npm - oidc-spa - Versions diffs - 8.1.9 → 8.1.11 - Mend

oidc-spa 8.1.9 → 8.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

package/backend.d.ts +27 -6
package/backend.js +124 -139
package/backend.js.map +1 -1
package/core/Oidc.d.ts +28 -4
package/core/createOidc.d.ts +12 -3
package/core/createOidc.js +1 -1
package/core/createOidc.js.map +1 -1
package/core/earlyInit.d.ts +1 -0
package/core/earlyInit.js +11 -4
package/core/earlyInit.js.map +1 -1
package/core/iframeMessageProtection.js +16 -18
package/core/iframeMessageProtection.js.map +1 -1
package/core/loginOrGoToAuthServer.js +8 -3
package/core/loginOrGoToAuthServer.js.map +1 -1
package/core/loginSilent.js +4 -0
package/core/loginSilent.js.map +1 -1
package/core/oidcClientTsUserToTokens.d.ts +1 -1
package/core/oidcClientTsUserToTokens.js.map +1 -1
package/core/requiredPostHydrationReplaceNavigationUrl.d.ts +6 -0
package/core/requiredPostHydrationReplaceNavigationUrl.js +12 -0
package/core/requiredPostHydrationReplaceNavigationUrl.js.map +1 -0
package/entrypoint.d.ts +1 -0
package/entrypoint.js +3 -1
package/entrypoint.js.map +1 -1
package/esm/angular.d.ts +14 -4
package/esm/angular.js +155 -10
package/esm/angular.js.map +1 -1
package/esm/backend.d.ts +48 -0
package/esm/backend.js +259 -0
package/esm/backend.js.map +1 -0
package/esm/core/Oidc.d.ts +28 -4
package/esm/core/createOidc.d.ts +12 -3
package/esm/core/createOidc.js +1 -1
package/esm/core/createOidc.js.map +1 -1
package/esm/core/earlyInit.d.ts +1 -0
package/esm/core/earlyInit.js +11 -4
package/esm/core/earlyInit.js.map +1 -1
package/esm/core/iframeMessageProtection.js +16 -18
package/esm/core/iframeMessageProtection.js.map +1 -1
package/esm/core/loginOrGoToAuthServer.js +8 -3
package/esm/core/loginOrGoToAuthServer.js.map +1 -1
package/esm/core/loginSilent.js +4 -0
package/esm/core/loginSilent.js.map +1 -1
package/esm/core/oidcClientTsUserToTokens.d.ts +1 -1
package/esm/core/oidcClientTsUserToTokens.js.map +1 -1
package/esm/core/requiredPostHydrationReplaceNavigationUrl.d.ts +6 -0
package/esm/core/requiredPostHydrationReplaceNavigationUrl.js +8 -0
package/esm/core/requiredPostHydrationReplaceNavigationUrl.js.map +1 -0
package/esm/entrypoint.d.ts +1 -0
package/esm/entrypoint.js +1 -0
package/esm/entrypoint.js.map +1 -1
package/esm/mock/oidc.d.ts +1 -1
package/esm/mock/oidc.js.map +1 -1
package/esm/react/react.d.ts +1 -1
package/esm/tanstack-start/react/accessTokenValidation_rfc9068.d.ts +12 -0
package/esm/tanstack-start/react/accessTokenValidation_rfc9068.js +95 -0
package/esm/tanstack-start/react/accessTokenValidation_rfc9068.js.map +1 -0
package/esm/tanstack-start/react/apiBuilder.d.ts +27 -0
package/esm/tanstack-start/react/apiBuilder.js +58 -0
package/esm/tanstack-start/react/apiBuilder.js.map +1 -0
package/esm/tanstack-start/react/createOidcSpaApi.d.ts +9 -0
package/esm/tanstack-start/react/createOidcSpaApi.js +678 -0
package/esm/tanstack-start/react/createOidcSpaApi.js.map +1 -0
package/esm/tanstack-start/react/index.d.ts +3 -0
package/esm/tanstack-start/react/index.js +4 -0
package/esm/tanstack-start/react/index.js.map +1 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/UnifiedClientRetryForSsrLoadersError.d.ts +4 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/UnifiedClientRetryForSsrLoadersError.js +8 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/UnifiedClientRetryForSsrLoadersError.js.map +1 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/enableUnifiedClientRetryForSsrLoaders.d.ts +4 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/enableUnifiedClientRetryForSsrLoaders.js +76 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/enableUnifiedClientRetryForSsrLoaders.js.map +1 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/entrypoint.d.ts +1 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/entrypoint.js +11 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/entrypoint.js.map +1 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/index.d.ts +2 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/index.js +3 -0
package/esm/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/index.js.map +1 -0
package/esm/tanstack-start/react/types.d.ts +355 -0
package/esm/tanstack-start/react/types.js +2 -0
package/esm/tanstack-start/react/types.js.map +1 -0
package/esm/tanstack-start/react/withHandlingOidcPostLoginNavigation.d.ts +2 -0
package/esm/tanstack-start/react/withHandlingOidcPostLoginNavigation.js +25 -0
package/esm/tanstack-start/react/withHandlingOidcPostLoginNavigation.js.map +1 -0
package/esm/tools/GetterOrDirectValue.d.ts +1 -0
package/esm/tools/GetterOrDirectValue.js +2 -0
package/esm/tools/GetterOrDirectValue.js.map +1 -0
package/esm/tools/ZodSchemaLike.d.ts +3 -0
package/esm/tools/ZodSchemaLike.js +2 -0
package/esm/tools/ZodSchemaLike.js.map +1 -0
package/esm/tools/inferIsViteDev.d.ts +1 -0
package/esm/tools/inferIsViteDev.js +6 -0
package/esm/tools/inferIsViteDev.js.map +1 -0
package/esm/tools/infer_import_meta_env_BASE_URL.d.ts +1 -0
package/esm/tools/infer_import_meta_env_BASE_URL.js +15 -0
package/esm/tools/infer_import_meta_env_BASE_URL.js.map +1 -0
package/esm/tools/tsafe/uncapitalize.d.ts +2 -0
package/esm/tools/tsafe/uncapitalize.js +5 -0
package/esm/tools/tsafe/uncapitalize.js.map +1 -0
package/esm/vendor/backend/evt.d.ts +2 -0
package/esm/vendor/backend/evt.js +3286 -0
package/esm/vendor/backend/jose.d.ts +1 -0
package/esm/vendor/backend/jose.js +3546 -0
package/esm/vendor/backend/tsafe.d.ts +5 -0
package/esm/vendor/backend/tsafe.js +68 -0
package/esm/vendor/backend/zod.d.ts +1 -0
package/esm/vendor/backend/zod.js +4023 -0
package/esm/vendor/frontend/worker-timers.js +261 -1
package/mock/oidc.d.ts +1 -1
package/mock/oidc.js.map +1 -1
package/package.json +40 -4
package/react/react.d.ts +1 -1
package/src/angular.ts +224 -9
package/src/backend.ts +201 -166
package/src/core/Oidc.ts +41 -11
package/src/core/createOidc.ts +12 -3
package/src/core/earlyInit.ts +19 -4
package/src/core/iframeMessageProtection.ts +14 -15
package/src/core/loginOrGoToAuthServer.ts +11 -3
package/src/core/loginSilent.ts +5 -0
package/src/core/oidcClientTsUserToTokens.ts +2 -2
package/src/core/requiredPostHydrationReplaceNavigationUrl.ts +11 -0
package/src/entrypoint.ts +1 -0
package/src/mock/oidc.ts +2 -2
package/src/react/react.tsx +1 -1
package/src/tanstack-start/react/accessTokenValidation_rfc9068.ts +135 -0
package/src/tanstack-start/react/apiBuilder.ts +151 -0
package/src/tanstack-start/react/createOidcSpaApi.tsx +1009 -0
package/src/tanstack-start/react/index.ts +5 -0
package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/UnifiedClientRetryForSsrLoadersError.ts +8 -0
package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/enableUnifiedClientRetryForSsrLoaders.tsx +110 -0
package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/entrypoint.ts +13 -0
package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/index.ts +2 -0
package/src/tanstack-start/react/types.tsx +415 -0
package/src/tanstack-start/react/withHandlingOidcPostLoginNavigation.tsx +35 -0
package/src/tools/GetterOrDirectValue.ts +1 -0
package/src/tools/ZodSchemaLike.ts +3 -0
package/src/tools/getThisCodebaseRootDirPath_cjs.ts +19 -0
package/src/tools/inferIsViteDev.ts +6 -0
package/src/tools/infer_import_meta_env_BASE_URL.ts +19 -0
package/src/tools/tsafe/uncapitalize.ts +4 -0
package/src/vendor/backend/jose.ts +1 -0
package/src/vendor/build-runtime/babel.ts +6 -0
package/src/vendor/build-runtime/magic-string.ts +3 -0
package/src/vite-plugin/detectProjectType.ts +20 -0
package/src/vite-plugin/excludeModuleExportFromOptimizedDeps.ts +20 -0
package/src/vite-plugin/handleClientEntrypoint.ts +260 -0
package/src/vite-plugin/index.ts +1 -0
package/src/vite-plugin/transformCreateFileRoute.ts +240 -0
package/src/vite-plugin/vite-plugin.ts +54 -0
package/tools/GetterOrDirectValue.d.ts +1 -0
package/tools/GetterOrDirectValue.js +3 -0
package/tools/GetterOrDirectValue.js.map +1 -0
package/tools/ZodSchemaLike.d.ts +3 -0
package/tools/ZodSchemaLike.js +3 -0
package/tools/ZodSchemaLike.js.map +1 -0
package/tools/getThisCodebaseRootDirPath_cjs.d.ts +2 -0
package/tools/getThisCodebaseRootDirPath_cjs.js +53 -0
package/tools/getThisCodebaseRootDirPath_cjs.js.map +1 -0
package/tools/tsafe/uncapitalize.d.ts +2 -0
package/tools/tsafe/uncapitalize.js +8 -0
package/tools/tsafe/uncapitalize.js.map +1 -0
package/vendor/backend/jose.d.ts +1 -0
package/vendor/backend/jose.js +3 -0
package/vendor/build-runtime/babel.d.ts +6 -0
package/vendor/build-runtime/babel.js +3 -0
package/vendor/build-runtime/magic-string.d.ts +2 -0
package/vendor/build-runtime/magic-string.js +2 -0
package/vendor/frontend/oidc-client-ts.js +0 -2
package/vite-plugin/detectProjectType.d.ts +10 -0
package/vite-plugin/detectProjectType.js +15 -0
package/vite-plugin/detectProjectType.js.map +1 -0
package/vite-plugin/excludeModuleExportFromOptimizedDeps.d.ts +4 -0
package/vite-plugin/excludeModuleExportFromOptimizedDeps.js +50 -0
package/vite-plugin/excludeModuleExportFromOptimizedDeps.js.map +1 -0
package/vite-plugin/handleClientEntrypoint.d.ts +10 -0
package/vite-plugin/handleClientEntrypoint.js +211 -0
package/vite-plugin/handleClientEntrypoint.js.map +1 -0
package/vite-plugin/index.d.ts +1 -0
package/vite-plugin/index.js +6 -0
package/vite-plugin/index.js.map +1 -0
package/vite-plugin/transformCreateFileRoute.d.ts +10 -0
package/vite-plugin/transformCreateFileRoute.js +173 -0
package/vite-plugin/transformCreateFileRoute.js.map +1 -0
package/vite-plugin/vite-plugin.d.ts +5 -0
package/vite-plugin/vite-plugin.js +46 -0
package/vite-plugin/vite-plugin.js.map +1 -0
package/src/vendor/backend/jsonwebtoken.ts +0 -1
package/src/vendor/backend/node-fetch.ts +0 -2
package/src/vendor/backend/node-jose.ts +0 -1
package/vendor/backend/jsonwebtoken.d.ts +0 -1
package/vendor/backend/jsonwebtoken.js +0 -3
package/vendor/backend/node-fetch.d.ts +0 -2
package/vendor/backend/node-fetch.js +0 -2
package/vendor/backend/node-jose.d.ts +0 -1
package/vendor/backend/node-jose.js +0 -3

package/src/tanstack-start/react/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { withHandlingOidcPostLoginNavigation } from "./withHandlingOidcPostLoginNavigation";
+export type * from "./types";
+import { oidcSpaApiBuilder } from "./apiBuilder";
+export const oidcSpa = oidcSpaApiBuilder;

package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/UnifiedClientRetryForSsrLoadersError.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export const ERROR_MESSAGE_SINGULAR_STRING = "__RETRY_ON_CLIENT_SENTINEL__";
+export class UnifiedClientRetryForSsrLoadersError extends Error {
+    constructor(message: string) {
+        super(`(${ERROR_MESSAGE_SINGULAR_STRING}) ${message}`);
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}

package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/enableUnifiedClientRetryForSsrLoaders.tsx ADDED Viewed

@@ -0,0 +1,110 @@
+import { useEffect } from "react";
+import { type createFileRoute, useRouter } from "@tanstack/react-router";
+import { ERROR_MESSAGE_SINGULAR_STRING } from "./UnifiedClientRetryForSsrLoadersError";
+import { inferIsViteDev } from "../../../tools/inferIsViteDev";
+type OptionsOfCreateFileRoute = NonNullable<Parameters<ReturnType<typeof createFileRoute>>[0]>;
+export function enableUnifiedClientRetryForSsrLoaders<Options extends OptionsOfCreateFileRoute>(
+    options: Options
+): Options {
+    function ErrorComponentWithUnifiedClientRetryForSsrLoader(
+        props: Parameters<
+            Exclude<OptionsOfCreateFileRoute["errorComponent"], null | false | undefined>
+        >[0]
+    ) {
+        unified_client_retry: {
+            const { error } = props;
+            const isSentinelError =
+                error instanceof Error && error.message.includes(ERROR_MESSAGE_SINGULAR_STRING);
+            const router = useRouter();
+            useEffect(() => {
+                if (!isSentinelError) {
+                    return;
+                }
+                const isDev = inferIsViteDev();
+                if (isDev) {
+                    console.info(
+                        [
+                            "oidc-spa: Detected a client-only operation.",
+                            "\n(e.g. an enforceLogin() in a beforeLoad, or an authenticated fetch in a loader).",
+                            "\nThis action cannot run on the server because, in oidc-spa, the client exclusively owns the authentication state.",
+                            "\nTo preserve correctness, oidc-spa gracefully retried the operation on the client.",
+                            "\nSSR was automatically skipped on this route component for this request to ensure consistent behavior.\n",
+                            "\nNote: TanStack Start does not yet provide an official mechanism for 'retry on client'.",
+                            "\noidc-spa implements this behavior transparently via its Vite plugin,",
+                            "until a standardized per-request SSR control becomes available.",
+                            "\nYou may also see a `Warning: Error in route match:` above, this is expected and can be safely ignored."
+                        ].join(" ")
+                    );
+                }
+                router.invalidate();
+            }, []);
+            if (!isSentinelError) {
+                break unified_client_retry;
+            }
+            const PendingComponent = options.pendingComponent;
+            if (PendingComponent === undefined) {
+                return null;
+            }
+            return <PendingComponent />;
+        }
+        // Default behavior
+        {
+            const { errorComponent } = options;
+            if (errorComponent === false) {
+                queueMicrotask(() => {
+                    throw props.error;
+                });
+                return null;
+            }
+            if (errorComponent === null || errorComponent === undefined) {
+                throw props.error;
+            }
+            const ErrorComponent = errorComponent;
+            return <ErrorComponent {...props} />;
+        }
+    }
+    forward_properties: {
+        const { errorComponent } = options;
+        if (!errorComponent) {
+            ErrorComponentWithUnifiedClientRetryForSsrLoader.displayName =
+                ErrorComponentWithUnifiedClientRetryForSsrLoader.name;
+            break forward_properties;
+        }
+        const ErrorComponent = errorComponent;
+        ErrorComponentWithUnifiedClientRetryForSsrLoader.displayName = `${
+            (ErrorComponent as any).displayName ?? ErrorComponent.name ?? "ErrorComponent"
+        }WithUnifiedClientRetryForSsrLoader`;
+        if (ErrorComponent.preload !== undefined) {
+            ErrorComponentWithUnifiedClientRetryForSsrLoader.preload =
+                ErrorComponent.preload.bind(ErrorComponent);
+        }
+    }
+    return {
+        ...options,
+        errorComponent: ErrorComponentWithUnifiedClientRetryForSsrLoader
+    };
+}

package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/entrypoint.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { ERROR_MESSAGE_SINGULAR_STRING } from "./UnifiedClientRetryForSsrLoadersError";
+export function preventConsoleLoggingOfUnifiedClientRetryForSsrLoadersError() {
+    const originalConsoleError = console.error;
+    console.error = function error(...args) {
+        if (args[1] instanceof Error && args[1].message.includes(ERROR_MESSAGE_SINGULAR_STRING)) {
+            return;
+        }
+        originalConsoleError.call(console, ...args);
+    };
+}

package/src/tanstack-start/react/rfcUnifiedClientRetryForSsrLoaders/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { UnifiedClientRetryForSsrLoadersError } from "./UnifiedClientRetryForSsrLoadersError";
2	+ export { enableUnifiedClientRetryForSsrLoaders } from "./enableUnifiedClientRetryForSsrLoaders";

package/src/tanstack-start/react/types.tsx ADDED Viewed

@@ -0,0 +1,415 @@
+import type { ReactNode } from "react";
+import type { Oidc as Oidc_core, OidcInitializationError } from "../../core";
+import type { FunctionMiddlewareAfterServer, RequestMiddlewareAfterServer } from "@tanstack/react-start";
+import type { GetterOrDirectValue } from "../../tools/GetterOrDirectValue";
+import type { OidcMetadata } from "../../core/OidcMetadata";
+export type CreateOidcComponent<DecodedIdToken> = <
+    Assert extends "user logged in" | "user not logged in" | undefined,
+    Props
+>(params: {
+    assert?: Assert;
+    pendingComponent?: Assert extends undefined ? (props: NoInfer<Props>) => ReactNode : undefined;
+    component: (props: Props) => any;
+}) => ((props: Props) => ReactNode) & {
+    useOidc: () => undefined extends Assert
+        ? CreateOidcComponent.Oidc<DecodedIdToken>
+        : "user logged in" extends Assert
+        ? CreateOidcComponent.Oidc.LoggedIn<DecodedIdToken>
+        : CreateOidcComponent.Oidc.NotLoggedIn;
+};
+export namespace CreateOidcComponent {
+    export type WithAutoLogin<DecodedIdToken> = <Props>(params: {
+        pendingComponent?: (params: NoInfer<Props>) => ReactNode;
+        component: (props: Props) => ReactNode;
+    }) => ((props: Props) => ReactNode) & {
+        useOidc: () => Oidc.LoggedIn<DecodedIdToken>;
+    };
+    export type Oidc<DecodedIdToken> =
+        | (Oidc.NotLoggedIn & {
+              decodedIdToken?: never;
+              logout?: never;
+              renewTokens?: never;
+              goToAuthServer?: never;
+              backFromAuthServer?: never;
+              isNewBrowserSession?: never;
+          })
+        | (Oidc.LoggedIn<DecodedIdToken> & {
+              login?: never;
+              initializationError?: never;
+          });
+    export namespace Oidc {
+        type Common = {
+            issuerUri: string;
+            clientId: string;
+        };
+        export type NotLoggedIn = Common & {
+            login: (params?: {
+                extraQueryParams?: Record<string, string | undefined>;
+                redirectUrl?: string;
+                transformUrlBeforeRedirect?: (url: string) => string;
+            }) => Promise<never>;
+            autoLogoutState: {
+                shouldDisplayWarning: false;
+            };
+            isUserLoggedIn: false;
+            initializationError: OidcInitializationError | undefined;
+        };
+        export type LoggedIn<DecodedIdToken> = Common & {
+            isUserLoggedIn: true;
+            decodedIdToken: DecodedIdToken;
+            logout: Oidc_core.LoggedIn["logout"];
+            renewTokens: Oidc_core.LoggedIn["renewTokens"];
+            goToAuthServer: Oidc_core.LoggedIn["goToAuthServer"];
+            backFromAuthServer: Oidc_core.LoggedIn["backFromAuthServer"];
+            isNewBrowserSession: boolean;
+            autoLogoutState:
+                | {
+                      shouldDisplayWarning: true;
+                      secondsLeftBeforeAutoLogout: number;
+                  }
+                | {
+                      shouldDisplayWarning: false;
+                  };
+        };
+    }
+}
+export type GetOidc<DecodedIdToken> = {
+    (params?: { assert?: undefined }): Promise<GetOidc.Oidc<DecodedIdToken>>;
+    (params: { assert: "user logged in" }): Promise<GetOidc.Oidc.LoggedIn<DecodedIdToken>>;
+    (params: { assert: "user not logged in" }): Promise<GetOidc.Oidc.NotLoggedIn>;
+};
+export namespace GetOidc {
+    export type WithAutoLogin<DecodedIdToken> = (params?: {
+        assert: "user logged in";
+    }) => Promise<Oidc.LoggedIn<DecodedIdToken>>;
+    export type Oidc<DecodedIdToken> =
+        | (Oidc.NotLoggedIn & {
+              getAccessToken?: never;
+              getDecodedIdToken?: never;
+              logout?: never;
+              renewTokens?: never;
+              goToAuthServer?: never;
+              backFromAuthServer?: never;
+              isNewBrowserSession?: never;
+              subscribeToAutoLogoutState?: never;
+          })
+        | (Oidc.LoggedIn<DecodedIdToken> & {
+              initializationError?: never;
+              login?: never;
+          });
+    export namespace Oidc {
+        type Common = {
+            issuerUri: string;
+            clientId: string;
+        };
+        export type NotLoggedIn = Common & {
+            isUserLoggedIn: false;
+            initializationError: OidcInitializationError | undefined;
+            login: Oidc_core.NotLoggedIn["login"];
+        };
+        export type LoggedIn<DecodedIdToken> = Common & {
+            isUserLoggedIn: true;
+            getAccessToken: () => Promise<string>;
+            getDecodedIdToken: () => DecodedIdToken;
+            logout: Oidc_core.LoggedIn["logout"];
+            renewTokens: Oidc_core.LoggedIn["renewTokens"];
+            goToAuthServer: Oidc_core.LoggedIn["goToAuthServer"];
+            backFromAuthServer: Oidc_core.LoggedIn["backFromAuthServer"];
+            isNewBrowserSession: boolean;
+            subscribeToAutoLogoutState: (
+                next: (
+                    autoLogoutState:
+                        | {
+                              shouldDisplayWarning: true;
+                              secondsLeftBeforeAutoLogout: number;
+                          }
+                        | {
+                              shouldDisplayWarning: false;
+                          }
+                ) => void
+            ) => { unsubscribeFromAutoLogoutState: () => void };
+        };
+    }
+}
+export type OidcFnMiddleware<AccessTokenClaims> = {
+    (params?: {
+        assert?: undefined;
+        hasRequiredClaims?: (params: { accessTokenClaims: AccessTokenClaims }) => Promise<boolean>;
+    }): OidcFnMiddleware.TanStackFnMiddleware<{
+        oidc: OidcServerContext<AccessTokenClaims>;
+    }>;
+    (params?: {
+        assert?: "user logged in";
+        hasRequiredClaims?: (params: { accessTokenClaims: AccessTokenClaims }) => Promise<boolean>;
+    }): OidcFnMiddleware.TanStackFnMiddleware<{
+        oidc: OidcServerContext.LoggedIn<AccessTokenClaims>;
+    }>;
+};
+export namespace OidcFnMiddleware {
+    export type WithAutoLogin<AccessTokenClaims> = (params?: {
+        assert?: "user logged in";
+        hasRequiredClaims?: (params: { accessTokenClaims: AccessTokenClaims }) => Promise<boolean>;
+    }) => TanStackFnMiddleware<{
+        oidc: OidcServerContext.LoggedIn<AccessTokenClaims>;
+    }>;
+    export type TanStackFnMiddleware<T> = FunctionMiddlewareAfterServer<
+        {},
+        unknown,
+        undefined,
+        T,
+        {},
+        undefined,
+        undefined
+    >;
+}
+export type OidcServerContext<AccessTokenClaims> =
+    | OidcServerContext.LoggedIn<AccessTokenClaims>
+    | (OidcServerContext.NotLoggedIn & {
+          accessTokenClaims?: never;
+          accessToken?: never;
+      });
+export namespace OidcServerContext {
+    export type NotLoggedIn = {
+        isUserLoggedIn: false;
+    };
+    export type LoggedIn<AccessTokenClaims> = {
+        isUserLoggedIn: true;
+        accessTokenClaims: AccessTokenClaims;
+        accessToken: string;
+    };
+}
+export type OidcRequestMiddleware<AccessTokenClaims> = {
+    (params?: {
+        assert?: undefined;
+        hasRequiredClaims?: (params: { accessTokenClaims: AccessTokenClaims }) => Promise<boolean>;
+    }): OidcRequestMiddleware.TanstackRequestMiddleware<{
+        oidc: OidcServerContext<AccessTokenClaims>;
+    }>;
+    (params?: {
+        assert?: "user logged in";
+        hasRequiredClaims?: (params: { accessTokenClaims: AccessTokenClaims }) => Promise<boolean>;
+    }): OidcRequestMiddleware.TanstackRequestMiddleware<{
+        oidc: OidcServerContext.LoggedIn<AccessTokenClaims>;
+    }>;
+};
+export namespace OidcRequestMiddleware {
+    export type WithAutoLogin<AccessTokenClaims> = (params?: {
+        assert?: "user logged in";
+        hasRequiredClaims?: (params: { accessTokenClaims: AccessTokenClaims }) => Promise<boolean>;
+    }) => TanstackRequestMiddleware<{
+        oidc: OidcServerContext.LoggedIn<AccessTokenClaims>;
+    }>;
+    export type TanstackRequestMiddleware<T> = RequestMiddlewareAfterServer<{}, undefined, T>;
+}
+export type ParamsOfBootstrap<AutoLogin, DecodedIdToken, AccessTokenClaims> =
+    | ParamsOfBootstrap.Real<AutoLogin>
+    | ParamsOfBootstrap.Mock<AutoLogin, DecodedIdToken, AccessTokenClaims>;
+export namespace ParamsOfBootstrap {
+    export type Real<AutoLogin> = {
+        implementation: "real";
+        /**
+         * See: https://docs.oidc-spa.dev/v/v8/providers-configuration/provider-configuration
+         */
+        issuerUri: string;
+        /**
+         * See: https://docs.oidc-spa.dev/v/v8/providers-configuration/provider-configuration
+         */
+        clientId: string;
+        /**
+         * Default: 45 second.
+         * It defines how long before the auto logout we should start
+         * displaying an overlay message to the user alerting them
+         * like: "Are you still there? You'll be disconnected in 45...44..."
+         * NOTE: This parameter is only UI related! It does not defines
+         * after how much time of inactivity the user should be auto logged out.
+         * This is a server policy (that can be overwrote by idleSessionLifetimeInSeconds)
+         * See: https://docs.oidc-spa.dev/v/v8/auto-logout
+         */
+        startCountdownSecondsBeforeAutoLogout?: number;
+        /**
+         * This parameter defines after how many seconds of inactivity the user should be
+         * logged out automatically.
+         *
+         * WARNING: It should be configured on the identity server side
+         * as it's the authoritative source for security policies and not the client.
+         * If you don't provide this parameter it will be inferred from the refresh token expiration time.
+         * Some provider however don't issue a refresh token or do not correctly set the
+         * expiration time. This parameter enable you to hard code the value to compensate
+         * the shortcoming of your auth server.
+         * */
+        idleSessionLifetimeInSeconds?: number;
+        /**
+         * The scopes being requested from the OIDC/OAuth2 provider (default: `["profile"]`
+         * (the scope "openid" is added automatically as it's mandatory)
+         **/
+        scopes?: string[];
+        /**
+         * Transform the url (authorization endpoint) before redirecting to the login pages.
+         *
+         * The isSilent parameter is true when the redirect is initiated in the background iframe for silent signin.
+         * This can be used to omit ui related query parameters (like `ui_locales`).
+         */
+        transformUrlBeforeRedirect?: (params: { authorizationUrl: string; isSilent: boolean }) => string;
+        /**
+         * Extra query params to be added to the authorization endpoint url before redirecting or silent signing in.
+         * You can provide a function that returns those extra query params, it will be called
+         * when login() is called.
+         *
+         * Example: extraQueryParams: ()=> ({ ui_locales: "fr" })
+         *
+         * This parameter can also be passed to login() directly.
+         */
+        extraQueryParams?:
+            | Record<string, string | undefined>
+            | ((params: { isSilent: boolean; url: string }) => Record<string, string | undefined>);
+        /**
+         * Extra body params to be added to the /token POST request.
+         *
+         * It will be used when for the initial request, whenever the token is getting refreshed and if you call `renewTokens()`.
+         * You can also provide this parameter directly to the `renewTokens()` method.
+         *
+         * It can be either a string to string record or a function that returns a string to string record.
+         *
+         * Example: extraTokenParams: ()=> ({ selectedCustomer: "xxx" })
+         *          extraTokenParams: { selectedCustomer: "xxx" }
+         */
+        extraTokenParams?:
+            | Record<string, string | undefined>
+            | (() => Record<string, string | undefined>);
+        /**
+         * Default: false
+         *
+         * See: https://docs.oidc-spa.dev/v/v8/resources/iframe-related-issues
+         */
+        noIframe?: boolean;
+        debugLogs?: boolean;
+        /**
+         * WARNING: This option exists solely as a workaround
+         * for limitations in the Google OAuth API.
+         * See: https://docs.oidc-spa.dev/providers-configuration/google-oauth
+         *
+         * Do not use this for other providers.
+         * If you think you need a client secret in a SPA, you are likely
+         * trying to use a confidential (private) client in the browser,
+         * which is insecure and not supported.
+         */
+        __unsafe_clientSecret?: string;
+        /**
+         * This option should only be used as a last resort.
+         *
+         * If your OIDC provider is correctly configured, this should not be necessary.
+         *
+         * The metadata is normally retrieved automatically from:
+         * `${issuerUri}/.well-known/openid-configuration`
+         *
+         * Use this only if that endpoint is not accessible (e.g. due to missing CORS headers
+         * or non-standard deployments), and you cannot fix the server-side configuration.
+         */
+        __metadata?: Partial<OidcMetadata>;
+    } & (AutoLogin extends true ? {} : {});
+    export type Mock<AutoLogin, DecodedIdToken, AccessTokenClaims> = {
+        implementation: "mock";
+        issuerUri_mock?: string;
+        clientId_mock?: string;
+        decodedIdToken_mock?: DecodedIdToken;
+    } & (AccessTokenClaims extends undefined
+        ? {}
+        : {
+              accessTokenClaims_mock?: AccessTokenClaims;
+          }) &
+        (AutoLogin extends true
+            ? {
+                  isUserInitiallyLoggedIn?: true;
+              }
+            : {
+                  isUserInitiallyLoggedIn: boolean;
+              });
+}
+export type OidcSpaApi<AutoLogin, DecodedIdToken, AccessTokenClaims> = {
+    bootstrapOidc: (
+        params: GetterOrDirectValue<
+            { process: { env: Record<string, string> } },
+            ParamsOfBootstrap<AutoLogin, DecodedIdToken, AccessTokenClaims>
+        >
+    ) => void;
+    createOidcComponent: AutoLogin extends true
+        ? CreateOidcComponent.WithAutoLogin<DecodedIdToken>
+        : CreateOidcComponent<DecodedIdToken>;
+    getOidc: AutoLogin extends true ? GetOidc.WithAutoLogin<DecodedIdToken> : GetOidc<DecodedIdToken>;
+} & (AccessTokenClaims extends undefined
+    ? {}
+    : {
+          oidcFnMiddleware: AutoLogin extends true
+              ? OidcFnMiddleware.WithAutoLogin<AccessTokenClaims>
+              : OidcFnMiddleware<AccessTokenClaims>;
+          oidcRequestMiddleware: AutoLogin extends true
+              ? OidcRequestMiddleware.WithAutoLogin<AccessTokenClaims>
+              : OidcRequestMiddleware<AccessTokenClaims>;
+      }) &
+    (AutoLogin extends true
+        ? {
+              OidcInitializationGate: (props: {
+                  renderFallback: (props: {
+                      initializationError: OidcInitializationError | undefined;
+                  }) => ReactNode;
+                  children: ReactNode;
+              }) => ReactNode;
+          }
+        : {
+              enforceLogin: (loaderContext: {
+                  cause: "preload" | string;
+                  location: {
+                      href: string;
+                  };
+              }) => Promise<void | never>;
+          });
+export type CreateValidateAndGetAccessTokenClaims<AccessTokenClaims> = (params: {
+    paramsOfBootstrap: ParamsOfBootstrap<boolean, Record<string, unknown>, AccessTokenClaims>;
+}) => {
+    validateAndGetAccessTokenClaims: (params: { accessToken: string }) => Promise<
+        | {
+              isValid: true;
+              accessTokenClaims: AccessTokenClaims;
+          }
+        | {
+              isValid: false;
+              errorMessage: string;
+              wwwAuthenticateHeaderErrorDescription: string;
+          }
+    >;
+};

package/src/tanstack-start/react/withHandlingOidcPostLoginNavigation.tsx ADDED Viewed

@@ -0,0 +1,35 @@
+import { type ComponentType, type FC, useEffect } from "react";
+import { getOidcRequiredPostHydrationReplaceNavigationUrl } from "../../core/requiredPostHydrationReplaceNavigationUrl";
+import { useRouter } from "@tanstack/react-router";
+export function withHandlingOidcPostLoginNavigation<Props extends Record<string, unknown>>(
+    Component: ComponentType<Props>
+): FC<Props> {
+    let { rootRelativeRedirectUrl } = getOidcRequiredPostHydrationReplaceNavigationUrl();
+    if (rootRelativeRedirectUrl === undefined) {
+        // @ts-expect-error
+        return Component;
+    }
+    function ComponentWithHandlingOidcPostLoginNavigation(props: Props) {
+        const router = useRouter();
+        useEffect(() => {
+            if (rootRelativeRedirectUrl === undefined) {
+                return;
+            }
+            router.navigate({ to: rootRelativeRedirectUrl, replace: true });
+            rootRelativeRedirectUrl = undefined;
+        }, []);
+        return <Component {...props} />;
+    }
+    ComponentWithHandlingOidcPostLoginNavigation.displayName = `${
+        Component.displayName ?? Component.name ?? "Component"
+    }WithHandlingOidcPostLoginNavigation`;
+    return ComponentWithHandlingOidcPostLoginNavigation;
+}

package/src/tools/GetterOrDirectValue.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export type GetterOrDirectValue<P, T> = ((params: P) => T) \| T;

package/src/tools/ZodSchemaLike.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export type ZodSchemaLike<Input, Output> = {
+    parse: (input: Input) => Output;
+};

package/src/tools/getThisCodebaseRootDirPath_cjs.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import * as fs from "fs";
+import * as path from "path";
+let result: string | undefined = undefined;
+export function getThisCodebaseRootDirPath(): string {
+    if (result !== undefined) {
+        return result;
+    }
+    return (result = getNearestPackageJsonDirPath(__dirname));
+}
+export function getNearestPackageJsonDirPath(dirPath: string): string {
+    if (fs.existsSync(path.join(dirPath, "package.json"))) {
+        return dirPath;
+    }
+    return getNearestPackageJsonDirPath(path.join(dirPath, ".."));
+}

package/src/tools/inferIsViteDev.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export function inferIsViteDev() {
+    const url = new URL(import.meta.url);
+    const pathname = url.pathname;
+    return pathname.includes("/node_modules/");
+}

package/src/tools/infer_import_meta_env_BASE_URL.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { assert } from "./tsafe/assert";
+export function infer_import_meta_env_BASE_URL() {
+    const url = new URL(import.meta.url);
+    const pathname = url.pathname;
+    for (const searched of ["/assets/", "/node_modules/"]) {
+        // In Vite builds, JS files live under `${BASE_URL}/assets/...`
+        const index = pathname.indexOf(searched);
+        if (index === -1) {
+            continue;
+        }
+        return pathname.slice(0, index + 1); // keep trailing slash
+    }
+    assert(false, "Couldn't infer import.meta.BASE_URL");
+}

package/src/tools/tsafe/uncapitalize.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/** @see <https://docs.tsafe.dev/capitalize#uncapitalize> */
+export function uncapitalize<S extends string>(str: S): Uncapitalize<S> {
+    return (str.charAt(0).toLowerCase() + str.slice(1)) as any;
+}

package/src/vendor/backend/jose.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "jose";

package/src/vendor/build-runtime/babel.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export * as babelParser from "@babel/parser";
+import babelGenerate from "@babel/generator";
+export { babelGenerate };
+export * as babelTypes from "@babel/types";
+import babelTraverse from "@babel/traverse";
+export { babelTraverse };

package/src/vendor/build-runtime/magic-string.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import MagicString from "magic-string";
+export { MagicString };