UNPKG

@auth0/auth0-spa-js

Version:

Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE

github.com/auth0/auth0-spa-js

auth0/auth0-spa-js

62 lines (55 loc) 1.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import { TokenEndpointOptions, TokenEndpointResponse } from './global'; import { DEFAULT_AUTH0_CLIENT, DEFAULT_AUDIENCE } from './constants'; import * as dpopUtils from './dpop/utils'; import { getJSON } from './http'; import { createQueryParams, stripAuth0Client } from './utils'; export async function oauthToken( { baseUrl, timeout, audience, scope, auth0Client, useFormData, useMrrt, dpop, ...options }: TokenEndpointOptions, worker?: Worker ) { const isTokenExchange = options.grant_type === 'urn:ietf:params:oauth:grant-type:token-exchange'; const refreshWithMrrt = options.grant_type === 'refresh_token' && useMrrt; const allParams = { ...options, ...(isTokenExchange && audience && { audience }), ...(isTokenExchange && scope && { scope }), ...(refreshWithMrrt && { audience, scope }) }; const body = useFormData ? createQueryParams(allParams) : JSON.stringify(allParams); const isDpopSupported = dpopUtils.isGrantTypeSupported(options.grant_type); return await getJSON<TokenEndpointResponse>( `${baseUrl}/oauth/token`, timeout, audience || DEFAULT_AUDIENCE, scope, { method: 'POST', body, headers: { 'Content-Type': useFormData ? 'application/x-www-form-urlencoded' : 'application/json', 'Auth0-Client': btoa( JSON.stringify(stripAuth0Client(auth0Client || DEFAULT_AUTH0_CLIENT)) ) } }, worker, useFormData, useMrrt, isDpopSupported ? dpop : undefined ); }