oidc-spa 8.1.15 → 8.2.1

package/src/core/loginOrGoToAuthServer.ts

@@ -20,7 +20,6 @@ namespace Params {
         redirectUrl: string;
         extraQueryParams_local: Record<string, string | undefined> | undefined;
         transformUrlBeforeRedirect_local: ((url: string) => string) | undefined;
-        onCantFetchWellKnownEndpointError: () => void;
     };
 
     export type Login = Common & {
@@ -90,10 +89,8 @@ export function createLoginOrGoToAuthServer(params: {
             redirectUrl: redirectUrl_params,
             extraQueryParams_local,
             transformUrlBeforeRedirect_local,
-            onCantFetchWellKnownEndpointError: onCantFetchWellKnownEndpointError_params,
             ...rest
         } = params;
-        let onCantFetchWellKnownEndpointError = onCantFetchWellKnownEndpointError_params;
 
         log?.(`Calling loginOrGoToAuthServer ${JSON.stringify(params, null, 2)}`);
 
@@ -147,12 +144,6 @@ export function createLoginOrGoToAuthServer(params: {
                     };
 
                     window.addEventListener("pageshow", callback);
-
-                    onCantFetchWellKnownEndpointError = () => {
-                        window.removeEventListener("pageshow", callback);
-                        onCantFetchWellKnownEndpointError_params();
-                    };
-
                     break bf_cache_handling;
                 }
 
@@ -183,12 +174,6 @@ export function createLoginOrGoToAuthServer(params: {
                 };
 
                 window.addEventListener("pageshow", callback);
-
-                onCantFetchWellKnownEndpointError = () => {
-                    window.removeEventListener("pageshow", callback);
-                    globalContext.evtHasLoginBeenCalled.current = false;
-                    onCantFetchWellKnownEndpointError_params();
-                };
             }
         }
 
@@ -348,13 +333,6 @@ export function createLoginOrGoToAuthServer(params: {
             .then(
                 () => new Promise<never>(() => {}),
                 (error: Error) => {
-                    if (error.message === "Failed to fetch") {
-                        // NOTE: See ./loginSilent for explanation.
-                        onCantFetchWellKnownEndpointError();
-
-                        return new Promise<never>(() => {});
-                    }
-
                     if (error.message.includes("Crypto.subtle is available only in secure contexts")) {
                         throw new Error(
                             [

package/src/core/loginSilent.ts

@@ -20,8 +20,7 @@ type ResultOfLoginSilent =
           authResponse: AuthResponse;
       }
     | {
-          outcome: "failure";
-          cause: "timeout" | "can't reach well-known oidc endpoint";
+          outcome: "timeout";
       }
     | {
           outcome: "token refreshed using refresh token";
@@ -106,8 +105,7 @@ export async function loginSilent(params: {
         const timeouts = [
             setTimeout(() => {
                 dResult.resolve({
-                    outcome: "failure",
-                    cause: "timeout"
+                    outcome: "timeout"
                 });
             }, timeoutDelayMs),
             setTimeout(() => {
@@ -259,28 +257,7 @@ export async function loginSilent(params: {
                     oidcClientTsUser
                 });
             },
-            (error: Error) => {
-                if (error.message === "Failed to fetch") {
-                    // NOTE: If we got an error here it means that the fetch to the
-                    // well-known oidc endpoint failed.
-                    // This usually means that the server is down or that the issuerUri
-                    // is not pointing to a valid oidc server.
-                    // It could be a CORS error on the well-known endpoint but it's unlikely.
-
-                    // NOTE: This error should happen well before we displayed
-                    // the warning notifying that something is probably misconfigured.
-                    // wasSuccess shouldn't really be a required parameter but we do it
-                    // for peace of mind.
-                    clearTimeouts({ wasSuccess: false });
-
-                    dResult.resolve({
-                        outcome: "failure",
-                        cause: "can't reach well-known oidc endpoint"
-                    });
-
-                    return;
-                }
-
+            () => {
                 // NOTE: Here, except error on our understanding there can't be any other
                 // error than timeout so we fail silently and let the timeout expire.
             }
@@ -289,7 +266,7 @@ export async function loginSilent(params: {
     dResult.pr.then(result => {
         clearSessionStoragePublicKey();
 
-        if (result.outcome === "failure") {
+        if (result.outcome === "timeout") {
             clearStateStore({ stateUrlParamValue: stateUrlParamValue_instance });
         }
     });

package/src/core/prShouldLoadApp.ts

@@ -0,0 +1,11 @@
+import { assert } from "../tools/tsafe/assert";
+
+let prShouldLoadApp_resolve: (shouldLoadApp: boolean) => void | undefined;
+
+export const prShouldLoadApp = new Promise<boolean>(resolve => (prShouldLoadApp_resolve = resolve));
+
+export function resolvePrShouldLoadApp(params: { shouldLoadApp: boolean }) {
+    const { shouldLoadApp } = params;
+    assert(prShouldLoadApp_resolve !== undefined);
+    prShouldLoadApp_resolve(shouldLoadApp);
+}

package/src/keycloak/keycloak-js/Keycloak.ts

@@ -23,7 +23,7 @@ import { type StatefulEvt, createStatefulEvt } from "../../tools/StatefulEvt";
 import { readExpirationTimeInJwt } from "../../tools/readExpirationTimeInJwt";
 
 type ConstructorParams = KeycloakServerConfig & {
-    homeUrl: string;
+    BASE_URL?: string;
 };
 
 /**
@@ -99,7 +99,7 @@ export class Keycloak {
         let hasCreateResolved = false;
 
         const oidcOrError = await createOidc({
-            homeUrl: constructorParams.homeUrl,
+            homeUrl: constructorParams.BASE_URL,
             issuerUri,
             clientId: this.#state.constructorParams.clientId,
             autoLogin,

package/src/keycloak/keycloakIssuerUriParsed.ts

@@ -11,7 +11,16 @@ export type KeycloakIssuerUriParsed = {
 export function parseKeycloakIssuerUri(params: { issuerUri: string }): KeycloakIssuerUriParsed {
     const { issuerUri } = params;
 
-    assert(isKeycloak({ issuerUri }));
+    if (!isKeycloak({ issuerUri })) {
+        throw new Error(
+            [
+                `oidc-spa: The issuer uri provided ${issuerUri}`,
+                "if you are in an environnement that should support multiple",
+                "auth provider, you should first test `isKeycloakUrl({ issuerUri })`",
+                "before calling parseKeycloakIssuerUri({ issuerUri })"
+            ].join(" ")
+        );
+    }
 
     const url = new URL(issuerUri.replace(/\/$/, ""));
 

package/src/mock/oidc.ts

@@ -5,6 +5,7 @@ import { toFullyQualifiedUrl } from "../tools/toFullyQualifiedUrl";
 import { getSearchParam, addOrUpdateSearchParam } from "../tools/urlSearchParams";
 import { getRootRelativeOriginalLocationHref } from "../core/earlyInit";
 import { INFINITY_TIME } from "../tools/INFINITY_TIME";
+import { getBASE_URL } from "../core/BASE_URL";
 
 export type ParamsOfCreateMockOidc<
     DecodedIdToken extends Record<string, unknown> = Record<string, unknown>,
@@ -18,7 +19,11 @@ export type ParamsOfCreateMockOidc<
      * In the majority of cases it should be `homeUrl: "/"` but it could aso be something like `homeUrl: "/dashboard"`
      * if your web app isn't hosted at the root of the domain.
      */
-    homeUrl: string;
+    BASE_URL?: string;
+
+    /** @deprecated: Use BASE_URL (same thing, just renamed). */
+    homeUrl?: string;
+
     autoLogin?: AutoLogin;
     postLoginRedirectUrl?: string;
 } & (AutoLogin extends true
@@ -41,11 +46,12 @@ export async function createMockOidc<
         isUserInitiallyLoggedIn = true,
         mockedParams = {},
         mockedTokens = {},
-        homeUrl: homeUrl_params,
         autoLogin = false,
         postLoginRedirectUrl
     } = params;
 
+    const BASE_URL_params = params.BASE_URL ?? params.homeUrl;
+
     const isUserLoggedIn = (() => {
         const { wasPresent, value } = getSearchParam({
             url: toFullyQualifiedUrl({
@@ -82,7 +88,7 @@ export async function createMockOidc<
     })();
 
     const homeUrl = toFullyQualifiedUrl({
-        urlish: homeUrl_params,
+        urlish: BASE_URL_params ?? getBASE_URL() ?? "/",
         doAssertNoQueryParams: true,
         doOutputWithTrailingSlash: true
     });

package/src/react-spa/apiBuilder.ts

@@ -0,0 +1,70 @@
+import type { OidcSpaApi } from "./types";
+import type { Oidc as Oidc_core } from "../core";
+import type { ZodSchemaLike } from "../tools/ZodSchemaLike";
+import { createOidcSpaApi } from "./createOidcSpaApi";
+
+export type OidcSpaApiBuilder<
+    AutoLogin extends boolean = false,
+    DecodedIdToken extends Record<string, unknown> = Oidc_core.Tokens.DecodedIdToken_OidcCoreSpec,
+    ExcludedMethod extends
+        | "withAutoLogin"
+        | "withExpectedDecodedIdTokenShape"
+        | "withAccessTokenValidation"
+        | "finalize" = never
+> = Omit<
+    {
+        withAutoLogin: () => OidcSpaApiBuilder<true, DecodedIdToken, ExcludedMethod | "withAutoLogin">;
+        withExpectedDecodedIdTokenShape: <DecodedIdToken extends Record<string, unknown>>(params: {
+            decodedIdTokenSchema: ZodSchemaLike<
+                Oidc_core.Tokens.DecodedIdToken_OidcCoreSpec,
+                DecodedIdToken
+            >;
+            decodedIdToken_mock?: NoInfer<DecodedIdToken>;
+        }) => OidcSpaApiBuilder<
+            AutoLogin,
+            DecodedIdToken,
+            ExcludedMethod | "withExpectedDecodedIdTokenShape"
+        >;
+
+        finalize: () => OidcSpaApi<AutoLogin, DecodedIdToken>;
+    },
+    ExcludedMethod
+>;
+
+function createOidcSpaApiBuilder<
+    AutoLogin extends boolean = false,
+    DecodedIdToken extends Record<string, unknown> = Oidc_core.Tokens.DecodedIdToken_OidcCoreSpec
+>(params: {
+    autoLogin: AutoLogin;
+    decodedIdTokenSchema:
+        | ZodSchemaLike<Oidc_core.Tokens.DecodedIdToken_OidcCoreSpec, DecodedIdToken>
+        | undefined;
+    decodedIdToken_mock: DecodedIdToken | undefined;
+}): OidcSpaApiBuilder<AutoLogin, DecodedIdToken> {
+    return {
+        withAutoLogin: () =>
+            createOidcSpaApiBuilder({
+                autoLogin: true,
+                decodedIdTokenSchema: params.decodedIdTokenSchema,
+                decodedIdToken_mock: params.decodedIdToken_mock
+            }),
+        withExpectedDecodedIdTokenShape: ({ decodedIdTokenSchema, decodedIdToken_mock }) =>
+            createOidcSpaApiBuilder({
+                autoLogin: params.autoLogin,
+                decodedIdTokenSchema,
+                decodedIdToken_mock: decodedIdToken_mock
+            }),
+        finalize: () =>
+            createOidcSpaApi<AutoLogin, DecodedIdToken>({
+                autoLogin: params.autoLogin,
+                decodedIdTokenSchema: params.decodedIdTokenSchema,
+                decodedIdToken_mock: params.decodedIdToken_mock
+            })
+    };
+}
+
+export const oidcSpaApiBuilder = createOidcSpaApiBuilder({
+    autoLogin: false,
+    decodedIdToken_mock: undefined,
+    decodedIdTokenSchema: undefined
+});