UNPKG

@auth0/auth0-spa-js

Version:

Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE

github.com/auth0/auth0-spa-js

auth0/auth0-spa-js

80 lines (79 loc) 2.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import { MfaRequirements } from '../errors'; /** * Represents the stored context for an MFA flow */ export interface MfaContext { /** The OAuth scope for the original token request */ scope?: string; /** The API audience for the original token request */ audience?: string; /** MFA requirements from the mfa_required error (camelCase for TypeScript conventions) */ mfaRequirements?: MfaRequirements; /** Timestamp when the context was created */ createdAt: number; } /** * Manages MFA authentication contexts keyed by MFA token. * * When an mfa_required error occurs, the SDK stores the original request's * scope and audience. When the user later provides an MFA token for verification, * the SDK retrieves the matching context to complete the token exchange. * * This enables concurrent MFA flows without state conflicts. * * @example * ```typescript * const manager = new MfaContextManager(); * * // Store context when mfa_required error occurs * manager.set('mfaTokenAbc', { scope: 'openid profile', audience: 'https://api.example.com' }); * * // Retrieve context when user completes MFA * const context = manager.get('mfaTokenAbc'); * // { scope: 'openid profile', audience: 'https://api.example.com', createdAt: ... } * * // Remove after successful verification * manager.remove('mfaTokenAbc'); * ``` */ export declare class MfaContextManager { private contexts; private readonly ttlMs; /** * Creates a new MfaContextManager * @param ttlMs - Time-to-live for contexts in milliseconds (default: 10 minutes) */ constructor(ttlMs?: number); /** * Stores an MFA context keyed by the MFA token. * Runs cleanup to remove expired entries before storing. * * @param mfaToken - The MFA token from the mfa_required error * @param context - The scope and audience from the original request */ set(mfaToken: string, context: Omit<MfaContext, 'createdAt'>): void; /** * Retrieves the MFA context for a given token. * Returns undefined if the token is not found or has expired. * * @param mfaToken - The MFA token to look up * @returns The stored context, or undefined if not found/expired */ get(mfaToken: string): MfaContext | undefined; /** * Removes an MFA context. * Should be called after successful MFA verification. * * @param mfaToken - The MFA token to remove */ remove(mfaToken: string): void; /** * Removes all expired contexts from the Map. * Called automatically on every `set` operation. */ private cleanup; /** * Returns the number of stored contexts */ get size(): number; }