UNPKG

@asgardeo/auth-js

Version:

Asgardeo Auth JS SDK to be used in JavaScript and TypeScript applications.

432 lines (431 loc) 46.8 kB
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).AsgardeoAuth={})}(this,(function(e){"use strict";function t(e,t,i,o){return new(i||(i=Promise))((function(n,r){function s(e){try{d(o.next(e))}catch(e){r(e)}}function a(e){try{d(o.throw(e))}catch(e){r(e)}}function d(e){var t;e.done?n(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(s,a)}d((o=o.apply(e,t||[])).next())}))}var i;e.ResponseMode=void 0,(i=e.ResponseMode||(e.ResponseMode={})).formPost="form_post",i.query="query",i.direct="direct";const o="/oauth2/authorize",n="/oidc/checksession",r="/oidc/logout",s="/oauth2/token",a="/oauth2/jwks",d="/oauth2/revoke",c="/oauth2/token",l="/oauth2/userinfo",u="authorization_endpoint",h="token_endpoint",v="revocation_endpoint",_="end_session_endpoint",p="jwks_uri",y="op_config_initiated",f="check_session_iframe",g="userinfo_endpoint",D="issuer",m="{{token}}",S="{{username}}",k="{{scope}}",T="{{clientID}}",C="{{clientSecret}}";var I;e.Stores=void 0,(I=e.Stores||(e.Stores={})).ConfigData="config_data",I.OIDCProviderMetaData="oidc_provider_meta_data",I.SessionData="session_data",I.TemporaryData="temporary_data";const O="pkce_code_verifier",P="#",R=["RS256","RS512","RS384","PS256"],E="session_state",w="sign_out_success",A="state",L="openid";var U;!function(e){e.Include="include",e.SameOrigin="same-origin",e.Omit="omit"}(U||(U={}));class H{constructor(e,t,i){this.message=i,this.name=t,this.code=e,Object.setPrototypeOf(this,new.target.prototype)}}class b{constructor(){}static filterClaimsFromIDTokenPayload(e){const t=Object.assign({},e);null==t||delete t.iss,null==t||delete t.aud,null==t||delete t.exp,null==t||delete t.iat,null==t||delete t.acr,null==t||delete t.amr,null==t||delete t.azp,null==t||delete t.auth_time,null==t||delete t.nonce,null==t||delete t.c_hash,null==t||delete t.at_hash,null==t||delete t.nbf,null==t||delete t.isk,null==t||delete t.sid;const i={};return Object.entries(t).forEach((([e,t])=>{const o=e.split("_").map(((e,t)=>0===t?e:[e[0].toUpperCase(),...e.slice(1)].join(""))).join("");i[o]=t})),i}static getTokenRequestHeaders(){return{Accept:"application/json","Content-Type":"application/x-www-form-urlencoded"}}static generateStateParamForRequestCorrelation(e,t){const i=parseInt(e.split(P)[1]);return t?`${t}_request_${i}`:`request_${i}`}static extractPKCEKeyFromStateParam(e){return`pkce_code_verifier#${parseInt(e.split("request_")[1])}`}}b.getTenantDomainFromIdTokenPayload=(e,t="@")=>{const i=e.sub.split(t);return i.length>2?i[i.length-1]:""};class K{constructor(e,i){this._dataLayer=e,this._config=()=>t(this,void 0,void 0,(function*(){return yield this._dataLayer.getConfigData()})),this._oidcProviderMetaData=()=>t(this,void 0,void 0,(function*(){return yield this._dataLayer.getOIDCProviderMetaData()})),this._cryptoHelper=i}resolveEndpoints(e){return t(this,void 0,void 0,(function*(){const t={},i=yield this._config();return i.endpoints&&Object.keys(i.endpoints).forEach((e=>{const o=e.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`));t[o]=(null==i?void 0:i.endpoints)?i.endpoints[e]:""})),Object.assign(Object.assign({},e),t)}))}resolveEndpointsExplicitly(){return t(this,void 0,void 0,(function*(){const e={},t=yield this._config(),i=[u,_,p,f,v,h,D,g];if(!(!!t.endpoints&&i.every((e=>!!t.endpoints&&Object.keys(t.endpoints).some((t=>t.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`))===e))))))throw new H("JS-AUTH_HELPER-REE-NF01","Required endpoints missing","Some or all of the required endpoints are missing in the object passed to the `endpoints` attribute of the`AuthConfig` object.");return t.endpoints&&Object.keys(t.endpoints).forEach((i=>{const o=i.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`));e[o]=(null==t?void 0:t.endpoints)?t.endpoints[i]:""})),Object.assign({},e)}))}resolveEndpointsByBaseURL(){return t(this,void 0,void 0,(function*(){const e={},t=yield this._config(),i=t.baseUrl;if(!i)throw new H("JS-AUTH_HELPER_REBO-NF01","Base URL not defined.","Base URL is not defined in AuthClient config.");t.endpoints&&Object.keys(t.endpoints).forEach((i=>{const o=i.replace(/[A-Z]/g,(e=>`_${e.toLowerCase()}`));e[o]=(null==t?void 0:t.endpoints)?t.endpoints[i]:""}));const y={[u]:`${i}${o}`,[_]:`${i}${r}`,[D]:`${i}${s}`,[p]:`${i}${a}`,[f]:`${i}${n}`,[v]:`${i}${d}`,[h]:`${i}${c}`,[g]:`${i}${l}`};return Object.assign(Object.assign({},y),e)}))}validateIdToken(e){var i;return t(this,void 0,void 0,(function*(){const t=(yield this._dataLayer.getOIDCProviderMetaData()).jwks_uri,o=yield this._config();if(!t||0===t.trim().length)throw new H("JS_AUTH_HELPER-VIT-NF01","JWKS endpoint not found.","No JWKS endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the JWKS endpoint passed to the SDK is empty.");let n;try{n=yield fetch(t,{credentials:o.sendCookiesInRequests?U.Include:U.SameOrigin})}catch(e){throw new H("JS-AUTH_HELPER-VIT-NE02","Request to jwks endpoint failed.",null!=e?e:"The request sent to get the jwks from the server failed.")}if(200!==n.status||!n.ok)throw new H("JS-AUTH_HELPER-VIT-HE03",`Invalid response status received for jwks request (${n.statusText}).`,yield n.json());const r=(yield this._oidcProviderMetaData()).issuer,{keys:s}=yield n.json(),a=yield this._cryptoHelper.getJWKForTheIdToken(e.split(".")[0],s);return this._cryptoHelper.isValidIdToken(e,a,(yield this._config()).clientID,null!=r?r:"",this._cryptoHelper.decodeIDToken(e).sub,(yield this._config()).clockTolerance,null===(i=(yield this._config()).validateIDTokenIssuer)||void 0===i||i)}))}getAuthenticatedUserInfo(e){var t,i,o,n;const r=this._cryptoHelper.decodeIDToken(e),s=b.getTenantDomainFromIdTokenPayload(r),a=null!==(t=null==r?void 0:r.username)&&void 0!==t?t:"",d=null!==(i=r.given_name)&&void 0!==i?i:"",c=null!==(o=r.family_name)&&void 0!==o?o:"",l=d&&c?`${d} ${c}`:d||(c||""),u=null!==(n=r.preferred_username)&&void 0!==n?n:l;return Object.assign({displayName:u,tenantDomain:s,username:a},b.filterClaimsFromIDTokenPayload(r))}replaceCustomGrantTemplateTags(e,i){var o;return t(this,void 0,void 0,(function*(){let t=L;const n=yield this._config(),r=yield this._dataLayer.getSessionData(i);return n.scope&&n.scope.length>0&&(n.scope.includes(L)||n.scope.push(L),t=n.scope.join(" ")),e.replace(m,r.access_token).replace(S,this.getAuthenticatedUserInfo(r.id_token).username).replace(k,t).replace(T,n.clientID).replace(C,null!==(o=n.clientSecret)&&void 0!==o?o:"")}))}clearUserSessionData(e){return t(this,void 0,void 0,(function*(){yield this._dataLayer.removeTemporaryData(e),yield this._dataLayer.removeSessionData(e)}))}handleTokenResponse(e,i){return t(this,void 0,void 0,(function*(){if(200!==e.status||!e.ok)throw new H("JS-AUTH_HELPER-HTR-NE01",`Invalid response status received for token request (${e.statusText}).`,yield e.json());const o=yield e.json();o.created_at=(new Date).getTime();if((yield this._config()).validateIDToken)return this.validateIdToken(o.id_token).then((()=>t(this,void 0,void 0,(function*(){yield this._dataLayer.setSessionData(o,i);const e={accessToken:o.access_token,createdAt:o.created_at,expiresIn:o.expires_in,idToken:o.id_token,refreshToken:o.refresh_token,scope:o.scope,tokenType:o.token_type};return Promise.resolve(e)}))));{const e={accessToken:o.access_token,createdAt:o.created_at,expiresIn:o.expires_in,idToken:o.id_token,refreshToken:o.refresh_token,scope:o.scope,tokenType:o.token_type};return yield this._dataLayer.setSessionData(o,i),Promise.resolve(e)}}))}generatePKCEKey(e){var i;return t(this,void 0,void 0,(function*(){const t=yield this._dataLayer.getTemporaryData(e),o=[];Object.keys(t).forEach((e=>{e.startsWith(O)&&o.push(e)}));const n=o.sort().pop();return`pkce_code_verifier#${parseInt(null!==(i=null==n?void 0:n.split(P)[1])&&void 0!==i?i:"-1")+1}`}))}}class j{constructor(e){this._cryptoUtils=e}getCodeVerifier(){return this._cryptoUtils.base64URLEncode(this._cryptoUtils.generateRandomBytes(32))}getCodeChallenge(e){return this._cryptoUtils.base64URLEncode(this._cryptoUtils.hashSha256(e))}getJWKForTheIdToken(e,t){const i=JSON.parse(this._cryptoUtils.base64URLDecode(e));for(const e of t)if(i.kid===e.kid)return e;throw new H("JS-CRYPTO_UTIL-GJFTIT-IV01","kid not found.","Failed to find the 'kid' specified in the id_token. 'kid' found in the header : "+i.kid+", Expected values: "+t.map((e=>e.kid)).join(", "))}isValidIdToken(e,t,i,o,n,r,s){return this._cryptoUtils.verifyJwt(e,t,R,i,o,n,r,s).then((e=>e?Promise.resolve(!0):Promise.reject(new H("JS-CRYPTO_HELPER-IVIT-IV01","Invalid ID token.","ID token validation returned false"))))}decodeIDToken(e){try{const t=this._cryptoUtils.base64URLDecode(e.split(".")[1]);return JSON.parse(t)}catch(e){throw new H("JS-CRYPTO_UTIL-DIT-IV01","Decoding ID token failed.",e)}}}class N{constructor(e,i){this._cryptoUtils=i,this._cryptoHelper=new j(i),this._authenticationHelper=new K(e,this._cryptoHelper),this._dataLayer=e,this._config=()=>t(this,void 0,void 0,(function*(){return yield this._dataLayer.getConfigData()})),this._oidcProviderMetaData=()=>t(this,void 0,void 0,(function*(){return yield this._dataLayer.getOIDCProviderMetaData()}))}getAuthorizationURLParams(e,i){var o,n,r;return t(this,void 0,void 0,(function*(){const t=yield this._config(),s=new Map;s.set("response_type","code"),s.set("client_id",t.clientID),t.clientSecret&&t.clientSecret.trim().length>0&&s.set("client_secret",t.clientSecret);let a=L;t.scope&&t.scope.length>0&&(t.scope.includes(L)||t.scope.push(L),a=t.scope.join(" ")),s.set("scope",a),s.set("redirect_uri",t.signInRedirectURL),t.responseMode&&s.set("response_mode",t.responseMode);const d=yield this._authenticationHelper.generatePKCEKey(i);if(t.enablePKCE){const e=null===(o=this._cryptoHelper)||void 0===o?void 0:o.getCodeVerifier(),t=null===(n=this._cryptoHelper)||void 0===n?void 0:n.getCodeChallenge(e);yield this._dataLayer.setTemporaryDataParameter(d,e,i),s.set("code_challenge_method","S256"),s.set("code_challenge",t)}t.prompt&&s.set("prompt",t.prompt);const c=e;if(c)for(const[e,t]of Object.entries(c))""!=e&&""!=t&&e!==A&&s.set(e,t.toString());return s.set(A,b.generateStateParamForRequestCorrelation(d,c?null===(r=c.state)||void 0===r?void 0:r.toString():"")),s}))}getAuthorizationURL(e,i){return t(this,void 0,void 0,(function*(){const t=yield this._dataLayer.getOIDCProviderMetaDataParameter(u);if(!t||0===t.trim().length)throw new H("JS-AUTH_CORE-GAU-NF01","No authorization endpoint found.","No authorization endpoint was found in the OIDC provider meta data from the well-known endpoint or the authorization endpoint passed to the SDK is empty.");const o=new URL(t),n=yield this.getAuthorizationURLParams(e,i);for(const[e,t]of n.entries())o.searchParams.append(e,t);return o.toString()}))}requestAccessToken(e,i,o,n,r){return t(this,void 0,void 0,(function*(){const t=(yield this._oidcProviderMetaData()).token_endpoint,s=yield this._config();if(!t||0===t.trim().length)throw new H("JS-AUTH_CORE-RAT1-NF01","Token endpoint not found.","No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the token endpoint passed to the SDK is empty.");i&&(yield this._dataLayer.setSessionDataParameter(E,i,n));const a=new URLSearchParams;a.set("client_id",s.clientID),s.clientSecret&&s.clientSecret.trim().length>0&&a.set("client_secret",s.clientSecret);const d=e;let c;a.set("code",d),a.set("grant_type","authorization_code"),a.set("redirect_uri",s.signInRedirectURL),(null==r?void 0:r.params)&&Object.entries(r.params).forEach((([e,t])=>{a.append(e,t)})),s.enablePKCE&&(a.set("code_verifier",`${yield this._dataLayer.getTemporaryDataParameter(b.extractPKCEKeyFromStateParam(o),n)}`),yield this._dataLayer.removeTemporaryDataParameter(b.extractPKCEKeyFromStateParam(o),n));try{c=yield fetch(t,{body:a,credentials:s.sendCookiesInRequests?U.Include:U.SameOrigin,headers:new Headers(b.getTokenRequestHeaders()),method:"POST"})}catch(e){throw new H("JS-AUTH_CORE-RAT1-NE02","Requesting access token failed",null!=e?e:"The request to get the access token from the server failed.")}if(!c.ok)throw new H("JS-AUTH_CORE-RAT1-HE03",`Requesting access token failed with ${c.statusText}`,yield c.json());return yield this._authenticationHelper.handleTokenResponse(c,n)}))}refreshAccessToken(e){return t(this,void 0,void 0,(function*(){const t=(yield this._oidcProviderMetaData()).token_endpoint,i=yield this._config(),o=yield this._dataLayer.getSessionData(e);if(!o.refresh_token)throw new H("JS-AUTH_CORE-RAT2-NF01","No refresh token found.","There was no refresh token found. Asgardeo doesn't return a refresh token if the refresh token grant is not enabled.");if(!t||0===t.trim().length)throw new H("JS-AUTH_CORE-RAT2-NF02","No refresh token endpoint found.","No refresh token endpoint was in the OIDC provider meta data returned by the well-known endpoint or the refresh token endpoint passed to the SDK is empty.");const n=[];let r;n.push(`client_id=${i.clientID}`),n.push(`refresh_token=${o.refresh_token}`),n.push("grant_type=refresh_token"),i.clientSecret&&i.clientSecret.trim().length>0&&n.push(`client_secret=${i.clientSecret}`);try{r=yield fetch(t,{body:n.join("&"),credentials:i.sendCookiesInRequests?U.Include:U.SameOrigin,headers:new Headers(b.getTokenRequestHeaders()),method:"POST"})}catch(e){throw new H("JS-AUTH_CORE-RAT2-NR03","Refresh access token request failed.",null!=e?e:"The request to refresh the access token failed.")}if(!r.ok)throw new H("JS-AUTH_CORE-RAT2-HE04",`Refreshing access token failed with ${r.statusText}`,yield r.json());return this._authenticationHelper.handleTokenResponse(r,e)}))}revokeAccessToken(e){return t(this,void 0,void 0,(function*(){const t=(yield this._oidcProviderMetaData()).revocation_endpoint,i=yield this._config();if(!t||0===t.trim().length)throw new H("JS-AUTH_CORE-RAT3-NF01","No revoke access token endpoint found.","No revoke access token endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the revoke access token endpoint passed to the SDK is empty.");const o=[];let n;o.push(`client_id=${i.clientID}`),o.push(`token=${(yield this._dataLayer.getSessionData(e)).access_token}`),o.push("token_type_hint=access_token"),i.clientSecret&&i.clientSecret.trim().length>0&&o.push(`client_secret=${i.clientSecret}`);try{n=yield fetch(t,{body:o.join("&"),credentials:i.sendCookiesInRequests?U.Include:U.SameOrigin,headers:new Headers(b.getTokenRequestHeaders()),method:"POST"})}catch(e){throw new H("JS-AUTH_CORE-RAT3-NE02","The request to revoke access token failed.",null!=e?e:"The request sent to revoke the access token failed.")}if(200!==n.status||!n.ok)throw new H("JS-AUTH_CORE-RAT3-HE03",`Invalid response status received for revoke access token request (${n.statusText}).`,yield n.json());return this._authenticationHelper.clearUserSessionData(e),Promise.resolve(n)}))}requestCustomGrant(e,i){return t(this,void 0,void 0,(function*(){const o=yield this._oidcProviderMetaData(),n=yield this._config();let r;if(r=e.tokenEndpoint&&0!==e.tokenEndpoint.trim().length?e.tokenEndpoint:o.token_endpoint,!r||0===r.trim().length)throw new H("JS-AUTH_CORE-RCG-NF01","Token endpoint not found.","No token endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the token endpoint passed to the SDK is empty.");const s=yield Promise.all(Object.entries(e.data).map((([e,o])=>t(this,void 0,void 0,(function*(){const t=yield this._authenticationHelper.replaceCustomGrantTemplateTags(o,i);return`${e}=${t}`})))));let a=Object.assign({},b.getTokenRequestHeaders());e.attachToken&&(a=Object.assign(Object.assign({},a),{Authorization:`Bearer ${(yield this._dataLayer.getSessionData(i)).access_token}`}));const d={body:s.join("&"),credentials:n.sendCookiesInRequests?U.Include:U.SameOrigin,headers:new Headers(a),method:"POST"};let c;try{c=yield fetch(r,d)}catch(e){throw new H("JS-AUTH_CORE-RCG-NE02","The custom grant request failed.",null!=e?e:"The request sent to get the custom grant failed.")}if(200!==c.status||!c.ok)throw new H("JS-AUTH_CORE-RCG-HE03",`Invalid response status received for the custom grant request. (${c.statusText})`,yield c.json());return e.returnsSession?this._authenticationHelper.handleTokenResponse(c,i):Promise.resolve(yield c.json())}))}getBasicUserInfo(e){return t(this,void 0,void 0,(function*(){const t=yield this._dataLayer.getSessionData(e),i=this._authenticationHelper.getAuthenticatedUserInfo(null==t?void 0:t.id_token);let o={allowedScopes:t.scope,sessionState:t.session_state};return Object.keys(i).forEach((e=>{void 0!==i[e]&&""!==i[e]&&null!==i[e]||delete i[e]})),o=Object.assign(Object.assign({},o),i),o}))}getDecodedIDToken(e){return t(this,void 0,void 0,(function*(){const t=(yield this._dataLayer.getSessionData(e)).id_token;return this._cryptoHelper.decodeIDToken(t)}))}getCryptoHelper(){return t(this,void 0,void 0,(function*(){return this._cryptoHelper}))}getIDToken(e){return t(this,void 0,void 0,(function*(){return(yield this._dataLayer.getSessionData(e)).id_token}))}getOIDCProviderMetaData(e){return t(this,void 0,void 0,(function*(){const t=yield this._config();if(!e&&(yield this._dataLayer.getTemporaryDataParameter(y)))return Promise.resolve();const i=t.wellKnownEndpoint;if(i){let e;try{if(e=yield fetch(i),200!==e.status||!e.ok)throw new Error}catch(e){throw new H("JS-AUTH_CORE-GOPMD-HE01","Invalid well-known response","The well known endpoint response has been failed with an error.")}return yield this._dataLayer.setOIDCProviderMetaData(yield this._authenticationHelper.resolveEndpoints(yield e.json())),yield this._dataLayer.setTemporaryDataParameter(y,!0),Promise.resolve()}if(t.baseUrl){try{yield this._dataLayer.setOIDCProviderMetaData(yield this._authenticationHelper.resolveEndpointsByBaseURL())}catch(e){throw new H("JS-AUTH_CORE-GOPMD-IV02","Resolving endpoints failed.",null!=e?e:"Resolving endpoints by base url failed.")}return yield this._dataLayer.setTemporaryDataParameter(y,!0),Promise.resolve()}return yield this._dataLayer.setOIDCProviderMetaData(yield this._authenticationHelper.resolveEndpointsExplicitly()),yield this._dataLayer.setTemporaryDataParameter(y,!0),Promise.resolve()}))}getOIDCServiceEndpoints(){var e,i,o,n,r,s,a,d,c,l;return t(this,void 0,void 0,(function*(){const t=yield this._oidcProviderMetaData();return{authorizationEndpoint:null!==(e=t.authorization_endpoint)&&void 0!==e?e:"",checkSessionIframe:null!==(i=t.check_session_iframe)&&void 0!==i?i:"",endSessionEndpoint:null!==(o=t.end_session_endpoint)&&void 0!==o?o:"",introspectionEndpoint:null!==(n=t.introspection_endpoint)&&void 0!==n?n:"",issuer:null!==(r=t.issuer)&&void 0!==r?r:"",jwksUri:null!==(s=t.jwks_uri)&&void 0!==s?s:"",registrationEndpoint:null!==(a=t.registration_endpoint)&&void 0!==a?a:"",revocationEndpoint:null!==(d=t.revocation_endpoint)&&void 0!==d?d:"",tokenEndpoint:null!==(c=t.token_endpoint)&&void 0!==c?c:"",userinfoEndpoint:null!==(l=t.userinfo_endpoint)&&void 0!==l?l:""}}))}getSignOutURL(e){var i,o,n;return t(this,void 0,void 0,(function*(){const t=null===(i=yield this._oidcProviderMetaData())||void 0===i?void 0:i.end_session_endpoint,r=yield this._config();if(!t||0===t.trim().length)throw new H("JS-AUTH_CORE-GSOU-NF01","Sign-out endpoint not found.","No sign-out endpoint was found in the OIDC provider meta data returned by the well-known endpoint or the sign-out endpoint passed to the SDK is empty.");const s=null!==(o=null==r?void 0:r.signOutRedirectURL)&&void 0!==o?o:null==r?void 0:r.signInRedirectURL;if(!s||0===s.trim().length)throw new H("JS-AUTH_CORE-GSOU-NF03","No sign-out redirect URL found.","The sign-out redirect URL cannot be found or the URL passed to the SDK is empty. No sign-in redirect URL has been found either. ");const a=new URLSearchParams;if(a.set("post_logout_redirect_uri",s),r.sendIdTokenInLogoutRequest){const t=null===(n=yield this._dataLayer.getSessionData(e))||void 0===n?void 0:n.id_token;if(!t||0===t.trim().length)throw new H("JS-AUTH_CORE-GSOU-NF02","ID token not found.","No ID token could be found. Either the session information is lost or you have not signed in.");a.set("id_token_hint",t)}else a.set("client_id",r.clientID);return a.set("state",w),`${t}?${a.toString()}`}))}clearUserSessionData(e){return t(this,void 0,void 0,(function*(){yield this._authenticationHelper.clearUserSessionData(e)}))}getAccessToken(e){var i;return t(this,void 0,void 0,(function*(){return null===(i=yield this._dataLayer.getSessionData(e))||void 0===i?void 0:i.access_token}))}getCreatedAt(e){var i;return t(this,void 0,void 0,(function*(){return null===(i=yield this._dataLayer.getSessionData(e))||void 0===i?void 0:i.created_at}))}getExpiresIn(e){var i;return t(this,void 0,void 0,(function*(){return null===(i=yield this._dataLayer.getSessionData(e))||void 0===i?void 0:i.expires_in}))}isAuthenticated(e){return t(this,void 0,void 0,(function*(){const t=Boolean(yield this.getAccessToken(e)),i=yield this.getCreatedAt(e),o=yield this.getExpiresIn(e);if(!o)return!1;const n=1e3*parseInt(o),r=(new Date).getTime();return t&&i+n>r}))}getPKCECode(e,i){return t(this,void 0,void 0,(function*(){return yield this._dataLayer.getTemporaryDataParameter(b.extractPKCEKeyFromStateParam(e),i)}))}setPKCECode(e,i,o){return t(this,void 0,void 0,(function*(){return yield this._dataLayer.setTemporaryDataParameter(b.extractPKCEKeyFromStateParam(i),e,o)}))}updateConfig(e){return t(this,void 0,void 0,(function*(){yield this._dataLayer.setConfigData(e),yield this.getOIDCProviderMetaData(!0)}))}}const $="asgardeo-session-active";class J{constructor(e,t){this._id=e,this._store=t}setDataInBulk(e,i){var o;return t(this,void 0,void 0,(function*(){const t=null!==(o=yield this._store.getData(e))&&void 0!==o?o:null,n=t&&JSON.parse(t),r=Object.assign(Object.assign({},n),i),s=JSON.stringify(r);yield this._store.setData(e,s)}))}setValue(e,i,o){var n;return t(this,void 0,void 0,(function*(){const t=null!==(n=yield this._store.getData(e))&&void 0!==n?n:null,r=t&&JSON.parse(t),s=Object.assign(Object.assign({},r),{[i]:o}),a=JSON.stringify(s);yield this._store.setData(e,a)}))}removeValue(e,i){var o;return t(this,void 0,void 0,(function*(){const t=null!==(o=yield this._store.getData(e))&&void 0!==o?o:null,n=t&&JSON.parse(t),r=Object.assign({},n);delete r[i];const s=JSON.stringify(r);yield this._store.setData(e,s)}))}_resolveKey(e,t){return t?`${e}-${this._id}-${t}`:`${e}-${this._id}`}isLocalStorageAvailable(){try{const e="__ASGARDEO_AUTH_CORE_LOCAL_STORAGE_TEST__";return localStorage.setItem(e,e),localStorage.removeItem(e),!0}catch(e){return!1}}setConfigData(i){return t(this,void 0,void 0,(function*(){yield this.setDataInBulk(this._resolveKey(e.Stores.ConfigData),i)}))}setOIDCProviderMetaData(i){return t(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(e.Stores.OIDCProviderMetaData),i)}))}setTemporaryData(i,o){return t(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(e.Stores.TemporaryData,o),i)}))}setSessionData(i,o){return t(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(e.Stores.SessionData,o),i)}))}setCustomData(e,i,o){return t(this,void 0,void 0,(function*(){this.setDataInBulk(this._resolveKey(e,o),i)}))}getConfigData(){var i;return t(this,void 0,void 0,(function*(){return JSON.parse(null!==(i=yield this._store.getData(this._resolveKey(e.Stores.ConfigData)))&&void 0!==i?i:null)}))}getOIDCProviderMetaData(){var i;return t(this,void 0,void 0,(function*(){return JSON.parse(null!==(i=yield this._store.getData(this._resolveKey(e.Stores.OIDCProviderMetaData)))&&void 0!==i?i:null)}))}getTemporaryData(i){var o;return t(this,void 0,void 0,(function*(){return JSON.parse(null!==(o=yield this._store.getData(this._resolveKey(e.Stores.TemporaryData,i)))&&void 0!==o?o:null)}))}getSessionData(i){var o;return t(this,void 0,void 0,(function*(){return JSON.parse(null!==(o=yield this._store.getData(this._resolveKey(e.Stores.SessionData,i)))&&void 0!==o?o:null)}))}getCustomData(e,i){var o;return t(this,void 0,void 0,(function*(){return JSON.parse(null!==(o=yield this._store.getData(this._resolveKey(e,i)))&&void 0!==o?o:null)}))}setSessionStatus(e){this.isLocalStorageAvailable()&&localStorage.setItem("asgardeo-session-active",e)}getSessionStatus(){var e;return this.isLocalStorageAvailable()&&null!==(e=localStorage.getItem("asgardeo-session-active"))&&void 0!==e?e:""}removeSessionStatus(){this.isLocalStorageAvailable()&&localStorage.removeItem("asgardeo-session-active")}removeConfigData(){return t(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(e.Stores.ConfigData))}))}removeOIDCProviderMetaData(){return t(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(e.Stores.OIDCProviderMetaData))}))}removeTemporaryData(i){return t(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(e.Stores.TemporaryData,i))}))}removeSessionData(i){return t(this,void 0,void 0,(function*(){yield this._store.removeData(this._resolveKey(e.Stores.SessionData,i))}))}getConfigDataParameter(i){return t(this,void 0,void 0,(function*(){const t=yield this._store.getData(this._resolveKey(e.Stores.ConfigData));return t&&JSON.parse(t)[i]}))}getOIDCProviderMetaDataParameter(i){return t(this,void 0,void 0,(function*(){const t=yield this._store.getData(this._resolveKey(e.Stores.OIDCProviderMetaData));return t&&JSON.parse(t)[i]}))}getTemporaryDataParameter(i,o){return t(this,void 0,void 0,(function*(){const t=yield this._store.getData(this._resolveKey(e.Stores.TemporaryData,o));return t&&JSON.parse(t)[i]}))}getSessionDataParameter(i,o){return t(this,void 0,void 0,(function*(){const t=yield this._store.getData(this._resolveKey(e.Stores.SessionData,o));return t&&JSON.parse(t)[i]}))}setConfigDataParameter(i,o){return t(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(e.Stores.ConfigData),i,o)}))}setOIDCProviderMetaDataParameter(i,o){return t(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(e.Stores.OIDCProviderMetaData),i,o)}))}setTemporaryDataParameter(i,o,n){return t(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(e.Stores.TemporaryData,n),i,o)}))}setSessionDataParameter(i,o,n){return t(this,void 0,void 0,(function*(){yield this.setValue(this._resolveKey(e.Stores.SessionData,n),i,o)}))}removeConfigDataParameter(i){return t(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(e.Stores.ConfigData),i)}))}removeOIDCProviderMetaDataParameter(i){return t(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(e.Stores.OIDCProviderMetaData),i)}))}removeTemporaryDataParameter(i,o){return t(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(e.Stores.TemporaryData,o),i)}))}removeSessionDataParameter(i,o){return t(this,void 0,void 0,(function*(){yield this.removeValue(this._resolveKey(e.Stores.SessionData,o),i)}))}}const M={clockTolerance:300,enablePKCE:!0,responseMode:e.ResponseMode.query,scope:[L],sendCookiesInRequests:!0,validateIDToken:!0,validateIDTokenIssuer:!0};class q{ /** * This is the constructor method that returns an instance of the . * * @param store - The store object. * * @example * ``` * const _store: Store = new DataStore(); * const auth = new AsgardeoAuthClient<CustomClientConfig>(_store); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#constructor} * * @preserve */ constructor(){} /** * * This method initializes the SDK with the config data. * * @param config - The config object to initialize with. * * @example * const config = \{ * signInRedirectURL: "http://localhost:3000/sign-in", * clientID: "client ID", * baseUrl: "https://localhost:9443" * \} * * await auth.initialize(config); * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#initialize} * * @preserve */initialize(e,i,o,n){var r,s,a;return t(this,void 0,void 0,(function*(){const t=e.clientID;q._instanceID?q._instanceID+=1:q._instanceID=0,n&&(q._instanceID=n),this._dataLayer=new J(t?`instance_${q._instanceID}-${t}`:`instance_${q._instanceID}`,i),this._authenticationCore=new N(this._dataLayer,o),q._authenticationCore=new N(this._dataLayer,o),yield this._dataLayer.setConfigData(Object.assign(Object.assign(Object.assign({},M),e),{scope:[...null!==(r=M.scope)&&void 0!==r?r:[],...null!==(a=null===(s=e.scope)||void 0===s?void 0:s.filter((e=>{var t;return!(null===(t=null==M?void 0:M.scope)||void 0===t?void 0:t.includes(e))})))&&void 0!==a?a:[]]}))}))} /** * This method returns the `DataLayer` object that allows you to access authentication data. * * @returns - The `DataLayer` object. * * @example * ``` * const data = auth.getDataLayer(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getDataLayer} * * @preserve */getDataLayer(){return this._dataLayer} /** * This method returns the `instanceID` variable of the given instance. * * @returns - The `instanceID` number. * * @example * ``` * const instanceId = auth.getInstanceID(); * ``` * * @preserve */getInstanceID(){return q._instanceID} /** * This is an async method that returns a Promise that resolves with the authorization URL parameters. * * @param config - (Optional) A config object to force initialization and pass * custom path parameters such as the `fidp` parameter. * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A promise that resolves with the authorization URL parameters. * * @example * ``` * auth.getAuthorizationURLParams().then((params)=>{ * // console.log(params); * }).catch((error)=>{ * // console.error(error); * }); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getAuthorizationURLParams} * * @preserve */getAuthorizationURLParams(e,i){return t(this,void 0,void 0,(function*(){const t=Object.assign({},e);return null==t||delete t.forceInit,(yield this._dataLayer.getTemporaryDataParameter(y))?this._authenticationCore.getAuthorizationURLParams(t,i):this._authenticationCore.getOIDCProviderMetaData(null==e?void 0:e.forceInit).then((()=>this._authenticationCore.getAuthorizationURLParams(t,i)))}))} /** * This is an async method that returns a Promise that resolves with the authorization URL. * * @param config - (Optional) A config object to force initialization and pass * custom path parameters such as the fidp parameter. * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A promise that resolves with the authorization URL. * * @example * ``` * auth.getAuthorizationURL().then((url)=>{ * // console.log(url); * }).catch((error)=>{ * // console.error(error); * }); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getAuthorizationURL} * * @preserve */getAuthorizationURL(e,i){return t(this,void 0,void 0,(function*(){const t=Object.assign({},e);return null==t||delete t.forceInit,(yield this._dataLayer.getTemporaryDataParameter(y))?this._authenticationCore.getAuthorizationURL(t,i):this._authenticationCore.getOIDCProviderMetaData(null==e?void 0:e.forceInit).then((()=>this._authenticationCore.getAuthorizationURL(t,i)))}))} /** * This is an async method that sends a request to obtain the access token and returns a Promise * that resolves with the token and other relevant data. * * @param authorizationCode - The authorization code. * @param sessionState - The session state. * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with the token response. * * @example * ``` * auth.requestAccessToken(authCode, sessionState).then((token)=>{ * // console.log(token); * }).catch((error)=>{ * // console.error(error); * }); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#requestAccessToken} * * * @preserve */requestAccessToken(e,i,o,n,r){return t(this,void 0,void 0,(function*(){return(yield this._dataLayer.getTemporaryDataParameter(y))?this._authenticationCore.requestAccessToken(e,i,o,n,r):this._authenticationCore.getOIDCProviderMetaData(!1).then((()=>this._authenticationCore.requestAccessToken(e,i,o,n,r)))}))} /** * This method returns the sign-out URL. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * **This doesn't clear the authentication data.** * * @returns - A Promise that resolves with the sign-out URL. * * @example * ``` * const signOutUrl = await auth.getSignOutURL(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getSignOutURL} * * @preserve */getSignOutURL(e){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getSignOutURL(e)}))} /** * This method returns OIDC service endpoints that are fetched from the `.well-known` endpoint. * * @returns - A Promise that resolves with an object containing the OIDC service endpoints. * * @example * ``` * const endpoints = await auth.getOIDCServiceEndpoints(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getOIDCServiceEndpoints} * * @preserve */getOIDCServiceEndpoints(){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getOIDCServiceEndpoints()}))} /** * This method decodes the payload of the ID token and returns it. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with the decoded ID token payload. * * @example * ``` * const decodedIdToken = await auth.getDecodedIDToken(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getDecodedIDToken} * * @preserve */getDecodedIDToken(e){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getDecodedIDToken(e)}))} /** * This method returns the ID token. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with the ID token. * * @example * ``` * const idToken = await auth.getIDToken(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getIDToken} * * @preserve */getIDToken(e){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getIDToken(e)}))} /** * This method returns the basic user information obtained from the ID token. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with an object containing the basic user information. * * @example * ``` * const userInfo = await auth.getBasicUserInfo(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getBasicUserInfo} * * @preserve */getBasicUserInfo(e){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getBasicUserInfo(e)}))} /** * This method returns the crypto helper object. * * @returns - A Promise that resolves with a CryptoHelper object. * * @example * ``` * const cryptoHelper = await auth.CryptoHelper(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getCryptoHelper} * * @preserve */getCryptoHelper(){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getCryptoHelper()}))} /** * This method revokes the access token. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * **This method also clears the authentication data.** * * @returns - A Promise that returns the response of the revoke-access-token request. * * @example * ``` * auth.revokeAccessToken().then((response)=>{ * // console.log(response); * }).catch((error)=>{ * // console.error(error); * }); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#revokeAccessToken} * * @preserve */revokeAccessToken(e){return this._authenticationCore.revokeAccessToken(e)} /** * This method refreshes the access token and returns a Promise that resolves with the new access * token and other relevant data. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with the token response. * * @example * ``` * auth.refreshAccessToken().then((response)=>{ * // console.log(response); * }).catch((error)=>{ * // console.error(error); * }); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#refreshAccessToken} * * @preserve */refreshAccessToken(e){return this._authenticationCore.refreshAccessToken(e)} /** * This method returns the access token. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with the access token. * * @example * ``` * const accessToken = await auth.getAccessToken(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getAccessToken} * * @preserve */getAccessToken(e){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getAccessToken(e)}))} /** * This method sends a custom-grant request and returns a Promise that resolves with the response * depending on the config passed. * * @param config - A config object containing the custom grant configurations. * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with the response depending * on your configurations. * * @example * ``` * const config = { * attachToken: false, * data: { * client_id: "{{clientID}}", * grant_type: "account_switch", * scope: "{{scope}}", * token: "{{token}}", * }, * id: "account-switch", * returnResponse: true, * returnsSession: true, * signInRequired: true * } * * auth.requestCustomGrant(config).then((response)=>{ * // console.log(response); * }).catch((error)=>{ * // console.error(error); * }); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#requestCustomGrant} * * @preserve */requestCustomGrant(e,t){return this._authenticationCore.requestCustomGrant(e,t)} /** * This method returns if the user is authenticated or not. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @returns - A Promise that resolves with `true` if the user is authenticated, `false` otherwise. * * @example * ``` * await auth.isAuthenticated(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#isAuthenticated} * * @preserve */isAuthenticated(e){return t(this,void 0,void 0,(function*(){return this._authenticationCore.isAuthenticated(e)}))} /** * This method returns the PKCE code generated during the generation of the authentication URL. * * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * @param state - The state parameter that was passed in the authentication URL. * * @returns - A Promise that resolves with the PKCE code. * * @example * ``` * const pkce = await getPKCECode(); * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#getPKCECode} * * @preserve */getPKCECode(e,i){return t(this,void 0,void 0,(function*(){return this._authenticationCore.getPKCECode(e,i)}))} /** * This method sets the PKCE code to the data store. * * @param pkce - The PKCE code. * @param state - The state parameter that was passed in the authentication URL. * @param userID - (Optional) A unique ID of the user to be authenticated. This is useful in multi-user * scenarios where each user should be uniquely identified. * * @example * ``` * await auth.setPKCECode("pkce_code") * ``` * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#setPKCECode} * * @preserve */setPKCECode(e,i,o){return t(this,void 0,void 0,(function*(){yield this._authenticationCore.setPKCECode(e,i,o)}))} /** * This method returns if the sign-out is successful or not. * * @param signOutRedirectUrl - The URL to which the user has been redirected to after signing-out. * * **The server appends path parameters to the `signOutRedirectURL` and these path parameters * are required for this method to function.** * * @returns - `true` if successful, `false` otherwise. * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#isSignOutSuccessful} * * @preserve */static isSignOutSuccessful(e){const t=new URL(e),i=t.searchParams.get(A),o=Boolean(t.searchParams.get("error"));return!!i&&(i===w&&!o)} /** * This method returns if the sign-out has failed or not. * * @param signOutRedirectUrl - The URL to which the user has been redirected to after signing-out. * * **The server appends path parameters to the `signOutRedirectURL` and these path parameters * are required for this method to function.** * * @returns - `true` if successful, `false` otherwise. * * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#didSignOutFail} * * @preserve */static didSignOutFail(e){const t=new URL(e),i=t.searchParams.get(A),o=Boolean(t.searchParams.get("error"));return!!i&&(i===w&&o)} /** * This method updates the configuration that was passed into the constructor when instantiating this class. * * @param config - A config object to update the SDK configurations with. * * @example * ``` * const config = { * signInRedirectURL: "http://localhost:3000/sign-in", * clientID: "client ID", * baseUrl: "https://localhost:9443" * } * * await auth.updateConfig(config); * ``` * {@link https://github.com/asgardeo/asgardeo-auth-js-sdk/tree/master#updateConfig} * * @preserve */updateConfig(e){return t(this,void 0,void 0,(function*(){yield this._authenticationCore.updateConfig(e)}))}static clearUserSessionData(e){return t(this,void 0,void 0,(function*(){yield this._authenticationCore.clearUserSessionData(e)}))}}e.ASGARDEO_SESSION_ACTIVE=$,e.AUTHORIZATION_CODE="code",e.AsgardeoAuthClient=q,e.AsgardeoAuthException=H,e.AuthenticationUtils=b,e.CLIENT_ID_TAG=T,e.CLIENT_SECRET_TAG=C,e.CryptoHelper=j,e.DataLayer=J,e.OIDC_SCOPE=L,e.PKCE_CODE_VERIFIER=O,e.PKCE_SEPARATOR=P,e.REFRESH_TOKEN_TIMER="refresh_token_timer",e.SCOPE_TAG=k,e.SESSION_STATE=E,e.SIGN_OUT_SUCCESS_PARAM=w,e.SIGN_OUT_URL="sign_out_url",e.STATE=A,e.SUPPORTED_SIGNATURE_ALGORITHMS=R,e.TOKEN_TAG=m,e.USERNAME_TAG=S,Object.defineProperty(e,"__esModule",{value:!0})})); //# sourceMappingURL=asgardeo-auth.production.js.map