feat(iframe-manager): create-iframe-manager

create an iframe manager package which is consumed by davinci-client.

Updated types throughout the codebase

Author: ryanbas21

nx.json

@@ -70,7 +70,7 @@
     },
     "test": {
       "inputs": ["default", "^default", "noMarkdown", "^noMarkdown"],
-      "dependsOn": ["^test", "^build"],
+      "dependsOn": ["^test", "^build", "^build"],
       "outputs": ["{projectRoot}/coverage"],
       "cache": true
     },

packages/davinci-client/src/lib/config.types.test-d.ts

@@ -6,7 +6,7 @@
  */
 import { describe, expectTypeOf, it } from 'vitest';
 import type { DaVinciConfig, InternalDaVinciConfig } from './config.types.js';
-import type { AsyncLegacyConfigOptions } from '@forgerock/sdk-types';
+import type { AsyncLegacyConfigOptions, AuthorizeUrl } from '@forgerock/sdk-types';
 import type { WellknownResponse } from './wellknown.types.js';
 
 describe('Config Types', () => {
@@ -48,7 +48,7 @@ describe('Config Types', () => {
       const config: InternalDaVinciConfig = {
         wellknownResponse: {
           issuer: 'https://example.com',
-          authorization_endpoint: 'https://example.com/auth',
+          authorization_endpoint: 'https://example.com/auth' as AuthorizeUrl,
           token_endpoint: 'https://example.com/token',
           userinfo_endpoint: 'https://example.com/userinfo',
           jwks_uri: 'https://example.com/jwks',
@@ -97,7 +97,7 @@ describe('Config Types', () => {
         // InternalDaVinciConfig specific property
         wellknownResponse: {
           issuer: 'https://example.com',
-          authorization_endpoint: 'https://example.com/auth',
+          authorization_endpoint: 'https://example.com/auth' as AuthorizeUrl,
           token_endpoint: 'https://example.com/token',
           userinfo_endpoint: 'https://example.com/userinfo',
           jwks_uri: 'https://example.com/jwks',
@@ -135,7 +135,7 @@ describe('WellknownResponse', () => {
   it('should have all required OIDC properties', () => {
     const wellknown: WellknownResponse = {
       issuer: 'https://example.com',
-      authorization_endpoint: 'https://example.com/auth',
+      authorization_endpoint: 'https://example.com/auth' as AuthorizeUrl,
       token_endpoint: 'https://example.com/token',
       userinfo_endpoint: 'https://example.com/userinfo',
       jwks_uri: 'https://example.com/jwks',
@@ -178,7 +178,7 @@ describe('WellknownResponse', () => {
   it('should allow optional OIDC properties', () => {
     const wellknownWithOptionals: WellknownResponse = {
       issuer: 'https://example.com',
-      authorization_endpoint: 'https://example.com/auth',
+      authorization_endpoint: 'https://example.com/auth' as AuthorizeUrl,
       token_endpoint: 'https://example.com/token',
       userinfo_endpoint: 'https://example.com/userinfo',
       jwks_uri: 'https://example.com/jwks',
@@ -233,7 +233,7 @@ describe('WellknownResponse', () => {
   it('should enforce URL format for endpoint properties', () => {
     const wellknown: WellknownResponse = {
       issuer: 'https://example.com',
-      authorization_endpoint: 'https://example.com/auth',
+      authorization_endpoint: 'https://example.com/auth' as AuthorizeUrl,
       token_endpoint: 'https://example.com/token',
       userinfo_endpoint: 'https://example.com/userinfo',
       jwks_uri: 'https://example.com/jwks',

packages/davinci-client/src/lib/wellknown.types.ts

@@ -1,3 +1,5 @@
+import { AuthorizeUrl } from '@forgerock/sdk-types';
+
 /*
  * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
  *
@@ -6,7 +8,7 @@
  */
 export interface WellknownResponse {
   issuer: string;
-  authorization_endpoint: string;
+  authorization_endpoint: AuthorizeUrl;
   pushed_authorization_request_endpoint: string;
   token_endpoint: string;
   userinfo_endpoint: string;
@@ -36,7 +38,7 @@ export interface WellknownResponse {
 }
 
 export interface Endpoints {
-  authorize: string;
+  authorize: AuthorizeUrl;
   issuer: string;
   introspection: string;
   tokens: string;

packages/sdk-effects/iframe-manager/README.md

@@ -0,0 +1,11 @@
+# iframe-manager
+
+This library was generated with [Nx](https://nx.dev).
+
+## Building
+
+Run `nx build iframe-manager` to build the library.
+
+## Running unit tests
+
+Run `nx test iframe-manager` to execute the unit tests via [Vitest](https://vitest.dev/).

packages/sdk-effects/iframe-manager/eslint.config.mjs

@@ -0,0 +1,22 @@
+import baseConfig from '../../../eslint.config.mjs';
+
+export default [
+  ...baseConfig,
+  {
+    files: ['**/*.json'],
+    rules: {
+      '@nx/dependency-checks': [
+        'error',
+        {
+          ignoredFiles: [
+            '{projectRoot}/eslint.config.{js,cjs,mjs}',
+            '{projectRoot}/vite.config.{js,ts,mjs,mts}',
+          ],
+        },
+      ],
+    },
+    languageOptions: {
+      parser: await import('jsonc-eslint-parser'),
+    },
+  },
+];

packages/sdk-effects/iframe-manager/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "@forgerock/iframe-manager",
+  "version": "0.0.1",
+  "private": false,
+  "type": "module",
+  "main": "./dist/src/index.js",
+  "module": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js",
+      "default": "./dist/src/index.js"
+    }
+  },
+  "dependencies": {
+    "@forgerock/sdk-request-middleware": "workspace:*",
+    "@forgerock/sdk-utilities": "workspace:*",
+    "@forgerock/sdk-types": "workspace:*",
+    "tslib": "^2.3.0"
+  },
+  "nx": {
+    "tags": ["scope:sdk-effects"]
+  }
+}

packages/sdk-effects/iframe-manager/src/index.ts

@@ -0,0 +1 @@
+export * from './lib/iframe-manager.effects.js';

packages/sdk-effects/iframe-manager/src/lib/iframe-manager.effects.ts

@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+
+/* eslint-disable @typescript-eslint/no-empty-function */
+import { AuthorizeUrl } from '@forgerock/sdk-types';
+
+// Define specific options for the iframe request
+export interface IframeRequestOptions {
+  url: string;
+  timeout: number;
+  // Specify query parameters expected on success/error if needed,
+  // otherwise, parse all parameters found.
+  // Example: expectedParams?: string[];
+}
+
+type ResolvedParams<T> = Record<string, T>;
+
+type Noop = () => void;
+
+/**
+ * Initializes the Iframe Manager effect.
+ * This follows the functional effect pattern, returning an API
+ * within a closure. Configuration could be passed here if needed
+ * for default behaviors (e.g., default timeout), but currently,
+ * all config is per-request.
+ *
+ * @returns An object containing the API for managing iframe requests.
+ */
+export default function iframeManagerInit(/*config: OAuthConfig*/) {
+  /**
+   * Creates an iframe to make a background request to the specified URL,
+   * waits for a redirect, and resolves with the query parameters from the
+   * redirect URL.
+   *
+   * @param options - The options for the iframe request (URL, timeout).
+   * @returns A Promise that resolves with the query parameters from the redirect URL or rejects on timeout or error.
+   */
+  const getAuthCodeByIFrame = (options: {
+    url: AuthorizeUrl;
+    requestTimeout: number;
+  }): Promise<ResolvedParams<string>> => {
+    const { url, requestTimeout } = options;
+
+    return new Promise((resolve, reject) => {
+      let iframe: HTMLIFrameElement | null = document.createElement('iframe');
+      let timerId: number | ReturnType<typeof setTimeout> | null = null;
+
+      // Define these within the promise closure to avoid retaining
+      // references after completion.
+      let onLoadHandler: () => void = () => {};
+      let cleanup: Noop = () => {};
+
+      cleanup = (): void => {
+        if (timerId) {
+          clearTimeout(timerId);
+          timerId = null;
+        }
+        if (iframe) {
+          iframe.removeEventListener('load', onLoadHandler);
+          // Check if iframe is still mounted before removing
+          if (iframe.parentNode) {
+            iframe.remove();
+          }
+          iframe = null; // Dereference iframe for garbage collection
+        }
+        onLoadHandler = () => {};
+        cleanup = () => {};
+      };
+
+      onLoadHandler = (): void => {
+        try {
+          // Accessing contentWindow or contentDocument can throw cross-origin errors
+          // if the iframe navigated to a different origin unexpectedly before redirecting back.
+          // We expect the final navigation to be back to the original redirect_uri origin.
+          if (iframe && iframe.contentWindow) {
+            const newHref = iframe.contentWindow.location.href;
+
+            // Avoid processing 'about:blank' or initial load if it's not the target URL
+            if (
+              newHref === 'about:blank' ||
+              !newHref.startsWith(options.url.substring(0, options.url.indexOf('?')))
+            ) {
+              // Check if the newHref origin matches expected redirect_uri origin if possible
+              // Or simply check if it contains expected parameters.
+              // For now, we proceed assuming any load could be the redirect.
+            }
+
+            const redirectUrl = new URL(newHref);
+            const params: ResolvedParams<string> = {};
+            redirectUrl.searchParams.forEach((value, key) => {
+              params[key] = value;
+            });
+
+            // Check for standard OAuth error parameters
+            if (params.error) {
+              cleanup();
+              // Reject with error details from the URL
+              reject(
+                new Error(
+                  `Authorization error: ${params.error}. Description: ${params.error_description || 'N/A'}`,
+                ),
+              );
+            } else if (Object.keys(params).length > 0) {
+              // Assume success if parameters are present and no error param exists
+              // More specific checks (e.g., for 'code' or 'state') could be added here
+              // based on `options.expectedParams` if provided.
+              cleanup();
+              resolve(params);
+            }
+            // If no params and no error, it might be an intermediate step,
+            // The timeout will eventually handle non-resolving states.
+          }
+        } catch (error) {
+          // Catch potential cross-origin errors or other issues accessing iframe content
+          cleanup();
+          reject(
+            new Error(
+              `Failed to process iframe response: ${error instanceof Error ? error.message : String(error)}`,
+            ),
+          );
+        }
+      };
+
+      timerId = setTimeout(() => {
+        cleanup();
+        reject(new Error(`Iframe request timed out after ${requestTimeout}ms`));
+      }, requestTimeout);
+
+      if (iframe) {
+        iframe.style.display = 'none';
+        iframe.addEventListener('load', onLoadHandler);
+        document.body.appendChild(iframe);
+        iframe.src = url; // Start the loading process
+      } else {
+        // Should not happen, but handle defensively
+        reject(new Error('Failed to create iframe element'));
+      }
+    });
+  };
+
+  // Return the public API
+  return {
+    getAuthCodeByIFrame,
+  };
+}

packages/sdk-effects/iframe-manager/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "files": [],
+  "include": [],
+  "references": [
+    {
+      "path": "../../sdk-types"
+    },
+    {
+      "path": "../../sdk-utilities"
+    },
+    {
+      "path": "../sdk-request-middleware"
+    },
+    {
+      "path": "./tsconfig.lib.json"
+    },
+    {
+      "path": "./tsconfig.spec.json"
+    }
+  ],
+  "nx": {
+    "addTypecheckTarget": false
+  }
+}

packages/sdk-effects/iframe-manager/tsconfig.lib.json

@@ -0,0 +1,44 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "compilerOptions": {
+    "baseUrl": ".",
+    "outDir": "dist",
+    "tsBuildInfoFile": "dist/tsconfig.lib.tsbuildinfo",
+    "emitDeclarationOnly": false,
+    "module": "nodenext",
+    "moduleResolution": "nodenext",
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "importHelpers": true,
+    "noImplicitOverride": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "types": ["node"]
+  },
+  "include": ["src/**/*.ts"],
+  "references": [
+    {
+      "path": "../../sdk-types/tsconfig.lib.json"
+    },
+    {
+      "path": "../../sdk-utilities/tsconfig.lib.json"
+    },
+    {
+      "path": "../sdk-request-middleware/tsconfig.lib.json"
+    }
+  ],
+  "exclude": [
+    "vite.config.ts",
+    "vite.config.mts",
+    "vitest.config.ts",
+    "vitest.config.mts",
+    "src/**/*.test.ts",
+    "src/**/*.spec.ts",
+    "src/**/*.test.tsx",
+    "src/**/*.spec.tsx",
+    "src/**/*.test.js",
+    "src/**/*.spec.js",
+    "src/**/*.test.jsx",
+    "src/**/*.spec.jsx"
+  ]
+}