feat: add DPoP support methods from @auth0/auth0-spa-js v2.10.0

- Add getDpopNonce() method to retrieve DPoP nonce for a domain
- Add setDpopNonce() method to set DPoP nonce for a domain
- Add generateDpopProof() method to generate DPoP proof JWT
- Add createFetcher() method to create authenticated HTTP fetcher
- Export DPoP-related types: Fetcher, FetcherConfig, CustomFetchMinimalOutput
- Export UseDpopNonceError for error handling
- Add comprehensive unit tests for all DPoP methods

Author: yogeshchoudhary147

projects/auth0-angular/src/lib/auth.service.spec.ts

@@ -76,6 +76,17 @@ describe('AuthService', () => {
       .spyOn(auth0Client, 'getTokenWithPopup')
       .mockResolvedValue('__access_token_from_popup__');
 
+    jest
+      .spyOn(auth0Client, 'getDpopNonce')
+      .mockResolvedValue('test-nonce-value');
+    jest.spyOn(auth0Client, 'setDpopNonce').mockResolvedValue(undefined);
+    jest
+      .spyOn(auth0Client, 'generateDpopProof')
+      .mockResolvedValue('test-proof-jwt');
+    jest.spyOn(auth0Client, 'createFetcher').mockReturnValue({
+      fetch: jest.fn(),
+    } as any);
+
     window.history.replaceState(null, '', '');
 
     moduleSetup = {
@@ -982,4 +993,108 @@ describe('AuthService', () => {
       });
     });
   });
+
+  describe('getDpopNonce', () => {
+    it('should retrieve DPoP nonce from the client', (done) => {
+      const service = createService();
+      service.getDpopNonce().subscribe((nonce) => {
+        expect(nonce).toBe('test-nonce-value');
+        expect(auth0Client.getDpopNonce).toHaveBeenCalled();
+        done();
+      });
+    });
+
+    it('should pass domain identifier to the underlying SDK', (done) => {
+      const domainId = 'custom-domain';
+      const service = createService();
+      service.getDpopNonce(domainId).subscribe(() => {
+        expect(auth0Client.getDpopNonce).toHaveBeenCalledWith(domainId);
+        done();
+      });
+    });
+
+    it('should handle undefined nonce', (done) => {
+      (auth0Client.getDpopNonce as jest.Mock).mockResolvedValue(undefined);
+      const service = createService();
+      service.getDpopNonce().subscribe((nonce) => {
+        expect(nonce).toBeUndefined();
+        done();
+      });
+    });
+  });
+
+  describe('setDpopNonce', () => {
+    it('should set DPoP nonce through the client', (done) => {
+      const service = createService();
+      const nonceValue = 'new-nonce-123';
+      service.setDpopNonce(nonceValue).subscribe(() => {
+        expect(auth0Client.setDpopNonce).toHaveBeenCalledWith(
+          nonceValue,
+          undefined
+        );
+        done();
+      });
+    });
+
+    it('should pass nonce and domain identifier to the underlying SDK', (done) => {
+      const service = createService();
+      const nonceValue = 'nonce-456';
+      const domainId = 'domain-1';
+      service.setDpopNonce(nonceValue, domainId).subscribe(() => {
+        expect(auth0Client.setDpopNonce).toHaveBeenCalledWith(
+          nonceValue,
+          domainId
+        );
+        done();
+      });
+    });
+  });
+
+  describe('generateDpopProof', () => {
+    it('should generate DPoP proof JWT', (done) => {
+      const service = createService();
+      const params = {
+        url: 'https://api.example.com/resource',
+        method: 'POST',
+        accessToken: 'access-token-123',
+      };
+      service.generateDpopProof(params).subscribe((proof) => {
+        expect(proof).toBe('test-proof-jwt');
+        expect(auth0Client.generateDpopProof).toHaveBeenCalledWith(params);
+        done();
+      });
+    });
+
+    it('should pass all parameters including nonce', (done) => {
+      const service = createService();
+      const params = {
+        url: 'https://api.example.com/data',
+        method: 'GET',
+        nonce: 'server-nonce',
+        accessToken: 'token-xyz',
+      };
+      service.generateDpopProof(params).subscribe(() => {
+        expect(auth0Client.generateDpopProof).toHaveBeenCalledWith(params);
+        done();
+      });
+    });
+  });
+
+  describe('createFetcher', () => {
+    it('should create a fetcher instance', () => {
+      const service = createService();
+      const fetcher = service.createFetcher();
+      expect(fetcher).toBeDefined();
+      expect(auth0Client.createFetcher).toHaveBeenCalled();
+    });
+
+    it('should pass configuration to the underlying SDK', () => {
+      const service = createService();
+      const config = {
+        baseUrl: 'https://api.example.com',
+      };
+      service.createFetcher(config);
+      expect(auth0Client.createFetcher).toHaveBeenCalledWith(config);
+    });
+  });
 });

projects/auth0-angular/src/lib/auth.service.ts

@@ -9,6 +9,9 @@ import {
   RedirectLoginResult,
   GetTokenSilentlyVerboseResponse,
   ConnectAccountRedirectResult,
+  CustomFetchMinimalOutput,
+  Fetcher,
+  FetcherConfig,
 } from '@auth0/auth0-spa-js';
 
 import {
@@ -329,6 +332,80 @@ export class AuthService<TAppState extends AppState = AppState>
     );
   }
 
+  /**
+   * ```js
+   * getDpopNonce(id).subscribe(nonce => ...)
+   * ```
+   *
+   * Gets the DPoP nonce for the specified domain or the default domain.
+   * The nonce is used in DPoP proof generation for token binding.
+   *
+   * @param id Optional identifier for the domain. If not provided, uses the default domain.
+   * @returns An Observable that emits the DPoP nonce string or undefined if not available.
+   */
+  getDpopNonce(id?: string): Observable<string | undefined> {
+    return from(this.auth0Client.getDpopNonce(id));
+  }
+
+  /**
+   * ```js
+   * setDpopNonce(nonce, id).subscribe(() => ...)
+   * ```
+   *
+   * Sets the DPoP nonce for the specified domain or the default domain.
+   * This is typically used after receiving a new nonce from the authorization server.
+   *
+   * @param nonce The DPoP nonce value to set.
+   * @param id Optional identifier for the domain. If not provided, uses the default domain.
+   * @returns An Observable that completes when the nonce is set.
+   */
+  setDpopNonce(nonce: string, id?: string): Observable<void> {
+    return from(this.auth0Client.setDpopNonce(nonce, id));
+  }
+
+  /**
+   * ```js
+   * generateDpopProof(params).subscribe(proof => ...)
+   * ```
+   *
+   * Generates a DPoP (Demonstrating Proof-of-Possession) proof JWT.
+   * This proof is used to bind access tokens to a specific client, providing
+   * an additional layer of security for token usage.
+   *
+   * @param params Configuration for generating the DPoP proof
+   * @param params.url The URL of the resource server endpoint
+   * @param params.method The HTTP method (e.g., 'GET', 'POST')
+   * @param params.nonce Optional DPoP nonce from the authorization server
+   * @param params.accessToken The access token to bind to the proof
+   * @returns An Observable that emits the generated DPoP proof as a JWT string.
+   */
+  generateDpopProof(params: {
+    url: string;
+    method: string;
+    nonce?: string;
+    accessToken: string;
+  }): Observable<string> {
+    return from(this.auth0Client.generateDpopProof(params));
+  }
+
+  /**
+   * ```js
+   * const fetcher = createFetcher(config);
+   * ```
+   *
+   * Creates a custom fetcher instance that can be used to make authenticated
+   * HTTP requests. The fetcher automatically handles token refresh and can
+   * be configured with custom request/response handling.
+   *
+   * @param config Optional configuration for the fetcher
+   * @returns A Fetcher instance configured with the Auth0 client.
+   */
+  createFetcher<TOutput extends CustomFetchMinimalOutput = Response>(
+    config?: FetcherConfig<TOutput>
+  ): Fetcher<TOutput> {
+    return this.auth0Client.createFetcher(config);
+  }
+
   private shouldHandleCallback(): Observable<boolean> {
     return of(location.search).pipe(
       map((search) => {

projects/auth0-angular/src/public-api.ts

@@ -33,4 +33,8 @@ export {
   AuthenticationError,
   PopupCancelledError,
   MissingRefreshTokenError,
+  Fetcher,
+  FetcherConfig,
+  CustomFetchMinimalOutput,
+  UseDpopNonceError,
 } from '@auth0/auth0-spa-js';