refactor: PlatformRegistry pattern

e2e/apps/express-oidc/strategy.mjs

@@ -1,4 +1,5 @@
 import { Strategy} from 'passport';
+import { OAuth2Client } from '@okta/auth-foundation';
 import { AuthorizationCodeFlow, SessionLogoutFlow, AuthTransaction } from '@okta/oauth2-flows';
 
 
@@ -20,8 +21,8 @@ export class OIDCStrategy extends Strategy {
   }
 
   async authenticate (req) {
-    const flow = new AuthorizationCodeFlow({
-      ...authParams,
+    const client = new OAuth2Client(authParams);
+    const flow = new AuthorizationCodeFlow(client, {
       redirectUri: 'http://localhost:8080/login/callback'
     });
 
@@ -61,8 +62,8 @@ export class OIDCStrategy extends Strategy {
   }
 
   static async logout (idToken) {
-    const flow = new SessionLogoutFlow({
-      ...authParams,
+    const client = new OAuth2Client(authParams);
+    const flow = new SessionLogoutFlow(client, {
       logoutRedirectUri: 'http://localhost:8080/'
     });
 

e2e/apps/redirect-model/src/apps/orchestrators/pages/ProxyHost.tsx

@@ -1,6 +1,9 @@
-import { AuthorizationCodeFlow } from '@okta/oauth2-flows';
-import { AuthorizationCodeFlowOrchestrator, HostOrchestrator } from '@okta/spa-platform';
-import { FetchClient } from '@okta/spa-platform/fetch';
+import {
+  AuthorizationCodeFlow,
+  AuthorizationCodeFlowOrchestrator,
+  HostOrchestrator,
+  FetchClient
+} from '@okta/spa-platform';
 import { client } from '@/auth';
 import { createMessageComponent } from '../createMessageComponent';
 

e2e/apps/redirect-model/src/apps/orchestrators/pages/Redirect.tsx

@@ -1,8 +1,10 @@
 import { useEffect, useState } from 'react';
 import { useNavigate } from 'react-router';
-import { AuthorizationCodeFlow } from '@okta/oauth2-flows';
-import { AuthorizationCodeFlowOrchestrator } from '@okta/spa-platform';
-import { FetchClient } from '@okta/spa-platform/fetch';
+import {
+  AuthorizationCodeFlow,
+  AuthorizationCodeFlowOrchestrator,
+  FetchClient
+} from '@okta/spa-platform';
 import { client } from '@/auth';
 import { Loading } from '@/component/Loading';
 import { createMessageComponent } from '../createMessageComponent';

e2e/apps/redirect-model/src/apps/orchestrators/pages/Silent.tsx

@@ -1,6 +1,8 @@
-import { AuthorizationCodeFlow } from '@okta/oauth2-flows';
-import { AuthorizationCodeFlowOrchestrator } from '@okta/spa-platform';
-import { FetchClient } from '@okta/spa-platform/fetch';
+import {
+  AuthorizationCodeFlow,
+  AuthorizationCodeFlowOrchestrator,
+  FetchClient
+} from '@okta/spa-platform';
 import { client } from '@/auth';
 import { createMessageComponent } from '../createMessageComponent';
 

e2e/apps/redirect-model/src/auth.tsx

@@ -1,6 +1,10 @@
-import { Credential, OAuth2Client, clearDPoPKeyPairs } from '@okta/spa-platform';
-import { AuthorizationCodeFlow, SessionLogoutFlow } from '@okta/spa-platform/flows';
-import { AuthorizationCodeFlowOrchestrator } from '@okta/spa-platform/orchestrator';
+import {
+  Credential,
+  OAuth2Client,
+  clearDPoPKeyPairs,
+  AuthorizationCodeFlow,
+  SessionLogoutFlow
+} from '@okta/spa-platform';
 
 
 const USE_DPOP = __USE_DPOP__ === "true";

e2e/apps/redirect-model/src/component/LogoutCallback.tsx

@@ -1,7 +1,7 @@
 import { useEffect } from 'react';
 import { useNavigate } from 'react-router';
 import { useSearchParams } from 'react-router-dom';
-import { getSearchParam } from '@okta/auth-foundation';
+import { getSearchParam } from '@okta/spa-platform';
 import { Loading } from './Loading';
 
 

e2e/apps/redirect-model/src/router.tsx

@@ -1,7 +1,5 @@
 import { createBrowserRouter } from 'react-router-dom';
 import { Credential } from '@okta/spa-platform';
-import { AuthorizationCodeFlow } from '@okta/spa-platform/flows';
-import { signInFlow } from '@/auth';
 
 // import Page components
 import { App } from './App';

e2e/apps/token-broker/resource-server/middleware.ts

@@ -1,5 +1,5 @@
 import { MockLayer } from 'vite-plugin-mock-server';
-import { JWT, shortID } from '@okta/auth-foundation';
+import { JWT, shortID } from '@okta/auth-foundation/core';
 
 
 const dpopNonceError = 

e2e/apps/token-broker/src/auth.tsx

@@ -1,6 +1,13 @@
-import { Credential, OAuth2Client, clearDPoPKeyPairs } from '@okta/spa-platform';
-import { AuthorizationCodeFlow, SessionLogoutFlow } from '@okta/spa-platform/flows';
-import { AcrValues, JsonRecord, isOAuth2ErrorResponse } from '@okta/auth-foundation';
+import {
+  Credential,
+  OAuth2Client,
+  clearDPoPKeyPairs,
+  AuthorizationCodeFlow,
+  SessionLogoutFlow,
+  type AcrValues,
+  type JsonRecord,
+  isOAuth2ErrorResponse,
+} from '@okta/spa-platform';
 
 
 const ADMIN_SPA_REFRESH_TOKEN_TAG = 'admin-spa:mordor-token';
@@ -24,7 +31,6 @@ oauthConfig.baseURL = oauthConfig.issuer;
 
 export const client = new OAuth2Client(oauthConfig);
 
-
 // ############# OAuth Flow Instances ############# //
 export const signInFlow = new AuthorizationCodeFlow(client, {
   redirectUri: `${window.location.origin}/login/callback`,

e2e/apps/token-broker/src/broker.tsx

@@ -1,10 +1,12 @@
 import {
+  Credential,
+  Token,
+  HostOrchestrator,
   OAuth2ErrorResponse,
   isOAuth2ErrorResponse,
   hasSameValues,
   AcrValues
-} from '@okta/auth-foundation';
-import { Credential, Token, HostOrchestrator } from '@okta/spa-platform';
+} from '@okta/spa-platform';
 import { signIn, signOutFlow, getMordorToken, handleAcrStepUp } from './auth';
 
 

e2e/apps/token-broker/src/component/LogoutCallback.tsx

@@ -1,7 +1,7 @@
 import { useEffect } from 'react';
 import { useNavigate } from 'react-router';
 import { useSearchParams } from 'react-router-dom';
-import { getSearchParam } from '@okta/auth-foundation';
+import { getSearchParam } from '@okta/spa-platform';
 import { Loading } from './Loading';
 
 

e2e/apps/token-broker/src/resourceClient.ts

@@ -1,5 +1,4 @@
-import { FetchClient } from '@okta/spa-platform/fetch';
-import { HostOrchestrator } from '@okta/spa-platform/orchestrator';
+import { FetchClient, HostOrchestrator, type APIRequest } from '@okta/spa-platform';
 import { customScopes } from '@/auth';
 
 
@@ -11,11 +10,11 @@ orchestrator.defaultTimeout = 15000;
 export const fetchClient = new FetchClient(orchestrator);
 
 // testing APIClient request interceptors
-const interceptor1 = (req: Request) => {
+const interceptor1 = (req: APIRequest) => {
   req.headers.append('foo', '1');
   return req;
 };
-const interceptor2 = (req: Request) => {
+const interceptor2 = (req: APIRequest) => {
   req.headers.append('bar', '1');
   return req;
 };

packages/auth-foundation/jest.browser.config.js

@@ -8,6 +8,9 @@ const config = {
     __PKG_NAME__: pkg.name,
     __PKG_VERSION__: pkg.version,
   },
+  setupFilesAfterEnv: [
+    '<rootDir>/test/jest.setupAfterEnv.ts'
+  ]
 };
 
 export default config;

packages/auth-foundation/jest.node.config.js

@@ -7,7 +7,10 @@ const config = {
   globals: {
     __PKG_NAME__: pkg.name,
     __PKG_VERSION__: pkg.version,
-  }
+  },
+  setupFilesAfterEnv: [
+    '<rootDir>/test/jest.setupAfterEnv.ts'
+  ]
 };
 
 export default config;

packages/auth-foundation/package.json

@@ -22,6 +22,10 @@
       "types": "./dist/types/index.d.ts",
       "import": "./dist/esm/index.js"
     },
+    "./core" : {
+      "types": "./dist/types/core.d.ts",
+      "import": "./dist/esm/core.js"
+    },
     "./client": {
       "types": "./dist/types/client.d.ts",
       "import": "./dist/esm/client.js"

packages/auth-foundation/rollup.config.mjs

@@ -7,6 +7,6 @@ const base = baseConfig(ts, pkg);
 
 export default {
   ...base,
-  input: [base.input, 'src/client.ts', 'src/internal.ts'],
+  input: [base.input, 'src/core.ts', 'src/internal.ts'],
   external: [...Object.keys(pkg.dependencies)],
 };

packages/auth-foundation/src/Token.ts

@@ -18,9 +18,8 @@ import { validateURL } from './internals/validators.ts';
 import { shortID } from './crypto/index.ts';
 import { JWT } from './jwt/index.ts';
 import { OAuth2Request } from './http/index.ts';
-import { DefaultDPoPSigningAuthority, DPoPSigningAuthority } from './oauth2/dpop/index.ts';
 import { Timestamp } from './utils/TimeCoordinator.ts';
-import TimeCoordinator from './utils/TimeCoordinator.ts';
+import { Platform } from './platform/Platform.ts';
 
 /**
  * @module Token
@@ -70,8 +69,6 @@ export type TokenPrimitiveInit = TokenResponse;
  * - Okta Documentation: {@link https://developer.okta.com/docs/reference/api/oidc/#response-properties-4 | OIDC }
  */
 export class Token implements JSONSerializable, Expires, RequestAuthorizer {
-  public readonly dpopSigningAuthority: DPoPSigningAuthority = DefaultDPoPSigningAuthority;
-
   /** @internal */
   public static expiryTimeouts: {[key: string]: ReturnType<typeof setTimeout>} = {};
 
@@ -114,7 +111,7 @@ export class Token implements JSONSerializable, Expires, RequestAuthorizer {
   constructor (obj: TokenInit) {
     const id = obj?.id ?? shortID();
     this.id = id;
-    this.issuedAt = obj?.issuedAt ? new Date(obj?.issuedAt) : TimeCoordinator.now().asDate;
+    this.issuedAt = obj?.issuedAt ? new Date(obj?.issuedAt) : Platform.TimeCoordinator.now().asDate;
 
     this.accessToken = obj.accessToken;
     if (obj.idToken) {
@@ -200,7 +197,7 @@ export class Token implements JSONSerializable, Expires, RequestAuthorizer {
    */
   get isExpired (): boolean {
     // TODO: revisit
-    const now = TimeCoordinator.now().asDate;
+    const now = Platform.TimeCoordinator.now().asDate;
     return +this.expiresAt - +now <= 0;
   }
 
@@ -219,7 +216,7 @@ export class Token implements JSONSerializable, Expires, RequestAuthorizer {
    * @see {@link Token.willBeValidIn}
    */
   willBeExpiredIn (duration: Seconds) {
-    const ts = Timestamp.from(TimeCoordinator.now().value + duration);
+    const ts = Timestamp.from(Platform.TimeCoordinator.now().value + duration);
     return ts.isAfter(this.expiresAt);
   }
 
@@ -289,7 +286,7 @@ export class Token implements JSONSerializable, Expires, RequestAuthorizer {
 
     return Token.create({
       id: this.id,
-      issuedAt: (this.issuedAt ?? token.issuedAt ?? TimeCoordinator.now().asDate).valueOf() / 1000,
+      issuedAt: (this.issuedAt ?? token.issuedAt ?? Platform.TimeCoordinator.now().asDate).valueOf() / 1000,
       tokenType: this.tokenType,
       expiresIn: this.expiresIn,
       accessToken: this.accessToken,
@@ -320,7 +317,7 @@ export class Token implements JSONSerializable, Expires, RequestAuthorizer {
     if (this.tokenType === 'DPoP') {
       const keyPairId = this.context.dpopPairId;
       // .generateDPoPProof() will throw if dpopPairId is undefined
-      await this.dpopSigningAuthority.sign(request, { keyPairId, nonce: dpopNonce, accessToken: this.accessToken });
+      await Platform.DPoPSigningAuthority.sign(request, { keyPairId, nonce: dpopNonce, accessToken: this.accessToken });
     }
 
     request.headers.set('Authorization', `${this.tokenType} ${this.accessToken}`);

packages/auth-foundation/src/core.ts

@@ -0,0 +1,35 @@
+/** 
+ * @module Core
+ */
+
+// types
+export * from './types/index.ts';
+
+// common
+export * from './http/index.ts';
+export * from './errors/index.ts';
+export * from './utils/index.ts';
+export * from './utils/EventEmitter.ts';
+export * from './utils/TimeCoordinator.ts';
+export * from './utils/TaskBridge.ts';
+
+// crypto / jwt
+export { randomBytes, shortID } from './crypto/index.ts';
+export * from './jwt/index.ts';
+
+// oauth2
+export * from './oauth2/pkce.ts';
+export * from './oauth2/dpop/index.ts';
+export * from './oauth2/client.ts';
+
+// Credential & Token
+export * from './Token.ts';
+export * from './Credential/index.ts';
+export * from './TokenOrchestrator.ts';
+
+// FetchClient
+export * from './FetchClient.ts';
+
+export { addEnv } from './http/oktaUserAgent.ts';
+
+export { Platform } from './platform/Platform.ts';

packages/auth-foundation/src/index.ts

@@ -2,31 +2,17 @@
  * @module Core
  */
 
-// types
-export * from './types/index.ts';
+export * from './core.ts';
 
-// common
-export * from './http/index.ts';
-export * from './errors/index.ts';
-export * from './utils/index.ts';
-export * from './utils/EventEmitter.ts';
-export * from './utils/TimeCoordinator.ts';
-export * from './utils/TaskBridge.ts';
+import { Platform } from './platform/Platform.ts';
 
-// crypto / jwt
-export { randomBytes, shortID } from './crypto/index.ts';
-export * from './jwt/index.ts';
+// eslint-disable-next-line no-restricted-syntax
+import { __internalTimeCoordinator } from './utils/TimeCoordinator.ts';
+// eslint-disable-next-line no-restricted-syntax
+import { __internalDPoPSigningAuthority } from './oauth2/dpop/index.ts';
 
-// oauth2
-export * from './oauth2/pkce.ts';
-export * from './oauth2/dpop/index.ts';
-
-// Credential & Token
-export * from './Token.ts';
-export * from './Credential/index.ts';
-export * from './TokenOrchestrator.ts';
-
-// FetchClient
-export * from './FetchClient.ts';
-
-export { addEnv } from './http/oktaUserAgent.ts';
+// NOTE: any singleton added to the Platform will need to be added to `test/jest.setupAfterEnv.ts` as well
+Platform.registerDefaultsLoader(() => ({
+  TimeCoordinator: __internalTimeCoordinator,
+  DPoPSigningAuthority: __internalDPoPSigningAuthority
+}));

packages/auth-foundation/src/internal.ts

@@ -6,5 +6,5 @@
 export * from './internals/index.ts';
 
 export { addEnv } from './http/oktaUserAgent.ts';
-
 export { buf, b64u } from './crypto/index.ts';
+export { __internalTimeCoordinator as TimeCoordinator }  from './utils/TimeCoordinator.ts';