/** * @hidden */ import type { ILoginInputOptions, ISessionInfo, IStorage, ISessionEventListener, IHasSessionEventListener, ILogoutOptions, SessionTokenSet, AuthorizationRequestState } from "@inrupt/solid-client-authn-core"; import { InMemoryStorage } from "@inrupt/solid-client-authn-core"; import type ClientAuthentication from "./ClientAuthentication"; import IssuerConfigFetcher from "./login/oidc/IssuerConfigFetcher"; export interface ISessionOptions { /** * A private storage, unreachable to other scripts on the page. Typically in-memory. * This is deprecated in the NodeJS environment, since there is no issue getting * a storage both private and persistent. If both `secureStorage` and its intended * replacement `storage` are set, `secureStorage` will be ignored. * * @deprecated */ secureStorage: IStorage; /** * A storage where non-sensitive information may be stored, potentially longer-lived * than the secure storage. This is deprecated in the NodeJS environment, since there * is no issue getting a storage both private and persistent. If both `insecureStorage` * and its intended replacement `storage` are set, `insecureStorage` will be ignored. * * @deprecated */ insecureStorage: IStorage; /** * A private storage where sensitive information may be stored, such as refresh * tokens. The `storage` option aims at eventually replacing the legacy `secureStorage` * and `insecureStorage`, which are named inaccurately and will be eventually deprecated. * @since X.Y.Z */ storage: IStorage; /** * Details about the current session */ sessionInfo: ISessionInfo; /** * An instance of the library core. Typically obtained using `getClientAuthenticationWithDependencies`. */ clientAuthentication: ClientAuthentication; /** * A boolean flag indicating whether a session should be constantly kept alive in the background. */ keepAlive: boolean; } /** * If no external storage is provided, this storage gets used. * @hidden This is for internal use only. */ export declare const defaultStorage: InMemoryStorage; /** * Default cache for OpenID Providers configurations. * @hidden this is for internal use only. */ export declare const issuerConfigFetcher: IssuerConfigFetcher; /** * A {@link Session} object represents a user's session on an application. The session holds state, as it stores information enabling access to private resources after login for instance. */ export declare class Session implements IHasSessionEventListener { /** * Information regarding the current session. */ readonly info: ISessionInfo; /** * Session attribute exposing the EventEmitter interface, to listen on session * events such as login, logout, etc. * @since 1.14.0 */ readonly events: ISessionEventListener; private clientAuthentication; private tokenRequestInProgress; private lastTimeoutHandle; private config; /** * Creates a session from auth state information (code verifier and state) * This is useful for continuing the auth code flow after storing the auth state * in an external database in clustered deployments. * * @param authorizationRequestState Object containing codeVerifier and state needed to continue the auth flow * @param sessionId Optional ID for the session, if not provided a random UUID will be generated * @returns A Session instance with enough context to continue the auth code flow * @since 2.5.0 * @example * ```typescript * const session = Session.fromAuthorizationRequestState(authorizationRequestState, "my-session-id"); * * // Use the restored session * const info = await session.handleIncomingRedirect(originalUrl); * ``` */ static fromAuthorizationRequestState(authorizationRequestState: AuthorizationRequestState, sessionId?: string | undefined): Promise; /** * Creates a session from a set of tokens without requiring a full login flow. * This is useful for scenarios where you already have tokens from another source * and want to create an authenticated session directly. * * @param sessionTokenSet The token set to use for authentication * @param sessionId Optional ID for the session, if not provided a random UUID will be generated * @returns A Session instance * @since 2.4.0 * @example * ```typescript * const session = Session.fromTokens(mySessionTokenSet, "my-session-id"); * * // Use the authenticated session * const response = await session.fetch("https://pod.example.com/private-resource"); * ``` */ static fromTokens(sessionTokenSet: SessionTokenSet, sessionId?: string | undefined): Promise; /** * Session object constructor. Typically called as follows: * * ```typescript * const session = new Session( * { * clientAuthentication: getClientAuthenticationWithDependencies({}) * }, * "mySession" * ); * ``` * @param sessionOptions The options enabling the correct instantiation of * the session. Either both storages or clientAuthentication are required. For * more information, see {@link ISessionOptions}. * @param sessionId A string uniquely identifying the session. * */ constructor(sessionOptions?: Partial, sessionId?: string | undefined); /** * Triggers the login process. Note that this method will redirect the user away from your app. * * @param options Parameter to customize the login behaviour. In particular, two options are mandatory: `options.oidcIssuer`, the user's identity provider, and `options.redirectUrl`, the URL to which the user will be redirected after logging in their identity provider. * @returns This method should redirect the user away from the app: it does not return anything. The login process is completed by {@linkcode handleIncomingRedirect}. */ login: (options?: ILoginInputOptions) => Promise; /** * Fetches data using available login information. If the user is not logged in, this will behave as a regular `fetch`. The signature of this method is identical to the [canonical `fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API). * * @param url The URL from which data should be fetched. * @param init Optional parameters customizing the request, by specifying an HTTP method, headers, a body, etc. Follows the [WHATWG Fetch Standard](https://fetch.spec.whatwg.org/). */ fetch: typeof fetch; /** * Logs the user out of the application. * * There are 2 types of logout supported by this library, * `app` logout and `idp` logout. * * App logout will log the user out within the application * by clearing any session data from the browser. It does * not log the user out of their Solid identity provider, * and should not redirect the user away. * App logout can be performed as follows: * ```typescript * await session.logout({ logoutType: 'app' }); * ``` * * IDP logout will log the user out of their Solid identity provider, * and will redirect the user away from the application to do so. In order * for users to be redirected back to `postLogoutUrl` you MUST include the * `postLogoutUrl` value in the `post_logout_redirect_uris` field in the * [Client ID Document](https://docs.inrupt.com/ess/latest/security/authentication/#client-identifier-client-id). * IDP logout can be performed as follows: * ```typescript * await session.logout({ * logoutType: 'idp', * // An optional URL to redirect to after logout has completed; * // this MUST match a logout URL listed in the Client ID Document * // of the application that is logged in. * // If the application is logged in with a Client ID that is not * // a URI dereferencing to a Client ID Document then users will * // not be redirected back to the `postLogoutUrl` after logout. * postLogoutUrl: 'https://example.com/logout', * // An optional value to be included in the query parameters * // when the IDP provider redirects the user to the postLogoutRedirectUrl. * state: "my-state" * }); * ``` */ logout: (options?: ILogoutOptions) => Promise; private internalLogout; private expire; /** * Completes the login process by processing the information provided by the identity provider through redirect. * * @param url The URL of the page handling the redirect, including the query parameters — these contain the information to process the login. */ handleIncomingRedirect: (url: string) => Promise; }