@auth0/auth0-spa-js
Advanced tools
Comparing version 1.13.5 to 1.13.6
# Change Log | ||
## [v1.13.6](https://github.com/auth0/auth0-spa-js/tree/v1.13.6) (2021-01-07) | ||
[Full Changelog](https://github.com/auth0/auth0-spa-js/compare/v1.13.5...v1.13.6) | ||
**Changed** | ||
- Update docs for getIdTokenClaims and getUser [\#690](https://github.com/auth0/auth0-spa-js/pull/690) ([adamjmcgrath](https://github.com/adamjmcgrath)) | ||
- [SDK-2238] Only use timeout promise when using fetchWithTimeout without a worker [\#689](https://github.com/auth0/auth0-spa-js/pull/689) ([frederikprijck](https://github.com/frederikprijck)) | ||
- Do not use AbortController in the worker if not available [\#679](https://github.com/auth0/auth0-spa-js/pull/679) ([stevehobbsdev](https://github.com/stevehobbsdev)) | ||
- Do not send useCookiesForTransactions to authorize request [\#673](https://github.com/auth0/auth0-spa-js/pull/673) ([frederikprijck](https://github.com/frederikprijck)) | ||
**Fixed** | ||
- Remove the nonce check in handleRedirectCallback [\#678](https://github.com/auth0/auth0-spa-js/pull/678) ([stevehobbsdev](https://github.com/stevehobbsdev)) | ||
**Security** | ||
- Update wait-on to solve security vulnerability [\#687](https://github.com/auth0/auth0-spa-js/pull/687) ([frederikprijck](https://github.com/frederikprijck)) | ||
- [Security] Bump ini from 1.3.5 to 1.3.7 [\#672](https://github.com/auth0/auth0-spa-js/pull/672) ([dependabot-preview[bot]](https://github.com/apps/dependabot-preview)) | ||
## [v1.13.5](https://github.com/auth0/auth0-spa-js/tree/v1.13.5) (2020-12-08) | ||
@@ -19,2 +39,6 @@ | ||
**Remarks** | ||
This release updates the `getUser` return type to be more correct. Instead of returning `Promise<TUser>`, it now returns `Promise<TUser | undefined>`, which might lead to an `Object is possible 'undefined'` compiler error in situation where the return value is not checked for being undefined while having set the TypeScript's `--strictNullChecks` compiler flag to `true`. | ||
## [v1.13.4](https://github.com/auth0/auth0-spa-js/tree/v1.13.4) (2020-12-02) | ||
@@ -21,0 +45,0 @@ |
@@ -62,2 +62,6 @@ import { Auth0ClientOptions, RedirectLoginOptions, PopupLoginOptions, PopupConfigOptions, GetUserOptions, GetIdTokenClaimsOptions, RedirectLoginResult, GetTokenSilentlyOptions, GetTokenWithPopupOptions, LogoutOptions, CacheLocation, LogoutUrlOptions, User } from './global'; | ||
* | ||
* If you provide an audience or scope, they should match an existing Access Token | ||
* (the SDK stores a corresponding ID Token with every Access Token, and uses the | ||
* scope and audience to look up the ID Token) | ||
* | ||
* @typeparam TUser The type to return, has to extend {@link User}. Defaults to {@link User} when omitted. | ||
@@ -74,2 +78,6 @@ * @param options | ||
* | ||
* If you provide an audience or scope, they should match an existing Access Token | ||
* (the SDK stores a corresponding ID Token with every Access Token, and uses the | ||
* scope and audience to look up the ID Token) | ||
* | ||
* @param options | ||
@@ -76,0 +84,0 @@ */ |
import { FetchOptions } from './global'; | ||
export declare const createAbortController: () => AbortController; | ||
export declare const fetchWithTimeout: (url: string, audience: string, scope: string, options: FetchOptions, worker?: Worker, timeout?: number) => Promise<any>; | ||
export declare const switchFetch: (fetchUrl: string, audience: string, scope: string, fetchOptions: FetchOptions, worker?: Worker, timeout?: number) => Promise<any>; | ||
export declare function getJSON<T>(url: string, timeout: number, audience: string, scope: string, options: FetchOptions, worker?: Worker): Promise<T>; |
export declare const isIE11: () => boolean; | ||
export declare const isSafari10: () => boolean; | ||
export declare const isSafari11: () => boolean; | ||
export declare const isSafari12_0: () => boolean; |
@@ -1,2 +0,2 @@ | ||
declare const _default: "1.13.5"; | ||
declare const _default: "1.13.6"; | ||
export default _default; |
@@ -6,3 +6,3 @@ { | ||
"license": "MIT", | ||
"version": "1.13.5", | ||
"version": "1.13.6", | ||
"main": "dist/lib/auth0-spa-js.cjs.js", | ||
@@ -18,3 +18,3 @@ "types": "dist/typings/index.d.ts", | ||
"lint:security": "eslint ./src --ext ts --no-eslintrc --config ./.eslintrc.security", | ||
"test": "jest --coverage --maxWorkers=2 --silent", | ||
"test": "jest --coverage --silent", | ||
"test:watch": "jest --coverage --watch --silent", | ||
@@ -80,3 +80,3 @@ "test:debug": "node --inspect node_modules/.bin/jest --runInBand", | ||
"typescript": "^4.1.2", | ||
"wait-on": "^5.2.0" | ||
"wait-on": "^5.2.1" | ||
}, | ||
@@ -83,0 +83,0 @@ "dependencies": { |
@@ -64,3 +64,3 @@ import Lock from 'browser-tabs-lock'; | ||
import TokenWorker from './worker/token.worker.ts'; | ||
import { isIE11, isSafari10, isSafari11, isSafari12_0 } from './user-agent'; | ||
import { isIE11 } from './user-agent'; | ||
import { singlePromise, retryPromise } from './promise-utils'; | ||
@@ -96,4 +96,3 @@ | ||
*/ | ||
const supportWebWorker = () => | ||
!isIE11() && !isSafari10() && !isSafari11() && !isSafari12_0(); | ||
const supportWebWorker = () => !isIE11(); | ||
@@ -225,2 +224,3 @@ /** | ||
useRefreshTokens, | ||
useCookiesForTransactions, | ||
auth0Client, | ||
@@ -421,2 +421,6 @@ cacheLocation, | ||
* | ||
* If you provide an audience or scope, they should match an existing Access Token | ||
* (the SDK stores a corresponding ID Token with every Access Token, and uses the | ||
* scope and audience to look up the ID Token) | ||
* | ||
* @typeparam TUser The type to return, has to extend {@link User}. Defaults to {@link User} when omitted. | ||
@@ -449,2 +453,6 @@ * @param options | ||
* | ||
* If you provide an audience or scope, they should match an existing Access Token | ||
* (the SDK stores a corresponding ID Token with every Access Token, and uses the | ||
* scope and audience to look up the ID Token) | ||
* | ||
* @param options | ||
@@ -504,4 +512,4 @@ */ | ||
// Transaction should have a `code_verifier` to do PKCE and a `nonce` for CSRF protection | ||
if (!transaction || !transaction.code_verifier || !transaction.nonce) { | ||
// Transaction should have a `code_verifier` to do PKCE for CSRF protection | ||
if (!transaction || !transaction.code_verifier) { | ||
throw new Error('Invalid state'); | ||
@@ -508,0 +516,0 @@ } |
105
src/http.ts
@@ -14,51 +14,18 @@ import fetch from 'unfetch'; | ||
const switchFetch = async ( | ||
const dofetch = async (fetchUrl: string, fetchOptions: FetchOptions) => { | ||
const response = await fetch(fetchUrl, fetchOptions); | ||
return { | ||
ok: response.ok, | ||
json: await response.json() | ||
}; | ||
}; | ||
const fetchWithoutWorker = async ( | ||
fetchUrl: string, | ||
audience: string, | ||
scope: string, | ||
fetchOptions: FetchOptions, | ||
timeout: number, | ||
worker?: Worker | ||
): Promise<any> => { | ||
if (worker) { | ||
// AbortSignal is not serializable, need to implement in the Web Worker | ||
delete fetchOptions.signal; | ||
return sendMessage( | ||
{ | ||
auth: { | ||
audience, | ||
scope | ||
}, | ||
timeout, | ||
fetchUrl, | ||
fetchOptions | ||
}, | ||
worker | ||
); | ||
} else { | ||
const response = await fetch(fetchUrl, fetchOptions); | ||
return { | ||
ok: response.ok, | ||
json: await response.json() | ||
}; | ||
} | ||
}; | ||
export const fetchWithTimeout = ( | ||
url: string, | ||
audience: string, | ||
scope: string, | ||
options: FetchOptions, | ||
worker?: Worker, | ||
timeout = DEFAULT_FETCH_TIMEOUT_MS | ||
): Promise<any> => { | ||
timeout: number | ||
) => { | ||
const controller = createAbortController(); | ||
const signal = controller.signal; | ||
fetchOptions.signal = controller.signal; | ||
const fetchOptions = { | ||
...options, | ||
signal | ||
}; | ||
let timeoutId: NodeJS.Timeout; | ||
@@ -68,3 +35,3 @@ | ||
return Promise.race([ | ||
switchFetch(url, audience, scope, fetchOptions, timeout, worker), | ||
dofetch(fetchUrl, fetchOptions), | ||
new Promise((_, reject) => { | ||
@@ -81,2 +48,46 @@ timeoutId = setTimeout(() => { | ||
const fetchWithWorker = async ( | ||
fetchUrl: string, | ||
audience: string, | ||
scope: string, | ||
fetchOptions: FetchOptions, | ||
timeout: number, | ||
worker?: Worker | ||
) => { | ||
return sendMessage( | ||
{ | ||
auth: { | ||
audience, | ||
scope | ||
}, | ||
timeout, | ||
fetchUrl, | ||
fetchOptions | ||
}, | ||
worker | ||
); | ||
}; | ||
export const switchFetch = async ( | ||
fetchUrl: string, | ||
audience: string, | ||
scope: string, | ||
fetchOptions: FetchOptions, | ||
worker?: Worker, | ||
timeout = DEFAULT_FETCH_TIMEOUT_MS | ||
): Promise<any> => { | ||
if (worker) { | ||
return fetchWithWorker( | ||
fetchUrl, | ||
audience, | ||
scope, | ||
fetchOptions, | ||
timeout, | ||
worker | ||
); | ||
} else { | ||
return fetchWithoutWorker(fetchUrl, fetchOptions, timeout); | ||
} | ||
}; | ||
export async function getJSON<T>( | ||
@@ -95,3 +106,3 @@ url: string, | ||
try { | ||
response = await fetchWithTimeout( | ||
response = await switchFetch( | ||
url, | ||
@@ -98,0 +109,0 @@ audience, |
export const isIE11 = () => /Trident.*rv:11\.0/.test(navigator.userAgent); | ||
export const isSafari10 = () => | ||
/AppleWebKit.*Version\/10/.test(navigator.userAgent); | ||
export const isSafari11 = () => | ||
/AppleWebKit.*Version\/11/.test(navigator.userAgent); | ||
export const isSafari12_0 = () => | ||
/AppleWebKit.*Version\/12\.0/.test(navigator.userAgent); |
@@ -1,1 +0,1 @@ | ||
export default '1.13.5'; | ||
export default '1.13.6'; |
@@ -49,5 +49,9 @@ import { MISSING_REFRESH_TOKEN_ERROR_MESSAGE } from '../constants'; | ||
const abortController = new AbortController(); | ||
const { signal } = abortController; | ||
let abortController: AbortController; | ||
if (typeof AbortController === 'function') { | ||
abortController = new AbortController(); | ||
fetchOptions.signal = abortController.signal; | ||
} | ||
let response: any; | ||
@@ -58,3 +62,3 @@ | ||
wait(timeout), | ||
fetch(fetchUrl, { ...fetchOptions, signal }) | ||
fetch(fetchUrl, { ...fetchOptions }) | ||
]); | ||
@@ -71,4 +75,9 @@ } catch (error) { | ||
if (!response) { | ||
// If the request times out, abort it and let `fetchWithTimeout` raise the error. | ||
abortController.abort(); | ||
// If the request times out, abort it and let `switchFetch` raise the error. | ||
if (abortController) abortController.abort(); | ||
port.postMessage({ | ||
error: "Timeout when executing 'fetch'" | ||
}); | ||
return; | ||
@@ -75,0 +84,0 @@ } |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
2360906
14295