replace Inrupt by Uvdsl OIDC client

jest.config.mjs

@@ -11,6 +11,10 @@ export default {
   transform: {
     '^.+\\.[tj]sx?$': ['babel-jest', { configFile: './babel.config.mjs' }],
   },
+  moduleNameMapper: {
+    '^@uvdsl/solid-oidc-client-browser$': '<rootDir>/test/mocks/solid-oidc-client-browser.ts',
+    '^@uvdsl/solid-oidc-client-browser/core$': '<rootDir>/test/mocks/solid-oidc-client-browser.ts',
+  },
   setupFilesAfterEnv: ['./test/helpers/setup.ts'],
   testMatch: ['**/__tests__/**/*.ts?(x)', '**/?(*.)+(spec|test).ts?(x)'],
   roots: ['<rootDir>/src', '<rootDir>/test'],

package.json

@@ -27,6 +27,7 @@
     "build-dist": "webpack --progress",
     "postbuild-js": "rm -f dist/versionInfo.d.ts dist/versionInfo.d.ts.map",
     "lint": "eslint",
+    "lint-fix": "eslint --fix",
     "typecheck": "tsc --noEmit",
     "typecheck-test": "tsc --noEmit -p tsconfig.test.json",
     "test": "jest --no-coverage",
@@ -72,10 +73,10 @@
     "webpack-cli": "^7.0.2"
   },
   "dependencies": {
-    "@inrupt/solid-client-authn-browser": "^4.0.0",
+    "@uvdsl/solid-oidc-client-browser": "^0.2.2",
     "solid-namespace": "^0.5.4"
   },
   "peerDependencies": {
-    "rdflib": "^2.3.7"
+    "rdflib": "^2.3.9"
   }
 }

src/authSession/authSession.ts

@@ -1,7 +1,93 @@
-import {
-  Session,
-} from '@inrupt/solid-client-authn-browser'
+/**
+ * Auth session wiring.
+ *
+ * Takes the raw OIDC session from session.ts and layers on:
+ *   - Login compatibility shim (normalises legacy call-site signatures
+ *     and resolves the canonical issuer)
+ *   - SessionEvents shim (legacy EventEmitter-style API)
+ *   - Logout listener (emits 'logout' on session deactivation)
+ *
+ * Exports the fully assembled authSession.
+ */
 
-export const authSession = new Session()
+import type { Session as OidcSession } from '@uvdsl/solid-oidc-client-browser/core'
+import { _session } from './session'
+import { resolveIssuerForLogin } from './issuer'
+import { SessionEvents } from './events'
 
+type SessionCompatibilityShape = {
+  webId?: string
+  isActive?: boolean
+  info?: {
+    webId?: string
+    isLoggedIn?: boolean
+  }
+  fetch?: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>
+  authFetch?: (input: string | URL | Request, init?: RequestInit, dpopPayload?: any) => Promise<Response>
+}
+
+export type SessionWithLegacyEvents = OidcSession & SessionCompatibilityShape & { events: SessionEvents }
+
+// ---------------------------------------------------------------------------
+// Login compatibility shim
+// ---------------------------------------------------------------------------
+// Wraps _session.login() so that call sites with different calling
+// conventions all work.  The underlying session expects:
+//   login(issuer: string, redirectUrl: string)
+//
+// idpOrOptions can be:
+//   - a string (issuer URL) — passed through with less resolution
+//   - an options object with any of these field-name variants:
+//       issuer:   oidcIssuer | idp | issuer
+//       redirect: redirectUrl | redirect_uri | redirectUri
+//     (all redirect field names map to the same value: the URL the IdP
+//     should send the browser back to after authentication)
+//   - anything else — passed through to the underlying session as-is
+//
+// In all cases the issuer is resolved through
+// /.well-known/openid-configuration before redirect so the canonical
+// issuer host is used.
+
+const sessionAny = _session as any
+const originalLogin = typeof sessionAny.login === 'function'
+  ? sessionAny.login.bind(_session)
+  : undefined
+
+if (originalLogin) {
+  sessionAny.login = async (idpOrOptions: any, redirectUri?: string) => {
+    if (idpOrOptions && typeof idpOrOptions === 'object' && !Array.isArray(idpOrOptions)) {
+      const oidcIssuer = idpOrOptions.oidcIssuer ?? idpOrOptions.idp ?? idpOrOptions.issuer
+      const redirectUrl = idpOrOptions.redirectUrl ?? idpOrOptions.redirect_uri ?? idpOrOptions.redirectUri
+      if (typeof oidcIssuer === 'string' && typeof redirectUrl === 'string') {
+        return originalLogin(await resolveIssuerForLogin(oidcIssuer), redirectUrl)
+      }
+    }
+    if (typeof idpOrOptions === 'string') {
+      return originalLogin(await resolveIssuerForLogin(idpOrOptions), redirectUri)
+    }
+    return originalLogin(idpOrOptions, redirectUri)
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Legacy event layer
+// ---------------------------------------------------------------------------
+
+const events = new SessionEvents()
+
+// Emit the legacy 'logout' event when the session transitions from active to inactive.
+// 'login' and 'sessionRestore' are emitted in SolidAuthnLogic.checkUser()
+// because only that call site knows which path activated the session.
+let _wasActive = (_session as any).isActive ?? Boolean((_session as any).webId)
+if (typeof (_session as unknown as EventTarget).addEventListener === 'function') {
+  ;(_session as unknown as EventTarget).addEventListener('sessionStateChange', () => {
+    const isNowActive = (_session as any).isActive ?? Boolean((_session as any).webId)
+    if (_wasActive && !isNowActive) {
+      events.emit('logout')
+    }
+    _wasActive = isNowActive
+  })
+}
+
+export const authSession: SessionWithLegacyEvents = Object.assign(_session, { events })
 

src/authSession/events.ts

@@ -0,0 +1,35 @@
+/**
+ * Legacy event compatibility layer.
+ *
+ * Pure EventEmitter-style shim — no side effects, no uvdsl dependencies.
+ * Wired into the auth session by authSession.ts.
+ */
+
+type LegacyEventName = 'login' | 'logout' | 'sessionRestore'
+type LegacyEventHandler = (...args: unknown[]) => void
+
+/**
+ * Minimal EventEmitter-style shim so that existing consumers using
+ * `authSession.events.on('login' | 'logout' | 'sessionRestore', handler)`
+ * continue working without modification.
+ *
+ * Events are emitted by SolidAuthnLogic.checkUser() (login/sessionRestore)
+ * and by the sessionStateChange listener in authSession.ts (logout).
+ */
+export class SessionEvents {
+  private readonly listeners: Map<string, Set<LegacyEventHandler>> = new Map()
+
+  on (event: LegacyEventName, handler: LegacyEventHandler): void {
+    if (!this.listeners.has(event)) this.listeners.set(event, new Set())
+    this.listeners.get(event)!.add(handler)
+  }
+
+  off (event: LegacyEventName, handler: LegacyEventHandler): void {
+    this.listeners.get(event)?.delete(handler)
+  }
+
+  emit (event: LegacyEventName, ...args: unknown[]): void {
+    this.listeners.get(event)?.forEach(h => h(...args))
+  }
+}
+

src/authSession/issuer.ts

@@ -0,0 +1,36 @@
+/**
+ * Issuer discovery utilities.
+ *
+ * Resolves OIDC issuer endpoints from /.well-known/openid-configuration
+ * so that login can use the canonical issuer host.
+ */
+
+async function discoverIssuerFromWellKnown (issuer: string): Promise<string | null> {
+  try {
+    const issuerUrl = new URL(issuer)
+    const wellKnownUrl = new URL('/.well-known/openid-configuration', issuerUrl.origin)
+    const wellKnownResponse = await fetch(wellKnownUrl.toString(), { credentials: 'include' })
+    if (!wellKnownResponse.ok) {
+      return null
+    }
+
+    const wellKnownPayload = await wellKnownResponse.json()
+    if (typeof wellKnownPayload?.issuer !== 'string' || !wellKnownPayload.issuer) {
+      return null
+    }
+
+    return wellKnownPayload.issuer.replace(/\/$/, '')
+  } catch (_err) {
+    return null
+  }
+}
+
+export async function resolveIssuerForLogin (issuer: string): Promise<string> {
+  // Prefer the issuer advertised by discovery; if app and issuer hosts still differ,
+  // redirecting to the canonical issuer host is cleaner than rewriting the issuer here.
+  const discoveredIssuer = await discoverIssuerFromWellKnown(issuer)
+  if (discoveredIssuer) {
+    return discoveredIssuer
+  }
+  return issuer
+}