<string, string | undefined> | (() => Record<string, string | undefined>);
+    /**
+     * Usage discouraged, it's here because we don't want to assume too much on your
+     * usecase but I can't think of a scenario where you would want anything
+     * other than the current page.
+     *
+     * Where to redirect after successful login.
+     * Default: window.location.href (here)
+     *
+     * It does not need to include the origin, eg: "/dashboard"
+     *
+     * This parameter can also be passed to login() directly as `redirectUrl`.
+     */
+    postLoginRedirectUrl?: string;
+    /**
+     * What should you put in this parameter?
+     *   - Vite project:             `BASE_URL: import.meta.env.BASE_URL`
+     *   - Create React App project: `BASE_URL: process.env.PUBLIC_URL`
+     *   - Other:                    `BASE_URL: "/"` (Usually, or `/dashboard` if your app is not at the root of the domain)
+     */
+    homeUrl: string;
+    decodedIdTokenSchema?: {
+        parse: (decodedIdToken_original: Oidc.Tokens.DecodedIdToken_base) => DecodedIdToken;
+    };
+    /**
+     * This parameter defines after how many seconds of inactivity the user should be
+     * logged out automatically.
+     *
+     * WARNING: It should be configured on the identity server side
+     * as it's the authoritative source for security policies and not the client.
+     * If you don't provide this parameter it will be inferred from the refresh token expiration time.
+     * */
+    idleSessionLifetimeInSeconds?: number;
+    /**
+     * Usage discouraged, this parameter exists because we don't want to assume
+     * too much about your usecase but I can't think of a scenario where you would
+     * want anything other than the current page.
+     *
+     * Default: { redirectTo: "current page" }
+     */
+    autoLogoutParams?: Parameters<Oidc.LoggedIn<any>["logout"]>[0];
+    autoLogin?: AutoLogin;
+    /**
+     * Default: false
+     *
+     * See: https://docs.oidc-spa.dev/v/v7/resources/iframe-related-issues
+     */
+    noIframe?: boolean;
+    debugLogs?: boolean;
+    /**
+     * WARNING: This option exists solely as a workaround
+     * for limitations in the Google OAuth API.
+     * See: https://docs.oidc-spa.dev/providers-configuration/google-oauth
+     *
+     * Do not use this for other providers.
+     * If you think you need a client secret in a SPA, you are likely
+     * trying to use a confidential (private) client in the browser,
+     * which is insecure and not supported.
+     */
+    __unsafe_clientSecret?: string;
+    /**
+     *  WARNING: Setting this to true is a workaround for provider
+     *  like Google OAuth that don't support JWT access token.
+     *  Use at your own risk, this is a hack.
+     */
+    __unsafe_useIdTokenAsAccessToken?: boolean;
+    /**
+     * This option should only be used as a last resort.
+     *
+     * If your OIDC provider is correctly configured, this should not be necessary.
+     *
+     * The metadata is normally retrieved automatically from:
+     * `${issuerUri}/.well-known/openid-configuration`
+     *
+     * Use this only if that endpoint is not accessible (e.g. due to missing CORS headers
+     * or non-standard deployments), and you cannot fix the server-side configuration.
+     */
+    __metadata?: Partial<OidcMetadata>;
+};
+/** @see: https://docs.oidc-spa.dev/v/v7/usage */
+export declare function createOidc<DecodedIdToken extends Record<string, unknown> = Record<string, unknown>, AutoLogin extends boolean = false>(params: ParamsOfCreateOidc<DecodedIdToken, AutoLogin>): Promise<AutoLogin extends true ? Oidc.LoggedIn<DecodedIdToken> : Oidc<DecodedIdToken>>;
+export declare function createOidc_nonMemoized<DecodedIdToken extends Record<string, unknown> = Record<string, unknown>, AutoLogin extends boolean = false>(params: Omit<ParamsOfCreateOidc<DecodedIdToken, AutoLogin>, "issuerUri" | "clientId" | "scopes" | "debugLogs">, preProcessedParams: {
+    issuerUri: string;
+    clientId: string;
+    scopes: string[];
+    configId: string;
+    log: typeof console.log | undefined;
+}): Promise<AutoLogin extends true ? Oidc.LoggedIn<DecodedIdToken> : Oidc<DecodedIdToken>>;