oidc-client-ts - npm Package Compare versions

Comparing version 2.0.0-rc.3 to 2.0.0-rc.4

461

dist/types/oidc-client-ts.d.ts

		@@ -27,7 +27,7 @@ /**
		export declare class AccessTokenEvents {
		protected _logger: Logger;
		private _expiringNotificationTimeInSeconds;
		private _expiringTimer;
		private _expiredTimer;
		constructor({ expiringNotificationTimeInSeconds }: {
		protected readonly _logger: Logger;
		private readonly _expiringTimer;
		private readonly _expiredTimer;
		private readonly _expiringNotificationTimeInSeconds;
		constructor(args: {
		expiringNotificationTimeInSeconds: number;
		@@ -122,8 +122,10 @@ });
		export declare class ErrorResponse extends Error {
		/** The x-www-form-urlencoded request body sent to the authority server */
		readonly form?: URLSearchParams \| undefined;
		/** Marker to detect class: "ErrorResponse" */
		readonly name: string;
		/** An error code string that can be used to classify the types of errors that occur and to respond to errors. */
		readonly error: string;
		readonly error: string \| null;
		/** additional information that can help a developer identify the cause of the error.*/
		readonly error_description: string \| undefined;
		readonly error_description: string \| null;
		/**
		@@ -133,13 +135,15 @@ * URI identifying a human-readable web page with information about the error, used to provide the client
		*/
		readonly error_uri: string \| undefined;
		/** custom "state", which can be used by a caller to have "data" round tripped */
		state: unknown \| undefined;
		readonly session_state: string \| undefined;
		readonly error_uri: string \| null;
		/** custom state data set during the initial signin request */
		state?: unknown;
		readonly session_state: string \| null;
		constructor(args: {
		error?: string;
		error_description?: string;
		error_uri?: string;
		state?: unknown;
		session_state?: string;
		});
		error?: string \| null;
		error_description?: string \| null;
		error_uri?: string \| null;
		userState?: unknown;
		session_state?: string \| null;
		},
		/** The x-www-form-urlencoded request body sent to the authority server */
		form?: URLSearchParams \| undefined);
		}
		@@ -154,3 +158,3 @@
		private _callbacks;
		constructor(name: string);
		constructor(_name: string);
		addHandler(cb: Callback<EventType>): () => void;
		@@ -170,3 +174,3 @@ removeHandler(cb: Callback<EventType>): void;
		code: string;
		code_verifier: string;
		code_verifier?: string;
		}
		@@ -195,2 +199,27 @@
		/**
		* Standard ID Token claims.
		*
		* @public
		* @see https://openid.net/specs/openid-connect-core-1_0.html#IDToken
		*/
		export declare interface IdTokenClaims extends Mandatory<OidcStandardClaims, "sub">, Mandatory<JwtClaims, "iss" \| "sub" \| "aud" \| "exp" \| "iat"> {
		[claim: string]: unknown;
		/** Time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. When a max_age request is made or when auth_time is requested as an Essential Claim, then this Claim is REQUIRED; otherwise, its inclusion is OPTIONAL. (The auth_time Claim semantically corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] auth_time response parameter.) */
		auth_time?: number;
		/** String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. If present in the ID Token, Clients MUST verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the Authentication Request. If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string. */
		nonce?: string;
		/** Authentication Context Class Reference. String specifying an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. The value "0" indicates the End-User authentication did not meet the requirements of ISO/IEC 29115 [ISO29115] level 1. Authentication using a long-lived browser cookie, for instance, is one example where the use of "level 0" is appropriate. Authentications with level 0 SHOULD NOT be used to authorize access to any resource of any monetary value. (This corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] nist_auth_level 0.) An absolute URI or an RFC 6711 [RFC6711] registered name SHOULD be used as the acr value; registered names MUST NOT be used with a different meaning than that which is registered. Parties using this claim will need to agree upon the meanings of the values used, which may be context-specific. The acr value is a case sensitive string. */
		acr?: string;
		/** Authentication Methods References. JSON array of strings that are identifiers for authentication methods used in the authentication. For instance, values might indicate that both password and OTP authentication methods were used. The definition of particular values to be used in the amr Claim is beyond the scope of this specification. Parties using this claim will need to agree upon the meanings of the values used, which may be context-specific. The amr value is an array of case sensitive strings. */
		amr?: unknown;
		/** Authorized party - the party to which the ID Token was issued. If present, it MUST contain the OAuth 2.0 Client ID of this party. This Claim is only needed when the ID Token has a single audience value and that audience is different than the authorized party. It MAY be included even when the authorized party is the same as the sole audience. The azp value is a case sensitive string containing a StringOrURI value. */
		azp?: string;
		/**
		* Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different sid values are used to identify distinct sessions at an OP. The sid value need only be unique in the context of a particular issuer. Its contents are opaque to the RP. Its syntax is the same as an OAuth 2.0 Client Identifier.
		* @see https://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout
		* */
		sid?: string;
		}

		/**
		* @internal
		@@ -251,3 +280,2 @@ */
		private _data;
		constructor();
		clear(): void;
		@@ -270,17 +298,39 @@ getItem(key: string): string;
		/**
		* @internal
		* Standard JWT claims.
		*
		* @public
		* @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
		*/
		declare interface JwtPayload {
		export declare interface JwtClaims {
		[claim: string]: unknown;
		/** The "iss" (issuer) claim identifies the principal that issued the JWT. The processing of this claim is generally application specific. The "iss" value is a case-sensitive string containing a StringOrURI value. */
		iss?: string;
		/** The "sub" (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique. The processing of this claim is generally application specific. The "sub" value is a case-sensitive string containing a StringOrURI value. */
		sub?: string;
		/** The "aud" (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected. In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value. The interpretation of audience values is generally application specific. */
		aud?: string \| string[];
		azp?: string;
		/** The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. */
		exp?: number;
		/** The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the "nbf" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the "nbf" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. */
		nbf?: number;
		/** The "iat" (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value. */
		iat?: number;
		nbf?: number;
		exp?: number;
		sub?: string;
		auth_time?: number;
		[claim: string]: unknown;
		/** The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object; if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well. The "jti" claim can be used to prevent the JWT from being replayed. The "jti" value is a case-sensitive string. */
		jti?: string;
		}

		/**
		* Log levels
		*
		* @public
		*/
		export declare enum Log {
		NONE = 0,
		ERROR = 1,
		WARN = 2,
		INFO = 3,
		DEBUG = 4
		}

		/**
		* Log manager
		@@ -290,24 +340,17 @@ *
		*/
		export declare class Log {
		static get NONE(): number;
		static get ERROR(): number;
		static get WARN(): number;
		static get INFO(): number;
		static get DEBUG(): number;
		private static _level;
		private static _logger;
		static reset(): void;
		static get level(): number;
		static set level(value: number);
		static get logger(): ILogger;
		static set logger(value: ILogger);
		export declare namespace Log {
		export function reset(): void;
		export function setLevel(value: Log): void;
		export function setLogger(value: ILogger): void;
		}

		/**
		* @internal
		* Internal logger instance
		*
		* @public
		*/
		declare class Logger {
		private readonly _name;
		constructor(name: string);
		export declare class Logger {
		private _name;
		private _method?;
		constructor(_name: string);
		debug(...args: unknown[]): void;
		@@ -317,2 +360,5 @@ info(...args: unknown[]): void;
		error(...args: unknown[]): void;
		throw(err: unknown): never;
		create(method: string): Logger;
		private static _format;
		static debug(name: string, ...args: unknown[]): void;
		@@ -325,2 +371,7 @@ static info(name: string, ...args: unknown[]): void;
		/**
		* @internal
		*/
		declare type Mandatory<T, K extends keyof T> = Required<Pick<T, K>> & Omit<T, K>;

		/**
		* @public
		@@ -335,3 +386,3 @@ */
		private _metadata;
		constructor(settings: OidcClientSettingsStore);
		constructor(_settings: OidcClientSettingsStore);
		resetSigningKeys(): void;
		@@ -342,9 +393,10 @@ getMetadata(): Promise<Partial<OidcMetadata>>;
		getUserInfoEndpoint(): Promise<string>;
		getTokenEndpoint(optional: false): Promise<string>;
		getTokenEndpoint(optional?: true): Promise<string \| undefined>;
		getTokenEndpoint(optional: false): Promise<string>;
		getCheckSessionIframe(): Promise<string \| undefined>;
		getEndSessionEndpoint(): Promise<string \| undefined>;
		getRevocationEndpoint(optional?: boolean): Promise<string \| undefined>;
		getRevocationEndpoint(optional: false): Promise<string>;
		getRevocationEndpoint(optional?: true): Promise<string \| undefined>;
		getKeysEndpoint(optional: false): Promise<string>;
		getKeysEndpoint(optional?: true): Promise<string \| undefined>;
		getKeysEndpoint(optional: false): Promise<string>;
		protected _getMetadataProperty(name: keyof OidcMetadata, optional?: boolean): Promise<string \| boolean \| string[] \| undefined>;
		@@ -372,2 +424,24 @@ getSigningKeys(): Promise<SigningKey[] \| null>;
		/**
		* Standard OpenID Connect address claim.
		* The Address Claim represents a physical mailing address.
		*
		* @public
		* @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
		*/
		export declare interface OidcAddressClaim {
		/** Full mailing address, formatted for display or use on a mailing label. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair ("\\r\\n") or as a single line feed character ("\\n"). */
		formatted?: string;
		/** Full street address component, which MAY include house number, street name, Post Office Box, and multi-line extended street address information. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair ("\\r\\n") or as a single line feed character ("\\n"). */
		street_address?: string;
		/** City or locality component. */
		locality?: string;
		/** State, province, prefecture, or region component. */
		region?: string;
		/** Zip code or postal code component. */
		postal_code?: string;
		/** Country name component. */
		country?: string;
		}

		/**
		* Provides the raw OIDC/OAuth2 protocol support for the authorization endpoint and the end session endpoint in the
		@@ -385,4 +459,5 @@ * authorization server. It provides a bare-bones protocol implementation and is used by the UserManager class.
		protected readonly _validator: ResponseValidator;
		protected readonly _tokenClient: TokenClient;
		constructor(settings: OidcClientSettings);
		createSigninRequest({ response_type, scope, redirect_uri, state, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource, request, request_uri, response_mode, extraQueryParams, extraTokenParams, request_type, skipUserInfo, }: CreateSigninRequestArgs): Promise<SigninRequest>;
		createSigninRequest({ state, request, request_uri, request_type, id_token_hint, login_hint, skipUserInfo, response_type, scope, redirect_uri, prompt, display, max_age, ui_locales, acr_values, resource, response_mode, extraQueryParams, extraTokenParams, }: CreateSigninRequestArgs): Promise<SigninRequest>;
		readSigninResponseState(url: string, removeState?: boolean): Promise<{
		@@ -393,3 +468,4 @@ state: SigninState;
		processSigninResponse(url: string): Promise<SigninResponse>;
		createSignoutRequest({ state, id_token_hint, post_logout_redirect_uri, extraQueryParams, request_type, }?: CreateSignoutRequestArgs): Promise<SignoutRequest>;
		useRefreshToken(state: RefreshState): Promise<SigninResponse>;
		createSignoutRequest({ state, id_token_hint, request_type, post_logout_redirect_uri, extraQueryParams, }?: CreateSignoutRequestArgs): Promise<SignoutRequest>;
		readSignoutResponseState(url: string, removeState?: boolean): Promise<{
		@@ -401,2 +477,3 @@ state: State \| undefined;
		clearStaleState(): Promise<void>;
		revokeToken(token: string, type?: "access_token" \| "refresh_token"): Promise<void>;
		}
		@@ -554,2 +631,52 @@
		/**
		* Standard OpenID Connect claims.
		* They can be requested to be returned either in the UserInfo Response or in the ID Token.
		*
		* @public
		* @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
		*/
		export declare interface OidcStandardClaims {
		/** Subject - Identifier for the End-User at the Issuer. */
		sub?: string;
		/** End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences. */
		name?: string;
		/** Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters. */
		given_name?: string;
		/** Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters. */
		family_name?: string;
		/** Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used. */
		middle_name?: string;
		/** Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael. */
		nickname?: string;
		/** Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as \@, /, or whitespace. */
		preferred_username?: string;
		/** URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User. */
		profile?: string;
		/** URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User. */
		picture?: string;
		/** URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with. */
		website?: string;
		/** End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 addr-spec syntax. */
		email?: string;
		/** True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. */
		email_verified?: boolean;
		/** End-User's gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable. */
		gender?: string;
		/** End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates. */
		birthdate?: string;
		/** String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles. */
		zoneinfo?: string;
		/** End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; */
		locale?: string;
		/** End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678. */
		phone_number?: string;
		/** True if the End-User's phone number has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format. */
		phone_number_verified?: boolean;
		/** End-User's preferred postal address. The value of the address member is a JSON [RFC4627] structure containing some or all of the members defined in Section 5.1.1. */
		address?: OidcAddressClaim;
		/** Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. */
		updated_at?: number;
		}

		/**
		* @internal
		@@ -627,20 +754,42 @@ */
		/**
		* Fake state store implementation necessary for validating refresh token requests.
		*
		* @internal
		*/
		declare class RefreshState implements State {
		readonly id: never;
		readonly created: never;
		readonly request_type: undefined;
		readonly data: unknown;
		readonly refresh_token: string;
		readonly id_token: string;
		readonly scope: string;
		constructor(args: {
		refresh_token: string;
		id_token: string;
		scope: string;
		state?: unknown;
		});
		toStorageString(): string;
		}

		/**
		* @internal
		*/
		declare class ResponseValidator {
		protected readonly _settings: OidcClientSettingsStore;
		protected readonly _metadataService: MetadataService;
		protected readonly _logger: Logger;
		protected readonly _metadataService: MetadataService;
		protected readonly _userInfoService: UserInfoService;
		protected readonly _tokenClient: TokenClient;
		constructor(settings: OidcClientSettingsStore, metadataService: MetadataService);
		validateSigninResponse(state: SigninState, response: SigninResponse): Promise<SigninResponse>;
		validateSignoutResponse(state: State, response: SignoutResponse): SignoutResponse;
		protected _processSigninParams(state: SigninState, response: SigninResponse): SigninResponse;
		protected _processClaims(state: SigninState, response: SigninResponse): Promise<SigninResponse>;
		protected _mergeClaims(claims1: UserProfile, claims2: JwtPayload): UserProfile;
		constructor(_settings: OidcClientSettingsStore, _metadataService: MetadataService);
		validateSigninResponse(response: SigninResponse, state: SigninState): Promise<void>;
		validateRefreshResponse(response: SigninResponse, state: RefreshState): Promise<void>;
		validateSignoutResponse(response: SignoutResponse, state: State): void;
		protected _processSigninState(response: SigninResponse, state: SigninState): void;
		protected _processClaims(response: SigninResponse, skipUserInfo?: boolean): Promise<void>;
		protected _mergeClaims(claims1: UserProfile, claims2: JwtClaims): UserProfile;
		protected _filterProtocolClaims(claims: UserProfile): UserProfile;
		protected _validateTokens(state: SigninState, response: SigninResponse): Promise<SigninResponse>;
		protected _processCode(state: SigninState, response: SigninResponse): Promise<SigninResponse>;
		protected _validateIdTokenAttributes(response: SigninResponse, id_token: string): SigninResponse;
		protected _processCode(response: SigninResponse, state: SigninState): Promise<void>;
		protected _validateIdTokenAttributes(response: SigninResponse, currentToken?: string): void;
		}
		@@ -653,4 +802,3 @@
		token: string;
		token_type_hint: "access_token" \| "refresh_token";
		optional?: boolean;
		token_type_hint?: "access_token" \| "refresh_token";
		}
		@@ -661,9 +809,14 @@
		*/
		export declare type RevokeTokensTypes = UserManagerSettings["revokeTokenTypes"];

		/**
		* @public
		*/
		export declare class SessionMonitor {
		private readonly _userManager;
		private readonly _logger;
		private readonly _userManager;
		private _sub;
		private _sid;
		private _checkSessionIFrame?;
		constructor(userManager: UserManager);
		constructor(_userManager: UserManager);
		protected _init(): Promise<void>;
		@@ -752,26 +905,26 @@ protected _start: (user: User \| {
		export declare class SigninResponse {
		readonly code: string;
		readonly state_id: string \| undefined;
		readonly state: string \| null;
		/** @see {@link User.session_state} */
		readonly session_state: string \| null;
		/** @see {@link ErrorResponse.error} */
		error: string \| undefined;
		readonly error: string \| null;
		/** @see {@link ErrorResponse.error_description} */
		error_description: string \| undefined;
		readonly error_description: string \| null;
		/** @see {@link ErrorResponse.error_uri} */
		error_uri: string \| undefined;
		readonly error_uri: string \| null;
		readonly code: string \| null;
		/** @see {@link User.id_token} */
		id_token: string \| undefined;
		/** @see {@link User.session_state} */
		session_state: string \| undefined;
		id_token?: string;
		/** @see {@link User.access_token} */
		access_token: string;
		/** @see {@link User.refresh_token} */
		refresh_token: string \| undefined;
		/** @see {@link User.token_type} */
		token_type: string;
		/** @see {@link User.refresh_token} */
		refresh_token?: string;
		/** @see {@link User.scope} */
		scope: string \| undefined;
		scope?: string;
		/** @see {@link User.expires_at} */
		expires_at: number \| undefined;
		/** custom "state", which can be used by a caller to have "data" round tripped */
		state: unknown;
		expires_at?: number;
		/** custom state data set during the initial signin request */
		userState: unknown;
		/** @see {@link User.profile} */
		@@ -782,5 +935,3 @@ profile: UserProfile;
		set expires_in(value: number \| undefined);
		get expired(): boolean \| undefined;
		get scopes(): string[];
		get isOpenIdConnect(): boolean;
		get isOpenId(): boolean;
		}
		@@ -871,11 +1022,11 @@
		export declare class SignoutResponse {
		readonly state_id: string \| undefined;
		readonly state: string \| null;
		/** @see {@link ErrorResponse.error} */
		error: string \| undefined;
		error: string \| null;
		/** @see {@link ErrorResponse.error_description} */
		error_description: string \| undefined;
		error_description: string \| null;
		/** @see {@link ErrorResponse.error_uri} */
		error_uri: string \| undefined;
		/** custom "state", which can be used by a caller to have "data" round tripped */
		state: unknown;
		error_uri: string \| null;
		/** custom state data set during the initial signin request */
		userState: unknown;
		constructor(params: URLSearchParams);
		@@ -937,9 +1088,14 @@ }
		private readonly _settings;
		private readonly _metadataService;
		private readonly _logger;
		private readonly _jsonService;
		private readonly _metadataService;
		constructor(settings: OidcClientSettingsStore, metadataService: MetadataService);
		constructor(_settings: OidcClientSettingsStore, _metadataService: MetadataService);
		exchangeCode({ grant_type, redirect_uri, client_id, client_secret, ...args }: ExchangeCodeArgs): Promise<Record<string, unknown>>;
		exchangeRefreshToken({ grant_type, client_id, client_secret, ...args }: ExchangeRefreshTokenArgs): Promise<Record<string, unknown>>;
		revoke({ optional, ...args }: RevokeArgs): Promise<void>;
		/**
		* Revoke an access or refresh token.
		*
		* @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
		*/
		revoke(args: RevokeArgs): Promise<void>;
		}
		@@ -955,5 +1111,5 @@
		*/
		id_token: string \| undefined;
		id_token?: string;
		/** The session state value returned from the OIDC provider. */
		session_state: string \| undefined;
		session_state: string \| null;
		/**
		@@ -969,16 +1125,16 @@ * The requested access token returned from the OIDC provider. The application can use this token to
		*/
		refresh_token: string \| undefined;
		refresh_token?: string;
		/** Typically "Bearer" */
		token_type: string;
		/** The scopes that the requested access token is valid for. */
		scope: string \| undefined;
		scope?: string;
		/** The claims represented by a combination of the `id_token` and the user info endpoint. */
		profile: UserProfile;
		/** The expires at returned from the OIDC provider. */
		expires_at: number \| undefined;
		/** custom "state", which can be used by a caller to have "data" round tripped */
		readonly state: unknown \| undefined;
		expires_at?: number;
		/** custom state data set during the initial signin request */
		readonly state: unknown;
		constructor(args: {
		id_token?: string;
		session_state?: string;
		session_state?: string \| null;
		access_token: string;
		@@ -990,8 +1146,8 @@ refresh_token?: string;
		expires_at?: number;
		state?: unknown;
		userState?: unknown;
		});
		/** Calculated number of seconds the access token has remaining. */
		/** Computed number of seconds the access token has remaining. */
		get expires_in(): number \| undefined;
		set expires_in(value: number \| undefined);
		/** Calculated value indicating if the access token is expired. */
		/** Computed value indicating if the access token is expired. */
		get expired(): boolean \| undefined;
		@@ -1008,8 +1164,8 @@ /** Array representing the parsed values from the `scope`. */
		declare class UserInfoService {
		private readonly _metadataService;
		protected readonly _logger: Logger;
		private _jsonService;
		private _metadataService;
		constructor(metadataService: MetadataService);
		getClaims(token: string): Promise<JwtPayload>;
		protected _getClaimsFromJwt: (responseText: string) => Promise<JwtPayload>;
		private readonly _jsonService;
		constructor(_metadataService: MetadataService);
		getClaims(token: string): Promise<JwtClaims>;
		protected _getClaimsFromJwt: (responseText: string) => Promise<JwtClaims>;
		}
		@@ -1039,3 +1195,2 @@
		protected readonly _sessionMonitor: SessionMonitor \| null;
		protected readonly _tokenClient: TokenClient;
		constructor(settings: UserManagerSettings);
		@@ -1075,4 +1230,3 @@ /** Returns an object used to register for events raised by the `UserManager`. */
		signinSilent(args?: SigninSilentArgs): Promise<User \| null>;
		protected _useRefreshToken(user: User): Promise<User>;
		protected _validateIdTokenFromTokenRefreshToken(profile: UserProfile, id_token: string): Promise<void>;
		protected _useRefreshToken(state: RefreshState): Promise<User>;
		/**
		@@ -1110,4 +1264,4 @@ * Returns promise to notify the parent window of response from the authorization endpoint.
		protected _signoutEnd(url: string): Promise<SignoutResponse>;
		revokeAccessToken(): Promise<void>;
		protected _revokeInternal(user: User \| null, optional: boolean): Promise<boolean>;
		revokeTokens(types?: RevokeTokensTypes): Promise<void>;
		protected _revokeInternal(user: User \| null, types?: ("access_token" \| "refresh_token")[]): Promise<void>;
		/**
		@@ -1134,8 +1288,9 @@ * Enables silent renew for the `UserManager`.
		export declare class UserManagerEvents extends AccessTokenEvents {
		private _userLoaded;
		private _userUnloaded;
		private _silentRenewError;
		private _userSignedIn;
		private _userSignedOut;
		private _userSessionChanged;
		protected readonly _logger: Logger;
		private readonly _userLoaded;
		private readonly _userUnloaded;
		private readonly _silentRenewError;
		private readonly _userSignedIn;
		private readonly _userSignedOut;
		private readonly _userSessionChanged;
		constructor(settings: UserManagerSettingsStore);
		@@ -1246,4 +1401,10 @@ load(user: User, raiseEvent?: boolean): void;
		stopCheckSessionOnError?: boolean;
		/**
		* The `token_type_hint`s to pass to the authority server by default (default: ["access_token", "refresh_token"])
		*
		* Token types will be revoked in the same order as they are given here.
		*/
		revokeTokenTypes?: ("access_token" \| "refresh_token")[];
		/** Will invoke the revocation endpoint on signout if there is an access token for the user (default: false) */
		revokeAccessTokenOnSignout?: boolean;
		revokeTokensOnSignout?: boolean;
		/** The number of seconds before an access token is to expire to raise the accessTokenExpiring event (default: 60) */
		@@ -1280,3 +1441,4 @@ accessTokenExpiringNotificationTimeInSeconds?: number;
		readonly stopCheckSessionOnError: boolean;
		readonly revokeAccessTokenOnSignout: boolean;
		readonly revokeTokenTypes: ("access_token" \| "refresh_token")[];
		readonly revokeTokensOnSignout: boolean;
		readonly accessTokenExpiringNotificationTimeInSeconds: number;
		@@ -1289,56 +1451,5 @@ readonly userStore: WebStorageStateStore;
		* Holds claims represented by a combination of the `id_token` and the user info endpoint.
		* @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
		*
		* @public
		*/
		export declare interface UserProfile {
		/** Identifier for the End-User at the Issuer */
		sub?: string;
		sid?: string;
		azp?: string;
		at_hash?: string;
		auth_time?: number;
		/** End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences */
		name?: string;
		/** Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters. */
		given_name?: string;
		/** Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters. */
		family_name?: string;
		/** Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used. */
		middle_name?: string;
		/** Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael. */
		nickname?: string;
		/** Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe */
		preferred_username?: string;
		/** URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User. */
		profile?: string;
		/** URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User. */
		picture?: string;
		/** URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with. */
		website?: string;
		/** End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 addr-spec syntax. */
		email?: string;
		/** True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. */
		email_verified?: boolean;
		/** End-User's gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable. */
		gender?: string;
		/** End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates. */
		birthdate?: string;
		/** String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles. */
		zoneinfo?: string;
		/** End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; */
		locale?: string;
		/** End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678. */
		phone_number?: string;
		/** True if the End-User's phone number has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format. */
		phone_number_verified?: boolean;
		/** End-User's preferred postal address. The value of the address member is a JSON structure containing some or all of the members defined in the standard.
		*
		* @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
		*/
		address?: Record<string, unknown>;
		/** Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. */
		updated_at?: number;
		[claim: string]: unknown;
		}
		export declare type UserProfile = IdTokenClaims;

		@@ -1374,5 +1485,5 @@ /**
		export declare class WebStorageStateStore implements StateStore {
		private _logger;
		private _store;
		private _prefix;
		private readonly _logger;
		private readonly _store;
		private readonly _prefix;
		constructor({ prefix, store }?: {
		@@ -1379,0 +1490,0 @@ prefix?: string \| undefined;

dist/types/tsdoc-metadata.json

		@@ -8,5 +8,5 @@ // This file is read by tools that parse documentation comments conforming to the TSDoc standard.
		"packageName": "@microsoft/api-extractor",
		"packageVersion": "7.19.2"
		"packageVersion": "7.19.4"
		}
		]
		}

package.json

		{
		"name": "oidc-client-ts",
		"version": "2.0.0-rc.3",
		"version": "2.0.0-rc.4",
		"description": "OpenID Connect (OIDC) & OAuth2 client library",
		@@ -53,7 +53,7 @@ "repository": {
		"@types/jest": "^27.0.2",
		"@typescript-eslint/eslint-plugin": "^4.31.1",
		"@typescript-eslint/parser": "^4.31.1",
		"@typescript-eslint/eslint-plugin": "^5.8.0",
		"@typescript-eslint/parser": "^5.8.0",
		"esbuild": "^0.14.0",
		"eslint": "^7.32.0",
		"eslint-plugin-testing-library": "^5.0.0",
		"eslint": "^8.5.0",
		"eslint-plugin-testing-library": "^5.0.1",
		"http-proxy-middleware": "^2.0.1",
		@@ -60,0 +60,0 @@ "husky": "^7.0.2",

dist/browser/oidc-client-ts.js

Sorry, the diff of this file is too big to display

dist/browser/oidc-client-ts.js.map

Sorry, the diff of this file is not supported yet

dist/browser/oidc-client-ts.min.js

Sorry, the diff of this file is too big to display

dist/browser/oidc-client-ts.min.js.map

Sorry, the diff of this file is not supported yet

dist/esm/oidc-client-ts.js

Sorry, the diff of this file is too big to display

dist/esm/oidc-client-ts.js.map

Sorry, the diff of this file is not supported yet

dist/umd/oidc-client-ts.js

Sorry, the diff of this file is too big to display

dist/umd/oidc-client-ts.js.map

Sorry, the diff of this file is not supported yet

oidc-client-ts - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics