@openpass/openpass-js-sdk/dist/esm/src/auth/url.js

OpenPass SSO JavaScript SDK

import { PARAM_ALLOW_UNVERIFIED_EMAIL, PARAM_CLIENT_ID, PARAM_CODE, PARAM_CODE_CHALLENGE, PARAM_CODE_CHALLENGE_METHOD, PARAM_CODE_DISABLE_LOGIN_HINT_EDITING, PARAM_CODE_LOGIN_HINT, PARAM_CODE_RESPONSE_MODE, PARAM_ERROR, PARAM_ERROR_DESCRIPTION, PARAM_ERROR_URI, PARAM_REDIRECT_URI, PARAM_RESPONSE_TYPE, PARAM_RESPONSE_TYPE_VALUE, PARAM_SCOPE, PARAM_SCOPE_VALUE, PARAM_SDK_NAME, PARAM_SDK_VERSION, PARAM_STATE, PARAM_SIGN_IN_SOURCE, SDK_NAME, PARAM_USE_SILENT_AUTH, } from "./constants";
import { joinPaths } from "./utils/path";
import { version as sdkVersion } from "../../package.json";
import { SdkError } from "./error/errors";
export const parseAuthRedirectUrlParams = (queryString) => {
    const params = new URLSearchParams(queryString);
    return {
        code: getParamValue(PARAM_CODE, params),
        state: getParamValue(PARAM_STATE, params),
        error: getParamValue(PARAM_ERROR, params),
        errorDescription: getParamValue(PARAM_ERROR_DESCRIPTION, params),
        errorUri: getParamValue(PARAM_ERROR_URI, params),
    };
};
// Check if the URL looks like a redirect URL with state and code or error parameters
export const urlHasStateAndCodeOrErrorParameters = (urlParams) => {
    const hasStateAndCodeParams = urlParams.state !== null && urlParams.code !== null;
    const hasErrorParam = urlParams.error !== null;
    return hasStateAndCodeParams || hasErrorParam;
};
// Check if the redirect URL matches the current URL
export const redirectUrlMatchesCurrentUrl = (currentPageUrl, redirectUrl) => {
    var _a, _b, _c, _d, _e, _f, _g, _h;
    const currentUrlObj = new URL(currentPageUrl);
    const redirectUrlObj = new URL(redirectUrl);
    const currentOrigin = (_a = currentUrlObj.origin) === null || _a === void 0 ? void 0 : _a.toLowerCase();
    const currentPathname = (_c = (_b = currentUrlObj.pathname) === null || _b === void 0 ? void 0 : _b.replace(/\/+$/, "")) === null || _c === void 0 ? void 0 : _c.toLowerCase(); // Remove trailing slashes
    const currentProtocol = (_d = currentUrlObj.protocol) === null || _d === void 0 ? void 0 : _d.toLowerCase();
    const redirectOrigin = (_e = redirectUrlObj.origin) === null || _e === void 0 ? void 0 : _e.toLowerCase();
    const redirectPathname = (_g = (_f = redirectUrlObj.pathname) === null || _f === void 0 ? void 0 : _f.replace(/\/+$/, "")) === null || _g === void 0 ? void 0 : _g.toLowerCase(); // Remove trailing slashes
    const redirectProtocol = (_h = redirectUrlObj.protocol) === null || _h === void 0 ? void 0 : _h.toLowerCase();
    return currentOrigin === redirectOrigin && currentPathname === redirectPathname && currentProtocol === redirectProtocol;
};
export const buildAuthorizeUrl = (baseUrl, authorizeEndpoint, session, source, customQueryParams) => {
    const params = new URLSearchParams();
    params.set(PARAM_RESPONSE_TYPE, PARAM_RESPONSE_TYPE_VALUE);
    params.set(PARAM_CLIENT_ID, session.clientId);
    params.set(PARAM_SCOPE, PARAM_SCOPE_VALUE);
    params.set(PARAM_STATE, session.state);
    params.set(PARAM_SDK_NAME, SDK_NAME);
    params.set(PARAM_SDK_VERSION, sdkVersion);
    params.set(PARAM_SIGN_IN_SOURCE, source);
    if (session.redirectUrl) {
        params.set(PARAM_REDIRECT_URI, session.redirectUrl);
    }
    if (session.codeChallengeMethod) {
        params.set(PARAM_CODE_CHALLENGE_METHOD, session.codeChallengeMethod);
    }
    if (session.codeChallenge) {
        params.set(PARAM_CODE_CHALLENGE, session.codeChallenge);
    }
    if (session.responseMode) {
        params.set(PARAM_CODE_RESPONSE_MODE, session.responseMode);
    }
    if (session.useSilentAuth) {
        params.set(PARAM_USE_SILENT_AUTH, session.useSilentAuth ? "true" : "false");
    }
    if (session.loginHint) {
        params.set(PARAM_CODE_LOGIN_HINT, session.loginHint);
    }
    if (session.disableLoginHintEditing) {
        params.set(PARAM_CODE_DISABLE_LOGIN_HINT_EDITING, session.disableLoginHintEditing ? "true" : "false");
    }
    params.set(PARAM_ALLOW_UNVERIFIED_EMAIL, session.allowUnverifiedEmail ? "true" : "false");
    if (customQueryParams) {
        for (let i = 0; i < customQueryParams.length; i++) {
            const customQueryParam = customQueryParams[i];
            validateCustomQueryParam(customQueryParam);
            params.set(customQueryParam.name, customQueryParam.value);
        }
    }
    return `${joinPaths([baseUrl, authorizeEndpoint])}?${params.toString()}`;
};
const validateCustomQueryParam = (customQueryParam) => {
    if (!customQueryParam.name || !customQueryParam.value) {
        throw new SdkError("Custom query parameters must have both name and value");
    }
    if (customQueryParam.name.length > 100 || customQueryParam.value.length > 100) {
        throw new SdkError("Custom query parameters' name and value must be under 100 characters");
    }
    if (!/^[\x20-\x7E]*$/.test(customQueryParam.name) || !/^[\x20-\x7E]*$/.test(customQueryParam.value)) {
        throw new SdkError("Custom query parameter contains invalid characters. Only printable ASCII characters are allowed");
    }
};
const getParamValue = (name, params) => {
    const paramValue = params.get(name);
    if (!paramValue) {
        return null;
    }
    return decodeURIComponent(paramValue);
};
export const matchesEventOrigin = (eventOrigin, origin) => {
    if (eventOrigin === origin) {
        return true;
    }
    if (origin.endsWith("/") && origin.length > 1) {
        return eventOrigin === origin.substring(0, origin.length - 1);
    }
    return false;
};
//# sourceMappingURL=url.js.map