feat(vue): add organization support (#604)

* feat(vue): add organization support

* fix: fixup

Author: charIeszhao

.changeset/chilly-donuts-shout.md

@@ -0,0 +1,5 @@
+---
+"@logto/client": patch
+---
+
+Fix a potential build issue in Vue, which is caused by using private method in Client SDK.

.changeset/honest-experts-leave.md

@@ -0,0 +1,6 @@
+---
+"@logto/vue": minor
+"@logto/vue-sample": minor
+---
+
+Support organizations in Vue SDK

.vscode/settings.json

@@ -2,7 +2,7 @@
   "typescript.tsdk": "node_modules/typescript/lib",
   "[scss]": {
     "editor.codeActionsOnSave": {
-      "source.fixAll.stylelint": true
+      "source.fixAll.stylelint": "explicit"
     }
   },
   "cssVariables.lookupFiles": [
@@ -20,7 +20,7 @@
     "typescriptreact",
   ],
   "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": true,
+    "source.fixAll.eslint": "explicit"
   },
   "cSpell.words": [
     "logto",

packages/client/src/index.ts

@@ -473,7 +473,7 @@ export default class LogtoClient {
       throw new LogtoClientError('missing_scope_organizations');
     }
 
-    return this.#getAccessToken(undefined, organizationId);
+    return this.getAccessToken(undefined, organizationId);
   }
 
   async #handleSignInCallback(callbackUri: string) {

packages/react-sample/package.json

@@ -13,9 +13,9 @@
   },
   "dependencies": {
     "@logto/react": "workspace:^2.2.0",
+    "@tanstack/react-query": "^5.0.0",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
-    "@tanstack/react-query": "^5.0.0",
     "react-router-dom": "^6.2.2"
   },
   "devDependencies": {

packages/vue-sample/package.json

@@ -12,7 +12,7 @@
   },
   "dependencies": {
     "@logto/vue": "workspace:^2.0.0",
-    "vue": "^3.2.35",
+    "vue": "^3.3.13",
     "vue-router": "^4.0.14"
   },
   "devDependencies": {
@@ -28,7 +28,7 @@
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
     "typescript": "^5.0.0",
-    "vite": "^4.2.3",
-    "vue-tsc": "^1.2.0"
+    "vite": "^5.0.10",
+    "vue-tsc": "^1.8.26"
   }
 }

packages/vue-sample/src/consts/index.ts

@@ -1,5 +1,6 @@
 export const baseUrl = window.location.origin;
 export const redirectUrl = `${baseUrl}/callback`;
 
-export const appId = "sampleId"; // Register the sample app in Logto dashboard
+export const appId = "sampleId"; // Register the sample app in Logto admin console
 export const endpoint = "http://localhost:3001"; // Replace with your own Logto endpoint
+export const resource = "your-resource-identifier"; // Replace with your own API resource identifier

packages/vue-sample/src/main.ts

@@ -2,18 +2,20 @@ import { createApp } from "vue";
 import App from "./App.vue";
 import router from "./router";
 import { createLogto, UserScope } from "@logto/vue";
-import { appId, endpoint } from "./consts";
+import { appId, endpoint, resource } from "./consts";
 
 const app = createApp(App);
 
 app.use(createLogto, {
   appId,
   endpoint,
+  resources: [resource],
   scopes: [
     UserScope.Email,
     UserScope.Phone,
     UserScope.CustomData,
     UserScope.Identities,
+    UserScope.Organizations,
   ],
 });
 app.use(router);

packages/vue-sample/src/router/index.ts

@@ -21,6 +21,11 @@ const router = createRouter({
       name: "protected-resource",
       component: () => import("../views/ProtectedResourceView.vue"),
     },
+    {
+      path: "/organizations",
+      name: "organizations",
+      component: () => import("../views/OrganizationsView.vue"),
+    },
   ],
 });
 

packages/vue-sample/src/views/HomeView.vue

@@ -46,6 +46,8 @@ if (isAuthenticated.value) {
         </tbody>
       </table>
       <RouterLink to="/protected-resource">View Protected Resource</RouterLink>
+      <br />
+      <RouterLink to="/organizations">View Organizations</RouterLink>
     </div>
   </div>
 </template>

packages/vue-sample/src/views/OrganizationsView.vue

@@ -0,0 +1,42 @@
+<script setup lang="ts">
+import { useLogto } from "@logto/vue";
+import { onMounted, ref } from "vue";
+
+const { getOrganizationToken, getOrganizationTokenClaims, getIdTokenClaims } =
+  useLogto();
+const organizationIds = ref<string[]>();
+
+onMounted(async () => {
+  const claims = await getIdTokenClaims();
+
+  console.log("ID token claims", claims);
+  organizationIds.value = claims?.organizations;
+});
+
+const onClickFetchOrgToken = async (organizationId: string) => {
+  console.log("raw token", await getOrganizationToken(organizationId));
+  console.log("claims", await getOrganizationTokenClaims(organizationId));
+};
+</script>
+
+<template>
+  <section>
+    <h2>Organizations</h2>
+    <RouterLink to="/">Go back</RouterLink>
+    <p v-if="organizationIds?.length === 0">
+      No organization memberships found.
+    </p>
+    <ul>
+      <li
+        v-for="organizationId of organizationIds"
+        v-bind:key="organizationId"
+        style="display: flex; align-items: center; gap: 8px"
+      >
+        <span>{{ organizationId }}</span>
+        <button type="button" @click="onClickFetchOrgToken(organizationId)">
+          fetch token (see console)
+        </button>
+      </li>
+    </ul>
+  </section>
+</template>

packages/vue-sample/src/views/ProtectedResourceView.vue

@@ -1,19 +1,32 @@
 <script setup lang="ts">
 import { useLogto } from "@logto/vue";
-import { onMounted } from "vue";
-import { redirectUrl } from "../consts";
+import { onMounted, ref } from "vue";
+import { redirectUrl, resource } from "../consts";
 
-const { isAuthenticated, isLoading, signIn } = useLogto();
+const { isAuthenticated, isLoading, signIn, getAccessToken } = useLogto();
+const accessToken = ref<string>();
 
 onMounted(() => {
   if (!isAuthenticated.value && !isLoading.value) {
     void signIn(redirectUrl);
   }
 });
+
+const handleClick = async () => {
+  const token = await getAccessToken(resource);
+  accessToken.value = token;
+};
 </script>
 
 <template>
-  <p v-if="isAuthenticated">
-    Protected resource is only visible after sign-in.
-  </p>
+  <section>
+    <RouterLink to="/">Go back</RouterLink>
+    <p v-if="isAuthenticated">
+      Protected resource is only visible after sign-in.
+    </p>
+    <button type="button" @click="handleClick">Get access token</button>
+    <p v-if="accessToken">
+      Access token: <code>{{ accessToken }}</code>
+    </p>
+  </section>
 </template>

packages/vue/package.json

@@ -31,7 +31,8 @@
     "prepack": "pnpm build && pnpm test"
   },
   "dependencies": {
-    "@logto/browser": "workspace:^2.2.1"
+    "@logto/browser": "workspace:^2.2.1",
+    "@silverhand/essentials": "^2.6.2"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "^5.0.0",
@@ -46,7 +47,7 @@
     "prettier": "^3.0.0",
     "stylelint": "^15.0.0",
     "typescript": "^5.0.0",
-    "vue": "^3.2.35"
+    "vue": "^3.3.13"
   },
   "peerDependencies": {
     "vue": ">=3.0.0"
@@ -58,7 +59,8 @@
         "error",
         {
           "replacements": {
-            "ref": false
+            "ref": false,
+            "args": false
           }
         }
       ]

packages/vue/src/index.test.ts

@@ -14,6 +14,7 @@ const mockedFetchUserInfo = jest.fn().mockResolvedValue({ sub: 'foo' });
 const getAccessToken = jest.fn(() => {
   throw new Error('not authenticated');
 });
+const signIn = jest.fn();
 const injectMock = jest.fn<unknown, string[]>((): unknown => {
   return undefined;
 });
@@ -24,11 +25,17 @@ jest.mock('@logto/browser', () => {
       isAuthenticated,
       isSignInRedirected,
       handleSignInCallback,
+      getRefreshToken: jest.fn(),
       getAccessToken,
+      getAccessTokenClaims: jest.fn(),
+      getOrganizationToken: jest.fn(),
+      getOrganizationTokenClaims: jest.fn(),
+      getIdToken: jest.fn(),
+      getIdTokenClaims: jest.fn(),
+      signIn,
+      signOut: jest.fn(),
       fetchUserInfo: mockedFetchUserInfo,
-      signIn: jest.fn().mockResolvedValue(undefined),
-      signOut: jest.fn().mockResolvedValue(undefined),
-    };
+    } satisfies Partial<LogtoClient>;
   });
 });
 
@@ -95,6 +102,10 @@ describe('useLogto', () => {
       signIn,
       signOut,
       getAccessToken,
+      getAccessTokenClaims,
+      getOrganizationToken,
+      getOrganizationTokenClaims,
+      getIdToken,
       getIdTokenClaims,
       fetchUserInfo,
     } = useLogto();
@@ -105,6 +116,10 @@ describe('useLogto', () => {
     expect(signIn).toBeInstanceOf(Function);
     expect(signOut).toBeInstanceOf(Function);
     expect(getAccessToken).toBeInstanceOf(Function);
+    expect(getAccessTokenClaims).toBeInstanceOf(Function);
+    expect(getOrganizationToken).toBeInstanceOf(Function);
+    expect(getOrganizationTokenClaims).toBeInstanceOf(Function);
+    expect(getIdToken).toBeInstanceOf(Function);
     expect(getIdTokenClaims).toBeInstanceOf(Function);
     expect(fetchUserInfo).toBeInstanceOf(Function);
   });

packages/vue/src/index.ts

@@ -1,5 +1,6 @@
-import type { IdTokenClaims, LogtoConfig, UserInfoResponse } from '@logto/browser';
+import type { LogtoConfig } from '@logto/browser';
 import LogtoClient from '@logto/browser';
+import { type Optional } from '@silverhand/essentials';
 import type { App, Ref } from 'vue';
 import { inject, readonly, watchEffect } from 'vue';
 
@@ -31,6 +32,12 @@ export {
   PersistKey,
 } from '@logto/browser';
 
+type OptionalPromiseReturn<T> = {
+  [K in keyof T]: T[K] extends (...args: infer A) => Promise<infer R>
+    ? (...args: A) => Promise<Optional<R>>
+    : T[K];
+};
+
 type LogtoVuePlugin = {
   install: (app: App, config: LogtoConfig) => void;
 };
@@ -39,12 +46,21 @@ type Logto = {
   isAuthenticated: Readonly<Ref<boolean>>;
   isLoading: Readonly<Ref<boolean>>;
   error: Readonly<Ref<Error | undefined>>;
-  fetchUserInfo: () => Promise<UserInfoResponse | undefined>;
-  getAccessToken: (resource?: string) => Promise<string | undefined>;
-  getIdTokenClaims: () => Promise<IdTokenClaims | undefined>;
-  signIn: (redirectUri: string) => Promise<void>;
-  signOut: (postLogoutRedirectUri?: string) => Promise<void>;
-};
+} & OptionalPromiseReturn<
+  Pick<
+    LogtoClient,
+    | 'getRefreshToken'
+    | 'getAccessToken'
+    | 'getAccessTokenClaims'
+    | 'getOrganizationToken'
+    | 'getOrganizationTokenClaims'
+    | 'getIdToken'
+    | 'getIdTokenClaims'
+    | 'signIn'
+    | 'signOut'
+    | 'fetchUserInfo'
+  >
+>;
 
 /**
  * Creates the Logto Vue plugin

packages/vue/src/plugin.ts

@@ -1,87 +1,46 @@
-import type { InteractionMode } from '@logto/browser';
+import { type Optional } from '@silverhand/essentials';
 
 import type { Context } from './context.js';
 import { throwContextError } from './context.js';
 
 export const createPluginMethods = (context: Context) => {
   const { logtoClient, setLoading, setError, setIsAuthenticated } = context;
 
-  const signIn = async (redirectUri: string, interactionMode?: InteractionMode) => {
-    if (!logtoClient.value) {
-      return throwContextError();
-    }
-
-    try {
-      setLoading(true);
-
-      await logtoClient.value.signIn(redirectUri, interactionMode);
-    } catch (error: unknown) {
-      setError(error, 'Unexpected error occurred while signing in.');
-    }
-  };
-
-  const signOut = async (postLogoutRedirectUri?: string) => {
-    if (!logtoClient.value) {
-      return throwContextError();
-    }
-
-    try {
-      setLoading(true);
-
-      await logtoClient.value.signOut(postLogoutRedirectUri);
-
-      // We deliberately do NOT set isAuthenticated to false here, because the app state may change immediately
-      // even before navigating to the oidc end session endpoint, which might cause rendering problems.
-      // Moreover, since the location will be redirected, the isAuthenticated state will not matter any more.
-    } catch (error: unknown) {
-      setError(error, 'Unexpected error occurred while signing out.');
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const fetchUserInfo = async () => {
-    if (!logtoClient.value) {
-      return throwContextError();
-    }
-
-    try {
-      setLoading(true);
-
-      return await logtoClient.value.fetchUserInfo();
-    } catch (error: unknown) {
-      setError(error, 'Unexpected error occurred while fetching user info.');
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const getAccessToken = async (resource?: string) => {
-    if (!logtoClient.value) {
-      return throwContextError();
-    }
-
-    try {
-      setLoading(true);
-
-      return await logtoClient.value.getAccessToken(resource);
-    } catch (error: unknown) {
-      setError(error, 'Unexpected error occurred while getting access token.');
-    } finally {
-      setLoading(false);
-    }
+  const client = logtoClient.value ?? throwContextError();
+
+  const proxy = <R, T extends unknown[]>(
+    run: (...args: T) => Promise<R>,
+    resetLoadingState = true
+  ) => {
+    return async (...args: T): Promise<Optional<R>> => {
+      try {
+        setLoading(true);
+        return await run(...args);
+      } catch (error: unknown) {
+        setError(error, `Unexpected error occurred while calling ${run.name}.`);
+      } finally {
+        if (resetLoadingState) {
+          setLoading(false);
+        }
+      }
+    };
   };
 
-  const getIdTokenClaims = async () => {
-    if (!logtoClient.value) {
-      return throwContextError();
-    }
-
-    try {
-      return await logtoClient.value.getIdTokenClaims();
-    } catch (error: unknown) {
-      setError(error, 'Unexpected error occurred while getting id token claims.');
-    }
+  const methods = {
+    getRefreshToken: proxy(client.getRefreshToken.bind(client)),
+    getAccessToken: proxy(client.getAccessToken.bind(client)),
+    getAccessTokenClaims: proxy(client.getAccessTokenClaims.bind(client)),
+    getOrganizationToken: proxy(client.getOrganizationToken.bind(client)),
+    getOrganizationTokenClaims: proxy(client.getOrganizationTokenClaims.bind(client)),
+    getIdToken: proxy(client.getIdToken.bind(client)),
+    getIdTokenClaims: proxy(client.getIdTokenClaims.bind(client)),
+    signIn: proxy(client.signIn.bind(client), false),
+    // We deliberately do NOT set isAuthenticated to false in the function below, because the app state
+    // may change immediately even before navigating to the oidc end session endpoint, which might cause
+    // rendering problems.
+    // Moreover, since the location will be redirected, the isAuthenticated state will not matter any more.
+    signOut: proxy(client.signOut.bind(client)),
+    fetchUserInfo: proxy(client.fetchUserInfo.bind(client)),
   };
 
   const handleSignInCallback = async (callbackUri: string, callbackFunction?: () => void) => {
@@ -102,11 +61,7 @@ export const createPluginMethods = (context: Context) => {
   };
 
   return {
-    signIn,
-    signOut,
-    fetchUserInfo,
-    getAccessToken,
-    getIdTokenClaims,
+    ...methods,
     handleSignInCallback,
   };
 };