		@@ -6,8 +6,27 @@ # Changelog

		v1.2.0
		------------------------------
		* September 3, 2021*

		### Removed
		- `webpack` references from package.json.
		- `webpack.config.js` from directory.

		### Added
		- `vite` config & build command to package.json > scripts.


		v1.1.0
		------------------------------
		* February 1, 2021*

		### Added
		- `uglifyjs-webpack-plugin` so we can output `min.js` files.


		v1.0.0
		------------------------------
		* January 20, 2020*
		* January 20, 2021*

		### Added
		- Migrate repository

package.json

		{
		"name": "@justeat/f-consumer-oidc",
		"version": "1.0.0",
		"version": "1.2.0",
		"description": "Authentication helper to communicate with open apis",
		"main": "dist/f-consumer-oidc.js",
		"maxBundleSize": "5kB",
		"files": [
		"dist"
		],
		"homepage": "https://github.com/justeat/fozzie-components/tree/master/packages/services/f-consumer-oidc",
		"contributors": [
		"Github contributors <https://github.com/justeat/fozzie-components/graphs/contributors>"
		],
		"repository": {
		"type": "git",
		"url": "git@github.com:justeat/fozzie-components.git"
		},
		"bugs": {
		"url": "https://github.com/justeat/fozzie-components/issues"
		},
		"license": "Apache-2.0",
		"engines": {
		"node": ">=10.0.0"
		},
		"keywords": [
		"fozzie"
		],
		"scripts": {
		"prepublishOnly": "yarn build",
		"build": "webpack",
		"build": "vite build",
		"test": "jest"
		},
		"author": "",
		"license": "ISC",
		"devDependencies": {
		"@babel/core": "7.9.0",
		"@babel/preset-env": "7.9.0",
		"@babel/core": "7.14.8",
		"@babel/preset-env": "7.14.9",
		"babel-loader": "8.1.0",
		@@ -20,14 +40,7 @@ "jest": "25.4.0",
		"js-cookie": "2.2.1",
		"webpack": "4.42.1",
		"webpack-cli": "3.3.11"
		"vite": "2.4.4"
		},
		"peerDependencies": {
		"js-cookie": ">=2.2.1"
		},
		"jest": {
		"reporters": [
		"default",
		"jest-teamcity"
		]
		}
		}

README.md

		@@ -5,3 +5,3 @@ This library allows consumer microsites to obtain tokens for interacting with HTTP APIs via Smart Gateway.

		To install directly in a microsite:
		### Installation and setup

		@@ -14,3 +14,3 @@ ```

		There is also a requirement that an `Oidc` client object is passed into the exported functions below, this can come from the [`oidc-client`](https://github.com/IdentityModel/oidc-client-js/wiki) npm package or another source i.e. a global variable e.g.
		An `Oidc` client object must be passed into the exported functions. This can come from the [`oidc-client`](https://github.com/IdentityModel/oidc-client-js/wiki) npm package or another source e.g. a global variable:

		@@ -23,4 +23,50 @@ ```javascript

		To use within a package, it is recommended to install this as a _peer_ dependency. This is because the module holds some state to remember the status of logins. For example if two packages hosted by the same microsite both wanted to get a user token, you wouldn't want them both to go through the whole signin procedure.
		To use within a package, it is recommended to install this package as a _peer_ dependency. This is because the module holds some state to remember the status of logins. For example if two packages hosted by the same microsite both wanted to get a user token, you wouldn't want them both to go through the whole signin procedure.

		### Recommended code

		This library takes care of making the decision of whether and how to fetch an OIDC token. You should call `silentSignIn()` before every Smart Gateway API call. If a token is available without going to TokenWeb, or if there is reason to believe that no token is available (i.e. the user is not logged in), no HTTP token request will be made and the promise will resolve immediately.

		If the token turns out to be expired, Smart Gateway will return a 401. Due to the variety of ways the HTTP request could be sent, this library does not help with the detection of the 401. If a 401 is received, you should call `silentSignIn()` again, this time passing `true` for `force`. This will bypass the caching and request a new token.

		An example of how a wrapper function that applies these rules every time might look:

		```javascript

		import { silentSignIn } from '@justeat/je-consumer-oidc';

		async function makeApiCall(url) {
		function makeApiCallWithToken(token){
		if (token){ //this assumes we are happy to make the call with no token.
		//if the functionality always require a token we should do something else if token is null
		headers.Authorization = `Bearer ${token}`;
		}

		return fetch(url, {
		headers,
		credentials: 'include'
		});
		}

		const token = await silentSignIn();

		try {
		return makeApiCallWithToken(token)
		}
		catch (error) {
		if (error.response && error.response.status === 401){
		var token = await silentSignIn(true);

		return makeApiCallWithToken(token);
		}

		throw error;
		}

		}

		```

		## Exports

		The exports are:
		@@ -35,2 +81,3 @@
		* by default it will silently refresh the token close to its expiry time, if possible. This functionality is built in to [`oidc-client`](https://github.com/IdentityModel/oidc-client-js/wiki).
		* you should set the `silentRequestTimeout` setting to a low value, to avoid blocking UI components. By default this is a a very high value - 100 seconds.

		@@ -42,3 +89,7 @@ Usage:

		silentSignIn(OidcClient, optionalSettings, force)
		const oidcSettings = {
		silentRequestTimeout: 2000
		};

		silentSignIn(OidcClient, oidcSettings, force)
		.then((token) => /* will be a valid JWT for use in Auth header or null if user not logged in */ )
		@@ -45,0 +96,0 @@ .catch((error) => /* ... */);

.babelrc

dist/f-consumer-oidc.js

dist/f-consumer-oidc.js.map

src/index.js

src/silent-signin.js

src/user-manager-factory.js

test/silent-signin.test.js

webpack.config.js

@justeat/f-consumer-oidc - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics