npm - supaapps-auth - Versions diffs - 1.4.1 → 2.0.0-rc.2 - Mend

supaapps-auth 1.4.1 → 2.0.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.eslintrc +3 -0
package/.github/workflows/ci.yml +1 -0
package/.prettierrc +7 -0
package/dist/AuthManager.d.ts +6 -4
package/dist/AuthManager.js +60 -23
package/dist/index.d.ts +1 -0
package/dist/index.js +15 -0
package/dist/types.d.ts +25 -0
package/dist/types.js +13 -0
package/package.json +16 -4
package/src/AuthManager.ts +226 -137
package/src/index.ts +1 -0
package/src/types.ts +28 -0
package/tests/AuthManager.test.ts +15 -7

package/.eslintrc ADDED Viewed

@@ -0,0 +1,3 @@
+{
+    "extends": "supaapps"
+}

package/.github/workflows/ci.yml CHANGED Viewed

@@ -21,6 +21,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'
     - run: npm ci
+    - run: npm run lint
     - run: npm run build --if-present
     - run: npm run test

package/.prettierrc ADDED Viewed

@@ -0,0 +1,7 @@
+{
+    "semi": true,
+    "trailingComma": "all",
+    "singleQuote": true,
+    "printWidth": 70,
+    "tabWidth": 2
+}

package/dist/AuthManager.d.ts CHANGED Viewed

@@ -1,21 +1,23 @@
+import { AuthManagerEvent } from './types';
 export declare class AuthManager {
     private static instance;
     private authServer;
     private realmName;
     private redirectUri;
-    private loginCallback;
+    private onStateChange;
     private constructor();
-    static initialize(authServer: string, realmName: string, redirectUri: string, loginCallback: () => void): AuthManager;
+    static initialize(authServer: string, realmName: string, redirectUri: string, onStateChange: (event: AuthManagerEvent) => void): AuthManager;
     static getInstance(): AuthManager;
+    private tokenToPayload;
     private toBase64Url;
     private generatePKCEPair;
     refreshAccessToken(): Promise<string>;
     checkAccessToken(): Promise<string>;
     private isTokenExpired;
-    mustBeLoggedIn(): Promise<boolean>;
+    mustBeLoggedIn(): Promise<void>;
     getLoginWithGoogleUri(): string;
     isLoggedIn(): Promise<boolean>;
-    getAccessToken(): Promise<string>;
+    getAccessToken(mustBeLoggedIn?: boolean): Promise<string>;
     private saveTokens;
     loginUsingPkce(code: string): Promise<void>;
     logout(): Promise<void>;

package/dist/AuthManager.js CHANGED Viewed

@@ -13,17 +13,29 @@ exports.AuthManager = void 0;
 const axios_1 = require("axios");
 const crypto_1 = require("crypto");
 const jsonwebtoken_1 = require("jsonwebtoken"); // Ensure jsonwebtoken is correctly imported
+const types_1 = require("./types");
 class AuthManager {
-    constructor(authServer, realmName, redirectUri, loginCallback) {
+    constructor(authServer, realmName, redirectUri, onStateChange) {
         this.authServer = authServer;
         this.realmName = realmName;
         this.redirectUri = redirectUri;
-        this.loginCallback = loginCallback;
+        this.onStateChange = onStateChange;
         AuthManager.instance = this;
     }
-    static initialize(authServer, realmName, redirectUri, loginCallback) {
+    static initialize(authServer, realmName, redirectUri, onStateChange) {
         if (!AuthManager.instance) {
-            AuthManager.instance = new AuthManager(authServer, realmName, redirectUri, loginCallback);
+            AuthManager.instance = new AuthManager(authServer, realmName, redirectUri, onStateChange);
+            AuthManager.instance
+                .checkAccessToken()
+                .then((token) => {
+                onStateChange({
+                    type: types_1.AuthEventType.INITALIZED_IN,
+                    user: AuthManager.instance.tokenToPayload(token),
+                });
+            })
+                .catch(() => {
+                onStateChange({ type: types_1.AuthEventType.INITALIZED_OUT });
+            });
         }
         return AuthManager.instance;
     }
@@ -33,8 +45,14 @@ class AuthManager {
         }
         return AuthManager.instance;
     }
+    tokenToPayload(token) {
+        return JSON.parse(atob(token.split('.')[1]));
+    }
     toBase64Url(base64String) {
-        return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+        return base64String
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=+$/, '');
     }
     generatePKCEPair() {
         var _a, _b;
@@ -52,39 +70,40 @@ class AuthManager {
                     throw new Error('No refresh token found');
                 }
                 const response = yield axios_1.default.post(`${this.authServer}auth/refresh`, {
-                    refresh_token: refreshToken
+                    refresh_token: refreshToken,
                 });
-                localStorage.setItem('refresh_token', response.data.refresh_token);
-                localStorage.setItem('access_token', response.data.access_token);
-                const user = (0, jsonwebtoken_1.decode)(response.data.access_token);
-                localStorage.setItem('user', JSON.stringify(user));
+                this.saveTokens(response, true);
                 return response.data.access_token;
             }
             catch (error) {
                 console.error(`Refresh token error, logging out: ${error}`);
                 localStorage.removeItem('access_token');
                 localStorage.removeItem('refresh_token');
-                this.loginCallback();
+                this.onStateChange({ type: types_1.AuthEventType.REFRESH_FAILED });
                 throw error;
             }
         });
     }
     checkAccessToken() {
         return __awaiter(this, void 0, void 0, function* () {
-            let accessToken = localStorage.getItem('access_token');
-            if (!accessToken || this.isTokenExpired(accessToken)) {
+            const accessToken = localStorage.getItem('access_token');
+            if (accessToken || this.isTokenExpired(accessToken)) {
                 return this.refreshAccessToken();
             }
             return accessToken;
         });
     }
     isTokenExpired(token) {
-        const decoded = JSON.parse(atob(token.split('.')[1]));
+        const decoded = this.tokenToPayload(token);
         return decoded.exp < Date.now() / 1000;
     }
     mustBeLoggedIn() {
         return __awaiter(this, void 0, void 0, function* () {
-            return this.isLoggedIn() || (this.loginCallback(), false);
+            if (!(yield this.isLoggedIn())) {
+                this.onStateChange({
+                    type: types_1.AuthEventType.FAILED_MUST_LOGIN_CHECK,
+                });
+            }
         });
     }
     getLoginWithGoogleUri() {
@@ -103,14 +122,28 @@ class AuthManager {
         });
     }
     getAccessToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.checkAccessToken();
+        return __awaiter(this, arguments, void 0, function* (mustBeLoggedIn = false) {
+            try {
+                return yield this.checkAccessToken();
+            }
+            catch (error) {
+                if (mustBeLoggedIn) {
+                    this.onStateChange({
+                        type: types_1.AuthEventType.FAILED_MUST_LOGIN_CHECK,
+                    });
+                }
+                return '';
+            }
         });
     }
-    saveTokens(response) {
+    saveTokens(response, byRefresh) {
         localStorage.setItem('access_token', response.data.access_token);
         localStorage.setItem('refresh_token', response.data.refresh_token);
-        const user = (0, jsonwebtoken_1.decode)(response.data.access_token);
+        this.onStateChange({
+            type: byRefresh ? types_1.AuthEventType.USER_UPDATED : types_1.AuthEventType.USER_LOGGED_IN,
+            user: this.tokenToPayload(response.data.access_token),
+        });
+        const user = this.tokenToPayload(response.data.access_token);
         localStorage.setItem('user', JSON.stringify(user));
     }
     loginUsingPkce(code) {
@@ -126,7 +159,7 @@ class AuthManager {
                     redirect_uri: this.redirectUri,
                     code_verifier: codeVerifier,
                 });
-                this.saveTokens(response);
+                this.saveTokens(response, false);
             }
             finally {
                 localStorage.removeItem('codeVerifier');
@@ -142,21 +175,24 @@ class AuthManager {
                     throw new Error('Access token not found');
                 }
                 yield axios_1.default.post(`${this.authServer}auth/logout`, {}, {
-                    headers: { Authorization: `Bearer ${accessToken}` }
+                    headers: { Authorization: `Bearer ${accessToken}` },
                 });
             }
             finally {
                 localStorage.removeItem('access_token');
                 localStorage.removeItem('refresh_token');
+                this.onStateChange({ type: types_1.AuthEventType.USER_LOGGED_OUT });
             }
         });
     }
     static validateToken(authServer, bearerToken) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             // @todo tests missing for this static validation
             try {
-                const decodedToken = (_a = (0, jsonwebtoken_1.decode)(bearerToken, { complete: true })) === null || _a === void 0 ? void 0 : _a.payload;
+                const decodedToken = (_a = (0, jsonwebtoken_1.decode)(bearerToken, {
+                    complete: true,
+                })) === null || _a === void 0 ? void 0 : _a.payload;
                 if (!decodedToken) {
                     return false;
                 }
@@ -164,6 +200,7 @@ class AuthManager {
                 const { data: algo } = yield axios_1.default.get(`${authServer}public/algo`);
                 (0, jsonwebtoken_1.verify)(bearerToken, publicKey, { algorithms: [algo] });
                 const { data: revokedIds } = yield axios_1.default.get(`${authServer}public/revoked_ids`);
+                // eslint-disable-next-line @typescript-eslint/dot-notation
                 return !revokedIds.includes(decodedToken['id']);
             }
             catch (error) {

package/dist/index.d.ts CHANGED Viewed

	@@ -1 +1,2 @@
1	+ export * from './types';
1 2	export { AuthManager } from './AuthManager';

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,20 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthManager = void 0;
+__exportStar(require("./types"), exports);
 var AuthManager_1 = require("./AuthManager");
 Object.defineProperty(exports, "AuthManager", { enumerable: true, get: function () { return AuthManager_1.AuthManager; } });

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+export declare enum AuthEventType {
+    INITALIZED_IN = "initialized-logged-in",
+    INITALIZED_OUT = "initialized-logged-out",
+    USER_LOGGED_IN = "user-logged-in",
+    USER_LOGGED_OUT = "user-logged-out",
+    USER_UPDATED = "user-updated",
+    FAILED_MUST_LOGIN_CHECK = "failed-must-login",
+    REFRESH_FAILED = "refresh-failed"
+}
+export interface UserTokenPayload {
+    id: number;
+    iss: string;
+    sub: number;
+    first_name: string;
+    last_name: string;
+    email: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    scopes: string;
+}
+export interface AuthManagerEvent {
+    type: AuthEventType;
+    user?: UserTokenPayload;
+}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthEventType = void 0;
+var AuthEventType;
+(function (AuthEventType) {
+    AuthEventType["INITALIZED_IN"] = "initialized-logged-in";
+    AuthEventType["INITALIZED_OUT"] = "initialized-logged-out";
+    AuthEventType["USER_LOGGED_IN"] = "user-logged-in";
+    AuthEventType["USER_LOGGED_OUT"] = "user-logged-out";
+    AuthEventType["USER_UPDATED"] = "user-updated";
+    AuthEventType["FAILED_MUST_LOGIN_CHECK"] = "failed-must-login";
+    AuthEventType["REFRESH_FAILED"] = "refresh-failed";
+})(AuthEventType || (exports.AuthEventType = AuthEventType = {}));

package/package.json CHANGED Viewed

@@ -1,12 +1,13 @@
 {
   "name": "supaapps-auth",
-  "version": "1.4.1",
+  "version": "2.0.0-rc.2",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "scripts": {
     "test": "jest",
-    "build": "tsc"
+    "build": "tsc",
+    "lint": "eslint src/ --ext .ts,.tsx"
   },
   "author": "",
   "license": "MIT",
@@ -16,15 +17,26 @@
     "jsonwebtoken": "^9.0.2"
   },
   "devDependencies": {
+    "@next/eslint-plugin-next": "^13.5.6",
     "@types/axios": "^0.14.0",
     "@types/jest": "^29.5.12",
     "@types/jsonwebtoken": "^9.0.6",
-    "@types/node": "^20.11.10",
+    "@types/node": "^20.12.12",
+    "@typescript-eslint/eslint-plugin": "^6.21.0",
+    "@typescript-eslint/parser": "^6.21.0",
     "axios-mock-adapter": "^1.22.0",
+    "eslint": "^8.57.0",
+    "eslint-config-airbnb-base": "^15.0.0",
+    "eslint-config-airbnb-typescript": "^17.1.0",
+    "eslint-config-next": "^13.5.6",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-supaapps": "^1.1.0",
+    "eslint-plugin-import": "^2.29.1",
     "jest": "^29.7.0",
     "jest-localstorage-mock": "^2.4.26",
     "jest-mock-axios": "^4.7.3",
     "ts-jest": "^29.1.2",
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "undefined": "^0.1.0"
   }
 }

package/src/AuthManager.ts CHANGED Viewed

@@ -1,174 +1,263 @@
 import axios, { AxiosResponse } from 'axios';
 import { createHash, randomBytes } from 'crypto';
-import {decode as jwtDecode, verify as jwtVerify} from 'jsonwebtoken';  // Ensure jsonwebtoken is correctly imported
+import {
+  decode as jwtDecode,
+  verify as jwtVerify,
+} from 'jsonwebtoken'; // Ensure jsonwebtoken is correctly imported
+import { AuthEventType, AuthManagerEvent, UserTokenPayload } from './types';
 export class AuthManager {
-    private static instance: AuthManager | null = null;
-    private authServer: string;
-    private realmName: string;
-    private redirectUri: string;
-    private loginCallback: () => void;
-    private constructor(authServer: string, realmName: string, redirectUri: string, loginCallback: () => void) {
-        this.authServer = authServer;
-        this.realmName = realmName;
-        this.redirectUri = redirectUri;
-        this.loginCallback = loginCallback;
-        AuthManager.instance = this;
-    }
+  private static instance: AuthManager | null = null;
-    public static initialize(authServer: string, realmName: string, redirectUri: string, loginCallback: () => void): AuthManager {
-        if (!AuthManager.instance) {
-            AuthManager.instance = new AuthManager(authServer, realmName, redirectUri, loginCallback);
-        }
-        return AuthManager.instance;
-    }
+  private authServer: string;
-    public static getInstance(): AuthManager {
-        if (!AuthManager.instance) {
-            throw new Error('AuthManager not initialized');
-        }
-        return AuthManager.instance;
-    }
+  private realmName: string;
-    private toBase64Url(base64String: string): string {
-        return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
-    }
+  private redirectUri: string;
-    private generatePKCEPair(): { verifier: string; challenge: string } {
-        const verifier = localStorage.getItem('codeVerifier') ?? this.toBase64Url(randomBytes(32).toString('base64'));
-        const challenge = localStorage.getItem('codeChallenge') ?? this.toBase64Url(createHash('sha256').update(verifier).digest('base64'));
+  private onStateChange: (event: AuthManagerEvent) => void;
-        localStorage.setItem('codeVerifier', verifier);
-        localStorage.setItem('codeChallenge', challenge);
+  private constructor(
+    authServer: string,
+    realmName: string,
+    redirectUri: string,
+    onStateChange: (event: AuthManagerEvent) => void,
+  ) {
+    this.authServer = authServer;
+    this.realmName = realmName;
+    this.redirectUri = redirectUri;
+    this.onStateChange = onStateChange;
+    AuthManager.instance = this;
+  }
-        return { verifier, challenge };
+  public static initialize(
+    authServer: string,
+    realmName: string,
+    redirectUri: string,
+    onStateChange: (event: AuthManagerEvent) => void,
+  ): AuthManager {
+    if (!AuthManager.instance) {
+      AuthManager.instance = new AuthManager(
+        authServer,
+        realmName,
+        redirectUri,
+        onStateChange,
+      );
+      AuthManager.instance
+      .checkAccessToken()
+      .then((token) => {
+        onStateChange({
+          type: AuthEventType.INITALIZED_IN,
+          user: AuthManager.instance.tokenToPayload(token),
+        });
+      })
+      .catch(() => {
+        onStateChange({ type: AuthEventType.INITALIZED_OUT });
+      });
     }
+    return AuthManager.instance;
+  }
-    public async refreshAccessToken(): Promise<string> {
-        try {
-            const refreshToken = localStorage.getItem('refresh_token');
-            if (!refreshToken) {
-                throw new Error('No refresh token found');
-            }
-            const response = await axios.post(`${this.authServer}auth/refresh`, {
-                refresh_token: refreshToken
-            });
-            localStorage.setItem('refresh_token', response.data.refresh_token);
-            localStorage.setItem('access_token', response.data.access_token);
-            const user = jwtDecode(response.data.access_token);
-            localStorage.setItem('user', JSON.stringify(user));
-            return response.data.access_token;
-        } catch (error) {
-            console.error(`Refresh token error, logging out: ${error}`);
-            localStorage.removeItem('access_token');
-            localStorage.removeItem('refresh_token');
-            this.loginCallback();
-            throw error;
-        }
+  public static getInstance(): AuthManager {
+    if (!AuthManager.instance) {
+      throw new Error('AuthManager not initialized');
     }
+    return AuthManager.instance;
+  }
-    public async checkAccessToken(): Promise<string> {
-        let accessToken = localStorage.getItem('access_token');
-        if (!accessToken || this.isTokenExpired(accessToken)) {
-            return this.refreshAccessToken();
-        }
-        return accessToken;
-    }
+  private tokenToPayload(token: string): UserTokenPayload {
+    return JSON.parse(atob(token.split('.')[1]));
+  }
-    private isTokenExpired(token: string): boolean {
-        const decoded = JSON.parse(atob(token.split('.')[1]));
-        return decoded.exp < Date.now() / 1000;
-    }
+  private toBase64Url(base64String: string): string {
+    return base64String
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/, '');
+  }
+  private generatePKCEPair(): {
+    verifier: string,
+    challenge: string,
+  } {
+    const verifier =
+      localStorage.getItem('codeVerifier') ??
+      this.toBase64Url(randomBytes(32).toString('base64'));
+    const challenge =
+      localStorage.getItem('codeChallenge') ??
+      this.toBase64Url(
+        createHash('sha256').update(verifier).digest('base64'),
+      );
+    localStorage.setItem('codeVerifier', verifier);
+    localStorage.setItem('codeChallenge', challenge);
-    public async mustBeLoggedIn(): Promise<boolean> {
-        return this.isLoggedIn() || (this.loginCallback(), false);
+    return { verifier, challenge };
+  }
+  public async refreshAccessToken(): Promise<string> {
+    try {
+      const refreshToken = localStorage.getItem('refresh_token');
+      if (!refreshToken) {
+        throw new Error('No refresh token found');
+      }
+      const response = await axios.post(
+        `${this.authServer}auth/refresh`,
+        {
+          refresh_token: refreshToken,
+        },
+      );
+      this.saveTokens(response, true);
+      return response.data.access_token;
+    } catch (error) {
+      console.error(`Refresh token error, logging out: ${error}`);
+      localStorage.removeItem('access_token');
+      localStorage.removeItem('refresh_token');
+      this.onStateChange({ type: AuthEventType.REFRESH_FAILED });
+      throw error;
     }
+  }
-    public getLoginWithGoogleUri(): string {
-        const { challenge } = this.generatePKCEPair();
-        return `${this.authServer}auth/login_with_google?realm_name=${this.realmName}&redirect_uri=${encodeURIComponent(this.redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256`;
+  public async checkAccessToken(): Promise<string> {
+    const accessToken = localStorage.getItem('access_token');
+    if (accessToken || this.isTokenExpired(accessToken)) {
+      return this.refreshAccessToken();
     }
+    return accessToken;
+  }
-    public async isLoggedIn(): Promise<boolean> {
-        try {
-            await this.checkAccessToken();
-            return true;
-        } catch (error) {
-            return false;
-        }
+  private isTokenExpired(token: string): boolean {
+    const decoded = this.tokenToPayload(token);
+    return decoded.exp < Date.now() / 1000;
+  }
+  public async mustBeLoggedIn(): Promise<void> {
+    if (!(await this.isLoggedIn())) {
+      this.onStateChange({
+        type: AuthEventType.FAILED_MUST_LOGIN_CHECK,
+      });
     }
+  }
+  public getLoginWithGoogleUri(): string {
+    const { challenge } = this.generatePKCEPair();
+    return `${this.authServer}auth/login_with_google?realm_name=${this.realmName}&redirect_uri=${encodeURIComponent(this.redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256`;
+  }
-    public async getAccessToken(): Promise<string> {
-        return this.checkAccessToken();
+  public async isLoggedIn(): Promise<boolean> {
+    try {
+      await this.checkAccessToken();
+      return true;
+    } catch (error) {
+      return false;
     }
+  }
-    private saveTokens(response: AxiosResponse): void {
-        localStorage.setItem('access_token', response.data.access_token);
-        localStorage.setItem('refresh_token', response.data.refresh_token);
-        const user = jwtDecode(response.data.access_token);
-        localStorage.setItem('user', JSON.stringify(user));
+  public async getAccessToken(mustBeLoggedIn: boolean = false): Promise<string> {
+    try {
+      return await this.checkAccessToken();
+    } catch (error) {
+      if (mustBeLoggedIn) {
+        this.onStateChange({
+          type: AuthEventType.FAILED_MUST_LOGIN_CHECK,
+        });
+      }
+      return '';
     }
+  }
-    public async loginUsingPkce(code: string): Promise<void> {
-        try {
-            const codeVerifier = localStorage.getItem('codeVerifier');
-            if (!codeVerifier) {
-                throw new Error('Code verifier not found');
-            }
-            const response = await axios.post(`${this.authServer}auth/pkce_exchange`, {
-                realm_name: this.realmName,
-                code,
-                redirect_uri: this.redirectUri,
-                code_verifier: codeVerifier,
-            });
-            this.saveTokens(response);
-        } finally {
-            localStorage.removeItem('codeVerifier');
-            localStorage.removeItem('codeChallenge');
-        }
+  private saveTokens(response: AxiosResponse, byRefresh: boolean): void {
+    localStorage.setItem('access_token', response.data.access_token);
+    localStorage.setItem(
+      'refresh_token',
+      response.data.refresh_token,
+    );
+    this.onStateChange({
+      type: byRefresh ? AuthEventType.USER_UPDATED : AuthEventType.USER_LOGGED_IN,
+      user: this.tokenToPayload(response.data.access_token),
+     });
+    const user = this.tokenToPayload(response.data.access_token);
+    localStorage.setItem('user', JSON.stringify(user));
+  }
+  public async loginUsingPkce(code: string): Promise<void> {
+    try {
+      const codeVerifier = localStorage.getItem('codeVerifier');
+      if (!codeVerifier) {
+        throw new Error('Code verifier not found');
+      }
+      const response = await axios.post(
+        `${this.authServer}auth/pkce_exchange`,
+        {
+          realm_name: this.realmName,
+          code,
+          redirect_uri: this.redirectUri,
+          code_verifier: codeVerifier,
+        },
+      );
+      this.saveTokens(response, false);
+    } finally {
+      localStorage.removeItem('codeVerifier');
+      localStorage.removeItem('codeChallenge');
     }
+  }
-    public async logout(): Promise<void> {
-        try {
-            const accessToken = localStorage.getItem('access_token');
-            if (!accessToken) {
-                throw new Error('Access token not found');
-            }
-            await axios.post(`${this.authServer}auth/logout`, {}, {
-                headers: { Authorization: `Bearer ${accessToken}` }
-            });
-        } finally {
-            localStorage.removeItem('access_token');
-            localStorage.removeItem('refresh_token');
-        }
+  public async logout(): Promise<void> {
+    try {
+      const accessToken = localStorage.getItem('access_token');
+      if (!accessToken) {
+        throw new Error('Access token not found');
+      }
+      await axios.post(
+        `${this.authServer}auth/logout`,
+        {},
+        {
+          headers: { Authorization: `Bearer ${accessToken}` },
+        },
+      );
+    } finally {
+      localStorage.removeItem('access_token');
+      localStorage.removeItem('refresh_token');
+      this.onStateChange({ type: AuthEventType.USER_LOGGED_OUT });
     }
+  }
-    public static async validateToken(authServer: string, bearerToken: string): Promise<boolean> {
-        // @todo tests missing for this static validation
-        try {
-            const decodedToken = jwtDecode(bearerToken, { complete: true })?.payload;
+  public static async validateToken(
+    authServer: string,
+    bearerToken: string,
+  ): Promise<boolean> {
+    // @todo tests missing for this static validation
+    try {
+      const decodedToken = jwtDecode(bearerToken, {
+        complete: true,
+      })?.payload;
-            if (!decodedToken) {
-                return false;
-            }
+      if (!decodedToken) {
+        return false;
+      }
-            const { data: publicKey } = await axios.get(`${authServer}public/public_key`);
-            const { data: algo } = await axios.get(`${authServer}public/algo`);
+      const { data: publicKey } = await axios.get(
+        `${authServer}public/public_key`,
+      );
+      const { data: algo } = await axios.get(
+        `${authServer}public/algo`,
+      );
-            jwtVerify(bearerToken, publicKey, { algorithms: [algo] });
+      jwtVerify(bearerToken, publicKey, { algorithms: [algo] });
-            const { data: revokedIds } = await axios.get(`${authServer}public/revoked_ids`);
-            return !revokedIds.includes(decodedToken['id']);
-        } catch (error) {
-            return false;
-        }
+      const { data: revokedIds } = await axios.get(
+        `${authServer}public/revoked_ids`,
+      );
+      // eslint-disable-next-line @typescript-eslint/dot-notation
+      return !revokedIds.includes(decodedToken['id']);
+    } catch (error) {
+      return false;
     }
+  }
-    public static resetInstance(): void {
-        AuthManager.instance = null;
-    }
+  public static resetInstance(): void {
+    AuthManager.instance = null;
+  }
 }

package/src/index.ts CHANGED Viewed

	@@ -1 +1,2 @@
1	+ export * from './types';
1 2	export { AuthManager } from './AuthManager';

package/src/types.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export enum AuthEventType {
+    INITALIZED_IN = 'initialized-logged-in',
+    INITALIZED_OUT = 'initialized-logged-out',
+    USER_LOGGED_IN = 'user-logged-in',
+    USER_LOGGED_OUT = 'user-logged-out',
+    USER_UPDATED = 'user-updated',
+    FAILED_MUST_LOGIN_CHECK = 'failed-must-login',
+    REFRESH_FAILED = 'refresh-failed',
+}
+export interface UserTokenPayload {
+    id: number;
+    iss: string;
+    sub: number;
+    first_name: string;
+    last_name: string;
+    email: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    scopes: string;
+}
+export interface AuthManagerEvent {
+    type:  AuthEventType;
+    user?: UserTokenPayload;
+}

package/tests/AuthManager.test.ts CHANGED Viewed

@@ -1,11 +1,17 @@
 import axios from 'axios';
 import MockAdapter from 'axios-mock-adapter';
 import { AuthManager } from '../src/AuthManager';
+import { AuthEventType } from '../src/types';
 import { basename } from 'path';
 const mock = new MockAdapter(axios);
+const tokenThatWontExpire1 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZmlyc3RfbmFtZSI6IkpvaG4gRG9lIiwibGFzdF9uYW1lIjoiRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZXMiOiIvcm9vdC8qIiwiZXhwIjo5OTk5OTk5OTk5LCJpZCI6MiwiaXNzIjoxMjMsImF1ZCI6InRlc3RpbmcifQ.843X4Zq2WgNSu8fjRKx-kd_FbDqY_eVkgu2wZZbhhwE';
+const tokenThatWontExpire2 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZmlyc3RfbmFtZSI6IkpvaG4gRG9lIiwibGFzdF9uYW1lIjoiRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZXMiOiIvcm9vdC8qIiwiZXhwIjo5OTk5OTk5OTk5LCJpZCI6MiwiaXNzIjoxMjMsImF1ZCI6InRlc3RpbmcifQ.843X4Zq2WgNSu8fjRKx-kd_FbDqY_eVkgu2wZZbhhwE';
+const tokenThatExpired = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZmlyc3RfbmFtZSI6IkpvaG4gRG9lIiwibGFzdF9uYW1lIjoiRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZXMiOiIvcm9vdC8qIiwiZXhwIjo1MDAsImlkIjoyLCJpc3MiOjEyMywiYXVkIjoidGVzdGluZyJ9.ungpbhHfCM5ZP5oiZ1RnMkJ-NKJI8s3_IPJptjyKHR4';
 describe('AuthManager Tests', () => {
     beforeEach(() => {
@@ -45,13 +51,13 @@ describe('AuthManager Tests', () => {
     it('refreshes access token when expired', async () => {
       mock.onPost('http://auth-server.com/auth/refresh').reply(200, {
-        access_token: 'newAccessToken',
+        access_token: tokenThatWontExpire2,
         refresh_token: 'newRefreshToken'
       });
       const loginCallback = jest.fn();
       // check that we set localstorage correct
-      localStorage.setItem('access_token', 'mockAccessToken');
+      localStorage.setItem('access_token', tokenThatExpired);
       localStorage.setItem('refresh_token', 'mockRefreshToken');
       const refresh = localStorage.getItem('refresh_token');
@@ -60,8 +66,8 @@ describe('AuthManager Tests', () => {
       const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', loginCallback);
       const token = await manager.refreshAccessToken();
-      expect(token).toEqual('newAccessToken');
-      expect(localStorage.setItem).toHaveBeenCalledWith('access_token', 'newAccessToken');
+      expect(token).toEqual(tokenThatWontExpire2);
+      expect(localStorage.setItem).toHaveBeenCalledWith('access_token', tokenThatWontExpire2);
       expect(localStorage.setItem).toHaveBeenCalledWith('refresh_token', 'newRefreshToken');
     });
@@ -73,7 +79,9 @@ describe('AuthManager Tests', () => {
       const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', loginCallback);
       await expect(manager.refreshAccessToken()).rejects.toThrow('No refresh token found');
-      await expect(loginCallback).toHaveBeenCalled();
+      await expect(loginCallback).toHaveBeenCalledWith({
+        type: AuthEventType.REFRESH_FAILED,
+      });
     });
     it('logs in using PKCE and updates local storage', async () => {
@@ -104,11 +112,11 @@ describe('AuthManager Tests', () => {
     });
     it('logs out and clears local storage', async () => {
-      localStorage.setItem('access_token', 'validAccessToken');
       mock.onPost('http://auth-server.com/auth/logout').reply(200);
       const loginCallback = jest.fn();
       const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', loginCallback);
+      localStorage.setItem('access_token', tokenThatWontExpire1);
       await manager.logout();
       expect(localStorage.removeItem).toHaveBeenCalledWith('access_token');