@asgardeo/auth-js
Version:
Asgardeo Auth JS SDK to be used in JavaScript and TypeScript applications.
432 lines (431 loc) • 45.2 kB
JavaScript
function e(e,t,i,n){return new(i||(i=Promise))((function(o,s){function r(e){try{d(n.next(e))}catch(e){s(e)}}function a(e){try{d(n.throw(e))}catch(e){s(e)}}function d(e){var t;e.done?o(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(r,a)}d((n=n.apply(e,t||[])).next())}))}var t;!function(e){e.formPost="form_post",e.query="query",e.direct="direct"}(t||(t={}));const i="/oauth2/authorize",n="/oidc/checksession",o="/oidc/logout",s="/oauth2/token",r="/oauth2/jwks",a="/oauth2/revoke",d="/oauth2/token",c="/oauth2/userinfo",l="{{token}}",u="{{username}}",h="{{scope}}",v="{{clientID}}",_="{{clientSecret}}";var p;!function(e){e.ConfigData="config_data",e.OIDCProviderMetaData="oidc_provider_meta_data",e.SessionData="session_data",e.TemporaryData="temporary_data"}(p||(p={}));const y="refresh_token_timer",f="pkce_code_verifier",g="#",D=["RS256","RS512","RS384","PS256"],m="code",k="session_state",S="sign_out_url",T="sign_out_success",C="state",I="openid";var O;!function(e){e.Include="include",e.SameOrigin="same-origin",e.Omit="omit"}(O||(O={}));class P{constructor(e,t,i){this.message=i,this.name=t,this.code=e,Object.setPrototypeOf(this,new.target.prototype)}}class w{constructor(){}static filterClaimsFromIDTokenPayload(e){const t=Object.assign({},e);null==t||delete t.iss,null==t||delete t.aud,null==t||delete t.exp,null==t||delete t.iat,null==t||delete t.acr,null==t||delete t.amr,null==t||delete t.azp,null==t||delete t.auth_time,null==t||delete t.nonce,null==t||delete t.c_hash,null==t||delete t.at_hash,null==t||delete t.nbf,null==t||delete t.isk,null==t||delete t.sid;const i={};return Object.entries(t).forEach((([e,t])=>{const n=e.split("_").map(((e,t)=>0===t?e:[e[0].toUpperCase(),...e.slice(1)].join(""))).join("");i[n]=t})),i}static getTokenRequestHeaders(){return{Accept:"application/json","Content-Type":"application/x-www-form-urlencoded"}}static generateStateParamForRequestCorrelation(e,t){const i=parseInt(e.split("#")[1]);return t?`${t}_request_${i}`:`request_${i}`}static extractPKCEKeyFromStateParam(e){return`pkce_code_verifier#${parseInt(e.split("request_")[1])}`}}w.getTenantDomainFromIdTokenPayload=(e,t="@")=>{const i=e.sub.split(t);return i.length>2?i[i.length-1]:""};class R{constructor(t,i){this._dataLayer=t,this._config=()=>e(this,void 0,void 0,(function*(){return yield this._dataLayer.getConfigData()})),this._oidcProviderMetaData=()=>e(this,void 0,void 0,(function*(){return yield this._dataLayer.getOIDCProviderMetaData()})),this._cryptoHelper=i}resolveEndpoints(t){return e(this,void 0,void 0,(function*(){const e={},i=yield this._config();return i.endpoints&&Object.keys(i.endpoints).forEach((t=>{const n=t.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`));e[n]=(null==i?void 0:i.endpoints)?i.endpoints[t]:""})),Object.assign(Object.assign({},t),e)}))}resolveEndpointsExplicitly(){return e(this,void 0,void 0,(function*(){const e={},t=yield this._config(),i=["authorization_endpoint","end_session_endpoint","jwks_uri","check_session_iframe","revocation_endpoint","token_endpoint","issuer","userinfo_endpoint"];if(!(!!t.endpoints&&i.every((e=>!!t.endpoints&&Object.keys(t.endpoints).some((t=>t.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`))===e))))))throw new P("JS-AUTH_HELPER-REE-NF01","Required endpoints missing","Some or all of the required endpoints are missing in the object passed to the `endpoints` attribute of the`AuthConfig` object.");return t.endpoints&&Object.keys(t.endpoints).forEach((i=>{const n=i.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`));e[n]=(null==t?void 0:t.endpoints)?t.endpoints[i]:""})),Object.assign({},e)}))}resolveEndpointsByBaseURL(){return e(this,void 0,void 0,(function*(){const e={},t=yield this._config(),l=t.baseUrl;if(!l)throw new P("JS-AUTH_HELPER_REBO-NF01","Base URL not defined.","Base URL is not defined in AuthClient config.");t.endpoints&&Object.keys(t.endpoints).forEach((i=>{const n=i.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`));e[n]=(null==t?void 0:t.endpoints)?t.endpoints[i]:""}));const u={authorization_endpoint:`${l}${i}`,end_session_endpoint:`${l}${o}`,issuer:`${l}${s}`,jwks_uri:`${l}${r}`,check_session_iframe:`${l}${n}`,revocation_endpoint:`${l}${a}`,token_endpoint:`${l}${d}`,userinfo_endpoint:`${l}${c}`};return Object.assign(Object.assign({},u),e)}))}validateIdToken(t){var i;return e(this,void 0,void 0,(function*(){const e=(yield this._dataLayer.getOIDCProviderMetaData()).jwks_uri,n=yield this._config();if(!e||0===e.trim().length)throw new P("JS_AUTH_HELPER-VIT-NF01","JWKS endpoint not found.","No JWKS endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the JWKS endpoint passed to the SDK is empty.");let o;try{o=yield fetch(e,{credentials:n.sendCookiesInRequests?O.Include:O.SameOrigin})}catch(e){throw new P("JS-AUTH_HELPER-VIT-NE02","Request to jwks endpoint failed.",null!=e?e:"The request sent to get the jwks from the server failed.")}if(200!==o.status||!o.ok)throw new P("JS-AUTH_HELPER-VIT-HE03",`Invalid response status received for jwks request (${o.statusText}).`,yield o.json());const s=(yield this._oidcProviderMetaData()).issuer,{keys:r}=yield o.json(),a=yield this._cryptoHelper.getJWKForTheIdToken(t.split(".")[0],r);return this._cryptoHelper.isValidIdToken(t,a,(yield this._config()).clientID,null!=s?s:"",this._cryptoHelper.decodeIDToken(t).sub,(yield this._config()).clockTolerance,null===(i=(yield this._config()).validateIDTokenIssuer)||void 0===i||i)}))}getAuthenticatedUserInfo(e){var t,i,n,o;const s=this._cryptoHelper.decodeIDToken(e),r=w.getTenantDomainFromIdTokenPayload(s),a=null!==(t=null==s?void 0:s.username)&&void 0!==t?t:"",d=null!==(i=s.given_name)&&void 0!==i?i:"",c=null!==(n=s.family_name)&&void 0!==n?n:"",l=d&&c?`${d} ${c}`:d||(c||""),u=null!==(o=s.preferred_username)&&void 0!==o?o:l;return Object.assign({displayName:u,tenantDomain:r,username:a},w.filterClaimsFromIDTokenPayload(s))}replaceCustomGrantTemplateTags(t,i){var n;return e(this,void 0,void 0,(function*(){let e="openid";const o=yield this._config(),s=yield this._dataLayer.getSessionData(i);return o.scope&&o.scope.length>0&&(o.scope.includes("openid")||o.scope.push("openid"),e=o.scope.join(" ")),t.replace("{{token}}",s.access_token).replace("{{username}}",this.getAuthenticatedUserInfo(s.id_token).username).replace("{{scope}}",e).replace("{{clientID}}",o.clientID).replace("{{clientSecret}}",null!==(n=o.clientSecret)&&void 0!==n?n:"")}))}clearUserSessionData(t){return e(this,void 0,void 0,(function*(){yield this._dataLayer.removeTemporaryData(t),yield this._dataLayer.removeSessionData(t)}))}handleTokenResponse(t,i){return e(this,void 0,void 0,(function*(){if(200!==t.status||!t.ok)throw new P("JS-AUTH_HELPER-HTR-NE01",`Invalid response status received for token request (${t.statusText}).`,yield t.json());const n=yield t.json();n.created_at=(new Date).getTime();if((yield this._config()).validateIDToken)return this.validateIdToken(n.id_token).then((()=>e(this,void 0,void 0,(function*(){yield this._dataLayer.setSessionData(n,i);const e={accessToken:n.access_token,createdAt:n.created_at,expiresIn:n.expires_in,idToken:n.id_token,refreshToken:n.refresh_token,scope:n.scope,tokenType:n.token_type};return Promise.resolve(e)}))));{const e={accessToken:n.access_token,createdAt:n.created_at,expiresIn:n.expires_in,idToken:n.id_token,refreshToken:n.refresh_token,scope:n.scope,tokenType:n.token_type};return yield this._dataLayer.setSessionData(n,i),Promise.resolve(e)}}))}generatePKCEKey(t){var i;return e(this,void 0,void 0,(function*(){const e=yield this._dataLayer.getTemporaryData(t),n=[];Object.keys(e).forEach((e=>{e.startsWith("pkce_code_verifier")&&n.push(e)}));const o=n.sort().pop();return`pkce_code_verifier#${parseInt(null!==(i=null==o?void 0:o.split("#")[1])&&void 0!==i?i:"-1")+1}`}))}}class E{constructor(e){this._cryptoUtils=e}getCodeVerifier(){return this._cryptoUtils.base64URLEncode(this._cryptoUtils.generateRandomBytes(32))}getCodeChallenge(e){return this._cryptoUtils.base64URLEncode(this._cryptoUtils.hashSha256(e))}getJWKForTheIdToken(e,t){const i=JSON.parse(this._cryptoUtils.base64URLDecode(e));for(const e of t)if(i.kid===e.kid)return e;throw new P("JS-CRYPTO_UTIL-GJFTIT-IV01","kid not found.","Failed to find the 'kid' specified in the id_token. 'kid' found in the header : "+i.kid+", Expected values: "+t.map((e=>e.kid)).join(", "))}isValidIdToken(e,t,i,n,o,s,r){return this._cryptoUtils.verifyJwt(e,t,D,i,n,o,s,r).then((e=>e?Promise.resolve(!0):Promise.reject(new P("JS-CRYPTO_HELPER-IVIT-IV01","Invalid ID token.","ID token validation returned false"))))}decodeIDToken(e){try{const t=this._cryptoUtils.base64URLDecode(e.split(".")[1]);return JSON.parse(t)}catch(e){throw new P("JS-CRYPTO_UTIL-DIT-IV01","Decoding ID token failed.",e)}}}class L{constructor(t,i){this._cryptoUtils=i,this._cryptoHelper=new E(i),this._authenticationHelper=new R(t,this._cryptoHelper),this._dataLayer=t,this._config=()=>e(this,void 0,void 0,(function*(){return yield this._dataLayer.getConfigData()})),this._oidcProviderMetaData=()=>e(this,void 0,void 0,(function*(){return yield this._dataLayer.getOIDCProviderMetaData()}))}getAuthorizationURLParams(t,i){var n,o,s;return e(this,void 0,void 0,(function*(){const e=yield this._config(),r=new Map;r.set("response_type","code"),r.set("client_id",e.clientID),e.clientSecret&&e.clientSecret.trim().length>0&&r.set("client_secret",e.clientSecret);let a="openid";e.scope&&e.scope.length>0&&(e.scope.includes("openid")||e.scope.push("openid"),a=e.scope.join(" ")),r.set("scope",a),r.set("redirect_uri",e.signInRedirectURL),e.responseMode&&r.set("response_mode",e.responseMode);const d=yield this._authenticationHelper.generatePKCEKey(i);if(e.enablePKCE){const e=null===(n=this._cryptoHelper)||void 0===n?void 0:n.getCodeVerifier(),t=null===(o=this._cryptoHelper)||void 0===o?void 0:o.getCodeChallenge(e);yield this._dataLayer.setTemporaryDataParameter(d,e,i),r.set("code_challenge_method","S256"),r.set("code_challenge",t)}e.prompt&&r.set("prompt",e.prompt);const c=t;if(c)for(const[e,t]of Object.entries(c))""!=e&&""!=t&&"state"!==e&&r.set(e,t.toString());return r.set("state",w.generateStateParamForRequestCorrelation(d,c?null===(s=c.state)||void 0===s?void 0:s.toString():"")),r}))}getAuthorizationURL(t,i){return e(this,void 0,void 0,(function*(){const e=yield this._dataLayer.getOIDCProviderMetaDataParameter("authorization_endpoint");if(!e||0===e.trim().length)throw new P("JS-AUTH_CORE-GAU-NF01","No authorization endpoint found.","No authorization endpoint was found in the OIDC provider meta data from the well-known endpoint or the authorization endpoint passed to the SDK is empty.");const n=new URL(e),o=yield this.getAuthorizationURLParams(t,i);for(const[e,t]of o.entries())n.searchParams.append(e,t);return n.toString()}))}requestAccessToken(t,i,n,o,s){return e(this,void 0,void 0,(function*(){const e=(yield this._oidcProviderMetaData()).token_endpoint,r=yield this._config();if(!e||0===e.trim().length)throw new P("JS-AUTH_CORE-RAT1-NF01","Token endpoint not found.","No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the token endpoint passed to the SDK is empty.");i&&(yield this._dataLayer.setSessionDataParameter("session_state",i,o));const a=new URLSearchParams;a.set("client_id",r.clientID),r.clientSecret&&r.clientSecret.trim().length>0&&a.set("client_secret",r.clientSecret);const d=t;let c;a.set("code",d),a.set("grant_type","authorization_code"),a.set("redirect_uri",r.signInRedirectURL),(null==s?void 0:s.params)&&Object.entries(s.params).forEach((([e,t])=>{a.append(e,t)})),r.enablePKCE&&(a.set("code_verifier",`${yield this._dataLayer.getTemporaryDataParameter(w.extractPKCEKeyFromStateParam(n),o)}`),yield this._dataLayer.removeTemporaryDataParameter(w.extractPKCEKeyFromStateParam(n),o));try{c=yield fetch(e,{body:a,credentials:r.sendCookiesInRequests?O.Include:O.SameOrigin,headers:new Headers(w.getTokenRequestHeaders()),method:"POST"})}catch(e){throw new P("JS-AUTH_CORE-RAT1-NE02","Requesting access token failed",null!=e?e:"The request to get the access token from the server failed.")}if(!c.ok)throw new P("JS-AUTH_CORE-RAT1-HE03",`Requesting access token failed with ${c.statusText}`,yield c.json());return yield this._authenticationHelper.handleTokenResponse(c,o)}))}refreshAccessToken(t){return e(this,void 0,void 0,(function*(){const e=(yield this._oidcProviderMetaData()).token_endpoint,i=yield this._config(),n=yield this._dataLayer.getSessionData(t);if(!n.refresh_token)throw new P("JS-AUTH_CORE-RAT2-NF01","No refresh token found.","There was no refresh token found. Asgardeo doesn't return a refresh token if the refresh token grant is not enabled.");if(!e||0===e.trim().length)throw new P("JS-AUTH_CORE-RAT2-NF02","No refresh token endpoint found.","No refresh token endpoint was in the OIDC provider meta data returned by the well-known endpoint or the refresh token endpoint passed to the SDK is empty.");const o=[];let s;o.push(`client_id=${i.clientID}`),o.push(`refresh_token=${n.refresh_token}`),o.push("grant_type=refresh_token"),i.clientSecret&&i.clientSecret.trim().length>0&&o.push(`client_secret=${i.clientSecret}`);try{s=yield fetch(e,{body:o.join("&"),credentials:i.sendCookiesInRequests?O.Include:O.SameOrigin,headers:new Headers(w.getTokenRequestHeaders()),method:"POST"})}catch(e){throw new P("JS-AUTH_CORE-RAT2-NR03","Refresh access token request failed.",null!=e?e:"The request to refresh the access token failed.")}if(!s.ok)throw new P("JS-AUTH_CORE-RAT2-HE04",`Refreshing access token failed with ${s.statusText}`,yield s.json());return this._authenticationHelper.handleTokenResponse(s,t)}))}revokeAccessToken(t){return e(this,void 0,void 0,(function*(){const e=(yield this._oidcProviderMetaData()).revocation_endpoint,i=yield this._config();if(!e||0===e.trim().length)throw new P("JS-AUTH_CORE-RAT3-NF01","No revoke access token endpoint found.","No revoke access token endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the revoke access token endpoint passed to the SDK is empty.");const n=[];let o;n.push(`client_id=${i.clientID}`),n.push(`token=${(yield this._dataLayer.getSessionData(t)).access_token}`),n.push("token_type_hint=access_token"),i.clientSecret&&i.clientSecret.trim().length>0&&n.push(`client_secret=${i.clientSecret}`);try{o=yield fetch(e,{body:n.join("&"),credentials:i.sendCookiesInRequests?O.Include:O.SameOrigin,headers:new Headers(w.getTokenRequestHeaders()),method:"POST"})}catch(e){throw new P("JS-AUTH_CORE-RAT3-NE02","The request to revoke access token failed.",null!=e?e:"The request sent to revoke the access token failed.")}if(200!==o.status||!o.ok)throw new P("JS-AUTH_CORE-RAT3-HE03",`Invalid response status received for revoke access token request (${o.statusText}).`,yield o.json());return this._authenticationHelper.clearUserSessionData(t),Promise.resolve(o)}))}requestCustomGrant(t,i){return e(this,void 0,void 0,(function*(){const n=yield this._oidcProviderMetaData(),o=yield this._config();let s;if(s=t.tokenEndpoint&&0!==t.tokenEndpoint.trim().length?t.tokenEndpoint:n.token_endpoint,!s||0===s.trim().length)throw new P("JS-AUTH_CORE-RCG-NF01","Token endpoint not found.","No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the token endpoint passed to the SDK is empty.");const r=yield Promise.all(Object.entries(t.data).map((([t,n])=>e(this,void 0,void 0,(function*(){const e=yield this._authenticationHelper.replaceCustomGrantTemplateTags(n,i);return`${t}=${e}`})))));let a=Object.assign({},w.getTokenRequestHeaders());t.attachToken&&(a=Object.assign(Object.assign({},a),{Authorization:`Bearer ${(yield this._dataLayer.getSessionData(i)).access_token}`}));const d={body:r.join("&"),credentials:o.sendCookiesInRequests?O.Include:O.SameOrigin,headers:new Headers(a),method:"POST"};let c;try{c=yield fetch(s,d)}catch(e){throw new P("JS-AUTH_CORE-RCG-NE02","The custom grant request failed.",null!=e?e:"The request sent to get the custom grant failed.")}if(200!==c.status||!c.ok)throw new P("JS-AUTH_CORE-RCG-HE03",`Invalid response status received for the custom grant request. (${c.statusText})`,yield c.json());return t.returnsSession?this._authenticationHelper.handleTokenResponse(c,i):Promise.resolve(yield c.json())}))}getBasicUserInfo(t){return e(this,void 0,void 0,(function*(){const e=yield this._dataLayer.getSessionData(t),i=this._authenticationHelper.getAuthenticatedUserInfo(null==e?void 0:e.id_token);let n={allowedScopes:e.scope,sessionState:e.session_state};return Object.keys(i).forEach((e=>{void 0!==i[e]&&""!==i[e]&&null!==i[e]||delete i[e]})),n=Object.assign(Object.assign({},n),i),n}))}getDecodedIDToken(t){return e(this,void 0,void 0,(function*(){const e=(yield this._dataLayer.getSessionData(t)).id_token;return this._cryptoHelper.decodeIDToken(e)}))}getCryptoHelper(){return e(this,void 0,void 0,(function*(){return this._cryptoHelper}))}getIDToken(t){return e(this,void 0,void 0,(function*(){return(yield this._dataLayer.getSessionData(t)).id_token}))}getOIDCProviderMetaData(t){return e(this,void 0,void 0,(function*(){const e=yield this._config();if(!t&&(yield this._dataLayer.getTemporaryDataParameter("op_config_initiated")))return Promise.resolve();const i=e.wellKnownEndpoint;if(i){let e;try{if(e=yield fetch(i),200!==e.status||!e.ok)throw new Error}catch(e){throw new P("JS-AUTH_CORE-GOPMD-HE01","Invalid well-known response","The well known endpoint response has been failed with an error.")}return yield this._dataLayer.setOIDCProviderMetaData(yield this._authenticationHelper.resolveEndpoints(yield e.json())),yield this._dataLayer.setTemporaryDataParameter("op_config_initiated",!0),Promise.resolve()}if(e.baseUrl){try{yield this._dataLayer.setOIDCProviderMetaData(yield this._authenticationHelper.resolveEndpointsByBaseURL())}catch(e){throw new P("JS-AUTH_CORE-GOPMD-IV02","Resolving endpoints failed.",null!=e?e:"Resolving endpoints by base url failed.")}return yield this._dataLayer.setTemporaryDataParameter("op_config_initiated",!0),Promise.resolve()}return yield this._dataLayer.setOIDCProviderMetaData(yield this._authenticationHelper.resolveEndpointsExplicitly()),yield this._dataLayer.setTemporaryDataParameter("op_config_initiated",!0),Promise.resolve()}))}getOIDCServiceEndpoints(){var t,i,n,o,s,r,a,d,c,l;return e(this,void 0,void 0,(function*(){const e=yield this._oidcProviderMetaData();return{authorizationEndpoint:null!==(t=e.authorization_endpoint)&&void 0!==t?t:"",checkSessionIframe:null!==(i=e.check_session_iframe)&&void 0!==i?i:"",endSessionEndpoint:null!==(n=e.end_session_endpoint)&&void 0!==n?n:"",introspectionEndpoint:null!==(o=e.introspection_endpoint)&&void 0!==o?o:"",issuer:null!==(s=e.issuer)&&void 0!==s?s:"",jwksUri:null!==(r=e.jwks_uri)&&void 0!==r?r:"",registrationEndpoint:null!==(a=e.registration_endpoint)&&void 0!==a?a:"",revocationEndpoint:null!==(d=e.revocation_endpoint)&&void 0!==d?d:"",tokenEndpoint:null!==(c=e.token_endpoint)&&void 0!==c?c:"",userinfoEndpoint:null!==(l=e.userinfo_endpoint)&&void 0!==l?l:""}}))}getSignOutURL(t){var i,n,o;return e(this,void 0,void 0,(function*(){const e=null===(i=yield this._oidcProviderMetaData())||void 0===i?void 0:i.end_session_endpoint,s=yield this._config();if(!e||0===e.trim().length)throw new P("JS-AUTH_CORE-GSOU-NF01","Sign-out endpoint not found.","No sign-out endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the sign-out endpoint passed to the SDK is empty.");const r=null!==(n=null==s?void 0:s.signOutRedirectURL)&&void 0!==n?n:null==s?void 0:s.signInRedirectURL;if(!r||0===r.trim().length)throw new P("JS-AUTH_CORE-GSOU-NF03","No sign-out redirect URL found.","The sign-out redirect URL cannot be found or the URL passed to the SDK is empty. No sign-in redirect URL has been found either. ");const a=new URLSearchParams;if(a.set("post_logout_redirect_uri",r),s.sendIdTokenInLogoutRequest){const e=null===(o=yield this._dataLayer.getSessionData(t))||void 0===o?void 0:o.id_token;if(!e||0===e.trim().length)throw new P("JS-AUTH_CORE-GSOU-NF02","ID token not found.","No ID token could be found. Either the session information is lost or you have not signed in.");a.set("id_token_hint",e)}else a.set("client_id",s.clientID);return a.set("state","sign_out_success"),`${e}?${a.toString()}`}))}clearUserSessionData(t){return e(this,void 0,void 0,(function*(){yield this._authenticationHelper.clearUserSessionData(t)}))}getAccessToken(t){var i;return e(this,void 0,void 0,(function*(){return null===(i=yield this._dataLayer.getSessionData(t))||void 0===i?void 0:i.access_token}))}getCreatedAt(t){var i;return e(this,void 0,void 0,(function*(){return null===(i=yield this._dataLayer.getSessionData(t))||void 0===i?void 0:i.created_at}))}getExpiresIn(t){var i;return e(this,void 0,void 0,(function*(){return null===(i=yield this._dataLayer.getSessionData(t))||void 0===i?void 0:i.expires_in}))}isAuthenticated(t){return e(this,void 0,void 0,(function*(){const e=Boolean(yield this.getAccessToken(t)),i=yield this.getCreatedAt(t),n=yield this.getExpiresIn(t);if(!n)return!1;const o=1e3*parseInt(n),s=(new Date).getTime();return e&&i+o>s}))}getPKCECode(t,i){return e(this,void 0,void 0,(function*(){return yield this._dataLayer.getTemporaryDataParameter(w.extractPKCEKeyFromStateParam(t),i)}))}setPKCECode(t,i,n){return e(this,void 0,void 0,(function*(){return yield this._dataLayer.setTemporaryDataParameter(w.extractPKCEKeyFromStateParam(i),t,n)}))}updateConfig(t){return e(this,void 0,void 0,(function*(){yield this._dataLayer.setConfigData(t),yield this.getOIDCProviderMetaData(!0)}))}}const U="asgardeo-session-active";class A{constructor(e,t){this._id=e,this._store=t}setDataInBulk(t,i){var n;return e(this,void 0,void 0,(function*(){const e=null!==(n=yield this._store.getData(t))&&void 0!==n?n:null,o=e&&JSON.parse(e),s=Object.assign(Object.assign({},o),i),r=JSON.stringify(s);yield this._store.setData(t,r)}))}setValue(t,i,n){var o;return e(this,void 0,void 0,(function*(){const e=null!==(o=yield this._store.getData(t))&&void 0!==o?o:null,s=e&&JSON.parse(e),r=Object.assign(Object.assign({},s),{[i]:n}),a=JSON.stringify(r);yield this._store.setData(t,a)}))}removeValue(t,i){var n;return e(this,void 0,void 0,(function*(){const e=null!==(n=yield this._store.getData(t))&&void 0!==n?n:null,o=e&&JSON.parse(e),s=Object.assign({},o);delete s[i];const r=JSON.stringify(s);yield this._store.setData(t,r)}))}_resolveKey(e,t){return t?`${e}-${this._id}-${t}`:`${e}-${this._id}`}isLocalStorageAvailable(){try{const e="__ASGARDEO_AUTH_CORE_LOCAL_STORAGE_TEST__";return localStorage.setItem(e,e),localStorage.removeItem(e),!0}catch(e){return!1}}setConfigData(t){return e(this,void 0,void 0,(function*(){yield this.setDataInBulk(this._resolveKey(p.ConfigData),t)}))}setOIDCProviderMetaData(t){return e(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(p.OIDCProviderMetaData),t)}))}setTemporaryData(t,i){return e(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(p.TemporaryData,i),t)}))}setSessionData(t,i){return e(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(p.SessionData,i),t)}))}setCustomData(t,i,n){return e(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(t,n),i)}))}getConfigData(){var t;return e(this,void 0,void 0,(function*(){return JSON.parse(null!==(t=yield this._store.getData(this._resolveKey(p.ConfigData)))&&void 0!==t?t:null)}))}getOIDCProviderMetaData(){var t;return e(this,void 0,void 0,(function*(){return JSON.parse(null!==(t=yield this._store.getData(this._resolveKey(p.OIDCProviderMetaData)))&&void 0!==t?t:null)}))}getTemporaryData(t){var i;return e(this,void 0,void 0,(function*(){return JSON.parse(null!==(i=yield this._store.getData(this._resolveKey(p.TemporaryData,t)))&&void 0!==i?i:null)}))}getSessionData(t){var i;return e(this,void 0,void 0,(function*(){return JSON.parse(null!==(i=yield this._store.getData(this._resolveKey(p.SessionData,t)))&&void 0!==i?i:null)}))}getCustomData(t,i){var n;return e(this,void 0,void 0,(function*(){return JSON.parse(null!==(n=yield this._store.getData(this._resolveKey(t,i)))&&void 0!==n?n:null)}))}setSessionStatus(e){this.isLocalStorageAvailable()&&localStorage.setItem("asgardeo-session-active",e)}getSessionStatus(){var e;return this.isLocalStorageAvailable()&&null!==(e=localStorage.getItem("asgardeo-session-active"))&&void 0!==e?e:""}removeSessionStatus(){this.isLocalStorageAvailable()&&localStorage.removeItem("asgardeo-session-active")}removeConfigData(){return e(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(p.ConfigData))}))}removeOIDCProviderMetaData(){return e(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(p.OIDCProviderMetaData))}))}removeTemporaryData(t){return e(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(p.TemporaryData,t))}))}removeSessionData(t){return e(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(p.SessionData,t))}))}getConfigDataParameter(t){return e(this,void 0,void 0,(function*(){const e=yield this._store.getData(this._resolveKey(p.ConfigData));return e&&JSON.parse(e)[t]}))}getOIDCProviderMetaDataParameter(t){return e(this,void 0,void 0,(function*(){const e=yield this._store.getData(this._resolveKey(p.OIDCProviderMetaData));return e&&JSON.parse(e)[t]}))}getTemporaryDataParameter(t,i){return e(this,void 0,void 0,(function*(){const e=yield this._store.getData(this._resolveKey(p.TemporaryData,i));return e&&JSON.parse(e)[t]}))}getSessionDataParameter(t,i){return e(this,void 0,void 0,(function*(){const e=yield this._store.getData(this._resolveKey(p.SessionData,i));return e&&JSON.parse(e)[t]}))}setConfigDataParameter(t,i){return e(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(p.ConfigData),t,i)}))}setOIDCProviderMetaDataParameter(t,i){return e(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(p.OIDCProviderMetaData),t,i)}))}setTemporaryDataParameter(t,i,n){return e(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(p.TemporaryData,n),t,i)}))}setSessionDataParameter(t,i,n){return e(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(p.SessionData,n),t,i)}))}removeConfigDataParameter(t){return e(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(p.ConfigData),t)}))}removeOIDCProviderMetaDataParameter(t){return e(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(p.OIDCProviderMetaData),t)}))}removeTemporaryDataParameter(t,i){return e(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(p.TemporaryData,i),t)}))}removeSessionDataParameter(t,i){return e(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(p.SessionData,i),t)}))}}const H={clockTolerance:300,enablePKCE:!0,responseMode:t.query,scope:["openid"],sendCookiesInRequests:!0,validateIDToken:!0,validateIDTokenIssuer:!0};class b{
/**
* This is the constructor method that returns an instance of the .
*
* @param store - The store object.
*
* @example
* ```
* const _store: Store = new DataStore();
* const auth = new AsgardeoAuthClient<CustomClientConfig>(_store);
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#constructor}
*
* @preserve
*/
constructor(){}
/**
*
* This method initializes the SDK with the config data.
*
* @param config - The config object to initialize with.
*
* @example
* const config = \{
* signInRedirectURL: "http://localhost:3000/sign-in",
* clientID: "client ID",
* baseUrl: "https://localhost:9443"
* \}
*
* await auth.initialize(config);
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#initialize}
*
* @preserve
*/initialize(t,i,n,o){var s,r,a;return e(this,void 0,void 0,(function*(){const e=t.clientID;b._instanceID?b._instanceID+=1:b._instanceID=0,o&&(b._instanceID=o),this._dataLayer=new A(e?`instance_${b._instanceID}-${e}`:`instance_${b._instanceID}`,i),this._authenticationCore=new L(this._dataLayer,n),b._authenticationCore=new L(this._dataLayer,n),yield this._dataLayer.setConfigData(Object.assign(Object.assign(Object.assign({},H),t),{scope:[...null!==(s=H.scope)&&void 0!==s?s:[],...null!==(a=null===(r=t.scope)||void 0===r?void 0:r.filter((e=>{var t;return!(null===(t=null==H?void 0:H.scope)||void 0===t?void 0:t.includes(e))})))&&void 0!==a?a:[]]}))}))}
/**
* This method returns the `DataLayer` object that allows you to access authentication data.
*
* @returns - The `DataLayer` object.
*
* @example
* ```
* const data = auth.getDataLayer();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getDataLayer}
*
* @preserve
*/getDataLayer(){return this._dataLayer}
/**
* This method returns the `instanceID` variable of the given instance.
*
* @returns - The `instanceID` number.
*
* @example
* ```
* const instanceId = auth.getInstanceID();
* ```
*
* @preserve
*/getInstanceID(){return b._instanceID}
/**
* This is an async method that returns a Promise that resolves with the authorization URL parameters.
*
* @param config - (Optional) A config object to force initialization and pass
* custom path parameters such as the `fidp` parameter.
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A promise that resolves with the authorization URL parameters.
*
* @example
* ```
* auth.getAuthorizationURLParams().then((params)=>{
* // console.log(params);
* }).catch((error)=>{
* // console.error(error);
* });
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getAuthorizationURLParams}
*
* @preserve
*/getAuthorizationURLParams(t,i){return e(this,void 0,void 0,(function*(){const e=Object.assign({},t);return null==e||delete e.forceInit,(yield this._dataLayer.getTemporaryDataParameter("op_config_initiated"))?this._authenticationCore.getAuthorizationURLParams(e,i):this._authenticationCore.getOIDCProviderMetaData(null==t?void 0:t.forceInit).then((()=>this._authenticationCore.getAuthorizationURLParams(e,i)))}))}
/**
* This is an async method that returns a Promise that resolves with the authorization URL.
*
* @param config - (Optional) A config object to force initialization and pass
* custom path parameters such as the fidp parameter.
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A promise that resolves with the authorization URL.
*
* @example
* ```
* auth.getAuthorizationURL().then((url)=>{
* // console.log(url);
* }).catch((error)=>{
* // console.error(error);
* });
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getAuthorizationURL}
*
* @preserve
*/getAuthorizationURL(t,i){return e(this,void 0,void 0,(function*(){const e=Object.assign({},t);return null==e||delete e.forceInit,(yield this._dataLayer.getTemporaryDataParameter("op_config_initiated"))?this._authenticationCore.getAuthorizationURL(e,i):this._authenticationCore.getOIDCProviderMetaData(null==t?void 0:t.forceInit).then((()=>this._authenticationCore.getAuthorizationURL(e,i)))}))}
/**
* This is an async method that sends a request to obtain the access token and returns a Promise
* that resolves with the token and other relevant data.
*
* @param authorizationCode - The authorization code.
* @param sessionState - The session state.
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with the token response.
*
* @example
* ```
* auth.requestAccessToken(authCode, sessionState).then((token)=>{
* // console.log(token);
* }).catch((error)=>{
* // console.error(error);
* });
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#requestAccessToken}
*
*
* @preserve
*/requestAccessToken(t,i,n,o,s){return e(this,void 0,void 0,(function*(){return(yield this._dataLayer.getTemporaryDataParameter("op_config_initiated"))?this._authenticationCore.requestAccessToken(t,i,n,o,s):this._authenticationCore.getOIDCProviderMetaData(!1).then((()=>this._authenticationCore.requestAccessToken(t,i,n,o,s)))}))}
/**
* This method returns the sign-out URL.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* **This doesn't clear the authentication data.**
*
* @returns - A Promise that resolves with the sign-out URL.
*
* @example
* ```
* const signOutUrl = await auth.getSignOutURL();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getSignOutURL}
*
* @preserve
*/getSignOutURL(t){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getSignOutURL(t)}))}
/**
* This method returns OIDC service endpoints that are fetched from the `.well-known` endpoint.
*
* @returns - A Promise that resolves with an object containing the OIDC service endpoints.
*
* @example
* ```
* const endpoints = await auth.getOIDCServiceEndpoints();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getOIDCServiceEndpoints}
*
* @preserve
*/getOIDCServiceEndpoints(){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getOIDCServiceEndpoints()}))}
/**
* This method decodes the payload of the ID token and returns it.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with the decoded ID token payload.
*
* @example
* ```
* const decodedIdToken = await auth.getDecodedIDToken();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getDecodedIDToken}
*
* @preserve
*/getDecodedIDToken(t){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getDecodedIDToken(t)}))}
/**
* This method returns the ID token.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with the ID token.
*
* @example
* ```
* const idToken = await auth.getIDToken();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getIDToken}
*
* @preserve
*/getIDToken(t){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getIDToken(t)}))}
/**
* This method returns the basic user information obtained from the ID token.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with an object containing the basic user information.
*
* @example
* ```
* const userInfo = await auth.getBasicUserInfo();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getBasicUserInfo}
*
* @preserve
*/getBasicUserInfo(t){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getBasicUserInfo(t)}))}
/**
* This method returns the crypto helper object.
*
* @returns - A Promise that resolves with a CryptoHelper object.
*
* @example
* ```
* const cryptoHelper = await auth.CryptoHelper();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getCryptoHelper}
*
* @preserve
*/getCryptoHelper(){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getCryptoHelper()}))}
/**
* This method revokes the access token.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* **This method also clears the authentication data.**
*
* @returns - A Promise that returns the response of the revoke-access-token request.
*
* @example
* ```
* auth.revokeAccessToken().then((response)=>{
* // console.log(response);
* }).catch((error)=>{
* // console.error(error);
* });
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#revokeAccessToken}
*
* @preserve
*/revokeAccessToken(e){return this._authenticationCore.revokeAccessToken(e)}
/**
* This method refreshes the access token and returns a Promise that resolves with the new access
* token and other relevant data.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with the token response.
*
* @example
* ```
* auth.refreshAccessToken().then((response)=>{
* // console.log(response);
* }).catch((error)=>{
* // console.error(error);
* });
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#refreshAccessToken}
*
* @preserve
*/refreshAccessToken(e){return this._authenticationCore.refreshAccessToken(e)}
/**
* This method returns the access token.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with the access token.
*
* @example
* ```
* const accessToken = await auth.getAccessToken();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getAccessToken}
*
* @preserve
*/getAccessToken(t){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getAccessToken(t)}))}
/**
* This method sends a custom-grant request and returns a Promise that resolves with the response
* depending on the config passed.
*
* @param config - A config object containing the custom grant configurations.
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with the response depending
* on your configurations.
*
* @example
* ```
* const config = {
* attachToken: false,
* data: {
* client_id: "{{clientID}}",
* grant_type: "account_switch",
* scope: "{{scope}}",
* token: "{{token}}",
* },
* id: "account-switch",
* returnResponse: true,
* returnsSession: true,
* signInRequired: true
* }
*
* auth.requestCustomGrant(config).then((response)=>{
* // console.log(response);
* }).catch((error)=>{
* // console.error(error);
* });
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#requestCustomGrant}
*
* @preserve
*/requestCustomGrant(e,t){return this._authenticationCore.requestCustomGrant(e,t)}
/**
* This method returns if the user is authenticated or not.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @returns - A Promise that resolves with `true` if the user is authenticated, `false` otherwise.
*
* @example
* ```
* await auth.isAuthenticated();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#isAuthenticated}
*
* @preserve
*/isAuthenticated(t){return e(this,void 0,void 0,(function*(){return this._authenticationCore.isAuthenticated(t)}))}
/**
* This method returns the PKCE code generated during the generation of the authentication URL.
*
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
* @param state - The state parameter that was passed in the authentication URL.
*
* @returns - A Promise that resolves with the PKCE code.
*
* @example
* ```
* const pkce = await getPKCECode();
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getPKCECode}
*
* @preserve
*/getPKCECode(t,i){return e(this,void 0,void 0,(function*(){return this._authenticationCore.getPKCECode(t,i)}))}
/**
* This method sets the PKCE code to the data store.
*
* @param pkce - The PKCE code.
* @param state - The state parameter that was passed in the authentication URL.
* @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user
* scenarios where each user should be uniquely identified.
*
* @example
* ```
* await auth.setPKCECode("pkce_code")
* ```
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#setPKCECode}
*
* @preserve
*/setPKCECode(t,i,n){return e(this,void 0,void 0,(function*(){yield this._authenticationCore.setPKCECode(t,i,n)}))}
/**
* This method returns if the sign-out is successful or not.
*
* @param signOutRedirectUrl - The URL to which the user has been redirected to after signing-out.
*
* **The server appends path parameters to the `signOutRedirectURL` and these path parameters
* are required for this method to function.**
*
* @returns - `true` if successful, `false` otherwise.
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#isSignOutSuccessful}
*
* @preserve
*/static isSignOutSuccessful(e){const t=new URL(e),i=t.searchParams.get("state"),n=Boolean(t.searchParams.get("error"));return!!i&&("sign_out_success"===i&&!n)}
/**
* This method returns if the sign-out has failed or not.
*
* @param signOutRedirectUrl - The URL to which the user has been redirected to after signing-out.
*
* **The server appends path parameters to the `signOutRedirectURL` and these path parameters
* are required for this method to function.**
*
* @returns - `true` if successful, `false` otherwise.
*
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#didSignOutFail}
*
* @preserve
*/static didSignOutFail(e){const t=new URL(e),i=t.searchParams.get("state"),n=Boolean(t.searchParams.get("error"));return!!i&&("sign_out_success"===i&&n)}
/**
* This method updates the configuration that was passed into the constructor when instantiating this class.
*
* @param config - A config object to update the SDK configurations with.
*
* @example
* ```
* const config = {
* signInRedirectURL: "http://localhost:3000/sign-in",
* clientID: "client ID",
* baseUrl: "https://localhost:9443"
* }
*
* await auth.updateConfig(config);
* ```
* {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#updateConfig}
*
* @preserve
*/updateConfig(t){return e(this,void 0,void 0,(function*(){yield this._authenticationCore.updateConfig(t)}))}static clearUserSessionData(t){return e(this,void 0,void 0,(function*(){yield this._authenticationCore.clearUserSessionData(t)}))}}export{U as ASGARDEO_SESSION_ACTIVE,m as AUTHORIZATION_CODE,b as AsgardeoAuthClient,P as AsgardeoAuthException,w as AuthenticationUtils,v as CLIENT_ID_TAG,_ as CLIENT_SECRET_TAG,E as CryptoHelper,A as DataLayer,I as OIDC_SCOPE,f as PKCE_CODE_VERIFIER,g as PKCE_SEPARATOR,y as REFRESH_TOKEN_TIMER,t as ResponseMode,h as SCOPE_TAG,k as SESSION_STATE,T as SIGN_OUT_SUCCESS_PARAM,S as SIGN_OUT_URL,C as STATE,D as SUPPORTED_SIGNATURE_ALGORITHMS,p as Stores,l as TOKEN_TAG,u as USERNAME_TAG};
//# sourceMappingURL=asgardeo-auth.production.esm.js.map